gitlabhq
diff --git a/‎CHANGELOG.md
Lines changed: 23 additions & 0 deletions b/‎CHANGELOG.md
Lines changed: 23 additions & 0 deletions
diff --git a/‎config/patches/exiftool/add-license-file.patch
Lines changed: 0 additions & 396 deletions b/‎config/patches/exiftool/add-license-file.patch
Lines changed: 0 additions & 396 deletions
diff --git a/‎config/patches/exiftool/allowlist-types.patch
Lines changed: 22 additions & 16 deletions b/‎config/patches/exiftool/allowlist-types.patch
Lines changed: 22 additions & 16 deletions
@@ -3,6 +3,14 @@
 The latest version of this file can be found at the master branch of the
 omnibus-gitlab repository.
 
+## 16.4.1 (2023-09-28)
+
+### Security (3 changes)
+
+- [Mattermost Security Updates September 8, 2023](gitlab-org/security/omnibus-gitlab@1bb8795c5f91d57a4c6ca152f8725fc4750111d2) ([merge request](gitlab-org/security/omnibus-gitlab!376))
+- [Consul RCE vulnerability `enable-script-checks`](gitlab-org/security/omnibus-gitlab@af5bbe62cbd6a186df4216da2a8435b4bb7c3d9e) ([merge request](gitlab-org/security/omnibus-gitlab!375))
+- [ExifTool - Infinite loop when parsing BigTIFF files](gitlab-org/security/omnibus-gitlab@c92d41cca0a21870ccf0b0a431ef7ec97538fb22) ([merge request](gitlab-org/security/omnibus-gitlab!374))
+
 ## 16.4.0 (2023-09-21)
 
 ### Added (3 changes)
@@ -46,6 +54,14 @@ omnibus-gitlab repository.
 
 - [Enable dual namespace polling for sidekiq probe in gitlab-exporter](gitlab-org/omnibus-gitlab@6ddfb82c93158bdc25e3546625688e99cb400584) ([merge request](gitlab-org/omnibus-gitlab!7141))
 
+## 16.3.5 (2023-09-28)
+
+### Security (3 changes)
+
+- [Mattermost Security Updates September 8, 2023](gitlab-org/security/omnibus-gitlab@76f9a5dc6ea193803ba96d49498f1a6893c82802) ([merge request](gitlab-org/security/omnibus-gitlab!373))
+- [Consul RCE vulnerability `enable-script-checks`](gitlab-org/security/omnibus-gitlab@5655cd2f60eb0218409e47b32690a4647620dade) ([merge request](gitlab-org/security/omnibus-gitlab!369))
+- [ExifTool - Infinite loop when parsing BigTIFF files](gitlab-org/security/omnibus-gitlab@cbc8f7493f8954af7c4a4072d9d400629a39e2d0) ([merge request](gitlab-org/security/omnibus-gitlab!365))
+
 ## 16.3.4 (2023-09-18)
 
 No changes.
@@ -103,6 +119,13 @@ No changes.
 
 - [Enable cache to configure for Redis Cluster](gitlab-org/omnibus-gitlab@8c0aa6b59ad8be8b62e1a720cb370aadb29add05) ([merge request](gitlab-org/omnibus-gitlab!7079))
 
+## 16.2.8 (2023-09-28)
+
+### Security (2 changes)
+
+- [Consul RCE vulnerability `enable-script-checks`](gitlab-org/security/omnibus-gitlab@f94e2c4f46f032a841e32f81bc635235243e8e65) ([merge request](gitlab-org/security/omnibus-gitlab!370))
+- [ExifTool - Infinite loop when parsing BigTIFF files](gitlab-org/security/omnibus-gitlab@25a0cdebee778cbb4b9f0ed4e626914db7248e42) ([merge request](gitlab-org/security/omnibus-gitlab!366))
+
 ## 16.2.7 (2023-09-18)
 
 No changes.
 
@@ -1,28 +1,29 @@
 diff --git a/lib/Image/ExifTool.pm b/lib/Image/ExifTool.pm
-index a96cbf36..2d81ce98 100644
+index e22e73c5..855c20db 100644
 --- a/lib/Image/ExifTool.pm
 +++ b/lib/Image/ExifTool.pm
-@@ -185,17 +185,10 @@ $defaultLang = 'en';    # default language
+@@ -190,18 +190,10 @@ $defaultLang = 'en';    # default language
  # 2) Put types with weak file signatures at end of list to avoid false matches
  # 3) PLIST must be in this list for the binary PLIST format, although it may
  #    cause a file to be checked twice for XML
 -@fileTypes = qw(JPEG EXV CRW DR4 TIFF GIF MRW RAF X3F JP2 PNG MIE MIFF PS PDF
--                PSD XMP BMP BPG PPM RIFF AIFF ASF MOV MPEG Real SWF PSP FLV OGG
--                FLAC APE MPC MKV MXF DV PMP IND PGF ICC ITC FLIR FLIF FPF LFP
--                HTML VRD RTF FITS XCF DSS QTIF FPX PICT ZIP GZIP PLIST RAR BZ2
--                CZI TAR  EXE EXR HDR CHM LNK WMF AVC DEX DPX RAW Font RSRC M2TS
--                MacOS PHP PCX DCX DWF DWG DXF WTV Torrent VCard LRI R3D AA PDB
--                PFM2 MRC LIF JXL MOI ISO ALIAS JSON MP3 DICOM PCD TXT);
+-                PSD XMP BMP WPG BPG PPM RIFF AIFF ASF MOV MPEG Real SWF PSP FLV
+-                OGG FLAC APE MPC MKV MXF DV PMP IND PGF ICC ITC FLIR FLIF FPF
+-                LFP HTML VRD RTF FITS XCF DSS QTIF FPX PICT ZIP GZIP PLIST RAR
+-                7Z BZ2 CZI TAR EXE EXR HDR CHM LNK WMF AVC DEX DPX RAW Font RSRC
+-                M2TS MacOS PHP PCX DCX DWF DWG DXF WTV Torrent VCard LRI R3D AA
+-                PDB PFM2 MRC LIF JXL MOI ISO ALIAS JSON MP3 DICOM PCD ICO TXT);
 +@fileTypes = qw(JPEG TIFF);
 
  # file types that we can write (edit)
 -my @writeTypes = qw(JPEG TIFF GIF CRW MRW ORF RAF RAW PNG MIE PSD XMP PPM EPS
--                    X3F PS PDF ICC VRD DR4 JP2 JXL EXIF AI AIT IND MOV EXV FLIF);
+-                    X3F PS PDF ICC VRD DR4 JP2 JXL EXIF AI AIT IND MOV EXV FLIF
+-                    RIFF);
 +my @writeTypes = qw(JPEG TIFF);
  my %writeTypes; # lookup for writable file types (hash filled if required)
 
  # file extensions that we can't write for various base types
-@@ -214,339 +207,9 @@ my %createTypes = map { $_ => 1 } qw(XMP ICC MIE VRD DR4 EXIF EXV);
+@@ -222,344 +214,9 @@ my %createTypes = map { $_ => 1 } qw(XMP ICC MIE VRD DR4 EXIF EXV);
  # (if extension may be more than one type, the type is a list where
  #  the writable type should come first if it exists)
  %fileTypeLookup = (
@@ -32,6 +33,7 @@ index a96cbf36..2d81ce98 100644
 -   '3GP' => ['MOV',  '3rd Gen. Partnership Project audio/video'],
 -   '3GP2'=>  '3G2',
 -   '3GPP'=>  '3GP',
+-   '7Z'  => ['7Z', '7z archive'],
 -    A    => ['EXE',  'Static library'],
 -    AA   => ['AA',   'Audible Audiobook'],
 -    AAE  => ['PLIST','Apple edit information'],
@@ -69,6 +71,7 @@ index a96cbf36..2d81ce98 100644
 -    CRW  => ['CRW',  'Canon RAW format'],
 -    CS1  => ['PSD',  'Sinar CaptureShop 1-Shot RAW'],
 -    CSV  => ['TXT',  'Comma-Separated Values'],
+-    CUR  => ['ICO',  'Windows Cursor'],
 -    CZI  => ['CZI',  'Zeiss Integrated Software RAW'],
 -    DC3  =>  'DICM',
 -    DCM  =>  'DICM',
@@ -132,6 +135,7 @@ index a96cbf36..2d81ce98 100644
 -    FPF  => ['FPF',  'FLIR Public image Format'],
 -    FPX  => ['FPX',  'FlashPix'],
 -    GIF  => ['GIF',  'Compuserve Graphics Interchange Format'],
+-    GLV  => ['MOV',  'Garmin Low-resolution Video'],
 -    GPR  => ['TIFF', 'General Purpose RAW'], # https://gopro.github.io/gpr/
 -    GZ   =>  'GZIP',
 -    GZIP => ['GZIP', 'GNU ZIP compressed archive'],
@@ -145,6 +149,7 @@ index a96cbf36..2d81ce98 100644
 -    ICAL =>  'ICS',
 -    ICC  => ['ICC',  'International Color Consortium'],
 -    ICM  =>  'ICC',
+-    ICO  => ['ICO',  'Windows Icon'],
 -    ICS  => ['VCard','iCalendar Schedule'],
 -    IDML => ['ZIP',  'Adobe InDesign Markup Language'],
 -    IIQ  => ['TIFF', 'Phase One Intelligent Image Quality RAW'],
@@ -190,6 +195,7 @@ index a96cbf36..2d81ce98 100644
 -    M4B  => ['MOV',  'MPEG-4 audio Book'],
 -    M4P  => ['MOV',  'MPEG-4 Protected'],
 -    M4V  => ['MOV',  'MPEG-4 Video'],
+-    MACOS=> ['MacOS','MacOS ._ sidecar file'],
 -    MAX  => ['FPX',  '3D Studio MAX'],
 -    MEF  => ['TIFF', 'Mamiya (RAW) Electronic Format'],
 -    MIE  => ['MIE',  'Meta Information Encapsulation format'],
@@ -219,7 +225,6 @@ index a96cbf36..2d81ce98 100644
 -    NEF  => ['TIFF', 'Nikon (RAW) Electronic Format'],
 -    NEWER => 'COS',
 -    NKSC => ['XMP',  'Nikon Sidecar'],
--
 -    NMBTEMPLATE => ['ZIP','Apple Numbers Template'],
 -    NRW  => ['TIFF', 'Nikon RAW (2)'],
 -    NUMBERS => ['ZIP','Apple Numbers spreadsheet'],
@@ -331,6 +336,7 @@ index a96cbf36..2d81ce98 100644
 -    VCARD=> ['VCard','Virtual Card'],
 -    VCF  => 'VCARD',
 -    VOB  => ['MPEG', 'Video Object'],
+-    VNT  => [['FPX','VCard'], 'Scene7 Vignette or V-Note text file'],
 -    VRD  => ['VRD',  'Canon VRD Recipe Data'],
 -    VSD  => ['FPX',  'Microsoft Visio Drawing'],
 -    WAV  => ['RIFF', 'WAVeform (Windows digital audio)'],
@@ -342,7 +348,6 @@ index a96cbf36..2d81ce98 100644
 -    WMV  => ['ASF',  'Windows Media Video'],
 -    WV   => ['RIFF', 'WavePack lossless audio'],
 -    X3F  => ['X3F',  'Sigma RAW format'],
--    MACOS=> ['MacOS','MacOS ._ sidecar file'],
 -    XCF  => ['XCF',  'GIMP native image format'],
 -    XHTML=> ['HTML', 'Extensible HyperText Markup Language'],
 -    XLA  => ['FPX',  'Microsoft Excel Add-in'],
@@ -357,14 +362,15 @@ index a96cbf36..2d81ce98 100644
 -    XMP  => ['XMP',  'Extensible Metadata Platform'],
 -    WOFF => ['Font', 'Web Open Font Format'],
 -    WOFF2=> ['Font', 'Web Open Font Format2'],
+-    WPG  => ['WPG',  'WordPerfect Graphics'],
 -    WTV  => ['WTV',  'Windows recorded TV show'],
 -    ZIP  => ['ZIP',  'ZIP archive'],
  );
 
  # typical extension for each file type (if different than FileType)
 diff --git a/lib/Image/ExifTool/AIFF.pm b/lib/Image/ExifTool/AIFF.pm
 deleted file mode 100644
-index 3fe6c4a6..00000000
+index a862a0de..00000000
 --- a/lib/Image/ExifTool/AIFF.pm
 +++ /dev/null
@@ -1,312 +0,0 @@
@@ -388,7 +394,7 @@ index 3fe6c4a6..00000000
 -use Image::ExifTool qw(:DataAccess :Utils);
 -use Image::ExifTool::ID3;
 -
--$VERSION = '1.11';
+-$VERSION = '1.12';
 -
 -# information for time/date-based tags (time zero is Jan 1, 1904)
 -my %timeInfo = (
@@ -573,7 +579,7 @@ index 3fe6c4a6..00000000
 -        return 1 if $fast3;
 -        $tagTablePtr = GetTagTable('Image::ExifTool::DjVu::Main');
 -        # modify FileType to indicate a multi-page document
--        $$et{VALUE}{FileType} .= " (multi-page)" if $buf2 eq 'DJVM';
+-        $$et{VALUE}{FileType} .= " (multi-page)" if $buf2 eq 'DJVM' and $$et{VALUE}{FileType};
 -        $type = 'DjVu';
 -    } else {
 -        return 0 unless $buff =~ /^FORM....(AIF(F|C))/s;
@@ -657,7 +663,7 @@ index 3fe6c4a6..00000000
 -
 -=head1 AUTHOR
 -
--Copyright 2003-2022, Phil Harvey (philharvey66 at gmail.com)
+-Copyright 2003-2023, Phil Harvey (philharvey66 at gmail.com)
 -
 -This library is free software; you can redistribute it and/or modify it
 -under the same terms as Perl itself.