From a1cb55c75af83953d7cb42730649b063fb88bb45 Mon Sep 17 00:00:00 2001 From: Leo Date: Thu, 5 Dec 2019 17:23:06 +0100 Subject: main/exiv2: fix CVE-2019-17402 ref #11018 --- main/exiv2/APKBUILD | 12 ++++++---- main/exiv2/CVE-2019-17402.patch | 49 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 4 deletions(-) create mode 100644 main/exiv2/CVE-2019-17402.patch (limited to 'main/exiv2') diff --git a/main/exiv2/APKBUILD b/main/exiv2/APKBUILD index b6e8462d2c..40a1751094 100644 --- a/main/exiv2/APKBUILD +++ b/main/exiv2/APKBUILD @@ -1,20 +1,23 @@ # Maintainer: Natanael Copa pkgname=exiv2 pkgver=0.27.2 -pkgrel=1 +pkgrel=2 pkgdesc="Exif and Iptc metadata manipulation library and tools." url="https://exiv2.org" arch="all" options="!check" # No test suite. license="GPL-2.0-or-later" -depends="" depends_dev="expat-dev zlib-dev" makedepends="$depends_dev cmake" subpackages="$pkgname-dev $pkgname-doc" -source="https://exiv2.org/builds/$pkgname-$pkgver-Source.tar.gz" +source="https://exiv2.org/builds/exiv2-$pkgver-Source.tar.gz + CVE-2019-17402.patch + " builddir="$srcdir"/$pkgname-$pkgver-Source # secfixes: +# 0.27.2-r2: +# - CVE-2019-17402 # 0.27.2-r0: # - CVE-2019-13108 # - CVE-2019-13109 @@ -48,4 +51,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="39eb7d920dce18b275ac66f4766c7c73f7c72ee10e3e1e43d84c611b24f48ce20a70eac6d53948914e93242a25b8b52cc4bc760ee611ddcd77481306c1f9e721 exiv2-0.27.2-Source.tar.gz" +sha512sums="39eb7d920dce18b275ac66f4766c7c73f7c72ee10e3e1e43d84c611b24f48ce20a70eac6d53948914e93242a25b8b52cc4bc760ee611ddcd77481306c1f9e721 exiv2-0.27.2-Source.tar.gz +da58d6cf6409304465c16a6c73af3731a75c59c0f3e16d740edd3f46308d3ba8ed8b5fc0473920b67b2aeb2b4bb66574aee4b0f57585d127f6e6a3f62b5c0766 CVE-2019-17402.patch" diff --git a/main/exiv2/CVE-2019-17402.patch b/main/exiv2/CVE-2019-17402.patch new file mode 100644 index 0000000000..45451442d5 --- /dev/null +++ b/main/exiv2/CVE-2019-17402.patch @@ -0,0 +1,49 @@ +diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp +index 29311fd..c0d9553 100644 +--- a/src/crwimage_int.cpp ++++ b/src/crwimage_int.cpp +@@ -268,6 +268,9 @@ namespace Exiv2 { + #ifdef EXIV2_DEBUG_MESSAGES + std::cout << "Reading directory 0x" << std::hex << tag() << "\n"; + #endif ++ if (this->offset() + this->size() > size) ++ throw Error(kerOffsetOutOfRange); ++ + readDirectory(pData + offset(), this->size(), byteOrder); + #ifdef EXIV2_DEBUG_MESSAGES + std::cout << "<---- 0x" << std::hex << tag() << "\n"; +diff --git a/test/data/POC-file_issue_1019 b/test/data/POC-file_issue_1019 +new file mode 100755 +index 0000000..e69de29 +diff --git a/tests/bugfixes/github/test_issue_1019.py b/tests/bugfixes/github/test_issue_1019.py +new file mode 100644 +index 0000000..c2682f9 +--- /dev/null ++++ b/tests/bugfixes/github/test_issue_1019.py +@@ -0,0 +1,14 @@ ++from system_tests import CaseMeta, path ++ ++ ++class OverreadInCiffDirectoryReadDirectory(metaclass=CaseMeta): ++ ++ filename = path("$data_path/POC-file_issue_1019") ++ commands = ["$exiv2 -pv $filename"] ++ stdout = [""] ++ stderr = [ ++ """$exiv2_exception_message $filename: ++$kerOffsetOutOfRange ++""" ++ ] ++ retval = [1] +diff --git a/tests/suite.conf b/tests/suite.conf +index 5b31930..dab7427 100644 +--- a/tests/suite.conf ++++ b/tests/suite.conf +@@ -19,6 +19,7 @@ largeiptc_test: ${ENV:exiv2_path}/largeiptc-test${ENV:binary_extension} + easyaccess_test: ${ENV:exiv2_path}/easyaccess-test${ENV:binary_extension} + + [variables] ++kerOffsetOutOfRange: Offset out of range + kerFailedToReadImageData: Failed to read image data + kerCorruptedMetadata: corrupted image metadata + kerInvalidMalloc: invalid memory allocation request -- cgit v1.2.3