import exiv2-0.27.3-2.el8

2021-03-30 13:51:54 -04:00 · 2021-03-30 13:51:54 -04:00 · f364596076
commit f364596076
parent a05da4765d
5 changed files with 31 additions and 105 deletions
--- a/.exiv2.metadata
+++ b/.exiv2.metadata
@ -1 +1 @@
-4e740e21f2e0d1fc4c81241ddc3a939f39b326c7 SOURCES/exiv2-0.27.2.tar.gz
+5f1b460b10171c3b12cd540d699e9b815f6f3058 SOURCES/exiv2-0.27.3.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/exiv2-0.27.2.tar.gz
+SOURCES/exiv2-0.27.3.tar.gz
--- a/SOURCES/exiv2-0.27.3-fcf-protection.patch
+++ b/SOURCES/exiv2-0.27.3-fcf-protection.patch
@ -0,0 +1,12 @@
 diff -up exiv2-0.27.3-Source/cmake/compilerFlags.cmake.fcf-protection exiv2-0.27.3-Source/cmake/compilerFlags.cmake
 --- exiv2-0.27.3-Source/cmake/compilerFlags.cmake.fcf-protection	2020-06-30 08:33:22.000000000 -0500
 +++ exiv2-0.27.3-Source/cmake/compilerFlags.cmake	2020-06-30 18:03:38.197967648 -0500
@@ -26,7 +26,7 @@ if ( MINGW OR UNIX OR MSYS ) # MINGW, Li
         # This fails under Fedora, MinGW GCC 8.3.0 and CYGWIN/MSYS 9.3.0
         if (NOT (MINGW OR CMAKE_HOST_SOLARIS OR CYGWIN OR MSYS) )
             if (COMPILER_IS_GCC AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 8.0)
 -                add_compile_options(-fstack-clash-protection -fcf-protection)
 +                add_compile_options(-fstack-clash-protection)
             endif()
             if( (COMPILER_IS_GCC   AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 5.0) # Not in GCC 4.8
--- a/SOURCES/exiv2-CVE-2019-20421.patch
+++ b/SOURCES/exiv2-CVE-2019-20421.patch
@ -1,97 +0,0 @@
 From 1b917c3f7dd86336a9f6fda4456422c419dfe88c Mon Sep 17 00:00:00 2001
 From: clanmills <robin@clanmills.com>
 Date: Tue, 1 Oct 2019 17:39:44 +0100
 Subject: [PATCH] Fix #1011 fix_1011_jp2_readmetadata_loop
 ---
 src/jp2image.cpp                             |  25 +++++++++++++++----
 test/data/Jp2Image_readMetadata_loop.poc     | Bin 0 -> 738 bytes
 tests/bugfixes/github/test_CVE_2017_17725.py |   4 +--
 tests/bugfixes/github/test_issue_1011.py     |  13 ++++++++++
 4 files changed, 35 insertions(+), 7 deletions(-)
 create mode 100755 test/data/Jp2Image_readMetadata_loop.poc
 create mode 100644 tests/bugfixes/github/test_issue_1011.py
 diff --git a/src/jp2image.cpp b/src/jp2image.cpp
 index d5cd1340a..0de088d62 100644
 --- a/src/jp2image.cpp
 +++ b/src/jp2image.cpp
@@ -18,10 +18,6 @@
  * Foundation, Inc., 51 Franklin Street, 5th Floor, Boston, MA 02110-1301 USA.
  */
 -/*
 -  File:      jp2image.cpp
 -*/
 -
 // *****************************************************************************
 // included header files
@@ -197,6 +193,16 @@ namespace Exiv2
         return result;
     }
 +static void boxes_check(size_t b,size_t m)
 +{
 +    if ( b > m ) {
 +#ifdef EXIV2_DEBUG_MESSAGES
 +        std::cout << "Exiv2::Jp2Image::readMetadata box maximum exceeded" << std::endl;
 +#endif
 +        throw Error(kerCorruptedMetadata);
 +    }
 +}
 +
     void Jp2Image::readMetadata()
     {
 #ifdef EXIV2_DEBUG_MESSAGES
@@ -219,9 +225,12 @@ namespace Exiv2
         Jp2BoxHeader      subBox    = {0,0};
         Jp2ImageHeaderBox ihdr      = {0,0,0,0,0,0,0,0};
         Jp2UuidBox        uuid      = {{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
 +        size_t            boxes     = 0 ;
 +        size_t            boxem     = 1000 ; // boxes max
         while (io_->read((byte*)&box, sizeof(box)) == sizeof(box))
         {
 +            boxes_check(boxes++,boxem );
             position   = io_->tell();
             box.length = getLong((byte*)&box.length, bigEndian);
             box.type   = getLong((byte*)&box.type, bigEndian);
@@ -251,8 +260,12 @@ namespace Exiv2
                     while (io_->read((byte*)&subBox, sizeof(subBox)) == sizeof(subBox) && subBox.length )
                     {
 +                        boxes_check(boxes++, boxem) ;
                         subBox.length = getLong((byte*)&subBox.length, bigEndian);
                         subBox.type   = getLong((byte*)&subBox.type, bigEndian);
 +                        if (subBox.length > io_->size() ) {
 +                            throw Error(kerCorruptedMetadata);
 +                        }
 #ifdef EXIV2_DEBUG_MESSAGES
                         std::cout << "Exiv2::Jp2Image::readMetadata: "
                         << "subBox = " << toAscii(subBox.type) << " length = " << subBox.length << std::endl;
@@ -308,7 +321,9 @@ namespace Exiv2
                         }
                         io_->seek(restore,BasicIo::beg);
 -                        io_->seek(subBox.length, Exiv2::BasicIo::cur);
 +                        if ( io_->seek(subBox.length, Exiv2::BasicIo::cur) != 0 ) {
 +                            throw Error(kerCorruptedMetadata);
 +                        }
                         restore = io_->tell();
                     }
                     break;
 diff --git a/tests/bugfixes/github/test_CVE_2017_17725.py b/tests/bugfixes/github/test_CVE_2017_17725.py
 index 1127b9806..670a75d8d 100644
 --- a/tests/bugfixes/github/test_CVE_2017_17725.py
 +++ b/tests/bugfixes/github/test_CVE_2017_17725.py
@@ -11,7 +11,7 @@ class TestCvePoC(metaclass=system_tests.CaseMeta):
     filename = "$data_path/poc_2017-12-12_issue188"
     commands = ["$exiv2 " + filename]
     stdout = [""]
 -    stderr = ["""$exiv2_overflow_exception_message """ + filename + """:
 -$addition_overflow_message
 +    stderr = ["""$exiv2_exception_message """ + filename + """:
 +$kerCorruptedMetadata
 """]
     retval = [1]
--- a/SPECS/exiv2.spec
+++ b/SPECS/exiv2.spec
@ -1,17 +1,20 @@
 Summary: Exif and Iptc metadata manipulation library
 Name:    exiv2
-Version: 0.27.2
+Version: 0.27.3
-Release: 5%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL:     http://www.exiv2.org/
 Source0: https://github.com/Exiv2/%{name}/archive/exiv2-%{version}.tar.gz
 ## upstream patches (lookaside cache)
 Patch0:  exiv2-CVE-2019-20421.patch
 ## upstreamable patches
 # don't unconditionally use -fcf-protection flag, not supported on all archs
 # fedora already includes this on archs that do support it
 Patch100: exiv2-0.27.3-fcf-protection.patch
 BuildRequires: cmake
 BuildRequires: expat-devel
@ -88,7 +91,7 @@ rm -fv %{buildroot}%{_libdir}/libexiv2.la
 %check
 export PKG_CONFIG_PATH="%{buildroot}%{_libdir}/pkgconfig${PKG_CONFIG_PATH:+:}${PKG_CONFIG_PATH}"
-test "$(pkg-config --modversion exiv2)" = "0.27.2"
+test "$(pkg-config --modversion exiv2)" = "0.27.3"
 test "$(pkg-config --variable=libdir exiv2)" = "%{_libdir}"
 test -x %{buildroot}%{_libdir}/libexiv2.so
@ -105,7 +108,7 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
 %files libs
 %{_libdir}/libexiv2.so.27*
-%{_libdir}/libexiv2.so.0.27.2
+%{_libdir}/libexiv2.so.0.27.3
 %files devel
 %{_includedir}/exiv2/
@ -116,10 +119,18 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
 %files doc
 %{_pkgdocdir}/
-
+%exclude %{_pkgdocdir}/ChangeLog
 %changelog
 * Wed Oct 7 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.3-2
 - Avoid duplicating Changelog file
  Resolves: bz#1880984
 * Wed Oct 7 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.3-1
 - Update to 0.27.3
  Resolves: bz#1880984
 * Wed Mar 04 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.2-5
 - Fix failing test
  Resolves: bz#1800472
`@ -1 +1 @@`
	`4e740e21f2e0d1fc4c81241ddc3a939f39b326c7 SOURCES/exiv2-0.27.2.tar.gz`	`5f1b460b10171c3b12cd540d699e9b815f6f3058 SOURCES/exiv2-0.27.3.tar.gz`
`@ -1 +1 @@`
	`SOURCES/exiv2-0.27.2.tar.gz`	`SOURCES/exiv2-0.27.3.tar.gz`