aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2018-10-08 13:45:08 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2018-10-08 13:49:38 +0000
commitcbc4ecf8e7c6c9368d52cb2080d2fed92b853ea3 (patch)
treee2389d3c49c76fa9ff53a434893a749e8ed8ef16
parente043f4360d1a4acefce7229bd7836a3db968e86c (diff)
downloadaports-cbc4ecf8e7c6c9368d52cb2080d2fed92b853ea3.tar.gz
aports-cbc4ecf8e7c6c9368d52cb2080d2fed92b853ea3.tar.bz2
aports-cbc4ecf8e7c6c9368d52cb2080d2fed92b853ea3.tar.xz
main/libexif: security fix (CVE-2017-7544)
Fixes #9523
-rw-r--r--main/libexif/APKBUILD14
-rw-r--r--main/libexif/CVE-2017-7544.patch20
2 files changed, 31 insertions, 3 deletions
diff --git a/main/libexif/APKBUILD b/main/libexif/APKBUILD
index ff0e637812..20f5c952ee 100644
--- a/main/libexif/APKBUILD
+++ b/main/libexif/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libexif
pkgver=0.6.21
-pkgrel=1
+pkgrel=2
pkgdesc="A library to parse an EXIF file and read the data from those tags"
url="https://sourceforge.net/projects/libexif"
arch="all"
@@ -9,12 +9,19 @@ license="LGPL"
subpackages="$pkgname-dev $pkgname-doc"
depends=
makedepends=
-source="http://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2"
+source="http://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2
+ CVE-2017-7544.patch
+ "
+
+# secfixes
+# 0.6.21-r2:
+# - CVE-2017-7544
_builddir="$srcdir/$pkgname-$pkgver"
prepare() {
cd "$_builddir"
+ default_prepare
update_config_sub || return 1
}
@@ -32,4 +39,5 @@ package() {
cd "$_builddir"
make DESTDIR="$pkgdir" install || return 1
}
-sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2"
+sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2
+5475c9e0f4a05448a571077d24d545cfaa0a7b15978345e92440107770077158b994fc0c785a81bb95ad6b409929c4c516c6e002cd65c9d35eb0e91161750e48 CVE-2017-7544.patch"
diff --git a/main/libexif/CVE-2017-7544.patch b/main/libexif/CVE-2017-7544.patch
new file mode 100644
index 0000000000..b8825e1385
--- /dev/null
+++ b/main/libexif/CVE-2017-7544.patch
@@ -0,0 +1,20 @@
+Index: libexif/exif-data.c
+===================================================================
+RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
+retrieving revision 1.131
+diff -u -r1.131 exif-data.c
+--- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131
++++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000
+@@ -255,6 +255,12 @@
+ exif_mnote_data_set_offset (data->priv->md, *ds - 6);
+ exif_mnote_data_save (data->priv->md, &e->data, &e->size);
+ e->components = e->size;
++ if (exif_format_get_size (e->format) != 1) {
++ /* e->format is taken from input code,
++ * but we need to make sure it is a 1 byte
++ * entity due to the multiplication below. */
++ e->format = EXIF_FORMAT_UNDEFINED;
++ }
+ }
+ }
+