diff options
| author |   Federico Denkena <federico.denkena@posteo.de> | 2022-07-07 22:36:01 +0200 |
|---|---|---|
| committer |   Sam James <sam@gentoo.org> | 2022-07-08 23:14:34 +0100 |
| commit | bd33507695886a6e0936f556cf6ec9de7595e7f9 (patch) | |
| tree | b74df52731e0185b7757b3beaaf97465acc17ed7 /media-gfx | |
| parent | media-sound/pulseaudio: Bump metapackage to 16.1, drop default USE daemon (diff) | |
| download | gentoo-bd33507695886a6e0936f556cf6ec9de7595e7f9.tar.gz gentoo-bd33507695886a6e0936f556cf6ec9de7595e7f9.tar.bz2 gentoo-bd33507695886a6e0936f556cf6ec9de7595e7f9.zip | |
media-gfx/exif: Security fix for CVE-2021-27815
This commit adds two patches from upstream and bumps the revision.
Bug: https://bugs.gentoo.org/783522
Signed-off-by: Federico Denkena <federico.denkena@posteo.de>
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'media-gfx')
| -rw-r--r-- | media-gfx/exif/exif-0.6.22-r1.ebuild | 31 | ||||
| -rw-r--r-- | media-gfx/exif/files/exif-0.6.22-empty-string-check.patch | 40 |
2 files changed, 71 insertions, 0 deletions
diff --git a/media-gfx/exif/exif-0.6.22-r1.ebuild b/media-gfx/exif/exif-0.6.22-r1.ebuild new file mode 100644 index 000000000000..fd7f812a2eb9 --- /dev/null +++ b/media-gfx/exif/exif-0.6.22-r1.ebuild @@ -0,0 +1,31 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="Small CLI util to show EXIF infos hidden in JPEG files" +HOMEPAGE="https://libexif.github.io/ https://github.com/libexif/exif" +SRC_URI="https://github.com/lib${PN}/${PN}/releases/download/${PN}-${PV//./_}-release/${P}.tar.gz" + +LICENSE="LGPL-2+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos" +IUSE="nls" + +BDEPEND=" + virtual/pkgconfig + nls? ( sys-devel/gettext ) +" +DEPEND=" + dev-libs/popt + >=media-libs/libexif-${PV} +" +RDEPEND="${DEPEND}" + +PATCHES=( + "${FILESDIR}"/${P}-empty-string-check.patch +) + +src_configure() { + econf $(use_enable nls) +} diff --git a/media-gfx/exif/files/exif-0.6.22-empty-string-check.patch b/media-gfx/exif/files/exif-0.6.22-empty-string-check.patch new file mode 100644 index 000000000000..377e905940b5 --- /dev/null +++ b/media-gfx/exif/files/exif-0.6.22-empty-string-check.patch @@ -0,0 +1,40 @@ +https://bugs.gentoo.org/783522 + +Source: https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c.patch +From: Marcus Meissner <marcus@jet.franken.de> +Date: Thu, 25 Feb 2021 08:31:53 +0100 +Subject: [PATCH] added empty strign check, which would lead to NULL ptr + deref/crash in exif XML display. fixes + https://github.com/libexif/exif/issues/4 + +--- a/exif/actions.c ++++ b/exif/actions.c +@@ -661,6 +661,8 @@ escape_xml(const char *text) + char *out; + size_t len; + ++ if (!strlen(text)) return "empty string"; ++ + for (out=escaped, len=0; *text; ++len, ++out, ++text) { + /* Make sure there's plenty of room for a quoted character */ + if ((len + 8) > escaped_size) { + +Source: https://github.com/libexif/exif/commit/eb84b0e3c5f2a86013b6fcfb800d187896a648fa.patch +From: Marcus Meissner <marcus@jet.franken.de> +Date: Thu, 25 Feb 2021 09:45:36 +0100 +Subject: [PATCH] actually return empty stringand not 'em,pty string' as + expected + +--- a/exif/actions.c ++++ b/exif/actions.c +@@ -661,7 +661,7 @@ escape_xml(const char *text) + char *out; + size_t len; + +- if (!strlen(text)) return "empty string"; ++ if (!strlen(text)) return ""; + + for (out=escaped, len=0; *text; ++len, ++out, ++text) { + /* Make sure there's plenty of room for a quoted character */ + + |