rpms
/
perl-Image-Info
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import perl-Image-Info-1.42-7.el9

Browse Source
i9ce changed/i9ce/perl-Image-Info-1.42-7.el9
MSVSphere Packaging Team 1 year ago
commit 818864a2a5
4 changed files with 756 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/Image-Info-1.42.tar.gz

1
.perl-Image-Info.metadata
Unescape View File

@ -0,0 +1 @@
6616b60657fc344b6299442b82d8d43905befc26 SOURCES/Image-Info-1.42.tar.gz

475
SOURCES/Image-Info-1.38-Image-Info-1.38_50.-w.diff
Unescape View File

@ -0,0 +1,475 @@
diff -Npurw Image-Info-1.38/CHANGES Image-Info-1.38_50/CHANGES
--- Image-Info-1.38/CHANGES 2015-04-19 22:35:39.744193016 -0700
+++ Image-Info-1.38_50/CHANGES 2016-10-01 10:35:33.176819063 -0700
@@ -1,5 +1,12 @@
Revision history for Image::Info
+2016-10-01 Slaven Rezic <slaven@rezic.de>
+
+ Release 1.38_50
+
+ Don't allow XXE (XML External Entities) processing. Addresses RT
+ #118205.
+
2015-04-19 Slaven Rezic <slaven@rezic.de>
Release 1.38
diff -Npurw Image-Info-1.38/dev/Info.pm.tmpl Image-Info-1.38_50/dev/Info.pm.tmpl
--- Image-Info-1.38/dev/Info.pm.tmpl 2015-04-19 22:35:39.744193016 -0700
+++ Image-Info-1.38_50/dev/Info.pm.tmpl 2016-10-01 10:35:33.176819063 -0700
@@ -13,12 +13,12 @@ package Image::Info;
# modify it under the same terms as Perl v5.8.8 itself.
#
# Previously maintained by Tels - (c) 2006 - 2008.
-# Currently maintained by Slaven Rezic - (c) 2008 - 2015.
+# Currently maintained by Slaven Rezic - (c) 2008 - 2016.
use strict;
use vars qw($VERSION @EXPORT_OK);
-$VERSION = '1.38';
+$VERSION = '1.38_50';
require Exporter;
*import = \&Exporter::import;
diff -Npurw Image-Info-1.38/img/xxe.svg Image-Info-1.38_50/img/xxe.svg
--- Image-Info-1.38/img/xxe.svg 1969-12-31 16:00:00.000000000 -0800
+++ Image-Info-1.38_50/img/xxe.svg 2016-10-01 10:35:33.180819062 -0700
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE foo [
+ <!ELEMENT foo ANY >
+ <!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="864"
+ height="648">
+ <path
+ d="M 432,0 L 594,0 L 594,36 L 432,36 L 432,0 z"/>
+ &xxe;
+</svg>
diff -Npurw Image-Info-1.38/lib/Image/Info/SVG/XMLLibXMLReader.pm Image-Info-1.38_50/lib/Image/Info/SVG/XMLLibXMLReader.pm
--- Image-Info-1.38/lib/Image/Info/SVG/XMLLibXMLReader.pm 2015-04-19 22:35:39.747193016 -0700
+++ Image-Info-1.38_50/lib/Image/Info/SVG/XMLLibXMLReader.pm 2016-10-01 10:35:33.178819063 -0700
@@ -4,7 +4,7 @@
# $Id: Image_Info_SVG_LibXML.pm,v 1.2 2008/11/22 14:34:16 eserte Exp eserte $
# Author: Slaven Rezic
#
-# Copyright (C) 2008,2009 Slaven Rezic. All rights reserved.
+# Copyright (C) 2008,2009,2016 Slaven Rezic. All rights reserved.
# This package is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
#
@@ -16,7 +16,7 @@ package Image::Info::SVG::XMLLibXMLReade
use strict;
use vars qw($VERSION);
-$VERSION = '1.04';
+$VERSION = '1.05';
use XML::LibXML::Reader;
@@ -30,7 +30,7 @@ sub process_file {
push(@warnings, @_);
};
- my $reader = XML::LibXML::Reader->new(IO => $source, load_ext_dtd => 0)
+ my $reader = XML::LibXML::Reader->new(IO => $source, load_ext_dtd => 0, expand_entities => 0)
or die "Cannot read SVG from handle '$source'";
while($reader->read) {
last if $reader->nodeType == XML_READER_TYPE_ELEMENT;
diff -Npurw Image-Info-1.38/lib/Image/Info/SVG/XMLSimple.pm Image-Info-1.38_50/lib/Image/Info/SVG/XMLSimple.pm
--- Image-Info-1.38/lib/Image/Info/SVG/XMLSimple.pm 2015-04-19 22:35:39.747193016 -0700
+++ Image-Info-1.38_50/lib/Image/Info/SVG/XMLSimple.pm 2016-10-01 10:35:33.179819062 -0700
@@ -1,6 +1,6 @@
package Image::Info::SVG::XMLSimple;
-$VERSION = '1.04';
+$VERSION = '1.05';
use strict;
no strict 'refs';
@@ -36,6 +36,12 @@ sub process_file {
push(@warnings, @_);
};
+ # XML::SAX::PurePerl is the only SAX parser which is not capable
+ # of expanding external entities, so it's the only one not
+ # vulnerable against XXE processing. On the other hand,
+ # XML::SAX::PurePerl is probably the slowest parser, but for
+ # speed one should use XML::LibXML instead.
+ local $XML::Simple::PREFERRED_PARSER = 'XML::SAX::PurePerl';
$xs = XML::Simple->new;
$img = $xs->XMLin($imgdata);
diff -Npurw Image-Info-1.38/lib/Image/Info/SVG.pm Image-Info-1.38_50/lib/Image/Info/SVG.pm
--- Image-Info-1.38/lib/Image/Info/SVG.pm 2015-04-19 22:35:39.745193016 -0700
+++ Image-Info-1.38_50/lib/Image/Info/SVG.pm 2016-10-01 10:35:33.178819063 -0700
@@ -3,7 +3,7 @@
#
# Author: Slaven Rezic
#
-# Copyright (C) 2009,2011 Slaven Rezic. All rights reserved.
+# Copyright (C) 2009,2011,2016 Slaven Rezic. All rights reserved.
# This package is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
#
@@ -12,7 +12,7 @@ package Image::Info::SVG;
use strict;
use vars qw($VERSION @PREFER_MODULE $USING_MODULE);
-$VERSION = '2.02';
+$VERSION = '2.03';
@PREFER_MODULE = qw(Image::Info::SVG::XMLLibXMLReader
Image::Info::SVG::XMLSimple
@@ -100,7 +100,7 @@ This module requires either L<XML::LibXM
Previous versions (until Image-Info-1.28) used L<XML::Simple> as the
underlying parser. Since Image-Info-1.29 the default parser is
-L<XML::LibXML::Reader> (which is much more faster, memory-efficient,
+L<XML::LibXML::Reader> which is much more faster, memory-efficient,
and does not rely on regular expressions for some aspects of XML
parsing. If for some reason you need the old parser, you can force it
by setting the variable C<@Image::Info::SVG::PREFER_MODULE> as early
@@ -112,9 +112,19 @@ as possible:
The variable C<$Image::Info::SVG::USING_MODULE> can be queried to see
which parser is in use (after B<Image::Info::SVG> is required).
+Since 1.38_50 processing of XML external entities (XXE) is not done
+anymore for security reasons in both backends
+(B<Image::Info::SVG::XMLLibXMLReader> and
+B<Image::Info::SVG::XMLSimple>). Controlling XXE processing behavior
+in B<XML::Simple> is not really possible (see
+L<https://rt.cpan.org/Ticket/Display.html?id=83794>), so as a
+workaround the underlying SAX parser is fixed to L<XML::SAX::PurePerl>
+which is uncapable of processing external entities E<0x2014> but
+unfortunately it is also a slow parser.
+
=head1 SEE ALSO
-L<Image::Info>, L<XML::LibXML::Reader>, L<XML::Simple>
+L<Image::Info>, L<XML::LibXML::Reader>, L<XML::Simple>, L<XML::SAX::PurePerl>
=head1 NOTES
diff -Npurw Image-Info-1.38/lib/Image/Info.pm Image-Info-1.38_50/lib/Image/Info.pm
--- Image-Info-1.38/lib/Image/Info.pm 2015-04-19 22:35:39.745193016 -0700
+++ Image-Info-1.38_50/lib/Image/Info.pm 2016-10-01 10:35:33.177819063 -0700
@@ -13,12 +13,12 @@ package Image::Info;
# modify it under the same terms as Perl v5.8.8 itself.
#
# Previously maintained by Tels - (c) 2006 - 2008.
-# Currently maintained by Slaven Rezic - (c) 2008 - 2015.
+# Currently maintained by Slaven Rezic - (c) 2008 - 2016.
use strict;
use vars qw($VERSION @EXPORT_OK);
-$VERSION = '1.38';
+$VERSION = '1.38_50';
require Exporter;
*import = \&Exporter::import;
diff -Npurw Image-Info-1.38/MANIFEST Image-Info-1.38_50/MANIFEST
--- Image-Info-1.38/MANIFEST 2015-04-19 22:35:39.741193016 -0700
+++ Image-Info-1.38_50/MANIFEST 2016-10-01 10:35:33.175819063 -0700
@@ -35,6 +35,7 @@ img/test0-fuji.jpg Testcase for RT #495
img/test1-fuji.jpg Testcase for RT #49546
img/tiny.pgm
img/upside-down.bmp
+img/xxe.svg Testcase for RT #118099
img/ztxt.png PNG example with ztxt chunk
imgdump Test driver script
lib/Bundle/Image/Info/Everything.pm
@@ -80,8 +81,11 @@ t/tiff_e.t
t/tiff_segfault.t
t/tiny-pgm.t
t/wbmp.t
+t/xbm.t
+t/xpm.t
TODO
xt/kwalitee.t
+xt/rt118099.t
xt/strict.t
xt/synopsis.t
META.yml Module YAML meta-data (added by MakeMaker)
diff -Npurw Image-Info-1.38/MANIFEST.SKIP Image-Info-1.38_50/MANIFEST.SKIP
--- Image-Info-1.38/MANIFEST.SKIP 2015-04-19 22:35:39.744193016 -0700
+++ Image-Info-1.38_50/MANIFEST.SKIP 2016-10-01 10:35:33.176819063 -0700
@@ -7,6 +7,7 @@ pm_to_blib
^\.git/
^\.prove\z
^\.travis\.yml\z
+^appveyor\.yml\z
^MYMETA.json$
^MYMETA.yml$
# Temporarily, until Module::Install is fixed (0.93 is broken)
diff -Npurw Image-Info-1.38/META.json Image-Info-1.38_50/META.json
--- Image-Info-1.38/META.json 2015-04-19 22:35:39.744193016 -0700
+++ Image-Info-1.38_50/META.json 2016-10-01 10:35:33.176819063 -0700
@@ -48,11 +48,11 @@
}
}
},
- "release_status" : "stable",
+ "release_status" : "testing",
"resources" : {
"repository" : {
"url" : "git://github.com/eserte/image-info.git"
}
},
- "version" : "1.38"
+ "version" : "1.38_50"
}
diff -Npurw Image-Info-1.38/META.yml Image-Info-1.38_50/META.yml
--- Image-Info-1.38/META.yml 2015-04-19 22:35:39.744193016 -0700
+++ Image-Info-1.38_50/META.yml 2016-10-01 10:35:33.176819063 -0700
@@ -32,4 +32,4 @@ requires:
perl: 5.006
resources:
repository: git://github.com/eserte/image-info.git
-version: 1.38
+version: 1.38_50
diff -Npurw Image-Info-1.38/SIGNATURE Image-Info-1.38_50/SIGNATURE
--- Image-Info-1.38/SIGNATURE 2015-04-19 22:35:39.744193016 -0700
+++ Image-Info-1.38_50/SIGNATURE 2016-10-01 10:35:33.176819063 -0700
@@ -1,5 +1,5 @@
This file contains message digests of all files listed in MANIFEST,
-signed via the Module::Signature module, version 0.73.
+signed via the Module::Signature module, version 0.79.
To verify the content in this distribution, first make sure you have
Module::Signature installed, then type:
@@ -15,16 +15,16 @@ not run its Makefile.PL or Build.PL.
Hash: SHA1
SHA1 c82d6187bf83f92dcd4a4ba9ab8341c3edcc094a .gitignore
-SHA1 93e03daefbe0bfec3c418f671d6ee7206e17e47d CHANGES
+SHA1 b8d32c47657484a8f00aeb166c39b626413e5ed8 CHANGES
SHA1 517bff80bcf518746150086148acaf8cfa37a17d CREDITS
-SHA1 8b13b87882e8e171d87da8495e868415b49a15c9 MANIFEST
-SHA1 396a95962b71b01b3032a31ff5f12a33984c2644 MANIFEST.SKIP
-SHA1 3660da7a8d216cff8b7e11c91ea3ce2bc34b037e META.json
-SHA1 4ebc7bd648c8aa6dd8aedd49a4b233084dbeaf1f META.yml
+SHA1 cdfc42491a4cdaa42af14d791cb39e775f719de7 MANIFEST
+SHA1 7508fd127843a69e30ba4f58f4b4e769f20d49e2 MANIFEST.SKIP
+SHA1 982d477a6fb375bf80e4050d20da36a391cbee8d META.json
+SHA1 90407b78357a66598f6bca877615e2fd2419e941 META.yml
SHA1 fd14642d591e132078fc91a8e54a4a4fed927f46 Makefile.PL
SHA1 0184503d850cb0d34d0cfe26bd5af84d4cf97dbc README
SHA1 36ea8eabe5ac80acc416411aae77b60e1480de1b TODO
-SHA1 0e763171d566addcfff34c7309979a27326b33dd dev/Info.pm.tmpl
+SHA1 741dc9d13bb3d500d4e1dfbfc4b7ca6e6c054b72 dev/Info.pm.tmpl
SHA1 c11e7408bd16d35b2116ee47eaac4f08266be902 dev/build.pl
SHA1 38b386e67725abff64ea00abb8e92c46f38e2f59 exifdump
SHA1 0e2ed058a8e6b748c639b08064f6782c4f51d643 img/bad-exif-1.jpg
@@ -58,6 +58,7 @@ SHA1 2d2565cc6074fc831924dd378a4a5794155
SHA1 603d6eed47d8822cf4bae53bafa18b8044c035a6 img/test1-fuji.jpg
SHA1 d33e338aa7a45dc6fa4cefcdd376916e2267f3f9 img/tiny.pgm
SHA1 e403a1722e5d26002d8afbf29bd497c60f8ee05f img/upside-down.bmp
+SHA1 5023229b3010b9e9ec663ce10e29bd3cbe5486c8 img/xxe.svg
SHA1 684ef627299906409c258ed2a66990a26dd13794 img/ztxt.png
SHA1 376cc1bd8424b1123f0073df81ce5433be4df58e imgdump
SHA1 b28345eb7918c00c9e8190b9b5ebabb326a84d91 lib/Bundle/Image/Info/Everything.pm
@@ -65,16 +66,16 @@ SHA1 4a2ca6a6407e82ba0de7ccde961771365b5
SHA1 777028fc6271fc140b361904b7ff29053d404144 lib/Bundle/Image/Info/SVG.pm
SHA1 ebdf279c647010c1fa17b0003238debdc3e1f80b lib/Bundle/Image/Info/XBM.pm
SHA1 df3482b8e4a6c7b140ebbb1dc0ab56dc60a8e7e7 lib/Bundle/Image/Info/XPM.pm
-SHA1 68d6cc00378159751743e38f955927fe68d5a948 lib/Image/Info.pm
+SHA1 9e6ecc0afed2716b367af226851145254506c1a5 lib/Image/Info.pm
SHA1 6991a957bacde9d3b873184d90d910d083f5f403 lib/Image/Info/BMP.pm
SHA1 0996bffe073126dceb72c04dc5b3002c78c24d56 lib/Image/Info/GIF.pm
SHA1 fb628cb66c566ab66a1b7953a1bb29cfde1c79c7 lib/Image/Info/ICO.pm
SHA1 cb662c31e3429214bdc9f1e7b65fac2c4198f689 lib/Image/Info/JPEG.pm
SHA1 df4bd657aae33fe5ef9cbad6546674ec2de9d53f lib/Image/Info/PNG.pm
SHA1 1b69276ab386d1795469773d6af70ff510c15feb lib/Image/Info/PPM.pm
-SHA1 0de5432c7e9100ee06b6da29ac25114e3a07a783 lib/Image/Info/SVG.pm
-SHA1 e2c4f7ff2bba5a50e2de64e5b43d78fd44b00d6c lib/Image/Info/SVG/XMLLibXMLReader.pm
-SHA1 827501c639b7db47dac2a7e050df6bf887f08161 lib/Image/Info/SVG/XMLSimple.pm
+SHA1 67fcd8cd40c30bf4fb995e232fd51bc261607bd8 lib/Image/Info/SVG.pm
+SHA1 c8aa83ad22ff1684a40bae3f37fccc358842b1d1 lib/Image/Info/SVG/XMLLibXMLReader.pm
+SHA1 c1fe64b6ad5faeeab7d690cd44fd0feaf56952ee lib/Image/Info/SVG/XMLSimple.pm
SHA1 7ed4635fb08eaa8099f0b17ab25c62aabc52437f lib/Image/Info/TIFF.pm
SHA1 ed6fde11752d6450756c815b2dca25f9ad1740d9 lib/Image/Info/WBMP.pm
SHA1 5c896ca4cc89715527f4207bae3c1e3c7a26286a lib/Image/Info/XBM.pm
@@ -99,13 +100,16 @@ SHA1 76e7e08522799dc0f39896c8925aff1d42b
SHA1 c08bf003a891603d6f5f098425a70680a699e31a t/tiff_segfault.t
SHA1 0a5f7c518af4b72fd76fa8def1f51e8691727bdd t/tiny-pgm.t
SHA1 7d7708b0392491f75eb9b68289469c1a488453ca t/wbmp.t
+SHA1 cea87cb4a68f31dd245d911d0c43b581939c3f34 t/xbm.t
+SHA1 982933644977d3879d1b2a269bdfb1ef45723481 t/xpm.t
SHA1 4396e44dfbfe4c2ff26d115bc0eadbce507b7bf0 xt/kwalitee.t
+SHA1 14f51fc143d06dad6d47a810596799652928221e xt/rt118099.t
SHA1 6ef907e37bb4840f96f8d5b16b47991806f21f31 xt/strict.t
-SHA1 40f46c65b4865610c38eeb3cf05482c53e058180 xt/synopsis.t
+SHA1 776c2c96e3155a622221cb1c4989579a652452d7 xt/synopsis.t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-iQBVAwUBVTSHQ79kDNo3Bl+NAQKFagH9FCG+u23Ji0qRMEtZtkEtg9YQw54JrRoE
-mQMsiLIavzZLijrOBxobPzLjpztrcEi9fRAZI9iFyUYGIfqRQWnL9A==
-=6Aux
+iQBVAwUBV+/Xh79kDNo3Bl+NAQJafwH+NhWQkrxt33QbVanjmudO/nB4wvZg+Eox
+GEkmnIXruab/MzuYS9NxqTKycsOESF1DTD2B8Qq+gqYK93i1zQ3sHA==
+=rrGD
-----END PGP SIGNATURE-----
diff -Npurw Image-Info-1.38/t/xbm.t Image-Info-1.38_50/t/xbm.t
--- Image-Info-1.38/t/xbm.t 1969-12-31 16:00:00.000000000 -0800
+++ Image-Info-1.38_50/t/xbm.t 2016-10-01 10:35:33.179819062 -0700
@@ -0,0 +1,33 @@
+#!/usr/bin/perl
+use warnings;
+use strict;
+
+use Test::More;
+BEGIN
+ {
+ plan tests => 8;
+ chdir 't' if -d 't';
+ use lib '../lib';
+ use lib '../blib';
+ use_ok ("Image::Info") or die $@;
+ };
+
+use Image::Info qw(image_info dim);
+
+SKIP: {
+skip 'Image::Xbm needed for the test', 7 unless eval { require Image::Xbm };
+
+my $i = image_info("../img/test.xbm")
+ || die ("Couldn't read test.xbm: $!");
+
+# use Data::Dumper; diag Dumper($i), "\n";
+
+is ($i->{BitsPerSample}, 1, 'BitsPerSample');
+is ($i->{SamplesPerPixel}, 1, 'SamplesPerPixel');
+is ($i->{file_media_type}, 'image/x-xbitmap', 'media type');
+is ($i->{ColorTableSize}, 2, '2 colors');
+is ($i->{color_type}, 'Grey', 'color_type');
+is ($i->{file_ext}, 'xbm', 'file_ext');
+
+is (dim($i), '6x6', 'dim()');
+}
diff -Npurw Image-Info-1.38/t/xpm.t Image-Info-1.38_50/t/xpm.t
--- Image-Info-1.38/t/xpm.t 1969-12-31 16:00:00.000000000 -0800
+++ Image-Info-1.38_50/t/xpm.t 2016-10-01 10:35:33.179819062 -0700
@@ -0,0 +1,34 @@
+#!/usr/bin/perl
+use warnings;
+use strict;
+
+use Test::More;
+BEGIN
+ {
+ plan tests => 9;
+ chdir 't' if -d 't';
+ use lib '../lib';
+ use lib '../blib';
+ use_ok ("Image::Info") or die $@;
+ };
+
+use Image::Info qw(image_info dim);
+
+SKIP: {
+skip 'Image::Xpm needed for the test', 8 unless eval { require Image::Xpm };
+
+my $i = image_info("../img/test.xpm")
+ || die ("Couldn't read test.xpm: $!");
+
+# use Data::Dumper; print Dumper($i), "\n";
+
+is ($i->{ColorResolution}, 8, 'ColorResoltuion');
+is ($i->{BitsPerSample}, 8, 'BitsPerSample');
+is ($i->{SamplesPerPixel}, 1, 'SamplesPerPixel');
+is ($i->{file_media_type}, 'image/x-xpixmap', 'media type');
+is ($i->{ColorTableSize}, 2, '2 colors');
+is ($i->{color_type}, 'Indexed-RGB', 'color_type');
+is ($i->{file_ext}, 'xpm', 'file_ext');
+
+is (dim($i), '127x13', 'dim()');
+}
diff -Npurw Image-Info-1.38/xt/rt118099.t Image-Info-1.38_50/xt/rt118099.t
--- Image-Info-1.38/xt/rt118099.t 1969-12-31 16:00:00.000000000 -0800
+++ Image-Info-1.38_50/xt/rt118099.t 2016-10-01 10:35:33.180819062 -0700
@@ -0,0 +1,69 @@
+#!/usr/bin/perl -w
+# -*- cperl -*-
+
+#
+# Author: Slaven Rezic
+#
+
+use strict;
+use FindBin;
+use IPC::Run 'run';
+use List::Util 'sum';
+use Test::More;
+
+plan skip_all => "Works only on linux (using strace)" if $^O ne 'linux';
+
+my %impl2opts =
+ (
+ 'Image::Info::SVG::XMLSimple' =>
+ [
+ {XML_SAX_Parser => 'XML::Parser'},
+ {XML_SAX_Parser => 'XML::SAX::Expat'},
+ {XML_SAX_Parser => 'XML::SAX::ExpatXS'},
+ {XML_SAX_Parser => 'XML::SAX::PurePerl'},
+ {XML_SAX_Parser => 'XML::LibXML::SAX::Parser'},
+ {XML_SAX_Parser => 'XML::LibXML::SAX'},
+ ],
+ 'Image::Info::SVG::XMLLibXMLReader' => [{}],
+ );
+
+plan tests => 2 * sum map { scalar @$_ } values(%impl2opts);
+
+for my $impl (keys %impl2opts) {
+ my $testname = $impl;
+ my @opts = @{ $impl2opts{$impl} };
+ for my $opt (@opts) {
+ my $testname = $testname . (%$opt ? ", " . join(", ", map { "$_ => $opt->{$_}" } keys %$opt) : '');
+ my @cmd =
+ (
+ $^X, "-I$FindBin::RealBin/../lib", '-MImage::Info=image_info', '-e',
+ ($opt->{XML_SAX_Parser} ? 'require XML::Simple; $XML::Simple::PREFERRED_PARSER = shift; ' : '') .
+ '@Image::Info::SVG::PREFER_MODULE=shift; my $info = image_info(shift); die $info->{error} if $info->{error};',
+ ($opt->{XML_SAX_Parser} ? $opt->{XML_SAX_Parser} : ()),
+ $impl, "$FindBin::RealBin/../img/xxe.svg",
+ );
+ {
+ my $stderr;
+ ok run(\@cmd, '2>', \$stderr), "Run @cmd"
+ or diag $stderr;
+ }
+ {
+ my $success = run(["strace", "-eopen,stat", @cmd], '2>', \my $strace);
+ if (!$success) {
+ if (($opt->{XML_SAX_Parser}||'') eq 'XML::SAX::ExpatXS') {
+ # ignore error
+ } else {
+ die "Error running @cmd with strace";
+ }
+ }
+ my @matching_lines = $strace =~ m{.*/etc/passwd.*}g;
+ is scalar(@matching_lines), 0, "No XXE with $testname"
+ or diag explain \@matching_lines;
+ }
+ }
+}
+
+done_testing;
+
+
+__END__
diff -Npurw Image-Info-1.38/xt/synopsis.t Image-Info-1.38_50/xt/synopsis.t
--- Image-Info-1.38/xt/synopsis.t 2015-04-19 22:35:39.747193016 -0700
+++ Image-Info-1.38_50/xt/synopsis.t 2016-10-01 10:35:33.180819062 -0700
@@ -10,5 +10,3 @@ use Test::More;
eval "use Test::Synopsis";
plan skip_all => "Test::Synopsis required for testing" if $@;
all_synopsis_ok();
-
-done_testing;

279
SPECS/perl-Image-Info.spec
Unescape View File

@ -0,0 +1,279 @@
Name: perl-Image-Info
Version: 1.42
Release: 7%{?dist}
Summary: Image meta information extraction module for Perl
License: GPL+ or Artistic
URL: https://metacpan.org/release/Image-Info
Source0: https://cpan.metacpan.org/authors/id/S/SR/SREZIC/Image-Info-%{version}.tar.gz
BuildArch: noarch
BuildRequires: coreutils
BuildRequires: findutils
BuildRequires: make
BuildRequires: perl-interpreter
BuildRequires: perl-generators
BuildRequires: perl(Carp)
BuildRequires: perl(Compress::Zlib)
BuildRequires: perl(Config)
BuildRequires: perl(constant)
BuildRequires: perl(Exporter)
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(File::Basename)
BuildRequires: perl(File::Spec)
BuildRequires: perl(FindBin)
BuildRequires: perl(Getopt::Long)
BuildRequires: perl(Image::Xbm)
BuildRequires: perl(Image::Xpm)
BuildRequires: perl(IO::Scalar)
BuildRequires: perl(IO::String)
BuildRequires: perl(lib)
BuildRequires: perl(overload)
BuildRequires: perl(strict)
BuildRequires: perl(Test::More)
BuildRequires: perl(Test::Pod)
BuildRequires: perl(Test::Pod::Coverage) >= 1.00
BuildRequires: perl(vars)
BuildRequires: perl(XML::LibXML::Reader)
BuildRequires: perl(XML::Simple)
Requires: rgb
Requires: perl(Compress::Zlib)
Requires: perl(IO::Scalar)
Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
%description
This Perl extension allows you to extract meta information from
various types of image files.
%prep
%setup -q -n Image-Info-%{version}
chmod -c 644 exifdump imgdump
%build
perl Makefile.PL INSTALLDIRS=vendor
make %{?_smp_mflags}
%install
make pure_install DESTDIR=%{buildroot}
find %{buildroot} -type f -name .packlist -delete
%{_fixperms} %{buildroot}/*
%check
make test
%files
%doc CHANGES CREDITS README TODO exifdump imgdump
%{perl_vendorlib}/Bundle/
%{perl_vendorlib}/Image/
%{_mandir}/man3/*.3pm*
%changelog
* Wed Jan 10 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.42-7
- Rebuilt for MSVSphere 9.3
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.42-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sun May 23 2021 Jitka Plesnikova <jplesnik@redhat.com> - 1.42-6
- Perl 5.34 rebuild
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.42-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.42-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 23 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1.42-3
- Perl 5.32 rebuild
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.42-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.42-1
- 1.42 bump
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.41-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri May 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.41-7
- Perl 5.30 rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.41-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.41-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 29 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.41-4
- Perl 5.28 rebuild
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.41-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.41-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon Jul 17 2017 Tom Callaway <spot@fedoraproject.org> - 1.41-1
- update to 1.41
* Mon Jun 05 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1.40-2
- Perl 5.26 rebuild
* Tue Apr 11 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1.40-1
- 1.40 bump
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.39-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Oct 10 2016 Tom Callaway <spot@fedoraproject.org> - 1.39-1
- update to 1.39
* Wed Oct 5 2016 Tom Callaway <spot@fedoraproject.org> - 1.38-6
- apply upstream fix for XXE SVG security issue (bz1379556)
* Mon May 16 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1.38-5
- Perl 5.24 rebuild
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.38-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.38-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Jun 06 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1.38-2
- Perl 5.22 rebuild
* Tue Apr 21 2015 Tom Callaway <spot@fedoraproject.org> - 1.38-1
- update to 1.38
* Fri Mar 20 2015 Tom Callaway <spot@fedoraproject.org> - 1.37-1
- update to 1.37
* Fri Aug 29 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1.33-6
- Perl 5.20 rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.33-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.33-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 24 2013 Petr Pisar <ppisar@redhat.com> - 1.33-3
- Perl 5.18 rebuild
* Wed Jan 30 2013 Paul Howarth <paul@city-fan.org> - 1.33-2
- Don't BR: perl(Image::TIFF); it's provided by this package
* Wed Nov 14 2012 Petr Šabata <contyk@redhat.com> - 1.33-1
- 1.33 bump
- Get rid of the old cruft
- Fix dependencies
- Update the source URL
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.28-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jun 15 2012 Petr Pisar <ppisar@redhat.com> - 1.28-13
- Perl 5.16 rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.28-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu Jul 21 2011 Petr Sabata <contyk@redhat.com> - 1.28-11
- Perl mass rebuild
* Tue Jul 19 2011 Petr Sabata <contyk@redhat.com> - 1.28-10
- Perl mass rebuild
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.28-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Dec 17 2010 Marcela Maslanova <mmaslano@redhat.com> - 1.28-8
- 661697 rebuild for fixing problems with vendorach/lib
* Sun May 02 2010 Marcela Maslanova <mmaslano@redhat.com> - 1.28-7
- Mass rebuild with perl-5.12.0
* Mon Dec 7 2009 Stepan Kasal <skasal@redhat.com> - 1.28-6
- rebuild against perl 5.10.1
* Mon Nov 09 2009 Adam Jackson <ajax@redhat.com> 1.28-5
- Requires: rgb, not Requires: /usr/share/X11/rgb.txt
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.28-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.28-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.28-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Wed Sep 10 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.28-1
- update to 1.28
* Wed Feb 27 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.27-3
- Rebuild for perl 5.10 (again)
* Mon Jan 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.27-2
- rebuild for new perl
* Wed Dec 19 2007 Tom "spot" Callaway <tcallawa@redhat.com> - 1.27-1
- bump to 1.27
* Wed May 30 2007 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.25-1
- Update to 1.25.
* Mon Feb 26 2007 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.24-1
- Update to 1.24.
* Sat Sep 30 2006 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.23-1
- Update to 1.23.
* Sun Jul 16 2006 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.22-1
- Update to 1.22.
* Mon May 1 2006 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.21-2
- Bumping release due to CVS problem.
* Mon May 1 2006 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.21-1
- Update to 1.21.
* Mon Mar 13 2006 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.20-1
- Update to 1.20.
* Wed Mar 8 2006 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.19-1
- Update to 1.19 (broken: cpan tickets: #18020 and #18147).
- Module::Install 0.58 is broken (Image-Info-1.19-inc-Module-Install.pm.patch).
- BR: perl(Image::Xbm), perl(Image::Xpm), perl(XML::Simple).
* Fri Mar 3 2006 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.18-1
- Update to 1.18 (broken: cpan ticket #6558).
- Dropped patches Image-Info-1.16-X[BP]M.pm.patch (accepted upstream).
- Dropped patch Image-Info-1.16-string.t.patch (test has been rewritten).
* Mon Feb 20 2006 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.17-2
- BR: perl(Test::Pod), perl(Test::Pod::Coverage).
* Mon Feb 20 2006 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.17-1
- Update to 1.17.
- New upstream maintainer.
* Wed Nov 23 2005 Ville Skyttä <ville.skytta at iki.fi> - 1.16-6
- Add dependency on rgb.txt, adjust its location for FC5.
- Specfile cleanups.
* Wed Apr 6 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.16-4
- rebuilt
* Thu Jul 1 2004 Jose Pedro Oliveira <jpo at di.uminho.pt> - 0:1.16-0.fdr.3
- Reverted Image::Xbm and Image::Xpm patches.
- Patched Image::Info::XBM.pm and Image::Info::XPM.pm instead.
* Tue Jun 8 2004 Jose Pedro Oliveira <jpo at di.uminho.pt> - 0:1.16-0.fdr.2
- Patched Image::Xbm and Image::Xpm to avoid test failures in this module.
* Thu Jun 3 2004 Jose Pedro Oliveira <jpo at di.uminho.pt> - 0:1.16-0.fdr.1
- Update to version 1.16.
- Bring up to date with current fedora.us perl spec template.
* Sun Oct 12 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:1.15-0.fdr.1
- First build.
Write Preview
Loading…
Cancel
Save