[Frugalware-git] frugalware-0.7: libexif-0.6.16-2sayshell1-i686

Sun, 20 Jan 2008 03:53:21 -0800 

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.7.git;a=commitdiff;h=a186ad46cf013a8b04f93cb2da1a1ba2a69748f9

commit a186ad46cf013a8b04f93cb2da1a1ba2a69748f9
Author: voroskoi <[EMAIL PROTECTED]>
Date:   Sun Jan 20 12:52:09 2008 +0100

libexif-0.6.16-2sayshell1-i686
added CVE-2007-6351.patch and CVE-2007-6352.patch
closes #2680

diff --git a/source/lib/libexif/CVE-2007-6351.patch 
b/source/lib/libexif/CVE-2007-6351.patch
new file mode 100644
index 0000000..40c8737
--- /dev/null
+++ b/source/lib/libexif/CVE-2007-6351.patch
@@ -0,0 +1,11 @@
+--- libexif/exif-loader.c      2007/06/26 02:30:32     1.25
++++ libexif/exif-loader.c      2007/12/14 19:53:53     1.26
+@@ -176,6 +176,8 @@
+               break;
+       }
+
++      if (!len)
++              return 1;
+       exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader",
+                 "Scanning %i byte(s) of data...", len);
+
diff --git a/source/lib/libexif/CVE-2007-6352.patch 
b/source/lib/libexif/CVE-2007-6352.patch
new file mode 100644
index 0000000..fcac9eb
--- /dev/null
+++ b/source/lib/libexif/CVE-2007-6352.patch
@@ -0,0 +1,15 @@
+--- libexif/exif-data.c        2007/12/07 08:46:48     1.102
++++ libexif/exif-data.c        2007/12/14 20:32:35     1.103
+@@ -299,10 +299,9 @@
+ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
+                              unsigned int ds, ExifLong offset, ExifLong size)
+ {
+-      if (ds < offset + size) {
++      if ((ds < offset + size) || (offset < 0) || (offset > ds)) {
+               exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+-                        "Bogus thumbnail offset and size: %i < %i + %i.",
+-                        (int) ds, (int) offset, (int) size);
++                        "Bogus thumbnail offset and size.");
+               return;
+       }
+       if (data->data)
diff --git a/source/lib/libexif/FrugalBuild b/source/lib/libexif/FrugalBuild
index f2df29e..0fd2ed3 100644
--- a/source/lib/libexif/FrugalBuild
+++ b/source/lib/libexif/FrugalBuild
@@ -4,7 +4,7 @@

pkgname=libexif
pkgver=0.6.16
-pkgrel=1
+pkgrel=2sayshell1
pkgdesc="Exchangeable Image File Format tag library"
_F_sourceforge_ext=".tar.bz2"
Finclude sourceforge
@@ -15,7 +15,10 @@ groups=('lib')
archs=('i686' 'x86_64')
Fconfopts="$Fconfopts --disable-static --with-gnu-ld"
up2date="lynx -dump 
http://sourceforge.net/project/showfiles.php?group_id=12272|grep 'libexif '|sed 
-n '1 p'|tr -s ' '|cut -d ' ' -f 3|cut -d ] -f 2"
-sha1sums=('4fea28a05496b3c7075ca5f619439340be534a3f')
+source=([EMAIL PROTECTED] CVE-2007-6351.patch CVE-2007-6352.patch)
+sha1sums=('4fea28a05496b3c7075ca5f619439340be534a3f' \
+          '6615a5f916bd7103de2ba0ed7cdcf93f78be7a64' \
+          '4cd6548f3b1f84a38e4b2d25d3b763c8c6deb030')
options=('nodocs')

# optimization OK
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to