import libexif-0.6.22-4.el8

This commit is contained in:
CentOS Sources 2020-07-28 07:04:07 -04:00 committed by Stepan Oksanichenko
parent 57796e625d
commit 9d5290e39d
6 changed files with 210 additions and 71 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libexif-0.6.21.tar.bz2 SOURCES/libexif-0_6_22-release.tar.gz

View File

@ -1 +1 @@
a52219b12dbc8d33fc096468591170fda71316c0 SOURCES/libexif-0.6.21.tar.bz2 9925660e70ee8b5ce480c6a6f30c84b382929142 SOURCES/libexif-0_6_22-release.tar.gz

View File

@ -1,60 +0,0 @@
From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
From: Marcus Meissner <marcus@jet.franken.de>
Date: Tue, 25 Jul 2017 23:44:44 +0200
Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
makernote entries.
This should fix:
https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
---
libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
index d03d159..ea0429a 100644
--- a/libexif/pentax/mnote-pentax-entry.c
+++ b/libexif/pentax/mnote-pentax-entry.c
@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
case EXIF_FORMAT_SHORT:
{
const unsigned char *data = entry->data;
- size_t k, len = strlen(val);
+ size_t k, len = strlen(val), sizeleft;
+
+ sizeleft = entry->size;
for(k=0; k<entry->components; k++) {
+ if (sizeleft < 2)
+ break;
vs = exif_get_short (data, entry->order);
snprintf (val+len, maxlen-len, "%i ", vs);
len = strlen(val);
data += 2;
+ sizeleft -= 2;
}
}
break;
case EXIF_FORMAT_LONG:
{
const unsigned char *data = entry->data;
- size_t k, len = strlen(val);
+ size_t k, len = strlen(val), sizeleft;
+
+ sizeleft = entry->size;
for(k=0; k<entry->components; k++) {
+ if (sizeleft < 4)
+ break;
vl = exif_get_long (data, entry->order);
snprintf (val+len, maxlen-len, "%li", (long int) vl);
len = strlen(val);
data += 4;
+ sizeleft -= 4;
}
}
break;
@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
break;
}
- return (val);
+ return val;
}

View File

@ -0,0 +1,58 @@
From ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c Mon Sep 17 00:00:00 2001
From: Marcus Meissner <marcus@jet.franken.de>
Date: Mon, 8 Jun 2020 17:27:06 +0200
Subject: [PATCH] fixed another unsigned integer overflow
first fixed by google in android fork,
https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
(use a more generic overflow check method, also check second overflow instance.)
https://security-tracker.debian.org/tracker/CVE-2020-0198
---
libexif/exif-data.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index 8b280d3..b495726 100644
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -47,6 +47,8 @@
#undef JPEG_MARKER_APP1
#define JPEG_MARKER_APP1 0xe1
+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
+
static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
struct _ExifDataPrivate
@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
return;
}
- if (s > ds - o) {
+ if (CHECKOVERFLOW(o,ds,s)) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
return;
}
@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
}
/* Read the number of entries */
- if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
+ if (CHECKOVERFLOW(offset, ds, 2)) {
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
- "Tag data past end of buffer (%u > %u)", offset+2, ds);
+ "Tag data past end of buffer (%u+2 > %u)", offset, ds);
return;
}
n = exif_get_short (d + offset, data->priv->order);
@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
offset += 2;
/* Check if we have enough data. */
- if (offset + 12 * n > ds) {
+ if (CHECKOVERFLOW(offset, ds, 12*n)) {
n = (ds - offset) / 12;
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Short data; only loading %hu entries...", n);

View File

@ -0,0 +1,117 @@
#!/usr/bin/perl
#
# This is a hacked version of gettext.pm from Debian's strip-nondeterminism project.
# It is a workaround for https://savannah.gnu.org/bugs/?49654
#
# Copyright 2016 Reiner Herrmann <reiner@reiner-h.de>
# Copyright 2016 Chris Lamb <lamby@debian.org>
#
# This file is part of strip-nondeterminism.
#
# strip-nondeterminism is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# strip-nondeterminism is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with strip-nondeterminism. If not, see <http://www.gnu.org/licenses/>.
#
use Time::Piece;
use POSIX qw(strftime);
use strict;
use warnings;
=head1 DEPRECATION PLAN
Situation unclear. Whilst #792687 is closed, many Gettext related files are
being normalised based on anecdotal viewings of build logs.
=cut
sub read_file($) {
my $filename = shift;
local $/ = undef;
open(my $fh, '<', $filename)
or die "Can't open file $filename for reading: $!";
binmode($fh);
my $buf = <$fh>;
close($fh);
return $buf;
}
sub normalize {
my ($mo_filename, %options) = @_;
my $fmt;
my $buf = read_file($mo_filename);
my $magic = unpack("V", substr($buf, 0*4, 4));
if ($magic == 0x950412DE) {
# little endian
$fmt = "V";
} elsif ($magic == 0xDE120495) {
# big endian
$fmt = "N";
} else {
# unknown format
return 0;
}
my ($revision, $nstrings, $orig_to, $trans_to)
= unpack($fmt x 4, substr($buf, 1*4, 4*4));
my $major = int($revision / 256);
my $minor = int($revision % 256);
return 0 if $major > 1;
my $modified = 0;
for (my $i=0; $i < $nstrings; $i++) {
my $len = unpack($fmt, substr($buf, $orig_to + $i*8, 4));
next if $len > 0;
my $offset = unpack($fmt, substr($buf, $orig_to + $i*8 + 4, 4));
my $trans_len = unpack($fmt, substr($buf, $trans_to + $i*8));
my $trans_offset = unpack($fmt, substr($buf, $trans_to + $i*8 + 4));
my $trans_msg = substr($buf, $trans_offset, $trans_len);
next unless $trans_msg =~ m/^POT-Creation-Date: (.*)/m;
my $pot_date = $1;
my $time;
eval {$time = Time::Piece->strptime($pot_date, "%Y-%m-%d %H:%M%z");};
next if $@;
my $new_time = strftime("%Y-%m-%d %H:%M+0000", gmtime(0));
$trans_msg
=~ s/\QPOT-Creation-Date: $pot_date\E/POT-Creation-Date: $new_time/;
print("Replaced POT-Creation-Date $pot_date with $new_time.\n");
next if length($trans_msg) != $trans_len;
$buf
= substr($buf, 0, $trans_offset)
. $trans_msg
. substr($buf, $trans_offset + $trans_len);
$modified = 1;
}
if ($modified) {
open(my $fh, '>', $mo_filename)
or die "Can't open file $mo_filename for writing: $!";
binmode($fh);
print $fh $buf;
close($fh);
}
return $modified;
}
print("Removing timestamp from " . $ARGV[0] . "...\n");
normalize($ARGV[0])

View File

@ -1,13 +1,17 @@
Summary: Library for extracting extra information from image files Summary: Library for extracting extra information from image files
Name: libexif Name: libexif
Version: 0.6.21 Version: 0.6.22
Release: 16%{?dist} Release: 4%{?dist}
Group: System Environment/Libraries Group: System Environment/Libraries
License: LGPLv2+ License: LGPLv2+
URL: http://libexif.sourceforge.net/ URL: https://libexif.github.io/
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2 %global tarball_version %(echo %{version} | sed -e 's|\\.|_|g')
# CVE-2016-6328, RHBZ#1366239 Source0: https://github.com/libexif/libexif/archive/libexif-%{tarball_version}-release.tar.gz
Patch0: 41bd04234b104312f54d25822f68738ba8d7133d.patch Source1: strip-gettext-nondeterminism
# https://bugzilla.redhat.com/show_bug.cgi?id=1847753
# https://bugzilla.redhat.com/show_bug.cgi?id=1847761
Patch0: CVE-2020-0181-CVE-2020-0198.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
@ -16,6 +20,9 @@ BuildRequires: gettext-devel
BuildRequires: libtool BuildRequires: libtool
BuildRequires: pkgconfig BuildRequires: pkgconfig
# For strip-gettext-nondeterminism
BuildRequires: perl(Time::Piece)
%description %description
Most digital cameras produce EXIF files, which are JPEG files with Most digital cameras produce EXIF files, which are JPEG files with
extra tags that contain information about the image. The EXIF library extra tags that contain information about the image. The EXIF library
@ -40,8 +47,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
API Documentation for programmers wishing to use libexif in their programs. API Documentation for programmers wishing to use libexif in their programs.
%prep %prep
%setup -q %autosetup -n libexif-libexif-%{tarball_version}-release -p1
%patch0 -p1
%build %build
autoreconf -fiv autoreconf -fiv
@ -55,6 +61,7 @@ rm -rf %{buildroot}%{_datadir}/doc/libexif
cp -R doc/doxygen-output/libexif-api.html . cp -R doc/doxygen-output/libexif-api.html .
iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING
iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README
find %{buildroot} -type f -name '*.mo' -exec %{SOURCE1} {} \;
%find_lang libexif-12 %find_lang libexif-12
%check %check
@ -64,7 +71,7 @@ make check
%files -f libexif-12.lang %files -f libexif-12.lang
%doc COPYING README NEWS %doc COPYING README NEWS
%{_libdir}/libexif.so.* %{_libdir}/libexif.so.12*
%files devel %files devel
%{_includedir}/libexif %{_includedir}/libexif
@ -75,6 +82,23 @@ make check
%doc libexif-api.html %doc libexif-api.html
%changelog %changelog
* Thu Jun 25 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-4
- Add patch for CVE-2020-0181/CVE-2020-0198
- Resolves: #1847753
- Resolves: #1847761
* Thu Jun 04 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-3
- Also remove timezone from the .mo files
- Related: #1841320
* Wed Jun 03 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-2
- Remove timestamps from the .mo files to avoid multilib conflicts
- Related: #1841320
* Mon Jun 01 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-1
- Upgrade to 0.6.22
- Resolves: #1841320
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-16 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild