aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-05-19 01:35:19 -0300
committerNatanael Copa <ncopa@alpinelinux.org>2020-05-19 13:47:35 +0200
commit5dea23e076ed7123339473f529d74d8a9362e7c6 (patch)
tree16a27eb2a3c3f0cf28dd388acd1f866a5f9d0d72
parente508207db3c7bb2463c4049826b10f0e08b56e6e (diff)
downloadaports-5dea23e076ed7123339473f529d74d8a9362e7c6.tar.gz
aports-5dea23e076ed7123339473f529d74d8a9362e7c6.tar.bz2
aports-5dea23e076ed7123339473f529d74d8a9362e7c6.tar.xz
main/libexif: security upgrade to 0.6.22
fixes #11539
-rw-r--r--main/libexif/APKBUILD44
-rw-r--r--main/libexif/CVE-2017-7544.patch20
2 files changed, 29 insertions, 35 deletions
diff --git a/main/libexif/APKBUILD b/main/libexif/APKBUILD
index 7dc54974c8..22a32de8c3 100644
--- a/main/libexif/APKBUILD
+++ b/main/libexif/APKBUILD
@@ -1,30 +1,47 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libexif
-pkgver=0.6.21
-pkgrel=3
+pkgver=0.6.22
+pkgrel=0
pkgdesc="A library to parse an EXIF file and read the data from those tags"
url="https://sourceforge.net/projects/libexif"
arch="all"
-license="LGPL-2.0+"
+license="LGPL-2.0-or-later"
subpackages="$pkgname-dev $pkgname-doc"
-depends=
-makedepends=
-source="http://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2
- CVE-2017-7544.patch
- "
+source="https://github.com/libexif/libexif/releases/download/libexif-${pkgver//./_}-release/libexif-$pkgver.tar.xz"
# secfixes:
+# 0.6.22-r0:
+# - CVE-2018-20030
+# - CVE-2020-13114
+# - CVE-2020-13113
+# - CVE-2020-13112
+# - CVE-2020-0093
+# - CVE-2019-9278
+# - CVE-2020-12767
+# - CVE-2016-6328
# 0.6.21-r3:
# - CVE-2017-7544
+# 0.6.21-r0:
+# - CVE-2012-2812
+# - CVE-2012-2813
+# - CVE-2012-2814
+# - CVE-2012-2836
+# - CVE-2012-2837
+# - CVE-2012-2840
+# - CVE-2012-2841
+# - CVE-2012-2845
+# 0.6.19-r0:
+# - CVE-2009-3895
prepare() {
- cd "$builddir"
- update_config_sub
default_prepare
+
+ # The tarballs upstream provides uses /usr/bin/sh instead of /bin/sh
+ # most likely as a result of a poor usrmerge
+ grep -l '^#!/usr/bin/sh' -r . | xargs sed -i 's|^#!/usr/bin/sh|#!/bin/sh|g'
}
build() {
- cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -33,13 +50,10 @@ build() {
}
check() {
- cd "$builddir"
make check
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
}
-sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2
-5475c9e0f4a05448a571077d24d545cfaa0a7b15978345e92440107770077158b994fc0c785a81bb95ad6b409929c4c516c6e002cd65c9d35eb0e91161750e48 CVE-2017-7544.patch"
+sha512sums="0a9e7bf0258ed98a794b667d45e8fc65299101a2a2d2e39c358715b20b003beff258782f0736cd5b53978428a2f878a989f303bee249a978850a065f33c534af libexif-0.6.22.tar.xz"
diff --git a/main/libexif/CVE-2017-7544.patch b/main/libexif/CVE-2017-7544.patch
deleted file mode 100644
index b8825e1385..0000000000
--- a/main/libexif/CVE-2017-7544.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Index: libexif/exif-data.c
-===================================================================
-RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
-retrieving revision 1.131
-diff -u -r1.131 exif-data.c
---- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131
-+++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000
-@@ -255,6 +255,12 @@
- exif_mnote_data_set_offset (data->priv->md, *ds - 6);
- exif_mnote_data_save (data->priv->md, &e->data, &e->size);
- e->components = e->size;
-+ if (exif_format_get_size (e->format) != 1) {
-+ /* e->format is taken from input code,
-+ * but we need to make sure it is a 1 byte
-+ * entity due to the multiplication below. */
-+ e->format = EXIF_FORMAT_UNDEFINED;
-+ }
- }
- }
-