import libexif-0.6.22-4.el8

2020-07-28 07:04:07 -04:00 · 2020-07-28 07:04:07 -04:00 · 9d5290e39d
commit 9d5290e39d
parent 57796e625d
6 changed files with 210 additions and 71 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/libexif-0.6.21.tar.bz2
+SOURCES/libexif-0_6_22-release.tar.gz
--- a/.libexif.metadata
+++ b/.libexif.metadata
@ -1 +1 @@
-a52219b12dbc8d33fc096468591170fda71316c0 SOURCES/libexif-0.6.21.tar.bz2
+9925660e70ee8b5ce480c6a6f30c84b382929142 SOURCES/libexif-0_6_22-release.tar.gz
--- a/SOURCES/41bd04234b104312f54d25822f68738ba8d7133d.patch
+++ b/SOURCES/41bd04234b104312f54d25822f68738ba8d7133d.patch
@ -1,60 +0,0 @@
-From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Tue, 25 Jul 2017 23:44:44 +0200
-Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
- makernote entries.
-
-This should fix:
-https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
---
- libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
-index d03d159..ea0429a 100644
--- a/libexif/pentax/mnote-pentax-entry.c
-+++ b/libexif/pentax/mnote-pentax-entry.c
-@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 		case EXIF_FORMAT_SHORT:
- 		  {
- 			const unsigned char *data = entry->data;
-		  	size_t k, len = strlen(val);
-+		  	size_t k, len = strlen(val), sizeleft;
-+
-+			sizeleft = entry->size;
- 		  	for(k=0; k<entry->components; k++) {
-+				if (sizeleft < 2)
-+					break;
- 				vs = exif_get_short (data, entry->order);
- 				snprintf (val+len, maxlen-len, "%i ", vs);
- 				len = strlen(val);
- 				data += 2;
-+				sizeleft -= 2;
- 			}
- 		  }
- 		  break;
- 		case EXIF_FORMAT_LONG:
- 		  {
- 			const unsigned char *data = entry->data;
-		  	size_t k, len = strlen(val);
-+		  	size_t k, len = strlen(val), sizeleft;
-+
-+			sizeleft = entry->size;
- 		  	for(k=0; k<entry->components; k++) {
-+				if (sizeleft < 4)
-+					break;
- 				vl = exif_get_long (data, entry->order);
- 				snprintf (val+len, maxlen-len, "%li", (long int) vl);
- 				len = strlen(val);
- 				data += 4;
-+				sizeleft -= 4;
- 			}
- 		  }
- 		  break;
-@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 		break;
- 	}
- 
-	return (val);
-+	return val;
- }
--- a/SOURCES/CVE-2020-0181-CVE-2020-0198.patch
+++ b/SOURCES/CVE-2020-0181-CVE-2020-0198.patch
@ -0,0 +1,58 @@
+From ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Mon, 8 Jun 2020 17:27:06 +0200
+Subject: [PATCH] fixed another unsigned integer overflow
+
+first fixed by google in android fork,
+https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
+
+(use a more generic overflow check method, also check second overflow instance.)
+
+https://security-tracker.debian.org/tracker/CVE-2020-0198
+---
+ libexif/exif-data.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/libexif/exif-data.c b/libexif/exif-data.c
+index 8b280d3..b495726 100644
+--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
+@@ -47,6 +47,8 @@
+ #undef JPEG_MARKER_APP1
+ #define JPEG_MARKER_APP1 0xe1
+ 
+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
+
+ static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
+ 
+ struct _ExifDataPrivate
+@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
+ 		return;
+ 	}
+-	if (s > ds - o) {
+	if (CHECKOVERFLOW(o,ds,s)) {
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
+ 		return;
+ 	}
+@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 	}
+ 
+ 	/* Read the number of entries */
+-	if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
+	if (CHECKOVERFLOW(offset, ds, 2)) {
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+-			  "Tag data past end of buffer (%u > %u)", offset+2, ds);
+			  "Tag data past end of buffer (%u+2 > %u)", offset, ds);
+ 		return;
+ 	}
+ 	n = exif_get_short (d + offset, data->priv->order);
+@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 	offset += 2;
+ 
+ 	/* Check if we have enough data. */
+-	if (offset + 12 * n > ds) {
+	if (CHECKOVERFLOW(offset, ds, 12*n)) {
+ 		n = (ds - offset) / 12;
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+ 				  "Short data; only loading %hu entries...", n);
--- a/SOURCES/strip-gettext-nondeterminism
+++ b/SOURCES/strip-gettext-nondeterminism
@ -0,0 +1,117 @@
+#!/usr/bin/perl
+#
+# This is a hacked version of gettext.pm from Debian's strip-nondeterminism project.
+# It is a workaround for https://savannah.gnu.org/bugs/?49654
+#
+# Copyright 2016 Reiner Herrmann <reiner@reiner-h.de>
+# Copyright 2016 Chris Lamb <lamby@debian.org>
+#
+# This file is part of strip-nondeterminism.
+#
+# strip-nondeterminism is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# strip-nondeterminism is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with strip-nondeterminism.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+use Time::Piece;
+use POSIX qw(strftime);
+
+use strict;
+use warnings;
+
+=head1 DEPRECATION PLAN
+
+Situation unclear. Whilst #792687 is closed, many Gettext related files are
+being normalised based on anecdotal viewings of build logs.
+
+=cut
+
+sub read_file($) {
+	my $filename = shift;
+
+	local $/ = undef;
+	open(my $fh, '<', $filename)
+	  or die "Can't open file $filename for reading: $!";
+	binmode($fh);
+	my $buf = <$fh>;
+	close($fh);
+
+	return $buf;
+}
+
+sub normalize {
+	my ($mo_filename, %options) = @_;
+
+	my $fmt;
+
+	my $buf = read_file($mo_filename);
+
+	my $magic = unpack("V", substr($buf, 0*4, 4));
+	if ($magic == 0x950412DE) {
+		# little endian
+		$fmt = "V";
+	} elsif ($magic == 0xDE120495) {
+		# big endian
+		$fmt = "N";
+	} else {
+		# unknown format
+		return 0;
+	}
+
+	my ($revision, $nstrings, $orig_to, $trans_to)
+	  = unpack($fmt x 4, substr($buf, 1*4, 4*4));
+	my $major = int($revision / 256);
+	my $minor = int($revision % 256);
+	return 0 if $major > 1;
+
+	my $modified = 0;
+	for (my $i=0; $i < $nstrings; $i++) {
+		my $len = unpack($fmt, substr($buf, $orig_to + $i*8, 4));
+		next if $len > 0;
+
+		my $offset = unpack($fmt, substr($buf, $orig_to + $i*8 + 4, 4));
+		my $trans_len = unpack($fmt, substr($buf, $trans_to + $i*8));
+		my $trans_offset = unpack($fmt, substr($buf, $trans_to + $i*8 + 4));
+		my $trans_msg = substr($buf, $trans_offset, $trans_len);
+		next unless $trans_msg =~ m/^POT-Creation-Date: (.*)/m;
+
+		my $pot_date = $1;
+		my $time;
+		eval {$time = Time::Piece->strptime($pot_date, "%Y-%m-%d %H:%M%z");};
+		next if $@;
+
+		my $new_time = strftime("%Y-%m-%d %H:%M+0000", gmtime(0));
+		$trans_msg
+		  =~ s/\QPOT-Creation-Date: $pot_date\E/POT-Creation-Date: $new_time/;
+		print("Replaced POT-Creation-Date $pot_date with $new_time.\n");
+		next if length($trans_msg) != $trans_len;
+
+		$buf
+		  = substr($buf, 0, $trans_offset)
+		  . $trans_msg
+		  . substr($buf, $trans_offset + $trans_len);
+		$modified = 1;
+	}
+
+	if ($modified) {
+		open(my $fh, '>', $mo_filename)
+		  or die "Can't open file $mo_filename for writing: $!";
+		binmode($fh);
+		print $fh $buf;
+		close($fh);
+	}
+
+	return $modified;
+}
+
+print("Removing timestamp from " . $ARGV[0] . "...\n");
+normalize($ARGV[0])
--- a/SPECS/libexif.spec
+++ b/SPECS/libexif.spec
@ -1,13 +1,17 @@
 Summary:	Library for extracting extra information from image files
 Name:		libexif
-Version:	0.6.21
-Release:	16%{?dist}
+Version:	0.6.22
+Release:	4%{?dist}
 Group:		System Environment/Libraries
 License:	LGPLv2+
-URL:		http://libexif.sourceforge.net/
-Source0:	http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
-# CVE-2016-6328, RHBZ#1366239
-Patch0:		41bd04234b104312f54d25822f68738ba8d7133d.patch
+URL:		https://libexif.github.io/
+%global tarball_version %(echo %{version} | sed -e 's|\\.|_|g')
+Source0:	https://github.com/libexif/libexif/archive/libexif-%{tarball_version}-release.tar.gz
+Source1:        strip-gettext-nondeterminism
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1847753
+# https://bugzilla.redhat.com/show_bug.cgi?id=1847761
+Patch0:         CVE-2020-0181-CVE-2020-0198.patch

 BuildRequires:	autoconf
 BuildRequires:	automake
@ -16,6 +20,9 @@ BuildRequires:	gettext-devel
 BuildRequires:	libtool
 BuildRequires:	pkgconfig

+# For strip-gettext-nondeterminism
+BuildRequires:  perl(Time::Piece)
+
 %description
 Most digital cameras produce EXIF files, which are JPEG files with
 extra tags that contain information about the image. The EXIF library
@ -40,8 +47,7 @@ Requires:	%{name}%{?_isa} = %{version}-%{release}
 API Documentation for programmers wishing to use libexif in their programs.

 %prep
-%setup -q
-%patch0 -p1
+%autosetup -n libexif-libexif-%{tarball_version}-release -p1

 %build
 autoreconf -fiv
@ -55,6 +61,7 @@ rm -rf %{buildroot}%{_datadir}/doc/libexif
 cp -R doc/doxygen-output/libexif-api.html .
 iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING
 iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README
+find %{buildroot} -type f -name '*.mo' -exec %{SOURCE1} {} \;
 %find_lang libexif-12

 %check
@ -64,7 +71,7 @@ make check

 %files -f libexif-12.lang
 %doc COPYING README NEWS
-%{_libdir}/libexif.so.*
+%{_libdir}/libexif.so.12*

 %files devel
 %{_includedir}/libexif
@ -75,6 +82,23 @@ make check
 %doc libexif-api.html

 %changelog
+* Thu Jun 25 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-4
+- Add patch for CVE-2020-0181/CVE-2020-0198
+- Resolves: #1847753
+- Resolves: #1847761
+
+* Thu Jun 04 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-3
+- Also remove timezone from the .mo files
+- Related: #1841320
+
+* Wed Jun 03 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-2
+- Remove timestamps from the .mo files to avoid multilib conflicts
+- Related: #1841320
+
+* Mon Jun 01 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-1
+- Upgrade to 0.6.22
+- Resolves: #1841320
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-16
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild