You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@drill.apache.org by cg...@apache.org on 2022/03/25 18:28:27 UTC

[drill] branch master updated: DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613 (#2493)

This is an automated email from the ASF dual-hosted git repository.

cgivre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/drill.git


The following commit(s) were added to refs/heads/master by this push:
     new 218caeb  DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613 (#2493)
218caeb is described below

commit 218caeb942181f5d9901c33ec1c5fad3b54bf0fb
Author: luoc <lu...@apache.org>
AuthorDate: Sat Mar 26 02:28:20 2022 +0800

    DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613 (#2493)
    
    * DRILL-8164: Upgrade metadata-extractor because of CVE-2022-24613
    
    * Update the ProfileCopyright tag name
    
    * Update the mov format name
    
    * Add the QuickTime.Rotation tag
    
    * Bump metadata-extractor to 2.17.0
---
 contrib/format-image/pom.xml                                   |  1 +
 .../apache/drill/exec/store/image/GenericMetadataReader.java   | 10 +++++-----
 contrib/format-image/src/test/resources/image/eps.json         |  2 +-
 contrib/format-image/src/test/resources/image/jpeg.json        |  2 +-
 contrib/format-image/src/test/resources/image/mov.json         |  5 +++--
 contrib/format-image/src/test/resources/image/tiff.json        |  2 +-
 pom.xml                                                        |  6 ------
 7 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/contrib/format-image/pom.xml b/contrib/format-image/pom.xml
index 7b68a19..a6f7127 100644
--- a/contrib/format-image/pom.xml
+++ b/contrib/format-image/pom.xml
@@ -39,6 +39,7 @@
     <dependency>
       <groupId>com.drewnoakes</groupId>
       <artifactId>metadata-extractor</artifactId>
+      <version>2.17.0</version>
     </dependency>
 
     <!-- Test dependencies -->
diff --git a/contrib/format-image/src/main/java/org/apache/drill/exec/store/image/GenericMetadataReader.java b/contrib/format-image/src/main/java/org/apache/drill/exec/store/image/GenericMetadataReader.java
index 4268fcf..3598658 100644
--- a/contrib/format-image/src/main/java/org/apache/drill/exec/store/image/GenericMetadataReader.java
+++ b/contrib/format-image/src/main/java/org/apache/drill/exec/store/image/GenericMetadataReader.java
@@ -145,17 +145,17 @@ public class GenericMetadataReader
           try {
             int numOfComponent = 1;
             int colorType = pngDir.getInt(PngDirectory.TAG_COLOR_TYPE);
-            if (colorType == PngColorType.IndexedColor.getNumericValue()) {
+            if (colorType == PngColorType.INDEXED_COLOR.getNumericValue()) {
               directory.setColorMode("Indexed");
-            } else if (colorType == PngColorType.Greyscale.getNumericValue()) {
+            } else if (colorType == PngColorType.GREYSCALE.getNumericValue()) {
               directory.setColorMode("Grayscale");
-            } else if (colorType == PngColorType.GreyscaleWithAlpha.getNumericValue()) {
+            } else if (colorType == PngColorType.GREYSCALE_WITH_ALPHA.getNumericValue()) {
               numOfComponent = 2;
               directory.setColorMode("Grayscale");
               directory.setAlpha(true);
-            } else if (colorType == PngColorType.TrueColor.getNumericValue()) {
+            } else if (colorType == PngColorType.TRUE_COLOR.getNumericValue()) {
               numOfComponent = 3;
-            } else if (colorType == PngColorType.TrueColorWithAlpha.getNumericValue()) {
+            } else if (colorType == PngColorType.TRUE_COLOR_WITH_ALPHA.getNumericValue()) {
               numOfComponent = 4;
               directory.setAlpha(true);
             }
diff --git a/contrib/format-image/src/test/resources/image/eps.json b/contrib/format-image/src/test/resources/image/eps.json
index 0a5c441..4895c2a 100644
--- a/contrib/format-image/src/test/resources/image/eps.json
+++ b/contrib/format-image/src/test/resources/image/eps.json
@@ -62,7 +62,7 @@
     "RenderingIntent" : "Media-Relative Colorimetric",
     "XYZValues" : "0.964 1 0.825",
     "TagCount" : "10",
-    "Copyright" : "(c) 1999 Adobe Systems Inc.",
+    "ProfileCopyright" : "(c) 1999 Adobe Systems Inc.",
     "ProfileDescription" : "GBR",
     "MediaWhitePoint" : "(0.9505, 1, 1.0891)",
     "MediaBlackPoint" : "(0, 0, 0)",
diff --git a/contrib/format-image/src/test/resources/image/jpeg.json b/contrib/format-image/src/test/resources/image/jpeg.json
index 6963a30..6d590ef 100644
--- a/contrib/format-image/src/test/resources/image/jpeg.json
+++ b/contrib/format-image/src/test/resources/image/jpeg.json
@@ -141,7 +141,7 @@
     "DeviceModel" : "sRGB",
     "XYZValues" : "0.964 1 0.825",
     "TagCount" : "17",
-    "Copyright" : "Copyright (c) 1998 Hewlett-Packard Company",
+    "ProfileCopyright" : "Copyright (c) 1998 Hewlett-Packard Company",
     "ProfileDescription" : "sRGB IEC61966-2.1",
     "MediaWhitePoint" : "(0.9505, 1, 1.0891)",
     "MediaBlackPoint" : "(0, 0, 0)",
diff --git a/contrib/format-image/src/test/resources/image/mov.json b/contrib/format-image/src/test/resources/image/mov.json
index b3c338f..6cb445b 100644
--- a/contrib/format-image/src/test/resources/image/mov.json
+++ b/contrib/format-image/src/test/resources/image/mov.json
@@ -1,5 +1,5 @@
 {
-  "Format" : "MOV",
+  "Format" : "QUICKTIME",
   "Duration" : "01:32:3650",
   "PixelWidth" : "560",
   "PixelHeight" : "320",
@@ -31,7 +31,8 @@
     "SelectionTime" : "0",
     "SelectionDuration" : "0",
     "CurrentTime" : "0",
-    "NextTrackID" : "3"
+    "NextTrackID" : "3",
+    "Rotation" : "0"
   },
   "QuickTimeVideo" : {
     "CreationTime" : "Fri Jan 01 00:00:00 +00:00 1904",
diff --git a/contrib/format-image/src/test/resources/image/tiff.json b/contrib/format-image/src/test/resources/image/tiff.json
index 7293452..e48a8ce 100644
--- a/contrib/format-image/src/test/resources/image/tiff.json
+++ b/contrib/format-image/src/test/resources/image/tiff.json
@@ -114,7 +114,7 @@
     "DeviceModel" : "sRGB",
     "XYZValues" : "0.964 1 0.825",
     "TagCount" : "17",
-    "Copyright" : "Copyright (c) 1998 Hewlett-Packard Company",
+    "ProfileCopyright" : "Copyright (c) 1998 Hewlett-Packard Company",
     "ProfileDescription" : "sRGB IEC61966-2.1",
     "MediaWhitePoint" : "(0.9505, 1, 1.0891)",
     "MediaBlackPoint" : "(0, 0, 0)",
diff --git a/pom.xml b/pom.xml
index d4d8f7e..6253524 100644
--- a/pom.xml
+++ b/pom.xml
@@ -130,7 +130,6 @@
     <testcontainers.version>1.16.3</testcontainers.version>
     <typesafe.config.version>1.0.0</typesafe.config.version>
     <commons.codec.version>1.14</commons.codec.version>
-    <metadata.extractor.version>2.13.0</metadata.extractor.version>
     <xalan.version>2.7.2</xalan.version>
     <xerces.version>2.12.2</xerces.version>
     <commons.configuration.version>1.10</commons.configuration.version>
@@ -2047,11 +2046,6 @@
         <version>${snakeyaml.version}</version>
       </dependency>
       <dependency>
-        <groupId>com.drewnoakes</groupId>
-        <artifactId>metadata-extractor</artifactId>
-        <version>${metadata.extractor.version}</version>
-      </dependency>
-      <dependency>
         <groupId>xerces</groupId>
         <artifactId>xercesImpl</artifactId>
         <version>${xerces.version}</version>