rev 8273 - in kde-extras/exiv2/trunk/debian: . patches
Ana Beatriz Guerrero López
ana at alioth.debian.org
Mon Dec 17 18:26:02 UTC 2007
Author: ana
Date: 2007-12-17 18:26:02 +0000 (Mon, 17 Dec 2007)
New Revision: 8273
Added:
kde-extras/exiv2/trunk/debian/patches/cve-2007-6353.diff
Modified:
kde-extras/exiv2/trunk/debian/changelog
Log:
security fix for exiv2 CVE-2007-6353
Modified: kde-extras/exiv2/trunk/debian/changelog
===================================================================
--- kde-extras/exiv2/trunk/debian/changelog 2007-12-17 18:17:22 UTC (rev 8272)
+++ kde-extras/exiv2/trunk/debian/changelog 2007-12-17 18:26:02 UTC (rev 8273)
@@ -1,8 +1,11 @@
-exiv2 (0.16~pre1-1) UNRELEASED; urgency=low
+exiv2 (0.15-2) unstable; urgency=high
- * (NOT RELEASED YET) New upstream release
+ [Ana Beatriz Guerrero Lopez]
+ * Team upload to fix security bug.
+ * Add patch to fix integer overflow in EXIF parsing.
+ CVE-2007-6353 (Closes: #456760)
- -- Mark Purcell <msp at debian.org> Sat, 10 Nov 2007 09:22:23 +0000
+ -- Debian KDE Extras Team <pkg-kde-extras at lists.alioth.debian.org> Mon, 17 Dec 2007 19:13:11 +0100
exiv2 (0.15-1) unstable; urgency=low
Added: kde-extras/exiv2/trunk/debian/patches/cve-2007-6353.diff
===================================================================
--- kde-extras/exiv2/trunk/debian/patches/cve-2007-6353.diff (rev 0)
+++ kde-extras/exiv2/trunk/debian/patches/cve-2007-6353.diff 2007-12-17 18:26:02 UTC (rev 8273)
@@ -0,0 +1,89 @@
+Index: exiv2-0.13/src/exif.cpp
+===================================================================
+--- exiv2-0.13.orig/src/exif.cpp
++++ exiv2-0.13/src/exif.cpp
+@@ -215,10 +215,12 @@ namespace Exiv2 {
+ ExifData::const_iterator sizes;
+ ExifKey key("Exif.Thumbnail.StripByteCounts");
+ sizes = exifData.findKey(key);
+- if (sizes == exifData.end()) return 2;
++ if (sizes == exifData.end()) return 1;
+
+- long totalSize = 0;
++ uint32_t totalSize = 0;
+ for (long i = 0; i < sizes->count(); ++i) {
++ uint32_t size = sizes->toLong(i);
++ if (size > 0xffffffff - totalSize) return 1;
+ totalSize += sizes->toLong(i);
+ }
+ DataBuf stripsBuf(totalSize);
+@@ -228,21 +230,23 @@ namespace Exiv2 {
+ ExifData::iterator stripOffsets;
+ key = ExifKey("Exif.Thumbnail.StripOffsets");
+ stripOffsets = exifData.findKey(key);
+- if (stripOffsets == exifData.end()) return 2;
+- if (stripOffsets->count() != sizes->count()) return 2;
++ if (stripOffsets == exifData.end()) return 1;
++ if (stripOffsets->count() != sizes->count()) return 1;
+
+ std::ostringstream os; // for the strip offsets
+- long currentOffset = 0;
+- long firstOffset = stripOffsets->toLong(0);
+- long lastOffset = 0;
+- long lastSize = 0;
++ uint32_t currentOffset = 0;
++ uint32_t firstOffset = stripOffsets->toLong(0);
++ uint32_t lastOffset = 0;
++ uint32_t lastSize = 0;
+ for (long i = 0; i < stripOffsets->count(); ++i) {
+- long offset = stripOffsets->toLong(i);
++ uint32_t offset = stripOffsets->toLong(i);
+ lastOffset = offset;
+- long size = sizes->toLong(i);
++ uint32_t size = sizes->toLong(i);
+ lastSize = size;
+- if (len < offset + size) return 1;
+-
++ if ( size > 0xffffffff - offset
++ || static_cast<uint32_t>(len) < offset + size) {
++ return 2;
++ }
+ memcpy(stripsBuf.pData_ + currentOffset, buf + offset, size);
+ os << currentOffset << " ";
+ currentOffset += size;
+@@ -303,12 +307,15 @@ namespace Exiv2 {
+ ExifKey key("Exif.Thumbnail.JPEGInterchangeFormat");
+ ExifData::iterator format = exifData.findKey(key);
+ if (format == exifData.end()) return 1;
+- long offset = format->toLong();
++ uint32_t offset = format->toLong();
+ key = ExifKey("Exif.Thumbnail.JPEGInterchangeFormatLength");
+ ExifData::const_iterator length = exifData.findKey(key);
+ if (length == exifData.end()) return 1;
+- long size = length->toLong();
+- if (len < offset + size) return 2;
++ uint32_t size = length->toLong();
++ if ( size > 0xffffffff - offset
++ || static_cast<uint32_t>(len) < offset + size) {
++ return 2;
++ }
+ format->setDataArea(buf + offset, size);
+ format->setValue("0");
+ if (pIfd1) {
+@@ -595,8 +602,14 @@ namespace Exiv2 {
+ if (pIopIfd_) add(pIopIfd_->begin(), pIopIfd_->end(), byteOrder());
+ if (pGpsIfd_) add(pGpsIfd_->begin(), pGpsIfd_->end(), byteOrder());
+ if (pIfd1_) add(pIfd1_->begin(), pIfd1_->end(), byteOrder());
+- // Read the thumbnail (but don't worry whether it was successful or not)
+- readThumbnail();
++ // Finally, read the thumbnail
++ rc = readThumbnail();
++ if (0 < rc) {
++#ifndef SUPPRESS_WARNINGS
++ std::cerr << "Warning: Failed to read thumbnail, rc = "
++ << rc << "\n";
++#endif
++ }
+
+ return 0;
+ } // ExifData::load
More information about the pkg-kde-commits
mailing list