From cf0c35462c800343c1ebcec43a9c0085b5b16a31 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 30 Mar 2021 08:21:45 -0400 Subject: [PATCH] import libexif-0.6.22-5.el8_3 --- SOURCES/CVE-2020-0452.patch | 32 ++++++++++++++++++++++++++++++++ SPECS/libexif.spec | 9 ++++++++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 SOURCES/CVE-2020-0452.patch diff --git a/SOURCES/CVE-2020-0452.patch b/SOURCES/CVE-2020-0452.patch new file mode 100644 index 0000000..4a499ff --- /dev/null +++ b/SOURCES/CVE-2020-0452.patch @@ -0,0 +1,32 @@ +From 9266d14b5ca4e29b970fa03272318e5f99386e06 Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Thu, 5 Nov 2020 09:50:08 +0100 +Subject: [PATCH] fixed a incorrect overflow check that could be optimized + away. + +inspired by: +https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b + +https://source.android.com/security/bulletin/2020-11-01 + +CVE-2020-0452 +--- + NEWS | 3 ++- + libexif/exif-entry.c | 4 ++-- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c +index 3fc0ff9..4b866ce 100644 +--- a/libexif/exif-entry.c ++++ b/libexif/exif-entry.c +@@ -1371,8 +1371,8 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen) + { + unsigned char *utf16; + +- /* Sanity check the size to prevent overflow */ +- if (e->size+sizeof(uint16_t)+1 < e->size) break; ++ /* Sanity check the size to prevent overflow. Note EXIF files are 64kb at most. */ ++ if (e->size >= 65536 - sizeof(uint16_t)*2) break; + + /* The tag may not be U+0000-terminated , so make a local + U+0000-terminated copy before converting it */ diff --git a/SPECS/libexif.spec b/SPECS/libexif.spec index f63ad80..8347912 100644 --- a/SPECS/libexif.spec +++ b/SPECS/libexif.spec @@ -1,7 +1,7 @@ Summary: Library for extracting extra information from image files Name: libexif Version: 0.6.22 -Release: 4%{?dist} +Release: 5%{?dist} Group: System Environment/Libraries License: LGPLv2+ URL: https://libexif.github.io/ @@ -13,6 +13,9 @@ Source1: strip-gettext-nondeterminism # https://bugzilla.redhat.com/show_bug.cgi?id=1847761 Patch0: CVE-2020-0181-CVE-2020-0198.patch +# https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06 +Patch1: CVE-2020-0452.patch + BuildRequires: autoconf BuildRequires: automake BuildRequires: doxygen @@ -82,6 +85,10 @@ make check %doc libexif-api.html %changelog +* Mon Dec 07 2020 Richard Hughes - 0.6.22-5 +- Fix CVE-2020-0452 +- Resolves: #1902593 + * Thu Jun 25 2020 Michael Catanzaro - 0.6.22-4 - Add patch for CVE-2020-0181/CVE-2020-0198 - Resolves: #1847753