ports/79158: [patch] [security] graphics/libexif update to 0.6.12
Oliver Fromme
olli at secnetix.de
Wed Mar 23 10:10:03 UTC 2005
>Number: 79158
>Category: ports
>Synopsis: [patch] [security] graphics/libexif update to 0.6.12
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Mar 23 10:10:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Oliver Fromme
>Release: FreeBSD 4.11-RELEASE i386
>Organization:
secnetix GmbH & Co. KG, FreeBSD support
>Environment:
>Description:
This patch updates the graphics/libexif port from 0.6.10
to 0.6.12. The version currently in the ports contains
remotely exploitable buffer overflows, as reported by
portaudit (see URL below). The problems are supposed to
be fixed in version 0.6.12.
For this PR, I chose to select severity "serious" and
priority "medium" (instead of "low") because libexif is
a default dependency of GIMP, gphoto and several other
ports, so a significant number of users might be affected.
By the way, I tried to contact the maintainer of the port
but did not get a reply so far.
>How-To-Repeat:
URL from portaudit:
http://www.FreeBSD.org/ports/portaudit/624fe633-9006-11d9-a22c-0001020eed82.html
>Fix:
Remove the "files" directory (it contains a patch for
configure which is obsolete) and apply the following
patch. It modifies Makefile, distinfo and pkg-plist.
The pkg-descr file is not changed.
The complete new port can also be found here:
http://www.secnetix.de/~olli/libexif-0.6.12/
diff -ru libexif.orig/Makefile libexif/Makefile
--- libexif.orig/Makefile Tue Oct 12 12:03:30 2004
+++ libexif/Makefile Mon Mar 21 10:38:37 2005
@@ -6,7 +6,7 @@
#
PORTNAME= libexif
-PORTVERSION= 0.6.10
+PORTVERSION= 0.6.12
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
diff -ru libexif.orig/distinfo libexif/distinfo
--- libexif.orig/distinfo Tue Oct 12 12:03:30 2004
+++ libexif/distinfo Mon Mar 21 10:43:28 2005
@@ -1,2 +1,2 @@
-MD5 (libexif-0.6.10.tar.gz) = f8a7cf1f083628b78a07dca17cbc6b8b
-SIZE (libexif-0.6.10.tar.gz) = 516861
+MD5 (libexif-0.6.12.tar.gz) = 69501aaf0862a79aaeeb73e81e8c1306
+SIZE (libexif-0.6.12.tar.gz) = 537829
Only in libexif.orig: files
diff -ru libexif.orig/pkg-plist libexif/pkg-plist
--- libexif.orig/pkg-plist Tue Oct 12 12:03:30 2004
+++ libexif/pkg-plist Mon Mar 21 11:16:48 2005
@@ -7,15 +7,15 @@
include/libexif/exif-ifd.h
include/libexif/exif-loader.h
include/libexif/exif-log.h
+include/libexif/exif-mem.h
include/libexif/exif-mnote-data.h
-include/libexif/exif-result.h
include/libexif/exif-tag.h
include/libexif/exif-utils.h
lib/libexif.a
+lib/libexif.la
lib/libexif.so
-lib/libexif.so.10
+lib/libexif.so.12
libdata/pkgconfig/libexif.pc
-%%NLS%%share/locale/de/LC_MESSAGES/libexif.mo
-%%NLS%%share/locale/es/LC_MESSAGES/libexif.mo
-%%NLS%%share/locale/fr/LC_MESSAGES/libexif.mo
- at dirrm include/libexif
+%%NLS%%share/locale/de/LC_MESSAGES/libexif-12.mo
+%%NLS%%share/locale/es/LC_MESSAGES/libexif-12.mo
+%%NLS%%share/locale/fr/LC_MESSAGES/libexif-12.mo
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list