rpms/exiv2
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Include missing tests for CVEs

Browse Source 
Resolves: bz#1993247
Resolves: bz#1993284
This commit is contained in:
Jan Grulich 2021-08-24 13:17:10 +02:00
parent 160330c325
commit c39924fe20
5 changed files with 91 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -3,3 +3,5 @@
/exiv2-0.27.2-Source.tar.gz
/exiv2-0.27.3-Source.tar.gz
/exiv2-0.27.4-Source.tar.gz
/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
/issue_ghsa_583f_w9pm_99r2_poc.jp2

38
exiv2-CVE-2021-37618.patch
View File

@ -1,3 +1,41 @@
From f13ebca839e55d0c7ea1c7f57ae667c47fe9c0d5 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Mon, 5 Jul 2021 10:39:08 +0100
Subject: [PATCH 1/2] Regression test for
https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
---
test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2 | Bin 0 -> 32768 bytes
.../github/test_issue_ghsa_583f_w9pm_99r2.py | 18 ++++++++++++++++++
2 files changed, 18 insertions(+)
create mode 100644 test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2
create mode 100644 tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py
diff --git a/tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py b/tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py
new file mode 100644
index 000000000..808916aee
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, path, check_no_ASAN_UBSAN_errors
+
+class Jp2ImagePrintStructureICC(metaclass=CaseMeta):
+ """
+ Regression test for the bug described in:
+ https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
+ """
+ url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2"
+
+ filename = path("$data_path/issue_ghsa_583f_w9pm_99r2_poc.jp2")
+ commands = ["$exiv2 -p C $filename"]
+ stdout = [""]
+ stderr = ["""Exiv2 exception in print action for file $filename:
+$kerCorruptedMetadata
+"""]
+ retval = [1]
From dbf472751fc8b87ea7d1de02f54eaf64233a2fb6 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Mon, 5 Jul 2021 10:40:03 +0100

38
exiv2-CVE-2021-37619.patch
View File

@ -1,3 +1,41 @@
From a7b920bdbde1ee15a1a470d743dbae69ee398c75 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 30 Jun 2021 16:47:12 +0100
Subject: [PATCH 1/2] Regression test for
https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
---
test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 | Bin 0 -> 1692 bytes
.../github/test_issue_ghsa_mxw9_qx4c_6m8v.py | 18 ++++++++++++++++++
2 files changed, 18 insertions(+)
create mode 100644 test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
create mode 100644 tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py
diff --git a/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py b/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py
new file mode 100644
index 0000000000..8f8b6676cf
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, CopyTmpFiles, path, check_no_ASAN_UBSAN_errors
+@CopyTmpFiles("$data_path/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2")
+
+class Jp2ImageEncodeJp2HeaderOutOfBoundsRead2(metaclass=CaseMeta):
+ """
+ Regression test for the bug described in:
+ https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
+ """
+ url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v"
+
+ filename = path("$tmp_path/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2")
+ commands = ["$exiv2 rm $filename"]
+ stdout = [""]
+ retval = [0]
+
+ compare_stderr = check_no_ASAN_UBSAN_errors
From 9be257340193dbe3fb810aa33531c40ae9df6414 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 30 Jun 2021 16:47:50 +0100

11
exiv2.spec
View File

@ -15,6 +15,10 @@ Source0: https://github.com/Exiv2/%{name}/archive/v%{version}-%{beta}.tar.gz
Source0: http://exiv2.org/builds/%{name}-%{version}-Source.tar.gz
%endif
# POC files for upstream issues
Source1: issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
Source2: issue_ghsa_583f_w9pm_99r2_poc.jp2
## upstream patches
Patch1: exiv2-CVE-2021-37618.patch
Patch2: exiv2-CVE-2021-37619.patch
@ -71,6 +75,8 @@ BuildArch: noarch
%description doc
%{summary}.
cp %{SOURCE1} test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
cp %{SOURCE2} test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2
%prep
%autosetup -n %{name}-%{version}-%{?beta}%{!?beta:Source} -p1
@ -128,6 +134,11 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
%changelog
* Tue Aug 24 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-6
- Include missing tests for CVEs
Resolves: bz#1993247
Resolves: bz#1993284
* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-5
- Fix test for CVE-2021-29470
Resolves: bz#1993284

2
sources
View File

@ -1 +1,3 @@
SHA512 (exiv2-0.27.4-Source.tar.gz) = f6798baafb36a54ba5bc65c2d28d4f4469e298582c90b417eb437b5dbda8e11963fb3314e8419717b3815ee8c3a68955cddc79e45351d9f2c165a0b73eb7b7be
SHA512 (issue_ghsa_mxw9_qx4c_6m8v_poc.jp2) = c8de2d85dcaa1c8620fde1007d6a94d5e479d52609f1c4aaca53b32faf9ee92052ea283f69d0b231d37db750214f2d231e5088160dd2b1d27bb4b1b96e154b56
SHA512 (issue_ghsa_583f_w9pm_99r2_poc.jp2) = 8d42240749514e2c8e9d66f9ba97acfd80e753fd4426da122b2fabe3209b7bf66b1a45c4449089aac2eaf8c93e6db077c51d416f78175dd487b705bf507b2443