pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/libexif libexif: Add a patch from upstream to...
details: https://anonhg.NetBSD.org/pkgsrc/rev/bada54b43808
branches: trunk
changeset: 324263:bada54b43808
user: leot <leot%pkgsrc.org@localhost>
date: Sat Oct 13 10:17:30 2018 +0000
description:
libexif: Add a patch from upstream to address CVE-2017-7544
Bump PKGREVISION
diffstat:
graphics/libexif/Makefile | 3 +-
graphics/libexif/distinfo | 3 +-
graphics/libexif/patches/patch-libexif_exif-data.c | 29 ++++++++++++++++++++++
3 files changed, 33 insertions(+), 2 deletions(-)
diffs (57 lines):
diff -r 7276d020dd47 -r bada54b43808 graphics/libexif/Makefile
--- a/graphics/libexif/Makefile Sat Oct 13 10:04:21 2018 +0000
+++ b/graphics/libexif/Makefile Sat Oct 13 10:17:30 2018 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.43 2014/10/09 14:06:36 wiz Exp $
+# $NetBSD: Makefile,v 1.44 2018/10/13 10:17:30 leot Exp $
DISTNAME= libexif-0.6.21
+PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libexif/}
EXTRACT_SUFX= .tar.bz2
diff -r 7276d020dd47 -r bada54b43808 graphics/libexif/distinfo
--- a/graphics/libexif/distinfo Sat Oct 13 10:04:21 2018 +0000
+++ b/graphics/libexif/distinfo Sat Oct 13 10:17:30 2018 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.29 2015/11/03 21:34:07 agc Exp $
+$NetBSD: distinfo,v 1.30 2018/10/13 10:17:30 leot Exp $
SHA1 (libexif-0.6.21.tar.bz2) = a52219b12dbc8d33fc096468591170fda71316c0
RMD160 (libexif-0.6.21.tar.bz2) = 979f06096b7271d8713c1766e0ad5dfabb06c531
SHA512 (libexif-0.6.21.tar.bz2) = 4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35
Size (libexif-0.6.21.tar.bz2) = 1368435 bytes
+SHA1 (patch-libexif_exif-data.c) = 50934bfb6686d411f0277d6e0868596347f5b5a5
diff -r 7276d020dd47 -r bada54b43808 graphics/libexif/patches/patch-libexif_exif-data.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/libexif/patches/patch-libexif_exif-data.c Sat Oct 13 10:17:30 2018 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-libexif_exif-data.c,v 1.1 2018/10/13 10:17:30 leot Exp $
+
+Backport patch to fix CVE-2017-7544 from upstream commit id
+c39acd1692023b26290778a02a9232c873f9d71a:
+
+ <https://github.com/libexif/libexif/commit/c39acd1692023b26290778a02a9232c873f9d71a>
+
+On saving makernotes, make sure the makernote container tags has a type with 1
+byte components.
+
+Fixes (at least):
+ https://sourceforge.net/p/libexif/bugs/130
+ https://sourceforge.net/p/libexif/bugs/129
+
+--- libexif/exif-data.c.orig 2012-07-12 18:31:56.000000000 +0000
++++ libexif/exif-data.c
+@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *dat
+ exif_mnote_data_set_offset (data->priv->md, *ds - 6);
+ exif_mnote_data_save (data->priv->md, &e->data, &e->size);
+ e->components = e->size;
++ if (exif_format_get_size (e->format) != 1) {
++ /* e->format is taken from input code,
++ * but we need to make sure it is a 1 byte
++ * entity due to the multiplication below. */
++ e->format = EXIF_FORMAT_UNDEFINED;
++ }
+ }
+ }
+
Home |
Main Index |
Thread Index |
Old Index