[Frugalware-darcs] frugalware-0.6: libexif-0.6.13-2terminus2-i686

voroskoi voroskoi at frugalware.org
Sat Jun 30 15:09:44 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070630130839-dd049-6054a26c42f5a642d9050de7f49f47fcb347f339.gz;

[libexif-0.6.13-2terminus2-i686
voroskoi <voroskoi at frugalware.org>**20070630130839
 secfix bump, closes #2219
] {
addfile ./source/lib/libexif/CVE-2006-4168_CVE-2007-2645.diff
hunk ./source/lib/libexif/CVE-2006-4168_CVE-2007-2645.diff 1
+--- libexif-0.6.13.orig/libexif/exif-data.c
++++ libexif-0.6.13/libexif/exif-data.c
+@@ -170,19 +170,27 @@
+ 		  "Loading entry 0x%x ('%s')...", entry->tag,
+ 		  exif_tag_get_name (entry->tag));
+ 
++       /* {0,1,2,4,8} x { 0x00000000 .. 0xffffffff }                           
++        *   -> { 0x000000000 .. 0x7fffffff8 } */                               
++       s = exif_format_get_size(entry->format) * entry->components;            
++       if (s < entry->components) {                                            
++               return 0;                                                       
++       }                                                                       
++       if (0 == s)                                                             
++               return 0;           
++
+ 	/*
+ 	 * Size? If bigger than 4 bytes, the actual data is not
+ 	 * in the entry but somewhere else (offset).
+ 	 */
+-	s = exif_format_get_size (entry->format) * entry->components;
+-	if (!s)
+-		return;
+ 	if (s > 4)
+ 		doff = exif_get_long (d + offset + 8, data->priv->order);
+ 	else
+ 		doff = offset + 8;
+ 
+-	/* Sanity check */
++	/* Sanity checks */
++	if ((doff + s < doff) || (doff + s < s))
++		return 0;
+ 	if (size < doff + s)
+ 		return;
+ 
hunk ./source/lib/libexif/FrugalBuild 7
-pkgrel=2terminus1
+pkgrel=2terminus2
hunk ./source/lib/libexif/FrugalBuild 17
-source=(${source[@]} SA25235.diff)
-sha1sums=('9b3a222586f9efc3d591ed83db16f85bba5dc362'\
-          '59e2a1686190e06b9a568b83c96a8fece4f76a14')
+source=(${source[@]} CVE-2006-4168_CVE-2007-2645.diff)
+sha1sums=('9b3a222586f9efc3d591ed83db16f85bba5dc362' \
+          '7f867097b3ced09f48451efbc02534f9f5c69178')
hunk ./source/lib/libexif/SA25235.diff 1
---- libexif/exif-data.c	2007/05/09 06:09:05	1.89
-+++ libexif/exif-data.c	2007/05/10 14:32:01	1.90
-@@ -179,7 +179,9 @@
- 	else
- 		doff = offset + 8;
- 
--	/* Sanity check */
-+	/* Sanity checks */
-+	if ((doff + s < doff) || (doff + s < s))
-+		return 0;
- 	if (size < doff + s)
- 		return 0;
- 
rmfile ./source/lib/libexif/SA25235.diff
}


More information about the Frugalware-darcs mailing list