diff -Nru metacam-1.2/debian/changelog metacam-1.2/debian/changelog --- metacam-1.2/debian/changelog 2018-09-16 02:15:26.000000000 +0000 +++ metacam-1.2/debian/changelog 2019-01-20 17:33:04.000000000 +0000 @@ -1,3 +1,25 @@ +metacam (1.2-11) unstable; urgency=medium + + [ Joao Eriberto Mota Filho ] + * Using new DH level format. Consequently: + - debian/compat: removed. + - debian/control: changed from 'debhelper' to 'debhelper-compat' in + Build-Depends field. + * debian/copyright: + - Added rights for Aleksey Kravchenko. + - Updated packaging copyright years. + + [ Aleksey Kravchenko ] + * Add Upstream Metadata file. + * Bump std-version to 4.3.0. + * d/patches: + - Support DEB_BUILD_OPTIONS=noopt and honour CPPFLAGS. + - Fix crashes on ill-formed Jpeg images (Closes: #779695, #779696). + - Fix crash on reading a long string field (Closes: #779697). + - Fix crash on certain Canon flash modes (LP: #298580). + + -- Joao Eriberto Mota Filho Sun, 20 Jan 2019 15:33:04 -0200 + metacam (1.2-10) unstable; urgency=medium [ Joao Eriberto Mota Filho ] diff -Nru metacam-1.2/debian/compat metacam-1.2/debian/compat --- metacam-1.2/debian/compat 2018-09-16 02:15:26.000000000 +0000 +++ metacam-1.2/debian/compat 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -11 diff -Nru metacam-1.2/debian/control metacam-1.2/debian/control --- metacam-1.2/debian/control 2018-09-16 02:15:26.000000000 +0000 +++ metacam-1.2/debian/control 2019-01-20 17:33:04.000000000 +0000 @@ -3,8 +3,8 @@ Priority: optional Maintainer: Debian Security Tools Uploaders: Joao Eriberto Mota Filho -Build-Depends: debhelper (>= 11) -Standards-Version: 4.2.1 +Build-Depends: debhelper-compat (= 12) +Standards-Version: 4.3.0 Homepage: http://www.cheeseplant.org/~daniel/pages/metacam.html Vcs-Browser: https://salsa.debian.org/pkg-security-team/metacam Vcs-Git: https://salsa.debian.org/pkg-security-team/metacam.git diff -Nru metacam-1.2/debian/copyright metacam-1.2/debian/copyright --- metacam-1.2/debian/copyright 2018-09-16 02:15:26.000000000 +0000 +++ metacam-1.2/debian/copyright 2019-01-20 17:33:04.000000000 +0000 @@ -18,8 +18,9 @@ 2003 Julien Lemoine 2004-2007 Jarno Elonen 2007-2008 Juan Angulo Moreno - 2014-2018 Joao Eriberto Mota Filho + 2014-2019 Joao Eriberto Mota Filho 2018 Raphaƫl Hertzog + 2019 Aleksey Kravchenko License: GPL-2+ License: GPL-2+ diff -Nru metacam-1.2/debian/patches/40_support-noopt-build.patch metacam-1.2/debian/patches/40_support-noopt-build.patch --- metacam-1.2/debian/patches/40_support-noopt-build.patch 1970-01-01 00:00:00.000000000 +0000 +++ metacam-1.2/debian/patches/40_support-noopt-build.patch 2019-01-20 17:33:04.000000000 +0000 @@ -0,0 +1,26 @@ +Description: support DEB_BUILD_OPTIONS=noopt and honour CPPFLAGS. +Author: Aleksey Kravchenko +Last-Update: 2019-01-20 +diff --git a/Makefile b/Makefile +index 79b656a..868a08a 100644 +--- a/Makefile ++++ b/Makefile +@@ -30,7 +30,8 @@ OSCXXFLAGS=-ansi -pedantic + CXX=g++ + INCLUDES= + +-CXXFLAGS+=-Wall $(OSCXXFLAGS) -D_GNU_SOURCE -O2 $(INCLUDES) ++CXXFLAGS?=-O2 ++CXXFLAGS+=-Wall $(OSCXXFLAGS) -D_GNU_SOURCE $(INCLUDES) + + LIBOBJS=rationals.o exiftags.o \ + nikontags.o olympustags.o canontags.o casiotags.o dpyfuncs.o \ +@@ -65,7 +66,7 @@ libmetacam.a: $(LIBOBJS) + mv -f libmetacam.a- libmetacam.a + + metacam: $(EXEOBJS) libmetacam.a +- $(CXX) $(CXXFLAGS) $(LDFLAGS) $(EXEOBJS) -o metacam -lm -L. -lmetacam ++ $(CXX) $(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS) $(EXEOBJS) -o metacam -lm -L. -lmetacam + + # Dependency rules + dependencies: Makefile $(DEPS) diff -Nru metacam-1.2/debian/patches/50_fix-BTS-crash-on-illformed-jpeg.patch metacam-1.2/debian/patches/50_fix-BTS-crash-on-illformed-jpeg.patch --- metacam-1.2/debian/patches/50_fix-BTS-crash-on-illformed-jpeg.patch 1970-01-01 00:00:00.000000000 +0000 +++ metacam-1.2/debian/patches/50_fix-BTS-crash-on-illformed-jpeg.patch 2019-01-20 17:33:04.000000000 +0000 @@ -0,0 +1,319 @@ +Description: Fix crashes on ill-formed Jpeg images. + The patch adds vector size checking before + accessing its elements. +Author: Aleksey Kravchenko +Bug-Debian: https://bugs.debian.org/779695 +Bug-Debian: https://bugs.debian.org/779696 +Last-Update: 2019-01-21 +diff --git a/dpyfuncs.cc b/dpyfuncs.cc +index 7c4be87..5a3aeed 100644 +--- a/dpyfuncs.cc ++++ b/dpyfuncs.cc +@@ -36,6 +36,7 @@ void + dpyISO(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getUVALUE(); ++ if (v.size() < 2) return; + ctx.startBlock(name) << v[1] << " (" << v[0] << ")"; + ctx.endBlock(); + } +@@ -44,6 +45,7 @@ void + dpyString(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getSTRING(); ++ if (v.empty()) return; + ctx.startBlock(name) << v[0]; + ctx.endBlock(); + } +@@ -74,6 +76,7 @@ void + dpyLens(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getRATIONAL(); ++ if (v.size() < 4) return; + v[0] = v[0].normalize(); + v[1] = v[1].normalize(); + v[2] = v[2].normalize(); +@@ -105,6 +108,7 @@ void + dpyZoom(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getRATIONAL(); ++ if (v.empty()) return; + v[0] = v[0].normalize(); + + ctx.startBlock(name); +@@ -123,6 +127,7 @@ void + dpyExpAdjust(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getSRATIONAL(); ++ if (v.empty()) return; + v[0] = v[0].normalize(); + + ctx.startBlock(name); +@@ -139,6 +144,7 @@ void + dpyShutter(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getRATIONAL(); ++ if (v.empty()) return; + v[0]=v[0].normalize(); + + ctx.startBlock(name); +@@ -151,6 +157,7 @@ void + dpyAperture(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getRATIONAL(); ++ if (v.empty()) return; + + ctx.startBlock(name) << "f" << (double)v[0]; + ctx.endBlock(); +@@ -160,6 +167,7 @@ void + dpyPixels(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getUVALUE(); ++ if (v.empty()) return; + + ctx.startBlock(name) << v[0] << " pixels"; + ctx.endBlock(); +@@ -169,6 +177,7 @@ void + dpySigned(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getSVALUE(); ++ if (v.empty()) return; + + ctx.startBlock(name); + if (v[0] > 0) { +@@ -183,6 +192,7 @@ void + dpyUnsigned(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getUVALUE(); ++ if (v.empty()) return; + ctx.startBlock(name) << v[0]; + ctx.endBlock(); + } +@@ -191,6 +201,7 @@ void + dpyResolution(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getRATIONAL(); ++ if (v.empty()) return; + v[0]=v[0].normalize(); + ctx.startBlock(name); + displayRational(ctx,v[0]); +@@ -214,16 +225,18 @@ dpyResolutionType(OutputContext &ctx, const char *name, const IFDEntry &e, const + { + vector v = e.getUVALUE(); + const char *resolution_unit = "???"; +- switch (v[0]) { +- case 1: +- resolution_unit = "???"; +- break; +- case 2: +- resolution_unit = "Inch"; +- break; +- case 3: +- resolution_unit = "Centimeter"; +- break; ++ if (!v.empty()) { ++ switch (v[0]) { ++ case 1: ++ resolution_unit = "???"; ++ break; ++ case 2: ++ resolution_unit = "Inch"; ++ break; ++ case 3: ++ resolution_unit = "Centimeter"; ++ break; ++ } + } + ctx.setContextValue("resolutionUnit", resolution_unit); + } +@@ -261,6 +274,7 @@ const char *findLookup(int key, const void *table) { + void + dpyUnsignedLookup(OutputContext &ctx, const char *name, const IFDEntry &e, const void*tbl) { + vector v = e.getUVALUE(); ++ if (v.empty()) return; + ctx.startBlock(name); + const char *val = findLookup((int)v[0], tbl); + if (val) { +@@ -274,6 +288,7 @@ dpyUnsignedLookup(OutputContext &ctx, const char *name, const IFDEntry &e, const + void + dpyUndefinedLookup(OutputContext &ctx, const char *name, const IFDEntry &e, const void*tbl) { + vector v = e.getOPAQUE(); ++ if (v.empty()) return; + ctx.startBlock(name); + const char *val = findLookup((int)v[0], tbl); + if (val) { +@@ -302,6 +317,7 @@ void + dpyExifAperture(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getRATIONAL(); ++ if (v.empty()) return; + ctx.startBlock(name); + double a = v[0]; + double f = pow(M_SQRT2, a); +@@ -316,6 +332,7 @@ void + dpyExifShutter(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getSRATIONAL(); ++ if (v.empty()) return; + ctx.startBlock(name); + double a = v[0]; + if (a > 0.0) { +@@ -335,7 +352,9 @@ dpyRationalAsDouble(OutputContext &ctx, const char *name, const IFDEntry &e, con + + if (e.getType() == tSRATIONAL) { + vector v = e.getSRATIONAL(); +- if (v[0].getDenominator() == 0) { ++ if (v.empty()) { ++ ctx.os() << "Unknown"; ++ } else if (v[0].getDenominator() == 0) { + ctx.os() << "Infinity"; + } else { + double a = v[0]; +@@ -344,7 +363,9 @@ dpyRationalAsDouble(OutputContext &ctx, const char *name, const IFDEntry &e, con + } + } else { + vector v = e.getRATIONAL(); +- if (v[0].getDenominator() == 0) { ++ if (v.empty()) { ++ ctx.os() << "Unknown"; ++ } else if (v[0].getDenominator() == 0) { + ctx.os() << "Infinity"; + } else { + double a = v[0]; +@@ -360,6 +381,7 @@ void + dpyOlymSpecialMode(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getUVALUE(); ++ if (v.size() < 2) return; + ctx.startBlock(name); + switch (v[0]) { + case 0: ctx.os() << "Normal"; break; +@@ -370,7 +392,7 @@ dpyOlymSpecialMode(OutputContext &ctx, const char *name, const IFDEntry &e, cons + ctx.os() << "Unknown (" << v[0] << ")"; break; + } + ctx.os() << "; Seq " << v[1]; +- if (v[0] == 3) { ++ if (v[0] == 3 && v.size() >= 3) { + switch(v[2]) { + case 1: ctx.os() << " Left -> Right"; break; + case 2: ctx.os() << " Right -> Left"; break; +@@ -387,6 +409,7 @@ void + dpyOlymZoom(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getRATIONAL(); ++ if (v.empty()) return; + ctx.startBlock(name); + double a = v[0]; + if (a == 0.0) { +@@ -414,6 +437,7 @@ void + dpyCanonBlock1(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getUVALUE(); ++ if (v.size() < 33) v.resize(33, 0); + + try { + int n = v[0] / 2; +@@ -542,6 +566,7 @@ dpyCanonBlock1(OutputContext &ctx, const char *name, const IFDEntry &e, const vo + extern void dpyCanonBlock4(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getUVALUE(); ++ if (v.size() < 16) v.resize(16, 0); + + try { + // int n = v[0] / 2; +@@ -586,6 +611,7 @@ extern void dpyCanonBlock4(OutputContext &ctx, const char *name, const IFDEntry + extern void dpyCanonImageNumber(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getUVALUE(); ++ if (v.empty()) return; + + try { + unsigned long n = v[0]; +@@ -607,6 +633,7 @@ extern void dpyCanonImageNumber(OutputContext &ctx, const char *name, const IFDE + extern void dpyCanonSerialNumber(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getUVALUE(); ++ if (v.empty()) return; + + try { + unsigned long n = v[0]; +@@ -623,6 +650,7 @@ extern void dpyCanonSerialNumber(OutputContext &ctx, const char *name, const IFD + extern void dpyCasioDistance(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { + vector v = e.getUVALUE(); ++ if (v.empty()) return; + + const char* units = "mm"; + double dist = double(v[0]); +@@ -644,8 +672,9 @@ extern void dpyCasioDistance(OutputContext &ctx, const char *name, const IFDEntr + + extern void dpyExifFlash(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) + { +- ctx.startBlock(name); + vector v = e.getUVALUE(); ++ if (v.empty()) return; ++ ctx.startBlock(name); + + if (v[0] & 0x01) { + ctx.os() << "Flash Fired; "; +@@ -707,7 +736,7 @@ extern void dpyZoomRatio(OutputContext &ctx, const char *name, const IFDEntry &e + if (e.getType() == tSRATIONAL) { + vector v = e.getSRATIONAL(); + +- if (v[0].getNumerator() == 0) { ++ if (v.empty() || v[0].getNumerator() == 0) { + ctx.os() << "None"; + } else { + displayRational(ctx, v[0]); +@@ -716,7 +745,7 @@ extern void dpyZoomRatio(OutputContext &ctx, const char *name, const IFDEntry &e + } else { + vector v = e.getRATIONAL(); + +- if (v[0].getNumerator() == 0) { ++ if (v.empty() || v[0].getNumerator() == 0) { + ctx.os() << "None"; + } else { + displayRational(ctx, v[0]); +@@ -734,7 +763,7 @@ extern void dpyRationalDistance(OutputContext &ctx, const char *name, const IFDE + if (e.getType() == tSRATIONAL) { + vector v = e.getSRATIONAL(); + +- if (v[0].getNumerator() == 0) { ++ if (v.empty() || v[0].getNumerator() == 0) { + ctx.os() << "Unknown"; + } else if (v[0].getDenominator() == 0) { + ctx.os() << "Infinity"; +@@ -745,7 +774,7 @@ extern void dpyRationalDistance(OutputContext &ctx, const char *name, const IFDE + } else { + vector v = e.getRATIONAL(); + +- if (v[0].getNumerator() == 0) { ++ if (v.empty() || v[0].getNumerator() == 0) { + ctx.os() << "Unknown"; + } else if (v[0].getDenominator() == 0) { + ctx.os() << "Infinity"; +@@ -764,7 +793,7 @@ extern void dpy35mmFocal(OutputContext &ctx, const char *name, const IFDEntry &e + + vector v = e.getUVALUE(); + +- if (v[0] == 0) { ++ if (v.empty() || v[0] == 0) { + ctx.os() << "Unknown"; + } else { + ctx.os() << v[0] << "mm"; +@@ -776,6 +805,7 @@ extern void dpy35mmFocal(OutputContext &ctx, const char *name, const IFDEntry &e + void + dpyNikonFocusPosition(OutputContext &ctx, const char *name, const IFDEntry &e, const void*) { + vector v = e.getOPAQUE(); ++ if (v.size() < 2) return; + ctx.startBlock(name); + const char *val = findLookup((int)v[1], lookFocusPosition); + if (val) { +@@ -842,6 +872,7 @@ void + dpyNikkorLensInfo(OutputContext &ctx, const char *name, + const IFDEntry &e, const void*) { + vector v = e.getOPAQUE(); ++ if (v.size() <= 0x17) return; + ctx.startBlock(name); + + double d; diff -Nru metacam-1.2/debian/patches/60_fix-BTS-crash-on-long-string.patch metacam-1.2/debian/patches/60_fix-BTS-crash-on-long-string.patch --- metacam-1.2/debian/patches/60_fix-BTS-crash-on-long-string.patch 1970-01-01 00:00:00.000000000 +0000 +++ metacam-1.2/debian/patches/60_fix-BTS-crash-on-long-string.patch 2019-01-20 17:33:04.000000000 +0000 @@ -0,0 +1,23 @@ +Description: Fix crashes on ill-formed Jpeg images. + The patch fixes a buffer overrun, occurring + while reading a string field from file. +Author: Aleksey Kravchenko +Bug-Debian: https://bugs.debian.org/779697 +Last-Update: 2019-01-21 +diff --git a/dataifdentry.cc b/dataifdentry.cc +index 8068cc5..93d77c5 100644 +--- a/dataifdentry.cc ++++ b/dataifdentry.cc +@@ -116,9 +116,10 @@ _DataIFDEntry::getSTRING() const + vector v; + if (getRawType() != tASCII) {return v;} + char tmpbuf[1024]; ++ size_t size = (value_count < 1023 ? value_count : 1023); + source.seek(offset); +- source.getData((unsigned char *)tmpbuf, value_count); +- tmpbuf[value_count] = 0; ++ source.getData((unsigned char *)tmpbuf, size); ++ tmpbuf[size] = 0; + v.push_back(string(tmpbuf)); + return v; + } diff -Nru metacam-1.2/debian/patches/70-fix-crash-on-canon-flash-modes.patch metacam-1.2/debian/patches/70-fix-crash-on-canon-flash-modes.patch --- metacam-1.2/debian/patches/70-fix-crash-on-canon-flash-modes.patch 1970-01-01 00:00:00.000000000 +0000 +++ metacam-1.2/debian/patches/70-fix-crash-on-canon-flash-modes.patch 2019-01-20 17:33:04.000000000 +0000 @@ -0,0 +1,21 @@ +Description: Fix Metacam crash on certain canon camera flash modes. + Metacam segfaults on certain Flash Modes of Canon cameras. + The patch corrects array indexing, thus avoiding out of bounds + array access. For correct index to CanonFlashMode mapping see: + https://sno.phy.queensu.ca/~phil/exiftool/TagNames/Canon.html +Author: Aleksey Kravchenko +Bug-Ubuntu: https://launchpad.net/bugs/298580 +Last-Update: 2019-01-21 +diff --git a/dpyfuncs.cc b/dpyfuncs.cc +index 5a3aeed..37629cd 100644 +--- a/dpyfuncs.cc ++++ b/dpyfuncs.cc +@@ -457,7 +457,7 @@ dpyCanonBlock1(OutputContext &ctx, const char *name, const IFDEntry &e, const vo + "Auto + Red-Eye Reduction", "On + Red-Eye Reduction" + }; + if (v[4] <= 6) +- fmt(ctx, "Flash Mode", flashmodes[v[4]]); ++ fmt(ctx, "Flash Mode", flashmodes[v[4] - 1]); + else if (v[4] == 16) + fmt(ctx, "Flash Mode", "External"); + } else diff -Nru metacam-1.2/debian/patches/series metacam-1.2/debian/patches/series --- metacam-1.2/debian/patches/series 2018-09-16 02:13:46.000000000 +0000 +++ metacam-1.2/debian/patches/series 2019-01-20 17:33:04.000000000 +0000 @@ -1,3 +1,7 @@ 10_add-GCC-hardening.patch 20_fix-gcc-4.3.patch 30_fix-GCC-warnings.patch +40_support-noopt-build.patch +50_fix-BTS-crash-on-illformed-jpeg.patch +60_fix-BTS-crash-on-long-string.patch +70-fix-crash-on-canon-flash-modes.patch diff -Nru metacam-1.2/debian/upstream/metadata metacam-1.2/debian/upstream/metadata --- metacam-1.2/debian/upstream/metadata 1970-01-01 00:00:00.000000000 +0000 +++ metacam-1.2/debian/upstream/metadata 2019-01-20 17:33:04.000000000 +0000 @@ -0,0 +1,4 @@ +Name: metacam +Cite-As: MetaCam +Contact: daniel@cheeseplant.org +Changelog: http://www.cheeseplant.org/~daniel/pages/metacam.html