summary refs log tree commit diff
path: root/gnu/packages/patches/libexif-CVE-2016-6328.patch
diff options
context:
space:
mode:
authorMarius Bakke <marius@gnu.org>2020-05-25 00:12:06 +0200
committerMarius Bakke <mbakke@fastmail.com>2020-05-25 00:17:18 +0200
commit8bd0b533b30d7ee5e03aee99a2eb96d5b0b1c836 (patch)
treefdab66886f61669eea998da99f0b03553965015e /gnu/packages/patches/libexif-CVE-2016-6328.patch
parente451612602c5ae8bca1e56492bbfa7b2fe434cbd (diff)
downloadguix-8bd0b533b30d7ee5e03aee99a2eb96d5b0b1c836.tar.gz
gnu: libexif: Update to 0.6.22 [security fixes].
This fixes CVE-2020-13114, CVE-2020-13113, CVE-2020-13112, CVE-2020-0093,
CVE-2019-9278, and CVE-2020-12767.

* gnu/packages/patches/libexif-CVE-2016-6328.patch,
gnu/packages/patches/libexif-CVE-2017-7544.patch,
gnu/packages/patches/libexif-CVE-2018-20030.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/photo.scm (libexif): Update to 0.6.22.
[source](uri): Adjust for upstream GitHub migration.
Diffstat (limited to 'gnu/packages/patches/libexif-CVE-2016-6328.patch')
-rw-r--r--gnu/packages/patches/libexif-CVE-2016-6328.patch72
1 files changed, 0 insertions, 72 deletions
diff --git a/gnu/packages/patches/libexif-CVE-2016-6328.patch b/gnu/packages/patches/libexif-CVE-2016-6328.patch
deleted file mode 100644
index 67fee0f528..0000000000
--- a/gnu/packages/patches/libexif-CVE-2016-6328.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Fix CVE-2016-6328:
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1366239
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
-
-Patch copied from upstream source repository:
-
-https://github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d
-
-From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Tue, 25 Jul 2017 23:44:44 +0200
-Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
- makernote entries.
-
-This should fix:
-https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
----
- libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
-index d03d159..ea0429a 100644
---- a/libexif/pentax/mnote-pentax-entry.c
-+++ b/libexif/pentax/mnote-pentax-entry.c
-@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 		case EXIF_FORMAT_SHORT:
- 		  {
- 			const unsigned char *data = entry->data;
--		  	size_t k, len = strlen(val);
-+		  	size_t k, len = strlen(val), sizeleft;
-+
-+			sizeleft = entry->size;
- 		  	for(k=0; k<entry->components; k++) {
-+				if (sizeleft < 2)
-+					break;
- 				vs = exif_get_short (data, entry->order);
- 				snprintf (val+len, maxlen-len, "%i ", vs);
- 				len = strlen(val);
- 				data += 2;
-+				sizeleft -= 2;
- 			}
- 		  }
- 		  break;
- 		case EXIF_FORMAT_LONG:
- 		  {
- 			const unsigned char *data = entry->data;
--		  	size_t k, len = strlen(val);
-+		  	size_t k, len = strlen(val), sizeleft;
-+
-+			sizeleft = entry->size;
- 		  	for(k=0; k<entry->components; k++) {
-+				if (sizeleft < 4)
-+					break;
- 				vl = exif_get_long (data, entry->order);
- 				snprintf (val+len, maxlen-len, "%li", (long int) vl);
- 				len = strlen(val);
- 				data += 4;
-+				sizeleft -= 4;
- 			}
- 		  }
- 		  break;
-@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 		break;
- 	}
- 
--	return (val);
-+	return val;
- }
--- 
-2.16.0
-