rpms
/
libexif
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libexif-0.6.22-4.el8

This commit is contained in:
CentOS Sources 2020-11-03 06:59:20 -05:00 committed by Andrew Lukoshko
parent fbbda3048a
commit 12233646fe
7 changed files with 209 additions and 389 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libexif-0.6.21.tar.bz2
SOURCES/libexif-0_6_22-release.tar.gz

2
.libexif.metadata
View File

@ -1 +1 @@
a52219b12dbc8d33fc096468591170fda71316c0 SOURCES/libexif-0.6.21.tar.bz2
9925660e70ee8b5ce480c6a6f30c84b382929142 SOURCES/libexif-0_6_22-release.tar.gz

60
SOURCES/41bd04234b104312f54d25822f68738ba8d7133d.patch
View File

@ -1,60 +0,0 @@
From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
From: Marcus Meissner <marcus@jet.franken.de>
Date: Tue, 25 Jul 2017 23:44:44 +0200
Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
makernote entries.
This should fix:
https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
---
libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
index d03d159..ea0429a 100644
--- a/libexif/pentax/mnote-pentax-entry.c
+++ b/libexif/pentax/mnote-pentax-entry.c
@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
case EXIF_FORMAT_SHORT:
{
const unsigned char *data = entry->data;
- size_t k, len = strlen(val);
+ size_t k, len = strlen(val), sizeleft;
+
+ sizeleft = entry->size;
for(k=0; k<entry->components; k++) {
+ if (sizeleft < 2)
+ break;
vs = exif_get_short (data, entry->order);
snprintf (val+len, maxlen-len, "%i ", vs);
len = strlen(val);
data += 2;
+ sizeleft -= 2;
}
}
break;
case EXIF_FORMAT_LONG:
{
const unsigned char *data = entry->data;
- size_t k, len = strlen(val);
+ size_t k, len = strlen(val), sizeleft;
+
+ sizeleft = entry->size;
for(k=0; k<entry->components; k++) {
+ if (sizeleft < 4)
+ break;
vl = exif_get_long (data, entry->order);
snprintf (val+len, maxlen-len, "%li", (long int) vl);
len = strlen(val);
data += 4;
+ sizeleft -= 4;
}
}
break;
@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
break;
}
- return (val);
+ return val;
}

58
SOURCES/CVE-2020-0181-CVE-2020-0198.patch Normal file
View File

@ -0,0 +1,58 @@
From ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c Mon Sep 17 00:00:00 2001
From: Marcus Meissner <marcus@jet.franken.de>
Date: Mon, 8 Jun 2020 17:27:06 +0200
Subject: [PATCH] fixed another unsigned integer overflow
first fixed by google in android fork,
https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
(use a more generic overflow check method, also check second overflow instance.)
https://security-tracker.debian.org/tracker/CVE-2020-0198
---
libexif/exif-data.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index 8b280d3..b495726 100644
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -47,6 +47,8 @@
#undef JPEG_MARKER_APP1
#define JPEG_MARKER_APP1 0xe1
+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
+
static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
struct _ExifDataPrivate
@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
return;
}
- if (s > ds - o) {
+ if (CHECKOVERFLOW(o,ds,s)) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
return;
}
@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
}
/* Read the number of entries */
- if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
+ if (CHECKOVERFLOW(offset, ds, 2)) {
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
- "Tag data past end of buffer (%u > %u)", offset+2, ds);
+ "Tag data past end of buffer (%u+2 > %u)", offset, ds);
return;
}
n = exif_get_short (d + offset, data->priv->order);
@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
offset += 2;
/* Check if we have enough data. */
- if (offset + 12 * n > ds) {
+ if (CHECKOVERFLOW(offset, ds, 12*n)) {
n = (ds - offset) / 12;
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Short data; only loading %hu entries...", n);

312
SOURCES/CVE-2020-13112.patch
View File

@ -1,312 +0,0 @@
From d74c049a9d1e3e8c10150d50c401747250ae221c Mon Sep 17 00:00:00 2001
From: Dan Fandrich <dan@coneharvesters.com>
Date: Sat, 16 May 2020 17:32:28 +0200
Subject: [PATCH] Fix MakerNote tag size overflow issues at read time.
Check for a size overflow while reading tags, which ensures that the
size is always consistent for the given components and type of the
entry, making checking further down superfluous.
This provides an alternate fix for
https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 and for all
the MakerNote types. Likely, this makes both commits 41bd0423 and
89e5b1c1 redundant as it ensures that MakerNote entries are well-formed
when they're populated.
Some improvements on top by Marcus Meissner <marcus@jet.franken.de>
CVE-2020-13112
---
libexif/canon/exif-mnote-data-canon.c | 22 +++++++++++++++++----
libexif/fuji/exif-mnote-data-fuji.c | 24 +++++++++++++++++------
libexif/olympus/exif-mnote-data-olympus.c | 24 ++++++++++++++++-------
libexif/pentax/exif-mnote-data-pentax.c | 20 +++++++++++++++----
4 files changed, 69 insertions(+), 21 deletions(-)
diff --git a/libexif/canon/exif-mnote-data-canon.c b/libexif/canon/exif-mnote-data-canon.c
index eb53598..622c86b 100644
--- a/libexif/canon/exif-mnote-data-canon.c
+++ b/libexif/canon/exif-mnote-data-canon.c
@@ -32,6 +32,8 @@
#define DEBUG
+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
+
static void
exif_mnote_data_canon_clear (ExifMnoteDataCanon *n)
{
@@ -209,7 +211,7 @@ exif_mnote_data_canon_load (ExifMnoteData *ne,
return;
}
datao = 6 + n->offset;
- if ((datao + 2 < datao) || (datao + 2 < 2) || (datao + 2 > buf_size)) {
+ if (CHECKOVERFLOW(datao, buf_size, 2)) {
exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteCanon", "Short MakerNote");
return;
@@ -233,11 +235,12 @@ exif_mnote_data_canon_load (ExifMnoteData *ne,
tcount = 0;
for (i = c, o = datao; i; --i, o += 12) {
size_t s;
- if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) {
+
+ if (CHECKOVERFLOW(o,buf_size,12)) {
exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteCanon", "Short MakerNote");
break;
- }
+ }
n->entries[tcount].tag = exif_get_short (buf + o, n->order);
n->entries[tcount].format = exif_get_short (buf + o + 2, n->order);
@@ -248,6 +251,16 @@ exif_mnote_data_canon_load (ExifMnoteData *ne,
"Loading entry 0x%x ('%s')...", n->entries[tcount].tag,
mnote_canon_tag_get_name (n->entries[tcount].tag));
+ /* Check if we overflow the multiplication. Use buf_size as the max size for integer overflow detection,
+ * we will check the buffer sizes closer later. */
+ if ( exif_format_get_size (n->entries[tcount].format) &&
+ buf_size / exif_format_get_size (n->entries[tcount].format) < n->entries[tcount].components
+ ) {
+ exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ "ExifMnoteCanon", "Tag size overflow detected (%u * %lu)", exif_format_get_size (n->entries[tcount].format), n->entries[tcount].components);
+ continue;
+ }
+
/*
* Size? If bigger than 4 bytes, the actual data is not
* in the entry but somewhere else (offset).
@@ -264,7 +277,8 @@ exif_mnote_data_canon_load (ExifMnoteData *ne,
} else {
size_t dataofs = o + 8;
if (s > 4) dataofs = exif_get_long (buf + dataofs, n->order) + 6;
- if ((dataofs + s < s) || (dataofs + s < dataofs) || (dataofs + s > buf_size)) {
+
+ if (CHECKOVERFLOW(dataofs, buf_size, s)) {
exif_log (ne->log, EXIF_LOG_CODE_DEBUG,
"ExifMnoteCanon",
"Tag data past end of buffer (%u > %u)",
diff --git a/libexif/fuji/exif-mnote-data-fuji.c b/libexif/fuji/exif-mnote-data-fuji.c
index 9514654..a0bcb67 100644
--- a/libexif/fuji/exif-mnote-data-fuji.c
+++ b/libexif/fuji/exif-mnote-data-fuji.c
@@ -28,6 +28,8 @@
#include "exif-mnote-data-fuji.h"
+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
+
struct _MNoteFujiDataPrivate {
ExifByteOrder order;
};
@@ -162,16 +164,16 @@ exif_mnote_data_fuji_load (ExifMnoteData *en,
return;
}
datao = 6 + n->offset;
- if ((datao + 12 < datao) || (datao + 12 < 12) || (datao + 12 > buf_size)) {
+ if (CHECKOVERFLOW(datao, buf_size, 12)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataFuji", "Short MakerNote");
return;
}
n->order = EXIF_BYTE_ORDER_INTEL;
+
datao += exif_get_long (buf + datao + 8, EXIF_BYTE_ORDER_INTEL);
- if ((datao + 2 < datao) || (datao + 2 < 2) ||
- (datao + 2 > buf_size)) {
+ if (CHECKOVERFLOW(datao, buf_size, 2)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataFuji", "Short MakerNote");
return;
@@ -195,7 +197,8 @@ exif_mnote_data_fuji_load (ExifMnoteData *en,
tcount = 0;
for (i = c, o = datao; i; --i, o += 12) {
size_t s;
- if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) {
+
+ if (CHECKOVERFLOW(o, buf_size, 12)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataFuji", "Short MakerNote");
break;
@@ -210,6 +213,15 @@ exif_mnote_data_fuji_load (ExifMnoteData *en,
"Loading entry 0x%x ('%s')...", n->entries[tcount].tag,
mnote_fuji_tag_get_name (n->entries[tcount].tag));
+ /* Check if we overflow the multiplication. Use buf_size as the max size for integer overflow detection,
+ * we will check the buffer sizes closer later. */
+ if ( exif_format_get_size (n->entries[tcount].format) &&
+ buf_size / exif_format_get_size (n->entries[tcount].format) < n->entries[tcount].components
+ ) {
+ exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ "ExifMnoteDataFuji", "Tag size overflow detected (%u * %lu)", exif_format_get_size (n->entries[tcount].format), n->entries[tcount].components);
+ continue;
+ }
/*
* Size? If bigger than 4 bytes, the actual data is not
* in the entry but somewhere else (offset).
@@ -221,8 +233,8 @@ exif_mnote_data_fuji_load (ExifMnoteData *en,
if (s > 4)
/* The data in this case is merely a pointer */
dataofs = exif_get_long (buf + dataofs, n->order) + 6 + n->offset;
- if ((dataofs + s < dataofs) || (dataofs + s < s) ||
- (dataofs + s >= buf_size)) {
+
+ if (CHECKOVERFLOW(dataofs, buf_size, s)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataFuji", "Tag data past end of "
"buffer (%u >= %u)", dataofs + s, buf_size);
diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c
index 099671d..4d158ce 100644
--- a/libexif/olympus/exif-mnote-data-olympus.c
+++ b/libexif/olympus/exif-mnote-data-olympus.c
@@ -37,6 +37,8 @@
*/
/*#define EXIF_OVERCOME_SANYO_OFFSET_BUG */
+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
+
static enum OlympusVersion
exif_mnote_data_olympus_identify_variant (const unsigned char *buf,
unsigned int buf_size);
@@ -247,7 +249,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
return;
}
o2 = 6 + n->offset; /* Start of interesting data */
- if ((o2 + 10 < o2) || (o2 + 10 < 10) || (o2 + 10 > buf_size)) {
+ if (CHECKOVERFLOW(o2,buf_size,10)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataOlympus", "Short MakerNote");
return;
@@ -303,6 +305,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
/* Olympus S760, S770 */
datao = o2;
o2 += 8;
+ if (CHECKOVERFLOW(o2,buf_size,4)) return;
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
"Parsing Olympus maker note v2 (0x%02x, %02x, %02x, %02x)...",
buf[o2], buf[o2 + 1], buf[o2 + 2], buf[o2 + 3]);
@@ -346,7 +349,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
case nikonV2:
o2 += 6;
- if (o2 >= buf_size) return;
+ if (CHECKOVERFLOW(o2,buf_size,12)) return;
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
"Parsing Nikon maker note v2 (0x%02x, %02x, %02x, "
"%02x, %02x, %02x, %02x, %02x)...",
@@ -406,7 +409,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
}
/* Sanity check the offset */
- if ((o2 + 2 < o2) || (o2 + 2 < 2) || (o2 + 2 > buf_size)) {
+ if (CHECKOVERFLOW(o2,buf_size,2)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteOlympus", "Short MakerNote");
return;
@@ -430,7 +433,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
tcount = 0;
for (i = c, o = o2; i; --i, o += 12) {
size_t s;
- if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) {
+ if (CHECKOVERFLOW(o, buf_size, 12)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteOlympus", "Short MakerNote");
break;
@@ -451,6 +454,14 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
n->entries[tcount].components,
(int)exif_format_get_size(n->entries[tcount].format)); */
+ /* Check if we overflow the multiplication. Use buf_size as the max size for integer overflow detection,
+ * we will check the buffer sizes closer later. */
+ if (exif_format_get_size (n->entries[tcount].format) &&
+ buf_size / exif_format_get_size (n->entries[tcount].format) < n->entries[tcount].components
+ ) {
+ exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteOlympus", "Tag size overflow detected (%u * %lu)", exif_format_get_size (n->entries[tcount].format), n->entries[tcount].components);
+ continue;
+ }
/*
* Size? If bigger than 4 bytes, the actual data is not
* in the entry but somewhere else (offset).
@@ -469,7 +480,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
* tag in its MakerNote. The offset is actually the absolute
* position in the file instead of the position within the IFD.
*/
- if (dataofs + s > buf_size && n->version == sanyoV1) {
+ if (dataofs > (buf_size - s) && n->version == sanyoV1) {
/* fix pointer */
dataofs -= datao + 6;
exif_log (en->log, EXIF_LOG_CODE_DEBUG,
@@ -478,8 +489,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
}
#endif
}
- if ((dataofs + s < dataofs) || (dataofs + s < s) ||
- (dataofs + s > buf_size)) {
+ if (CHECKOVERFLOW(dataofs, buf_size, s)) {
exif_log (en->log, EXIF_LOG_CODE_DEBUG,
"ExifMnoteOlympus",
"Tag data past end of buffer (%u > %u)",
diff --git a/libexif/pentax/exif-mnote-data-pentax.c b/libexif/pentax/exif-mnote-data-pentax.c
index 757bb72..319d4c6 100644
--- a/libexif/pentax/exif-mnote-data-pentax.c
+++ b/libexif/pentax/exif-mnote-data-pentax.c
@@ -28,6 +28,8 @@
#include <libexif/exif-byte-order.h>
#include <libexif/exif-utils.h>
+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
+
static void
exif_mnote_data_pentax_clear (ExifMnoteDataPentax *n)
{
@@ -224,7 +226,7 @@ exif_mnote_data_pentax_load (ExifMnoteData *en,
return;
}
datao = 6 + n->offset;
- if ((datao + 8 < datao) || (datao + 8 < 8) || (datao + 8 > buf_size)) {
+ if (CHECKOVERFLOW(datao, buf_size, 8)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataPentax", "Short MakerNote");
return;
@@ -277,7 +279,8 @@ exif_mnote_data_pentax_load (ExifMnoteData *en,
tcount = 0;
for (i = c, o = datao; i; --i, o += 12) {
size_t s;
- if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) {
+
+ if (CHECKOVERFLOW(o,buf_size,12)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataPentax", "Short MakerNote");
break;
@@ -292,6 +295,15 @@ exif_mnote_data_pentax_load (ExifMnoteData *en,
"Loading entry 0x%x ('%s')...", n->entries[tcount].tag,
mnote_pentax_tag_get_name (n->entries[tcount].tag));
+ /* Check if we overflow the multiplication. Use buf_size as the max size for integer overflow detection,
+ * we will check the buffer sizes closer later. */
+ if ( exif_format_get_size (n->entries[tcount].format) &&
+ buf_size / exif_format_get_size (n->entries[tcount].format) < n->entries[tcount].components
+ ) {
+ exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ "ExifMnoteDataPentax", "Tag size overflow detected (%u * %lu)", exif_format_get_size (n->entries[tcount].format), n->entries[tcount].components);
+ break;
+ }
/*
* Size? If bigger than 4 bytes, the actual data is not
* in the entry but somewhere else (offset).
@@ -304,8 +316,8 @@ exif_mnote_data_pentax_load (ExifMnoteData *en,
if (s > 4)
/* The data in this case is merely a pointer */
dataofs = exif_get_long (buf + dataofs, n->order) + 6;
- if ((dataofs + s < dataofs) || (dataofs + s < s) ||
- (dataofs + s > buf_size)) {
+
+ if (CHECKOVERFLOW(dataofs, buf_size, s)) {
exif_log (en->log, EXIF_LOG_CODE_DEBUG,
"ExifMnoteDataPentax", "Tag data past end "
"of buffer (%u > %u)", dataofs + s, buf_size);
--
2.26.2

117
SOURCES/strip-gettext-nondeterminism Executable file
View File

@ -0,0 +1,117 @@
#!/usr/bin/perl
#
# This is a hacked version of gettext.pm from Debian's strip-nondeterminism project.
# It is a workaround for https://savannah.gnu.org/bugs/?49654
#
# Copyright 2016 Reiner Herrmann <reiner@reiner-h.de>
# Copyright 2016 Chris Lamb <lamby@debian.org>
#
# This file is part of strip-nondeterminism.
#
# strip-nondeterminism is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# strip-nondeterminism is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with strip-nondeterminism. If not, see <http://www.gnu.org/licenses/>.
#
use Time::Piece;
use POSIX qw(strftime);
use strict;
use warnings;
=head1 DEPRECATION PLAN
Situation unclear. Whilst #792687 is closed, many Gettext related files are
being normalised based on anecdotal viewings of build logs.
=cut
sub read_file($) {
my $filename = shift;
local $/ = undef;
open(my $fh, '<', $filename)
or die "Can't open file $filename for reading: $!";
binmode($fh);
my $buf = <$fh>;
close($fh);
return $buf;
}
sub normalize {
my ($mo_filename, %options) = @_;
my $fmt;
my $buf = read_file($mo_filename);
my $magic = unpack("V", substr($buf, 0*4, 4));
if ($magic == 0x950412DE) {
# little endian
$fmt = "V";
} elsif ($magic == 0xDE120495) {
# big endian
$fmt = "N";
} else {
# unknown format
return 0;
}
my ($revision, $nstrings, $orig_to, $trans_to)
= unpack($fmt x 4, substr($buf, 1*4, 4*4));
my $major = int($revision / 256);
my $minor = int($revision % 256);
return 0 if $major > 1;
my $modified = 0;
for (my $i=0; $i < $nstrings; $i++) {
my $len = unpack($fmt, substr($buf, $orig_to + $i*8, 4));
next if $len > 0;
my $offset = unpack($fmt, substr($buf, $orig_to + $i*8 + 4, 4));
my $trans_len = unpack($fmt, substr($buf, $trans_to + $i*8));
my $trans_offset = unpack($fmt, substr($buf, $trans_to + $i*8 + 4));
my $trans_msg = substr($buf, $trans_offset, $trans_len);
next unless $trans_msg =~ m/^POT-Creation-Date: (.*)/m;
my $pot_date = $1;
my $time;
eval {$time = Time::Piece->strptime($pot_date, "%Y-%m-%d %H:%M%z");};
next if $@;
my $new_time = strftime("%Y-%m-%d %H:%M+0000", gmtime(0));
$trans_msg
=~ s/\QPOT-Creation-Date: $pot_date\E/POT-Creation-Date: $new_time/;
print("Replaced POT-Creation-Date $pot_date with $new_time.\n");
next if length($trans_msg) != $trans_len;
$buf
= substr($buf, 0, $trans_offset)
. $trans_msg
. substr($buf, $trans_offset + $trans_len);
$modified = 1;
}
if ($modified) {
open(my $fh, '>', $mo_filename)
or die "Can't open file $mo_filename for writing: $!";
binmode($fh);
print $fh $buf;
close($fh);
}
return $modified;
}
print("Removing timestamp from " . $ARGV[0] . "...\n");
normalize($ARGV[0])

47
SPECS/libexif.spec
View File

@ -1,15 +1,17 @@
Summary: Library for extracting extra information from image files
Name: libexif
Version: 0.6.21
Release: 17%{?dist}
Version: 0.6.22
Release: 4%{?dist}
Group: System Environment/Libraries
License: LGPLv2+
URL: http://libexif.sourceforge.net/
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
# CVE-2016-6328, RHBZ#1366239
Patch0: 41bd04234b104312f54d25822f68738ba8d7133d.patch
# RHBZ#1840344
Patch1: CVE-2020-13112.patch
URL: https://libexif.github.io/
%global tarball_version %(echo %{version} | sed -e 's|\\.|_|g')
Source0: https://github.com/libexif/libexif/archive/libexif-%{tarball_version}-release.tar.gz
Source1: strip-gettext-nondeterminism
# https://bugzilla.redhat.com/show_bug.cgi?id=1847753
# https://bugzilla.redhat.com/show_bug.cgi?id=1847761
Patch0: CVE-2020-0181-CVE-2020-0198.patch
BuildRequires: autoconf
BuildRequires: automake
@ -18,6 +20,9 @@ BuildRequires: gettext-devel
BuildRequires: libtool
BuildRequires: pkgconfig
# For strip-gettext-nondeterminism
BuildRequires: perl(Time::Piece)
%description
Most digital cameras produce EXIF files, which are JPEG files with
extra tags that contain information about the image. The EXIF library
@ -42,9 +47,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
API Documentation for programmers wishing to use libexif in their programs.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%autosetup -n libexif-libexif-%{tarball_version}-release -p1
%build
autoreconf -fiv
@ -58,6 +61,7 @@ rm -rf %{buildroot}%{_datadir}/doc/libexif
cp -R doc/doxygen-output/libexif-api.html .
iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING
iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README
find %{buildroot} -type f -name '*.mo' -exec %{SOURCE1} {} \;
%find_lang libexif-12
%check
@ -67,7 +71,7 @@ make check
%files -f libexif-12.lang
%doc COPYING README NEWS
%{_libdir}/libexif.so.*
%{_libdir}/libexif.so.12*
%files devel
%{_includedir}/libexif
@ -78,9 +82,22 @@ make check
%doc libexif-api.html
%changelog
* Mon Jun 01 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.21-17
- Add patch for CVE-2020-13112
- Resolves: #1840952
* Thu Jun 25 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-4
- Add patch for CVE-2020-0181/CVE-2020-0198
- Resolves: #1847753
- Resolves: #1847761
* Thu Jun 04 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-3
- Also remove timezone from the .mo files
- Related: #1841320
* Wed Jun 03 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-2
- Remove timestamps from the .mo files to avoid multilib conflicts
- Related: #1841320
* Mon Jun 01 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-1
- Upgrade to 0.6.22
- Resolves: #1841320
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild