diff --git a/.gitignore b/.gitignore index a782c3e..b166074 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libexif-0.6.21.tar.bz2 +SOURCES/libexif-0_6_22-release.tar.gz diff --git a/.libexif.metadata b/.libexif.metadata index 910f7b3..45eb589 100644 --- a/.libexif.metadata +++ b/.libexif.metadata @@ -1 +1 @@ -a52219b12dbc8d33fc096468591170fda71316c0 SOURCES/libexif-0.6.21.tar.bz2 +9925660e70ee8b5ce480c6a6f30c84b382929142 SOURCES/libexif-0_6_22-release.tar.gz diff --git a/SOURCES/41bd04234b104312f54d25822f68738ba8d7133d.patch b/SOURCES/41bd04234b104312f54d25822f68738ba8d7133d.patch deleted file mode 100644 index 0568f27..0000000 --- a/SOURCES/41bd04234b104312f54d25822f68738ba8d7133d.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 -From: Marcus Meissner -Date: Tue, 25 Jul 2017 23:44:44 +0200 -Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax - makernote entries. - -This should fix: -https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 ---- - libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c -index d03d159..ea0429a 100644 ---- a/libexif/pentax/mnote-pentax-entry.c -+++ b/libexif/pentax/mnote-pentax-entry.c -@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - case EXIF_FORMAT_SHORT: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; kcomponents; k++) { -+ if (sizeleft < 2) -+ break; - vs = exif_get_short (data, entry->order); - snprintf (val+len, maxlen-len, "%i ", vs); - len = strlen(val); - data += 2; -+ sizeleft -= 2; - } - } - break; - case EXIF_FORMAT_LONG: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; kcomponents; k++) { -+ if (sizeleft < 4) -+ break; - vl = exif_get_long (data, entry->order); - snprintf (val+len, maxlen-len, "%li", (long int) vl); - len = strlen(val); - data += 4; -+ sizeleft -= 4; - } - } - break; -@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - break; - } - -- return (val); -+ return val; - } diff --git a/SOURCES/CVE-2020-0181-CVE-2020-0198.patch b/SOURCES/CVE-2020-0181-CVE-2020-0198.patch new file mode 100644 index 0000000..e0358c2 --- /dev/null +++ b/SOURCES/CVE-2020-0181-CVE-2020-0198.patch @@ -0,0 +1,58 @@ +From ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Mon, 8 Jun 2020 17:27:06 +0200 +Subject: [PATCH] fixed another unsigned integer overflow + +first fixed by google in android fork, +https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0 + +(use a more generic overflow check method, also check second overflow instance.) + +https://security-tracker.debian.org/tracker/CVE-2020-0198 +--- + libexif/exif-data.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/libexif/exif-data.c b/libexif/exif-data.c +index 8b280d3..b495726 100644 +--- a/libexif/exif-data.c ++++ b/libexif/exif-data.c +@@ -47,6 +47,8 @@ + #undef JPEG_MARKER_APP1 + #define JPEG_MARKER_APP1 0xe1 + ++#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize )) ++ + static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00}; + + struct _ExifDataPrivate +@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d, + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o); + return; + } +- if (s > ds - o) { ++ if (CHECKOVERFLOW(o,ds,s)) { + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o); + return; + } +@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + } + + /* Read the number of entries */ +- if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) { ++ if (CHECKOVERFLOW(offset, ds, 2)) { + exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", +- "Tag data past end of buffer (%u > %u)", offset+2, ds); ++ "Tag data past end of buffer (%u+2 > %u)", offset, ds); + return; + } + n = exif_get_short (d + offset, data->priv->order); +@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + offset += 2; + + /* Check if we have enough data. */ +- if (offset + 12 * n > ds) { ++ if (CHECKOVERFLOW(offset, ds, 12*n)) { + n = (ds - offset) / 12; + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", + "Short data; only loading %hu entries...", n); diff --git a/SOURCES/CVE-2020-13112.patch b/SOURCES/CVE-2020-13112.patch deleted file mode 100644 index 961c118..0000000 --- a/SOURCES/CVE-2020-13112.patch +++ /dev/null @@ -1,312 +0,0 @@ -From d74c049a9d1e3e8c10150d50c401747250ae221c Mon Sep 17 00:00:00 2001 -From: Dan Fandrich -Date: Sat, 16 May 2020 17:32:28 +0200 -Subject: [PATCH] Fix MakerNote tag size overflow issues at read time. - -Check for a size overflow while reading tags, which ensures that the -size is always consistent for the given components and type of the -entry, making checking further down superfluous. - -This provides an alternate fix for -https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 and for all -the MakerNote types. Likely, this makes both commits 41bd0423 and -89e5b1c1 redundant as it ensures that MakerNote entries are well-formed -when they're populated. - -Some improvements on top by Marcus Meissner - -CVE-2020-13112 ---- - libexif/canon/exif-mnote-data-canon.c | 22 +++++++++++++++++---- - libexif/fuji/exif-mnote-data-fuji.c | 24 +++++++++++++++++------ - libexif/olympus/exif-mnote-data-olympus.c | 24 ++++++++++++++++------- - libexif/pentax/exif-mnote-data-pentax.c | 20 +++++++++++++++---- - 4 files changed, 69 insertions(+), 21 deletions(-) - -diff --git a/libexif/canon/exif-mnote-data-canon.c b/libexif/canon/exif-mnote-data-canon.c -index eb53598..622c86b 100644 ---- a/libexif/canon/exif-mnote-data-canon.c -+++ b/libexif/canon/exif-mnote-data-canon.c -@@ -32,6 +32,8 @@ - - #define DEBUG - -+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize )) -+ - static void - exif_mnote_data_canon_clear (ExifMnoteDataCanon *n) - { -@@ -209,7 +211,7 @@ exif_mnote_data_canon_load (ExifMnoteData *ne, - return; - } - datao = 6 + n->offset; -- if ((datao + 2 < datao) || (datao + 2 < 2) || (datao + 2 > buf_size)) { -+ if (CHECKOVERFLOW(datao, buf_size, 2)) { - exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifMnoteCanon", "Short MakerNote"); - return; -@@ -233,11 +235,12 @@ exif_mnote_data_canon_load (ExifMnoteData *ne, - tcount = 0; - for (i = c, o = datao; i; --i, o += 12) { - size_t s; -- if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) { -+ -+ if (CHECKOVERFLOW(o,buf_size,12)) { - exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifMnoteCanon", "Short MakerNote"); - break; -- } -+ } - - n->entries[tcount].tag = exif_get_short (buf + o, n->order); - n->entries[tcount].format = exif_get_short (buf + o + 2, n->order); -@@ -248,6 +251,16 @@ exif_mnote_data_canon_load (ExifMnoteData *ne, - "Loading entry 0x%x ('%s')...", n->entries[tcount].tag, - mnote_canon_tag_get_name (n->entries[tcount].tag)); - -+ /* Check if we overflow the multiplication. Use buf_size as the max size for integer overflow detection, -+ * we will check the buffer sizes closer later. */ -+ if ( exif_format_get_size (n->entries[tcount].format) && -+ buf_size / exif_format_get_size (n->entries[tcount].format) < n->entries[tcount].components -+ ) { -+ exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, -+ "ExifMnoteCanon", "Tag size overflow detected (%u * %lu)", exif_format_get_size (n->entries[tcount].format), n->entries[tcount].components); -+ continue; -+ } -+ - /* - * Size? If bigger than 4 bytes, the actual data is not - * in the entry but somewhere else (offset). -@@ -264,7 +277,8 @@ exif_mnote_data_canon_load (ExifMnoteData *ne, - } else { - size_t dataofs = o + 8; - if (s > 4) dataofs = exif_get_long (buf + dataofs, n->order) + 6; -- if ((dataofs + s < s) || (dataofs + s < dataofs) || (dataofs + s > buf_size)) { -+ -+ if (CHECKOVERFLOW(dataofs, buf_size, s)) { - exif_log (ne->log, EXIF_LOG_CODE_DEBUG, - "ExifMnoteCanon", - "Tag data past end of buffer (%u > %u)", -diff --git a/libexif/fuji/exif-mnote-data-fuji.c b/libexif/fuji/exif-mnote-data-fuji.c -index 9514654..a0bcb67 100644 ---- a/libexif/fuji/exif-mnote-data-fuji.c -+++ b/libexif/fuji/exif-mnote-data-fuji.c -@@ -28,6 +28,8 @@ - - #include "exif-mnote-data-fuji.h" - -+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize )) -+ - struct _MNoteFujiDataPrivate { - ExifByteOrder order; - }; -@@ -162,16 +164,16 @@ exif_mnote_data_fuji_load (ExifMnoteData *en, - return; - } - datao = 6 + n->offset; -- if ((datao + 12 < datao) || (datao + 12 < 12) || (datao + 12 > buf_size)) { -+ if (CHECKOVERFLOW(datao, buf_size, 12)) { - exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifMnoteDataFuji", "Short MakerNote"); - return; - } - - n->order = EXIF_BYTE_ORDER_INTEL; -+ - datao += exif_get_long (buf + datao + 8, EXIF_BYTE_ORDER_INTEL); -- if ((datao + 2 < datao) || (datao + 2 < 2) || -- (datao + 2 > buf_size)) { -+ if (CHECKOVERFLOW(datao, buf_size, 2)) { - exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifMnoteDataFuji", "Short MakerNote"); - return; -@@ -195,7 +197,8 @@ exif_mnote_data_fuji_load (ExifMnoteData *en, - tcount = 0; - for (i = c, o = datao; i; --i, o += 12) { - size_t s; -- if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) { -+ -+ if (CHECKOVERFLOW(o, buf_size, 12)) { - exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifMnoteDataFuji", "Short MakerNote"); - break; -@@ -210,6 +213,15 @@ exif_mnote_data_fuji_load (ExifMnoteData *en, - "Loading entry 0x%x ('%s')...", n->entries[tcount].tag, - mnote_fuji_tag_get_name (n->entries[tcount].tag)); - -+ /* Check if we overflow the multiplication. Use buf_size as the max size for integer overflow detection, -+ * we will check the buffer sizes closer later. */ -+ if ( exif_format_get_size (n->entries[tcount].format) && -+ buf_size / exif_format_get_size (n->entries[tcount].format) < n->entries[tcount].components -+ ) { -+ exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, -+ "ExifMnoteDataFuji", "Tag size overflow detected (%u * %lu)", exif_format_get_size (n->entries[tcount].format), n->entries[tcount].components); -+ continue; -+ } - /* - * Size? If bigger than 4 bytes, the actual data is not - * in the entry but somewhere else (offset). -@@ -221,8 +233,8 @@ exif_mnote_data_fuji_load (ExifMnoteData *en, - if (s > 4) - /* The data in this case is merely a pointer */ - dataofs = exif_get_long (buf + dataofs, n->order) + 6 + n->offset; -- if ((dataofs + s < dataofs) || (dataofs + s < s) || -- (dataofs + s >= buf_size)) { -+ -+ if (CHECKOVERFLOW(dataofs, buf_size, s)) { - exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifMnoteDataFuji", "Tag data past end of " - "buffer (%u >= %u)", dataofs + s, buf_size); -diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c -index 099671d..4d158ce 100644 ---- a/libexif/olympus/exif-mnote-data-olympus.c -+++ b/libexif/olympus/exif-mnote-data-olympus.c -@@ -37,6 +37,8 @@ - */ - /*#define EXIF_OVERCOME_SANYO_OFFSET_BUG */ - -+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize )) -+ - static enum OlympusVersion - exif_mnote_data_olympus_identify_variant (const unsigned char *buf, - unsigned int buf_size); -@@ -247,7 +249,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en, - return; - } - o2 = 6 + n->offset; /* Start of interesting data */ -- if ((o2 + 10 < o2) || (o2 + 10 < 10) || (o2 + 10 > buf_size)) { -+ if (CHECKOVERFLOW(o2,buf_size,10)) { - exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifMnoteDataOlympus", "Short MakerNote"); - return; -@@ -303,6 +305,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en, - /* Olympus S760, S770 */ - datao = o2; - o2 += 8; -+ if (CHECKOVERFLOW(o2,buf_size,4)) return; - exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus", - "Parsing Olympus maker note v2 (0x%02x, %02x, %02x, %02x)...", - buf[o2], buf[o2 + 1], buf[o2 + 2], buf[o2 + 3]); -@@ -346,7 +349,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en, - - case nikonV2: - o2 += 6; -- if (o2 >= buf_size) return; -+ if (CHECKOVERFLOW(o2,buf_size,12)) return; - exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus", - "Parsing Nikon maker note v2 (0x%02x, %02x, %02x, " - "%02x, %02x, %02x, %02x, %02x)...", -@@ -406,7 +409,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en, - } - - /* Sanity check the offset */ -- if ((o2 + 2 < o2) || (o2 + 2 < 2) || (o2 + 2 > buf_size)) { -+ if (CHECKOVERFLOW(o2,buf_size,2)) { - exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifMnoteOlympus", "Short MakerNote"); - return; -@@ -430,7 +433,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en, - tcount = 0; - for (i = c, o = o2; i; --i, o += 12) { - size_t s; -- if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) { -+ if (CHECKOVERFLOW(o, buf_size, 12)) { - exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifMnoteOlympus", "Short MakerNote"); - break; -@@ -451,6 +454,14 @@ exif_mnote_data_olympus_load (ExifMnoteData *en, - n->entries[tcount].components, - (int)exif_format_get_size(n->entries[tcount].format)); */ - -+ /* Check if we overflow the multiplication. Use buf_size as the max size for integer overflow detection, -+ * we will check the buffer sizes closer later. */ -+ if (exif_format_get_size (n->entries[tcount].format) && -+ buf_size / exif_format_get_size (n->entries[tcount].format) < n->entries[tcount].components -+ ) { -+ exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteOlympus", "Tag size overflow detected (%u * %lu)", exif_format_get_size (n->entries[tcount].format), n->entries[tcount].components); -+ continue; -+ } - /* - * Size? If bigger than 4 bytes, the actual data is not - * in the entry but somewhere else (offset). -@@ -469,7 +480,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en, - * tag in its MakerNote. The offset is actually the absolute - * position in the file instead of the position within the IFD. - */ -- if (dataofs + s > buf_size && n->version == sanyoV1) { -+ if (dataofs > (buf_size - s) && n->version == sanyoV1) { - /* fix pointer */ - dataofs -= datao + 6; - exif_log (en->log, EXIF_LOG_CODE_DEBUG, -@@ -478,8 +489,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en, - } - #endif - } -- if ((dataofs + s < dataofs) || (dataofs + s < s) || -- (dataofs + s > buf_size)) { -+ if (CHECKOVERFLOW(dataofs, buf_size, s)) { - exif_log (en->log, EXIF_LOG_CODE_DEBUG, - "ExifMnoteOlympus", - "Tag data past end of buffer (%u > %u)", -diff --git a/libexif/pentax/exif-mnote-data-pentax.c b/libexif/pentax/exif-mnote-data-pentax.c -index 757bb72..319d4c6 100644 ---- a/libexif/pentax/exif-mnote-data-pentax.c -+++ b/libexif/pentax/exif-mnote-data-pentax.c -@@ -28,6 +28,8 @@ - #include - #include - -+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize )) -+ - static void - exif_mnote_data_pentax_clear (ExifMnoteDataPentax *n) - { -@@ -224,7 +226,7 @@ exif_mnote_data_pentax_load (ExifMnoteData *en, - return; - } - datao = 6 + n->offset; -- if ((datao + 8 < datao) || (datao + 8 < 8) || (datao + 8 > buf_size)) { -+ if (CHECKOVERFLOW(datao, buf_size, 8)) { - exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifMnoteDataPentax", "Short MakerNote"); - return; -@@ -277,7 +279,8 @@ exif_mnote_data_pentax_load (ExifMnoteData *en, - tcount = 0; - for (i = c, o = datao; i; --i, o += 12) { - size_t s; -- if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) { -+ -+ if (CHECKOVERFLOW(o,buf_size,12)) { - exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifMnoteDataPentax", "Short MakerNote"); - break; -@@ -292,6 +295,15 @@ exif_mnote_data_pentax_load (ExifMnoteData *en, - "Loading entry 0x%x ('%s')...", n->entries[tcount].tag, - mnote_pentax_tag_get_name (n->entries[tcount].tag)); - -+ /* Check if we overflow the multiplication. Use buf_size as the max size for integer overflow detection, -+ * we will check the buffer sizes closer later. */ -+ if ( exif_format_get_size (n->entries[tcount].format) && -+ buf_size / exif_format_get_size (n->entries[tcount].format) < n->entries[tcount].components -+ ) { -+ exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, -+ "ExifMnoteDataPentax", "Tag size overflow detected (%u * %lu)", exif_format_get_size (n->entries[tcount].format), n->entries[tcount].components); -+ break; -+ } - /* - * Size? If bigger than 4 bytes, the actual data is not - * in the entry but somewhere else (offset). -@@ -304,8 +316,8 @@ exif_mnote_data_pentax_load (ExifMnoteData *en, - if (s > 4) - /* The data in this case is merely a pointer */ - dataofs = exif_get_long (buf + dataofs, n->order) + 6; -- if ((dataofs + s < dataofs) || (dataofs + s < s) || -- (dataofs + s > buf_size)) { -+ -+ if (CHECKOVERFLOW(dataofs, buf_size, s)) { - exif_log (en->log, EXIF_LOG_CODE_DEBUG, - "ExifMnoteDataPentax", "Tag data past end " - "of buffer (%u > %u)", dataofs + s, buf_size); --- -2.26.2 - diff --git a/SOURCES/strip-gettext-nondeterminism b/SOURCES/strip-gettext-nondeterminism new file mode 100755 index 0000000..a631757 --- /dev/null +++ b/SOURCES/strip-gettext-nondeterminism @@ -0,0 +1,117 @@ +#!/usr/bin/perl +# +# This is a hacked version of gettext.pm from Debian's strip-nondeterminism project. +# It is a workaround for https://savannah.gnu.org/bugs/?49654 +# +# Copyright 2016 Reiner Herrmann +# Copyright 2016 Chris Lamb +# +# This file is part of strip-nondeterminism. +# +# strip-nondeterminism is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# strip-nondeterminism is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with strip-nondeterminism. If not, see . +# + +use Time::Piece; +use POSIX qw(strftime); + +use strict; +use warnings; + +=head1 DEPRECATION PLAN + +Situation unclear. Whilst #792687 is closed, many Gettext related files are +being normalised based on anecdotal viewings of build logs. + +=cut + +sub read_file($) { + my $filename = shift; + + local $/ = undef; + open(my $fh, '<', $filename) + or die "Can't open file $filename for reading: $!"; + binmode($fh); + my $buf = <$fh>; + close($fh); + + return $buf; +} + +sub normalize { + my ($mo_filename, %options) = @_; + + my $fmt; + + my $buf = read_file($mo_filename); + + my $magic = unpack("V", substr($buf, 0*4, 4)); + if ($magic == 0x950412DE) { + # little endian + $fmt = "V"; + } elsif ($magic == 0xDE120495) { + # big endian + $fmt = "N"; + } else { + # unknown format + return 0; + } + + my ($revision, $nstrings, $orig_to, $trans_to) + = unpack($fmt x 4, substr($buf, 1*4, 4*4)); + my $major = int($revision / 256); + my $minor = int($revision % 256); + return 0 if $major > 1; + + my $modified = 0; + for (my $i=0; $i < $nstrings; $i++) { + my $len = unpack($fmt, substr($buf, $orig_to + $i*8, 4)); + next if $len > 0; + + my $offset = unpack($fmt, substr($buf, $orig_to + $i*8 + 4, 4)); + my $trans_len = unpack($fmt, substr($buf, $trans_to + $i*8)); + my $trans_offset = unpack($fmt, substr($buf, $trans_to + $i*8 + 4)); + my $trans_msg = substr($buf, $trans_offset, $trans_len); + next unless $trans_msg =~ m/^POT-Creation-Date: (.*)/m; + + my $pot_date = $1; + my $time; + eval {$time = Time::Piece->strptime($pot_date, "%Y-%m-%d %H:%M%z");}; + next if $@; + + my $new_time = strftime("%Y-%m-%d %H:%M+0000", gmtime(0)); + $trans_msg + =~ s/\QPOT-Creation-Date: $pot_date\E/POT-Creation-Date: $new_time/; + print("Replaced POT-Creation-Date $pot_date with $new_time.\n"); + next if length($trans_msg) != $trans_len; + + $buf + = substr($buf, 0, $trans_offset) + . $trans_msg + . substr($buf, $trans_offset + $trans_len); + $modified = 1; + } + + if ($modified) { + open(my $fh, '>', $mo_filename) + or die "Can't open file $mo_filename for writing: $!"; + binmode($fh); + print $fh $buf; + close($fh); + } + + return $modified; +} + +print("Removing timestamp from " . $ARGV[0] . "...\n"); +normalize($ARGV[0]) diff --git a/SPECS/libexif.spec b/SPECS/libexif.spec index 7e4851d..f63ad80 100644 --- a/SPECS/libexif.spec +++ b/SPECS/libexif.spec @@ -1,15 +1,17 @@ Summary: Library for extracting extra information from image files Name: libexif -Version: 0.6.21 -Release: 17%{?dist} +Version: 0.6.22 +Release: 4%{?dist} Group: System Environment/Libraries License: LGPLv2+ -URL: http://libexif.sourceforge.net/ -Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2 -# CVE-2016-6328, RHBZ#1366239 -Patch0: 41bd04234b104312f54d25822f68738ba8d7133d.patch -# RHBZ#1840344 -Patch1: CVE-2020-13112.patch +URL: https://libexif.github.io/ +%global tarball_version %(echo %{version} | sed -e 's|\\.|_|g') +Source0: https://github.com/libexif/libexif/archive/libexif-%{tarball_version}-release.tar.gz +Source1: strip-gettext-nondeterminism + +# https://bugzilla.redhat.com/show_bug.cgi?id=1847753 +# https://bugzilla.redhat.com/show_bug.cgi?id=1847761 +Patch0: CVE-2020-0181-CVE-2020-0198.patch BuildRequires: autoconf BuildRequires: automake @@ -18,6 +20,9 @@ BuildRequires: gettext-devel BuildRequires: libtool BuildRequires: pkgconfig +# For strip-gettext-nondeterminism +BuildRequires: perl(Time::Piece) + %description Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library @@ -42,9 +47,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release} API Documentation for programmers wishing to use libexif in their programs. %prep -%setup -q -%patch0 -p1 -%patch1 -p1 +%autosetup -n libexif-libexif-%{tarball_version}-release -p1 %build autoreconf -fiv @@ -58,6 +61,7 @@ rm -rf %{buildroot}%{_datadir}/doc/libexif cp -R doc/doxygen-output/libexif-api.html . iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README +find %{buildroot} -type f -name '*.mo' -exec %{SOURCE1} {} \; %find_lang libexif-12 %check @@ -67,7 +71,7 @@ make check %files -f libexif-12.lang %doc COPYING README NEWS -%{_libdir}/libexif.so.* +%{_libdir}/libexif.so.12* %files devel %{_includedir}/libexif @@ -78,9 +82,22 @@ make check %doc libexif-api.html %changelog -* Mon Jun 01 2020 Michael Catanzaro - 0.6.21-17 -- Add patch for CVE-2020-13112 -- Resolves: #1840952 +* Thu Jun 25 2020 Michael Catanzaro - 0.6.22-4 +- Add patch for CVE-2020-0181/CVE-2020-0198 +- Resolves: #1847753 +- Resolves: #1847761 + +* Thu Jun 04 2020 Michael Catanzaro - 0.6.22-3 +- Also remove timezone from the .mo files +- Related: #1841320 + +* Wed Jun 03 2020 Michael Catanzaro - 0.6.22-2 +- Remove timestamps from the .mo files to avoid multilib conflicts +- Related: #1841320 + +* Mon Jun 01 2020 Michael Catanzaro - 0.6.22-1 +- Upgrade to 0.6.22 +- Resolves: #1841320 * Wed Feb 07 2018 Fedora Release Engineering - 0.6.21-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild