diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2020-05-20 19:15:26 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2020-05-20 19:15:26 +0000 |
| commit | 4e66d7c2ed47cded9a080310b7b67b29c19ba774 (patch) | |
| tree | a13faf9bbb5d3112fc92e8d778d8df15bbb7ee61 | |
| parent | 021d6d09f1de6ad37b9f53d37bc15bd3c179a5c0 (diff) | |
| download | pkgsrc-4e66d7c2ed47cded9a080310b7b67b29c19ba774.tar.gz | |
Pullup ticket #6205 - requested by nia
graphics/libexif: security fix
Revisions pulled up:
- graphics/libexif/Makefile 1.48
- graphics/libexif/PLIST 1.22
- graphics/libexif/distinfo 1.32
- graphics/libexif/patches/patch-libexif_exif-data.c deleted
---
Module Name: pkgsrc
Committed By: nia
Date: Tue May 19 11:20:01 UTC 2020
Modified Files:
pkgsrc/graphics/libexif: Makefile PLIST distinfo
Removed Files:
pkgsrc/graphics/libexif/patches: patch-libexif_exif-data.c
Log Message:
libexif: Update to 0.6.22
libexif-0.6.22 (2020-05-18):
* New translations: ms
* Updated translations for most languages
* Fixed C89 compatibility
* Fixed warnings on recent versions of autoconf
* Some useful EXIF 2.3 tag added:
* EXIF_TAG_GAMMA
* EXIF_TAG_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
* EXIF_TAG_GPS_H_POSITIONING_ERROR
* EXIF_TAG_CAMERA_OWNER_NAME
* EXIF_TAG_BODY_SERIAL_NUMBER
* EXIF_TAG_LENS_SPECIFICATION
* EXIF_TAG_LENS_MAKE
* EXIF_TAG_LENS_MODEL
* EXIF_TAG_LENS_SERIAL_NUMBER
* Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others.
* CVE-2018-20030: Fix for recursion DoS
* CVE-2020-13114: Time consumption DoS when parsing canon array markers
* CVE-2020-13113: Potential use of uninitialized memory
* CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes
* CVE-2020-0093: read overflow
* CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs
* CVE-2020-12767: fixed division by zero
* CVE-2016-6328: fixed integer overflow when parsing maker notes
* CVE-2017-7544: fixed buffer overread
| -rw-r--r-- | graphics/libexif/Makefile | 13 | ||||
| -rw-r--r-- | graphics/libexif/PLIST | 4 | ||||
| -rw-r--r-- | graphics/libexif/distinfo | 11 | ||||
| -rw-r--r-- | graphics/libexif/patches/patch-libexif_exif-data.c | 89 |
4 files changed, 15 insertions, 102 deletions
diff --git a/graphics/libexif/Makefile b/graphics/libexif/Makefile index ecbc78f3b4a..7ed33596270 100644 --- a/graphics/libexif/Makefile +++ b/graphics/libexif/Makefile @@ -1,10 +1,11 @@ -# $NetBSD: Makefile,v 1.47 2020/03/25 11:47:23 nia Exp $ +# $NetBSD: Makefile,v 1.47.2.1 2020/05/20 19:15:26 bsiegert Exp $ -DISTNAME= libexif-0.6.21 -PKGREVISION= 2 +DISTNAME= libexif-0.6.22 CATEGORIES= graphics -MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libexif/} -EXTRACT_SUFX= .tar.bz2 +MASTER_SITES= ${MASTER_SITE_GITHUB:=libexif/} +GITHUB_PROJECT= libexif +GITHUB_RELEASE= ${DISTNAME:S/./_/g}-release +EXTRACT_SUFX= .tar.xz MAINTAINER= adam@NetBSD.org HOMEPAGE= https://libexif.github.io/ @@ -13,7 +14,7 @@ LICENSE= gnu-lgpl-v2.1 USE_LIBTOOL= yes USE_PKGLOCALEDIR= yes -USE_TOOLS+= gmake +USE_TOOLS+= gmake msgfmt msgmerge xgettext GNU_CONFIGURE= yes CONFIGURE_ENV+= ac_cv_path_DOXYGEN=false PKGCONFIG_OVERRIDE= libexif.pc.in diff --git a/graphics/libexif/PLIST b/graphics/libexif/PLIST index e57fe4e73b4..5ffdcac42a6 100644 --- a/graphics/libexif/PLIST +++ b/graphics/libexif/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.21 2012/07/13 16:35:25 adam Exp $ +@comment $NetBSD: PLIST,v 1.21.42.1 2020/05/20 19:15:26 bsiegert Exp $ include/libexif/_stdint.h include/libexif/exif-byte-order.h include/libexif/exif-content.h @@ -21,6 +21,7 @@ share/doc/libexif/COPYING share/doc/libexif/ChangeLog share/doc/libexif/NEWS share/doc/libexif/README +share/doc/libexif/SECURITY.md share/locale/be/LC_MESSAGES/libexif-12.mo share/locale/bs/LC_MESSAGES/libexif-12.mo share/locale/cs/LC_MESSAGES/libexif-12.mo @@ -33,6 +34,7 @@ share/locale/es/LC_MESSAGES/libexif-12.mo share/locale/fr/LC_MESSAGES/libexif-12.mo share/locale/it/LC_MESSAGES/libexif-12.mo share/locale/ja/LC_MESSAGES/libexif-12.mo +share/locale/ms/LC_MESSAGES/libexif-12.mo share/locale/nl/LC_MESSAGES/libexif-12.mo share/locale/pl/LC_MESSAGES/libexif-12.mo share/locale/pt/LC_MESSAGES/libexif-12.mo diff --git a/graphics/libexif/distinfo b/graphics/libexif/distinfo index e2061adc22d..98a2fbd29a4 100644 --- a/graphics/libexif/distinfo +++ b/graphics/libexif/distinfo @@ -1,7 +1,6 @@ -$NetBSD: distinfo,v 1.31 2020/03/25 11:47:23 nia Exp $ +$NetBSD: distinfo,v 1.31.2.1 2020/05/20 19:15:26 bsiegert Exp $ -SHA1 (libexif-0.6.21.tar.bz2) = a52219b12dbc8d33fc096468591170fda71316c0 -RMD160 (libexif-0.6.21.tar.bz2) = 979f06096b7271d8713c1766e0ad5dfabb06c531 -SHA512 (libexif-0.6.21.tar.bz2) = 4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 -Size (libexif-0.6.21.tar.bz2) = 1368435 bytes -SHA1 (patch-libexif_exif-data.c) = 3518902f95665b53a62ba4e7fdc0b146fb4480dc +SHA1 (libexif-0.6.22.tar.xz) = b396c562dbf44567ef796f324e7760b15e657523 +RMD160 (libexif-0.6.22.tar.xz) = e34ce907a658d4883894655bd11c6dff2b06cf9d +SHA512 (libexif-0.6.22.tar.xz) = 0a9e7bf0258ed98a794b667d45e8fc65299101a2a2d2e39c358715b20b003beff258782f0736cd5b53978428a2f878a989f303bee249a978850a065f33c534af +Size (libexif-0.6.22.tar.xz) = 1347040 bytes diff --git a/graphics/libexif/patches/patch-libexif_exif-data.c b/graphics/libexif/patches/patch-libexif_exif-data.c deleted file mode 100644 index 623de0b960e..00000000000 --- a/graphics/libexif/patches/patch-libexif_exif-data.c +++ /dev/null @@ -1,89 +0,0 @@ -$NetBSD: patch-libexif_exif-data.c,v 1.2 2020/03/25 11:47:23 nia Exp $ - -Fix for CVE-2017-7544: -https://github.com/libexif/libexif/commit/c39acd1692023b26290778a02a9232c873f9d71a.patch - -Fix for CVE-2019-9278: -https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566.patch - ---- libexif/exif-data.c.orig 2012-07-12 18:31:56.000000000 +0000 -+++ libexif/exif-data.c -@@ -191,9 +191,15 @@ exif_data_load_data_entry (ExifData *dat - doff = offset + 8; - - /* Sanity checks */ -- if ((doff + s < doff) || (doff + s < s) || (doff + s > size)) { -+ if (doff >= size) { - exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", -- "Tag data past end of buffer (%u > %u)", doff+s, size); -+ "Tag starts past end of buffer (%u > %u)", doff, size); -+ return 0; -+ } -+ -+ if (s > size - doff) { -+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", -+ "Tag data goes past end of buffer (%u > %u)", doff+s, size); - return 0; - } - -@@ -255,6 +261,12 @@ exif_data_save_data_entry (ExifData *dat - exif_mnote_data_set_offset (data->priv->md, *ds - 6); - exif_mnote_data_save (data->priv->md, &e->data, &e->size); - e->components = e->size; -+ if (exif_format_get_size (e->format) != 1) { -+ /* e->format is taken from input code, -+ * but we need to make sure it is a 1 byte -+ * entity due to the multiplication below. */ -+ e->format = EXIF_FORMAT_UNDEFINED; -+ } - } - } - -@@ -308,13 +320,14 @@ exif_data_load_data_thumbnail (ExifData - unsigned int ds, ExifLong o, ExifLong s) - { - /* Sanity checks */ -- if ((o + s < o) || (o + s < s) || (o + s > ds) || (o > ds)) { -- exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", -- "Bogus thumbnail offset (%u) or size (%u).", -- o, s); -+ if (o >= ds) { -+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o); -+ return; -+ } -+ if (s > ds - o) { -+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o); - return; - } -- - if (data->data) - exif_mem_free (data->priv->mem, data->data); - if (!(data->data = exif_data_alloc (data, s))) { -@@ -903,7 +916,7 @@ exif_data_load_data (ExifData *data, con - exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", - "IFD 0 at %i.", (int) offset); - -- /* Sanity check the offset, being careful about overflow */ -+ /* ds is restricted to 16 bit above, so offset is restricted too, and offset+8 should not overflow. */ - if (offset > ds || offset + 6 + 2 > ds) - return; - -@@ -912,6 +925,7 @@ exif_data_load_data (ExifData *data, con - - /* IFD 1 offset */ - n = exif_get_short (d + 6 + offset, data->priv->order); -+ /* offset < 2<<16, n is 16 bit at most, so this op will not overflow */ - if (offset + 6 + 2 + 12 * n + 4 > ds) - return; - -@@ -920,8 +934,8 @@ exif_data_load_data (ExifData *data, con - exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", - "IFD 1 at %i.", (int) offset); - -- /* Sanity check. */ -- if (offset > ds || offset + 6 > ds) { -+ /* Sanity check. ds is ensured to be above 6 above, offset is 16bit */ -+ if (offset > ds - 6) { - exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifData", "Bogus offset of IFD1."); - } else { |