From 99973b1c55999ddb5948d4b82ffcb754e521e564 Mon Sep 17 00:00:00 2001 From: Toshaan Bharvani Date: Tue, 17 May 2022 14:20:22 +0200 Subject: [PATCH] initial package creation Signed-off-by: Toshaan Bharvani --- SOURCES/CVE-2020-0181-CVE-2020-0198.patch | 58 +++++ SOURCES/CVE-2020-0452.patch | 32 +++ SPECS/libexif.spec | 278 ++++++++++++++++++++++ 3 files changed, 368 insertions(+) create mode 100644 SOURCES/CVE-2020-0181-CVE-2020-0198.patch create mode 100644 SOURCES/CVE-2020-0452.patch create mode 100644 SPECS/libexif.spec diff --git a/SOURCES/CVE-2020-0181-CVE-2020-0198.patch b/SOURCES/CVE-2020-0181-CVE-2020-0198.patch new file mode 100644 index 0000000..e0358c2 --- /dev/null +++ b/SOURCES/CVE-2020-0181-CVE-2020-0198.patch @@ -0,0 +1,58 @@ +From ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Mon, 8 Jun 2020 17:27:06 +0200 +Subject: [PATCH] fixed another unsigned integer overflow + +first fixed by google in android fork, +https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0 + +(use a more generic overflow check method, also check second overflow instance.) + +https://security-tracker.debian.org/tracker/CVE-2020-0198 +--- + libexif/exif-data.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/libexif/exif-data.c b/libexif/exif-data.c +index 8b280d3..b495726 100644 +--- a/libexif/exif-data.c ++++ b/libexif/exif-data.c +@@ -47,6 +47,8 @@ + #undef JPEG_MARKER_APP1 + #define JPEG_MARKER_APP1 0xe1 + ++#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize )) ++ + static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00}; + + struct _ExifDataPrivate +@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d, + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o); + return; + } +- if (s > ds - o) { ++ if (CHECKOVERFLOW(o,ds,s)) { + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o); + return; + } +@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + } + + /* Read the number of entries */ +- if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) { ++ if (CHECKOVERFLOW(offset, ds, 2)) { + exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", +- "Tag data past end of buffer (%u > %u)", offset+2, ds); ++ "Tag data past end of buffer (%u+2 > %u)", offset, ds); + return; + } + n = exif_get_short (d + offset, data->priv->order); +@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + offset += 2; + + /* Check if we have enough data. */ +- if (offset + 12 * n > ds) { ++ if (CHECKOVERFLOW(offset, ds, 12*n)) { + n = (ds - offset) / 12; + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", + "Short data; only loading %hu entries...", n); diff --git a/SOURCES/CVE-2020-0452.patch b/SOURCES/CVE-2020-0452.patch new file mode 100644 index 0000000..4a499ff --- /dev/null +++ b/SOURCES/CVE-2020-0452.patch @@ -0,0 +1,32 @@ +From 9266d14b5ca4e29b970fa03272318e5f99386e06 Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Thu, 5 Nov 2020 09:50:08 +0100 +Subject: [PATCH] fixed a incorrect overflow check that could be optimized + away. + +inspired by: +https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b + +https://source.android.com/security/bulletin/2020-11-01 + +CVE-2020-0452 +--- + NEWS | 3 ++- + libexif/exif-entry.c | 4 ++-- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c +index 3fc0ff9..4b866ce 100644 +--- a/libexif/exif-entry.c ++++ b/libexif/exif-entry.c +@@ -1371,8 +1371,8 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen) + { + unsigned char *utf16; + +- /* Sanity check the size to prevent overflow */ +- if (e->size+sizeof(uint16_t)+1 < e->size) break; ++ /* Sanity check the size to prevent overflow. Note EXIF files are 64kb at most. */ ++ if (e->size >= 65536 - sizeof(uint16_t)*2) break; + + /* The tag may not be U+0000-terminated , so make a local + U+0000-terminated copy before converting it */ diff --git a/SPECS/libexif.spec b/SPECS/libexif.spec new file mode 100644 index 0000000..d4a553f --- /dev/null +++ b/SPECS/libexif.spec @@ -0,0 +1,278 @@ +Summary: Library for extracting extra information from image files +Name: libexif +Version: 0.6.22 +Release: 6%{?dist} +License: LGPLv2+ +URL: https://libexif.github.io/ +%global tarball_version %(echo %{version} | sed -e 's|\\.|_|g') +Source0: https://github.com/libexif/libexif/archive/libexif-%{tarball_version}-release.tar.gz + +# https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c +Patch0: CVE-2020-0181-CVE-2020-0198.patch +# https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06 +Patch1: CVE-2020-0452.patch + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: doxygen +BuildRequires: gettext-devel +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: make + +%description +Most digital cameras produce EXIF files, which are JPEG files with +extra tags that contain information about the image. The EXIF library +allows you to parse an EXIF file and read the data from those tags. + +%package devel +Summary: Files needed for libexif application development +Requires: %{name}%{?_isa} = %{version}-%{release} +%description devel +The libexif-devel package contains the libraries and header files +for writing programs that use libexif. + +%package doc +Summary: The EXIF Library API documentation +Requires: %{name}%{?_isa} = %{version}-%{release} +%description doc +API Documentation for programmers wishing to use libexif in their programs. + + +%prep +%autosetup -n libexif-libexif-%{tarball_version}-release -p1 + + +%build +autoreconf -fiv + +%configure \ + --disable-static + +%make_build + + +%install +%make_install + +rm -fv %{buildroot}%{_libdir}/lib*.la + +rm -rf %{buildroot}%{_datadir}/doc/libexif +cp -R doc/doxygen-output/libexif-api.html . +iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING +iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README +%find_lang libexif-12 + +%check +make check + +%ldconfig_scriptlets + +%files -f libexif-12.lang +%doc README NEWS +%license COPYING +%{_libdir}/libexif.so.12* + +%files devel +%{_includedir}/libexif +%{_libdir}/libexif.so +%{_libdir}/pkgconfig/libexif.pc + +%files doc +%doc libexif-api.html + + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 0.6.22-6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 0.6.22-5 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 0.6.22-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Nov 09 2020 Michael Catanzaro - 0.6.22-3 +- Fix CVE-2020-0181, CVE-2020-0198, and CVE-2020-0452 + +* Tue Jul 28 2020 Fedora Release Engineering - 0.6.22-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon May 18 2020 Rex Dieter - 0.6.22-1 +- 0.6.22 +- .spec cleanup + +* Wed Jan 29 2020 Fedora Release Engineering - 0.6.21-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jul 25 2019 Fedora Release Engineering - 0.6.21-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue Feb 12 2019 Yaakov Selkowitz - 0.6.21-19 +- Fix for CVE-2018-20030 (#1663879) + +* Fri Feb 01 2019 Fedora Release Engineering - 0.6.21-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 13 2018 Fedora Release Engineering - 0.6.21-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 0.6.21-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Feb 03 2018 Igor Gnatenko - 0.6.21-15 +- Switch to %%ldconfig_scriptlets + +* Sun Dec 17 2017 Yaakov Selkowitz - 0.6.21-14 +- Patch for CVE-2016-6328 (#1484032) + +* Thu Aug 03 2017 Fedora Release Engineering - 0.6.21-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.6.21-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 0.6.21-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Feb 04 2016 Fedora Release Engineering - 0.6.21-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 0.6.21-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 0.6.21-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.6.21-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 0.6.21-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Apr 29 2013 Petr Šabata - 0.6.21-5 +- Run the test suite, thanks to Ville Skyttä (#928539) + +* Wed Mar 27 2013 Petr Šabata - 0.6.21-4 +- Run autoreconf for aarch64 + +* Thu Feb 14 2013 Fedora Release Engineering - 0.6.21-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Jul 19 2012 Fedora Release Engineering - 0.6.21-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jul 13 2012 Petr Šabata - 0.6.21-1 +- 0.6.21 bump +- A security bugfixing release (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, + CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841 & CVE-2012-2845) +- Drop the pre-generated docs and introduce a doc subpackage + +* Fri Jan 13 2012 Fedora Release Engineering - 0.6.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Mar 18 2011 Petr Sabata - 0.6.20-1 +- 0.6.20 bump +- Repackaging prehistoric libexif-docs, introducing version string in filename +- Buildroot cleanup + +* Mon Feb 07 2011 Fedora Release Engineering - 0.6.19-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed May 26 2010 Thomas Janssen 0.6.19-1 +- libexif 0.6.19 +- fixes #589283 + +* Fri Jul 24 2009 Fedora Release Engineering - 0.6.16-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 0.6.16-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Dec 11 2008 Caolán McNamara - 0.6.16-2 +- rebuild to get a pkgconfig(libexif) provides + +* Tue Feb 5 2008 Matthias Clasen - 0.6.16-1 +- Update to 0.6.16 +- Drop obsolete patch + +* Tue Feb 5 2008 Matthias Clasen - 0.6.15-6 +- Convert doc files to utf-8 (#240838) + +* Sat Dec 15 2007 Matthias Clasen - 0.6.15-5 +- Add patch for CVE-2007-6351. Fixes bug #425641 +- Add patch for CVE-2007-6352. Fixes bug #425641 + +* Wed Aug 29 2007 Fedora Release Engineering - 0.6.15-4 +- Rebuild for selinux ppc32 issue. + +* Tue Aug 7 2007 Matthias Clasen - 0.6.15-3 +- Update the license field + +* Wed Jun 13 2007 Matthias Clasen - 0.6.15-2 +- Add patch for CVE-2007-4168. Fix bug #243892 + +* Wed May 30 2007 Matthias Clasen - 0.6.15-1 +- Update to 0.6.15 +- Drop obsolete patch + +* Thu May 24 2007 Matthias Clasen - 0.6.13-4 +- Add patch for CVE-2007-2645. + +* Sun Feb 4 2007 Matthias Clasen - 0.6.13-3 +- Package review cleanups +- Avoid multilib conflicts by using pregenerated docs + +* Wed Jul 26 2006 Matthias Clasen - 0.6.13-2 +- Rebuild + +* Wed Jul 12 2006 Jesse Keating - 0.6.13-1.1 +- rebuild + +* Tue May 23 2006 Matthias Clasen - 0.6.13-1 +- Update to 0.6.13 +- Drop upstreamed patches +- Don't ship static libraries + +* Fri Feb 10 2006 Jesse Keating - 0.6.12-3.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 0.6.12-3.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Fri May 6 2005 Matthias Clasen +- Prevent infinite recursion (#156365) + +* Sun Apr 24 2005 Matthias Clasen +- Fix MakerNote handling (#153282) + +* Mon Mar 28 2005 Matthias Clasen +- Update to 0.6.12 + +* Tue Mar 8 2005 Marco Pesenti Gritti +- Add libexif-0.5.12-buffer-overflow.patch + +* Wed Mar 2 2005 Matthias Clasen +- Rebuild with gcc4 + +* Tue Nov 9 2004 Matthias Saou +- Use %%find_lang macro. +- Add %%doc files, including mandatory copy of the LGPL license. +- Use %%{?_smp_mflags} +- Improve the descriptions + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Mon Dec 22 2003 Matt Wilson +- Initial build.