From 10c0b54420bee6fee9d3fbe10ee1f9b4973477e7 Mon Sep 17 00:00:00 2001 From: snj Date: Sat, 14 May 2005 05:49:55 +0000 Subject: Pullup ticket 500 - requested by Lubomir Sedlacik security fix for libexif Revisions pulled up: - pkgsrc/graphics/libexif/Makefile 1.24, 1.25 - pkgsrc/graphics/libexif/PLIST 1.12 - pkgsrc/graphics/libexif/distinfo 1.13, 1.14, 1.15 - pkgsrc/graphics/libexif/buildlink3.mk 1.7 - pkgsrc/graphics/libexif/patches/patch-aa 1.3 - pkgsrc/graphics/libexif/patches/patch-ab 1.3 - pkgsrc/graphics/libexif/patches/patch-ac 1.1 Module Name: pkgsrc Committed By: adam Date: Wed Apr 20 12:40:41 UTC 2005 Modified Files: pkgsrc/graphics/libexif: Makefile PLIST distinfo Removed Files: pkgsrc/graphics/libexif/patches: patch-aa patch-ab Log Message: Changes 0.6.12: * Final fix of Ubuntu Security Notice USN-91-1 (CAN-2005-0664) https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152 * Updated build system with cross compile capabilities * Small fixes: Fix tag order, use even offsets, improve Nikon&Olympus mnote tags. ---- Module Name: pkgsrc Committed By: minskim Date: Mon May 9 13:21:16 UTC 2005 Modified Files: pkgsrc/graphics/libexif: distinfo Added Files: pkgsrc/graphics/libexif/patches: patch-aa patch-ab Log Message: Declare a static function in .c, not in .h. ---- Module Name: pkgsrc Committed By: salo Date: Fri May 13 11:58:00 UTC 2005 Modified Files: pkgsrc/graphics/libexif: Makefile buildlink3.mk distinfo Added Files: pkgsrc/graphics/libexif/patches: patch-ac Log Message: Security fix: "Matthias Clasen has reported a vulnerability in libexif, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an infinite recursion in the "exif_data_load_data_content()" function and can be exploited to cause a stack overflow when parsing a specially crafted image. Successful exploitation may crash an application linked against the vulnerable library." Bump PKGREVISION. Patch from: http://sourceforge.net/tracker/index.php?func=detail&aid=1196787&group_id=12272&atid=112272 --- graphics/libexif/Makefile | 13 +++---- graphics/libexif/PLIST | 9 +++-- graphics/libexif/buildlink3.mk | 4 +-- graphics/libexif/distinfo | 13 +++---- graphics/libexif/patches/patch-aa | 27 +++++---------- graphics/libexif/patches/patch-ab | 38 ++++++--------------- graphics/libexif/patches/patch-ac | 71 +++++++++++++++++++++++++++++++++++++++ 7 files changed, 110 insertions(+), 65 deletions(-) create mode 100644 graphics/libexif/patches/patch-ac (limited to 'graphics') diff --git a/graphics/libexif/Makefile b/graphics/libexif/Makefile index eb4c7777b93..a8b8f162522 100644 --- a/graphics/libexif/Makefile +++ b/graphics/libexif/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.22 2005/03/10 22:21:56 salo Exp $ +# $NetBSD: Makefile,v 1.22.2.1 2005/05/14 05:49:55 snj Exp $ -DISTNAME= libexif-0.6.11 +DISTNAME= libexif-0.6.12 PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libexif/} +EXTRACT_SUFX= .tar.bz2 MAINTAINER= adam@NetBSD.org HOMEPAGE= http://libexif.sourceforge.net/ @@ -11,10 +12,10 @@ COMMENT= EXIF file library PKG_INSTALLATION_TYPES= overwrite pkgviews -USE_BUILDLINK3= YES -USE_PKGLOCALEDIR= YES -GNU_CONFIGURE= YES -USE_LIBTOOL= YES +USE_BUILDLINK3= yes +USE_LIBTOOL= yes +USE_PKGLOCALEDIR= yes +GNU_CONFIGURE= yes PKGCONFIG_OVERRIDE= libexif/libexif.pc.in .include "../../devel/gettext-lib/buildlink3.mk" diff --git a/graphics/libexif/PLIST b/graphics/libexif/PLIST index 1351955c2ab..23ac90d0d3a 100644 --- a/graphics/libexif/PLIST +++ b/graphics/libexif/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.11 2004/10/27 19:30:23 drochner Exp $ +@comment $NetBSD: PLIST,v 1.11.4.1 2005/05/14 05:49:55 snj Exp $ include/libexif/_stdint.h include/libexif/exif-byte-order.h include/libexif/exif-content.h @@ -10,12 +10,11 @@ include/libexif/exif-loader.h include/libexif/exif-log.h include/libexif/exif-mem.h include/libexif/exif-mnote-data.h -include/libexif/exif-result.h include/libexif/exif-tag.h include/libexif/exif-utils.h lib/libexif.la lib/pkgconfig/libexif.pc -${PKGLOCALEDIR}/locale/de/LC_MESSAGES/libexif.mo -${PKGLOCALEDIR}/locale/es/LC_MESSAGES/libexif.mo -${PKGLOCALEDIR}/locale/fr/LC_MESSAGES/libexif.mo +${PKGLOCALEDIR}/locale/de/LC_MESSAGES/libexif-12.mo +${PKGLOCALEDIR}/locale/es/LC_MESSAGES/libexif-12.mo +${PKGLOCALEDIR}/locale/fr/LC_MESSAGES/libexif-12.mo @dirrm include/libexif diff --git a/graphics/libexif/buildlink3.mk b/graphics/libexif/buildlink3.mk index 56200d3412f..cf2241400e9 100644 --- a/graphics/libexif/buildlink3.mk +++ b/graphics/libexif/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.6 2005/03/10 22:21:56 salo Exp $ +# $NetBSD: buildlink3.mk,v 1.6.2.1 2005/05/14 05:49:55 snj Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ LIBEXIF_BUILDLINK3_MK:= ${LIBEXIF_BUILDLINK3_MK}+ @@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+= libexif .if !empty(LIBEXIF_BUILDLINK3_MK:M+) BUILDLINK_DEPENDS.libexif+= libexif>=0.6.11 -BUILDLINK_RECOMMENDED.libexif+= libexif>=0.6.11nb1 +BUILDLINK_RECOMMENDED.libexif+= libexif>=0.6.12nb1 BUILDLINK_PKGSRCDIR.libexif?= ../../graphics/libexif .endif # LIBEXIF_BUILDLINK3_MK diff --git a/graphics/libexif/distinfo b/graphics/libexif/distinfo index 2fd7f941efc..764f61d698f 100644 --- a/graphics/libexif/distinfo +++ b/graphics/libexif/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.12 2005/03/10 19:22:22 adam Exp $ +$NetBSD: distinfo,v 1.12.2.1 2005/05/14 05:49:55 snj Exp $ -SHA1 (libexif-0.6.11.tar.gz) = f522e097edfccac420c7779209aafeebbf09aa7c -RMD160 (libexif-0.6.11.tar.gz) = 306637ba3ce8b8a0c095ef5da5792d178bda37fb -Size (libexif-0.6.11.tar.gz) = 546277 bytes -SHA1 (patch-aa) = bcbdc84fc26c64ecac62699ab11bf55afe6b65c7 -SHA1 (patch-ab) = d778a593bc70a4c3a1413a4bfa508e98fdf2f71a +SHA1 (libexif-0.6.12.tar.bz2) = 5d2c5976521e179d41ff8908b678b14f2e8e690b +RMD160 (libexif-0.6.12.tar.bz2) = 24cfdb7663f0566f2907987e5dbc472c21b583d9 +Size (libexif-0.6.12.tar.bz2) = 378650 bytes +SHA1 (patch-aa) = e32ab9cad1720f0b4d6178240e78193a97c4c876 +SHA1 (patch-ab) = 973ca09fc059d74e3221bba12e6e8f4630db20bb +SHA1 (patch-ac) = 5c61cb1135b7254f0cd01127929a1bdea1de1053 diff --git a/graphics/libexif/patches/patch-aa b/graphics/libexif/patches/patch-aa index a827de40cae..d95d59c4a6e 100644 --- a/graphics/libexif/patches/patch-aa +++ b/graphics/libexif/patches/patch-aa @@ -1,21 +1,12 @@ -$NetBSD: patch-aa,v 1.1 2004/10/27 19:30:23 drochner Exp $ +$NetBSD: patch-aa,v 1.1.4.1 2005/05/14 05:49:56 snj Exp $ ---- configure.orig 2004-10-27 15:07:12.000000000 +0200 -+++ configure -@@ -25641,7 +25641,7 @@ if test "x$GCC" = "xyes"; then +--- libexif/exif-utils.h.orig 2005-03-12 20:27:13.000000000 -0600 ++++ libexif/exif-utils.h +@@ -45,7 +45,6 @@ typedef struct {ExifSLong numerator; Exi - fi -- ac_config_files="$ac_config_files Makefile libexif.spec libexif/Makefile libexif/canon/Makefile libexif/olympus/Makefile libexif/pentax/Makefile libjpeg/Makefile test/Makefile m4/Makefile libexif/libexif.pc" -+ ac_config_files="$ac_config_files Makefile libexif.spec libexif/Makefile libexif/canon/Makefile libexif/olympus/Makefile libexif/pentax/Makefile libjpeg/Makefile po/Makefile.in test/Makefile m4/Makefile libexif/libexif.pc" - cat >confcache <<\_ACEOF - # This file is a shell script that caches the results of configure - # tests run on this system so they can be shared between configure -@@ -26219,6 +26219,7 @@ do - "libexif/olympus/Makefile" ) CONFIG_FILES="$CONFIG_FILES libexif/olympus/Makefile" ;; - "libexif/pentax/Makefile" ) CONFIG_FILES="$CONFIG_FILES libexif/pentax/Makefile" ;; - "libjpeg/Makefile" ) CONFIG_FILES="$CONFIG_FILES libjpeg/Makefile" ;; -+ "po/Makefile.in" ) CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;; - "test/Makefile" ) CONFIG_FILES="$CONFIG_FILES test/Makefile" ;; - "m4/Makefile" ) CONFIG_FILES="$CONFIG_FILES m4/Makefile" ;; - "libexif/libexif.pc" ) CONFIG_FILES="$CONFIG_FILES libexif/libexif.pc" ;; + ExifShort exif_get_short (const unsigned char *b, ExifByteOrder order); +-ExifSShort exif_get_sshort (const unsigned char *b, ExifByteOrder order); + ExifLong exif_get_long (const unsigned char *b, ExifByteOrder order); + ExifSLong exif_get_slong (const unsigned char *b, ExifByteOrder order); + ExifRational exif_get_rational (const unsigned char *b, ExifByteOrder order); diff --git a/graphics/libexif/patches/patch-ab b/graphics/libexif/patches/patch-ab index 6f1806095c9..8ad9a6c8021 100644 --- a/graphics/libexif/patches/patch-ab +++ b/graphics/libexif/patches/patch-ab @@ -1,32 +1,14 @@ -$NetBSD: patch-ab,v 1.1 2005/03/10 19:22:22 adam Exp $ +$NetBSD: patch-ab,v 1.1.4.1 2005/05/14 05:49:56 snj Exp $ ---- libexif/exif-data.c.orig Tue Oct 5 21:10:04 2004 -+++ libexif/exif-data.c -@@ -628,7 +628,7 @@ exif_data_load_data (ExifData *data, con - "Found EXIF header."); +--- libexif/exif-utils.c.orig 2005-03-12 20:27:13.000000000 -0600 ++++ libexif/exif-utils.c +@@ -22,6 +22,9 @@ - /* Byte order (offset 6, length 2) */ -- if (ds < 12) -+ if (ds < 14) - return; - if (!memcmp (d + 6, "II", 2)) - data->priv->order = EXIF_BYTE_ORDER_INTEL; -@@ -646,12 +646,18 @@ exif_data_load_data (ExifData *data, con - exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", - "IFD 0 at %i.", (int) offset); + #include -+ if (ds < 6 + 4 + offset) -+ return; ++static ExifSShort ++exif_get_sshort (const unsigned char *buf, ExifByteOrder order); + - /* Parse the actual exif data (offset 14) */ - exif_data_load_data_content (data, data->ifd[EXIF_IFD_0], d + 6, - ds - 6, offset); - - /* IFD 1 offset */ - n = exif_get_short (d + 6 + offset, data->priv->order); -+ if (ds < 6 + offset + 2 + 12 * n + 4) -+ return; -+ - offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order); - if (offset) { - exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", + void + exif_array_set_byte_order (ExifFormat f, unsigned char *b, unsigned int n, + ExifByteOrder o_orig, ExifByteOrder o_new) diff --git a/graphics/libexif/patches/patch-ac b/graphics/libexif/patches/patch-ac new file mode 100644 index 00000000000..522ee8f0e0f --- /dev/null +++ b/graphics/libexif/patches/patch-ac @@ -0,0 +1,71 @@ +$NetBSD: patch-ac,v 1.1.2.2 2005/05/14 05:49:56 snj Exp $ + +--- libexif/exif-data.c.orig 2005-03-13 03:27:13.000000000 +0100 ++++ libexif/exif-data.c 2005-05-13 13:48:13.000000000 +0200 +@@ -284,9 +284,10 @@ + } + + static void +-exif_data_load_data_content (ExifData *data, ExifContent *ifd, ++exif_data_load_data_content_recurse (ExifData *data, ExifContent *ifd, + const unsigned char *d, +- unsigned int ds, unsigned int offset) ++ unsigned int ds, unsigned int offset, ++ unsigned int level) + { + ExifLong o, thumbnail_offset = 0, thumbnail_length = 0; + ExifShort n; +@@ -296,6 +297,13 @@ + + if (!data || !data->priv) return; + ++ if (level > 150) ++ { ++ exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", ++ "Deep recursion in exif_data_load_data_content"); ++ return 0; ++ } ++ + /* Read the number of entries */ + if (offset >= ds - 1) return; + n = exif_get_short (d + offset, data->priv->order); +@@ -320,18 +328,18 @@ + switch (tag) { + case EXIF_TAG_EXIF_IFD_POINTER: + CHECK_REC (EXIF_IFD_EXIF); +- exif_data_load_data_content (data, +- data->ifd[EXIF_IFD_EXIF], d, ds, o); ++ exif_data_load_data_content_recurse (data, ++ data->ifd[EXIF_IFD_EXIF], d, ds, o, level + 1); + break; + case EXIF_TAG_GPS_INFO_IFD_POINTER: + CHECK_REC (EXIF_IFD_GPS); +- exif_data_load_data_content (data, +- data->ifd[EXIF_IFD_GPS], d, ds, o); ++ exif_data_load_data_content_recurse (data, ++ data->ifd[EXIF_IFD_GPS], d, ds, o, level + 1); + break; + case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: + CHECK_REC (EXIF_IFD_INTEROPERABILITY); +- exif_data_load_data_content (data, +- data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o); ++ exif_data_load_data_content_recurse (data, ++ data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o, level + 1); + break; + case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: + thumbnail_offset = o; +@@ -373,6 +381,14 @@ + } + + static void ++exif_data_load_data_content (ExifData *data, ExifContent *ifd, ++ const unsigned char *d, ++ unsigned int ds, unsigned int offset) ++{ ++ exif_data_load_data_content_recurse (data, ifd, d, ds, offset, 0); ++} ++ ++static void + exif_data_save_data_content (ExifData *data, ExifContent *ifd, + unsigned char **d, unsigned int *ds, + unsigned int offset) -- cgit v1.2.3