Browse Source

initial package creation

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
master
Toshaan Bharvani 2 years ago
commit
99973b1c55
  1. 58
      SOURCES/CVE-2020-0181-CVE-2020-0198.patch
  2. 32
      SOURCES/CVE-2020-0452.patch
  3. 278
      SPECS/libexif.spec

58
SOURCES/CVE-2020-0181-CVE-2020-0198.patch

@ -0,0 +1,58 @@
From ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c Mon Sep 17 00:00:00 2001
From: Marcus Meissner <marcus@jet.franken.de>
Date: Mon, 8 Jun 2020 17:27:06 +0200
Subject: [PATCH] fixed another unsigned integer overflow

first fixed by google in android fork,
https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0

(use a more generic overflow check method, also check second overflow instance.)

https://security-tracker.debian.org/tracker/CVE-2020-0198
---
libexif/exif-data.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index 8b280d3..b495726 100644
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -47,6 +47,8 @@
#undef JPEG_MARKER_APP1
#define JPEG_MARKER_APP1 0xe1
+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
+
static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
struct _ExifDataPrivate
@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
return;
}
- if (s > ds - o) {
+ if (CHECKOVERFLOW(o,ds,s)) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
return;
}
@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
}
/* Read the number of entries */
- if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
+ if (CHECKOVERFLOW(offset, ds, 2)) {
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
- "Tag data past end of buffer (%u > %u)", offset+2, ds);
+ "Tag data past end of buffer (%u+2 > %u)", offset, ds);
return;
}
n = exif_get_short (d + offset, data->priv->order);
@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
offset += 2;
/* Check if we have enough data. */
- if (offset + 12 * n > ds) {
+ if (CHECKOVERFLOW(offset, ds, 12*n)) {
n = (ds - offset) / 12;
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Short data; only loading %hu entries...", n);

32
SOURCES/CVE-2020-0452.patch

@ -0,0 +1,32 @@
From 9266d14b5ca4e29b970fa03272318e5f99386e06 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <marcus@jet.franken.de>
Date: Thu, 5 Nov 2020 09:50:08 +0100
Subject: [PATCH] fixed a incorrect overflow check that could be optimized
away.

inspired by:
https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b

https://source.android.com/security/bulletin/2020-11-01

CVE-2020-0452
---
NEWS | 3 ++-
libexif/exif-entry.c | 4 ++--
2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
index 3fc0ff9..4b866ce 100644
--- a/libexif/exif-entry.c
+++ b/libexif/exif-entry.c
@@ -1371,8 +1371,8 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
{
unsigned char *utf16;
- /* Sanity check the size to prevent overflow */
- if (e->size+sizeof(uint16_t)+1 < e->size) break;
+ /* Sanity check the size to prevent overflow. Note EXIF files are 64kb at most. */
+ if (e->size >= 65536 - sizeof(uint16_t)*2) break;
/* The tag may not be U+0000-terminated , so make a local
U+0000-terminated copy before converting it */

278
SPECS/libexif.spec

@ -0,0 +1,278 @@
Summary: Library for extracting extra information from image files
Name: libexif
Version: 0.6.22
Release: 6%{?dist}
License: LGPLv2+
URL: https://libexif.github.io/
%global tarball_version %(echo %{version} | sed -e 's|\\.|_|g')
Source0: https://github.com/libexif/libexif/archive/libexif-%{tarball_version}-release.tar.gz

# https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c
Patch0: CVE-2020-0181-CVE-2020-0198.patch
# https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06
Patch1: CVE-2020-0452.patch

BuildRequires: autoconf
BuildRequires: automake
BuildRequires: doxygen
BuildRequires: gettext-devel
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: make

%description
Most digital cameras produce EXIF files, which are JPEG files with
extra tags that contain information about the image. The EXIF library
allows you to parse an EXIF file and read the data from those tags.

%package devel
Summary: Files needed for libexif application development
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
The libexif-devel package contains the libraries and header files
for writing programs that use libexif.

%package doc
Summary: The EXIF Library API documentation
Requires: %{name}%{?_isa} = %{version}-%{release}
%description doc
API Documentation for programmers wishing to use libexif in their programs.


%prep
%autosetup -n libexif-libexif-%{tarball_version}-release -p1


%build
autoreconf -fiv

%configure \
--disable-static

%make_build


%install
%make_install

rm -fv %{buildroot}%{_libdir}/lib*.la

rm -rf %{buildroot}%{_datadir}/doc/libexif
cp -R doc/doxygen-output/libexif-api.html .
iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING
iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README
%find_lang libexif-12

%check
make check

%ldconfig_scriptlets

%files -f libexif-12.lang
%doc README NEWS
%license COPYING
%{_libdir}/libexif.so.12*

%files devel
%{_includedir}/libexif
%{_libdir}/libexif.so
%{_libdir}/pkgconfig/libexif.pc

%files doc
%doc libexif-api.html


%changelog
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.22-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.22-5
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.22-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Mon Nov 09 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-3
- Fix CVE-2020-0181, CVE-2020-0198, and CVE-2020-0452

* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Mon May 18 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.6.22-1
- 0.6.22
- .spec cleanup

* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Tue Feb 12 2019 Yaakov Selkowitz <yselkowi@redhat.com> - 0.6.21-19
- Fix for CVE-2018-20030 (#1663879)

* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.6.21-15
- Switch to %%ldconfig_scriptlets

* Sun Dec 17 2017 Yaakov Selkowitz <yselkowi@redhat.com> - 0.6.21-14
- Patch for CVE-2016-6328 (#1484032)

* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.21-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.21-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.21-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.21-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Mon Apr 29 2013 Petr Šabata <contyk@redhat.com> - 0.6.21-5
- Run the test suite, thanks to Ville Skyttä <ville.skytta@iki.fi> (#928539)

* Wed Mar 27 2013 Petr Šabata <contyk@redhat.com> - 0.6.21-4
- Run autoreconf for aarch64

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.21-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.21-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Fri Jul 13 2012 Petr Šabata <contyk@redhat.com> - 0.6.21-1
- 0.6.21 bump
- A security bugfixing release (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814,
CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841 & CVE-2012-2845)
- Drop the pre-generated docs and introduce a doc subpackage

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Fri Mar 18 2011 Petr Sabata <psabata@redhat.com> - 0.6.20-1
- 0.6.20 bump
- Repackaging prehistoric libexif-docs, introducing version string in filename
- Buildroot cleanup

* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.19-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Wed May 26 2010 Thomas Janssen <thomasj@fedoraproject.org> 0.6.19-1
- libexif 0.6.19
- fixes #589283

* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.16-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.16-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Thu Dec 11 2008 Caolán McNamara <caolanm@redhat.com> - 0.6.16-2
- rebuild to get a pkgconfig(libexif) provides

* Tue Feb 5 2008 Matthias Clasen <mclasen@redhat.com> - 0.6.16-1
- Update to 0.6.16
- Drop obsolete patch

* Tue Feb 5 2008 Matthias Clasen <mclasen@redhat.com> - 0.6.15-6
- Convert doc files to utf-8 (#240838)

* Sat Dec 15 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.15-5
- Add patch for CVE-2007-6351. Fixes bug #425641
- Add patch for CVE-2007-6352. Fixes bug #425641

* Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 0.6.15-4
- Rebuild for selinux ppc32 issue.

* Tue Aug 7 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.15-3
- Update the license field

* Wed Jun 13 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.15-2
- Add patch for CVE-2007-4168. Fix bug #243892

* Wed May 30 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.15-1
- Update to 0.6.15
- Drop obsolete patch

* Thu May 24 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.13-4
- Add patch for CVE-2007-2645.

* Sun Feb 4 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.13-3
- Package review cleanups
- Avoid multilib conflicts by using pregenerated docs

* Wed Jul 26 2006 Matthias Clasen <mclasen@redhat.com> - 0.6.13-2
- Rebuild

* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6.13-1.1
- rebuild

* Tue May 23 2006 Matthias Clasen <mclasen@redhat.com> - 0.6.13-1
- Update to 0.6.13
- Drop upstreamed patches
- Don't ship static libraries

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6.12-3.2.1
- bump again for double-long bug on ppc(64)

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6.12-3.2
- rebuilt for new gcc4.1 snapshot and glibc changes

* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt

* Fri May 6 2005 Matthias Clasen <mclasen@redhat.com>
- Prevent infinite recursion (#156365)

* Sun Apr 24 2005 Matthias Clasen <mclasen@redhat.com>
- Fix MakerNote handling (#153282)

* Mon Mar 28 2005 Matthias Clasen <mclasen@redhat.com>
- Update to 0.6.12

* Tue Mar 8 2005 Marco Pesenti Gritti <mpg@redhat.com>
- Add libexif-0.5.12-buffer-overflow.patch

* Wed Mar 2 2005 Matthias Clasen <mclasen@redhat.com>
- Rebuild with gcc4

* Tue Nov 9 2004 Matthias Saou <matthias.saou@est.une.marmotte.net>
- Use %%find_lang macro.
- Add %%doc files, including mandatory copy of the LGPL license.
- Use %%{?_smp_mflags}
- Improve the descriptions

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Mon Dec 22 2003 Matt Wilson <msw@redhat.com>
- Initial build.
Loading…
Cancel
Save