Hello community, here is the log from the commit of package exiv2 for openSUSE:Factory checked in at 2017-10-23 16:39:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/exiv2 (Old) and /work/SRC/openSUSE:Factory/.exiv2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exiv2" Mon Oct 23 16:39:10 2017 rev:47 rq:534384 version:0.26 Changes: -------- --- /work/SRC/openSUSE:Factory/exiv2/exiv2.changes 2017-09-15 21:02:37.560814964 +0200 +++ /work/SRC/openSUSE:Factory/.exiv2.new/exiv2.changes 2017-10-23 16:39:19.619897790 +0200 @@ -1,0 +2,9 @@ +Tue Oct 17 09:34:26 UTC 2017 - [email protected] + +- add 0001-Use-more-GNUInstallDirs.patch (bsc#938600) +- add d4e4288d839d0d9546a05986771f8738c382060c.patch ( + CVE-2017-14864 bsc#1060995, + CVE-2017-14862 bsc#1060996, + CVE-2017-14859 bsc#1061000) + +------------------------------------------------------------------- New: ---- 0001-Use-more-GNUInstallDirs.patch d4e4288d839d0d9546a05986771f8738c382060c.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exiv2.spec ++++++ --- /var/tmp/diff_new_pack.usSBT2/_old 2017-10-23 16:39:21.339817299 +0200 +++ /var/tmp/diff_new_pack.usSBT2/_new 2017-10-23 16:39:21.343817113 +0200 @@ -31,6 +31,8 @@ Patch3: gcc-version-check.patch # PATCH-FIX-UPSTREAM fix-crash.patch boo#1051782 -- prevent crashes in gwenview with certain images Patch4: fix-crash.patch +Patch5: https://github.com/Exiv2/exiv2/commit/d4e4288d839d0d9546a05986771f8738c382060c.patch +Patch6: 0001-Use-more-GNUInstallDirs.patch BuildRequires: cmake BuildRequires: doxygen BuildRequires: fdupes @@ -75,10 +77,12 @@ %patch2 %patch3 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 %build export CXXFLAGS="%optflags $(getconf LFS_CFLAGS)" -%{cmake} \ +%cmake \ -DEXIV2_ENABLE_BUILD_PO:BOOL=ON \ -DEXIV2_ENABLE_BUILD_SAMPLES:BOOL=OFF make %{?_smp_mflags} ++++++ 0001-Use-more-GNUInstallDirs.patch ++++++ >From fc74fddc10032dd9487ee8102aa84a8baca71578 Mon Sep 17 00:00:00 2001 From: Andreas Sturmlechner <[email protected]> Date: Sun, 20 Aug 2017 21:50:15 +0200 Subject: [PATCH] Use more GNUInstallDirs Conveniently fixes multiarch install dir issues. (cherry picked from commit aa6374b202bc5b2fbf67c3dded844d994d27246d) --- CMakeLists.txt | 2 ++ config/CMakeChecks.txt | 2 -- config/exiv2.pc.cmake | 4 ++-- po/CMakeLists.txt | 2 +- samples/CMakeLists.txt | 2 +- src/CMakeLists.txt | 6 +++++- 6 files changed, 11 insertions(+), 7 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 7034bb67..23047949 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -26,6 +26,8 @@ else() SET(CMAKE_MACOSX_RPATH 1) endif() +INCLUDE( GNUInstallDirs ) + SET( PACKAGE_COPYRIGHT "Andreas Huggel" ) SET( PACKAGE_BUGREPORT "[email protected]" ) SET( PACKAGE "exiv2" ) diff --git a/config/CMakeChecks.txt b/config/CMakeChecks.txt index 77922930..5d4d59ab 100644 --- a/config/CMakeChecks.txt +++ b/config/CMakeChecks.txt @@ -37,8 +37,6 @@ INCLUDE( CheckSymbolExists ) INCLUDE( CheckCSourceCompiles ) INCLUDE( CheckCXXSourceCompiles ) -INCLUDE( GNUInstallDirs ) - INCLUDE( FindIconv ) SET( STDC_HEADERS ON ) diff --git a/config/exiv2.pc.cmake b/config/exiv2.pc.cmake index 256f8ac6..afc16e2b 100644 --- a/config/exiv2.pc.cmake +++ b/config/exiv2.pc.cmake @@ -1,7 +1,7 @@ prefix=@CMAKE_INSTALL_PREFIX@ exec_prefix=${prefix} -libdir=${prefix}/lib -includedir=${prefix}/include +libdir=@CMAKE_INSTALL_FULL_LIBDIR@ +includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@ Name: exiv2 Description: Exif and IPTC metadata library and tools diff --git a/po/CMakeLists.txt b/po/CMakeLists.txt index 63b37733..69e8414b 100644 --- a/po/CMakeLists.txt +++ b/po/CMakeLists.txt @@ -9,7 +9,7 @@ FILE(GLOB PO_FILES *.po) if ( NOT MSVC ) - set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin) + set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_BINDIR}) endif() UPDATE_TRANSLATIONS(exiv2 ${PO_FILES}) diff --git a/samples/CMakeLists.txt b/samples/CMakeLists.txt index 9690aa0e..0b58f6d8 100644 --- a/samples/CMakeLists.txt +++ b/samples/CMakeLists.txt @@ -6,7 +6,7 @@ # For details see the accompanying COPYING-CMAKE-SCRIPTS file. if ( NOT MSVC ) - set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin) + set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_BINDIR}) endif() include_directories("${CMAKE_SOURCE_DIR}/include" "${CMAKE_SOURCE_DIR}/src") diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index aecd6215..58de15f6 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -308,7 +308,11 @@ IF (CYGWIN OR MINGW) TARGET_LINK_LIBRARIES( exiv2lib ${PRIVATE_VAR} psapi ws2_32 ) ENDIF(CYGWIN OR MINGW) -INSTALL( TARGETS exiv2lib ${INSTALL_TARGET_STANDARD_ARGS} ) +INSTALL(TARGETS exiv2lib + RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} +) include(../CMake_msvc.txt) msvc_runtime_configure(${EXIV2_ENABLE_SHARED} ${EXIV2_ENABLE_DYNAMIC_RUNTIME}) -- 2.14.1 ++++++ d4e4288d839d0d9546a05986771f8738c382060c.patch ++++++ >From d4e4288d839d0d9546a05986771f8738c382060c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <[email protected]> Date: Sat, 7 Oct 2017 23:08:36 +0200 Subject: [PATCH] Fix for CVE-2017-14864, CVE-2017-14862 and CVE-2017-14859 The invalid memory dereference in Exiv2::getULong()/Exiv2::StringValueBase::read()/Exiv2::DataValue::read() is caused further up the call-stack, by v->read(pData, size, byteOrder) in TiffReader::readTiffEntry() passing an invalid pData pointer (pData points outside of the Tiff file). pData can be set out of bounds in the (size > 4) branch where baseOffset() and offset are added to pData_ without checking whether the result is still in the file. As offset comes from an untrusted source, an attacker can craft an arbitrarily large offset into the file. This commit adds a check into the problematic branch, whether the result of the addition would be out of bounds of the Tiff file. Furthermore the whole operation is checked for possible overflows. --- src/tiffvisitor.cpp | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/tiffvisitor.cpp b/src/tiffvisitor.cpp index 4ab733d4..ef13542e 100644 --- a/src/tiffvisitor.cpp +++ b/src/tiffvisitor.cpp @@ -47,6 +47,7 @@ EXIV2_RCSID("@(#) $Id$") #include <iostream> #include <iomanip> #include <cassert> +#include <limits> // ***************************************************************************** namespace { @@ -1517,7 +1518,19 @@ namespace Exiv2 { size = 0; } if (size > 4) { + // setting pData to pData_ + baseOffset() + offset can result in pData pointing to invalid memory, + // as offset can be arbitrarily large + if ((static_cast<uintptr_t>(baseOffset()) > std::numeric_limits<uintptr_t>::max() - static_cast<uintptr_t>(offset)) + || (static_cast<uintptr_t>(baseOffset() + offset) > std::numeric_limits<uintptr_t>::max() - reinterpret_cast<uintptr_t>(pData_))) + { + throw Error(59); + } + if (pData_ + static_cast<uintptr_t>(baseOffset()) + static_cast<uintptr_t>(offset) > pLast_) { + throw Error(58); + } pData = const_cast<byte*>(pData_) + baseOffset() + offset; + + // check for size being invalid if (size > static_cast<uint32_t>(pLast_ - pData)) { #ifndef SUPPRESS_WARNINGS EXV_ERROR << "Upper boundary of data for "
