Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
aports
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
636
Issues
636
List
Boards
Labels
Service Desk
Milestones
Merge Requests
193
Merge Requests
193
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alpine
aports
Commits
9d349419
Commit
9d349419
authored
Oct 08, 2018
by
Leonardo Arena
1
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
main/libexif: security fix (CVE-2017-7544)
Fixes
#9521
parent
f673b89c
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
30 additions
and
3 deletions
+30
-3
main/libexif/APKBUILD
main/libexif/APKBUILD
+10
-3
main/libexif/CVE-2017-7544.patch
main/libexif/CVE-2017-7544.patch
+20
-0
No files found.
main/libexif/APKBUILD
View file @
9d349419
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
libexif
pkgver
=
0.6.21
pkgrel
=
2
pkgrel
=
3
pkgdesc
=
"A library to parse an EXIF file and read the data from those tags"
url
=
"https://sourceforge.net/projects/libexif"
arch
=
"all"
...
...
@@ -9,7 +9,13 @@ license="LGPL-2.0+"
subpackages
=
"
$pkgname
-dev
$pkgname
-doc"
depends
=
makedepends
=
source
=
"https://downloads.sf.net/sourceforge/
$pkgname
/
$pkgname
-
$pkgver
.tar.bz2"
source
=
"https://downloads.sf.net/sourceforge/
$pkgname
/
$pkgname
-
$pkgver
.tar.bz2
CVE-2017-7544.patch
"
# secfixes
# 0.6.21-r3:
# - CVE-2017-7544
prepare
()
{
cd
"
$builddir
"
...
...
@@ -35,4 +41,5 @@ package() {
cd
"
$builddir
"
make
DESTDIR
=
"
$pkgdir
"
install
}
sha512sums
=
"4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2"
sha512sums
=
"4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2
5475c9e0f4a05448a571077d24d545cfaa0a7b15978345e92440107770077158b994fc0c785a81bb95ad6b409929c4c516c6e002cd65c9d35eb0e91161750e48 CVE-2017-7544.patch"
main/libexif/CVE-2017-7544.patch
0 → 100644
View file @
9d349419
Index: libexif/exif-data.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
retrieving revision 1.131
diff -u -r1.131 exif-data.c
--- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131
+++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000
@@ -255,6 +255,12 @@
exif_mnote_data_set_offset (data->priv->md, *ds - 6);
exif_mnote_data_save (data->priv->md, &e->data, &e->size);
e->components = e->size;
+ if (exif_format_get_size (e->format) != 1) {
+ /* e->format is taken from input code,
+ * but we need to make sure it is a 1 byte
+ * entity due to the multiplication below. */
+ e->format = EXIF_FORMAT_UNDEFINED;
+ }
}
}
algitbot
@root
mentioned in issue
#9521 (closed)
·
Jul 12, 2019
mentioned in issue
#9521 (closed)
mentioned in issue #9521
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
