D9409.diff
No OneTemporary
Actions

Size

10 KB

Referenced Files

None

Subscribers

None

D9409.diff
View Options

	diff --git a/files/security/CVE-2019-13504.patch b/files/security/CVE-2019-13504.patch
	deleted file mode 100644
	--- a/files/security/CVE-2019-13504.patch
	+++ /dev/null
	@@ -1,156 +0,0 @@
	-From 7ce574687ad14893447f1a6c4471953225c35d75 Mon Sep 17 00:00:00 2001
	-From: Jeka Pats <yev.pats@gmail.com>
	-Date: Wed, 3 Jul 2019 14:17:59 +0300
	-Subject: [PATCH] Add libFuzzer integration + report bug
	-
	-This commit places the basics for libFuzzer integration with one
	-fuzzer which fuzzes the readMetadata function. The fuzzer is
	-located at fuzz/read-metadata.
	-
	-To add more fuzzers please add them to ./fuzz directory as
	-described in the README.
	-
	-Also a memory corruption bug is found using this fuzzer which
	-might lead to additional bugs after fix is pushed.
	----
	- CMakeLists.txt \| 9 +++++++++
	- README.md \| 24 ++++++++++++++++++++++++
	- cmake/printSummary.cmake \| 1 +
	- fuzz/CMakeLists.txt \| 14 ++++++++++++++
	- fuzz/read-metadata.cpp \| 24 ++++++++++++++++++++++++
	- 5 files changed, 72 insertions(+)
	- create mode 100644 fuzz/CMakeLists.txt
	- create mode 100644 fuzz/read-metadata.cpp
	-
	-diff --git a/CMakeLists.txt b/CMakeLists.txt
	-index a9da5ea71..6d9dad751 100644
	---- a/CMakeLists.txt
	-+++ b/CMakeLists.txt
	-@@ -25,6 +25,7 @@ option( EXIV2_BUILD_SAMPLES "Build sample applications"
	- option( EXIV2_BUILD_PO "Build translations files" OFF )
	- option( EXIV2_BUILD_EXIV2_COMMAND "Build exiv2 command-line executable" ON )
	- option( EXIV2_BUILD_UNIT_TESTS "Build unit tests" OFF )
	-+option( EXIV2_BUILD_FUZZ_TESTS "Build fuzz tests (libFuzzer)" OFF )
	- option( EXIV2_BUILD_DOC "Add 'doc' target to generate documentation" OFF )
	-
	- # Only intended to be used by Exiv2 developers/contributors
	-@@ -82,6 +83,14 @@ if( EXIV2_BUILD_UNIT_TESTS )
	- add_subdirectory ( unitTests )
	- endif()
	-
	-+if( EXIV2_BUILD_FUZZ_TESTS)
	-+ if ((NOT COMPILER_IS_CLANG) OR (NOT EXIV2_TEAM_USE_SANITIZERS))
	-+ message(FATAL_ERROR "You need to build with Clang and sanitizers for the fuzzers to work. "
	-+ "Use Clang and -DEXIV2_TEAM_USE_SANITIZERS=ON")
	-+ endif()
	-+ add_subdirectory ( fuzz )
	-+endif()
	-+
	- if( EXIV2_BUILD_SAMPLES )
	- ##
	- # tests
	-diff --git a/README.md b/README.md
	-index bf1f3741e..2f37c0d64 100644
	---- a/README.md
	-+++ b/README.md
	-@@ -28,6 +28,7 @@
	- 1. [Running tests on a UNIX-like system](#4-1)
	- 2. [Running tests on Visual Studio builds](#4-2)
	- 3. [Unit tests](#4-3)
	-+ 4. [Fuzzing](#4-4)
	- 5. [Platform Notes](#5)
	- 1. [Linux](#5-1)
	- 2. [MacOS-X](#5-2)
	-@@ -663,6 +664,29 @@ $ ctest
	-
	- ```
	-
	-+### 4.4 Fuzzing
	-+
	-+The code for the fuzzers is in `exiv2dir/fuzz`
	-+
	-+To build the fuzzers, use the cmake option `-DEXIV2_BUILD_FUZZ_TESTS=ON` and `-DEXIV2_TEAM_USE_SANITIZERS=ON`.
	-+Note that it only works with clang compiler as libFuzzer is integrate with clang > 6.0
	-+
	-+To build the fuzzers:
	-+
	-+```bash
	-+export CXX=clang++
	-+export CC=clang
	-+cmake .. -G "Unix Makefiles" "-DEXIV2_BUILD_FUZZ_TESTS=ON" "-DEXIV2_TEAM_USE_SANITIZERS=ON"
	-+make -j4
	-+```
	-+
	-+To execute the fuzzers:
	-+
	-+```bash
	-+cd <exiv2dir>/build
	-+bin/<fuzzer_name> # for example ./bin/read-metadata.cpp
	-+```
	-+
	- [TOC](#TOC)
	- <div id="5">
	-
	-diff --git a/cmake/printSummary.cmake b/cmake/printSummary.cmake
	-index 4da6ccbdc..815a72eab 100644
	---- a/cmake/printSummary.cmake
	-+++ b/cmake/printSummary.cmake
	-@@ -59,6 +59,7 @@ OptionOutput( "Building exiv2 command: " EXIV2_BUILD_EXIV2_COMMAND
	- OptionOutput( "Building samples: " EXIV2_BUILD_SAMPLES )
	- OptionOutput( "Building PO files: " EXIV2_BUILD_PO )
	- OptionOutput( "Building unit tests: " EXIV2_BUILD_UNIT_TESTS )
	-+OptionOutput( "Building fuzz tests: " EXIV2_BUILD_FUZZ_TESTS )
	- OptionOutput( "Building doc: " EXIV2_BUILD_DOC )
	- OptionOutput( "Building with coverage flags: " BUILD_WITH_COVERAGE )
	- OptionOutput( "Using ccache: " BUILD_WITH_CCACHE )
	-diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
	-new file mode 100644
	-index 000000000..281ff570a
	---- /dev/null
	-+++ b/fuzz/CMakeLists.txt
	-@@ -0,0 +1,14 @@
	-+
	-+macro(fuzzer name)
	-+ add_executable(${name} ${name}.cpp)
	-+ set_target_properties(${name}
	-+ PROPERTIES
	-+ COMPILE_FLAGS "-fsanitize=fuzzer"
	-+ LINK_FLAGS "-fsanitize=fuzzer")
	-+ target_link_libraries(${name}
	-+ PRIVATE
	-+ exiv2lib
	-+ )
	-+endmacro()
	-+
	-+fuzzer(read-metadata)
	-\ No newline at end of file
	-diff --git a/fuzz/read-metadata.cpp b/fuzz/read-metadata.cpp
	-new file mode 100644
	-index 000000000..9f0b59791
	---- /dev/null
	-+++ b/fuzz/read-metadata.cpp
	-@@ -0,0 +1,24 @@
	-+#include <exiv2/exiv2.hpp>
	-+
	-+#include <iostream>
	-+#include <iomanip>
	-+#include <cassert>
	-+
	-+
	-+extern "C" int LLVMFuzzerTestOneInput(const uint8_t * Data, size_t Size)
	-+try {
	-+ Exiv2::Image::UniquePtr image = Exiv2::ImageFactory::open(Data, Size);
	-+ assert(image.get() != 0);
	-+ image->readMetadata();
	-+
	-+ Exiv2::ExifData &exifData = image->exifData();
	-+ if (exifData.empty()) {
	-+ return -1;
	-+ }
	-+
	-+
	-+ return 0;
	-+}
	-+catch (Exiv2::Error& e) {
	-+ return -1;
	-+}
	diff --git a/package.yml b/package.yml
	--- a/package.yml
	+++ b/package.yml
	@@ -1,8 +1,8 @@
	name : exiv2
	-version : 0.27.2
	-release : 12
	+version : 0.27.3
	+release : 13
	source :
	- - https://exiv2.org/builds/exiv2-0.27.2-Source.tar.gz : 2652f56b912711327baff6dc0c90960818211cf7ab79bb5e1eb59320b78d153f
	+ - https://github.com/Exiv2/exiv2/archive/v0.27.3.tar.gz : 6398bc743c32b85b2cb2a604273b8c90aa4eb0fd7c1700bf66cbb2712b4f00c1
	license : GPL-2.0-or-later
	component : desktop.library
	summary : exif and iptc metadata manipulation library and tools
	@@ -14,7 +14,6 @@
	- devel :
	- curl-devel
	setup : \|
	- %patch -p1 < $pkgfiles/security/CVE-2019-13504.patch
	%cmake_ninja \
	-DEXIV2_ENABLE_CURL=on \
	-DEXIV2_ENABLE_DYNAMIC_RUNTIME=off \
	diff --git a/pspec_x86_64.xml b/pspec_x86_64.xml
	--- a/pspec_x86_64.xml
	+++ b/pspec_x86_64.xml
	@@ -2,8 +2,8 @@
	<Source>
	<Name>exiv2</Name>
	<Packager>
	- <Name>F. von Gellhorn</Name>
	- <Email>flinux@vongellhorn.ch</Email>
	+ <Name>Jacob Alzén</Name>
	+ <Email>jacob.alzen@gmail.com</Email>
	</Packager>
	<License>GPL-2.0-or-later</License>
	<PartOf>desktop.library</PartOf>
	@@ -20,40 +20,23 @@
	<PartOf>desktop.library</PartOf>
	<Files>
	<Path fileType="executable">/usr/bin/addmoddel</Path>
	- <Path fileType="executable">/usr/bin/convert-test</Path>
	- <Path fileType="executable">/usr/bin/easyaccess-test</Path>
	<Path fileType="executable">/usr/bin/exifcomment</Path>
	<Path fileType="executable">/usr/bin/exifdata</Path>
	- <Path fileType="executable">/usr/bin/exifdata-test</Path>
	<Path fileType="executable">/usr/bin/exifprint</Path>
	<Path fileType="executable">/usr/bin/exifvalue</Path>
	<Path fileType="executable">/usr/bin/exiv2</Path>
	<Path fileType="executable">/usr/bin/exiv2json</Path>
	<Path fileType="executable">/usr/bin/geotag</Path>
	- <Path fileType="executable">/usr/bin/ini-test</Path>
	- <Path fileType="executable">/usr/bin/iotest</Path>
	<Path fileType="executable">/usr/bin/iptceasy</Path>
	<Path fileType="executable">/usr/bin/iptcprint</Path>
	- <Path fileType="executable">/usr/bin/iptctest</Path>
	- <Path fileType="executable">/usr/bin/key-test</Path>
	- <Path fileType="executable">/usr/bin/largeiptc-test</Path>
	<Path fileType="executable">/usr/bin/metacopy</Path>
	- <Path fileType="executable">/usr/bin/mmap-test</Path>
	<Path fileType="executable">/usr/bin/mrwthumb</Path>
	- <Path fileType="executable">/usr/bin/path-test</Path>
	- <Path fileType="executable">/usr/bin/prevtest</Path>
	- <Path fileType="executable">/usr/bin/stringto-test</Path>
	<Path fileType="executable">/usr/bin/taglist</Path>
	- <Path fileType="executable">/usr/bin/tiff-test</Path>
	- <Path fileType="executable">/usr/bin/werror-test</Path>
	- <Path fileType="executable">/usr/bin/write-test</Path>
	- <Path fileType="executable">/usr/bin/write2-test</Path>
	<Path fileType="executable">/usr/bin/xmpdump</Path>
	<Path fileType="executable">/usr/bin/xmpparse</Path>
	- <Path fileType="executable">/usr/bin/xmpparser-test</Path>
	<Path fileType="executable">/usr/bin/xmpprint</Path>
	<Path fileType="executable">/usr/bin/xmpsample</Path>
	- <Path fileType="library">/usr/lib64/libexiv2.so.0.27.2</Path>
	+ <Path fileType="library">/usr/lib64/libexiv2.so.0.27.3</Path>
	<Path fileType="library">/usr/lib64/libexiv2.so.27</Path>
	<Path fileType="localedata">/usr/share/locale/bs/LC_MESSAGES/exiv2.mo</Path>
	<Path fileType="localedata">/usr/share/locale/ca/LC_MESSAGES/exiv2.mo</Path>
	@@ -82,7 +65,7 @@
	</Description>
	<PartOf>programming.devel</PartOf>
	<RuntimeDependencies>
	- <Dependency release="12">exiv2</Dependency>
	+ <Dependency release="13">exiv2</Dependency>
	</RuntimeDependencies>
	<Files>
	<Path fileType="header">/usr/include/exiv2/asfvideo.hpp</Path>
	@@ -144,12 +127,12 @@
	</Files>
	</Package>
	<History>
	- <Update release="12">
	- <Date>2019-11-05</Date>
	- <Version>0.27.2</Version>
	+ <Update release="13">
	+ <Date>2020-08-09</Date>
	+ <Version>0.27.3</Version>
	<Comment>Packaging update</Comment>
	- <Name>F. von Gellhorn</Name>
	- <Email>flinux@vongellhorn.ch</Email>
	+ <Name>Jacob Alzén</Name>
	+ <Email>jacob.alzen@gmail.com</Email>
	</Update>
	</History>
	</PISI>
	\ No newline at end of file

File Metadata

Mime Type: text/plain
Expires: Fri, Aug 11, 2:15 PM (3 h, 6 m ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 5819744
Default Alt Text: D9409.diff (10 KB)

D9409.diffNo OneTemporaryActions

D9409.diffView Options

File Metadata

Event Timeline

D9409.diff
No OneTemporary
Actions

D9409.diff
View Options