From 75b56185ddf3aadc70e599e0db2eee52efb5ebc5 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 19 2021 13:03:56 +0000 Subject: import compat-exiv2-023-0.23-2.el7_9 --- diff --git a/SOURCES/exiv2-CVE-2021-31291.patch b/SOURCES/exiv2-CVE-2021-31291.patch new file mode 100644 index 0000000..653059e --- /dev/null +++ b/SOURCES/exiv2-CVE-2021-31291.patch @@ -0,0 +1,26 @@ +From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001 +From: Pydera +Date: Thu, 8 Apr 2021 17:36:16 +0200 +Subject: [PATCH] Fix out of buffer access in #1529 + +--- + src/jp2image.cpp | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/jp2image.cpp b/src/jp2image.cpp +index c3fc1eb..09218b1 100644 +--- a/src/jp2image.cpp ++++ b/src/jp2image.cpp +@@ -191,9 +191,10 @@ namespace Exiv2 + #endif + return; + } +- if (box.boxLength == 1) ++ if (box.boxLength < 8) + { +- // FIXME. Special case. the real box size is given in another place. ++ // box is broken, so there is nothing we can do here ++ throw Error(14); + } + + switch(box.boxType) diff --git a/SPECS/compat-exiv2-023.spec b/SPECS/compat-exiv2-023.spec index 591a4f6..9bc2738 100644 --- a/SPECS/compat-exiv2-023.spec +++ b/SPECS/compat-exiv2-023.spec @@ -10,6 +10,9 @@ Source0: http://www.exiv2.org/exiv2-%{version}.tar.gz ## upstream patches +## security patches +Patch100: exiv2-CVE-2021-31291.patch + BuildRequires: expat-devel BuildRequires: gettext BuildRequires: pkgconfig @@ -25,6 +28,8 @@ applications and libraries using exiv2 and build prior to exiv2 0.26 update. %prep %setup -q -n exiv2-%{version} +%patch100 -p1 -b .CVE-2021-31291 + %build %configure \ --disable-rpath \ @@ -62,6 +67,10 @@ chmod 755 %{buildroot}%{_libdir}/libexiv2.so.* %changelog +* Thu Aug 12 2021 Jan Grulich - 0.23-3 +- Fix heap-based buffer overflow vulnerability in jp2image.cpp + Resolves: bz#1990393 + * Mon Jun 18 2018 Jan Grulich - 0.23-2 - Remove Windows binaries from the tarball Resolves: bz#1568618