import CS exempi-2.4.5-4.el8

2024-03-27 19:38:32 +00:00 · 2024-03-27 19:38:32 +00:00 · 124176420c
parent acd026eae6
commit 124176420c
3 changed files with 92 additions and 1 deletions
--- a/SOURCES/0001-CVE-2020-18651-Issue-13-Fix-a-buffer-a-overflow-in-I.patch
+++ b/SOURCES/0001-CVE-2020-18651-Issue-13-Fix-a-buffer-a-overflow-in-I.patch
@ -0,0 +1,41 @@
+From 4f583ff12989f7cea1f81bd2751c321030f1bdbf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= <hub@figuiere.net>
+Date: Sun, 28 Jul 2019 10:15:19 -0400
+Subject: [PATCH] (CVE-2020-18651) Issue #13 - Fix a buffer a overflow in ID3
+ support
+
+https://gitlab.freedesktop.org/libopenraw/exempi/issues/13
+(cherry picked from commit fdd4765a699f9700850098b43b9798b933acb32f)
+---
+ XMPFiles/source/FormatSupport/ID3_Support.cpp | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/XMPFiles/source/FormatSupport/ID3_Support.cpp b/XMPFiles/source/FormatSupport/ID3_Support.cpp
+index dd19c16..4619079 100644
+--- a/XMPFiles/source/FormatSupport/ID3_Support.cpp
+++ b/XMPFiles/source/FormatSupport/ID3_Support.cpp
+@@ -669,6 +669,10 @@ bool ID3v2Frame::getFrameValue ( XMP_Uns8 majorVersion, XMP_Uns32 logicalID, std
+ 			std::string tmp ( this->content, this->contentSize );
+ 			bool bigEndian = true;	// assume for now (if no BOM follows)
+ 
+			if (pos + 2 > this->contentSize) {
+				// No enough for the string
+				break;
+			}
+ 			if ( GetUns16BE ( &this->content[pos] ) == 0xFEFF ) {
+ 				pos += 2;
+ 				bigEndian = true;
+@@ -686,6 +690,10 @@ bool ID3v2Frame::getFrameValue ( XMP_Uns8 majorVersion, XMP_Uns32 logicalID, std
+ 		{
+ 			if ( commMode && (! advancePastCOMMDescriptor ( pos )) ) return false; // not a frame of interest!
+ 		
+			if (pos + 4 > this->contentSize) {
+				// No enough for the string
+				break;
+			}
+ 			if ( (GetUns32BE ( &this->content[pos]) & 0xFFFFFF00 ) == 0xEFBBBF00 ) {
+ 				pos += 3;	// swallow any BOM, just in case
+ 			}
+-- 
+2.41.0
+
--- a/SOURCES/0002-CVE-20220-18652-Bug-12-Invalid-WebP-cause-memory-ove.patch
+++ b/SOURCES/0002-CVE-20220-18652-Bug-12-Invalid-WebP-cause-memory-ove.patch
@ -0,0 +1,38 @@
+From a3b1e52e5a5836fe1fd07013a2a098518b1801de Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= <hub@figuiere.net>
+Date: Sat, 27 Jul 2019 20:42:51 -0400
+Subject: [PATCH] (CVE-20220-18652) Bug #12 - Invalid WebP cause memory
+ overflow.
+
+https://gitlab.freedesktop.org/libopenraw/exempi/issues/12
+(cherry picked from commit acee2894ceb91616543927c2a6e45050c60f98f7)
+---
+ XMPFiles/source/FormatSupport/WEBP_Support.cpp | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
+index ffaf220..0d4b81d 100644
+--- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp
+++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
+@@ -120,10 +120,16 @@ VP8XChunk::VP8XChunk(Container* parent)
+     this->data.assign(this->size, 0);
+     XMP_Uns8* bitstream =
+         (XMP_Uns8*)parent->chunks[WEBP_CHUNK_IMAGE][0]->data.data();
+    XMP_Uns32 width = 0;
+    XMP_Uns32 height = 0;
+     // See bug https://bugs.freedesktop.org/show_bug.cgi?id=105247
+     // bitstream could be NULL.
+-    XMP_Uns32 width = bitstream ? ((bitstream[7] << 8) | bitstream[6]) & 0x3fff : 0;
+-    XMP_Uns32 height = bitstream ? ((bitstream[9] << 8) | bitstream[8]) & 0x3fff : 0;
+    // See bug https://gitlab.freedesktop.org/libopenraw/exempi/issues/12
+    // image chunk data could be too short (must be 10)
+    if (parent->chunks[WEBP_CHUNK_IMAGE][0]->data.size() >= 10 && bitstream) {
+      width = ((bitstream[7] << 8) | bitstream[6]) & 0x3fff;
+      height = ((bitstream[9] << 8) | bitstream[8]) & 0x3fff;
+    }
+     this->width(width);
+     this->height(height);
+     parent->vp8x = this;
+-- 
+2.41.0
+
--- a/SPECS/exempi.spec
+++ b/SPECS/exempi.spec
@ -1,12 +1,14 @@
 Summary:	Library for easy parsing of XMP metadata
 Name:		exempi
 Version:	2.4.5
-Release:	2%{?dist}
+Release:	4%{?dist}
 License:	BSD
 Group:		System Environment/Libraries
 URL:		http://libopenraw.freedesktop.org/wiki/Exempi
 Source0:	http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2
 Patch0:		CVE-2018-12648.patch
+Patch0001:  0001-CVE-2020-18651-Issue-13-Fix-a-buffer-a-overflow-in-I.patch
+Patch0002:  0002-CVE-20220-18652-Bug-12-Invalid-WebP-cause-memory-ove.patch
 BuildRequires:	gcc-c++
 BuildRequires:	boost-devel expat-devel zlib-devel pkgconfig
 # Work around for aarch64 support (https://bugzilla.redhat.com/show_bug.cgi?id=925327)
@ -31,6 +33,8 @@ developing with exempi.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
+%patch2 -p1

 %build
 libtoolize -vi
@ -69,6 +73,14 @@ rm -rf %{buildroot}%{_libdir}/*.a
 %{_libdir}/pkgconfig/*.pc

 %changelog
+* Mon Jan 08 2024 Matej Mužila <mmuzila@redhat.com> - 2.4.5-4
+- Fix CVE-2020-18652
+- Resolves: RHEL-5416
+
+* Mon Jan 08 2024 Matej Mužila <mmuzila@redhat.com> - 2.4.5-3
+- Fix CVE-2020-18651
+- Resolves: RHEL-5415
+
 * Wed Sep 26 2018 Nikola Forró <nforro@redhat.com> - 2.4.5-2
 - Fix CVE-2018-12648
  Resolves #1594644