diff options
| author | Marius Bakke <marius@gnu.org> | 2020-05-25 00:12:06 +0200 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2020-05-25 00:17:18 +0200 |
| commit | 8bd0b533b30d7ee5e03aee99a2eb96d5b0b1c836 (patch) | |
| tree | fdab66886f61669eea998da99f0b03553965015e /gnu/packages/patches/libexif-CVE-2016-6328.patch | |
| parent | e451612602c5ae8bca1e56492bbfa7b2fe434cbd (diff) | |
| download | patches-8bd0b533b30d7ee5e03aee99a2eb96d5b0b1c836.tar patches-8bd0b533b30d7ee5e03aee99a2eb96d5b0b1c836.tar.gz | |
gnu: libexif: Update to 0.6.22 [security fixes].base-for-series-4085
This fixes CVE-2020-13114, CVE-2020-13113, CVE-2020-13112, CVE-2020-0093,
CVE-2019-9278, and CVE-2020-12767.
* gnu/packages/patches/libexif-CVE-2016-6328.patch,
gnu/packages/patches/libexif-CVE-2017-7544.patch,
gnu/packages/patches/libexif-CVE-2018-20030.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/photo.scm (libexif): Update to 0.6.22.
[source](uri): Adjust for upstream GitHub migration.
Diffstat (limited to 'gnu/packages/patches/libexif-CVE-2016-6328.patch')
| -rw-r--r-- | gnu/packages/patches/libexif-CVE-2016-6328.patch | 72 |
1 files changed, 0 insertions, 72 deletions
diff --git a/gnu/packages/patches/libexif-CVE-2016-6328.patch b/gnu/packages/patches/libexif-CVE-2016-6328.patch deleted file mode 100644 index 67fee0f528..0000000000 --- a/gnu/packages/patches/libexif-CVE-2016-6328.patch +++ /dev/null @@ -1,72 +0,0 @@ -Fix CVE-2016-6328: - -https://bugzilla.redhat.com/show_bug.cgi?id=1366239 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328 - -Patch copied from upstream source repository: - -https://github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d - -From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 -From: Marcus Meissner <marcus@jet.franken.de> -Date: Tue, 25 Jul 2017 23:44:44 +0200 -Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax - makernote entries. - -This should fix: -https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 ---- - libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c -index d03d159..ea0429a 100644 ---- a/libexif/pentax/mnote-pentax-entry.c -+++ b/libexif/pentax/mnote-pentax-entry.c -@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - case EXIF_FORMAT_SHORT: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; k<entry->components; k++) { -+ if (sizeleft < 2) -+ break; - vs = exif_get_short (data, entry->order); - snprintf (val+len, maxlen-len, "%i ", vs); - len = strlen(val); - data += 2; -+ sizeleft -= 2; - } - } - break; - case EXIF_FORMAT_LONG: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; k<entry->components; k++) { -+ if (sizeleft < 4) -+ break; - vl = exif_get_long (data, entry->order); - snprintf (val+len, maxlen-len, "%li", (long int) vl); - len = strlen(val); - data += 4; -+ sizeleft -= 4; - } - } - break; -@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - break; - } - -- return (val); -+ return val; - } --- -2.16.0 - |