aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2019-12-26 14:20:57 +0100
committerNatanael Copa <ncopa@alpinelinux.org>2019-12-26 14:21:30 +0100
commit243172b8ed91455899894296f46693ffa3d4f695 (patch)
treea70fdf1257e20e9bdcf78bd46f4fd56777bea626
parent913c88060dbe0c64652641e3cd9287c5dfde9167 (diff)
downloadaports-243172b8ed91455899894296f46693ffa3d4f695.tar.bz2
aports-243172b8ed91455899894296f46693ffa3d4f695.tar.xz
main/exiv2: backport fix for CVE-2019-17402
fixes #11018
-rw-r--r--main/exiv2/APKBUILD10
-rw-r--r--main/exiv2/CVE-2019-17402.patch32
2 files changed, 40 insertions, 2 deletions
diff --git a/main/exiv2/APKBUILD b/main/exiv2/APKBUILD
index 1b9add3976..b359399104 100644
--- a/main/exiv2/APKBUILD
+++ b/main/exiv2/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=exiv2
pkgver=0.26
-pkgrel=0
+pkgrel=1
pkgdesc="Exif and Iptc metadata manipulation library and tools."
url="http://exiv2.org"
arch="all"
@@ -14,8 +14,13 @@ subpackages="$pkgname-dev $pkgname-doc"
source="http://exiv2.org/releases/exiv2-$pkgver-trunk.tar.gz
0000-pthread-init-fix.patch
0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch
+ CVE-2019-17402.patch
"
+# secfixes:
+# 0.26-r1:
+# - CVE-2019-17402
+
builddir="$srcdir"/exiv2-trunk
prepare() {
default_prepare
@@ -38,4 +43,5 @@ package() {
sha512sums="d1e9cab886e279b045768dd9ec781f07d2d36d573119403d0b76dc571442173aae6972f86ec55c3ea53fb3ee9ca3571eb8fd63a2a6643a970852813e88634a86 exiv2-0.26-trunk.tar.gz
9721d359708c385be7c86a8f8a63de43b05b2578a29b4339861e82873aa81a98a7ee7252847b6c55529341187d40f552c488589b416fd9d1e27418925929c018 0000-pthread-init-fix.patch
-485bd340169f69a3ce356e59e9138250cc14592f4477bb73827c799fe465535954469634fc58a1856f690f0e0b4171cba6fdd3391d43c0efc5e89652b93eb3ce 0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch"
+485bd340169f69a3ce356e59e9138250cc14592f4477bb73827c799fe465535954469634fc58a1856f690f0e0b4171cba6fdd3391d43c0efc5e89652b93eb3ce 0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch
+b408ec85b5aa0fde6e08a277292ebde90f25b31605ba29039464e217c7f249d9ffeebfef9dc187955663d0b02ccafc020c16c4a5342cd38483816a1f9038c2d0 CVE-2019-17402.patch"
diff --git a/main/exiv2/CVE-2019-17402.patch b/main/exiv2/CVE-2019-17402.patch
new file mode 100644
index 0000000000..c6b5166adb
--- /dev/null
+++ b/main/exiv2/CVE-2019-17402.patch
@@ -0,0 +1,32 @@
+From cb2467834d118ae11526f7d24a699799ce5c4912 Mon Sep 17 00:00:00 2001
+From: Jens Georg <mail@jensge.org>
+Date: Sun, 6 Oct 2019 15:05:20 +0200
+Subject: [PATCH 1/2] crwimage: Check offset and size against total size
+
+Corrupted or specially crafted CRW images might exceed the overall
+buffersize.
+
+Fixes #1019
+
+(cherry picked from commit 683451567284005cd24e1ccb0a76ca401000968b)
+---
+ src/crwimage.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/crwimage.cpp b/src/crwimage.cpp
+index 989c0eb8..a0978aaf 100644
+--- a/src/crwimage.cpp
++++ b/src/crwimage.cpp
+@@ -448,6 +448,9 @@ namespace Exiv2 {
+ #ifdef DEBUG
+ std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
+ #endif
++ if (this->offset() + this->size() > size)
++ throw Error(26);
++
+ readDirectory(pData + offset(), this->size(), byteOrder);
+ #ifdef DEBUG
+ std::cout << "<---- 0x" << std::hex << tag() << "\n";
+--
+2.24.1
+