rpms/exiv2
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix test for CVE-2021-29470

Browse Source 
Resolves: bz#1993284
This commit is contained in:
Jan Grulich 2021-08-19 12:26:02 +02:00
parent 3c72a01f6b
commit 160330c325
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
exiv2-CVE-2021-37619.patch
View File

@ -29,3 +29,34 @@ index b6a388542f..3bf3566294 100644
Jp2BoxHeader newBox = subBox; Jp2BoxHeader newBox = subBox;
if ( count < length ) { if ( count < length ) {
diff --git a/tests/bugfixes/github/test_issue_ghsa_8949_hhfh_j7rj.py b/tests/bugfixes/github/test_issue_ghsa_8949_hhfh_j7rj.py
index c98b3815eb..44f6a906cb 100644
--- a/tests/bugfixes/github/test_issue_ghsa_8949_hhfh_j7rj.py
+++ b/tests/bugfixes/github/test_issue_ghsa_8949_hhfh_j7rj.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
-from system_tests import CaseMeta, path
-
+from system_tests import CaseMeta, CopyTmpFiles, path
+@CopyTmpFiles("$data_path/issue_ghsa_8949_hhfh_j7rj_poc.jp2","$data_path/issue_ghsa_8949_hhfh_j7rj_poc.exv")
class Jp2ImageEncodeJp2HeaderOutOfBoundsRead(metaclass=CaseMeta):
"""
@@ -10,13 +10,12 @@ class Jp2ImageEncodeJp2HeaderOutOfBoundsRead(metaclass=CaseMeta):
"""
url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj"
- filename1 = path("$data_path/issue_ghsa_8949_hhfh_j7rj_poc.jp2")
- filename2 = path("$data_path/issue_ghsa_8949_hhfh_j7rj_poc.exv")
+ filename1 = path("$tmp_path/issue_ghsa_8949_hhfh_j7rj_poc.jp2")
+ filename2 = path("$tmp_path/issue_ghsa_8949_hhfh_j7rj_poc.exv")
commands = ["$exiv2 in $filename1"]
stdout = [""]
stderr = [
"""Error: XMP Toolkit error 201: XML parsing failure
Warning: Failed to decode XMP metadata.
-$filename1: Could not write metadata to file: $kerCorruptedMetadata
"""]
- retval = [1]
+ retval = [0]

6
exiv2.spec
View File

@ -5,7 +5,7 @@ Summary: Exif and Iptc metadata manipulation library
Name: exiv2 Name: exiv2
Version: 0.27.4 Version: 0.27.4
%global internal_ver %{version} %global internal_ver %{version}
Release: 4%{?dist} Release: 5%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://www.exiv2.org/ URL: http://www.exiv2.org/
@ -128,6 +128,10 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
%changelog %changelog
* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-5
- Fix test for CVE-2021-29470
Resolves: bz#1993284
* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-4 * Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-4
- Fix out-of-bounds read in Exiv2::Jp2Image::printStructure - Fix out-of-bounds read in Exiv2::Jp2Image::printStructure
Resolves: bz#1993247 Resolves: bz#1993247