Package init

2019-09-30 10:38:26 -04:00 · 2019-09-30 10:38:26 -04:00 · 113c3fcbf2
commit 113c3fcbf2
3 changed files with 112 additions and 0 deletions
--- a/CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch
+++ b/CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch
@ -0,0 +1,44 @@
+From 8ed2f034705fd2d032c81383eee8208fd4eee0ac Mon Sep 17 00:00:00 2001
+From: Victor Rodriguez <victor.rodriguez.bahena@intel.com>
+Date: Sat, 18 Aug 2018 13:54:55 +0000
+Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The WEBP::GetLE32 function in
+XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a
+NULL pointer dereference.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=106981
+https://gitlab.freedesktop.org/libopenraw/exempi/issues/9
+
+Signed-off-by: Victor Rodriguez <victor.rodriguez.bahena@intel.com>
+Signed-off-by: Hubert Figuière <hub@figuiere.net>
+Signed-off-by: gaoyi <gaoyi15@huawei.com>
+---
+ XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
+index ffaf220..4fe705b 100644
+--- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp
+++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
+@@ -160,9 +160,11 @@ bool VP8XChunk::xmp()
+ }
+ void VP8XChunk::xmp(bool hasXMP)
+ {
+-    XMP_Uns32 flags = GetLE32(&this->data[0]);
+-    flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
+-    PutLE32(&this->data[0], flags);
+    if (&this->data[0] != NULL) {
+        XMP_Uns32 flags = GetLE32(&this->data[0]);
+        flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
+        PutLE32(&this->data[0], flags);
+    }
+ }
+ 
+ Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler)
+-- 
+2.19.1
+
--- a/exempi-2.4.5.tar.bz2
+++ b/exempi-2.4.5.tar.bz2
--- a/exempi.spec
+++ b/exempi.spec
@ -0,0 +1,68 @@
+Name:		exempi
+Version:	2.4.5
+Release:	4
+Summary:	Exempi is an implementation of XMP (Adobe's Extensible Metadata Platform)
+License:	BSD
+URL:		https://wiki.freedesktop.org/libopenraw/Exempi/
+Source0:	http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2
+
+Patch6000:	CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch
+
+BuildRequires:	gcc-c++ autoconf automake libtool
+BuildRequires:	boost-devel expat-devel zlib-devel pkgconfig
+Provides:	bundled(md5-polstra)
+
+%description
+Exempi is an implementation of XMP.
+Version 2.x is based on Adobe XMP SDK and released under a BSD-style license like Adobe's.
+
+%package devel
+Summary:	exempi's development files
+Requires:	%{name} = %{version}-%{release}
+Requires:	pkgconfig
+
+%description devel
+this package provides development files, including headers and libraries.
+
+%package help
+Summary:	Help information for user
+
+%description help
+Help information for user
+
+%prep
+%autosetup -n exempi-2.4.5 -p1
+
+%build
+libtoolize -vi
+./autogen.sh
+%configure CPPFLAGS="-I%{_includedir} -fno-strict-aliasing -DBanAllEntityUsage=1"
+# Disable rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+%make_build
+
+%check
+make check
+
+%install
+%make_install
+
+%files
+%doc AUTHORS ChangeLog COPYING README
+%{_libdir}/*.so.*
+%{_bindir}/exempi
+
+%files devel
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+%{_includedir}/exempi-2.0/
+%exclude %{_libdir}/*.a
+%exclude %{_libdir}/*.la
+
+%files help
+%{_mandir}/man1/exempi.1*
+
+%changelog
+* Fri Sep 06 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.4.5-4
+- Package init