pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/libexif Security fix:
details: https://anonhg.NetBSD.org/pkgsrc/rev/0c9be8015778
branches: trunk
changeset: 493719:0c9be8015778
user: salo <salo%pkgsrc.org@localhost>
date: Fri May 13 11:57:59 2005 +0000
description:
Security fix:
"Matthias Clasen has reported a vulnerability in libexif, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an infinite recursion in the
"exif_data_load_data_content()" function and can be exploited to
cause a stack overflow when parsing a specially crafted image.
Successful exploitation may crash an application linked against the
vulnerable library."
Bump PKGREVISION. Patch from:
http://sourceforge.net/tracker/index.php?func=detail&aid=1196787&group_id=12272&atid=112272
diffstat:
graphics/libexif/Makefile | 3 +-
graphics/libexif/buildlink3.mk | 4 +-
graphics/libexif/distinfo | 3 +-
graphics/libexif/patches/patch-ac | 71 +++++++++++++++++++++++++++++++++++++++
4 files changed, 77 insertions(+), 4 deletions(-)
diffs (118 lines):
diff -r 0d888331eb3d -r 0c9be8015778 graphics/libexif/Makefile
--- a/graphics/libexif/Makefile Fri May 13 11:13:11 2005 +0000
+++ b/graphics/libexif/Makefile Fri May 13 11:57:59 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.24 2005/04/20 12:40:40 adam Exp $
+# $NetBSD: Makefile,v 1.25 2005/05/13 11:57:59 salo Exp $
DISTNAME= libexif-0.6.12
+PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libexif/}
EXTRACT_SUFX= .tar.bz2
diff -r 0d888331eb3d -r 0c9be8015778 graphics/libexif/buildlink3.mk
--- a/graphics/libexif/buildlink3.mk Fri May 13 11:13:11 2005 +0000
+++ b/graphics/libexif/buildlink3.mk Fri May 13 11:57:59 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2005/03/10 22:21:56 salo Exp $
+# $NetBSD: buildlink3.mk,v 1.7 2005/05/13 11:57:59 salo Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
LIBEXIF_BUILDLINK3_MK:= ${LIBEXIF_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
.if !empty(LIBEXIF_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.libexif+= libexif>=0.6.11
-BUILDLINK_RECOMMENDED.libexif+= libexif>=0.6.11nb1
+BUILDLINK_RECOMMENDED.libexif+= libexif>=0.6.12nb1
BUILDLINK_PKGSRCDIR.libexif?= ../../graphics/libexif
.endif # LIBEXIF_BUILDLINK3_MK
diff -r 0d888331eb3d -r 0c9be8015778 graphics/libexif/distinfo
--- a/graphics/libexif/distinfo Fri May 13 11:13:11 2005 +0000
+++ b/graphics/libexif/distinfo Fri May 13 11:57:59 2005 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.14 2005/05/09 13:21:16 minskim Exp $
+$NetBSD: distinfo,v 1.15 2005/05/13 11:57:59 salo Exp $
SHA1 (libexif-0.6.12.tar.bz2) = 5d2c5976521e179d41ff8908b678b14f2e8e690b
RMD160 (libexif-0.6.12.tar.bz2) = 24cfdb7663f0566f2907987e5dbc472c21b583d9
Size (libexif-0.6.12.tar.bz2) = 378650 bytes
SHA1 (patch-aa) = e32ab9cad1720f0b4d6178240e78193a97c4c876
SHA1 (patch-ab) = 973ca09fc059d74e3221bba12e6e8f4630db20bb
+SHA1 (patch-ac) = 5c61cb1135b7254f0cd01127929a1bdea1de1053
diff -r 0d888331eb3d -r 0c9be8015778 graphics/libexif/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/libexif/patches/patch-ac Fri May 13 11:57:59 2005 +0000
@@ -0,0 +1,71 @@
+$NetBSD: patch-ac,v 1.1 2005/05/13 11:57:59 salo Exp $
+
+--- libexif/exif-data.c.orig 2005-03-13 03:27:13.000000000 +0100
++++ libexif/exif-data.c 2005-05-13 13:48:13.000000000 +0200
+@@ -284,9 +284,10 @@
+ }
+
+ static void
+-exif_data_load_data_content (ExifData *data, ExifContent *ifd,
++exif_data_load_data_content_recurse (ExifData *data, ExifContent *ifd,
+ const unsigned char *d,
+- unsigned int ds, unsigned int offset)
++ unsigned int ds, unsigned int offset,
++ unsigned int level)
+ {
+ ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
+ ExifShort n;
+@@ -296,6 +297,13 @@
+
+ if (!data || !data->priv) return;
+
++ if (level > 150)
++ {
++ exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
++ "Deep recursion in exif_data_load_data_content");
++ return 0;
++ }
++
+ /* Read the number of entries */
+ if (offset >= ds - 1) return;
+ n = exif_get_short (d + offset, data->priv->order);
+@@ -320,18 +328,18 @@
+ switch (tag) {
+ case EXIF_TAG_EXIF_IFD_POINTER:
+ CHECK_REC (EXIF_IFD_EXIF);
+- exif_data_load_data_content (data,
+- data->ifd[EXIF_IFD_EXIF], d, ds, o);
++ exif_data_load_data_content_recurse (data,
++ data->ifd[EXIF_IFD_EXIF], d, ds, o, level + 1);
+ break;
+ case EXIF_TAG_GPS_INFO_IFD_POINTER:
+ CHECK_REC (EXIF_IFD_GPS);
+- exif_data_load_data_content (data,
+- data->ifd[EXIF_IFD_GPS], d, ds, o);
++ exif_data_load_data_content_recurse (data,
++ data->ifd[EXIF_IFD_GPS], d, ds, o, level + 1);
+ break;
+ case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
+ CHECK_REC (EXIF_IFD_INTEROPERABILITY);
+- exif_data_load_data_content (data,
+- data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o);
++ exif_data_load_data_content_recurse (data,
++ data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o, level + 1);
+ break;
+ case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
+ thumbnail_offset = o;
+@@ -373,6 +381,14 @@
+ }
+
+ static void
++exif_data_load_data_content (ExifData *data, ExifContent *ifd,
++ const unsigned char *d,
++ unsigned int ds, unsigned int offset)
++{
++ exif_data_load_data_content_recurse (data, ifd, d, ds, offset, 0);
++}
++
++static void
+ exif_data_save_data_content (ExifData *data, ExifContent *ifd,
+ unsigned char **d, unsigned int *ds,
+ unsigned int offset)
Home |
Main Index |
Thread Index |
Old Index