From 9d5290e39dbc7ce3742425a12f5df4bc824ba454 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 28 Jul 2020 07:04:07 -0400 Subject: [PATCH] import libexif-0.6.22-4.el8 --- .gitignore | 2 +- .libexif.metadata | 2 +- ...04234b104312f54d25822f68738ba8d7133d.patch | 60 --------- SOURCES/CVE-2020-0181-CVE-2020-0198.patch | 58 +++++++++ SOURCES/strip-gettext-nondeterminism | 117 ++++++++++++++++++ SPECS/libexif.spec | 42 +++++-- 6 files changed, 210 insertions(+), 71 deletions(-) delete mode 100644 SOURCES/41bd04234b104312f54d25822f68738ba8d7133d.patch create mode 100644 SOURCES/CVE-2020-0181-CVE-2020-0198.patch create mode 100755 SOURCES/strip-gettext-nondeterminism diff --git a/.gitignore b/.gitignore index a782c3e..b166074 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libexif-0.6.21.tar.bz2 +SOURCES/libexif-0_6_22-release.tar.gz diff --git a/.libexif.metadata b/.libexif.metadata index 910f7b3..45eb589 100644 --- a/.libexif.metadata +++ b/.libexif.metadata @@ -1 +1 @@ -a52219b12dbc8d33fc096468591170fda71316c0 SOURCES/libexif-0.6.21.tar.bz2 +9925660e70ee8b5ce480c6a6f30c84b382929142 SOURCES/libexif-0_6_22-release.tar.gz diff --git a/SOURCES/41bd04234b104312f54d25822f68738ba8d7133d.patch b/SOURCES/41bd04234b104312f54d25822f68738ba8d7133d.patch deleted file mode 100644 index 0568f27..0000000 --- a/SOURCES/41bd04234b104312f54d25822f68738ba8d7133d.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 -From: Marcus Meissner -Date: Tue, 25 Jul 2017 23:44:44 +0200 -Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax - makernote entries. - -This should fix: -https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 ---- - libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c -index d03d159..ea0429a 100644 ---- a/libexif/pentax/mnote-pentax-entry.c -+++ b/libexif/pentax/mnote-pentax-entry.c -@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - case EXIF_FORMAT_SHORT: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; kcomponents; k++) { -+ if (sizeleft < 2) -+ break; - vs = exif_get_short (data, entry->order); - snprintf (val+len, maxlen-len, "%i ", vs); - len = strlen(val); - data += 2; -+ sizeleft -= 2; - } - } - break; - case EXIF_FORMAT_LONG: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; kcomponents; k++) { -+ if (sizeleft < 4) -+ break; - vl = exif_get_long (data, entry->order); - snprintf (val+len, maxlen-len, "%li", (long int) vl); - len = strlen(val); - data += 4; -+ sizeleft -= 4; - } - } - break; -@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - break; - } - -- return (val); -+ return val; - } diff --git a/SOURCES/CVE-2020-0181-CVE-2020-0198.patch b/SOURCES/CVE-2020-0181-CVE-2020-0198.patch new file mode 100644 index 0000000..e0358c2 --- /dev/null +++ b/SOURCES/CVE-2020-0181-CVE-2020-0198.patch @@ -0,0 +1,58 @@ +From ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Mon, 8 Jun 2020 17:27:06 +0200 +Subject: [PATCH] fixed another unsigned integer overflow + +first fixed by google in android fork, +https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0 + +(use a more generic overflow check method, also check second overflow instance.) + +https://security-tracker.debian.org/tracker/CVE-2020-0198 +--- + libexif/exif-data.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/libexif/exif-data.c b/libexif/exif-data.c +index 8b280d3..b495726 100644 +--- a/libexif/exif-data.c ++++ b/libexif/exif-data.c +@@ -47,6 +47,8 @@ + #undef JPEG_MARKER_APP1 + #define JPEG_MARKER_APP1 0xe1 + ++#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize )) ++ + static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00}; + + struct _ExifDataPrivate +@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d, + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o); + return; + } +- if (s > ds - o) { ++ if (CHECKOVERFLOW(o,ds,s)) { + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o); + return; + } +@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + } + + /* Read the number of entries */ +- if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) { ++ if (CHECKOVERFLOW(offset, ds, 2)) { + exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", +- "Tag data past end of buffer (%u > %u)", offset+2, ds); ++ "Tag data past end of buffer (%u+2 > %u)", offset, ds); + return; + } + n = exif_get_short (d + offset, data->priv->order); +@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + offset += 2; + + /* Check if we have enough data. */ +- if (offset + 12 * n > ds) { ++ if (CHECKOVERFLOW(offset, ds, 12*n)) { + n = (ds - offset) / 12; + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", + "Short data; only loading %hu entries...", n); diff --git a/SOURCES/strip-gettext-nondeterminism b/SOURCES/strip-gettext-nondeterminism new file mode 100755 index 0000000..a631757 --- /dev/null +++ b/SOURCES/strip-gettext-nondeterminism @@ -0,0 +1,117 @@ +#!/usr/bin/perl +# +# This is a hacked version of gettext.pm from Debian's strip-nondeterminism project. +# It is a workaround for https://savannah.gnu.org/bugs/?49654 +# +# Copyright 2016 Reiner Herrmann +# Copyright 2016 Chris Lamb +# +# This file is part of strip-nondeterminism. +# +# strip-nondeterminism is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# strip-nondeterminism is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with strip-nondeterminism. If not, see . +# + +use Time::Piece; +use POSIX qw(strftime); + +use strict; +use warnings; + +=head1 DEPRECATION PLAN + +Situation unclear. Whilst #792687 is closed, many Gettext related files are +being normalised based on anecdotal viewings of build logs. + +=cut + +sub read_file($) { + my $filename = shift; + + local $/ = undef; + open(my $fh, '<', $filename) + or die "Can't open file $filename for reading: $!"; + binmode($fh); + my $buf = <$fh>; + close($fh); + + return $buf; +} + +sub normalize { + my ($mo_filename, %options) = @_; + + my $fmt; + + my $buf = read_file($mo_filename); + + my $magic = unpack("V", substr($buf, 0*4, 4)); + if ($magic == 0x950412DE) { + # little endian + $fmt = "V"; + } elsif ($magic == 0xDE120495) { + # big endian + $fmt = "N"; + } else { + # unknown format + return 0; + } + + my ($revision, $nstrings, $orig_to, $trans_to) + = unpack($fmt x 4, substr($buf, 1*4, 4*4)); + my $major = int($revision / 256); + my $minor = int($revision % 256); + return 0 if $major > 1; + + my $modified = 0; + for (my $i=0; $i < $nstrings; $i++) { + my $len = unpack($fmt, substr($buf, $orig_to + $i*8, 4)); + next if $len > 0; + + my $offset = unpack($fmt, substr($buf, $orig_to + $i*8 + 4, 4)); + my $trans_len = unpack($fmt, substr($buf, $trans_to + $i*8)); + my $trans_offset = unpack($fmt, substr($buf, $trans_to + $i*8 + 4)); + my $trans_msg = substr($buf, $trans_offset, $trans_len); + next unless $trans_msg =~ m/^POT-Creation-Date: (.*)/m; + + my $pot_date = $1; + my $time; + eval {$time = Time::Piece->strptime($pot_date, "%Y-%m-%d %H:%M%z");}; + next if $@; + + my $new_time = strftime("%Y-%m-%d %H:%M+0000", gmtime(0)); + $trans_msg + =~ s/\QPOT-Creation-Date: $pot_date\E/POT-Creation-Date: $new_time/; + print("Replaced POT-Creation-Date $pot_date with $new_time.\n"); + next if length($trans_msg) != $trans_len; + + $buf + = substr($buf, 0, $trans_offset) + . $trans_msg + . substr($buf, $trans_offset + $trans_len); + $modified = 1; + } + + if ($modified) { + open(my $fh, '>', $mo_filename) + or die "Can't open file $mo_filename for writing: $!"; + binmode($fh); + print $fh $buf; + close($fh); + } + + return $modified; +} + +print("Removing timestamp from " . $ARGV[0] . "...\n"); +normalize($ARGV[0]) diff --git a/SPECS/libexif.spec b/SPECS/libexif.spec index 1823b29..f63ad80 100644 --- a/SPECS/libexif.spec +++ b/SPECS/libexif.spec @@ -1,13 +1,17 @@ Summary: Library for extracting extra information from image files Name: libexif -Version: 0.6.21 -Release: 16%{?dist} +Version: 0.6.22 +Release: 4%{?dist} Group: System Environment/Libraries License: LGPLv2+ -URL: http://libexif.sourceforge.net/ -Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2 -# CVE-2016-6328, RHBZ#1366239 -Patch0: 41bd04234b104312f54d25822f68738ba8d7133d.patch +URL: https://libexif.github.io/ +%global tarball_version %(echo %{version} | sed -e 's|\\.|_|g') +Source0: https://github.com/libexif/libexif/archive/libexif-%{tarball_version}-release.tar.gz +Source1: strip-gettext-nondeterminism + +# https://bugzilla.redhat.com/show_bug.cgi?id=1847753 +# https://bugzilla.redhat.com/show_bug.cgi?id=1847761 +Patch0: CVE-2020-0181-CVE-2020-0198.patch BuildRequires: autoconf BuildRequires: automake @@ -16,6 +20,9 @@ BuildRequires: gettext-devel BuildRequires: libtool BuildRequires: pkgconfig +# For strip-gettext-nondeterminism +BuildRequires: perl(Time::Piece) + %description Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library @@ -40,8 +47,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release} API Documentation for programmers wishing to use libexif in their programs. %prep -%setup -q -%patch0 -p1 +%autosetup -n libexif-libexif-%{tarball_version}-release -p1 %build autoreconf -fiv @@ -55,6 +61,7 @@ rm -rf %{buildroot}%{_datadir}/doc/libexif cp -R doc/doxygen-output/libexif-api.html . iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README +find %{buildroot} -type f -name '*.mo' -exec %{SOURCE1} {} \; %find_lang libexif-12 %check @@ -64,7 +71,7 @@ make check %files -f libexif-12.lang %doc COPYING README NEWS -%{_libdir}/libexif.so.* +%{_libdir}/libexif.so.12* %files devel %{_includedir}/libexif @@ -75,6 +82,23 @@ make check %doc libexif-api.html %changelog +* Thu Jun 25 2020 Michael Catanzaro - 0.6.22-4 +- Add patch for CVE-2020-0181/CVE-2020-0198 +- Resolves: #1847753 +- Resolves: #1847761 + +* Thu Jun 04 2020 Michael Catanzaro - 0.6.22-3 +- Also remove timezone from the .mo files +- Related: #1841320 + +* Wed Jun 03 2020 Michael Catanzaro - 0.6.22-2 +- Remove timestamps from the .mo files to avoid multilib conflicts +- Related: #1841320 + +* Mon Jun 01 2020 Michael Catanzaro - 0.6.22-1 +- Upgrade to 0.6.22 +- Resolves: #1841320 + * Wed Feb 07 2018 Fedora Release Engineering - 0.6.21-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild