summaryrefslogtreecommitdiff
path: root/graphics
diff options
context:
space:
mode:
authorleot <leot@pkgsrc.org>2018-10-13 10:17:30 +0000
committerleot <leot@pkgsrc.org>2018-10-13 10:17:30 +0000
commitabfeeac699ae0a4b79502f1f9169c7c40511cf4e (patch)
treed821b896307d1774e44dbc1cce52d1915620d610 /graphics
parentb8a64fdb42923497755e8e583ebec36b1a711663 (diff)
downloadpkgsrc-abfeeac699ae0a4b79502f1f9169c7c40511cf4e.tar.gz
libexif: Add a patch from upstream to address CVE-2017-7544
Bump PKGREVISION
Diffstat (limited to 'graphics')
-rw-r--r--graphics/libexif/Makefile3
-rw-r--r--graphics/libexif/distinfo3
-rw-r--r--graphics/libexif/patches/patch-libexif_exif-data.c29
3 files changed, 33 insertions, 2 deletions
diff --git a/graphics/libexif/Makefile b/graphics/libexif/Makefile
index 79763505099..5ddbd26cdeb 100644
--- a/graphics/libexif/Makefile
+++ b/graphics/libexif/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.43 2014/10/09 14:06:36 wiz Exp $
+# $NetBSD: Makefile,v 1.44 2018/10/13 10:17:30 leot Exp $
DISTNAME= libexif-0.6.21
+PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libexif/}
EXTRACT_SUFX= .tar.bz2
diff --git a/graphics/libexif/distinfo b/graphics/libexif/distinfo
index c442294f488..99536fc085d 100644
--- a/graphics/libexif/distinfo
+++ b/graphics/libexif/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.29 2015/11/03 21:34:07 agc Exp $
+$NetBSD: distinfo,v 1.30 2018/10/13 10:17:30 leot Exp $
SHA1 (libexif-0.6.21.tar.bz2) = a52219b12dbc8d33fc096468591170fda71316c0
RMD160 (libexif-0.6.21.tar.bz2) = 979f06096b7271d8713c1766e0ad5dfabb06c531
SHA512 (libexif-0.6.21.tar.bz2) = 4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35
Size (libexif-0.6.21.tar.bz2) = 1368435 bytes
+SHA1 (patch-libexif_exif-data.c) = 50934bfb6686d411f0277d6e0868596347f5b5a5
diff --git a/graphics/libexif/patches/patch-libexif_exif-data.c b/graphics/libexif/patches/patch-libexif_exif-data.c
new file mode 100644
index 00000000000..f99bf3a11c5
--- /dev/null
+++ b/graphics/libexif/patches/patch-libexif_exif-data.c
@@ -0,0 +1,29 @@
+$NetBSD: patch-libexif_exif-data.c,v 1.1 2018/10/13 10:17:30 leot Exp $
+
+Backport patch to fix CVE-2017-7544 from upstream commit id
+c39acd1692023b26290778a02a9232c873f9d71a:
+
+ <https://github.com/libexif/libexif/commit/c39acd1692023b26290778a02a9232c873f9d71a>
+
+On saving makernotes, make sure the makernote container tags has a type with 1
+byte components.
+
+Fixes (at least):
+ https://sourceforge.net/p/libexif/bugs/130
+ https://sourceforge.net/p/libexif/bugs/129
+
+--- libexif/exif-data.c.orig 2012-07-12 18:31:56.000000000 +0000
++++ libexif/exif-data.c
+@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *dat
+ exif_mnote_data_set_offset (data->priv->md, *ds - 6);
+ exif_mnote_data_save (data->priv->md, &e->data, &e->size);
+ e->components = e->size;
++ if (exif_format_get_size (e->format) != 1) {
++ /* e->format is taken from input code,
++ * but we need to make sure it is a 1 byte
++ * entity due to the multiplication below. */
++ e->format = EXIF_FORMAT_UNDEFINED;
++ }
+ }
+ }
+