Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Andreas Sturmlechner <asturm@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/libexif/files/, media-libs/libexif/
Date: Tue, 18 Sep 2018 09:23:10
Message-Id: 1537262565.96e70c303fbdd5949b7235132de1d4bf4a88a950.asturm@gentoo
1 commit: 96e70c303fbdd5949b7235132de1d4bf4a88a950
2 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
3 AuthorDate: Tue Sep 18 09:20:08 2018 +0000
4 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
5 CommitDate: Tue Sep 18 09:22:45 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96e70c30
7
8 media-libs/libexif: Fix CVE-2017-7544
9
10 Bug: https://bugs.gentoo.org/631850
11 Package-Manager: Portage-2.3.49, Repoman-2.3.10
12
13 .../files/libexif-0.6.21-CVE-2017-7544.patch | 30 ++++++++++++++++++++++
14 media-libs/libexif/libexif-0.6.21-r2.ebuild | 5 +++-
15 2 files changed, 34 insertions(+), 1 deletion(-)
16
17 diff --git a/media-libs/libexif/files/libexif-0.6.21-CVE-2017-7544.patch b/media-libs/libexif/files/libexif-0.6.21-CVE-2017-7544.patch
18 new file mode 100644
19 index 00000000000..534817417d8
20 --- /dev/null
21 +++ b/media-libs/libexif/files/libexif-0.6.21-CVE-2017-7544.patch
22 @@ -0,0 +1,30 @@
23 +From c39acd1692023b26290778a02a9232c873f9d71a Mon Sep 17 00:00:00 2001
24 +From: Marcus Meissner <marcus@×××××××××××.de>
25 +Date: Tue, 25 Jul 2017 23:38:56 +0200
26 +Subject: [PATCH] On saving makernotes, make sure the makernote container tags
27 + has a type with 1 byte components.
28 +
29 +Fixes (at least):
30 + https://sourceforge.net/p/libexif/bugs/130
31 + https://sourceforge.net/p/libexif/bugs/129
32 +---
33 + libexif/exif-data.c | 6 ++++++
34 + 1 file changed, 6 insertions(+)
35 +
36 +diff --git a/libexif/exif-data.c b/libexif/exif-data.c
37 +index 67df4db..91f4c33 100644
38 +--- a/libexif/exif-data.c
39 ++++ b/libexif/exif-data.c
40 +@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e,
41 + exif_mnote_data_set_offset (data->priv->md, *ds - 6);
42 + exif_mnote_data_save (data->priv->md, &e->data, &e->size);
43 + e->components = e->size;
44 ++ if (exif_format_get_size (e->format) != 1) {
45 ++ /* e->format is taken from input code,
46 ++ * but we need to make sure it is a 1 byte
47 ++ * entity due to the multiplication below. */
48 ++ e->format = EXIF_FORMAT_UNDEFINED;
49 ++ }
50 + }
51 + }
52 +
53
54 diff --git a/media-libs/libexif/libexif-0.6.21-r2.ebuild b/media-libs/libexif/libexif-0.6.21-r2.ebuild
55 index 252bbbbc790..26819985142 100644
56 --- a/media-libs/libexif/libexif-0.6.21-r2.ebuild
57 +++ b/media-libs/libexif/libexif-0.6.21-r2.ebuild
58 @@ -21,7 +21,10 @@ BDEPEND="
59 doc? ( app-doc/doxygen )
60 nls? ( sys-devel/gettext )"
61
62 -PATCHES=( "${FILESDIR}"/${PN}-0.6.13-pkgconfig.patch )
63 +PATCHES=(
64 + "${FILESDIR}"/${PN}-0.6.13-pkgconfig.patch
65 + "${FILESDIR}"/${P}-CVE-2017-7544.patch
66 +)
67
68 src_prepare() {
69 default
Report Message
Find on MARC Find on Google Groups