rpms/exiv2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c10s
Branches Tags
rpms:c8
rpms:c10s
rpms:c8s
rpms:c9
rpms:c8-beta
rpms:c9s
rpms:c9-beta
rpms:imports/c10s/exiv2-0.28.3-5.el10
rpms:imports/c10s/exiv2-0.28.3-3.el10
rpms:imports/c10s/exiv2-0.28.3-2.el10
rpms:imports/c10s/exiv2-0.27.6-8.el10
rpms:imports/c9/exiv2-0.27.5-2.el9
rpms:imports/c8/exiv2-0.27.5-2.el8
rpms:imports/c8-beta/exiv2-0.27.5-2.el8
rpms:imports/c9-beta/exiv2-0.27.5-2.el9
rpms:imports/c9-beta/exiv2-0.27.4-7.el9
rpms:imports/c8s/exiv2-0.27.5-2.el8
rpms:imports/c8/exiv2-0.27.4-5.el8
rpms:imports/c8-beta/exiv2-0.27.4-5.el8
rpms:imports/c8-beta/exiv2-0.27.3-2.el8
rpms:imports/c8-beta/exiv2-0.27.2-5.el8
rpms:imports/c8-beta/exiv2-0.27.2-2.el8
rpms:imports/c8-beta/exiv2-0.26-10.el8
rpms:imports/c8s/exiv2-0.27.4-5.el8
rpms:imports/c8s/exiv2-0.27.4-4.el8
rpms:imports/c8s/exiv2-0.27.4-2.el8
rpms:imports/c8s/exiv2-0.27.3-6.el8
rpms:imports/c8s/exiv2-0.27.3-5.el8
rpms:imports/c8/exiv2-0.27.3-3.el8_4
rpms:imports/c8/exiv2-0.27.3-2.el8
rpms:imports/c8/exiv2-0.27.2-5.el8
rpms:imports/c8/exiv2-0.26-10.el8
..
compare: rpms:c8
Branches Tags
rpms:c10s
rpms:c8s
rpms:c9
rpms:c8
rpms:c8-beta
rpms:c9s
rpms:c9-beta
rpms:imports/c10s/exiv2-0.28.3-5.el10
rpms:imports/c10s/exiv2-0.28.3-3.el10
rpms:imports/c10s/exiv2-0.28.3-2.el10
rpms:imports/c10s/exiv2-0.27.6-8.el10
rpms:imports/c9/exiv2-0.27.5-2.el9
rpms:imports/c8/exiv2-0.27.5-2.el8
rpms:imports/c8-beta/exiv2-0.27.5-2.el8
rpms:imports/c9-beta/exiv2-0.27.5-2.el9
rpms:imports/c9-beta/exiv2-0.27.4-7.el9
rpms:imports/c8s/exiv2-0.27.5-2.el8
rpms:imports/c8/exiv2-0.27.4-5.el8
rpms:imports/c8-beta/exiv2-0.27.4-5.el8
rpms:imports/c8-beta/exiv2-0.27.3-2.el8
rpms:imports/c8-beta/exiv2-0.27.2-5.el8
rpms:imports/c8-beta/exiv2-0.27.2-2.el8
rpms:imports/c8-beta/exiv2-0.26-10.el8
rpms:imports/c8s/exiv2-0.27.4-5.el8
rpms:imports/c8s/exiv2-0.27.4-4.el8
rpms:imports/c8s/exiv2-0.27.4-2.el8
rpms:imports/c8s/exiv2-0.27.3-6.el8
rpms:imports/c8s/exiv2-0.27.3-5.el8
rpms:imports/c8/exiv2-0.27.3-3.el8_4
rpms:imports/c8/exiv2-0.27.3-2.el8
rpms:imports/c8/exiv2-0.27.2-5.el8
rpms:imports/c8/exiv2-0.26-10.el8

No commits in common. "c10s" and "c8" have entirely different histories.
c10s ... c8

8 changed files with 129 additions and 365 deletions
Show Stats Expand all files Collapse all files

1
.exiv2.metadata Normal file
View File

@ -0,0 +1 @@
775f9c5ddeb92b682da8b7737f9811009595dc6a SOURCES/exiv2-0.27.5-Source.tar.gz

13
.gitignore vendored
View File

@ -1,12 +1 @@
/exiv2-0.27.1-Source.tar.gz
/v0.27.2-RC2.tar.gz
/exiv2-0.27.2-Source.tar.gz
/exiv2-0.27.3-Source.tar.gz
/exiv2-0.27.4-Source.tar.gz
/exiv2-0.27.5-RC1.tar.gz
/exiv2-0.27.5-RC2.tar.gz
/exiv2-0.27.5-RC3.tar.gz
/exiv2-0.27.5-Source.tar.gz
/exiv2-0.27.6-Source.tar.gz
/exiv2-0.28.3.tar.gz
/issue_ghsa_38h4_fx85_qcx7_poc.tiff
SOURCES/exiv2-0.27.5-Source.tar.gz

5
exiv2-no-rpath.patch → SOURCES/exiv2-no-rpath.patch
View File

@ -1,8 +1,8 @@
diff --git a/cmake/mainSetup.cmake b/cmake/mainSetup.cmake
index 1ea9deb..36253d1 100644
index fcaa21f..f69fc46 100644
--- a/cmake/mainSetup.cmake
+++ b/cmake/mainSetup.cmake
@@ -26,8 +26,6 @@ if (UNIX)
@@ -23,8 +23,6 @@ if (UNIX)
if (APPLE)
set(CMAKE_MACOSX_RPATH ON)
set(CMAKE_INSTALL_RPATH "@loader_path")
@ -10,3 +10,4 @@ index 1ea9deb..36253d1 100644
- join_paths(CMAKE_INSTALL_RPATH "$ORIGIN" ".." "${CMAKE_INSTALL_LIBDIR}")
endif()
endif()

290
exiv2.spec → SPECS/exiv2.spec
View File

@ -1,48 +1,31 @@
Name: exiv2
Version: 0.28.3
Release: 5%{?dist}
Summary: Exif and Iptc metadata manipulation library
Name: exiv2
Version: 0.27.5
%global internal_ver %{version}
Release: 2%{?dist}
# GPL-2.0-or-later: main library
# BSD-3-Clause: xmpsdk/
# LicenseRef-Fedora-Public-Domain:
# - app/getopt.cpp
# - src/properties.cpp
# - src/tzfile.h
# - xmpsdk/include/MD5.h
# - xmpsdk/src/MD5.cpp
License: GPL-2.0-or-later AND BSD-3-Clause AND LicenseRef-Fedora-Public-Domain
License: GPLv2+
URL: http://www.exiv2.org/
VCS: https://github.com/Exiv2/exiv2/
%if 0%{?beta:1}
Source0: %{vcs}/archive/v%{version}-%{beta}/%{name}-%{version}-%{beta}.tar.gz
%else
Source0: %{vcs}/archive/v%{version}/%{name}-%{version}.tar.gz
%endif
Source0: http://exiv2.org/builds/%{name}-%{version}-Source.tar.gz
# POC files for upstream issues
Source1: issue_ghsa_38h4_fx85_qcx7_poc.tiff
## upstream patches (lookaside cache)
# Security fixes
## upstreamable patches
Patch0: exiv2-no-rpath.patch
# CVE fixes
Patch50: exiv2-CVE-2025-26623.patch
Patch51: exiv2-CVE-2025-26623-test.patch
BuildRequires: cmake
BuildRequires: expat-devel
BuildRequires: gcc-c++
BuildRequires: gettext
BuildRequires: pkgconfig
BuildRequires: pkgconfig(expat)
BuildRequires: pkgconfig(INIReader)
BuildRequires: pkgconfig(libbrotlidec)
BuildRequires: pkgconfig(zlib)
BuildRequires: zlib-devel
# docs
BuildRequires: doxygen
BuildRequires: graphviz
BuildRequires: libxslt
BuildRequires: doxygen graphviz libxslt
Requires: %{name}-libs%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description
A command line utility to access image metadata, allowing one to:
@ -56,237 +39,182 @@ A command line utility to access image metadata, allowing one to:
* extract, insert and delete Exif metadata (including thumbnails),
Iptc metadata and Jpeg comments
%package devel
Summary: Header files, libraries and development documentation for %{name}
Requires: %{name}-libs%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description devel
%{summary}.
%package libs
Summary: Exif and Iptc metadata manipulation library
# not strictly required, but convenient and expected
%if 0%{?rhel} && 0%{?rhel} <= 7
Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name} = %{version}-%{release}
%else
Recommends: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Recommends: %{name} = %{version}-%{release}
%endif
%description libs
A C++ library to access image metadata, supporting full read and write access
to the Exif and Iptc metadata, Exif MakerNote support, extract and delete
methods for Exif thumbnails, classes to access Ifd and so on.
%package doc
Summary: API documentation for %{name}
# MIT:
# - clipboard.js
# - cookie.js
# - dynsections.js
# - jquery.js
# - menu.js
# - menudata.js
# - resize.js
# GPL-2.0-only:
# - css and icons from Doxygen
License: MIT AND GPL-2.0-only
Summary: Api documentation for %{name}
BuildArch: noarch
%description doc
%{summary}.
API documentation for %{name}.
%prep
%autosetup -n %{name}-%{version}%{?beta:-%{beta}} -p1
cp %{SOURCE1} test/data/issue_ghsa_38h4_fx85_qcx7_poc.tiff
%autosetup -n %{name}-%{version}-Source -p1
%build
%cmake \
%{cmake} . \
-DCMAKE_INSTALL_DOCDIR="%{_pkgdocdir}" \
-DEXIV2_BUILD_DOC:BOOL=ON \
-DEXIV2_BUILD_SAMPLES:BOOL=OFF \
-DEXIV2_ENABLE_NLS:BOOL=ON
%cmake_build
%cmake_build --target doc
-DEXIV2_ENABLE_NLS:BOOL=ON \
-DEXIV2_BUILD_SAMPLES:BOOL=OFF
%make_build
%make_build doc
%install
%cmake_install
make install/fast DESTDIR=%{buildroot}
%find_lang exiv2 --with-man
%check
export PKG_CONFIG_PATH="%{buildroot}%{_libdir}/pkgconfig${PKG_CONFIG_PATH:+:}${PKG_CONFIG_PATH}"
test "$(pkg-config --modversion exiv2)" = "%{version}"
test "$(pkg-config --modversion exiv2)" = "%{internal_ver}"
test "$(pkg-config --variable=libdir exiv2)" = "%{_libdir}"
test -x %{buildroot}%{_libdir}/libexiv2.so
%ctest --parallel 1
%files -f exiv2.lang
%license COPYING doc/COPYING-XMPSDK
%doc doc/ChangeLog exiv2.md SECURITY.md
%license COPYING
%doc doc/ChangeLog
# README is mostly installation instructions
#doc README.md
%{_bindir}/exiv2
%{_mandir}/man1/exiv2*.1*
%ldconfig_scriptlets libs
%files libs
%{_libdir}/libexiv2.so.28*
%{_libdir}/libexiv2.so.%{version}
%{_libdir}/libexiv2.so.27*
%{_libdir}/libexiv2.so.%{internal_ver}
%files devel
%{_includedir}/exiv2/
%{_libdir}/cmake/exiv2/
%{_libdir}/libexiv2.so
%{_libdir}/pkgconfig/exiv2.pc
%{_libdir}/cmake/exiv2/
# todo: -static subpkg? -- rex
%{_libdir}/libexiv2-xmp.a
%files doc
%{_pkgdocdir}/
%exclude %{_pkgdocdir}/ChangeLog
%changelog
* Mon Feb 24 2025 Jan Grulich <jgrulich@redhat.com> - 0.28.3-5
- Revert: remove rpath patch
Resolves: RHEL-80106
* Mon Nov 15 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.5-2
- Remove RPATH
Resolves: bz#2018422
* Mon Feb 24 2025 Jan Grulich <jgrulich@redhat.com> - 0.28.3-4
- Fix CVE-2025-26623 exiv2: Use After Free
Resolves: RHEL-80106
* Fri Nov 12 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.5-1
- Exiv2 0.27.5
Resolves: bz#2018422
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.28.3-3
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
Fix stack exhaustion issue in the printIFDStructure function leading to DoS
Resolves: bz#2003673
* Tue Aug 06 2024 Jan Grulich <jgrulich@redhat.com> - 0.28.3-2
- Backport RHEL9 patch for RPATH
Resolves: RHEL-45267
* Tue Aug 24 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-5
- Include missing tests for CVEs
Resolves: bz#1993282
Resolves: bz#1993245
* Tue Aug 06 2024 Jan Grulich <jgrulich@redhat.com> - 0.28.3-1
- 0.28.3
Resolves: RHEL-45267
* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-4
- Fix test for CVE-2021-29470
Resolves: bz#1993245
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.27.6-8
- Bump release for June 2024 mass rebuild
* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-3
- Fix out-of-bounds read in Exiv2::Jp2Image::printStructure
Resolves: bz#1993282
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.6-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
- Fix out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
Resolves: bz#1993245
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.6-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Aug 05 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-2
- Do not duplicate changelog file
Resolves: bz#1989860
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jan 31 2023 Jan Grulich <jgrulich@redhat.com> - 0.27.6-1
- 0.27.6
- migrated to SPDX license
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Oct 27 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.5-1
- 0.27.5 (final)
* Mon Oct 04 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.5-0.3.RC3
- 0.27-5-RC3
* Fri Sep 10 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.5-0.2.RC2
- 0.27.5-RC2 (#2003208)
* Wed Aug 11 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.5-0.1.RC1
- 0.27.5-RC1 (#1992344)
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 18 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.4-1
- 0.27.4 (#1941230)
* Wed Aug 04 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-1
- 0.27.4
Resolves: bz#1989860
* Tue May 25 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-6
- CVE-2021-29623 exiv2: a read of uninitialized memory may lead to information leak
CVE-2021-32617 exiv2: DoS due to quadratic complexity in ProcessUTF8Portion
Resolves: bz#1964182
* Thu Apr 29 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-6
- CVE-2021-32617 exiv2: DoS due to quadratic complexity in ProcessUTF8Portion
Resolves: bz#1964188
* Thu Apr 29 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-5
- CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata
Resolves: bz#1954065
- CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
Resolves: bz#1955014
* Wed Apr 28 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-4
- CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode
Resolves: bz#1953758
- CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata
Resolves: bz#1953772
* Wed Apr 14 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-3
- CVE-2021-3482: Fix heap-based buffer overflow in Jp2Image::readMetadata()
CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode
CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata
CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata
Resolves: bz#1947160
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Oct 7 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.3-2
- Avoid duplicating Changelog file
Resolves: bz#1880984
* Wed Aug 26 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.27.3-4
- support new cmake macro semantics
* Wed Oct 7 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.3-1
- Update to 0.27.3
Resolves: bz#1880984
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.3-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Mar 04 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.2-5
- Fix failing test
Resolves: bz#1800472
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Mar 04 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.2-4
- Drop test for the previous CVE as we test it manually and we don't have POC available
Resolves: bz#1800472
* Tue Jun 30 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.27.3-1
- 0.27.3
* Wed Feb 26 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.2-3
- Fix infinite loop and hang in Jp2Image::readMetadata()
Resolves: bz#1800472
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Oct 29 2019 Jan Grulich <jgrulich@redhat.com> - 0.27.2-2
Rebuild
Resolves: bz#1651917
* Mon Jul 29 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.2-1
- 0.27.2
* Fri Sep 20 2019 Jan Grulich <jgrulich@redhat.com> - 0.27.2-1
- Update to 0.27.2
Resolves: bz#1651917
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.2-0.2.RC2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Sep 11 2018 Jan Grulich <jgrulich@redhat.com> - 0.26-10
- Security fix for CVE-2018-16336
* Tue Jul 16 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.2-0.1.RC2
- 0.27.2-RC2 (#1720353)
* Fri Apr 26 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.1-1
- exiv-0.27.1 (#1696117)
* Thu Jan 31 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.0-3
- -devel: Requires: expat-devel
* Wed Jan 30 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.0-2
- pull in upstream fix for pkgconfig exiv2.pc
* Thu Jan 10 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.0-1
- exiv2-0.27.0 (#1665246)
* Thu Jan 10 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.26-13
- backport pentax DNG crasher (#1585514, exiv2#201)
* Tue Jul 24 2018 Jan Grulich <jgrulich@redhat.com> - 0.26-12
* Tue Jul 24 2018 Jan Grulich <jgrulich@redhat.com> - 0.26-9
- Security fix for CVE-2017-17723, CVE-2017-17725, CVE-2018-10958, CVE-2018-10998,
CVE-2018-11531, CVE-2018-12264, CVE-2018-12265, CVE-2018-14046, CVE-2018-5772,
CVE-2018-8976, CVE-2018-8977, CVE-2018-9144
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.26-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu May 03 2018 Germano Massullo <germano.massullo@gmail.com> - 0.26-10
- added patches that fix CVE-2017-17723 CVE-2017-17725 CVE-2017-5772
- moved 0006-1296-Fix-submitted.patch file from sources to package tree
* Tue Feb 20 2018 Rex Dieter <rdieter@fedoraproject.org> - 0.26-9
- BR: gcc-c++
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.26-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

68
exiv2-CVE-2025-26623-test.patch
View File

@ -1,68 +0,0 @@
From 630487ffc5feda28aa62dc91eaeae8b0b7507851 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 19 Feb 2025 16:21:06 +0000
Subject: [PATCH] Regression test for
https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7
(cherry picked from commit 9f8e1a57b6c6853947360d1187bc24d72056c97a)
---
test/data/issue_ghsa_38h4_fx85_qcx7_poc.tiff | Bin 0 -> 603 bytes
.../github/test_issue_ghsa_38h4_fx85_qcx7.py | 22 ++++++++++++++++++
.../test_regression_allfiles.py | 1 +
tests/suite.conf | 1 +
4 files changed, 24 insertions(+)
create mode 100644 test/data/issue_ghsa_38h4_fx85_qcx7_poc.tiff
create mode 100644 tests/bugfixes/github/test_issue_ghsa_38h4_fx85_qcx7.py
diff --git a/tests/bugfixes/github/test_issue_ghsa_38h4_fx85_qcx7.py b/tests/bugfixes/github/test_issue_ghsa_38h4_fx85_qcx7.py
new file mode 100644
index 0000000000..07082caf62
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_ghsa_38h4_fx85_qcx7.py
@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, path
+
+
+class TiffSubIfd_use_after_free(metaclass=CaseMeta):
+ """
+ Regression test for the bug described in:
+ https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7
+ """
+
+ url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7"
+
+ filename = path("$data_path/issue_ghsa_38h4_fx85_qcx7_poc.tiff")
+ commands = ["$exiv2 -q fi $filename"]
+ stdout = [""]
+ stderr = [
+ """Exiv2 exception in fixiso action for file $filename:
+$kerImageWriteFailed
+"""
+ ]
+ retval = [1]
diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py
index eb7f7cef2d..53e8de44ae 100644
--- a/tests/regression_tests/test_regression_allfiles.py
+++ b/tests/regression_tests/test_regression_allfiles.py
@@ -120,6 +120,7 @@ def get_valid_files(data_dir):
"issue_ghsa_mxw9_qx4c_6m8v_poc.jp2",
"issue_ghsa_hrw9_ggg3_3r4r_poc.jpg",
"issue_ghsa_g9xm_7538_mq8w_poc.mov",
+ "issue_ghsa_38h4_fx85_qcx7_poc.tiff",
"pocIssue283.jpg",
"poc_1522.jp2",
"xmpsdk.xmp",
diff --git a/tests/suite.conf b/tests/suite.conf
index c2bf1741e8..249a97fa93 100644
--- a/tests/suite.conf
+++ b/tests/suite.conf
@@ -41,6 +41,7 @@ jpegparsetest: ${ENV:exiv2_path}/jpegparsetest
kerOffsetOutOfRange: Offset out of range
kerFailedToReadImageData: Failed to read image data
kerInputDataReadFailed: Failed to read input data
+kerImageWriteFailed: Failed to write image
kerCorruptedMetadata: corrupted image metadata
kerInvalidMalloc: invalid memory allocation request
kerInvalidTypeValue: invalid type in tiff structure

79
exiv2-CVE-2025-26623.patch
View File

@ -1,79 +0,0 @@
From facce628f3622764e91a8161f89ade8cb34bc120 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Mon, 17 Feb 2025 16:34:40 -0800
Subject: [PATCH] Revert "fix copy constructors"
This reverts commit afb2d998fe62f7e829e93e62506bf9968117c9c5.
This commit is wrong and ends up resulting in use after frees because of
C pointers. The proper solution is shared_ptr instead of C pointers but
that's a lot more involved than reverting this.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ebff8b48820b96c786cfddbf0bebb395cb1317d7)
---
src/tiffcomposite_int.cpp | 19 +++++++++++++++++++
src/tiffcomposite_int.hpp | 6 +++---
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/src/tiffcomposite_int.cpp b/src/tiffcomposite_int.cpp
index 95ce450c7d..3e6e93d5c5 100644
--- a/src/tiffcomposite_int.cpp
+++ b/src/tiffcomposite_int.cpp
@@ -127,6 +127,25 @@ TiffEntryBase::TiffEntryBase(const TiffEntryBase& rhs) :
storage_(rhs.storage_) {
}
+TiffDirectory::TiffDirectory(const TiffDirectory& rhs) : TiffComponent(rhs), hasNext_(rhs.hasNext_) {
+}
+
+TiffSubIfd::TiffSubIfd(const TiffSubIfd& rhs) : TiffEntryBase(rhs), newGroup_(rhs.newGroup_) {
+}
+
+TiffBinaryArray::TiffBinaryArray(const TiffBinaryArray& rhs) :
+ TiffEntryBase(rhs),
+ cfgSelFct_(rhs.cfgSelFct_),
+ arraySet_(rhs.arraySet_),
+ arrayCfg_(rhs.arrayCfg_),
+ arrayDef_(rhs.arrayDef_),
+ defSize_(rhs.defSize_),
+ setSize_(rhs.setSize_),
+ origData_(rhs.origData_),
+ origSize_(rhs.origSize_),
+ pRoot_(rhs.pRoot_) {
+}
+
TiffComponent::UniquePtr TiffComponent::clone() const {
return UniquePtr(doClone());
}
diff --git a/src/tiffcomposite_int.hpp b/src/tiffcomposite_int.hpp
index 4506a4dca0..307e0bd9e3 100644
--- a/src/tiffcomposite_int.hpp
+++ b/src/tiffcomposite_int.hpp
@@ -851,7 +851,7 @@ class TiffDirectory : public TiffComponent {
//! @name Protected Creators
//@{
//! Copy constructor (used to implement clone()).
- TiffDirectory(const TiffDirectory&) = default;
+ TiffDirectory(const TiffDirectory& rhs);
//@}
//! @name Protected Manipulators
@@ -944,7 +944,7 @@ class TiffSubIfd : public TiffEntryBase {
//! @name Protected Creators
//@{
//! Copy constructor (used to implement clone()).
- TiffSubIfd(const TiffSubIfd&) = default;
+ TiffSubIfd(const TiffSubIfd& rhs);
TiffSubIfd& operator=(const TiffSubIfd&) = delete;
//@}
@@ -1346,7 +1346,7 @@ class TiffBinaryArray : public TiffEntryBase {
//! @name Protected Creators
//@{
//! Copy constructor (used to implement clone()).
- TiffBinaryArray(const TiffBinaryArray&) = default;
+ TiffBinaryArray(const TiffBinaryArray& rhs);
//@}
//! @name Protected Manipulators

6
gating.yaml
View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

2
sources
View File

@ -1,2 +0,0 @@
SHA512 (exiv2-0.28.3.tar.gz) = c8338a118feefa104d73932890c732247c884ab9ce1d170c43a22ab5884517a0e2a7fd1febde7705b8290fbbbc29e64738610404816e4db2b56a70fc444ca049
SHA512 (issue_ghsa_38h4_fx85_qcx7_poc.tiff) = adaa541625873c88d58a5563e3d345f51252bc83ba487f004e54cd327b48fb2258e5d5cf27547f1da426d2b2a9a21d1f7d6378c877ac073477658fc4b300e5b9