Accepting request 568909 from graphics

OBS-URL: https://build.opensuse.org/request/show/568909 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libexif?expand=0&rev=41
2018-01-26 12:57:34 +00:00 · 2018-01-26 12:57:34 +00:00 · 6b1d579c29
commit 6b1d579c29
parent 6886b2a8c2 bfddd3280c
4 changed files with 109 additions and 10 deletions
--- a/CVE-2016-6328.patch
+++ b/CVE-2016-6328.patch
@ -0,0 +1,60 @@
+From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Tue, 25 Jul 2017 23:44:44 +0200
+Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
+ makernote entries.
+
+This should fix:
+https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
+---
+ libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
+index d03d159..ea0429a 100644
+--- a/libexif/pentax/mnote-pentax-entry.c
+++ b/libexif/pentax/mnote-pentax-entry.c
+@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ 		case EXIF_FORMAT_SHORT:
+ 		  {
+ 			const unsigned char *data = entry->data;
+-		  	size_t k, len = strlen(val);
+		  	size_t k, len = strlen(val), sizeleft;
+
+			sizeleft = entry->size;
+ 		  	for(k=0; k<entry->components; k++) {
+				if (sizeleft < 2)
+					break;
+ 				vs = exif_get_short (data, entry->order);
+ 				snprintf (val+len, maxlen-len, "%i ", vs);
+ 				len = strlen(val);
+ 				data += 2;
+				sizeleft -= 2;
+ 			}
+ 		  }
+ 		  break;
+ 		case EXIF_FORMAT_LONG:
+ 		  {
+ 			const unsigned char *data = entry->data;
+-		  	size_t k, len = strlen(val);
+		  	size_t k, len = strlen(val), sizeleft;
+
+			sizeleft = entry->size;
+ 		  	for(k=0; k<entry->components; k++) {
+				if (sizeleft < 4)
+					break;
+ 				vl = exif_get_long (data, entry->order);
+ 				snprintf (val+len, maxlen-len, "%li", (long int) vl);
+ 				len = strlen(val);
+ 				data += 4;
+				sizeleft -= 4;
+ 			}
+ 		  }
+ 		  break;
+@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ 		break;
+ 	}
+ 
+-	return (val);
+	return val;
+ }
--- a/CVE-2017-7544.patch
+++ b/CVE-2017-7544.patch
@ -0,0 +1,20 @@
+Index: libexif/exif-data.c
+===================================================================
+RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
+retrieving revision 1.131
+diff -u -r1.131 exif-data.c
+--- libexif/exif-data.c	12 Jul 2012 17:28:26 -0000	1.131
+++ libexif/exif-data.c	25 Jul 2017 21:34:06 -0000
+@@ -255,6 +255,12 @@
+ 			exif_mnote_data_set_offset (data->priv->md, *ds - 6);
+ 			exif_mnote_data_save (data->priv->md, &e->data, &e->size);
+ 			e->components = e->size;
+			if (exif_format_get_size (e->format) != 1) {
+				/* e->format is taken from input code,
+				 * but we need to make sure it is a 1 byte
+				 * entity due to the multiplication below. */
+				e->format = EXIF_FORMAT_UNDEFINED;
+			}
+ 		}
+ 	}
+ 
--- a/libexif.changes
+++ b/libexif.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Wed Jan 24 11:36:21 UTC 2018 - jengelh@inai.de
+
+- Remove %__-type macro indirections. Fix SRPM group.
+- Use %_smp_mflags for parallel build.
+- Drop pointless --with-pic (no effect since --disable-static).
+
+-------------------------------------------------------------------
+Wed Jan 17 09:32:25 UTC 2018 - kbabioch@suse.com
+
+- Add CVE-2016-6328.patch: Fix integer overflow in parsing MNOTE
+  entry data of the input file (bnc#1055857)
+- Add CVE-2017-7544.patch: Fix vulnerable out-of-bounds heap read
+  vulnerability (bnc#1059893)
+
 -------------------------------------------------------------------
 Mon Aug  7 15:10:07 UTC 2017 - meissner@suse.com

--- a/libexif.spec
+++ b/libexif.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libexif
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,25 +17,26 @@


 Name:           libexif
-BuildRequires:  doxygen
-BuildRequires:  pkg-config
+Version:        0.6.21
+Release:        0
 Url:            http://libexif.sourceforge.net
 Summary:        An EXIF Tag Parsing Library for Digital Cameras
 License:        LGPL-2.1+
-Group:          System/Libraries
-Version:        0.6.21
-Release:        0
+Group:          Development/Libraries/C and C++
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Source0:        https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2
 Source1:        baselibs.conf
 Patch0:         libexif-build-date.patch
+Patch1:         CVE-2016-6328.patch
+Patch2:         CVE-2017-7544.patch
+BuildRequires:  doxygen
+BuildRequires:  pkg-config

 %define pname libexif12

 %define debug_package_requires %{pname} = %{version}-%{release}

 %package -n %{pname}
-
 Summary:        An EXIF Tag Parsing Library for Digital Cameras
 Group:          System/Libraries
 Provides:       libexif = %{version}
@ -62,12 +63,15 @@ digital cameras.
 %prep 
 %setup -q
 %patch0 -p1
+%patch1 -p1
+%patch2 -p0
+
 %build
 export CFLAGS="%optflags $(getconf LFS_CFLAGS)"
-%configure --with-pic \
+%configure \
 	--disable-static \
 	--with-doc-dir=%{_docdir}/%{name}
-%{__make} %{?jobs:-j%jobs}
+make %{?_smp_mflags}

 %check
 make check
@ -75,7 +79,7 @@ make check
 %install
 %makeinstall
 %find_lang %{name}-12
-%{__rm} -f %{buildroot}%{_libdir}/*.la
+rm -f %{buildroot}/%{_libdir}/*.la

 %post -n %{pname} -p /sbin/ldconfig