pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q1]: pkgsrc/graphics/libexif Pullup ticket 500 - requested...
details: https://anonhg.NetBSD.org/pkgsrc/rev/becd54630c98
branches: pkgsrc-2005Q1
changeset: 491046:becd54630c98
user: snj <snj%pkgsrc.org@localhost>
date: Sat May 14 05:49:55 2005 +0000
description:
Pullup ticket 500 - requested by Lubomir Sedlacik
security fix for libexif
Revisions pulled up:
- pkgsrc/graphics/libexif/Makefile 1.24, 1.25
- pkgsrc/graphics/libexif/PLIST 1.12
- pkgsrc/graphics/libexif/distinfo 1.13, 1.14, 1.15
- pkgsrc/graphics/libexif/buildlink3.mk 1.7
- pkgsrc/graphics/libexif/patches/patch-aa 1.3
- pkgsrc/graphics/libexif/patches/patch-ab 1.3
- pkgsrc/graphics/libexif/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: adam
Date: Wed Apr 20 12:40:41 UTC 2005
Modified Files:
pkgsrc/graphics/libexif: Makefile PLIST distinfo
Removed Files:
pkgsrc/graphics/libexif/patches: patch-aa patch-ab
Log Message:
Changes 0.6.12:
* Final fix of Ubuntu Security Notice USN-91-1 (CAN-2005-0664)
https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152
* Updated build system with cross compile capabilities
* Small fixes:
Fix tag order, use even offsets, improve Nikon&Olympus mnote tags.
----
Module Name: pkgsrc
Committed By: minskim
Date: Mon May 9 13:21:16 UTC 2005
Modified Files:
pkgsrc/graphics/libexif: distinfo
Added Files:
pkgsrc/graphics/libexif/patches: patch-aa patch-ab
Log Message:
Declare a static function in .c, not in .h.
----
Module Name: pkgsrc
Committed By: salo
Date: Fri May 13 11:58:00 UTC 2005
Modified Files:
pkgsrc/graphics/libexif: Makefile buildlink3.mk distinfo
Added Files:
pkgsrc/graphics/libexif/patches: patch-ac
Log Message:
Security fix:
"Matthias Clasen has reported a vulnerability in libexif, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an infinite recursion in the
"exif_data_load_data_content()" function and can be exploited to
cause a stack overflow when parsing a specially crafted image.
Successful exploitation may crash an application linked against the
vulnerable library."
Bump PKGREVISION. Patch from:
http://sourceforge.net/tracker/index.php?func=detail&aid=1196787&group_id=12272&atid=112272
diffstat:
graphics/libexif/Makefile | 13 +++---
graphics/libexif/PLIST | 9 ++--
graphics/libexif/buildlink3.mk | 4 +-
graphics/libexif/distinfo | 13 +++---
graphics/libexif/patches/patch-aa | 29 +++++----------
graphics/libexif/patches/patch-ab | 38 +++++---------------
graphics/libexif/patches/patch-ac | 71 +++++++++++++++++++++++++++++++++++++++
7 files changed, 111 insertions(+), 66 deletions(-)
diffs (248 lines):
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/Makefile
--- a/graphics/libexif/Makefile Fri May 13 10:23:48 2005 +0000
+++ b/graphics/libexif/Makefile Sat May 14 05:49:55 2005 +0000
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.22 2005/03/10 22:21:56 salo Exp $
+# $NetBSD: Makefile,v 1.22.2.1 2005/05/14 05:49:55 snj Exp $
-DISTNAME= libexif-0.6.11
+DISTNAME= libexif-0.6.12
PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libexif/}
+EXTRACT_SUFX= .tar.bz2
MAINTAINER= adam%NetBSD.org@localhost
HOMEPAGE= http://libexif.sourceforge.net/
@@ -11,10 +12,10 @@
PKG_INSTALLATION_TYPES= overwrite pkgviews
-USE_BUILDLINK3= YES
-USE_PKGLOCALEDIR= YES
-GNU_CONFIGURE= YES
-USE_LIBTOOL= YES
+USE_BUILDLINK3= yes
+USE_LIBTOOL= yes
+USE_PKGLOCALEDIR= yes
+GNU_CONFIGURE= yes
PKGCONFIG_OVERRIDE= libexif/libexif.pc.in
.include "../../devel/gettext-lib/buildlink3.mk"
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/PLIST
--- a/graphics/libexif/PLIST Fri May 13 10:23:48 2005 +0000
+++ b/graphics/libexif/PLIST Sat May 14 05:49:55 2005 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2004/10/27 19:30:23 drochner Exp $
+@comment $NetBSD: PLIST,v 1.11.4.1 2005/05/14 05:49:55 snj Exp $
include/libexif/_stdint.h
include/libexif/exif-byte-order.h
include/libexif/exif-content.h
@@ -10,12 +10,11 @@
include/libexif/exif-log.h
include/libexif/exif-mem.h
include/libexif/exif-mnote-data.h
-include/libexif/exif-result.h
include/libexif/exif-tag.h
include/libexif/exif-utils.h
lib/libexif.la
lib/pkgconfig/libexif.pc
-${PKGLOCALEDIR}/locale/de/LC_MESSAGES/libexif.mo
-${PKGLOCALEDIR}/locale/es/LC_MESSAGES/libexif.mo
-${PKGLOCALEDIR}/locale/fr/LC_MESSAGES/libexif.mo
+${PKGLOCALEDIR}/locale/de/LC_MESSAGES/libexif-12.mo
+${PKGLOCALEDIR}/locale/es/LC_MESSAGES/libexif-12.mo
+${PKGLOCALEDIR}/locale/fr/LC_MESSAGES/libexif-12.mo
@dirrm include/libexif
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/buildlink3.mk
--- a/graphics/libexif/buildlink3.mk Fri May 13 10:23:48 2005 +0000
+++ b/graphics/libexif/buildlink3.mk Sat May 14 05:49:55 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2005/03/10 22:21:56 salo Exp $
+# $NetBSD: buildlink3.mk,v 1.6.2.1 2005/05/14 05:49:55 snj Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
LIBEXIF_BUILDLINK3_MK:= ${LIBEXIF_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
.if !empty(LIBEXIF_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.libexif+= libexif>=0.6.11
-BUILDLINK_RECOMMENDED.libexif+= libexif>=0.6.11nb1
+BUILDLINK_RECOMMENDED.libexif+= libexif>=0.6.12nb1
BUILDLINK_PKGSRCDIR.libexif?= ../../graphics/libexif
.endif # LIBEXIF_BUILDLINK3_MK
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/distinfo
--- a/graphics/libexif/distinfo Fri May 13 10:23:48 2005 +0000
+++ b/graphics/libexif/distinfo Sat May 14 05:49:55 2005 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.12 2005/03/10 19:22:22 adam Exp $
+$NetBSD: distinfo,v 1.12.2.1 2005/05/14 05:49:55 snj Exp $
-SHA1 (libexif-0.6.11.tar.gz) = f522e097edfccac420c7779209aafeebbf09aa7c
-RMD160 (libexif-0.6.11.tar.gz) = 306637ba3ce8b8a0c095ef5da5792d178bda37fb
-Size (libexif-0.6.11.tar.gz) = 546277 bytes
-SHA1 (patch-aa) = bcbdc84fc26c64ecac62699ab11bf55afe6b65c7
-SHA1 (patch-ab) = d778a593bc70a4c3a1413a4bfa508e98fdf2f71a
+SHA1 (libexif-0.6.12.tar.bz2) = 5d2c5976521e179d41ff8908b678b14f2e8e690b
+RMD160 (libexif-0.6.12.tar.bz2) = 24cfdb7663f0566f2907987e5dbc472c21b583d9
+Size (libexif-0.6.12.tar.bz2) = 378650 bytes
+SHA1 (patch-aa) = e32ab9cad1720f0b4d6178240e78193a97c4c876
+SHA1 (patch-ab) = 973ca09fc059d74e3221bba12e6e8f4630db20bb
+SHA1 (patch-ac) = 5c61cb1135b7254f0cd01127929a1bdea1de1053
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/patches/patch-aa
--- a/graphics/libexif/patches/patch-aa Fri May 13 10:23:48 2005 +0000
+++ b/graphics/libexif/patches/patch-aa Sat May 14 05:49:55 2005 +0000
@@ -1,21 +1,12 @@
-$NetBSD: patch-aa,v 1.1 2004/10/27 19:30:23 drochner Exp $
+$NetBSD: patch-aa,v 1.1.4.1 2005/05/14 05:49:56 snj Exp $
---- configure.orig 2004-10-27 15:07:12.000000000 +0200
-+++ configure
-@@ -25641,7 +25641,7 @@ if test "x$GCC" = "xyes"; then
-
- fi
+--- libexif/exif-utils.h.orig 2005-03-12 20:27:13.000000000 -0600
++++ libexif/exif-utils.h
+@@ -45,7 +45,6 @@ typedef struct {ExifSLong numerator; Exi
-- ac_config_files="$ac_config_files Makefile libexif.spec libexif/Makefile libexif/canon/Makefile
libexif/olympus/Makefile libexif/pentax/Makefile libjpeg/Makefile test/Makefile m4/Makefile libexif/libexif.pc"
-+ ac_config_files="$ac_config_files Makefile libexif.spec libexif/Makefile libexif/canon/Makefile
libexif/olympus/Makefile libexif/pentax/Makefile libjpeg/Makefile po/Makefile.in test/Makefile m4/Makefile libexif/libexif.pc"
- cat >confcache <<\_ACEOF
- # This file is a shell script that caches the results of configure
- # tests run on this system so they can be shared between configure
-@@ -26219,6 +26219,7 @@ do
- "libexif/olympus/Makefile" ) CONFIG_FILES="$CONFIG_FILES libexif/olympus/Makefile" ;;
- "libexif/pentax/Makefile" ) CONFIG_FILES="$CONFIG_FILES libexif/pentax/Makefile" ;;
- "libjpeg/Makefile" ) CONFIG_FILES="$CONFIG_FILES libjpeg/Makefile" ;;
-+ "po/Makefile.in" ) CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;;
- "test/Makefile" ) CONFIG_FILES="$CONFIG_FILES test/Makefile" ;;
- "m4/Makefile" ) CONFIG_FILES="$CONFIG_FILES m4/Makefile" ;;
- "libexif/libexif.pc" ) CONFIG_FILES="$CONFIG_FILES libexif/libexif.pc" ;;
+
+ ExifShort exif_get_short (const unsigned char *b, ExifByteOrder order);
+-ExifSShort exif_get_sshort (const unsigned char *b, ExifByteOrder order);
+ ExifLong exif_get_long (const unsigned char *b, ExifByteOrder order);
+ ExifSLong exif_get_slong (const unsigned char *b, ExifByteOrder order);
+ ExifRational exif_get_rational (const unsigned char *b, ExifByteOrder order);
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/patches/patch-ab
--- a/graphics/libexif/patches/patch-ab Fri May 13 10:23:48 2005 +0000
+++ b/graphics/libexif/patches/patch-ab Sat May 14 05:49:55 2005 +0000
@@ -1,32 +1,14 @@
-$NetBSD: patch-ab,v 1.1 2005/03/10 19:22:22 adam Exp $
+$NetBSD: patch-ab,v 1.1.4.1 2005/05/14 05:49:56 snj Exp $
---- libexif/exif-data.c.orig Tue Oct 5 21:10:04 2004
-+++ libexif/exif-data.c
-@@ -628,7 +628,7 @@ exif_data_load_data (ExifData *data, con
- "Found EXIF header.");
+--- libexif/exif-utils.c.orig 2005-03-12 20:27:13.000000000 -0600
++++ libexif/exif-utils.c
+@@ -22,6 +22,9 @@
- /* Byte order (offset 6, length 2) */
-- if (ds < 12)
-+ if (ds < 14)
- return;
- if (!memcmp (d + 6, "II", 2))
- data->priv->order = EXIF_BYTE_ORDER_INTEL;
-@@ -646,12 +646,18 @@ exif_data_load_data (ExifData *data, con
- exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
- "IFD 0 at %i.", (int) offset);
+ #include <libexif/exif-utils.h>
-+ if (ds < 6 + 4 + offset)
-+ return;
++static ExifSShort
++exif_get_sshort (const unsigned char *buf, ExifByteOrder order);
+
- /* Parse the actual exif data (offset 14) */
- exif_data_load_data_content (data, data->ifd[EXIF_IFD_0], d + 6,
- ds - 6, offset);
-
- /* IFD 1 offset */
- n = exif_get_short (d + 6 + offset, data->priv->order);
-+ if (ds < 6 + offset + 2 + 12 * n + 4)
-+ return;
-+
- offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
- if (offset) {
- exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+ void
+ exif_array_set_byte_order (ExifFormat f, unsigned char *b, unsigned int n,
+ ExifByteOrder o_orig, ExifByteOrder o_new)
diff -r 0df1ecc00cc4 -r becd54630c98 graphics/libexif/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/libexif/patches/patch-ac Sat May 14 05:49:55 2005 +0000
@@ -0,0 +1,71 @@
+$NetBSD: patch-ac,v 1.1.2.2 2005/05/14 05:49:56 snj Exp $
+
+--- libexif/exif-data.c.orig 2005-03-13 03:27:13.000000000 +0100
++++ libexif/exif-data.c 2005-05-13 13:48:13.000000000 +0200
+@@ -284,9 +284,10 @@
+ }
+
+ static void
+-exif_data_load_data_content (ExifData *data, ExifContent *ifd,
++exif_data_load_data_content_recurse (ExifData *data, ExifContent *ifd,
+ const unsigned char *d,
+- unsigned int ds, unsigned int offset)
++ unsigned int ds, unsigned int offset,
++ unsigned int level)
+ {
+ ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
+ ExifShort n;
+@@ -296,6 +297,13 @@
+
+ if (!data || !data->priv) return;
+
++ if (level > 150)
++ {
++ exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
++ "Deep recursion in exif_data_load_data_content");
++ return 0;
++ }
++
+ /* Read the number of entries */
+ if (offset >= ds - 1) return;
+ n = exif_get_short (d + offset, data->priv->order);
+@@ -320,18 +328,18 @@
+ switch (tag) {
+ case EXIF_TAG_EXIF_IFD_POINTER:
+ CHECK_REC (EXIF_IFD_EXIF);
+- exif_data_load_data_content (data,
+- data->ifd[EXIF_IFD_EXIF], d, ds, o);
++ exif_data_load_data_content_recurse (data,
++ data->ifd[EXIF_IFD_EXIF], d, ds, o, level + 1);
+ break;
+ case EXIF_TAG_GPS_INFO_IFD_POINTER:
+ CHECK_REC (EXIF_IFD_GPS);
+- exif_data_load_data_content (data,
+- data->ifd[EXIF_IFD_GPS], d, ds, o);
++ exif_data_load_data_content_recurse (data,
++ data->ifd[EXIF_IFD_GPS], d, ds, o, level + 1);
+ break;
+ case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
+ CHECK_REC (EXIF_IFD_INTEROPERABILITY);
+- exif_data_load_data_content (data,
+- data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o);
++ exif_data_load_data_content_recurse (data,
++ data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o, level + 1);
+ break;
+ case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
+ thumbnail_offset = o;
+@@ -373,6 +381,14 @@
+ }
+
+ static void
++exif_data_load_data_content (ExifData *data, ExifContent *ifd,
++ const unsigned char *d,
++ unsigned int ds, unsigned int offset)
++{
++ exif_data_load_data_content_recurse (data, ifd, d, ds, offset, 0);
++}
++
++static void
+ exif_data_save_data_content (ExifData *data, ExifContent *ifd,
+ unsigned char **d, unsigned int *ds,
+ unsigned int offset)
Home |
Main Index |
Thread Index |
Old Index