pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2005Q1]: pkgsrc/graphics/libexif Pullup ticket 500 - requested...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/becd54630c98
branches:  pkgsrc-2005Q1
changeset: 491046:becd54630c98
user:      snj <snj%pkgsrc.org@localhost>
date:      Sat May 14 05:49:55 2005 +0000

description:
Pullup ticket 500 - requested by Lubomir Sedlacik
security fix for libexif

Revisions pulled up:
- pkgsrc/graphics/libexif/Makefile              1.24, 1.25
- pkgsrc/graphics/libexif/PLIST                 1.12
- pkgsrc/graphics/libexif/distinfo              1.13, 1.14, 1.15
- pkgsrc/graphics/libexif/buildlink3.mk         1.7
- pkgsrc/graphics/libexif/patches/patch-aa      1.3
- pkgsrc/graphics/libexif/patches/patch-ab      1.3
- pkgsrc/graphics/libexif/patches/patch-ac      1.1

    Module Name:    pkgsrc
    Committed By:   adam
    Date:           Wed Apr 20 12:40:41 UTC 2005

    Modified Files:
            pkgsrc/graphics/libexif: Makefile PLIST distinfo
    Removed Files:
            pkgsrc/graphics/libexif/patches: patch-aa patch-ab

    Log Message:
    Changes 0.6.12:
      * Final fix of Ubuntu Security Notice USN-91-1 (CAN-2005-0664)
        https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152
      * Updated build system with cross compile capabilities
      * Small fixes:
        Fix tag order, use even offsets, improve Nikon&Olympus mnote tags.
----
    Module Name:    pkgsrc
    Committed By:   minskim
    Date:           Mon May  9 13:21:16 UTC 2005

    Modified Files:
            pkgsrc/graphics/libexif: distinfo
    Added Files:
            pkgsrc/graphics/libexif/patches: patch-aa patch-ab

    Log Message:
    Declare a static function in .c, not in .h.
----
    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Fri May 13 11:58:00 UTC 2005

    Modified Files:
            pkgsrc/graphics/libexif: Makefile buildlink3.mk distinfo
    Added Files:
            pkgsrc/graphics/libexif/patches: patch-ac

    Log Message:
    Security fix:

    "Matthias Clasen has reported a vulnerability in libexif, which can be
    exploited by malicious people to cause a DoS (Denial of Service).

    The vulnerability is caused due to an infinite recursion in the
    "exif_data_load_data_content()" function and can be exploited to
    cause a stack overflow when parsing a specially crafted image.

    Successful exploitation may crash an application linked against the
    vulnerable library."

    Bump PKGREVISION.  Patch from:
    http://sourceforge.net/tracker/index.php?func=detail&aid=1196787&group_id=12272&atid=112272

diffstat:

 graphics/libexif/Makefile         |  13 +++---
 graphics/libexif/PLIST            |   9 ++--
 graphics/libexif/buildlink3.mk    |   4 +-
 graphics/libexif/distinfo         |  13 +++---
 graphics/libexif/patches/patch-aa |  29 +++++----------
 graphics/libexif/patches/patch-ab |  38 +++++---------------
 graphics/libexif/patches/patch-ac |  71 +++++++++++++++++++++++++++++++++++++++
 7 files changed, 111 insertions(+), 66 deletions(-)

diffs (248 lines):

diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/Makefile
--- a/graphics/libexif/Makefile Fri May 13 10:23:48 2005 +0000
+++ b/graphics/libexif/Makefile Sat May 14 05:49:55 2005 +0000
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.22 2005/03/10 22:21:56 salo Exp $
+# $NetBSD: Makefile,v 1.22.2.1 2005/05/14 05:49:55 snj Exp $
 
-DISTNAME=      libexif-0.6.11
+DISTNAME=      libexif-0.6.12
 PKGREVISION=   1
 CATEGORIES=    graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=libexif/}
+EXTRACT_SUFX=  .tar.bz2
 
 MAINTAINER=    adam%NetBSD.org@localhost
 HOMEPAGE=      http://libexif.sourceforge.net/
@@ -11,10 +12,10 @@
 
 PKG_INSTALLATION_TYPES=        overwrite pkgviews
 
-USE_BUILDLINK3=                YES
-USE_PKGLOCALEDIR=      YES
-GNU_CONFIGURE=         YES
-USE_LIBTOOL=           YES
+USE_BUILDLINK3=                yes
+USE_LIBTOOL=           yes
+USE_PKGLOCALEDIR=      yes
+GNU_CONFIGURE=         yes
 PKGCONFIG_OVERRIDE=    libexif/libexif.pc.in
 
 .include "../../devel/gettext-lib/buildlink3.mk"
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/PLIST
--- a/graphics/libexif/PLIST    Fri May 13 10:23:48 2005 +0000
+++ b/graphics/libexif/PLIST    Sat May 14 05:49:55 2005 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2004/10/27 19:30:23 drochner Exp $
+@comment $NetBSD: PLIST,v 1.11.4.1 2005/05/14 05:49:55 snj Exp $
 include/libexif/_stdint.h
 include/libexif/exif-byte-order.h
 include/libexif/exif-content.h
@@ -10,12 +10,11 @@
 include/libexif/exif-log.h
 include/libexif/exif-mem.h
 include/libexif/exif-mnote-data.h
-include/libexif/exif-result.h
 include/libexif/exif-tag.h
 include/libexif/exif-utils.h
 lib/libexif.la
 lib/pkgconfig/libexif.pc
-${PKGLOCALEDIR}/locale/de/LC_MESSAGES/libexif.mo
-${PKGLOCALEDIR}/locale/es/LC_MESSAGES/libexif.mo
-${PKGLOCALEDIR}/locale/fr/LC_MESSAGES/libexif.mo
+${PKGLOCALEDIR}/locale/de/LC_MESSAGES/libexif-12.mo
+${PKGLOCALEDIR}/locale/es/LC_MESSAGES/libexif-12.mo
+${PKGLOCALEDIR}/locale/fr/LC_MESSAGES/libexif-12.mo
 @dirrm include/libexif
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/buildlink3.mk
--- a/graphics/libexif/buildlink3.mk    Fri May 13 10:23:48 2005 +0000
+++ b/graphics/libexif/buildlink3.mk    Sat May 14 05:49:55 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2005/03/10 22:21:56 salo Exp $
+# $NetBSD: buildlink3.mk,v 1.6.2.1 2005/05/14 05:49:55 snj Exp $
 
 BUILDLINK_DEPTH:=      ${BUILDLINK_DEPTH}+
 LIBEXIF_BUILDLINK3_MK:=        ${LIBEXIF_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
 
 .if !empty(LIBEXIF_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.libexif+=    libexif>=0.6.11
-BUILDLINK_RECOMMENDED.libexif+=        libexif>=0.6.11nb1
+BUILDLINK_RECOMMENDED.libexif+=        libexif>=0.6.12nb1
 BUILDLINK_PKGSRCDIR.libexif?=  ../../graphics/libexif
 .endif # LIBEXIF_BUILDLINK3_MK
 
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/distinfo
--- a/graphics/libexif/distinfo Fri May 13 10:23:48 2005 +0000
+++ b/graphics/libexif/distinfo Sat May 14 05:49:55 2005 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.12 2005/03/10 19:22:22 adam Exp $
+$NetBSD: distinfo,v 1.12.2.1 2005/05/14 05:49:55 snj Exp $
 
-SHA1 (libexif-0.6.11.tar.gz) = f522e097edfccac420c7779209aafeebbf09aa7c
-RMD160 (libexif-0.6.11.tar.gz) = 306637ba3ce8b8a0c095ef5da5792d178bda37fb
-Size (libexif-0.6.11.tar.gz) = 546277 bytes
-SHA1 (patch-aa) = bcbdc84fc26c64ecac62699ab11bf55afe6b65c7
-SHA1 (patch-ab) = d778a593bc70a4c3a1413a4bfa508e98fdf2f71a
+SHA1 (libexif-0.6.12.tar.bz2) = 5d2c5976521e179d41ff8908b678b14f2e8e690b
+RMD160 (libexif-0.6.12.tar.bz2) = 24cfdb7663f0566f2907987e5dbc472c21b583d9
+Size (libexif-0.6.12.tar.bz2) = 378650 bytes
+SHA1 (patch-aa) = e32ab9cad1720f0b4d6178240e78193a97c4c876
+SHA1 (patch-ab) = 973ca09fc059d74e3221bba12e6e8f4630db20bb
+SHA1 (patch-ac) = 5c61cb1135b7254f0cd01127929a1bdea1de1053
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/patches/patch-aa
--- a/graphics/libexif/patches/patch-aa Fri May 13 10:23:48 2005 +0000
+++ b/graphics/libexif/patches/patch-aa Sat May 14 05:49:55 2005 +0000
@@ -1,21 +1,12 @@
-$NetBSD: patch-aa,v 1.1 2004/10/27 19:30:23 drochner Exp $
+$NetBSD: patch-aa,v 1.1.4.1 2005/05/14 05:49:56 snj Exp $
 
---- configure.orig     2004-10-27 15:07:12.000000000 +0200
-+++ configure
-@@ -25641,7 +25641,7 @@ if test "x$GCC" = "xyes"; then
- 
- fi
+--- libexif/exif-utils.h.orig  2005-03-12 20:27:13.000000000 -0600
++++ libexif/exif-utils.h
+@@ -45,7 +45,6 @@ typedef struct {ExifSLong numerator; Exi
  
--                                                                                                    ac_config_files="$ac_config_files Makefile libexif.spec libexif/Makefile libexif/canon/Makefile 
libexif/olympus/Makefile libexif/pentax/Makefile libjpeg/Makefile test/Makefile m4/Makefile libexif/libexif.pc"
-+                                                                                                    ac_config_files="$ac_config_files Makefile libexif.spec libexif/Makefile libexif/canon/Makefile 
libexif/olympus/Makefile libexif/pentax/Makefile libjpeg/Makefile po/Makefile.in test/Makefile m4/Makefile libexif/libexif.pc"
- cat >confcache <<\_ACEOF
- # This file is a shell script that caches the results of configure
- # tests run on this system so they can be shared between configure
-@@ -26219,6 +26219,7 @@ do
-   "libexif/olympus/Makefile" ) CONFIG_FILES="$CONFIG_FILES libexif/olympus/Makefile" ;;
-   "libexif/pentax/Makefile" ) CONFIG_FILES="$CONFIG_FILES libexif/pentax/Makefile" ;;
-   "libjpeg/Makefile" ) CONFIG_FILES="$CONFIG_FILES libjpeg/Makefile" ;;
-+  "po/Makefile.in" ) CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;;
-   "test/Makefile" ) CONFIG_FILES="$CONFIG_FILES test/Makefile" ;;
-   "m4/Makefile" ) CONFIG_FILES="$CONFIG_FILES m4/Makefile" ;;
-   "libexif/libexif.pc" ) CONFIG_FILES="$CONFIG_FILES libexif/libexif.pc" ;;
+ 
+ ExifShort     exif_get_short     (const unsigned char *b, ExifByteOrder order);
+-ExifSShort    exif_get_sshort    (const unsigned char *b, ExifByteOrder order);
+ ExifLong      exif_get_long      (const unsigned char *b, ExifByteOrder order);
+ ExifSLong     exif_get_slong     (const unsigned char *b, ExifByteOrder order);
+ ExifRational  exif_get_rational  (const unsigned char *b, ExifByteOrder order);
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/patches/patch-ab
--- a/graphics/libexif/patches/patch-ab Fri May 13 10:23:48 2005 +0000
+++ b/graphics/libexif/patches/patch-ab Sat May 14 05:49:55 2005 +0000
@@ -1,32 +1,14 @@
-$NetBSD: patch-ab,v 1.1 2005/03/10 19:22:22 adam Exp $
+$NetBSD: patch-ab,v 1.1.4.1 2005/05/14 05:49:56 snj Exp $
 
---- libexif/exif-data.c.orig   Tue Oct  5 21:10:04 2004
-+++ libexif/exif-data.c
-@@ -628,7 +628,7 @@ exif_data_load_data (ExifData *data, con
-                 "Found EXIF header.");
+--- libexif/exif-utils.c.orig  2005-03-12 20:27:13.000000000 -0600
++++ libexif/exif-utils.c
+@@ -22,6 +22,9 @@
  
-       /* Byte order (offset 6, length 2) */
--      if (ds < 12)
-+      if (ds < 14)
-               return;
-       if (!memcmp (d + 6, "II", 2))
-               data->priv->order = EXIF_BYTE_ORDER_INTEL;
-@@ -646,12 +646,18 @@ exif_data_load_data (ExifData *data, con
-       exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", 
-                 "IFD 0 at %i.", (int) offset);
+ #include <libexif/exif-utils.h>
  
-+      if (ds < 6 + 4 + offset)
-+              return;
++static ExifSShort
++exif_get_sshort (const unsigned char *buf, ExifByteOrder order);
 +
-       /* Parse the actual exif data (offset 14) */
-       exif_data_load_data_content (data, data->ifd[EXIF_IFD_0], d + 6,
-                                    ds - 6, offset);
- 
-       /* IFD 1 offset */
-       n = exif_get_short (d + 6 + offset, data->priv->order);
-+      if (ds < 6 + offset + 2 + 12 * n + 4)
-+              return;
-+
-       offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
-       if (offset) {
-               exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+ void
+ exif_array_set_byte_order (ExifFormat f, unsigned char *b, unsigned int n,
+               ExifByteOrder o_orig, ExifByteOrder o_new)
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/libexif/patches/patch-ac Sat May 14 05:49:55 2005 +0000
@@ -0,0 +1,71 @@
+$NetBSD: patch-ac,v 1.1.2.2 2005/05/14 05:49:56 snj Exp $
+
+--- libexif/exif-data.c.orig   2005-03-13 03:27:13.000000000 +0100
++++ libexif/exif-data.c        2005-05-13 13:48:13.000000000 +0200
+@@ -284,9 +284,10 @@
+ }
+ 
+ static void
+-exif_data_load_data_content (ExifData *data, ExifContent *ifd,
++exif_data_load_data_content_recurse (ExifData *data, ExifContent *ifd,
+                            const unsigned char *d,
+-                           unsigned int ds, unsigned int offset)
++                                   unsigned int ds, unsigned int offset,
++                                   unsigned int level)
+ {
+       ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
+       ExifShort n;
+@@ -296,6 +297,13 @@
+ 
+       if (!data || !data->priv) return;
+ 
++      if (level > 150)
++        {
++          exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
++                    "Deep recursion in exif_data_load_data_content");
++          return 0;
++        }
++
+       /* Read the number of entries */
+       if (offset >= ds - 1) return;
+       n = exif_get_short (d + offset, data->priv->order);
+@@ -320,18 +328,18 @@
+                       switch (tag) {
+                       case EXIF_TAG_EXIF_IFD_POINTER:
+                               CHECK_REC (EXIF_IFD_EXIF);
+-                              exif_data_load_data_content (data,
+-                                      data->ifd[EXIF_IFD_EXIF], d, ds, o);
++                              exif_data_load_data_content_recurse (data,
++                                      data->ifd[EXIF_IFD_EXIF], d, ds, o, level + 1);
+                               break;
+                       case EXIF_TAG_GPS_INFO_IFD_POINTER:
+                               CHECK_REC (EXIF_IFD_GPS);
+-                              exif_data_load_data_content (data,
+-                                      data->ifd[EXIF_IFD_GPS], d, ds, o);
++                              exif_data_load_data_content_recurse (data,
++                                      data->ifd[EXIF_IFD_GPS], d, ds, o, level + 1);
+                               break;
+                       case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
+                               CHECK_REC (EXIF_IFD_INTEROPERABILITY);
+-                              exif_data_load_data_content (data,
+-                                      data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o);
++                              exif_data_load_data_content_recurse (data,
++                                      data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o, level + 1);
+                               break;
+                       case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
+                               thumbnail_offset = o;
+@@ -373,6 +381,14 @@
+ }
+ 
+ static void
++exif_data_load_data_content (ExifData *data, ExifContent *ifd,
++                           const unsigned char *d,
++                           unsigned int ds, unsigned int offset)
++{
++  exif_data_load_data_content_recurse (data, ifd, d, ds, offset, 0);
++}
++
++static void
+ exif_data_save_data_content (ExifData *data, ExifContent *ifd,
+                            unsigned char **d, unsigned int *ds,
+                            unsigned int offset)



Home | Main Index | Thread Index | Old Index