From c39924fe204f37109599ebcf28f33be9e7a43062 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Tue, 24 Aug 2021 13:17:10 +0200 Subject: [PATCH] Include missing tests for CVEs Resolves: bz#1993247 Resolves: bz#1993284 --- .gitignore | 2 ++ exiv2-CVE-2021-37618.patch | 38 ++++++++++++++++++++++++++++++++++++++ exiv2-CVE-2021-37619.patch | 38 ++++++++++++++++++++++++++++++++++++++ exiv2.spec | 11 +++++++++++ sources | 2 ++ 5 files changed, 91 insertions(+) diff --git a/.gitignore b/.gitignore index f6de3a9..c064b31 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ /exiv2-0.27.2-Source.tar.gz /exiv2-0.27.3-Source.tar.gz /exiv2-0.27.4-Source.tar.gz +/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 +/issue_ghsa_583f_w9pm_99r2_poc.jp2 diff --git a/exiv2-CVE-2021-37618.patch b/exiv2-CVE-2021-37618.patch index b658a39..ac3f866 100644 --- a/exiv2-CVE-2021-37618.patch +++ b/exiv2-CVE-2021-37618.patch @@ -1,3 +1,41 @@ +From f13ebca839e55d0c7ea1c7f57ae667c47fe9c0d5 Mon Sep 17 00:00:00 2001 +From: Kevin Backhouse +Date: Mon, 5 Jul 2021 10:39:08 +0100 +Subject: [PATCH 1/2] Regression test for + https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2 + +--- + test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2 | Bin 0 -> 32768 bytes + .../github/test_issue_ghsa_583f_w9pm_99r2.py | 18 ++++++++++++++++++ + 2 files changed, 18 insertions(+) + create mode 100644 test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2 + create mode 100644 tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py + +diff --git a/tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py b/tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py +new file mode 100644 +index 000000000..808916aee +--- /dev/null ++++ b/tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py +@@ -0,0 +1,18 @@ ++# -*- coding: utf-8 -*- ++ ++from system_tests import CaseMeta, path, check_no_ASAN_UBSAN_errors ++ ++class Jp2ImagePrintStructureICC(metaclass=CaseMeta): ++ """ ++ Regression test for the bug described in: ++ https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2 ++ """ ++ url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2" ++ ++ filename = path("$data_path/issue_ghsa_583f_w9pm_99r2_poc.jp2") ++ commands = ["$exiv2 -p C $filename"] ++ stdout = [""] ++ stderr = ["""Exiv2 exception in print action for file $filename: ++$kerCorruptedMetadata ++"""] ++ retval = [1] + From dbf472751fc8b87ea7d1de02f54eaf64233a2fb6 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Mon, 5 Jul 2021 10:40:03 +0100 diff --git a/exiv2-CVE-2021-37619.patch b/exiv2-CVE-2021-37619.patch index 2572914..0dca35b 100644 --- a/exiv2-CVE-2021-37619.patch +++ b/exiv2-CVE-2021-37619.patch @@ -1,3 +1,41 @@ +From a7b920bdbde1ee15a1a470d743dbae69ee398c75 Mon Sep 17 00:00:00 2001 +From: Kevin Backhouse +Date: Wed, 30 Jun 2021 16:47:12 +0100 +Subject: [PATCH 1/2] Regression test for + https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v + +--- + test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 | Bin 0 -> 1692 bytes + .../github/test_issue_ghsa_mxw9_qx4c_6m8v.py | 18 ++++++++++++++++++ + 2 files changed, 18 insertions(+) + create mode 100644 test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 + create mode 100644 tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py + +diff --git a/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py b/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py +new file mode 100644 +index 0000000000..8f8b6676cf +--- /dev/null ++++ b/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py +@@ -0,0 +1,18 @@ ++# -*- coding: utf-8 -*- ++ ++from system_tests import CaseMeta, CopyTmpFiles, path, check_no_ASAN_UBSAN_errors ++@CopyTmpFiles("$data_path/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2") ++ ++class Jp2ImageEncodeJp2HeaderOutOfBoundsRead2(metaclass=CaseMeta): ++ """ ++ Regression test for the bug described in: ++ https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v ++ """ ++ url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v" ++ ++ filename = path("$tmp_path/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2") ++ commands = ["$exiv2 rm $filename"] ++ stdout = [""] ++ retval = [0] ++ ++ compare_stderr = check_no_ASAN_UBSAN_errors + From 9be257340193dbe3fb810aa33531c40ae9df6414 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Wed, 30 Jun 2021 16:47:50 +0100 diff --git a/exiv2.spec b/exiv2.spec index fd03feb..12a3a34 100644 --- a/exiv2.spec +++ b/exiv2.spec @@ -15,6 +15,10 @@ Source0: https://github.com/Exiv2/%{name}/archive/v%{version}-%{beta}.tar.gz Source0: http://exiv2.org/builds/%{name}-%{version}-Source.tar.gz %endif +# POC files for upstream issues +Source1: issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 +Source2: issue_ghsa_583f_w9pm_99r2_poc.jp2 + ## upstream patches Patch1: exiv2-CVE-2021-37618.patch Patch2: exiv2-CVE-2021-37619.patch @@ -71,6 +75,8 @@ BuildArch: noarch %description doc %{summary}. +cp %{SOURCE1} test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 +cp %{SOURCE2} test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2 %prep %autosetup -n %{name}-%{version}-%{?beta}%{!?beta:Source} -p1 @@ -128,6 +134,11 @@ test -x %{buildroot}%{_libdir}/libexiv2.so %changelog +* Tue Aug 24 2021 Jan Grulich - 0.27.4-6 +- Include missing tests for CVEs + Resolves: bz#1993247 + Resolves: bz#1993284 + * Wed Aug 18 2021 Jan Grulich - 0.27.4-5 - Fix test for CVE-2021-29470 Resolves: bz#1993284 diff --git a/sources b/sources index 201ca00..c23559e 100644 --- a/sources +++ b/sources @@ -1 +1,3 @@ SHA512 (exiv2-0.27.4-Source.tar.gz) = f6798baafb36a54ba5bc65c2d28d4f4469e298582c90b417eb437b5dbda8e11963fb3314e8419717b3815ee8c3a68955cddc79e45351d9f2c165a0b73eb7b7be +SHA512 (issue_ghsa_mxw9_qx4c_6m8v_poc.jp2) = c8de2d85dcaa1c8620fde1007d6a94d5e479d52609f1c4aaca53b32faf9ee92052ea283f69d0b231d37db750214f2d231e5088160dd2b1d27bb4b1b96e154b56 +SHA512 (issue_ghsa_583f_w9pm_99r2_poc.jp2) = 8d42240749514e2c8e9d66f9ba97acfd80e753fd4426da122b2fabe3209b7bf66b1a45c4449089aac2eaf8c93e6db077c51d416f78175dd487b705bf507b2443