From 8bd0b533b30d7ee5e03aee99a2eb96d5b0b1c836 Mon Sep 17 00:00:00 2001
From: Marius Bakke <marius@gnu.org>
Date: Mon, 25 May 2020 00:12:06 +0200
Subject: gnu: libexif: Update to 0.6.22 [security fixes].

This fixes CVE-2020-13114, CVE-2020-13113, CVE-2020-13112, CVE-2020-0093,
CVE-2019-9278, and CVE-2020-12767.

* gnu/packages/patches/libexif-CVE-2016-6328.patch,
gnu/packages/patches/libexif-CVE-2017-7544.patch,
gnu/packages/patches/libexif-CVE-2018-20030.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/photo.scm (libexif): Update to 0.6.22.
[source](uri): Adjust for upstream GitHub migration.
---
 gnu/packages/patches/libexif-CVE-2016-6328.patch | 72 ------------------------
 1 file changed, 72 deletions(-)
 delete mode 100644 gnu/packages/patches/libexif-CVE-2016-6328.patch

(limited to 'gnu/packages/patches/libexif-CVE-2016-6328.patch')

diff --git a/gnu/packages/patches/libexif-CVE-2016-6328.patch b/gnu/packages/patches/libexif-CVE-2016-6328.patch
deleted file mode 100644
index 67fee0f528..0000000000
--- a/gnu/packages/patches/libexif-CVE-2016-6328.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Fix CVE-2016-6328:
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1366239
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
-
-Patch copied from upstream source repository:
-
-https://github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d
-
-From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Tue, 25 Jul 2017 23:44:44 +0200
-Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
- makernote entries.
-
-This should fix:
-https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
----
- libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
-index d03d159..ea0429a 100644
---- a/libexif/pentax/mnote-pentax-entry.c
-+++ b/libexif/pentax/mnote-pentax-entry.c
-@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 		case EXIF_FORMAT_SHORT:
- 		  {
- 			const unsigned char *data = entry->data;
--		  	size_t k, len = strlen(val);
-+		  	size_t k, len = strlen(val), sizeleft;
-+
-+			sizeleft = entry->size;
- 		  	for(k=0; k<entry->components; k++) {
-+				if (sizeleft < 2)
-+					break;
- 				vs = exif_get_short (data, entry->order);
- 				snprintf (val+len, maxlen-len, "%i ", vs);
- 				len = strlen(val);
- 				data += 2;
-+				sizeleft -= 2;
- 			}
- 		  }
- 		  break;
- 		case EXIF_FORMAT_LONG:
- 		  {
- 			const unsigned char *data = entry->data;
--		  	size_t k, len = strlen(val);
-+		  	size_t k, len = strlen(val), sizeleft;
-+
-+			sizeleft = entry->size;
- 		  	for(k=0; k<entry->components; k++) {
-+				if (sizeleft < 4)
-+					break;
- 				vl = exif_get_long (data, entry->order);
- 				snprintf (val+len, maxlen-len, "%li", (long int) vl);
- 				len = strlen(val);
- 				data += 4;
-+				sizeleft -= 4;
- 			}
- 		  }
- 		  break;
-@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 		break;
- 	}
- 
--	return (val);
-+	return val;
- }
--- 
-2.16.0
-
-- 
cgit v1.2.3