From a3db16dbfd2b567a14f11ef0b7678ea642580d09 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 01 2019 18:48:14 +0000 Subject: import exempi-2.2.0-9.el7 --- diff --git a/.exempi.metadata b/.exempi.metadata new file mode 100644 index 0000000..9ed5c0e --- /dev/null +++ b/.exempi.metadata @@ -0,0 +1 @@ +8c90ee42fef86890e4850c3562f8044f9cd66cfb SOURCES/exempi-2.2.0.tar.bz2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..24b43e3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/exempi-2.2.0.tar.bz2 diff --git a/SOURCES/CVE-2017-18233.patch b/SOURCES/CVE-2017-18233.patch new file mode 100644 index 0000000..86d7cd0 --- /dev/null +++ b/SOURCES/CVE-2017-18233.patch @@ -0,0 +1,27 @@ +From 1b08dc2917b5d5972a3f87be3e9b76a4f3398d8d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= +Date: Mon, 14 Aug 2017 23:57:51 -0400 +Subject: [PATCH 1/5] Bug 102151 - RIFF: fix an infinite loop cause by an + overflow + +--- + source/XMPFiles/FormatSupport/RIFF.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/source/XMPFiles/FormatSupport/RIFF.cpp b/source/XMPFiles/FormatSupport/RIFF.cpp +index 3992edd..00f67e5 100644 +--- a/source/XMPFiles/FormatSupport/RIFF.cpp ++++ b/source/XMPFiles/FormatSupport/RIFF.cpp +@@ -155,7 +155,8 @@ Chunk::Chunk( ContainerChunk* parent, RIFF_MetaHandler* handler, bool skip, Chun + + this->oldPos = LFA_Tell( file ); + this->id = LFA_ReadUns32_LE( file ); +- this->oldSize = LFA_ReadUns32_LE( file ) + 8; ++ this->oldSize = LFA_ReadUns32_LE( file ); ++ this->oldSize += 8; + + // Make sure the size is within expected bounds. + XMP_Int64 chunkEnd = this->oldPos + this->oldSize; +-- +2.17.2 + diff --git a/SOURCES/CVE-2017-18234.patch b/SOURCES/CVE-2017-18234.patch new file mode 100644 index 0000000..988233e --- /dev/null +++ b/SOURCES/CVE-2017-18234.patch @@ -0,0 +1,93 @@ +From 70567edd9fc8753cc176de02b1d96f504a14e82c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= +Date: Sun, 26 Mar 2017 01:10:11 -0400 +Subject: [PATCH 2/5] Bug 100397 - Fix crash on malformed JPEG file + +--- + source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp | 10 +++++++--- + source/XMPFiles/FormatSupport/TIFF_Support.hpp | 13 ++++++++++++- + source/common/EndianUtils.hpp | 9 +++++++++ + 3 files changed, 28 insertions(+), 4 deletions(-) + +diff --git a/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp b/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp +index 316cea0..1446cb4 100644 +--- a/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp ++++ b/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp +@@ -65,7 +65,7 @@ void TIFF_MemoryReader::SortIFD ( TweakedIFDInfo* thisIFD ) + } else if ( thisTag == prevTag ) { + + // Duplicate tag, keep the 2nd copy, move the tail of the array up, prevTag is unchanged. +- memcpy ( &ifdEntries[i-1], &ifdEntries[i], 12*(tagCount-i) ); // AUDIT: Safe, moving tail forward, i >= 1. ++ memmove ( &ifdEntries[i-1], &ifdEntries[i], 12*(tagCount-i) ); // may overlap -- Hub + --tagCount; + --i; // ! Don't move forward in the array, we've moved the unseen part up. + +@@ -81,7 +81,7 @@ void TIFF_MemoryReader::SortIFD ( TweakedIFDInfo* thisIFD ) + + // Out of order duplicate, move it to position j, move the tail of the array up. + ifdEntries[j] = ifdEntries[i]; +- memcpy ( &ifdEntries[i], &ifdEntries[i+1], 12*(tagCount-(i+1)) ); // AUDIT: Safe, moving tail forward, i >= 1. ++ memmove ( &ifdEntries[i], &ifdEntries[i+1], 12*(tagCount-(i+1)) ); // may overlap -- Hub + --tagCount; + --i; // ! Don't move forward in the array, we've moved the unseen part up. + +@@ -212,7 +212,11 @@ bool TIFF_MemoryReader::GetTag ( XMP_Uns8 ifd, XMP_Uns16 id, TagInfo* info ) con + info->dataLen = thisTag->bytes; + + info->dataPtr = this->GetDataPtr ( thisTag ); +- ++ // Here we know that if it is NULL, it is wrong. -- Hub ++ // GetDataPtr will return NULL in case of overflow. ++ if (info->dataPtr == NULL) { ++ return false; ++ } + } + + return true; +diff --git a/source/XMPFiles/FormatSupport/TIFF_Support.hpp b/source/XMPFiles/FormatSupport/TIFF_Support.hpp +index 9af76c4..95badba 100644 +--- a/source/XMPFiles/FormatSupport/TIFF_Support.hpp ++++ b/source/XMPFiles/FormatSupport/TIFF_Support.hpp +@@ -723,7 +723,18 @@ private: + const TweakedIFDEntry* FindTagInIFD ( XMP_Uns8 ifd, XMP_Uns16 id ) const; + + const inline void* GetDataPtr ( const TweakedIFDEntry* tifdEntry ) const +- { if ( tifdEntry->bytes <= 4 ) return &tifdEntry->dataOrPos; else return (this->tiffStream + tifdEntry->dataOrPos); }; ++ { if ( GetUns32AsIs(&tifdEntry->bytes) <= 4 ) { ++ return &tifdEntry->dataOrPos; ++ } else { ++ XMP_Uns32 pos = GetUns32AsIs(&tifdEntry->dataOrPos); ++ if (pos + GetUns32AsIs(&tifdEntry->bytes) > this->tiffLength) { ++ // Invalid file. ++ // The data is past the length of the TIFF. ++ return NULL; ++ } ++ return (this->tiffStream + pos); ++ } ++ } + + static inline void NotAppropriate() { XMP_Throw ( "Not appropriate for TIFF_Reader", kXMPErr_InternalFailure ); }; + +diff --git a/source/common/EndianUtils.hpp b/source/common/EndianUtils.hpp +index 59e2e32..0e2e2fe 100644 +--- a/source/common/EndianUtils.hpp ++++ b/source/common/EndianUtils.hpp +@@ -148,6 +148,15 @@ GetUns32LE ( const void * addr ) + + // ------------------------------------------------------------------------------------------------- + ++static inline XMP_Uns32 ++GetUns32AsIs ( const void * addr ) ++{ ++ XMP_Uns32 value = *((XMP_Uns32*)addr); ++ return value; // Use this to avoid SPARC failure to handle unaligned loads and stores. ++} ++ ++// ------------------------------------------------------------------------------------------------- ++ + static inline XMP_Uns64 + GetUns64BE ( const void * addr ) + { +-- +2.17.2 + diff --git a/SOURCES/CVE-2017-18236.patch b/SOURCES/CVE-2017-18236.patch new file mode 100644 index 0000000..ec45a6c --- /dev/null +++ b/SOURCES/CVE-2017-18236.patch @@ -0,0 +1,25 @@ +From 6e59eea0adc5d8e0a1fc30a509a229b79e93d785 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= +Date: Fri, 2 Feb 2018 09:55:53 -0500 +Subject: [PATCH 3/5] Bug 102484 - Fix an infinite loop in ASF parser. + +--- + source/XMPFiles/FormatSupport/ASF_Support.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/source/XMPFiles/FormatSupport/ASF_Support.cpp b/source/XMPFiles/FormatSupport/ASF_Support.cpp +index 1180f9d..e57b56d 100644 +--- a/source/XMPFiles/FormatSupport/ASF_Support.cpp ++++ b/source/XMPFiles/FormatSupport/ASF_Support.cpp +@@ -266,6 +266,8 @@ bool ASF_Support::ReadHeaderObject ( LFA_FileRef fileRef, ObjectState& inOutObje + + this->ReadHeaderExtensionObject ( fileRef, inOutObjectState, pos, objectBase ); + ++ } else if (objectBase.size == 0) { ++ break; + } + + pos += objectBase.size; +-- +2.17.2 + diff --git a/SOURCES/CVE-2017-18238.patch b/SOURCES/CVE-2017-18238.patch new file mode 100644 index 0000000..25a3b85 --- /dev/null +++ b/SOURCES/CVE-2017-18238.patch @@ -0,0 +1,26 @@ +From 6b8fdef590ee1a68fa62eb3cc201e61081800f9f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= +Date: Thu, 1 Feb 2018 21:02:45 -0500 +Subject: [PATCH 4/5] Bug 102483 - Fix an infinite loop in QuickTime parser. + +--- + source/XMPFiles/FormatSupport/QuickTime_Support.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/source/XMPFiles/FormatSupport/QuickTime_Support.cpp b/source/XMPFiles/FormatSupport/QuickTime_Support.cpp +index 31091ea..94ca145 100644 +--- a/source/XMPFiles/FormatSupport/QuickTime_Support.cpp ++++ b/source/XMPFiles/FormatSupport/QuickTime_Support.cpp +@@ -737,7 +737,8 @@ bool TradQT_Manager::ParseCachedBoxes ( const MOOV_Manager & moovMgr ) + + miniLen = 4 + GetUns16BE ( boxPtr ); // ! Include header in local miniLen. + macLang = GetUns16BE ( boxPtr+2); +- if ( (miniLen <= 4) || (miniLen > (boxEnd - boxPtr)) ) continue; // Ignore bad or empty values. ++ if ( (miniLen <= 4) || (miniLen > (boxEnd - boxPtr)) ) ++ break; // Ignore bad or empty values. + + XMP_StringPtr valuePtr = (char*)(boxPtr+4); + size_t valueLen = miniLen - 4; +-- +2.17.2 + diff --git a/SOURCES/CVE-2018-7730.patch b/SOURCES/CVE-2018-7730.patch new file mode 100644 index 0000000..e5f3335 --- /dev/null +++ b/SOURCES/CVE-2018-7730.patch @@ -0,0 +1,29 @@ +From d942fea1cf7891818de357e08319d881b0f2f0df Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= +Date: Sun, 25 Feb 2018 13:28:28 -0500 +Subject: [PATCH 5/5] Bug 105204 - Fix a buffer overflow in PSD parser + +--- + source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp b/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp +index 0e57b49..bed14b0 100644 +--- a/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp ++++ b/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp +@@ -291,6 +291,12 @@ void PSIR_FileWriter::ParseFileResources ( LFA_FileRef fileRef, XMP_Uns32 length + ioBuf.ptr += paddedLen; // Move to the data length. + XMP_Uns32 dataLen = GetUns32BE(ioBuf.ptr); + XMP_Uns32 dataTotal = ((dataLen + 1) & 0xFFFFFFFEUL); // Round up to an even total. ++ // See bug https://bugs.freedesktop.org/show_bug.cgi?id=105204 ++ // If dataLen is 0xffffffff, then dataTotal might be 0 ++ // and therefor make the CheckFileSpace test pass. ++ if (dataTotal < dataLen) { ++ break; ++ } + ioBuf.ptr += 4; // Advance to the resource data. + + XMP_Int64 thisDataPos = ioBuf.filePos + (ioBuf.ptr - ioBuf.data); +-- +2.17.2 + diff --git a/SPECS/exempi.spec b/SPECS/exempi.spec new file mode 100644 index 0000000..9a70823 --- /dev/null +++ b/SPECS/exempi.spec @@ -0,0 +1,158 @@ +Summary: Library for easy parsing of XMP metadata +Name: exempi +Version: 2.2.0 +Release: 9%{?dist} +License: BSD +Group: System Environment/Libraries +URL: http://libopenraw.freedesktop.org/wiki/Exempi +Source0: http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2 +Patch0: CVE-2017-18233.patch +Patch1: CVE-2017-18234.patch +Patch2: CVE-2017-18236.patch +Patch3: CVE-2017-18238.patch +Patch4: CVE-2018-7730.patch + +BuildRequires: boost-devel expat-devel zlib-devel pkgconfig +Provides: bundled(md5-polstra) + +%description +Exempi provides a library for easy parsing of XMP metadata. It is a port of +Adobe XMP SDK to work on UNIX and to be build with GNU automake. +It includes XMPCore and XMPFiles. + +%package devel +Summary: Headers for developing programs that will use %{name} +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig + +%description devel +This package contains the libraries and header files needed for +developing with exempi. + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 + +%build + +# BanEntityUsage needed for #888765 +%configure CPPFLAGS="-I%{_includedir} -fno-strict-aliasing -DBanAllEntityUsage=1" + +# Disable rpath +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + +make %{?_smp_mflags} V=1 + +%check +make check + +%install +make DESTDIR=%{buildroot} install + +rm -rf %{buildroot}%{_libdir}/*.la +rm -rf %{buildroot}%{_libdir}/*.a + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%doc AUTHORS ChangeLog COPYING README +%{_bindir}/exempi +%{_libdir}/*.so.* + +%files devel +%{_includedir}/exempi-2.0/ +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc + +%changelog +* Wed Dec 05 2018 Nikola Forró - 2.2.0-9 +- Fix CVE-2017-18233 + resolves: #1574865 +- Fix CVE-2017-18234 + resolves: #1656011 +- Fix CVE-2017-18236 + resolves: #1574905 +- Fix CVE-2017-18238 + resolves: #1572270 +- Fix CVE-2018-7730 + resolves: #1572631 + +* Fri Jan 24 2014 Daniel Mach - 2.2.0-8 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 2.2.0-7 +- Mass rebuild 2013-12-27 + +* Wed Jan 30 2013 Stanislav Ochotnicky - 2.2.0-6 +- Get rid of unnecessary LDFLAGS definition overwriting RPM flags + +* Wed Jan 02 2013 Stanislav Ochotnicky - 2.2.0-5 +- Make sure we respect RPM_OPT_FLAGS and simplify configure (#889554) + +* Wed Dec 19 2012 Stanislav Ochotnicky - 2.2.0-4 +- Add BanAllEntityUsage into macro definitions (#888765) + +* Thu Aug 16 2012 Mikolaj Izdebski - 2.2.0-3 +- Add bundled(md5-polstra) provides +- Update to current guidelines + +* Thu Jul 19 2012 Fedora Release Engineering - 2.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Feb 22 2012 Deji Akingunola - 2.2.0-1 +- Update to version 2.2.0 + +* Fri Jan 13 2012 Fedora Release Engineering - 2.1.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Feb 08 2011 Fedora Release Engineering - 2.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon May 3 2010 Stanislav Ochotnicky - 2.1.1-1 +- Update to 2.1.1 +- Add testsuite execution +- Removed build patch for gcc-4.4 (fixed in upstream) + +* Fri Jul 24 2009 Fedora Release Engineering - 2.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Feb 24 2009 Fedora Release Engineering - 2.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Feb 04 2009 Deji Akingunola - 2.1.0-2 +- Add patch to build with gcc-4.4 + +* Tue Jan 06 2009 Deji Akingunola - 2.1.0-1 +- Update to 2.1.0 + +* Sat May 17 2008 Deji Akingunola - 2.0.1-1 +- Update to 2.0.1 + +* Wed Apr 02 2008 Deji Akingunola - 2.0.0-1 +- Update to 2.0.0 + +* Fri Feb 08 2008 Deji Akingunola - 1.99.9-1 +- Update to 1.99.9 + +* Sun Jan 13 2008 Deji Akingunola - 1.99.7-1 +- Update to 1.99.7 + +* Mon Dec 03 2007 Deji Akingunola - 1.99.5-1 +- Update to 1.99.5 + +* Wed Sep 05 2007 Deji Akingunola - 1.99.4-2 +- Rebuild for expat 2.0 + +* Wed Aug 22 2007 Deji Akingunola - 1.99.4-1 +- Update tp 1.99.4 + +* Tue Jul 10 2007 Deji Akingunola - 1.99.3-1 +- Initial packaging for Fedora