diff --git a/cve-2007-6351.patch b/cve-2007-6351.patch new file mode 100644 index 0000000..c737981 --- /dev/null +++ b/cve-2007-6351.patch @@ -0,0 +1,13 @@ +diff -up libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 libexif-0.6.13/libexif/exif-loader.c +--- libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 2007-12-15 22:16:06.000000000 -0500 ++++ libexif-0.6.13/libexif/exif-loader.c 2007-12-15 22:16:42.000000000 -0500 +@@ -173,6 +173,9 @@ exif_loader_write (ExifLoader *eld, unsi + break; + } + ++ if (!len) ++ return 1; ++ + exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader", + "Scanning %i byte(s) of data...", len); + diff --git a/cve-2007-6352.patch b/cve-2007-6352.patch new file mode 100644 index 0000000..b390546 --- /dev/null +++ b/cve-2007-6352.patch @@ -0,0 +1,16 @@ +diff -up libexif-0.6.13/libexif/exif-data.c.cve-2007-6352 libexif-0.6.13/libexif/exif-data.c +--- libexif-0.6.13/libexif/exif-data.c.cve-2007-6352 2007-12-15 22:06:15.000000000 -0500 ++++ libexif-0.6.13/libexif/exif-data.c 2007-12-15 22:07:27.000000000 -0500 +@@ -285,10 +285,9 @@ static void + exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d, + unsigned int ds, ExifLong offset, ExifLong size) + { +- if (ds < offset + size) { ++ if ((ds < offset + size) || (offset < 0) || (size < 0) || (offset + size < offset)) { + exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", +- "Bogus thumbnail offset and size: %i < %i + %i.", +- (int) ds, (int) offset, (int) size); ++ "Bogus thumbnail offset and size"); + return; + } + if (data->data) diff --git a/libexif.spec b/libexif.spec index be6d132..bbb7ab3 100644 --- a/libexif.spec +++ b/libexif.spec @@ -1,13 +1,15 @@ Summary: Library for extracting extra information from image files Name: libexif Version: 0.6.15 -Release: 4%{?dist} +Release: 5%{?dist} Group: System Environment/Libraries License: LGPLv2+ URL: http://libexif.sourceforge.net/ Source0: libexif-%{version}.tar.bz2 Source1: libexif-docs.tar.gz Patch0: libexif-cve-2007-4168.patch +Patch1: cve-2007-6351.patch +Patch2: cve-2007-6352.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: doxygen @@ -29,6 +31,9 @@ for writing programs that use libexif. %prep %setup -q %patch0 -p1 -b .cve-2007-4168 +%patch1 -p1 -b .cve-2007-6351 +%patch2 -p1 -b .cve-2007-6352 + # to avoid multilib conflicts, we toss in pre-generated docs # and neuter make all in the docs dir tar xzf %{SOURCE1} @@ -67,6 +72,10 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/libexif.pc %changelog +* Sat Dec 15 2007 Matthias Clasen - 0.6.15-5 +- Add patch for CVE-2007-6351. Fixes bug #425641 +- Add patch for CVE-2007-6352. Fixes bug #425641 + * Wed Aug 29 2007 Fedora Release Engineering - 0.6.15-4 - Rebuild for selinux ppc32 issue.