diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-10-08 13:45:08 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-10-08 13:49:38 +0000 |
| commit | cbc4ecf8e7c6c9368d52cb2080d2fed92b853ea3 (patch) | |
| tree | e2389d3c49c76fa9ff53a434893a749e8ed8ef16 | |
| parent | e043f4360d1a4acefce7229bd7836a3db968e86c (diff) | |
main/libexif: security fix (CVE-2017-7544)
Fixes #9523
| -rw-r--r-- | main/libexif/APKBUILD | 14 | ||||
| -rw-r--r-- | main/libexif/CVE-2017-7544.patch | 20 |
2 files changed, 31 insertions, 3 deletions
diff --git a/main/libexif/APKBUILD b/main/libexif/APKBUILD index ff0e637812d..20f5c952eef 100644 --- a/main/libexif/APKBUILD +++ b/main/libexif/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libexif pkgver=0.6.21 -pkgrel=1 +pkgrel=2 pkgdesc="A library to parse an EXIF file and read the data from those tags" url="https://sourceforge.net/projects/libexif" arch="all" @@ -9,12 +9,19 @@ license="LGPL" subpackages="$pkgname-dev $pkgname-doc" depends= makedepends= -source="http://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2" +source="http://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2 + CVE-2017-7544.patch + " + +# secfixes +# 0.6.21-r2: +# - CVE-2017-7544 _builddir="$srcdir/$pkgname-$pkgver" prepare() { cd "$_builddir" + default_prepare update_config_sub || return 1 } @@ -32,4 +39,5 @@ package() { cd "$_builddir" make DESTDIR="$pkgdir" install || return 1 } -sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2" +sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2 +5475c9e0f4a05448a571077d24d545cfaa0a7b15978345e92440107770077158b994fc0c785a81bb95ad6b409929c4c516c6e002cd65c9d35eb0e91161750e48 CVE-2017-7544.patch" diff --git a/main/libexif/CVE-2017-7544.patch b/main/libexif/CVE-2017-7544.patch new file mode 100644 index 00000000000..b8825e1385c --- /dev/null +++ b/main/libexif/CVE-2017-7544.patch @@ -0,0 +1,20 @@ +Index: libexif/exif-data.c +=================================================================== +RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v +retrieving revision 1.131 +diff -u -r1.131 exif-data.c +--- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131 ++++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000 +@@ -255,6 +255,12 @@ + exif_mnote_data_set_offset (data->priv->md, *ds - 6); + exif_mnote_data_save (data->priv->md, &e->data, &e->size); + e->components = e->size; ++ if (exif_format_get_size (e->format) != 1) { ++ /* e->format is taken from input code, ++ * but we need to make sure it is a 1 byte ++ * entity due to the multiplication below. */ ++ e->format = EXIF_FORMAT_UNDEFINED; ++ } + } + } + |