diff options
| author | salo <salo@pkgsrc.org> | 2005-05-13 11:57:59 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2005-05-13 11:57:59 +0000 |
| commit | 2f8a0ccbb33985efb894aea271b5ae9bbf6371fd (patch) | |
| tree | 7a40338ecabc6b307ab0acd6eb3d366340d5f7d1 | |
| parent | 4c48924361ee9af3bd92b81ecdb6c4044916cc4b (diff) | |
| download | pkgsrc-2f8a0ccbb33985efb894aea271b5ae9bbf6371fd.tar.gz | |
Security fix:
"Matthias Clasen has reported a vulnerability in libexif, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an infinite recursion in the
"exif_data_load_data_content()" function and can be exploited to
cause a stack overflow when parsing a specially crafted image.
Successful exploitation may crash an application linked against the
vulnerable library."
Bump PKGREVISION. Patch from:
http://sourceforge.net/tracker/index.php?func=detail&aid=1196787&group_id=12272&atid=112272
| -rw-r--r-- | graphics/libexif/Makefile | 3 | ||||
| -rw-r--r-- | graphics/libexif/buildlink3.mk | 4 | ||||
| -rw-r--r-- | graphics/libexif/distinfo | 3 | ||||
| -rw-r--r-- | graphics/libexif/patches/patch-ac | 71 |
4 files changed, 77 insertions, 4 deletions
diff --git a/graphics/libexif/Makefile b/graphics/libexif/Makefile index 1e90d265881..45c2a858802 100644 --- a/graphics/libexif/Makefile +++ b/graphics/libexif/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.24 2005/04/20 12:40:40 adam Exp $ +# $NetBSD: Makefile,v 1.25 2005/05/13 11:57:59 salo Exp $ DISTNAME= libexif-0.6.12 +PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libexif/} EXTRACT_SUFX= .tar.bz2 diff --git a/graphics/libexif/buildlink3.mk b/graphics/libexif/buildlink3.mk index 56200d3412f..7ff01d4d2a4 100644 --- a/graphics/libexif/buildlink3.mk +++ b/graphics/libexif/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.6 2005/03/10 22:21:56 salo Exp $ +# $NetBSD: buildlink3.mk,v 1.7 2005/05/13 11:57:59 salo Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ LIBEXIF_BUILDLINK3_MK:= ${LIBEXIF_BUILDLINK3_MK}+ @@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+= libexif .if !empty(LIBEXIF_BUILDLINK3_MK:M+) BUILDLINK_DEPENDS.libexif+= libexif>=0.6.11 -BUILDLINK_RECOMMENDED.libexif+= libexif>=0.6.11nb1 +BUILDLINK_RECOMMENDED.libexif+= libexif>=0.6.12nb1 BUILDLINK_PKGSRCDIR.libexif?= ../../graphics/libexif .endif # LIBEXIF_BUILDLINK3_MK diff --git a/graphics/libexif/distinfo b/graphics/libexif/distinfo index b66ba9c41e1..7b14cffce0a 100644 --- a/graphics/libexif/distinfo +++ b/graphics/libexif/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.14 2005/05/09 13:21:16 minskim Exp $ +$NetBSD: distinfo,v 1.15 2005/05/13 11:57:59 salo Exp $ SHA1 (libexif-0.6.12.tar.bz2) = 5d2c5976521e179d41ff8908b678b14f2e8e690b RMD160 (libexif-0.6.12.tar.bz2) = 24cfdb7663f0566f2907987e5dbc472c21b583d9 Size (libexif-0.6.12.tar.bz2) = 378650 bytes SHA1 (patch-aa) = e32ab9cad1720f0b4d6178240e78193a97c4c876 SHA1 (patch-ab) = 973ca09fc059d74e3221bba12e6e8f4630db20bb +SHA1 (patch-ac) = 5c61cb1135b7254f0cd01127929a1bdea1de1053 diff --git a/graphics/libexif/patches/patch-ac b/graphics/libexif/patches/patch-ac new file mode 100644 index 00000000000..2c65330f534 --- /dev/null +++ b/graphics/libexif/patches/patch-ac @@ -0,0 +1,71 @@ +$NetBSD: patch-ac,v 1.1 2005/05/13 11:57:59 salo Exp $ + +--- libexif/exif-data.c.orig 2005-03-13 03:27:13.000000000 +0100 ++++ libexif/exif-data.c 2005-05-13 13:48:13.000000000 +0200 +@@ -284,9 +284,10 @@ + } + + static void +-exif_data_load_data_content (ExifData *data, ExifContent *ifd, ++exif_data_load_data_content_recurse (ExifData *data, ExifContent *ifd, + const unsigned char *d, +- unsigned int ds, unsigned int offset) ++ unsigned int ds, unsigned int offset, ++ unsigned int level) + { + ExifLong o, thumbnail_offset = 0, thumbnail_length = 0; + ExifShort n; +@@ -296,6 +297,13 @@ + + if (!data || !data->priv) return; + ++ if (level > 150) ++ { ++ exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", ++ "Deep recursion in exif_data_load_data_content"); ++ return 0; ++ } ++ + /* Read the number of entries */ + if (offset >= ds - 1) return; + n = exif_get_short (d + offset, data->priv->order); +@@ -320,18 +328,18 @@ + switch (tag) { + case EXIF_TAG_EXIF_IFD_POINTER: + CHECK_REC (EXIF_IFD_EXIF); +- exif_data_load_data_content (data, +- data->ifd[EXIF_IFD_EXIF], d, ds, o); ++ exif_data_load_data_content_recurse (data, ++ data->ifd[EXIF_IFD_EXIF], d, ds, o, level + 1); + break; + case EXIF_TAG_GPS_INFO_IFD_POINTER: + CHECK_REC (EXIF_IFD_GPS); +- exif_data_load_data_content (data, +- data->ifd[EXIF_IFD_GPS], d, ds, o); ++ exif_data_load_data_content_recurse (data, ++ data->ifd[EXIF_IFD_GPS], d, ds, o, level + 1); + break; + case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: + CHECK_REC (EXIF_IFD_INTEROPERABILITY); +- exif_data_load_data_content (data, +- data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o); ++ exif_data_load_data_content_recurse (data, ++ data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o, level + 1); + break; + case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: + thumbnail_offset = o; +@@ -373,6 +381,14 @@ + } + + static void ++exif_data_load_data_content (ExifData *data, ExifContent *ifd, ++ const unsigned char *d, ++ unsigned int ds, unsigned int offset) ++{ ++ exif_data_load_data_content_recurse (data, ifd, d, ds, offset, 0); ++} ++ ++static void + exif_data_save_data_content (ExifData *data, ExifContent *ifd, + unsigned char **d, unsigned int *ds, + unsigned int offset) |