Compare commits

...

No commits in common. "c8" and "c10s" have entirely different histories.
c8 ... c10s

6 changed files with 125 additions and 154 deletions

17
.gitignore vendored
View File

@ -1 +1,16 @@
SOURCES/exempi-2.4.5.tar.bz2
exempi-2.1.1.tar.gz
/exempi-2.2.0.tar.bz2
/exempi-2.2.1.tar.bz2
/exempi-2.3.0.tar.bz2
/exempi-2.4.0.tar.bz2
/exempi-2.4.1.tar.bz2
/exempi-2.4.2.tar.bz2
/exempi-2.4.4.tar.bz2
/exempi-2.4.5.tar.bz2
/exempi-2.5.1.tar.bz2
/exempi-2062d44dadbc603524ed0ffdb752070455b7e7fa.tar.bz2
/exempi-e23c21380f467f1f1c9dc397e0a08405fb4afa7a.tar.bz2
/exempi-2.6.1.tar.bz2
/exempi-2.6.2.tar.bz2
/exempi-2.6.3.tar.bz2
/exempi-2.6.4.tar.bz2

View File

@ -1,41 +0,0 @@
From 4f583ff12989f7cea1f81bd2751c321030f1bdbf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= <hub@figuiere.net>
Date: Sun, 28 Jul 2019 10:15:19 -0400
Subject: [PATCH] (CVE-2020-18651) Issue #13 - Fix a buffer a overflow in ID3
support
https://gitlab.freedesktop.org/libopenraw/exempi/issues/13
(cherry picked from commit fdd4765a699f9700850098b43b9798b933acb32f)
---
XMPFiles/source/FormatSupport/ID3_Support.cpp | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/XMPFiles/source/FormatSupport/ID3_Support.cpp b/XMPFiles/source/FormatSupport/ID3_Support.cpp
index dd19c16..4619079 100644
--- a/XMPFiles/source/FormatSupport/ID3_Support.cpp
+++ b/XMPFiles/source/FormatSupport/ID3_Support.cpp
@@ -669,6 +669,10 @@ bool ID3v2Frame::getFrameValue ( XMP_Uns8 majorVersion, XMP_Uns32 logicalID, std
std::string tmp ( this->content, this->contentSize );
bool bigEndian = true; // assume for now (if no BOM follows)
+ if (pos + 2 > this->contentSize) {
+ // No enough for the string
+ break;
+ }
if ( GetUns16BE ( &this->content[pos] ) == 0xFEFF ) {
pos += 2;
bigEndian = true;
@@ -686,6 +690,10 @@ bool ID3v2Frame::getFrameValue ( XMP_Uns8 majorVersion, XMP_Uns32 logicalID, std
{
if ( commMode && (! advancePastCOMMDescriptor ( pos )) ) return false; // not a frame of interest!
+ if (pos + 4 > this->contentSize) {
+ // No enough for the string
+ break;
+ }
if ( (GetUns32BE ( &this->content[pos]) & 0xFFFFFF00 ) == 0xEFBBBF00 ) {
pos += 3; // swallow any BOM, just in case
}
--
2.41.0

View File

@ -1,38 +0,0 @@
From a3b1e52e5a5836fe1fd07013a2a098518b1801de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= <hub@figuiere.net>
Date: Sat, 27 Jul 2019 20:42:51 -0400
Subject: [PATCH] (CVE-20220-18652) Bug #12 - Invalid WebP cause memory
overflow.
https://gitlab.freedesktop.org/libopenraw/exempi/issues/12
(cherry picked from commit acee2894ceb91616543927c2a6e45050c60f98f7)
---
XMPFiles/source/FormatSupport/WEBP_Support.cpp | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
index ffaf220..0d4b81d 100644
--- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp
+++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
@@ -120,10 +120,16 @@ VP8XChunk::VP8XChunk(Container* parent)
this->data.assign(this->size, 0);
XMP_Uns8* bitstream =
(XMP_Uns8*)parent->chunks[WEBP_CHUNK_IMAGE][0]->data.data();
+ XMP_Uns32 width = 0;
+ XMP_Uns32 height = 0;
// See bug https://bugs.freedesktop.org/show_bug.cgi?id=105247
// bitstream could be NULL.
- XMP_Uns32 width = bitstream ? ((bitstream[7] << 8) | bitstream[6]) & 0x3fff : 0;
- XMP_Uns32 height = bitstream ? ((bitstream[9] << 8) | bitstream[8]) & 0x3fff : 0;
+ // See bug https://gitlab.freedesktop.org/libopenraw/exempi/issues/12
+ // image chunk data could be too short (must be 10)
+ if (parent->chunks[WEBP_CHUNK_IMAGE][0]->data.size() >= 10 && bitstream) {
+ width = ((bitstream[7] << 8) | bitstream[6]) & 0x3fff;
+ height = ((bitstream[9] << 8) | bitstream[8]) & 0x3fff;
+ }
this->width(width);
this->height(height);
parent->vp8x = this;
--
2.41.0

View File

@ -1,43 +0,0 @@
From 487f4136013d9fa3351b863e5f861463a1cbddcf Mon Sep 17 00:00:00 2001
From: Victor Rodriguez <victor.rodriguez.bahena@intel.com>
Date: Sat, 18 Aug 2018 13:54:55 +0000
Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The WEBP::GetLE32 function in
XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a
NULL pointer dereference.
https://bugs.freedesktop.org/show_bug.cgi?id=106981
https://gitlab.freedesktop.org/libopenraw/exempi/issues/9
Signed-off-by: Victor Rodriguez <victor.rodriguez.bahena@intel.com>
Signed-off-by: Hubert Figuière <hub@figuiere.net>
---
XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
index ffaf220..4fe705b 100644
--- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp
+++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
@@ -160,9 +160,11 @@ bool VP8XChunk::xmp()
}
void VP8XChunk::xmp(bool hasXMP)
{
- XMP_Uns32 flags = GetLE32(&this->data[0]);
- flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
- PutLE32(&this->data[0], flags);
+ if (&this->data[0] != NULL) {
+ XMP_Uns32 flags = GetLE32(&this->data[0]);
+ flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
+ PutLE32(&this->data[0], flags);
+ }
}
Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler)
--
2.17.1

View File

@ -1,18 +1,15 @@
Summary: Library for easy parsing of XMP metadata
Name: exempi
Version: 2.4.5
Release: 4%{?dist}
License: BSD
Group: System Environment/Libraries
Version: 2.6.4
Release: 7%{?dist}
License: BSD-3-Clause
URL: http://libopenraw.freedesktop.org/wiki/Exempi
Source0: http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2
Patch0: CVE-2018-12648.patch
Patch0001: 0001-CVE-2020-18651-Issue-13-Fix-a-buffer-a-overflow-in-I.patch
Patch0002: 0002-CVE-20220-18652-Bug-12-Invalid-WebP-cause-memory-ove.patch
Source0: https://gitlab.freedesktop.org/libopenraw/%{name}/-/archive/%{version}/%{name}-%{version}.tar.bz2
BuildRequires: gcc-c++
BuildRequires: boost-devel expat-devel zlib-devel pkgconfig
# Work around for aarch64 support (https://bugzilla.redhat.com/show_bug.cgi?id=925327)
BuildRequires: autoconf automake libtool
BuildRequires: make
Provides: bundled(md5-polstra)
%description
@ -22,7 +19,6 @@ It includes XMPCore and XMPFiles.
%package devel
Summary: Headers for developing programs that will use %{name}
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: pkgconfig
@ -31,14 +27,11 @@ This package contains the libraries and header files needed for
developing with exempi.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%autosetup -p1
%build
libtoolize -vi
./autogen.sh
NOCONFIGURE=1 ./autogen.sh
# BanEntityUsage needed for #888765
%configure CPPFLAGS="-I%{_includedir} -fno-strict-aliasing -DBanAllEntityUsage=1"
@ -46,44 +39,128 @@ libtoolize -vi
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
make %{?_smp_mflags} V=1
%make_build
%check
%ifarch s390x
# testcore test fails on big endian arches since exempi 2.5.2:
# https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/23
make check || [ "$(grep '^FAIL:' exempi/test-suite.log)" = "FAIL: tests/testcore" ]
%else
make check
%endif
%install
make DESTDIR=%{buildroot} install
%make_install
rm -rf %{buildroot}%{_libdir}/*.la
rm -rf %{buildroot}%{_libdir}/*.a
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%doc AUTHORS ChangeLog COPYING README
%license COPYING
%doc AUTHORS ChangeLog README.md
%{_bindir}/exempi
%{_libdir}/*.so.*
%{_libdir}/libexempi.so.8*
%{_mandir}/man1/exempi.1*
%files devel
%{_includedir}/exempi-2.0/
%{_libdir}/*.so
%{_libdir}/libexempi.so
%{_libdir}/pkgconfig/*.pc
%changelog
* Mon Jan 08 2024 Matej Mužila <mmuzila@redhat.com> - 2.4.5-4
- Fix CVE-2020-18652
- Resolves: RHEL-5416
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.6.4-7
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Mon Jan 08 2024 Matej Mužila <mmuzila@redhat.com> - 2.4.5-3
- Fix CVE-2020-18651
- Resolves: RHEL-5415
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.6.4-6
- Bump release for June 2024 mass rebuild
* Wed Sep 26 2018 Nikola Forró <nforro@redhat.com> - 2.4.5-2
* Mon Jan 29 2024 Matej Mužila <mmuzila@redhat.com> - 2.6.4-5
- migrated to SPDX license
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jul 10 2023 Nikola Forró <nforro@redhat.com> - 2.6.4-1
- Update to version 2.6.4
Resolves #2221013
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Dec 12 2022 Nikola Forró <nforro@redhat.com> - 2.6.3-1
- Update to version 2.6.3
Resolves #2152330
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 27 2022 Nikola Forró <nforro@redhat.com> - 2.6.2-1
- Update to version 2.6.2
Resolves #2101146
* Mon Feb 14 2022 Nikola Forró <nforro@redhat.com> - 2.6.1-1
- Update to version 2.6.1
Resolves #1850332
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.0-0.2.20211007gite23c213
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Oct 07 2021 Nikola Forró <nforro@redhat.com> - 2.6.0-0.1.20211007gite23c213
- Update to (unreleased) version 2.6.0 to resolve licensing issues
and not to deviate from upstream
* Fri Sep 17 2021 Nikola Forró <nforro@redhat.com> - 2.5.3-0.1.20210917git2062d44
- Update to (unreleased) version 2.5.3 to resolve licensing issues
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Jeff Law <law@redhat.com> - 2.5.1-5
- Force C++14 as this code is not C++17 ready
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2.5.1-3
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Aug 30 2019 Nikola Forró <nforro@redhat.com> - 2.5.1-1
- Update to version 2.5.1
Resolves #1747391
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Oct 9 2018 Owen Taylor <otaylor@redhat.com> - 2.4.5-5
- Set NOCONFIGURE when running autogen.sh to avoid running configure twice
* Wed Sep 26 2018 Nikola Forró <nforro@redhat.com> - 2.4.5-4
- Fix CVE-2018-12648
Resolves #1594644
Resolves #1594643
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 28 2018 Nikola Forró <nforro@redhat.com> - 2.4.5-2
- Remove ldconfig from scriptlets
* Tue Mar 13 2018 Nikola Forró <nforro@redhat.com> - 2.4.5-1
- Update to version 2.4.5

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (exempi-2.6.4.tar.bz2) = 20d5689346f89bacaeedf1c48e725d5f3aead399786c93858886bfced6341f58bb70cfe43da255f931cce21d86cee3c7cb4d0b074f6d4a77dc8cec56f533f380