commit: bd33507695886a6e0936f556cf6ec9de7595e7f9 Author: Federico Denkena <federico.denkena <AT> posteo <DOT> de> AuthorDate: Thu Jul 7 20:36:01 2022 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Fri Jul 8 22:14:34 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd335076
media-gfx/exif: Security fix for CVE-2021-27815 This commit adds two patches from upstream and bumps the revision. Bug: https://bugs.gentoo.org/783522 Signed-off-by: Federico Denkena <federico.denkena <AT> posteo.de> Signed-off-by: Sam James <sam <AT> gentoo.org> media-gfx/exif/exif-0.6.22-r1.ebuild | 31 +++++++++++++++++ .../files/exif-0.6.22-empty-string-check.patch | 40 ++++++++++++++++++++++ 2 files changed, 71 insertions(+) diff --git a/media-gfx/exif/exif-0.6.22-r1.ebuild b/media-gfx/exif/exif-0.6.22-r1.ebuild new file mode 100644 index 000000000000..fd7f812a2eb9 --- /dev/null +++ b/media-gfx/exif/exif-0.6.22-r1.ebuild @@ -0,0 +1,31 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="Small CLI util to show EXIF infos hidden in JPEG files" +HOMEPAGE="https://libexif.github.io/ https://github.com/libexif/exif"; +SRC_URI="https://github.com/lib${PN}/${PN}/releases/download/${PN}-${PV//./_}-release/${P}.tar.gz"; + +LICENSE="LGPL-2+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos" +IUSE="nls" + +BDEPEND=" + virtual/pkgconfig + nls? ( sys-devel/gettext ) +" +DEPEND=" + dev-libs/popt + >=media-libs/libexif-${PV} +" +RDEPEND="${DEPEND}" + +PATCHES=( + "${FILESDIR}"/${P}-empty-string-check.patch +) + +src_configure() { + econf $(use_enable nls) +} diff --git a/media-gfx/exif/files/exif-0.6.22-empty-string-check.patch b/media-gfx/exif/files/exif-0.6.22-empty-string-check.patch new file mode 100644 index 000000000000..377e905940b5 --- /dev/null +++ b/media-gfx/exif/files/exif-0.6.22-empty-string-check.patch @@ -0,0 +1,40 @@ +https://bugs.gentoo.org/783522 + +Source: https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c.patch +From: Marcus Meissner <mar...@jet.franken.de> +Date: Thu, 25 Feb 2021 08:31:53 +0100 +Subject: [PATCH] added empty strign check, which would lead to NULL ptr + deref/crash in exif XML display. fixes + https://github.com/libexif/exif/issues/4 + +--- a/exif/actions.c ++++ b/exif/actions.c +@@ -661,6 +661,8 @@ escape_xml(const char *text) + char *out; + size_t len; + ++ if (!strlen(text)) return "empty string"; ++ + for (out=escaped, len=0; *text; ++len, ++out, ++text) { + /* Make sure there's plenty of room for a quoted character */ + if ((len + 8) > escaped_size) { + +Source: https://github.com/libexif/exif/commit/eb84b0e3c5f2a86013b6fcfb800d187896a648fa.patch +From: Marcus Meissner <mar...@jet.franken.de> +Date: Thu, 25 Feb 2021 09:45:36 +0100 +Subject: [PATCH] actually return empty stringand not 'em,pty string' as + expected + +--- a/exif/actions.c ++++ b/exif/actions.c +@@ -661,7 +661,7 @@ escape_xml(const char *text) + char *out; + size_t len; + +- if (!strlen(text)) return "empty string"; ++ if (!strlen(text)) return ""; + + for (out=escaped, len=0; *text; ++len, ++out, ++text) { + /* Make sure there's plenty of room for a quoted character */ + +
