commit 113c3fcbf29563fba71c9fc04d18981251164bbb Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 10:38:26 2019 -0400 Package init diff --git a/CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch b/CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch new file mode 100644 index 0000000..51bcde5 --- /dev/null +++ b/CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch @@ -0,0 +1,44 @@ +From 8ed2f034705fd2d032c81383eee8208fd4eee0ac Mon Sep 17 00:00:00 2001 +From: Victor Rodriguez +Date: Sat, 18 Aug 2018 13:54:55 +0000 +Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The WEBP::GetLE32 function in +XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a +NULL pointer dereference. + +https://bugs.freedesktop.org/show_bug.cgi?id=106981 +https://gitlab.freedesktop.org/libopenraw/exempi/issues/9 + +Signed-off-by: Victor Rodriguez +Signed-off-by: Hubert Figuière +Signed-off-by: gaoyi +--- + XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp +index ffaf220..4fe705b 100644 +--- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp ++++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp +@@ -160,9 +160,11 @@ bool VP8XChunk::xmp() + } + void VP8XChunk::xmp(bool hasXMP) + { +- XMP_Uns32 flags = GetLE32(&this->data[0]); +- flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT); +- PutLE32(&this->data[0], flags); ++ if (&this->data[0] != NULL) { ++ XMP_Uns32 flags = GetLE32(&this->data[0]); ++ flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT); ++ PutLE32(&this->data[0], flags); ++ } + } + + Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler) +-- +2.19.1 + diff --git a/exempi-2.4.5.tar.bz2 b/exempi-2.4.5.tar.bz2 new file mode 100644 index 0000000..9e3e69b Binary files /dev/null and b/exempi-2.4.5.tar.bz2 differ diff --git a/exempi.spec b/exempi.spec new file mode 100644 index 0000000..742b1b7 --- /dev/null +++ b/exempi.spec @@ -0,0 +1,68 @@ +Name: exempi +Version: 2.4.5 +Release: 4 +Summary: Exempi is an implementation of XMP (Adobe's Extensible Metadata Platform) +License: BSD +URL: https://wiki.freedesktop.org/libopenraw/Exempi/ +Source0: http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2 + +Patch6000: CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch + +BuildRequires: gcc-c++ autoconf automake libtool +BuildRequires: boost-devel expat-devel zlib-devel pkgconfig +Provides: bundled(md5-polstra) + +%description +Exempi is an implementation of XMP. +Version 2.x is based on Adobe XMP SDK and released under a BSD-style license like Adobe's. + +%package devel +Summary: exempi's development files +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig + +%description devel +this package provides development files, including headers and libraries. + +%package help +Summary: Help information for user + +%description help +Help information for user + +%prep +%autosetup -n exempi-2.4.5 -p1 + +%build +libtoolize -vi +./autogen.sh +%configure CPPFLAGS="-I%{_includedir} -fno-strict-aliasing -DBanAllEntityUsage=1" +# Disable rpath +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool +%make_build + +%check +make check + +%install +%make_install + +%files +%doc AUTHORS ChangeLog COPYING README +%{_libdir}/*.so.* +%{_bindir}/exempi + +%files devel +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc +%{_includedir}/exempi-2.0/ +%exclude %{_libdir}/*.a +%exclude %{_libdir}/*.la + +%files help +%{_mandir}/man1/exempi.1* + +%changelog +* Fri Sep 06 2019 openEuler Buildteam - 2.4.5-4 +- Package init