diff --git a/SOURCES/exiv2-CVE-2020-18898.patch b/SOURCES/exiv2-CVE-2020-18898.patch new file mode 100644 index 0000000..39b12da --- /dev/null +++ b/SOURCES/exiv2-CVE-2020-18898.patch @@ -0,0 +1,280 @@ +diff --git a/src/exiv2.cpp b/src/exiv2.cpp +index dbd2834..75c6fc2 100644 +--- a/src/exiv2.cpp ++++ b/src/exiv2.cpp +@@ -593,41 +593,79 @@ int Params::evalPrint(const std::string& optarg) + { + int rc = 0; + switch (action_) { +- case Action::none: +- switch (optarg[0]) { +- case 's': action_ = Action::print; printMode_ = pmSummary; break; +- case 'a': rc = evalPrintFlags("kyct"); break; +- case 'e': rc = evalPrintFlags("Ekycv"); break; +- case 't': rc = evalPrintFlags("Ekyct"); break; +- case 'v': rc = evalPrintFlags("Exgnycv"); break; +- case 'h': rc = evalPrintFlags("Exgnycsh"); break; +- case 'i': rc = evalPrintFlags("Ikyct"); break; +- case 'x': rc = evalPrintFlags("Xkyct"); break; +- case 'c': action_ = Action::print; printMode_ = pmComment ; break; +- case 'p': action_ = Action::print; printMode_ = pmPreview ; break; +- case 'C': action_ = Action::print; printMode_ = pmIccProfile ; break; +- case 'R': action_ = Action::print; printMode_ = pmRecursive ; break; +- case 'S': action_ = Action::print; printMode_ = pmStructure ; break; +- case 'X': action_ = Action::print; printMode_ = pmXMP ; break; ++ case Action::none: ++ switch (optarg[0]) { ++ case 's': ++ action_ = Action::print; ++ printMode_ = pmSummary; ++ break; ++ case 'a': ++ rc = evalPrintFlags("kyct"); ++ break; ++ case 'e': ++ rc = evalPrintFlags("Ekycv"); ++ break; ++ case 't': ++ rc = evalPrintFlags("Ekyct"); ++ break; ++ case 'v': ++ rc = evalPrintFlags("Exgnycv"); ++ break; ++ case 'h': ++ rc = evalPrintFlags("Exgnycsh"); ++ break; ++ case 'i': ++ rc = evalPrintFlags("Ikyct"); ++ break; ++ case 'x': ++ rc = evalPrintFlags("Xkyct"); ++ break; ++ case 'c': ++ action_ = Action::print; ++ printMode_ = pmComment; ++ break; ++ case 'p': ++ action_ = Action::print; ++ printMode_ = pmPreview; ++ break; ++ case 'C': ++ action_ = Action::print; ++ printMode_ = pmIccProfile; ++ break; ++ case 'R': ++ #ifdef NDEBUG ++ std::cerr << progname() << ": " << _("Action not available in Release mode") ++ << ": '" << optarg << "'\n"; ++ rc = 1; ++ #else ++ action_ = Action::print; ++ printMode_ = pmRecursive; ++ #endif ++ break; ++ case 'S': ++ action_ = Action::print; ++ printMode_ = pmStructure; ++ break; ++ case 'X': ++ action_ = Action::print; ++ printMode_ = pmXMP; ++ break; ++ default: ++ std::cerr << progname() << ": " << _("Unrecognized print mode") << " `" << optarg << "'\n"; ++ rc = 1; ++ break; ++ } ++ break; ++ case Action::print: ++ std::cerr << progname() << ": " << _("Ignoring surplus option -p") << optarg << "\n"; ++ break; + default: +- std::cerr << progname() << ": " << _("Unrecognized print mode") << " `" +- << optarg << "'\n"; ++ std::cerr << progname() << ": " << _("Option -p is not compatible with a previous option\n"); + rc = 1; + break; +- } +- break; +- case Action::print: +- std::cerr << progname() << ": " +- << _("Ignoring surplus option -p") << optarg << "\n"; +- break; +- default: +- std::cerr << progname() << ": " +- << _("Option -p is not compatible with a previous option\n"); +- rc = 1; +- break; + } + return rc; +-} // Params::evalPrint ++} // Params::evalPrint + + int Params::evalPrintFlags(const std::string& optarg) + { +diff --git a/test/data/webp-test.out b/test/data/webp-test.out +index e92a844..eec850d 100644 +--- a/test/data/webp-test.out ++++ b/test/data/webp-test.out +@@ -1,149 +1,3 @@ +-STRUCTURE OF WEBP FILE: exiv2-bug1199.webp +- Chunk | Length | Offset | Payload +- RIFF | 187526 | 0 | WEBP +- VP8X | 10 | 12 | ,........ +- ICCP | 560 | 30 | ...0ADBE....mntrRGB XYZ ........ +- VP8 | 172008 | 598 | .G...*.. .>1..B.!..o.. ......].. +- EXIF | 12040 | 172614 | II*........................... . +- XMP | 2864 | 184662 | 1..B.!..o.. ......].. +- EXIF | 12040 | 172614 | II*........................... . +- STRUCTURE OF TIFF FILE (II): MemIo +- address | tag | type | count | offset | value +- 10 | 0x0100 ImageWidth | LONG | 1 | 1200 | 1200 +- 22 | 0x0101 ImageLength | LONG | 1 | 800 | 800 +- 34 | 0x0102 BitsPerSample | SHORT | 3 | 194 | 8 8 8 +- 46 | 0x010e ImageDescription | ASCII | 37 | 200 | ... +- 58 | 0x010f Make | ASCII | 18 | 238 | NIKON CORPORATION +- 70 | 0x0110 Model | ASCII | 12 | 256 | NIKON D5300 +- 82 | 0x0112 Orientation | SHORT | 1 | 1 | 1 +- 94 | 0x011a XResolution | RATIONAL | 1 | 268 | 300/1 +- 106 | 0x011b YResolution | RATIONAL | 1 | 276 | 300/1 +- 118 | 0x0128 ResolutionUnit | SHORT | 1 | 2 | 2 +- 130 | 0x0131 Software | ASCII | 11 | 284 | GIMP 2.9.5 +- 142 | 0x0132 DateTime | ASCII | 20 | 296 | 2016:08:13 10:54:16 +- 154 | 0x0213 YCbCrPositioning | SHORT | 1 | 1 | 1 +- 166 | 0x8769 ExifTag | LONG | 1 | 316 | 316 +- STRUCTURE OF TIFF FILE (II): MemIo +- address | tag | type | count | offset | value +- 318 | 0x829a ExposureTime | RATIONAL | 1 | 814 | 10/4000 +- 330 | 0x829d FNumber | RATIONAL | 1 | 822 | 100/10 +- 342 | 0x8822 ExposureProgram | SHORT | 1 | 0 | 0 +- 354 | 0x8827 ISOSpeedRatings | SHORT | 1 | 200 | 200 +- 366 | 0x8830 SensitivityType | SHORT | 1 | 2 | 2 +- 378 | 0x9000 ExifVersion | UNDEFINED | 4 | 808661552 | 0230 +- 390 | 0x9003 DateTimeOriginal | ASCII | 20 | 830 | 2015:07:16 15:38:54 +- 402 | 0x9004 DateTimeDigitized | ASCII | 20 | 850 | 2015:07:16 15:38:54 +- 414 | 0x9101 ComponentsConfiguration | UNDEFINED | 4 | 197121 | ... +- 426 | 0x9102 CompressedBitsPerPixel | RATIONAL | 1 | 870 | 2/1 +- 438 | 0x9204 ExposureBiasValue | SRATIONAL | 1 | 878 | 0/6 +- 450 | 0x9205 MaxApertureValue | RATIONAL | 1 | 886 | 43/10 +- 462 | 0x9207 MeteringMode | SHORT | 1 | 5 | 5 +- 474 | 0x9208 LightSource | SHORT | 1 | 0 | 0 +- 486 | 0x9209 Flash | SHORT | 1 | 16 | 16 +- 498 | 0x920a FocalLength | RATIONAL | 1 | 894 | 440/10 +- 510 | 0x927c MakerNote | UNDEFINED | 3826 | 902 | Nikon.....II*.....9.+...$...... ... +- STRUCTURE OF TIFF FILE (II): MemIo +- address | tag | type | count | offset | value +- 10 | 0x002b | ASCII | 36 | 698 | 48 49 48 48 0 0 2 0 0 0 0 0 0 0 ... +- 22 | 0x002c | ASCII | 1157 | 734 | 48 49 48 49 35 0 128 2 170 1 0 0 ... +- 34 | 0x002d | ASCII | 8 | 1892 | 512 0 0 +- 46 | 0x0032 | ASCII | 20 | 1900 | 48 49 48 48 1 0 0 0 +- 58 | 0x0035 | ASCII | 16 | 1920 | 48 50 48 48 0 0 +- 70 | 0x003b | ASCII | 32 | 1936 | 256/256 256/256 256/256 256/256 +- 82 | 0x003c | ASCII | 2 | 49 | 1 +- 94 | 0x009d | ASCII | 2 | 48 | 0 +- 106 | 0x00a3 | BYTE | 1 | 0 | +- 118 | 0x00b6 | ASCII | 16 | 1968 | 0 0 0 0 0 0 0 0 +- 130 | 0x00bb | ASCII | 26 | 1984 | 48 50 48 48 255 255 255 0 +- 142 | 0x00bf | ASCII | 2 | 48 | 0 +- 154 | 0x00c0 | ASCII | 21 | 2010 | 60 1 12 0 144 1 12 0 +- 166 | 0x0022 | SHORT | 1 | 65535 | 65535 +- 178 | 0x008a | SHORT | 1 | 1 | 1 +- 190 | 0x001e GPSDifferential | SHORT | 1 | 1 | 1 +- 202 | 0x001b GPSProcessingMethod | SHORT | 7 | 2032 | 0 6016 4016 6016 4016 ... +- 214 | 0x0019 GPSDestDistanceRef | SRATIONAL | 1 | 2046 | 0/6 +- 226 | 0x000e GPSTrackRef | UNDEFINED | 4 | 786688 | ... +- 238 | 0x001c GPSAreaInformation | SHORT | 3 | 2054 | 0 1 6 +- 250 | 0x0018 GPSDestBearing | UNDEFINED | 4 | 393472 | ... +- 262 | 0x0012 GPSMapDatum | UNDEFINED | 4 | 393472 | ... +- 274 | 0x0009 GPSStatus | ASCII | 20 | 2060 | +- 286 | 0x0017 GPSDestBearingRef | UNDEFINED | 4 | 393472 | ... +- 298 | 0x00a8 | UNDEFINED | 49 | 2080 | 0106........................... ... +- 310 | 0x0087 | BYTE | 1 | 0 | +- 322 | 0x0008 FlashSetting | ASCII | 13 | 2130 | +- 334 | 0x0007 Focus | ASCII | 7 | 2144 | AF-A +- 346 | 0x00b1 | SHORT | 1 | 4 | 4 +- 358 | 0x0013 GPSDestLatitudeRef | SHORT | 2 | 13107200 | 0 200 +- 370 | 0x0002 ISOSpeed | SHORT | 2 | 13107200 | 0 200 +- 382 | 0x0016 GPSDestLongitude | SHORT | 4 | 2152 | 0 0 6000 4000 +- 394 | 0x00a2 | LONG | 1 | 6173648 | 6173648 +- 406 | 0x0084 | RATIONAL | 4 | 2160 | 180/10 2500/10 35/10 63/10 +- 418 | 0x008b | UNDEFINED | 4 | 786743 | 7.. +- 430 | 0x0083 | BYTE | 1 | 14 | . +- 442 | 0x0095 | ASCII | 5 | 2192 | OFF +- 454 | 0x000d GPSSpeed | UNDEFINED | 4 | 393472 | ... +- 466 | 0x0004 Quality | ASCII | 8 | 2198 | NORMAL +- 478 | 0x009e | SHORT | 10 | 2206 | 0 0 0 0 0 ... +- 490 | 0x001d GPSDateStamp | ASCII | 8 | 2226 | 2567806 +- 502 | 0x0089 | SHORT | 1 | 0 | 0 +- 514 | 0x00a7 | LONG | 1 | 9608 | 9608 +- 526 | 0x00ab | ASCII | 16 | 2234 | AUTO(FLASH OFF) +- 538 | 0x0001 Version | UNDEFINED | 4 | 825307696 | 0211 +- 550 | 0x000c GPSSpeedRef | RATIONAL | 4 | 2250 | 538/256 354/256 256/256 256/256 +- 562 | 0x0005 WhiteBalance | ASCII | 13 | 2282 | AUTO +- 574 | 0x000b ProcessingSoftware | SSHORT | 2 | 0 | 0 0 +- 586 | 0x00b7 | UNDEFINED | 30 | 2296 | 0100....i.................... +- 598 | 0x0097 | UNDEFINED | 1188 | 2326 | 0219.dU....W..2......:.......F.# ... +- 610 | 0x00b8 | UNDEFINED | 172 | 3514 | 0100..e........................ ... +- 622 | 0x0025 | UNDEFINED | 14 | 3686 | H.....H...... +- 634 | 0x0098 | UNDEFINED | 33 | 3700 | 0204.W....z.o..#[.....!o.x..E... ... +- 646 | 0x00b0 | UNDEFINED | 16 | 3734 | 0100........... +- 658 | 0x0023 | UNDEFINED | 58 | 3750 | 0100STANDARD............STANDARD ... +- 670 | 0x001f | UNDEFINED | 8 | 3808 | 0100... +- 682 | 0x0024 | UNDEFINED | 4 | 65536 | ... +- END MemIo +- 522 | 0x9286 UserComment | UNDEFINED | 44 | 4728 | ........ ... +- 534 | 0x9290 SubSecTime | ASCII | 3 | 12336 | 00 +- 546 | 0x9291 SubSecTimeOriginal | ASCII | 3 | 12336 | 00 +- 558 | 0x9292 SubSecTimeDigitized | ASCII | 3 | 12336 | 00 +- 570 | 0xa000 FlashpixVersion | UNDEFINED | 4 | 808464688 | 0100 +- 582 | 0xa001 ColorSpace | SHORT | 1 | 1 | 1 +- 594 | 0xa002 PixelXDimension | LONG | 1 | 6000 | 6000 +- 606 | 0xa003 PixelYDimension | LONG | 1 | 4000 | 4000 +- 618 | 0xa217 SensingMethod | SHORT | 1 | 2 | 2 +- 630 | 0xa300 FileSource | UNDEFINED | 1 | 3 | . +- 642 | 0xa301 SceneType | UNDEFINED | 1 | 1 | . +- 654 | 0xa302 CFAPattern | UNDEFINED | 8 | 4772 | ........ +- 666 | 0xa401 CustomRendered | SHORT | 1 | 0 | 0 +- 678 | 0xa402 ExposureMode | SHORT | 1 | 0 | 0 +- 690 | 0xa403 WhiteBalance | SHORT | 1 | 0 | 0 +- 702 | 0xa404 DigitalZoomRatio | RATIONAL | 1 | 4780 | 1/1 +- 714 | 0xa405 FocalLengthIn35mmFilm | SHORT | 1 | 66 | 66 +- 726 | 0xa406 SceneCaptureType | SHORT | 1 | 0 | 0 +- 738 | 0xa407 GainControl | SHORT | 1 | 0 | 0 +- 750 | 0xa408 Contrast | SHORT | 1 | 0 | 0 +- 762 | 0xa409 Saturation | SHORT | 1 | 0 | 0 +- 774 | 0xa40a Sharpness | SHORT | 1 | 0 | 0 +- 786 | 0xa40c SubjectDistanceRange | SHORT | 1 | 0 | 0 +- 798 | 0xa420 ImageUniqueID | ASCII | 33 | 4788 | 090caaf2c085f3e102513b24750041aa ... +- END MemIo +- 178 | 0x8825 GPSTag | LONG | 1 | 4822 | 4822 +- 5072 | 0x0100 ImageWidth | LONG | 1 | 256 | 256 +- 5084 | 0x0101 ImageLength | LONG | 1 | 170 | 170 +- 5096 | 0x0102 BitsPerSample | SHORT | 3 | 5172 | 8 8 8 +- 5108 | 0x0103 Compression | SHORT | 1 | 6 | 6 +- 5120 | 0x0106 PhotometricInterpretation | SHORT | 1 | 6 | 6 +- 5132 | 0x0115 SamplesPerPixel | SHORT | 1 | 3 | 3 +- 5144 | 0x0201 JPEGInterchangeFormat | LONG | 1 | 5178 | 5178 +- 5156 | 0x0202 JPEGInterchangeFormatLeng | LONG | 1 | 6861 | 6861 +- END MemIo +- XMP | 2864 | 184662 | + + +diff --git a/test/webp-test.sh b/test/webp-test.sh +index 04ffe19..9c53293 100755 +--- a/test/webp-test.sh ++++ b/test/webp-test.sh +@@ -14,7 +14,6 @@ source ./functions.source + + copyTestFile $filename + runTest exiv2 -pS $filename +- runTest exiv2 -pR $filename + runTest exiv2 -pX $filename | xmllint --format - + printf "delete " >&3 + # test deleting metadata diff --git a/SPECS/compat-exiv2-026.spec b/SPECS/compat-exiv2-026.spec index c45a864..5a9bfa8 100644 --- a/SPECS/compat-exiv2-026.spec +++ b/SPECS/compat-exiv2-026.spec @@ -1,6 +1,6 @@ Name: compat-exiv2-026 Version: 0.26 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Compatibility package with the exiv2 library in version 0.26 License: GPLv2+ @@ -36,6 +36,7 @@ Patch28: exiv2-CVE-2021-31291.patch Patch29: exiv2-CVE-2021-31292.patch Patch30: exiv2-CVE-2021-37618.patch Patch31: exiv2-CVE-2021-37619.patch +Patch32: exiv2-CVE-2020-18898.patch ## upstreamable patches @@ -100,6 +101,10 @@ rm -rf mv %{buildroot}%{_libdir}/libexiv2.so %changelog +* Wed Oct 13 2021 Jan Grulich - 0.26-7 +- Fix stack exhaustion issue in the printIFDStructure function + Resolves: bz#2003669 + * Wed Aug 18 2021 Jan Grulich - 0.26-6 - Fix out-of-bounds read in Exiv2::Jp2Image::printStructure Resolves: bz#1993283