summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsnj <snj@pkgsrc.org>2005-03-11 06:08:38 +0000
committersnj <snj@pkgsrc.org>2005-03-11 06:08:38 +0000
commitc6fa5aef222d574db002807fa1d57b322dc72dbf (patch)
tree3fec6cfd854b2d66933c950486dc3b2a3357b812
parent0dee6b2b9d593842ef5856a140ae4fdd7679b459 (diff)
downloadpkgsrc-c6fa5aef222d574db002807fa1d57b322dc72dbf.tar.gz
Pullup ticket 349 - requested by Lubomir Sedlacik
security fix for libexif Revisions pulled up: - pkgsrc/graphics/libexif/Makefile 1.22 - pkgsrc/graphics/libexif/buildlink3.mk 1.6 - pkgsrc/graphics/libexif/distinfo 1.12 - pkgsrc/graphics/libexif/patches/patch-ab 1.1 Module Name: pkgsrc Committed By: adam Date: Thu Mar 10 19:22:22 UTC 2005 Modified Files: pkgsrc/graphics/libexif: distinfo Added Files: pkgsrc/graphics/libexif/patches: patch-ab Log Message: Added a patch to fix buffer overflow: * SECURITY UPDATE: Fix buffer overflow. * libexif/exif-data.c: Add buffer size checks in several places before trying to access it. * Thanks to Sylvain Defresne for spotting this and the patch. * References: https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152 Thanks to wiz@ for heads-up. :) ---- Module Name: pkgsrc Committed By: salo Date: Thu Mar 10 22:21:56 UTC 2005 Modified Files: pkgsrc/graphics/libexif: Makefile buildlink3.mk Log Message: Bump PKGREVISION and BUILDLINK_RECOMMENDED for the security fix. (hi adam!)
Diffstat
-rw-r--r--graphics/libexif/Makefile3
-rw-r--r--graphics/libexif/buildlink3.mk3
-rw-r--r--graphics/libexif/distinfo3
-rw-r--r--graphics/libexif/patches/patch-ab32
4 files changed, 38 insertions, 3 deletions
diff --git a/graphics/libexif/Makefile b/graphics/libexif/Makefile
index 9583a93014a..f7af9d7cb89 100644
--- a/graphics/libexif/Makefile
+++ b/graphics/libexif/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.21 2004/10/27 19:30:23 drochner Exp $
+# $NetBSD: Makefile,v 1.21.2.1 2005/03/11 06:08:38 snj Exp $
DISTNAME= libexif-0.6.11
+PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libexif/}
diff --git a/graphics/libexif/buildlink3.mk b/graphics/libexif/buildlink3.mk
index cff675371e5..75adbf7863c 100644
--- a/graphics/libexif/buildlink3.mk
+++ b/graphics/libexif/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.5 2004/10/30 00:59:02 minskim Exp $
+# $NetBSD: buildlink3.mk,v 1.5.2.1 2005/03/11 06:08:38 snj Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
LIBEXIF_BUILDLINK3_MK:= ${LIBEXIF_BUILDLINK3_MK}+
@@ -12,6 +12,7 @@ BUILDLINK_PACKAGES+= libexif
.if !empty(LIBEXIF_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.libexif+= libexif>=0.6.11
+BUILDLINK_RECOMMENDED.libexif+= libexif>=0.6.11nb1
BUILDLINK_PKGSRCDIR.libexif?= ../../graphics/libexif
.endif # LIBEXIF_BUILDLINK3_MK
diff --git a/graphics/libexif/distinfo b/graphics/libexif/distinfo
index 82c652abf77..d066cdab9bb 100644
--- a/graphics/libexif/distinfo
+++ b/graphics/libexif/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.10 2004/10/27 19:30:23 drochner Exp $
+$NetBSD: distinfo,v 1.10.2.1 2005/03/11 06:08:38 snj Exp $
SHA1 (libexif-0.6.11.tar.gz) = f522e097edfccac420c7779209aafeebbf09aa7c
Size (libexif-0.6.11.tar.gz) = 546277 bytes
SHA1 (patch-aa) = bcbdc84fc26c64ecac62699ab11bf55afe6b65c7
+SHA1 (patch-ab) = d778a593bc70a4c3a1413a4bfa508e98fdf2f71a
diff --git a/graphics/libexif/patches/patch-ab b/graphics/libexif/patches/patch-ab
new file mode 100644
index 00000000000..17be639b012
--- /dev/null
+++ b/graphics/libexif/patches/patch-ab
@@ -0,0 +1,32 @@
+$NetBSD: patch-ab,v 1.1.2.2 2005/03/11 06:08:38 snj Exp $
+
+--- libexif/exif-data.c.orig Tue Oct 5 21:10:04 2004
++++ libexif/exif-data.c
+@@ -628,7 +628,7 @@ exif_data_load_data (ExifData *data, con
+ "Found EXIF header.");
+
+ /* Byte order (offset 6, length 2) */
+- if (ds < 12)
++ if (ds < 14)
+ return;
+ if (!memcmp (d + 6, "II", 2))
+ data->priv->order = EXIF_BYTE_ORDER_INTEL;
+@@ -646,12 +646,18 @@ exif_data_load_data (ExifData *data, con
+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+ "IFD 0 at %i.", (int) offset);
+
++ if (ds < 6 + 4 + offset)
++ return;
++
+ /* Parse the actual exif data (offset 14) */
+ exif_data_load_data_content (data, data->ifd[EXIF_IFD_0], d + 6,
+ ds - 6, offset);
+
+ /* IFD 1 offset */
+ n = exif_get_short (d + 6 + offset, data->priv->order);
++ if (ds < 6 + offset + 2 + 12 * n + 4)
++ return;
++
+ offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
+ if (offset) {
+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-02 10:11:30 +0000