diff --git a/libexif-integer-overflow.patch b/libexif-integer-overflow.patch new file mode 100644 index 0000000..8429035 --- /dev/null +++ b/libexif-integer-overflow.patch @@ -0,0 +1,22 @@ +Patch to prevent integer overflow that might result in out-of-bound +write in memcpy() #240055 + +Index: libexif/exif-data.c +=================================================================== +RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v +retrieving revision 1.89 +retrieving revision 1.90 +diff -u -p -r1.89 -r1.90 +--- libexif/exif-data.c 9 May 2007 06:09:05 -0000 1.89 ++++ libexif/exif-data.c 10 May 2007 14:32:01 -0000 1.90 +@@ -179,7 +179,9 @@ exif_data_load_data_entry (ExifData *dat + else + doff = offset + 8; + +- /* Sanity check */ ++ /* Sanity checks */ ++ if ((doff + s < doff) || (doff + s < s)) ++ return 0; + if (size < doff + s) + return 0; + diff --git a/libexif.spec b/libexif.spec index 5976810..de70f5a 100644 --- a/libexif.spec +++ b/libexif.spec @@ -1,13 +1,14 @@ Summary: Library for extracting extra information from image files Name: libexif Version: 0.6.13 -Release: 3%{?dist} +Release: 4%{?dist} Group: System Environment/Libraries License: LGPL URL: http://libexif.sourceforge.net/ Source0: libexif-%{version}.tar.bz2 Source1: libexif-docs.tar.gz Patch0: libexif-0.6.13-dont-build-docs.patch +Patch1: libexif-integer-overflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: doxygen @@ -32,6 +33,7 @@ for writing programs that use libexif. # and neuter make all in the docs dir tar xzf %{SOURCE1} %patch0 -p1 -b .dont-build-docs +%patch1 -p0 -b .integer-overflow %build %configure --disable-static --disable-docs @@ -67,6 +69,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/libexif.pc %changelog +* Thu May 24 2007 Matthias Clasen - 0.6.13-4 +- Add patch for CVE-2007-2645. + * Sun Feb 4 2007 Matthias Clasen - 0.6.13-3 - Package review cleanups - Avoid multilib conflicts by using pregenerated docs