rpms/exiv2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import exiv2-0.27.4-5.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-08-25 10:19:07 +00:00 committed by Andrew Lukoshko
parent 2c9057068d
commit ee82a38301
5 changed files with 92 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.exiv2.metadata
View File

@ -1 +1,3 @@
ed620c568463179aca7847bee5fda40c11c08318 SOURCES/exiv2-0.27.4-Source.tar.gz
8bfcbc41598e9377d5938fbc75d63db3e6bd9bc9 SOURCES/issue_ghsa_583f_w9pm_99r2_poc.jp2
af7e1607f84dc143f09efaced2d6e05064238d4f SOURCES/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2

2
.gitignore vendored
View File

@ -1 +1,3 @@
SOURCES/exiv2-0.27.4-Source.tar.gz
SOURCES/issue_ghsa_583f_w9pm_99r2_poc.jp2
SOURCES/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2

38
SOURCES/exiv2-CVE-2021-37618.patch
View File

@ -1,3 +1,41 @@
From f13ebca839e55d0c7ea1c7f57ae667c47fe9c0d5 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Mon, 5 Jul 2021 10:39:08 +0100
Subject: [PATCH 1/2] Regression test for
https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
---
test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2 | Bin 0 -> 32768 bytes
.../github/test_issue_ghsa_583f_w9pm_99r2.py | 18 ++++++++++++++++++
2 files changed, 18 insertions(+)
create mode 100644 test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2
create mode 100644 tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py
diff --git a/tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py b/tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py
new file mode 100644
index 000000000..808916aee
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, path, check_no_ASAN_UBSAN_errors
+
+class Jp2ImagePrintStructureICC(metaclass=CaseMeta):
+ """
+ Regression test for the bug described in:
+ https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
+ """
+ url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2"
+
+ filename = path("$data_path/issue_ghsa_583f_w9pm_99r2_poc.jp2")
+ commands = ["$exiv2 -p C $filename"]
+ stdout = [""]
+ stderr = ["""Exiv2 exception in print action for file $filename:
+$kerCorruptedMetadata
+"""]
+ retval = [1]
From dbf472751fc8b87ea7d1de02f54eaf64233a2fb6 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Mon, 5 Jul 2021 10:40:03 +0100

38
SOURCES/exiv2-CVE-2021-37619.patch
View File

@ -1,3 +1,41 @@
From a7b920bdbde1ee15a1a470d743dbae69ee398c75 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 30 Jun 2021 16:47:12 +0100
Subject: [PATCH 1/2] Regression test for
https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
---
test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 | Bin 0 -> 1692 bytes
.../github/test_issue_ghsa_mxw9_qx4c_6m8v.py | 18 ++++++++++++++++++
2 files changed, 18 insertions(+)
create mode 100644 test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
create mode 100644 tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py
diff --git a/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py b/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py
new file mode 100644
index 0000000000..8f8b6676cf
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, CopyTmpFiles, path, check_no_ASAN_UBSAN_errors
+@CopyTmpFiles("$data_path/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2")
+
+class Jp2ImageEncodeJp2HeaderOutOfBoundsRead2(metaclass=CaseMeta):
+ """
+ Regression test for the bug described in:
+ https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
+ """
+ url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v"
+
+ filename = path("$tmp_path/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2")
+ commands = ["$exiv2 rm $filename"]
+ stdout = [""]
+ retval = [0]
+
+ compare_stderr = check_no_ASAN_UBSAN_errors
From 9be257340193dbe3fb810aa33531c40ae9df6414 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 30 Jun 2021 16:47:50 +0100

13
SPECS/exiv2.spec
View File

@ -3,12 +3,16 @@ Summary: Exif and Iptc metadata manipulation library
Name: exiv2
Version: 0.27.4
%global internal_ver %{version}
Release: 4%{?dist}
Release: 5%{?dist}
License: GPLv2+
URL: http://www.exiv2.org/
Source0: http://exiv2.org/builds/%{name}-%{version}-Source.tar.gz
# POC files for upstream issues
Source1: issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
Source2: issue_ghsa_583f_w9pm_99r2_poc.jp2
## upstream patches (lookaside cache)
Patch1: exiv2-CVE-2021-37618.patch
Patch2: exiv2-CVE-2021-37619.patch
@ -69,6 +73,8 @@ BuildArch: noarch
%prep
%autosetup -n %{name}-%{version}-Source -p1
cp %{SOURCE1} test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
cp %{SOURCE2} test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2
%build
%{cmake} . \
@ -121,6 +127,11 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
%changelog
* Tue Aug 24 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-5
- Include missing tests for CVEs
Resolves: bz#1993282
Resolves: bz#1993245
* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-4
- Fix test for CVE-2021-29470
Resolves: bz#1993245