Skip to content

Commit

Permalink
Merge branch 'Exiv2:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
LeoHsiao1 authored Jul 8, 2024
2 parents 930f40a + 2738730 commit 57a5559
Show file tree
Hide file tree
Showing 79 changed files with 224 additions and 229 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/cifuzz.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ on:
- "*.md"
jobs:
Fuzzing:
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
steps:
- name: Build Fuzzers
id: build
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ on:
jobs:
analyze:
name: Analyze
runs-on: ubuntu-22.04
runs-on: ubuntu-latest

strategy:
fail-fast: false
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/on_PR_linux_fuzz.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ on:

jobs:
Linux:
name: 'Ubuntu 22.04 - clang/libFuzzer'
runs-on: ubuntu-22.04
name: 'Ubuntu 24.04 - clang/libFuzzer'
runs-on: ubuntu-24.04

steps:
- uses: actions/checkout@v4
Expand Down
18 changes: 7 additions & 11 deletions .github/workflows/on_PR_meson.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ jobs:

- name: Compile and Test
run: |
meson setup "${{github.workspace}}/build" --wrap-mode=${{matrix.deps}} -Dwarning_level=3 -Dcpp_std=c++latest
meson setup "${{github.workspace}}/build" --wrap-mode=${{matrix.deps}} -Dwarning_level=3 -Dcpp_std=c++latest -Db_sanitize=address
meson compile -C "${{github.workspace}}/build" --verbose
meson test -C "${{github.workspace}}/build" --verbose
VisualStudio-clang-cl:
Expand All @@ -92,7 +92,7 @@ jobs:
CC: clang-cl
CXX: clang-cl
run: |
meson setup "${{github.workspace}}/build" --wrap-mode=${{matrix.deps}} -Dwarning_level=3 -Dcpp_std=c++latest
meson setup "${{github.workspace}}/build" --wrap-mode=${{matrix.deps}} -Dwarning_level=3 -Dcpp_std=c++latest -Db_sanitize=address
meson compile -C "${{github.workspace}}/build" --verbose
meson test -C "${{github.workspace}}/build" --verbose
MSYS2:
Expand Down Expand Up @@ -137,21 +137,18 @@ jobs:

- name: Install packages
run: |
brew install curl brotli inih expat googletest
python3 -m pip install meson==0.54.1 ninja
brew install inih meson
- name: Compile and Test
run: |
meson setup "${{github.workspace}}/build" -Dauto_features=${{matrix.deps}} -Dwarning_level=3
meson compile -C "${{github.workspace}}/build"
meson test -C "${{github.workspace}}/build"
meson setup "${{github.workspace}}/build" -Dauto_features=${{matrix.deps}} -Dwarning_level=3 -Dnls=disabled -Db_sanitize=address,undefined
meson compile -C "${{github.workspace}}/build" --verbose
meson test -C "${{github.workspace}}/build" --verbose
FreeBSD:
runs-on: ubuntu-latest
name: FreeBSD
steps:
- uses: actions/checkout@v4
- name: FreeBSD
uses: vmactions/freebsd-vm@v1
- uses: vmactions/freebsd-vm@v1
with:
prepare: |
pkg install -y cmake curl ninja meson gettext pkgconf googletest expat inih brotli
Expand All @@ -161,7 +158,6 @@ jobs:
meson test -C "${{github.workspace}}/build" --verbose
Emscripten:
runs-on: ubuntu-latest
name: Emscripten
steps:
- uses: actions/checkout@v4
- name: Install packages
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/on_push_clang_format.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ concurrency:
on: [push, pull_request]
jobs:
clang-format-checking:
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: DoozyX/clang-format-lint-action@v0.17
Expand Down
17 changes: 1 addition & 16 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -730,13 +730,9 @@ int main(int argc, const char* argv[])
{
Exiv2::XmpParser::initialize();
::atexit(Exiv2::XmpParser::terminate);
#ifdef EXV_ENABLE_BMFF
Exiv2::enableBMFF(true);
#endif
...
}
```
The use of the _**thread unsafe function**_ Exiv2::enableBMFF(true) is discussed in [Support for BMFF files (e.g., CR3, HEIF, HEIC, AVIF, and JPEG XL)](#BMFF)
[TOC](#TOC)
<div id="InitAndCleanup">
Expand All @@ -752,9 +748,6 @@ The exiv2 command-line program and sample applications call the following at the
```cpp
Exiv2::XmpParser::initialize();
::atexit(Exiv2::XmpParser::terminate);
#ifdef EXV_ENABLE_BMFF
Exiv2::enableBMFF(true);
#endif
```
[TOC](#TOC)
Expand Down Expand Up @@ -898,15 +891,7 @@ This is discussed: [https://github.com/Exiv2/exiv2/issues/1230](https://github.c
**Attention is drawn to the possibility that BMFF support may be the subject of patent rights. _Exiv2 shall not be held responsible for identifying any or all such patent rights. Exiv2 shall not be held responsible for the legal consequences of the use of this code_.**
Access to the BMFF code is guarded in two ways. Firstly, you have to build the library with the CMake option: `-DEXIV2_ENABLE_BMFF=ON`. Secondly, the application must enable BMFF support at run-time by calling the following function.
```cpp
EXIV2API bool enableBMFF(bool enable);
```
The return value from `enableBMFF()` is true if the library has been build with BMFF support (CMake option -DEXIV2_ENABLE_BMFF=ON).
Applications may wish to provide a preference setting to enable BMFF support and thereby place the responsibility for the use of this code with the user of the application.
Access to the BMFF code is guarded by the CMake option: `-DEXIV2_ENABLE_BMFF=ON` (enabled by default).
[TOC](#TOC)
<div id="LicenseSupport">
Expand Down
1 change: 1 addition & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
| v0.28 | 2023-05-08 | v0.28.0 | 0.28.x | v0.28.0 | 2023-05-08 | v0.28.0 |
| | | | | v0.28.1 | 2023-11-06 | v0.28.1 |
| | | | | v0.28.2 | 2024-02-13 | v0.28.2 |
| | | | | v0.28.3 | 2024-07-08 | v0.28.3 |
| v0.27 | 2018-12-20 | 0.27 | 0.27-maintenance | v0.27.0 | 2018-12-20 | v0.27.0 |
| | | | | v0.27.1 | 2019-04-18 | v0.27.1 |
| | | | | v0.27.2 | 2019-07-29 | v0.27.2 |
Expand Down
3 changes: 0 additions & 3 deletions app/exiv2.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -118,9 +118,6 @@ int main(int argc, char* const argv[]) {

Exiv2::XmpParser::initialize();
::atexit(Exiv2::XmpParser::terminate);
#ifdef EXV_ENABLE_BMFF
Exiv2::enableBMFF();
#endif

#ifdef EXV_ENABLE_NLS
setlocale(LC_ALL, "");
Expand Down
2 changes: 1 addition & 1 deletion cmake/findDependencies.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ if (CONAN_AUTO_INSTALL)
# Download automatically the cmake-conan integration file
if(NOT EXISTS "${CMAKE_BINARY_DIR}/conan.cmake")
message(STATUS "Downloading conan.cmake from https://github.com/conan-io/cmake-conan")
file(DOWNLOAD "https://raw.githubusercontent.com/conan-io/cmake-conan/master/conan.cmake"
file(DOWNLOAD "https://raw.githubusercontent.com/conan-io/cmake-conan/develop/conan.cmake"
"${CMAKE_BINARY_DIR}/conan.cmake"
TLS_VERIFY ON)
endif()
Expand Down
2 changes: 1 addition & 1 deletion cmake/packaging.cmake
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
set(CPACK_PACKAGE_NAME "${PROJECT_NAME}")
set(CPACK_PACKAGE_CONTACT "Luis Díaz Más <piponazo@gmail.com>")
set(CPACK_PACKAGE_CONTACT "Luis Díaz Más <piponazo@gmail.com>")
set(CPACK_PACKAGE_VERSION ${PROJECT_VERSION})

set(CPACK_SOURCE_GENERATOR TGZ)
Expand Down
83 changes: 83 additions & 0 deletions doc/ChangeLog
Original file line number Diff line number Diff line change
@@ -1,3 +1,86 @@
Changes from version 0.28.2 to 0.28.3
-------------------------------------

Release Notes:

* https://github.com/Exiv2/exiv2/issues/3008
* https://github.com/Exiv2/exiv2/milestone/14?closed=1

This release also fixes a low-severity security issue in asfvideo.cpp:

* [CVE-2024-39695](https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh): out-of-bounds read in AsfVideo::streamProperties.

This vulnerability is in a new feature (ASF video) that was added in version 0.28.0, so earlier versions of Exiv2 are not affected.

Changes from version 0.28.1 to 0.28.2
-------------------------------------

Release Notes:

* https://github.com/Exiv2/exiv2/issues/2914
* https://github.com/Exiv2/exiv2/milestone/13?closed=1

This release also fixes two low-severity security issues in quicktimevideo.cpp:

* [CVE-2024-24826](https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w): out-of-bounds read in QuickTimeVideo::NikonTagsDecoder.
* [CVE-2024-25112](https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36): denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder.

These vulnerabilities are in a new feature (quicktime video) that was added in version 0.28.0, so earlier versions of Exiv2 are not affected.

Changes from version 0.28.0 to 0.28.1
-------------------------------------

Release Notes:
https://github.com/Exiv2/exiv2/issues/2813

This release also fixes [CVE-2023-44398](https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r), an out-of-bounds write in `BmffImage::brotliUncompress`. The vulnerability is in new code that was added in version 0.28.0, so earlier versions of Exiv2 are not affected.

Changes from version 0.27.6 to 0.28.0
-------------------------------------

Release Notes:
https://github.com/Exiv2/exiv2/issues/2406#issuecomment-1529139799

Changes from version 0.27.6 to 0.27.7
-------------------------------------

Closed:
https://github.com/Exiv2/exiv2/milestone/11?closed=1

Open:
https://github.com/Exiv2/exiv2/milestone/11?open=1

Release Notes:
https://github.com/Exiv2/exiv2/pull/2567#issuecomment-1546701495

Changes from version 0.27.5 to 0.27.6
-------------------------------------

Closed:
https://github.com/Exiv2/exiv2/milestone/10?closed=1

Open:
https://github.com/Exiv2/exiv2/milestone/10?open=1

Release Notes:
https://github.com/Exiv2/exiv2/issues/2406#issuecomment-1383302378

Changes from version 0.27.4 to 0.27.5
-------------------------------------

Closed:
https://github.com/Exiv2/exiv2/milestone/9?closed=1

Open:
https://github.com/Exiv2/exiv2/milestone/9?open=1

Release Notes:
https://github.com/Exiv2/exiv2/issues/1018#issuecomment-948573657

+++++++++++++++++++++++++++++++++++++
------------- History ---------------
+++++++++++++++++++++++++++++++++++++

Changes from version 0.27.3 to 0.27.4
-------------------------------------

Expand Down
21 changes: 12 additions & 9 deletions fuzz/fuzz-read-print-write.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

Exiv2::XmpParser::initialize();
::atexit(Exiv2::XmpParser::terminate);
#ifdef EXV_ENABLE_BMFF
Exiv2::enableBMFF();
#endif

try {
Exiv2::DataBuf data_copy(data, size);
Expand All @@ -21,16 +18,22 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

image->readMetadata();
for (auto& md : image->exifData()) {
md.print();
md.print(&image->exifData());
if (md.tagName().substr(0, 2) != "0x") {
md.print();
md.print(&image->exifData());
}
}
for (auto& md : image->iptcData()) {
md.print();
md.print(&image->exifData());
if (md.tagName().substr(0, 2) != "0x") {
md.print();
md.print(&image->exifData());
}
}
for (auto& md : image->xmpData()) {
md.print();
md.print(&image->exifData());
if (md.tagName().substr(0, 2) != "0x") {
md.print();
md.print(&image->exifData());
}
}

// Print to a std::ostringstream so that the fuzzer doesn't
Expand Down
2 changes: 1 addition & 1 deletion include/exiv2/bmffimage.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
// *****************************************************************************
// namespace extensions
namespace Exiv2 {
EXIV2API bool enableBMFF(bool enable = true);
[[deprecated]] EXIV2API bool enableBMFF(bool enable = true);
} // namespace Exiv2

#ifdef EXV_ENABLE_BMFF
Expand Down
15 changes: 7 additions & 8 deletions meson.build
Original file line number Diff line number Diff line change
Expand Up @@ -68,13 +68,12 @@ if brotli_dep.found()
endif

if get_option('webready')
curl_dep = dependency('libcurl', disabler: true, required: get_option('curl'))
curl_dep = dependency('libcurl', required: get_option('curl'))
web_dep = declare_dependency(dependencies: [curl_dep])
deps += web_dep
else
curl_dep = dependency('', disabler: true, required: false)
endif

if curl_dep.found()
deps += curl_dep
web_dep = dependency('', disabler: true, required: false)
curl_dep = web_dep
endif

expat_dep = dependency('expat', disabler: true, required: get_option('xmp'))
Expand Down Expand Up @@ -118,7 +117,7 @@ cdata.set('EXV_HAVE_XMP_TOOLKIT', expat_dep.found())
cdata.set('EXV_HAVE_BROTLI', brotli_dep.found())
cdata.set('EXV_HAVE_ICONV', iconv_dep.found())
cdata.set('EXV_HAVE_LIBZ', zlib_dep.found())
cdata.set('EXV_ENABLE_WEBREADY', get_option('webready'))
cdata.set('EXV_ENABLE_WEBREADY', web_dep.found())
cdata.set('EXV_USE_CURL', curl_dep.found())
cdata.set('EXV_ENABLE_NLS', intl_dep.found())
cdata.set('EXV_ENABLE_FILESYSTEM', true)
Expand Down Expand Up @@ -157,7 +156,7 @@ executable(

samples = {
'addmoddel': [],
'conntest': curl_dep,
'conntest': web_dep,
'convert-test': [],
'easyaccess-test': [],
'exifcomment': [],
Expand Down
8 changes: 3 additions & 5 deletions samples/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -92,13 +92,11 @@ endif()

# ******************************************************************************
# connection test application
add_executable(conntest conntest.cpp)
list(APPEND APPLICATIONS conntest)

if(EXIV2_ENABLE_WEBREADY)
add_executable(conntest conntest.cpp)
list(APPEND APPLICATIONS conntest)
if(EXIV2_ENABLE_CURL)
target_include_directories(conntest SYSTEM PRIVATE ${CURL_INCLUDE_DIR})
target_link_libraries(conntest PRIVATE ${CURL_LIBRARIES})
target_link_libraries(conntest PRIVATE CURL::libcurl)
endif()
endif()

Expand Down
3 changes: 0 additions & 3 deletions samples/addmoddel.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,6 @@ int main(int argc, char* const argv[]) {
try {
Exiv2::XmpParser::initialize();
::atexit(Exiv2::XmpParser::terminate);
#ifdef EXV_ENABLE_BMFF
Exiv2::enableBMFF();
#endif

if (argc != 2) {
std::cout << "Usage: " << argv[0] << " file\n";
Expand Down
3 changes: 0 additions & 3 deletions samples/conntest.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,6 @@ void curlcon(const std::string& url, bool useHttp1_0 = false) {
int main(int argc, const char** argv) {
Exiv2::XmpParser::initialize();
::atexit(Exiv2::XmpParser::terminate);
#ifdef EXV_ENABLE_BMFF
Exiv2::enableBMFF();
#endif

if (argc < 2) {
std::cout << "Usage: " << argv[0] << " url {-http1_0}" << std::endl;
Expand Down
3 changes: 0 additions & 3 deletions samples/convert-test.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@ int main(int argc, char* const argv[]) {
try {
Exiv2::XmpParser::initialize();
::atexit(Exiv2::XmpParser::terminate);
#ifdef EXV_ENABLE_BMFF
Exiv2::enableBMFF();
#endif

if (argc != 2) {
std::cout << "Usage: " << argv[0] << " file\n";
Expand Down
3 changes: 0 additions & 3 deletions samples/easyaccess-test.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -64,9 +64,6 @@ int main(int argc, char** argv) {
try {
Exiv2::XmpParser::initialize();
::atexit(Exiv2::XmpParser::terminate);
#ifdef EXV_ENABLE_BMFF
Exiv2::enableBMFF();
#endif

if (argc < 2) {
int count = 0;
Expand Down
Loading

0 comments on commit 57a5559

Please sign in to comment.