Toshaan Bharvani
2 years ago
commit
99973b1c55
3 changed files with 368 additions and 0 deletions
@ -0,0 +1,58 @@ |
|||||||
|
From ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c Mon Sep 17 00:00:00 2001 |
||||||
|
From: Marcus Meissner <marcus@jet.franken.de> |
||||||
|
Date: Mon, 8 Jun 2020 17:27:06 +0200 |
||||||
|
Subject: [PATCH] fixed another unsigned integer overflow |
||||||
|
|
||||||
|
first fixed by google in android fork, |
||||||
|
https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0 |
||||||
|
|
||||||
|
(use a more generic overflow check method, also check second overflow instance.) |
||||||
|
|
||||||
|
https://security-tracker.debian.org/tracker/CVE-2020-0198 |
||||||
|
--- |
||||||
|
libexif/exif-data.c | 10 ++++++---- |
||||||
|
1 file changed, 6 insertions(+), 4 deletions(-) |
||||||
|
|
||||||
|
diff --git a/libexif/exif-data.c b/libexif/exif-data.c |
||||||
|
index 8b280d3..b495726 100644 |
||||||
|
--- a/libexif/exif-data.c |
||||||
|
+++ b/libexif/exif-data.c |
||||||
|
@@ -47,6 +47,8 @@ |
||||||
|
#undef JPEG_MARKER_APP1 |
||||||
|
#define JPEG_MARKER_APP1 0xe1 |
||||||
|
|
||||||
|
+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize )) |
||||||
|
+ |
||||||
|
static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00}; |
||||||
|
|
||||||
|
struct _ExifDataPrivate |
||||||
|
@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d, |
||||||
|
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o); |
||||||
|
return; |
||||||
|
} |
||||||
|
- if (s > ds - o) { |
||||||
|
+ if (CHECKOVERFLOW(o,ds,s)) { |
||||||
|
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o); |
||||||
|
return; |
||||||
|
} |
||||||
|
@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, |
||||||
|
} |
||||||
|
|
||||||
|
/* Read the number of entries */ |
||||||
|
- if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) { |
||||||
|
+ if (CHECKOVERFLOW(offset, ds, 2)) { |
||||||
|
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", |
||||||
|
- "Tag data past end of buffer (%u > %u)", offset+2, ds); |
||||||
|
+ "Tag data past end of buffer (%u+2 > %u)", offset, ds); |
||||||
|
return; |
||||||
|
} |
||||||
|
n = exif_get_short (d + offset, data->priv->order); |
||||||
|
@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, |
||||||
|
offset += 2; |
||||||
|
|
||||||
|
/* Check if we have enough data. */ |
||||||
|
- if (offset + 12 * n > ds) { |
||||||
|
+ if (CHECKOVERFLOW(offset, ds, 12*n)) { |
||||||
|
n = (ds - offset) / 12; |
||||||
|
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", |
||||||
|
"Short data; only loading %hu entries...", n); |
@ -0,0 +1,32 @@ |
|||||||
|
From 9266d14b5ca4e29b970fa03272318e5f99386e06 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Marcus Meissner <marcus@jet.franken.de> |
||||||
|
Date: Thu, 5 Nov 2020 09:50:08 +0100 |
||||||
|
Subject: [PATCH] fixed a incorrect overflow check that could be optimized |
||||||
|
away. |
||||||
|
|
||||||
|
inspired by: |
||||||
|
https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b |
||||||
|
|
||||||
|
https://source.android.com/security/bulletin/2020-11-01 |
||||||
|
|
||||||
|
CVE-2020-0452 |
||||||
|
--- |
||||||
|
NEWS | 3 ++- |
||||||
|
libexif/exif-entry.c | 4 ++-- |
||||||
|
2 files changed, 4 insertions(+), 3 deletions(-) |
||||||
|
|
||||||
|
diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c |
||||||
|
index 3fc0ff9..4b866ce 100644 |
||||||
|
--- a/libexif/exif-entry.c |
||||||
|
+++ b/libexif/exif-entry.c |
||||||
|
@@ -1371,8 +1371,8 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen) |
||||||
|
{ |
||||||
|
unsigned char *utf16; |
||||||
|
|
||||||
|
- /* Sanity check the size to prevent overflow */ |
||||||
|
- if (e->size+sizeof(uint16_t)+1 < e->size) break; |
||||||
|
+ /* Sanity check the size to prevent overflow. Note EXIF files are 64kb at most. */ |
||||||
|
+ if (e->size >= 65536 - sizeof(uint16_t)*2) break; |
||||||
|
|
||||||
|
/* The tag may not be U+0000-terminated , so make a local |
||||||
|
U+0000-terminated copy before converting it */ |
@ -0,0 +1,278 @@ |
|||||||
|
Summary: Library for extracting extra information from image files |
||||||
|
Name: libexif |
||||||
|
Version: 0.6.22 |
||||||
|
Release: 6%{?dist} |
||||||
|
License: LGPLv2+ |
||||||
|
URL: https://libexif.github.io/ |
||||||
|
%global tarball_version %(echo %{version} | sed -e 's|\\.|_|g') |
||||||
|
Source0: https://github.com/libexif/libexif/archive/libexif-%{tarball_version}-release.tar.gz |
||||||
|
|
||||||
|
# https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c |
||||||
|
Patch0: CVE-2020-0181-CVE-2020-0198.patch |
||||||
|
# https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06 |
||||||
|
Patch1: CVE-2020-0452.patch |
||||||
|
|
||||||
|
BuildRequires: autoconf |
||||||
|
BuildRequires: automake |
||||||
|
BuildRequires: doxygen |
||||||
|
BuildRequires: gettext-devel |
||||||
|
BuildRequires: libtool |
||||||
|
BuildRequires: pkgconfig |
||||||
|
BuildRequires: make |
||||||
|
|
||||||
|
%description |
||||||
|
Most digital cameras produce EXIF files, which are JPEG files with |
||||||
|
extra tags that contain information about the image. The EXIF library |
||||||
|
allows you to parse an EXIF file and read the data from those tags. |
||||||
|
|
||||||
|
%package devel |
||||||
|
Summary: Files needed for libexif application development |
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release} |
||||||
|
%description devel |
||||||
|
The libexif-devel package contains the libraries and header files |
||||||
|
for writing programs that use libexif. |
||||||
|
|
||||||
|
%package doc |
||||||
|
Summary: The EXIF Library API documentation |
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release} |
||||||
|
%description doc |
||||||
|
API Documentation for programmers wishing to use libexif in their programs. |
||||||
|
|
||||||
|
|
||||||
|
%prep |
||||||
|
%autosetup -n libexif-libexif-%{tarball_version}-release -p1 |
||||||
|
|
||||||
|
|
||||||
|
%build |
||||||
|
autoreconf -fiv |
||||||
|
|
||||||
|
%configure \ |
||||||
|
--disable-static |
||||||
|
|
||||||
|
%make_build |
||||||
|
|
||||||
|
|
||||||
|
%install |
||||||
|
%make_install |
||||||
|
|
||||||
|
rm -fv %{buildroot}%{_libdir}/lib*.la |
||||||
|
|
||||||
|
rm -rf %{buildroot}%{_datadir}/doc/libexif |
||||||
|
cp -R doc/doxygen-output/libexif-api.html . |
||||||
|
iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING |
||||||
|
iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README |
||||||
|
%find_lang libexif-12 |
||||||
|
|
||||||
|
%check |
||||||
|
make check |
||||||
|
|
||||||
|
%ldconfig_scriptlets |
||||||
|
|
||||||
|
%files -f libexif-12.lang |
||||||
|
%doc README NEWS |
||||||
|
%license COPYING |
||||||
|
%{_libdir}/libexif.so.12* |
||||||
|
|
||||||
|
%files devel |
||||||
|
%{_includedir}/libexif |
||||||
|
%{_libdir}/libexif.so |
||||||
|
%{_libdir}/pkgconfig/libexif.pc |
||||||
|
|
||||||
|
%files doc |
||||||
|
%doc libexif-api.html |
||||||
|
|
||||||
|
|
||||||
|
%changelog |
||||||
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.22-6 |
||||||
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags |
||||||
|
Related: rhbz#1991688 |
||||||
|
|
||||||
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.22-5 |
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 |
||||||
|
|
||||||
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.22-4 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Nov 09 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-3 |
||||||
|
- Fix CVE-2020-0181, CVE-2020-0198, and CVE-2020-0452 |
||||||
|
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.22-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon May 18 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.6.22-1 |
||||||
|
- 0.6.22 |
||||||
|
- .spec cleanup |
||||||
|
|
||||||
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-21 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild |
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-20 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild |
||||||
|
|
||||||
|
* Tue Feb 12 2019 Yaakov Selkowitz <yselkowi@redhat.com> - 0.6.21-19 |
||||||
|
- Fix for CVE-2018-20030 (#1663879) |
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-18 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-17 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-16 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild |
||||||
|
|
||||||
|
* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.6.21-15 |
||||||
|
- Switch to %%ldconfig_scriptlets |
||||||
|
|
||||||
|
* Sun Dec 17 2017 Yaakov Selkowitz <yselkowi@redhat.com> - 0.6.21-14 |
||||||
|
- Patch for CVE-2016-6328 (#1484032) |
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-13 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-12 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-11 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild |
||||||
|
|
||||||
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-10 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.21-9 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild |
||||||
|
|
||||||
|
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.21-8 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild |
||||||
|
|
||||||
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.21-7 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild |
||||||
|
|
||||||
|
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.21-6 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Apr 29 2013 Petr Šabata <contyk@redhat.com> - 0.6.21-5 |
||||||
|
- Run the test suite, thanks to Ville Skyttä <ville.skytta@iki.fi> (#928539) |
||||||
|
|
||||||
|
* Wed Mar 27 2013 Petr Šabata <contyk@redhat.com> - 0.6.21-4 |
||||||
|
- Run autoreconf for aarch64 |
||||||
|
|
||||||
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.21-3 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild |
||||||
|
|
||||||
|
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.21-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Jul 13 2012 Petr Šabata <contyk@redhat.com> - 0.6.21-1 |
||||||
|
- 0.6.21 bump |
||||||
|
- A security bugfixing release (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, |
||||||
|
CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841 & CVE-2012-2845) |
||||||
|
- Drop the pre-generated docs and introduce a doc subpackage |
||||||
|
|
||||||
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.20-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Mar 18 2011 Petr Sabata <psabata@redhat.com> - 0.6.20-1 |
||||||
|
- 0.6.20 bump |
||||||
|
- Repackaging prehistoric libexif-docs, introducing version string in filename |
||||||
|
- Buildroot cleanup |
||||||
|
|
||||||
|
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.19-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed May 26 2010 Thomas Janssen <thomasj@fedoraproject.org> 0.6.19-1 |
||||||
|
- libexif 0.6.19 |
||||||
|
- fixes #589283 |
||||||
|
|
||||||
|
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.16-4 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.16-3 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild |
||||||
|
|
||||||
|
* Thu Dec 11 2008 Caolán McNamara <caolanm@redhat.com> - 0.6.16-2 |
||||||
|
- rebuild to get a pkgconfig(libexif) provides |
||||||
|
|
||||||
|
* Tue Feb 5 2008 Matthias Clasen <mclasen@redhat.com> - 0.6.16-1 |
||||||
|
- Update to 0.6.16 |
||||||
|
- Drop obsolete patch |
||||||
|
|
||||||
|
* Tue Feb 5 2008 Matthias Clasen <mclasen@redhat.com> - 0.6.15-6 |
||||||
|
- Convert doc files to utf-8 (#240838) |
||||||
|
|
||||||
|
* Sat Dec 15 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.15-5 |
||||||
|
- Add patch for CVE-2007-6351. Fixes bug #425641 |
||||||
|
- Add patch for CVE-2007-6352. Fixes bug #425641 |
||||||
|
|
||||||
|
* Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 0.6.15-4 |
||||||
|
- Rebuild for selinux ppc32 issue. |
||||||
|
|
||||||
|
* Tue Aug 7 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.15-3 |
||||||
|
- Update the license field |
||||||
|
|
||||||
|
* Wed Jun 13 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.15-2 |
||||||
|
- Add patch for CVE-2007-4168. Fix bug #243892 |
||||||
|
|
||||||
|
* Wed May 30 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.15-1 |
||||||
|
- Update to 0.6.15 |
||||||
|
- Drop obsolete patch |
||||||
|
|
||||||
|
* Thu May 24 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.13-4 |
||||||
|
- Add patch for CVE-2007-2645. |
||||||
|
|
||||||
|
* Sun Feb 4 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.13-3 |
||||||
|
- Package review cleanups |
||||||
|
- Avoid multilib conflicts by using pregenerated docs |
||||||
|
|
||||||
|
* Wed Jul 26 2006 Matthias Clasen <mclasen@redhat.com> - 0.6.13-2 |
||||||
|
- Rebuild |
||||||
|
|
||||||
|
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6.13-1.1 |
||||||
|
- rebuild |
||||||
|
|
||||||
|
* Tue May 23 2006 Matthias Clasen <mclasen@redhat.com> - 0.6.13-1 |
||||||
|
- Update to 0.6.13 |
||||||
|
- Drop upstreamed patches |
||||||
|
- Don't ship static libraries |
||||||
|
|
||||||
|
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6.12-3.2.1 |
||||||
|
- bump again for double-long bug on ppc(64) |
||||||
|
|
||||||
|
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6.12-3.2 |
||||||
|
- rebuilt for new gcc4.1 snapshot and glibc changes |
||||||
|
|
||||||
|
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> |
||||||
|
- rebuilt |
||||||
|
|
||||||
|
* Fri May 6 2005 Matthias Clasen <mclasen@redhat.com> |
||||||
|
- Prevent infinite recursion (#156365) |
||||||
|
|
||||||
|
* Sun Apr 24 2005 Matthias Clasen <mclasen@redhat.com> |
||||||
|
- Fix MakerNote handling (#153282) |
||||||
|
|
||||||
|
* Mon Mar 28 2005 Matthias Clasen <mclasen@redhat.com> |
||||||
|
- Update to 0.6.12 |
||||||
|
|
||||||
|
* Tue Mar 8 2005 Marco Pesenti Gritti <mpg@redhat.com> |
||||||
|
- Add libexif-0.5.12-buffer-overflow.patch |
||||||
|
|
||||||
|
* Wed Mar 2 2005 Matthias Clasen <mclasen@redhat.com> |
||||||
|
- Rebuild with gcc4 |
||||||
|
|
||||||
|
* Tue Nov 9 2004 Matthias Saou <matthias.saou@est.une.marmotte.net> |
||||||
|
- Use %%find_lang macro. |
||||||
|
- Add %%doc files, including mandatory copy of the LGPL license. |
||||||
|
- Use %%{?_smp_mflags} |
||||||
|
- Improve the descriptions |
||||||
|
|
||||||
|
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> |
||||||
|
- rebuilt |
||||||
|
|
||||||
|
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> |
||||||
|
- rebuilt |
||||||
|
|
||||||
|
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> |
||||||
|
- rebuilt |
||||||
|
|
||||||
|
* Mon Dec 22 2003 Matt Wilson <msw@redhat.com> |
||||||
|
- Initial build. |
Loading…
Reference in new issue