ports/79158: [patch] [security] graphics/libexif update to 0.6.12

Wed Mar 23 10:10:03 UTC 2005

>Number:         79158
>Category:       ports
>Synopsis:       [patch] [security] graphics/libexif update to 0.6.12
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 23 10:10:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Oliver Fromme
>Release:        FreeBSD 4.11-RELEASE i386
>Organization:
secnetix GmbH & Co. KG, FreeBSD support
>Environment:

>Description:

    This patch updates the graphics/libexif port from 0.6.10
    to 0.6.12.  The version currently in the ports contains
    remotely exploitable buffer overflows, as reported by
    portaudit (see URL below).  The problems are supposed to
    be fixed in version 0.6.12.

    For this PR, I chose to select severity "serious" and
    priority "medium" (instead of "low") because libexif is
    a default dependency of GIMP, gphoto and several other
    ports, so a significant number of users might be affected.

    By the way, I tried to contact the maintainer of the port
    but did not get a reply so far.

>How-To-Repeat:

    URL from portaudit:
    http://www.FreeBSD.org/ports/portaudit/624fe633-9006-11d9-a22c-0001020eed82.html

>Fix:

    Remove the "files" directory (it contains a patch for
    configure which is obsolete) and apply the following
    patch.  It modifies Makefile, distinfo and pkg-plist.
    The pkg-descr file is not changed.

    The complete new port can also be found here:
    http://www.secnetix.de/~olli/libexif-0.6.12/

diff -ru libexif.orig/Makefile libexif/Makefile

--- libexif.orig/Makefile	Tue Oct 12 12:03:30 2004
+++ libexif/Makefile	Mon Mar 21 10:38:37 2005
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	libexif
-PORTVERSION=	0.6.10
+PORTVERSION=	0.6.12
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
diff -ru libexif.orig/distinfo libexif/distinfo
--- libexif.orig/distinfo	Tue Oct 12 12:03:30 2004
+++ libexif/distinfo	Mon Mar 21 10:43:28 2005
@@ -1,2 +1,2 @@
-MD5 (libexif-0.6.10.tar.gz) = f8a7cf1f083628b78a07dca17cbc6b8b
-SIZE (libexif-0.6.10.tar.gz) = 516861
+MD5 (libexif-0.6.12.tar.gz) = 69501aaf0862a79aaeeb73e81e8c1306
+SIZE (libexif-0.6.12.tar.gz) = 537829
Only in libexif.orig: files
diff -ru libexif.orig/pkg-plist libexif/pkg-plist
--- libexif.orig/pkg-plist	Tue Oct 12 12:03:30 2004
+++ libexif/pkg-plist	Mon Mar 21 11:16:48 2005
@@ -7,15 +7,15 @@
 include/libexif/exif-ifd.h
 include/libexif/exif-loader.h
 include/libexif/exif-log.h
+include/libexif/exif-mem.h
 include/libexif/exif-mnote-data.h
-include/libexif/exif-result.h
 include/libexif/exif-tag.h
 include/libexif/exif-utils.h
 lib/libexif.a
+lib/libexif.la
 lib/libexif.so
-lib/libexif.so.10
+lib/libexif.so.12
 libdata/pkgconfig/libexif.pc
-%%NLS%%share/locale/de/LC_MESSAGES/libexif.mo
-%%NLS%%share/locale/es/LC_MESSAGES/libexif.mo
-%%NLS%%share/locale/fr/LC_MESSAGES/libexif.mo
- at dirrm include/libexif
+%%NLS%%share/locale/de/LC_MESSAGES/libexif-12.mo
+%%NLS%%share/locale/es/LC_MESSAGES/libexif-12.mo
+%%NLS%%share/locale/fr/LC_MESSAGES/libexif-12.mo
>Release-Note:
>Audit-Trail:
>Unformatted:

