You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@drill.apache.org by cg...@apache.org on 2022/03/25 18:28:27 UTC
[drill] branch master updated: DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613 (#2493)
This is an automated email from the ASF dual-hosted git repository.
cgivre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/drill.git
The following commit(s) were added to refs/heads/master by this push:
new 218caeb DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613 (#2493)
218caeb is described below
commit 218caeb942181f5d9901c33ec1c5fad3b54bf0fb
Author: luoc <lu...@apache.org>
AuthorDate: Sat Mar 26 02:28:20 2022 +0800
DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613 (#2493)
* DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613
* Update the ProfileCopyright tag name
* Update the mov format name
* Add the QuickTime.Rotation tag
* Bump metadata-extractor to 2.17.0
---
contrib/format-image/pom.xml | 1 +
.../apache/drill/exec/store/image/GenericMetadataReader.java | 10 +++++-----
contrib/format-image/src/test/resources/image/eps.json | 2 +-
contrib/format-image/src/test/resources/image/jpeg.json | 2 +-
contrib/format-image/src/test/resources/image/mov.json | 5 +++--
contrib/format-image/src/test/resources/image/tiff.json | 2 +-
pom.xml | 6 ------
7 files changed, 12 insertions(+), 16 deletions(-)
diff --git a/contrib/format-image/pom.xml b/contrib/format-image/pom.xml
index 7b68a19..a6f7127 100644
--- a/contrib/format-image/pom.xml
+++ b/contrib/format-image/pom.xml
@@ -39,6 +39,7 @@
<dependency>
<groupId>com.drewnoakes</groupId>
<artifactId>metadata-extractor</artifactId>
+ <version>2.17.0</version>
</dependency>
<!-- Test dependencies -->
diff --git a/contrib/format-image/src/main/java/org/apache/drill/exec/store/image/GenericMetadataReader.java b/contrib/format-image/src/main/java/org/apache/drill/exec/store/image/GenericMetadataReader.java
index 4268fcf..3598658 100644
--- a/contrib/format-image/src/main/java/org/apache/drill/exec/store/image/GenericMetadataReader.java
+++ b/contrib/format-image/src/main/java/org/apache/drill/exec/store/image/GenericMetadataReader.java
@@ -145,17 +145,17 @@ public class GenericMetadataReader
try {
int numOfComponent = 1;
int colorType = pngDir.getInt(PngDirectory.TAG_COLOR_TYPE);
- if (colorType == PngColorType.IndexedColor.getNumericValue()) {
+ if (colorType == PngColorType.INDEXED_COLOR.getNumericValue()) {
directory.setColorMode("Indexed");
- } else if (colorType == PngColorType.Greyscale.getNumericValue()) {
+ } else if (colorType == PngColorType.GREYSCALE.getNumericValue()) {
directory.setColorMode("Grayscale");
- } else if (colorType == PngColorType.GreyscaleWithAlpha.getNumericValue()) {
+ } else if (colorType == PngColorType.GREYSCALE_WITH_ALPHA.getNumericValue()) {
numOfComponent = 2;
directory.setColorMode("Grayscale");
directory.setAlpha(true);
- } else if (colorType == PngColorType.TrueColor.getNumericValue()) {
+ } else if (colorType == PngColorType.TRUE_COLOR.getNumericValue()) {
numOfComponent = 3;
- } else if (colorType == PngColorType.TrueColorWithAlpha.getNumericValue()) {
+ } else if (colorType == PngColorType.TRUE_COLOR_WITH_ALPHA.getNumericValue()) {
numOfComponent = 4;
directory.setAlpha(true);
}
diff --git a/contrib/format-image/src/test/resources/image/eps.json b/contrib/format-image/src/test/resources/image/eps.json
index 0a5c441..4895c2a 100644
--- a/contrib/format-image/src/test/resources/image/eps.json
+++ b/contrib/format-image/src/test/resources/image/eps.json
@@ -62,7 +62,7 @@
"RenderingIntent" : "Media-Relative Colorimetric",
"XYZValues" : "0.964 1 0.825",
"TagCount" : "10",
- "Copyright" : "(c) 1999 Adobe Systems Inc.",
+ "ProfileCopyright" : "(c) 1999 Adobe Systems Inc.",
"ProfileDescription" : "GBR",
"MediaWhitePoint" : "(0.9505, 1, 1.0891)",
"MediaBlackPoint" : "(0, 0, 0)",
diff --git a/contrib/format-image/src/test/resources/image/jpeg.json b/contrib/format-image/src/test/resources/image/jpeg.json
index 6963a30..6d590ef 100644
--- a/contrib/format-image/src/test/resources/image/jpeg.json
+++ b/contrib/format-image/src/test/resources/image/jpeg.json
@@ -141,7 +141,7 @@
"DeviceModel" : "sRGB",
"XYZValues" : "0.964 1 0.825",
"TagCount" : "17",
- "Copyright" : "Copyright (c) 1998 Hewlett-Packard Company",
+ "ProfileCopyright" : "Copyright (c) 1998 Hewlett-Packard Company",
"ProfileDescription" : "sRGB IEC61966-2.1",
"MediaWhitePoint" : "(0.9505, 1, 1.0891)",
"MediaBlackPoint" : "(0, 0, 0)",
diff --git a/contrib/format-image/src/test/resources/image/mov.json b/contrib/format-image/src/test/resources/image/mov.json
index b3c338f..6cb445b 100644
--- a/contrib/format-image/src/test/resources/image/mov.json
+++ b/contrib/format-image/src/test/resources/image/mov.json
@@ -1,5 +1,5 @@
{
- "Format" : "MOV",
+ "Format" : "QUICKTIME",
"Duration" : "01:32:3650",
"PixelWidth" : "560",
"PixelHeight" : "320",
@@ -31,7 +31,8 @@
"SelectionTime" : "0",
"SelectionDuration" : "0",
"CurrentTime" : "0",
- "NextTrackID" : "3"
+ "NextTrackID" : "3",
+ "Rotation" : "0"
},
"QuickTimeVideo" : {
"CreationTime" : "Fri Jan 01 00:00:00 +00:00 1904",
diff --git a/contrib/format-image/src/test/resources/image/tiff.json b/contrib/format-image/src/test/resources/image/tiff.json
index 7293452..e48a8ce 100644
--- a/contrib/format-image/src/test/resources/image/tiff.json
+++ b/contrib/format-image/src/test/resources/image/tiff.json
@@ -114,7 +114,7 @@
"DeviceModel" : "sRGB",
"XYZValues" : "0.964 1 0.825",
"TagCount" : "17",
- "Copyright" : "Copyright (c) 1998 Hewlett-Packard Company",
+ "ProfileCopyright" : "Copyright (c) 1998 Hewlett-Packard Company",
"ProfileDescription" : "sRGB IEC61966-2.1",
"MediaWhitePoint" : "(0.9505, 1, 1.0891)",
"MediaBlackPoint" : "(0, 0, 0)",
diff --git a/pom.xml b/pom.xml
index d4d8f7e..6253524 100644
--- a/pom.xml
+++ b/pom.xml
@@ -130,7 +130,6 @@
<testcontainers.version>1.16.3</testcontainers.version>
<typesafe.config.version>1.0.0</typesafe.config.version>
<commons.codec.version>1.14</commons.codec.version>
- <metadata.extractor.version>2.13.0</metadata.extractor.version>
<xalan.version>2.7.2</xalan.version>
<xerces.version>2.12.2</xerces.version>
<commons.configuration.version>1.10</commons.configuration.version>
@@ -2047,11 +2046,6 @@
<version>${snakeyaml.version}</version>
</dependency>
<dependency>
- <groupId>com.drewnoakes</groupId>
- <artifactId>metadata-extractor</artifactId>
- <version>${metadata.extractor.version}</version>
- </dependency>
- <dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>${xerces.version}</version>