pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2004Q4]: pkgsrc/graphics/libexif Pullup ticket 349 - requested...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/33c8b5851d03
branches:  pkgsrc-2004Q4
changeset: 485967:33c8b5851d03
user:      snj <snj%pkgsrc.org@localhost>
date:      Fri Mar 11 06:08:38 2005 +0000

description:
Pullup ticket 349 - requested by Lubomir Sedlacik
security fix for libexif

Revisions pulled up:
- pkgsrc/graphics/libexif/Makefile              1.22
- pkgsrc/graphics/libexif/buildlink3.mk         1.6
- pkgsrc/graphics/libexif/distinfo              1.12
- pkgsrc/graphics/libexif/patches/patch-ab      1.1


    Module Name:    pkgsrc
    Committed By:   adam
    Date:           Thu Mar 10 19:22:22 UTC 2005

    Modified Files:
            pkgsrc/graphics/libexif: distinfo
    Added Files:
            pkgsrc/graphics/libexif/patches: patch-ab

    Log Message:
    Added a patch to fix buffer overflow:

      * SECURITY UPDATE: Fix buffer overflow.
      * libexif/exif-data.c: Add buffer size checks in several places before
        trying to access it.
      * Thanks to Sylvain Defresne for spotting this and the patch.
      * References:
        https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152

    Thanks to wiz@ for heads-up. :)

    ----

    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Thu Mar 10 22:21:56 UTC 2005

    Modified Files:
            pkgsrc/graphics/libexif: Makefile buildlink3.mk

    Log Message:
    Bump PKGREVISION and BUILDLINK_RECOMMENDED for the security fix. (hi adam!)

diffstat:

 graphics/libexif/Makefile         |   3 ++-
 graphics/libexif/buildlink3.mk    |   3 ++-
 graphics/libexif/distinfo         |   3 ++-
 graphics/libexif/patches/patch-ab |  32 ++++++++++++++++++++++++++++++++
 4 files changed, 38 insertions(+), 3 deletions(-)

diffs (76 lines):

diff -r c10116ffff2c -r 33c8b5851d03 graphics/libexif/Makefile
--- a/graphics/libexif/Makefile Thu Mar 10 13:25:00 2005 +0000
+++ b/graphics/libexif/Makefile Fri Mar 11 06:08:38 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.21 2004/10/27 19:30:23 drochner Exp $
+# $NetBSD: Makefile,v 1.21.2.1 2005/03/11 06:08:38 snj Exp $
 
 DISTNAME=      libexif-0.6.11
+PKGREVISION=   1
 CATEGORIES=    graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=libexif/}
 
diff -r c10116ffff2c -r 33c8b5851d03 graphics/libexif/buildlink3.mk
--- a/graphics/libexif/buildlink3.mk    Thu Mar 10 13:25:00 2005 +0000
+++ b/graphics/libexif/buildlink3.mk    Fri Mar 11 06:08:38 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.5 2004/10/30 00:59:02 minskim Exp $
+# $NetBSD: buildlink3.mk,v 1.5.2.1 2005/03/11 06:08:38 snj Exp $
 
 BUILDLINK_DEPTH:=      ${BUILDLINK_DEPTH}+
 LIBEXIF_BUILDLINK3_MK:=        ${LIBEXIF_BUILDLINK3_MK}+
@@ -12,6 +12,7 @@
 
 .if !empty(LIBEXIF_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.libexif+=    libexif>=0.6.11
+BUILDLINK_RECOMMENDED.libexif+=        libexif>=0.6.11nb1
 BUILDLINK_PKGSRCDIR.libexif?=  ../../graphics/libexif
 .endif # LIBEXIF_BUILDLINK3_MK
 
diff -r c10116ffff2c -r 33c8b5851d03 graphics/libexif/distinfo
--- a/graphics/libexif/distinfo Thu Mar 10 13:25:00 2005 +0000
+++ b/graphics/libexif/distinfo Fri Mar 11 06:08:38 2005 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.10 2004/10/27 19:30:23 drochner Exp $
+$NetBSD: distinfo,v 1.10.2.1 2005/03/11 06:08:38 snj Exp $
 
 SHA1 (libexif-0.6.11.tar.gz) = f522e097edfccac420c7779209aafeebbf09aa7c
 Size (libexif-0.6.11.tar.gz) = 546277 bytes
 SHA1 (patch-aa) = bcbdc84fc26c64ecac62699ab11bf55afe6b65c7
+SHA1 (patch-ab) = d778a593bc70a4c3a1413a4bfa508e98fdf2f71a
diff -r c10116ffff2c -r 33c8b5851d03 graphics/libexif/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/libexif/patches/patch-ab Fri Mar 11 06:08:38 2005 +0000
@@ -0,0 +1,32 @@
+$NetBSD: patch-ab,v 1.1.2.2 2005/03/11 06:08:38 snj Exp $
+
+--- libexif/exif-data.c.orig   Tue Oct  5 21:10:04 2004
++++ libexif/exif-data.c
+@@ -628,7 +628,7 @@ exif_data_load_data (ExifData *data, con
+                 "Found EXIF header.");
+ 
+       /* Byte order (offset 6, length 2) */
+-      if (ds < 12)
++      if (ds < 14)
+               return;
+       if (!memcmp (d + 6, "II", 2))
+               data->priv->order = EXIF_BYTE_ORDER_INTEL;
+@@ -646,12 +646,18 @@ exif_data_load_data (ExifData *data, con
+       exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", 
+                 "IFD 0 at %i.", (int) offset);
+ 
++      if (ds < 6 + 4 + offset)
++              return;
++
+       /* Parse the actual exif data (offset 14) */
+       exif_data_load_data_content (data, data->ifd[EXIF_IFD_0], d + 6,
+                                    ds - 6, offset);
+ 
+       /* IFD 1 offset */
+       n = exif_get_short (d + 6 + offset, data->priv->order);
++      if (ds < 6 + offset + 2 + 12 * n + 4)
++              return;
++
+       offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
+       if (offset) {
+               exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",



Home | Main Index | Thread Index | Old Index