Commit 9d349419 authored by Leonardo Arena's avatar Leonardo Arena

main/libexif: security fix (CVE-2017-7544)

Fixes #9521
parent f673b89c
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libexif
pkgver=0.6.21
pkgrel=2
pkgrel=3
pkgdesc="A library to parse an EXIF file and read the data from those tags"
url="https://sourceforge.net/projects/libexif"
arch="all"
......@@ -9,7 +9,13 @@ license="LGPL-2.0+"
subpackages="$pkgname-dev $pkgname-doc"
depends=
makedepends=
source="https://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2"
source="https://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2
CVE-2017-7544.patch
"
# secfixes
# 0.6.21-r3:
# - CVE-2017-7544
prepare() {
cd "$builddir"
......@@ -35,4 +41,5 @@ package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
}
sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2"
sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2
5475c9e0f4a05448a571077d24d545cfaa0a7b15978345e92440107770077158b994fc0c785a81bb95ad6b409929c4c516c6e002cd65c9d35eb0e91161750e48 CVE-2017-7544.patch"
Index: libexif/exif-data.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
retrieving revision 1.131
diff -u -r1.131 exif-data.c
--- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131
+++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000
@@ -255,6 +255,12 @@
exif_mnote_data_set_offset (data->priv->md, *ds - 6);
exif_mnote_data_save (data->priv->md, &e->data, &e->size);
e->components = e->size;
+ if (exif_format_get_size (e->format) != 1) {
+ /* e->format is taken from input code,
+ * but we need to make sure it is a 1 byte
+ * entity due to the multiplication below. */
+ e->format = EXIF_FORMAT_UNDEFINED;
+ }
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment