diff options
| author | leot <leot@pkgsrc.org> | 2018-10-13 10:17:30 +0000 |
|---|---|---|
| committer | leot <leot@pkgsrc.org> | 2018-10-13 10:17:30 +0000 |
| commit | abfeeac699ae0a4b79502f1f9169c7c40511cf4e (patch) | |
| tree | d821b896307d1774e44dbc1cce52d1915620d610 /graphics/libexif | |
| parent | b8a64fdb42923497755e8e583ebec36b1a711663 (diff) | |
| download | pkgsrc-abfeeac699ae0a4b79502f1f9169c7c40511cf4e.tar.gz | |
libexif: Add a patch from upstream to address CVE-2017-7544
Bump PKGREVISION
Diffstat (limited to 'graphics/libexif')
| -rw-r--r-- | graphics/libexif/Makefile | 3 | ||||
| -rw-r--r-- | graphics/libexif/distinfo | 3 | ||||
| -rw-r--r-- | graphics/libexif/patches/patch-libexif_exif-data.c | 29 |
3 files changed, 33 insertions, 2 deletions
diff --git a/graphics/libexif/Makefile b/graphics/libexif/Makefile index 79763505099..5ddbd26cdeb 100644 --- a/graphics/libexif/Makefile +++ b/graphics/libexif/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.43 2014/10/09 14:06:36 wiz Exp $ +# $NetBSD: Makefile,v 1.44 2018/10/13 10:17:30 leot Exp $ DISTNAME= libexif-0.6.21 +PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libexif/} EXTRACT_SUFX= .tar.bz2 diff --git a/graphics/libexif/distinfo b/graphics/libexif/distinfo index c442294f488..99536fc085d 100644 --- a/graphics/libexif/distinfo +++ b/graphics/libexif/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.29 2015/11/03 21:34:07 agc Exp $ +$NetBSD: distinfo,v 1.30 2018/10/13 10:17:30 leot Exp $ SHA1 (libexif-0.6.21.tar.bz2) = a52219b12dbc8d33fc096468591170fda71316c0 RMD160 (libexif-0.6.21.tar.bz2) = 979f06096b7271d8713c1766e0ad5dfabb06c531 SHA512 (libexif-0.6.21.tar.bz2) = 4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 Size (libexif-0.6.21.tar.bz2) = 1368435 bytes +SHA1 (patch-libexif_exif-data.c) = 50934bfb6686d411f0277d6e0868596347f5b5a5 diff --git a/graphics/libexif/patches/patch-libexif_exif-data.c b/graphics/libexif/patches/patch-libexif_exif-data.c new file mode 100644 index 00000000000..f99bf3a11c5 --- /dev/null +++ b/graphics/libexif/patches/patch-libexif_exif-data.c @@ -0,0 +1,29 @@ +$NetBSD: patch-libexif_exif-data.c,v 1.1 2018/10/13 10:17:30 leot Exp $ + +Backport patch to fix CVE-2017-7544 from upstream commit id +c39acd1692023b26290778a02a9232c873f9d71a: + + <https://github.com/libexif/libexif/commit/c39acd1692023b26290778a02a9232c873f9d71a> + +On saving makernotes, make sure the makernote container tags has a type with 1 +byte components. + +Fixes (at least): + https://sourceforge.net/p/libexif/bugs/130 + https://sourceforge.net/p/libexif/bugs/129 + +--- libexif/exif-data.c.orig 2012-07-12 18:31:56.000000000 +0000 ++++ libexif/exif-data.c +@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *dat + exif_mnote_data_set_offset (data->priv->md, *ds - 6); + exif_mnote_data_save (data->priv->md, &e->data, &e->size); + e->components = e->size; ++ if (exif_format_get_size (e->format) != 1) { ++ /* e->format is taken from input code, ++ * but we need to make sure it is a 1 byte ++ * entity due to the multiplication below. */ ++ e->format = EXIF_FORMAT_UNDEFINED; ++ } + } + } + |