Accepting request 807015 from graphics

- libexif-0.6.22 (2020-05-18) release: * New translations: ms * Updated translations for most languages * Fixed C89 compatibility * Fixed warnings on recent versions of autoconf * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER * Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others. * CVE-2018-20030: Fix for recursion DoS (bsc#1120943) * CVE-2020-13114: Time consumption DoS when parsing canon array markers * CVE-2020-13113: Potential use of uninitialized memory * CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes * CVE-2020-0093: read overflow (bsc#1171847) * CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs (bsc#1160770) * CVE-2020-12767: fixed division by zero (bsc#1171475) * CVE-2016-6328: fixed integer overflow when parsing maker notes (bsc#1171475) * CVE-2017-7544: fixed buffer overread (bsc#1059893) - removed patch: libexif-build-date.patch (done similar upstream) - CVE-2016-6328.patch: in upstream release - CVE-2017-7544.patch: in upstream release OBS-URL: https://build.opensuse.org/request/show/807015 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libexif?expand=0&rev=42
2020-05-20 16:37:08 +00:00 · 2020-05-20 16:37:08 +00:00 · 652c8ff73f
commit 652c8ff73f
parent 6b1d579c29 836f9b2472
9 changed files with 8576 additions and 109 deletions
--- a/CVE-2016-6328.patch
+++ b/CVE-2016-6328.patch
@ -1,60 +0,0 @@
 From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
 From: Marcus Meissner <marcus@jet.franken.de>
 Date: Tue, 25 Jul 2017 23:44:44 +0200
 Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
 makernote entries.
 This should fix:
 https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
 ---
 libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)
 diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
 index d03d159..ea0429a 100644
 --- a/libexif/pentax/mnote-pentax-entry.c
 +++ b/libexif/pentax/mnote-pentax-entry.c
@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
 		case EXIF_FORMAT_SHORT:
 		  {
 			const unsigned char *data = entry->data;
 -		  	size_t k, len = strlen(val);
 +		  	size_t k, len = strlen(val), sizeleft;
 +
 +			sizeleft = entry->size;
 		  	for(k=0; k<entry->components; k++) {
 +				if (sizeleft < 2)
 +					break;
 				vs = exif_get_short (data, entry->order);
 				snprintf (val+len, maxlen-len, "%i ", vs);
 				len = strlen(val);
 				data += 2;
 +				sizeleft -= 2;
 			}
 		  }
 		  break;
 		case EXIF_FORMAT_LONG:
 		  {
 			const unsigned char *data = entry->data;
 -		  	size_t k, len = strlen(val);
 +		  	size_t k, len = strlen(val), sizeleft;
 +
 +			sizeleft = entry->size;
 		  	for(k=0; k<entry->components; k++) {
 +				if (sizeleft < 4)
 +					break;
 				vl = exif_get_long (data, entry->order);
 				snprintf (val+len, maxlen-len, "%li", (long int) vl);
 				len = strlen(val);
 				data += 4;
 +				sizeleft -= 4;
 			}
 		  }
 		  break;
@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
 		break;
 	}
 -	return (val);
 +	return val;
 }
--- a/CVE-2017-7544.patch
+++ b/CVE-2017-7544.patch
@ -1,20 +0,0 @@
 Index: libexif/exif-data.c
 ===================================================================
 RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
 retrieving revision 1.131
 diff -u -r1.131 exif-data.c
 --- libexif/exif-data.c	12 Jul 2012 17:28:26 -0000	1.131
 +++ libexif/exif-data.c	25 Jul 2017 21:34:06 -0000
@@ -255,6 +255,12 @@
 			exif_mnote_data_set_offset (data->priv->md, *ds - 6);
 			exif_mnote_data_save (data->priv->md, &e->data, &e->size);
 			e->components = e->size;
 +			if (exif_format_get_size (e->format) != 1) {
 +				/* e->format is taken from input code,
 +				 * but we need to make sure it is a 1 byte
 +				 * entity due to the multiplication below. */
 +				e->format = EXIF_FORMAT_UNDEFINED;
 +			}
 		}
 	}
--- a/libexif-0.6.21.tar.bz2
+++ b/libexif-0.6.21.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a
 size 1368435
--- a/libexif-0.6.22.tar.bz2
+++ b/libexif-0.6.22.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:8672d93172a0cd022aba49ede265d2d3f1aa0977c62dec5bda5e108cad237233
 size 1900414
--- a/libexif-0.6.22.tar.bz2.asc
+++ b/libexif-0.6.22.tar.bz2.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEfEr9Ydiq51cHlqUXIgnWkC+WnJUFAl7CsXsACgkQIgnWkC+W
 nJWv7Q//UNlR0Cf5I+skfhwcCnEu3V5gikptwSHBunMzLyC6YH39uoAScT2Ist4A
 KRRe1INM8Z2W13o7wW0rTdCRlVV/zWmLNjSYgU6Wr0nohG7l38VM6uyvZQjb+4yR
 8IkXYy3uurWQDm2MpTJrWpNQoEoX3sSXzUVOD4VMBqz4C/c4BmRpe7e0YkdkeobR
 XFgiita0umBX/DXeWwjRF2nbkgJOKGCzGeAcQzC9SIfemT2WvuBLqfVHSUTBYIHI
 MsZibvSh7CQdTnpeL80r5nfL2GjJeyhLYwFLa4yUGYrQ0/IpGBwNqmy6qqc5jQMk
 7mVdAg/gnUF4EY+0w8i+91e6pu2FF7WExoANjosU59V+YNqqKf0mgdk1BjLdSmBv
 4n6PFp7STQdU8zzgVhxDc2eEHfbBpvmRfL8iByx4ilTzl/awPOjeIREWBD2lailc
 1ICJoXIO6gT9euQvBnnCINOdZ+jN/cPSMPRfO6mGg1HfjW2zcyaAPqYBV94sCCf2
 IheRM1qiVF5UYAwKIt6VE/YxjnJuUvN2p4m++R9LGOBd96Lvp4TB+HltcwpPV0EO
 cEcvEJmTtWKZMTycXIzvrR+qHvwfiduXbLulCQw55r8UHd7k5X8uFlt0TAebY/9q
 qALFCoAbICw0AUZGXqUAl/G6PqtjzM68C/3RmM6aPKFPHn6PBZI=
 =0Wku
 -----END PGP SIGNATURE-----
--- a/libexif-build-date.patch
+++ b/libexif-build-date.patch
@ -1,14 +0,0 @@
 --- libexif-0.6.21.orig/doc/Doxyfile-internals.in
 +++ libexif-0.6.21/doc/Doxyfile-internals.in
@@ -1214,3 +1214,4 @@ DOT_CLEANUP            = YES
 # used. If set to NO the values of all tags below this one will be ignored.
 SEARCHENGINE           = NO
 +HTML_TIMESTAMP         = NO
 --- libexif-0.6.21.orig/doc/Doxyfile.in
 +++ libexif-0.6.21/doc/Doxyfile.in
@@ -1214,3 +1214,4 @@ DOT_CLEANUP            = YES
 # used. If set to NO the values of all tags below this one will be ignored.
 SEARCHENGINE           = NO
 +HTML_TIMESTAMP         = NO
--- a/libexif.changes
+++ b/libexif.changes
@ -1,3 +1,37 @@
 -------------------------------------------------------------------
 Mon May 18 16:08:17 UTC 2020 - Marcus Meissner <meissner@suse.com>
 - libexif-0.6.22 (2020-05-18) release:
  * New translations: ms
  * Updated translations for most languages
  * Fixed C89 compatibility
  * Fixed warnings on recent versions of autoconf
  * Some useful EXIF 2.3 tag added:
    * EXIF_TAG_GAMMA
    * EXIF_TAG_COMPOSITE_IMAGE
    * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
    * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
    * EXIF_TAG_GPS_H_POSITIONING_ERROR
    * EXIF_TAG_CAMERA_OWNER_NAME
    * EXIF_TAG_BODY_SERIAL_NUMBER
    * EXIF_TAG_LENS_SPECIFICATION
    * EXIF_TAG_LENS_MAKE
    * EXIF_TAG_LENS_MODEL
    * EXIF_TAG_LENS_SERIAL_NUMBER
  * Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others.
    * CVE-2018-20030: Fix for recursion DoS (bsc#1120943)
    * CVE-2020-13114: Time consumption DoS when parsing canon array markers
    * CVE-2020-13113: Potential use of uninitialized memory 
    * CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes
    * CVE-2020-0093: read overflow (bsc#1171847)
    * CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs (bsc#1160770)
    * CVE-2020-12767: fixed division by zero (bsc#1171475)
    * CVE-2016-6328: fixed integer overflow when parsing maker notes (bsc#1171475)
    * CVE-2017-7544: fixed buffer overread (bsc#1059893)
 - removed patch: libexif-build-date.patch (done similar upstream)
 - CVE-2016-6328.patch: in upstream release
 - CVE-2017-7544.patch: in upstream release
 -------------------------------------------------------------------
 Wed Jan 24 11:36:21 UTC 2018 - jengelh@inai.de
--- a/libexif.keyring
+++ b/libexif.keyring
--- a/libexif.spec
+++ b/libexif.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libexif
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,23 +12,22 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 Name:           libexif
-Version:        0.6.21
+Version:        0.6.22
 Release:        0
-Url:            http://libexif.sourceforge.net
+URL:            http://libexif.sourceforge.net
 Summary:        An EXIF Tag Parsing Library for Digital Cameras
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Source0:        https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2
+Source0:        %{name}-%{version}.tar.bz2
 Source2:        %{name}-%{version}.tar.bz2.asc
 Source3:        %name.keyring
 Source1:        baselibs.conf
 Patch0:         libexif-build-date.patch
 Patch1:         CVE-2016-6328.patch
 Patch2:         CVE-2017-7544.patch
 BuildRequires:  doxygen
 BuildRequires:  pkg-config
@ -62,9 +61,6 @@ digital cameras.
 %prep 
 %setup -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p0
 %build
 export CFLAGS="%optflags $(getconf LFS_CFLAGS)"