summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--user/exiv2/APKBUILD16
-rw-r--r--user/exiv2/CVE-2019-17402.patch73
2 files changed, 86 insertions, 3 deletions
diff --git a/user/exiv2/APKBUILD b/user/exiv2/APKBUILD
index 791fcb610..82aa2a958 100644
--- a/user/exiv2/APKBUILD
+++ b/user/exiv2/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=exiv2
pkgver=0.27.2
-pkgrel=0
+pkgrel=1
pkgdesc="Exif, IPTC and XMP metadata library and tools"
url="https://www.exiv2.org/"
arch="all"
@@ -11,7 +11,9 @@ depends_dev="expat-dev zlib-dev"
makedepends="$depends_dev bash cmake"
checkdepends="python3 libxml2 cmd:which"
subpackages="$pkgname-dev $pkgname-doc"
-source="http://www.exiv2.org/builds/exiv2-$pkgver-Source.tar.gz"
+source="http://www.exiv2.org/builds/exiv2-$pkgver-Source.tar.gz
+ https://dev.sick.bike/dist/exiv2-0.27.2-POC-file_issue_1019
+ CVE-2019-17402.patch"
builddir="$srcdir/$pkgname-$pkgver-Source"
# secfixes:
@@ -82,10 +84,16 @@ builddir="$srcdir/$pkgname-$pkgver-Source"
# - CVE-2019-13112
# - CVE-2019-13113
# - CVE-2019-13114
+# 0.27.2-r1:
+# - CVE-2019-17402
prepare() {
default_prepare
mkdir build
+
+ # Remove #1019 POC after >= 0.27.2
+ mv "$srcdir/$pkgname-$pkgver-POC-file_issue_1019" \
+ test/data/POC-file_issue_1019
}
build() {
@@ -106,4 +114,6 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="39eb7d920dce18b275ac66f4766c7c73f7c72ee10e3e1e43d84c611b24f48ce20a70eac6d53948914e93242a25b8b52cc4bc760ee611ddcd77481306c1f9e721 exiv2-0.27.2-Source.tar.gz"
+sha512sums="39eb7d920dce18b275ac66f4766c7c73f7c72ee10e3e1e43d84c611b24f48ce20a70eac6d53948914e93242a25b8b52cc4bc760ee611ddcd77481306c1f9e721 exiv2-0.27.2-Source.tar.gz
+cfe0b534c29c37e7b6e5a00e8ec320cb57eb17187813fe30677a097e930655f1b097ce77806e0124affbdc423b48d9910560158eed9d2d03418a824244dafba9 exiv2-0.27.2-POC-file_issue_1019
+623232624f5382c7261a8b7e66063954c37555b7812e4f2e9af8433c4d8a1f141feafbfd2c5081395208cf1c65307ce1b39e5e34f689c558dce82f78030b29dd CVE-2019-17402.patch"
diff --git a/user/exiv2/CVE-2019-17402.patch b/user/exiv2/CVE-2019-17402.patch
new file mode 100644
index 000000000..f54b511b0
--- /dev/null
+++ b/user/exiv2/CVE-2019-17402.patch
@@ -0,0 +1,73 @@
+From 683451567284005cd24e1ccb0a76ca401000968b Mon Sep 17 00:00:00 2001
+From: Jens Georg <mail@jensge.org>
+Date: Sun, 6 Oct 2019 15:05:20 +0200
+Subject: [PATCH 1/2] crwimage: Check offset and size against total size
+
+Corrupted or specially crafted CRW images might exceed the overall
+buffersize.
+
+Fixes #1019
+---
+ src/crwimage_int.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index 2474baace..3315b86d7 100644
+--- a/src/crwimage_int.cpp
++++ b/src/crwimage_int.cpp
+@@ -270,6 +270,9 @@ namespace Exiv2 {
+ #ifdef EXIV2_DEBUG_MESSAGES
+ std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
+ #endif
++ if (this->offset() + this->size() > size)
++ throw Error(kerOffsetOutOfRange);
++
+ readDirectory(pData + offset(), this->size(), byteOrder);
+ #ifdef EXIV2_DEBUG_MESSAGES
+ std::cout << "<---- 0x" << std::hex << tag() << "\n";
+
+From 73b874fb14d02578f876aa7dd404cf7c07b6dc4e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@cgc-instruments.com>
+Date: Mon, 7 Oct 2019 23:25:00 +0200
+Subject: [PATCH 2/2] [tests] Add regression test for #1019
+
+---
+ test/data/POC-file_issue_1019 | Bin 0 -> 10078 bytes
+ tests/bugfixes/github/test_issue_1019.py | 14 ++++++++++++++
+ tests/suite.conf | 1 +
+ 3 files changed, 15 insertions(+)
+ create mode 100755 test/data/POC-file_issue_1019
+ create mode 100644 tests/bugfixes/github/test_issue_1019.py
+
+diff --git a/tests/bugfixes/github/test_issue_1019.py b/tests/bugfixes/github/test_issue_1019.py
+new file mode 100644
+index 000000000..c2682f901
+--- /dev/null
++++ b/tests/bugfixes/github/test_issue_1019.py
+@@ -0,0 +1,14 @@
++from system_tests import CaseMeta, path
++
++
++class OverreadInCiffDirectoryReadDirectory(metaclass=CaseMeta):
++
++ filename = path("$data_path/POC-file_issue_1019")
++ commands = ["$exiv2 -pv $filename"]
++ stdout = [""]
++ stderr = [
++ """$exiv2_exception_message $filename:
++$kerOffsetOutOfRange
++"""
++ ]
++ retval = [1]
+diff --git a/tests/suite.conf b/tests/suite.conf
+index 5b31930c1..dab7427b3 100644
+--- a/tests/suite.conf
++++ b/tests/suite.conf
+@@ -19,6 +19,7 @@ largeiptc_test: ${ENV:exiv2_path}/largeiptc-test${ENV:binary_extension}
+ easyaccess_test: ${ENV:exiv2_path}/easyaccess-test${ENV:binary_extension}
+
+ [variables]
++kerOffsetOutOfRange: Offset out of range
+ kerFailedToReadImageData: Failed to read image data
+ kerCorruptedMetadata: corrupted image metadata
+ kerInvalidMalloc: invalid memory allocation request