diff --git a/libexif-cve-2007-4168.patch b/libexif-cve-2007-4168.patch new file mode 100644 index 0000000..3ee847d --- /dev/null +++ b/libexif-cve-2007-4168.patch @@ -0,0 +1,21 @@ +--- libexif-0.6.13/libexif/exif-data.c.cve-2007-4168 2005-08-22 16:32:02.000000000 -0400 ++++ libexif-0.6.13/libexif/exif-data.c 2007-06-12 12:14:35.000000000 -0400 +@@ -174,9 +174,15 @@ exif_data_load_data_entry (ExifData *dat + * Size? If bigger than 4 bytes, the actual data is not + * in the entry but somewhere else (offset). + */ +- s = exif_format_get_size (entry->format) * entry->components; +- if (!s) +- return 0; ++ /* {0,1,2,4,8} x { 0x00000000 .. 0xffffffff } ++ * -> { 0x000000000 .. 0x7fffffff8 } */ ++ s = exif_format_get_size(entry->format) * entry->components; ++ if (s < entry->components) { ++ return 0; ++ } ++ if (0 == s) ++ return 0; ++ + if (s > 4) + doff = exif_get_long (d + offset + 8, data->priv->order); + else diff --git a/libexif.spec b/libexif.spec index d9d5d19..cc0da4e 100644 --- a/libexif.spec +++ b/libexif.spec @@ -1,12 +1,13 @@ Summary: Library for extracting extra information from image files Name: libexif Version: 0.6.15 -Release: 1%{?dist} +Release: 2%{?dist} Group: System Environment/Libraries License: LGPL URL: http://libexif.sourceforge.net/ Source0: libexif-%{version}.tar.bz2 Source1: libexif-docs.tar.gz +Patch0: libexif-cve-2007-4168.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: doxygen @@ -27,6 +28,7 @@ for writing programs that use libexif. %prep %setup -q +%patch0 -p1 -b .cve-2007-4168 # to avoid multilib conflicts, we toss in pre-generated docs # and neuter make all in the docs dir tar xzf %{SOURCE1} @@ -65,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/libexif.pc %changelog +* Wed Jun 13 2007 Matthias Clasen - 0.6.15-2 +- Add patch for CVE-2007-4168. Fix bug #243892 + * Wed May 30 2007 Matthias Clasen - 0.6.15-1 - Update to 0.6.15 - Drop obsolete patch