From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kei Kebreau Subject: Re: Security bugs in freeimage bundled libraries [was Re: 01/02: gnu: freeimage: Fix CVE-2016-5684.] Date: Fri, 14 Oct 2016 20:09:08 -0400 Message-ID: <87mvi6xyl7.fsf@openmailbox.org> References: <20161014104404.22087.86582@vcs.savannah.gnu.org> <20161014104405.901E322012A@vcs.savannah.gnu.org> <20161014174820.GA30644@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46746) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bvCXn-0004JC-6n for guix-devel@gnu.org; Fri, 14 Oct 2016 20:09:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bvCXh-0004QX-VT for guix-devel@gnu.org; Fri, 14 Oct 2016 20:09:42 -0400 Received: from smtp19.openmailbox.org ([62.4.1.53]:54758 helo=smtp4.openmailbox.org) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1bvCXh-0004Pl-FD for guix-devel@gnu.org; Fri, 14 Oct 2016 20:09:37 -0400 In-Reply-To: <20161014174820.GA30644@jasmine> (Leo Famulari's message of "Fri, 14 Oct 2016 13:48:20 -0400") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Fri, Oct 14, 2016 at 10:44:05AM +0000, Efraim Flashner wrote: >> efraim pushed a commit to branch master >> in repository guix. >>=20 >> commit 76e8566c1b3c4876d649e712a5c8c473fd48d134 >> Author: Efraim Flashner >> Date: Fri Oct 14 11:28:21 2016 +0300 >>=20 >> gnu: freeimage: Fix CVE-2016-5684. >>=20=20=20=20=20 >> * gnu/packages/image.scm (freeimage)[source]: Add patch. >> * gnu/packages/patches/freeimage-CVE-2016-5684.patch: New file. >> * gnu/local.mk (dist_patch_DATA): Register it. >> --- >> gnu/local.mk | 1 + >> gnu/packages/image.scm | 3 +- >> gnu/packages/patches/freeimage-CVE-2016-5684.patch | 34 +++++++++++++= +++++++ >> 3 files changed, 37 insertions(+), 1 deletion(-) > > Efraim pointed out on IRC that our freeimage packages bundles many > 3rd-party libraries: > > $ ls -1 FreeImage/Source > CacheFile.h > DeprecationManager > FreeImage > FreeImage.h > FreeImageIO.h > FreeImageLib > FreeImageToolkit > LibJPEG > LibJXR > LibOpenJPEG > LibPNG > LibRawLite > LibTIFF4 > LibWebP > MapIntrospector.h > Metadata > OpenEXR > Plugin.h > Quantizers.h > ToneMapping.h > Utilities.h > ZLib > > Debian has a patch to make it use "system" copies of the libraries: > > https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/tre= e/debian/patches/Disable-vendored-dependencies.patch?h=3Ddebian/sid > > For now, our freeimage package is probably vulnerable to many publicly > disclosed security bugs. > > Who volunteers to try fixing this? The patch is attached. I've removed the bit from Debian that disables JPEG transformation functions, as seen below. JPEGTransform.cpp (in Source/FreeImageToolkit) gave me some trouble when I left that part of the patch alone. @@ -473,6 +477,9 @@ FI_ENUM(FREE_IMAGE_DITHER) { FID_BAYER16x16 =3D 6 //! Bayer ordered dispersed dot dithering (order 4 = dithering matrix) }; =20 +/* Debian: The JPEGTransform functions are deliberately disabled in our bu= ild + of FreeImage, since they require usage of the vendored copy of libjpeg.= */ +#if 0 /** Lossless JPEG transformations Constants used in FreeImage_JPEGTransform */ @@ -486,6 +493,7 @@ FI_ENUM(FREE_IMAGE_JPEG_OPERATION) { FIJPEG_OP_ROTATE_180 =3D 6, //! 180-degree rotation FIJPEG_OP_ROTATE_270 =3D 7 //! 270-degree clockwise (or 90 ccw) }; +#endif =20 /** Tone mapping operators. Constants used in FreeImage_ToneMapping. @@ -1076,7 +1084,9 @@ DLL_API const char* DLL_CALLCONV FreeImage_TagToStrin= g(FREE_IMAGE_MDMODEL model, // -----------------------------------------------------------------------= --- // JPEG lossless transformation routines // -----------------------------------------------------------------------= --- =2D +/* Debian: The JPEGTransform functions are deliberately disabled in our bu= ild + of FreeImage, since they require usage of the vendored copy of libjpeg.= */ +#if 0 DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransform(const char *src_file, co= nst char *dst_file, FREE_IMAGE_JPEG_OPERATION operation, BOOL perfect FI_DE= FAULT(TRUE)); DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformU(const wchar_t *src_file= , const wchar_t *dst_file, FREE_IMAGE_JPEG_OPERATION operation, BOOL perfec= t FI_DEFAULT(TRUE)); DLL_API BOOL DLL_CALLCONV FreeImage_JPEGCrop(const char *src_file, const c= har *dst_file, int left, int top, int right, int bottom); @@ -1085,6 +1095,7 @@ DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformFrom= Handle(FreeImageIO* src_io, DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformCombined(const char *src_= file, const char *dst_file, FREE_IMAGE_JPEG_OPERATION operation, int* left,= int* top, int* right, int* bottom, BOOL perfect FI_DEFAULT(TRUE)); DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformCombinedU(const wchar_t *= src_file, const wchar_t *dst_file, FREE_IMAGE_JPEG_OPERATION operation, int= * left, int* top, int* right, int* bottom, BOOL perfect FI_DEFAULT(TRUE)); DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformCombinedFromMemory(FIMEMO= RY* src_stream, FIMEMORY* dst_stream, FREE_IMAGE_JPEG_OPERATION operation, = int* left, int* top, int* right, int* bottom, BOOL perfect FI_DEFAULT(TRUE)= ); +#endif --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=0001-gnu-freeimage-Disable-in-tree-third-party-libraries.patch Content-Transfer-Encoding: quoted-printable From=204ef0c85c769aa4bc7a528c13eee1c61705e61479 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Fri, 14 Oct 2016 18:09:45 -0400 Subject: [PATCH] gnu: freeimage: Disable in-tree third-party libraries. * gnu/packages/image.scm (freeimage)[source]: Add patch. * gnu/packages/patches/freeimage-disable-vendored-dependencies.patch: New f= ile. * gnu/local.mk (dist_patch_DATA): Register it. =2D-- gnu/local.mk | 1 + gnu/packages/image.scm | 6 +- .../freeimage-disable-vendored-dependencies.patch | 398 +++++++++++++++++= ++++ 3 files changed, 404 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/freeimage-disable-vendored-depende= ncies.patch diff --git a/gnu/local.mk b/gnu/local.mk index a9343f0..a151d2b 100644 =2D-- a/gnu/local.mk +++ b/gnu/local.mk @@ -526,6 +526,7 @@ dist_patch_DATA =3D \ %D%/packages/patches/fltk-xfont-on-demand.patch \ %D%/packages/patches/fontconfig-CVE-2016-5384.patch \ %D%/packages/patches/fontforge-svg-modtime.patch \ + %D%/packages/patches/freeimage-disable-vendored-dependencies.patch \ %D%/packages/patches/freeimage-CVE-2015-0852.patch \ %D%/packages/patches/freeimage-CVE-2016-5684.patch \ %D%/packages/patches/gawk-fts-test.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 7455bb8..a2b52d2 100644 =2D-- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -581,7 +581,8 @@ supplies a generic doubly-linked list and some string f= unctions.") (sha256 (base32 "12bz57asdcfsz3zr9i9nska0fb6h3z2aizy412qjqkixkginbz7v")) =2D (patches (search-patches "freeimage-CVE-2015-0852.patch" + (patches (search-patches "freeimage-disable-vendored-dependenc= ies.patch" + "freeimage-CVE-2015-0852.patch" "freeimage-CVE-2016-5684.patch")))) (build-system gnu-build-system) (arguments @@ -596,6 +597,9 @@ supplies a generic doubly-linked list and some string f= unctions.") #t))) #:make-flags '("CC=3Dgcc") #:tests? #f)) ; no check target + (inputs + `(("libwebp" ,libwebp) + ("openexr" ,openexr))) (native-inputs `(("unzip" ,unzip))) ;; Fails to build on MIPS due to assembly code in the source. diff --git a/gnu/packages/patches/freeimage-disable-vendored-dependencies.p= atch b/gnu/packages/patches/freeimage-disable-vendored-dependencies.patch new file mode 100644 index 0000000..c466a10 =2D-- /dev/null +++ b/gnu/packages/patches/freeimage-disable-vendored-dependencies.patch @@ -0,0 +1,398 @@ +This patch was copied from Debian. + +diff --git a/Source/FreeImage.h b/Source/FreeImage.h +index e2d1c5a..94d817d 100644 +--- a/Source/FreeImage.h ++++ b/Source/FreeImage.h +@@ -410,7 +410,11 @@ FI_ENUM(FREE_IMAGE_FORMAT) { + FIF_DDS =3D 24, + FIF_GIF =3D 25, + FIF_HDR =3D 26, +- FIF_FAXG3 =3D 27, ++/* Debian: The G3 fax format plugin is deliberately disabled in our build= of ++ FreeImage, since it requires usage of the vendored copy of libtiff. */ ++#if 0 ++ FIF_FAXG3 =3D 27, ++#endif + FIF_SGI =3D 28, + FIF_EXR =3D 29, + FIF_J2K =3D 30, + + // ----------------------------------------------------------------------= ---- +diff --git a/Source/FreeImage/J2KHelper.cpp b/Source/FreeImage/J2KHelper.c= pp +index 1776c3b..538f1c5 100644 +--- a/Source/FreeImage/J2KHelper.cpp ++++ b/Source/FreeImage/J2KHelper.cpp +@@ -21,7 +21,7 @@ +=20 + #include "FreeImage.h" + #include "Utilities.h" +-#include "../LibOpenJPEG/openjpeg.h" ++#include + #include "J2KHelper.h" +=20 + // ----------------------------------------------------------------------= ---- +diff --git a/Source/FreeImage/Plugin.cpp b/Source/FreeImage/Plugin.cpp +index 57ebffd..c883a31 100644 +--- a/Source/FreeImage/Plugin.cpp ++++ b/Source/FreeImage/Plugin.cpp +@@ -263,7 +263,11 @@ FreeImage_Initialise(BOOL load_local_plugins_only) { + s_plugins->AddNode(InitDDS); + s_plugins->AddNode(InitGIF); + s_plugins->AddNode(InitHDR); ++/* The G3 fax format plugin is deliberately disabled in our build of Free= Image ++ since it requires usage of the vendored copy of libtiff. */ ++#if 0 + s_plugins->AddNode(InitG3); ++#endif + s_plugins->AddNode(InitSGI); + s_plugins->AddNode(InitEXR); + s_plugins->AddNode(InitJ2K); +diff --git a/Source/FreeImage/PluginEXR.cpp b/Source/FreeImage/PluginEXR.c= pp +index b286430..9bf3ada 100644 +--- a/Source/FreeImage/PluginEXR.cpp ++++ b/Source/FreeImage/PluginEXR.cpp +@@ -28,16 +28,16 @@ + #pragma warning (disable : 4800) // ImfVersion.h - 'const int' : forcing = value to bool 'true' or 'false' (performance warning) + #endif=20 +=20 +-#include "../OpenEXR/IlmImf/ImfIO.h" +-#include "../OpenEXR/Iex/Iex.h" +-#include "../OpenEXR/IlmImf/ImfOutputFile.h" +-#include "../OpenEXR/IlmImf/ImfInputFile.h" +-#include "../OpenEXR/IlmImf/ImfRgbaFile.h" +-#include "../OpenEXR/IlmImf/ImfChannelList.h" +-#include "../OpenEXR/IlmImf/ImfRgba.h" +-#include "../OpenEXR/IlmImf/ImfArray.h" +-#include "../OpenEXR/IlmImf/ImfPreviewImage.h" +-#include "../OpenEXR/Half/half.h" ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include +=20 +=20 + // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +diff --git a/Source/FreeImage/PluginJ2K.cpp b/Source/FreeImage/PluginJ2K.c= pp +index b8bcfc8..621a903 100644 +--- a/Source/FreeImage/PluginJ2K.cpp ++++ b/Source/FreeImage/PluginJ2K.cpp +@@ -21,7 +21,7 @@ +=20 + #include "FreeImage.h" + #include "Utilities.h" +-#include "../LibOpenJPEG/openjpeg.h" ++#include + #include "J2KHelper.h" +=20 + // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +diff --git a/Source/FreeImage/PluginJP2.cpp b/Source/FreeImage/PluginJP2.c= pp +index 742fe2c..c57f626 100644 +--- a/Source/FreeImage/PluginJP2.cpp ++++ b/Source/FreeImage/PluginJP2.cpp +@@ -21,7 +21,7 @@ +=20 + #include "FreeImage.h" + #include "Utilities.h" +-#include "../LibOpenJPEG/openjpeg.h" ++#include + #include "J2KHelper.h" +=20 + // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +diff --git a/Source/FreeImage/PluginJPEG.cpp b/Source/FreeImage/PluginJPEG= .cpp +index 573989c..aaeefa4 100644 +--- a/Source/FreeImage/PluginJPEG.cpp ++++ b/Source/FreeImage/PluginJPEG.cpp +@@ -35,9 +35,9 @@ extern "C" { + #undef FAR + #include +=20 +-#include "../LibJPEG/jinclude.h" +-#include "../LibJPEG/jpeglib.h" +-#include "../LibJPEG/jerror.h" ++#include ++#include ++#include + } +=20 + #include "FreeImage.h" +diff --git a/Source/FreeImage/PluginJXR.cpp b/Source/FreeImage/PluginJXR.c= pp +index 0e14e09..3e9fb87 100644 +--- a/Source/FreeImage/PluginJXR.cpp ++++ b/Source/FreeImage/PluginJXR.cpp +@@ -23,7 +23,7 @@ + #include "Utilities.h" + #include "../Metadata/FreeImageTag.h" +=20 +-#include "../LibJXR/jxrgluelib/JXRGlue.h" ++#include +=20 + // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + // Plugin Interface +diff --git a/Source/FreeImage/PluginPNG.cpp b/Source/FreeImage/PluginPNG.c= pp +index ba2ef17..c3c5cd6 100644 +--- a/Source/FreeImage/PluginPNG.cpp ++++ b/Source/FreeImage/PluginPNG.cpp +@@ -40,8 +40,8 @@ +=20 + // ---------------------------------------------------------- +=20 +-#include "../ZLib/zlib.h" +-#include "../LibPNG/png.h" ++#include ++#include +=20 + // ---------------------------------------------------------- +=20 +diff --git a/Source/FreeImage/PluginRAW.cpp b/Source/FreeImage/PluginRAW.c= pp +index e9bd5bf..c7f8758 100644 +--- a/Source/FreeImage/PluginRAW.cpp ++++ b/Source/FreeImage/PluginRAW.cpp +@@ -19,7 +19,7 @@ + // Use at your own risk! + // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +=20 +-#include "../LibRawLite/libraw/libraw.h" ++#include +=20 + #include "FreeImage.h" + #include "Utilities.h" +diff --git a/Source/FreeImage/PluginTIFF.cpp b/Source/FreeImage/PluginTIFF= .cpp +index 1b45453..3f723d4 100644 +--- a/Source/FreeImage/PluginTIFF.cpp ++++ b/Source/FreeImage/PluginTIFF.cpp +@@ -37,9 +37,9 @@ +=20 + #include "FreeImage.h" + #include "Utilities.h" +-#include "../LibTIFF4/tiffiop.h" ++#include + #include "../Metadata/FreeImageTag.h" +-#include "../OpenEXR/Half/half.h" ++#include +=20 + #include "FreeImageIO.h" + #include "PSDParser.h" +diff --git a/Source/FreeImage/PluginWebP.cpp b/Source/FreeImage/PluginWebP= .cpp +index 9fb0b69..31837d4 100644 +--- a/Source/FreeImage/PluginWebP.cpp ++++ b/Source/FreeImage/PluginWebP.cpp +@@ -24,10 +24,10 @@ +=20 + #include "../Metadata/FreeImageTag.h" +=20 +-#include "../LibWebP/src/webp/decode.h" +-#include "../LibWebP/src/webp/encode.h" +-#include "../LibWebP/src/enc/vp8enci.h" +-#include "../LibWebP/src/webp/mux.h" ++#include ++#include ++// #include "../LibWebP/src/enc/vp8enci.h" ++#include +=20 + // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + // Plugin Interface +diff --git a/Source/FreeImage/ZLibInterface.cpp b/Source/FreeImage/ZLibInt= erface.cpp +index 3ab6d32..1a90904 100644 +--- a/Source/FreeImage/ZLibInterface.cpp ++++ b/Source/FreeImage/ZLibInterface.cpp +@@ -19,10 +19,9 @@ + // Use at your own risk! + // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +=20 +-#include "../ZLib/zlib.h" ++#include + #include "FreeImage.h" + #include "Utilities.h" +-#include "../ZLib/zutil.h" /* must be the last header because of error C3= 163 in VS2008 (_vsnprintf defined in stdio.h) */ +=20 + /** + Compresses a source buffer into a target buffer, using the ZLib library.= =20 +@@ -115,7 +114,7 @@ FreeImage_ZLibGZip(BYTE *target, DWORD target_size, BY= TE *source, DWORD source_s + return 0; + case Z_OK: { + // patch header, setup crc and length (stolen from mod_trace_= output) +- BYTE *p =3D target + 8; *p++ =3D 2; *p =3D OS_CODE; // xflags= , os_code ++ BYTE *p =3D target + 8; *p++ =3D 2; *p =3D 0x03; // xflags, o= s_code (unix) + crc =3D crc32(crc, source, source_size); + memcpy(target + 4 + dest_len, &crc, 4); + memcpy(target + 8 + dest_len, &source_size, 4); +diff --git a/Source/Metadata/XTIFF.cpp b/Source/Metadata/XTIFF.cpp +index d5be902..c1519ca 100644 +--- a/Source/Metadata/XTIFF.cpp ++++ b/Source/Metadata/XTIFF.cpp +@@ -29,13 +29,18 @@ + #pragma warning (disable : 4786) // identifier was truncated to 'number' = characters + #endif +=20 +-#include "../LibTIFF4/tiffiop.h" ++#include +=20 + #include "FreeImage.h" + #include "Utilities.h" + #include "FreeImageTag.h" + #include "FIRational.h" +=20 ++extern "C" ++{ ++ int _TIFFDataSize(TIFFDataType type); ++} ++ + // ---------------------------------------------------------- + // Extended TIFF Directory GEO Tag Support + // ---------------------------------------------------------- +@@ -224,6 +229,33 @@ tiff_write_geotiff_profile(TIFF *tif, FIBITMAP *dib) { + // TIFF EXIF tag reading & writing + // ---------------------------------------------------------- +=20 ++static uint32 exif_tag_ids[] =3D { ++ EXIFTAG_EXPOSURETIME, EXIFTAG_FNUMBER, EXIFTAG_EXPOSUREPROGRAM, ++ EXIFTAG_SPECTRALSENSITIVITY, EXIFTAG_ISOSPEEDRATINGS, EXIFTAG_OECF, ++ EXIFTAG_EXIFVERSION, EXIFTAG_DATETIMEORIGINAL, EXIFTAG_DATETIMEDIGITIZE= D, ++ EXIFTAG_COMPONENTSCONFIGURATION, EXIFTAG_COMPRESSEDBITSPERPIXEL, ++ EXIFTAG_SHUTTERSPEEDVALUE, EXIFTAG_APERTUREVALUE, ++ EXIFTAG_BRIGHTNESSVALUE, EXIFTAG_EXPOSUREBIASVALUE, ++ EXIFTAG_MAXAPERTUREVALUE, EXIFTAG_SUBJECTDISTANCE, EXIFTAG_METERINGMODE, ++ EXIFTAG_LIGHTSOURCE, EXIFTAG_FLASH, EXIFTAG_FOCALLENGTH, ++ EXIFTAG_SUBJECTAREA, EXIFTAG_MAKERNOTE, EXIFTAG_USERCOMMENT, ++ EXIFTAG_SUBSECTIME, EXIFTAG_SUBSECTIMEORIGINAL, ++ EXIFTAG_SUBSECTIMEDIGITIZED, EXIFTAG_FLASHPIXVERSION, EXIFTAG_COLORSPAC= E, ++ EXIFTAG_PIXELXDIMENSION, EXIFTAG_PIXELYDIMENSION, ++ EXIFTAG_RELATEDSOUNDFILE, EXIFTAG_FLASHENERGY, ++ EXIFTAG_SPATIALFREQUENCYRESPONSE, EXIFTAG_FOCALPLANEXRESOLUTION, ++ EXIFTAG_FOCALPLANEYRESOLUTION, EXIFTAG_FOCALPLANERESOLUTIONUNIT, ++ EXIFTAG_SUBJECTLOCATION, EXIFTAG_EXPOSUREINDEX, EXIFTAG_SENSINGMETHOD, ++ EXIFTAG_FILESOURCE, EXIFTAG_SCENETYPE, EXIFTAG_CFAPATTERN, ++ EXIFTAG_CUSTOMRENDERED, EXIFTAG_EXPOSUREMODE, EXIFTAG_WHITEBALANCE, ++ EXIFTAG_DIGITALZOOMRATIO, EXIFTAG_FOCALLENGTHIN35MMFILM, ++ EXIFTAG_SCENECAPTURETYPE, EXIFTAG_GAINCONTROL, EXIFTAG_CONTRAST, ++ EXIFTAG_SATURATION, EXIFTAG_SHARPNESS, EXIFTAG_DEVICESETTINGDESCRIPTION, ++ EXIFTAG_SUBJECTDISTANCERANGE, EXIFTAG_GAINCONTROL, EXIFTAG_GAINCONTROL, ++ EXIFTAG_IMAGEUNIQUEID ++}; ++static int nExifTags =3D sizeof(exif_tag_ids) / sizeof(exif_tag_ids[0]); ++ + /** + Read a single Exif tag +=20 +@@ -575,43 +607,10 @@ tiff_read_exif_tags(TIFF *tif, TagLib::MDMODEL md_mo= del, FIBITMAP *dib) { +=20 + // loop over all Core Directory Tags + // ### uses private data, but there is no other way ++ // -> Fedora: Best we can do without private headers is to hard-code a l= ist of known EXIF tags and read those + if(md_model =3D=3D TagLib::EXIF_MAIN) { +- const TIFFDirectory *td =3D &tif->tif_dir; +- +- uint32 lastTag =3D 0; //<- used to prevent reading some tags twice (as = stored in tif_fieldinfo) +- +- for (int fi =3D 0, nfi =3D (int)tif->tif_nfields; nfi > 0; nfi--, fi++)= { +- const TIFFField *fld =3D tif->tif_fields[fi]; +- +- const uint32 tag_id =3D TIFFFieldTag(fld); +- +- if(tag_id =3D=3D lastTag) { +- continue; +- } +- +- // test if tag value is set +- // (lifted directly from LibTiff _TIFFWriteDirectory) +- +- if( fld->field_bit =3D=3D FIELD_CUSTOM ) { +- int is_set =3D FALSE; +- +- for(int ci =3D 0; ci < td->td_customValueCount; ci++ ) { +- is_set |=3D (td->td_customValues[ci].info =3D=3D fld); +- } +- +- if( !is_set ) { +- continue; +- } +- +- } else if(!TIFFFieldSet(tif, fld->field_bit)) { +- continue; +- } +- +- // process *all* other tags (some will be ignored) +- +- tiff_read_exif_tag(tif, tag_id, dib, md_model); +- +- lastTag =3D tag_id; ++ for (int i =3D 0; i < nExifTags; ++i) { ++ tiff_read_exif_tag(tif, exif_tag_ids[i], dib, md_model); + } +=20 + } +@@ -723,10 +722,9 @@ tiff_write_exif_tags(TIFF *tif, TagLib::MDMODEL md_mo= del, FIBITMAP *dib) { +=20=09 + TagLib& tag_lib =3D TagLib::instance(); +=20=09 +- for (int fi =3D 0, nfi =3D (int)tif->tif_nfields; nfi > 0; nfi--, fi++) { +- const TIFFField *fld =3D tif->tif_fields[fi]; +-=09=09 +- const uint32 tag_id =3D TIFFFieldTag(fld); ++ for (int fi =3D 0, nfi =3D nExifTags; nfi > 0; nfi--, fi++) { ++ const uint32 tag_id =3D exif_tag_ids[fi]; ++ const TIFFField *fld =3D TIFFFieldWithTag(tif, tag_id); +=20 + if(skip_write_field(tif, tag_id)) { + // skip tags that are already handled by the LibTIFF writing process +diff --git a/genfipsrclist.sh b/genfipsrclist.sh +index 41f946d..33b3877 100644 +--- a/genfipsrclist.sh ++++ b/genfipsrclist.sh +@@ -1,18 +1,13 @@ + #!/bin/sh +=20 +-DIRLIST=3D". Source Source/Metadata Source/FreeImageToolkit Source/LibJPE= G Source/LibPNG Source/LibTIFF4 Source/ZLib Source/LibOpenJPEG Source/OpenE= XR Source/OpenEXR/Half Source/OpenEXR/Iex Source/OpenEXR/IlmImf Source/Open= EXR/IlmThread Source/OpenEXR/Imath Source/OpenEXR/IexMath Source/LibRawLite= Source/LibRawLite/dcraw Source/LibRawLite/internal Source/LibRawLite/libra= w Source/LibRawLite/src Source/LibWebP Source/LibJXR Source/LibJXR/common/i= nclude Source/LibJXR/image/sys Source/LibJXR/jxrgluelib Wrapper/FreeImagePl= us" ++DIRLIST=3D"Wrapper/FreeImagePlus" +=20 +=20 + echo "VER_MAJOR =3D 3" > fipMakefile.srcs + echo "VER_MINOR =3D 17.0" >> fipMakefile.srcs +=20 + echo -n "SRCS =3D " >> fipMakefile.srcs +-for DIR in $DIRLIST; do +- VCPRJS=3D`echo $DIR/*.2008.vcproj` +- if [ "$VCPRJS" !=3D "$DIR/*.2008.vcproj" ]; then +- egrep 'RelativePath=3D.*\.(c|cpp)' $DIR/*.2008.vcproj | cut -d'"' -f2 |= tr '\\' '/' | awk '{print "'$DIR'/"$0}' | tr '\r\n' ' ' | tr -s ' ' >> fi= pMakefile.srcs +- fi +-done ++find Wrapper/FreeImagePlus/src -name '*.cpp' -print | LC_ALL=3DC sort | x= args echo -n >> fipMakefile.srcs + echo >> fipMakefile.srcs +=20 + echo -n "INCLUDE =3D" >> fipMakefile.srcs +diff --git a/gensrclist.sh b/gensrclist.sh +index dbfb98d..3e4747d 100644 +--- a/gensrclist.sh ++++ b/gensrclist.sh +@@ -1,21 +1,16 @@ + #!/bin/sh +=20 +-DIRLIST=3D". Source Source/Metadata Source/FreeImageToolkit Source/LibJPE= G Source/LibPNG Source/LibTIFF4 Source/ZLib Source/LibOpenJPEG Source/OpenE= XR Source/OpenEXR/Half Source/OpenEXR/Iex Source/OpenEXR/IlmImf Source/Open= EXR/IlmThread Source/OpenEXR/Imath Source/OpenEXR/IexMath Source/LibRawLite= Source/LibRawLite/dcraw Source/LibRawLite/internal Source/LibRawLite/libra= w Source/LibRawLite/src Source/LibWebP Source/LibJXR Source/LibJXR/common/i= nclude Source/LibJXR/image/sys Source/LibJXR/jxrgluelib" ++DIRLIST=3D`find Source -type d | LC_ALL=3DC sort` +=20 + echo "VER_MAJOR =3D 3" > Makefile.srcs + echo "VER_MINOR =3D 17.0" >> Makefile.srcs +=20 + echo -n "SRCS =3D " >> Makefile.srcs +-for DIR in $DIRLIST; do +- VCPRJS=3D`echo $DIR/*.2008.vcproj` +- if [ "$VCPRJS" !=3D "$DIR/*.2008.vcproj" ]; then +- egrep 'RelativePath=3D.*\.(c|cpp)' $DIR/*.2008.vcproj | cut -d'"' -f2 |= tr '\\' '/' | awk '{print "'$DIR'/"$0}' | tr '\r\n' ' ' | tr -s ' ' >> Ma= kefile.srcs +- fi +-done ++find Source -name '*.c' -or -name '*.cpp' -not -name 'PluginG3.cpp' -not = -name 'JPEGTransform.cpp' | LC_ALL=3DC sort | xargs echo -n >> Makefile.srcs + echo >> Makefile.srcs +=20 + echo -n "INCLS =3D " >> Makefile.srcs +-find . -name "*.h" -print | xargs echo >> Makefile.srcs ++find Source -name '*.h' | LC_ALL=3DC sort | xargs echo -n >> Makefile.srcs + echo >> Makefile.srcs +=20 + echo -n "INCLUDE =3D" >> Makefile.srcs =2D-=20 2.10.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYAXOkAAoJEOal7jwZRnoNO3oP/3QktGn/m+YdLkq6t3xybUFA 2+SgSHp/CeDDz+nTgFQUIzAZQ70f0M/PI4Jtnb/ZQr4PMuT3ld8Xa9+DCtdGvLaf Q5Yd6soQ0iMVjJI/+nl6OcyJNbqy9PTYas+dvELboCS+mtEVmJmCUF2ofxoGAMmN cqai3wwMkEcdjwcrwIXF5dtm8kid82k6PhIrZqSN+u0fGUrhQyLPLKpQYIGrTWkE fQiYQ6VjvpBb8BQyKU6ucYebZOm7xnqRdsqbbr5gC4I/+BBgWosU3lepnwyEnJ1u 5BwooHcy55l3L7inM/O3RKUtbFa0LGCXj1yf65GYgEMunGbVgv+xkci1a1pDqSnY 8PNt1ci10smaaZ1vTJzFp6M5nWuQMkjb0supxcxrJTvTzLRQInWdMQGNl7+qtyTN bM64w/5dmhMLF0O7wfSthQ9LtU3ZV5sb7wAmXviJVACeRl6P89/EXkwRyWfzuABp G0lHyQ3HmHIRXXeKeRijubmimx5vB+/TDProwiVAg9zIS5R9A68yG0GPwoh4b07j DDbN4OWyNk78mkcaorzOh09QBgo4nIEPlRX2UDdYQy1E7XEVawZ0BF1g5WKZiJNl 0yI/qBCiXxgFGU2F2z1TE7/PIoOhffYh3AAU/hWS19atwcgqt30ZlEZiZYfIhkLU a48nTeCsA20lGNe490sd =S86y -----END PGP SIGNATURE----- --==-=-=--