subject:"\[gentoo\-commits\] repo\/gentoo\:master commit in\: media\-libs\/libexif\/, media\-libs\/libexif\/files\/"

[gentoo-commits] repo/gentoo:master commit in: media-libs/libexif/, media-libs/libexif/files/

2020-07-15 Thread Sam James

commit: 619cb215c093a8c9ddce658eeccdd779335e052b
Author: John Helmert III  posteo  net>
AuthorDate: Wed Jul  8 18:54:17 2020 +
Commit: Sam James  gentoo  org>
CommitDate: Thu Jul 16 00:16:19 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=619cb215

media-libs/libexif: Security cleanup (drop <0.6.22)

Bugs: https://bugs.gentoo.org/708728
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: John Helmert III  posteo.net>
Closes: https://github.com/gentoo/gentoo/pull/16639
Signed-off-by: Sam James  gentoo.org>

 media-libs/libexif/Manifest|   1 -
 .../files/libexif-0.6.21-CVE-2017-7544.patch   |  30 --
 .../files/libexif-0.6.21-CVE-2018-20030.patch  | 117 -
 ...ibexif-0.6.21-fix-C89-compatibility-issue.patch |  30 --
 media-libs/libexif/libexif-0.6.21-r3.ebuild|  52 -
 5 files changed, 230 deletions(-)

diff --git a/media-libs/libexif/Manifest b/media-libs/libexif/Manifest
index 01957043eef..52a1e78a856 100644
--- a/media-libs/libexif/Manifest
+++ b/media-libs/libexif/Manifest
@@ -1,2 +1 @@
-DIST libexif-0.6.21.tar.bz2 1368435 BLAKE2B 
151e3ddcdd45759fd70be91db27511f48a9b7d5de72c8af510e5a231e2f053f8b5d62d1269a1206e419461b07fb723788492604f1f1142edcb5ab7a0876dd307
 SHA512 
4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35
 DIST libexif-0.6.22.tar.gz 2741296 BLAKE2B 
df57aa0ff7d20faa47ea34f4d8164c33b113887bc2179405481b2c12c0d0336dc9e5321a260ffda64d974bfa9ac6af55c0cfb4cc9a57a941c17944a3d049befd
 SHA512 
e399804c9d67072861988638349115c585546be20f15c4d26bb6f411ff4ee5bce979c1a41305c1456ecc2f830837349f93cfa4136b7a864e0486cecd3607b469

diff --git a/media-libs/libexif/files/libexif-0.6.21-CVE-2017-7544.patch 
b/media-libs/libexif/files/libexif-0.6.21-CVE-2017-7544.patch
deleted file mode 100644
index 534817417d8..000
--- a/media-libs/libexif/files/libexif-0.6.21-CVE-2017-7544.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From c39acd1692023b26290778a02a9232c873f9d71a Mon Sep 17 00:00:00 2001
-From: Marcus Meissner 
-Date: Tue, 25 Jul 2017 23:38:56 +0200
-Subject: [PATCH] On saving makernotes, make sure the makernote container tags
- has a type with 1 byte components.
-
-Fixes (at least):
-   https://sourceforge.net/p/libexif/bugs/130
-   https://sourceforge.net/p/libexif/bugs/129

- libexif/exif-data.c | 6 ++
- 1 file changed, 6 insertions(+)
-
-diff --git a/libexif/exif-data.c b/libexif/exif-data.c
-index 67df4db..91f4c33 100644
 a/libexif/exif-data.c
-+++ b/libexif/exif-data.c
-@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e,
-   exif_mnote_data_set_offset (data->priv->md, *ds - 6);
-   exif_mnote_data_save (data->priv->md, >data, 
>size);
-   e->components = e->size;
-+  if (exif_format_get_size (e->format) != 1) {
-+  /* e->format is taken from input code,
-+   * but we need to make sure it is a 1 byte
-+   * entity due to the multiplication below. */
-+  e->format = EXIF_FORMAT_UNDEFINED;
-+  }
-   }
-   }
- 

diff --git a/media-libs/libexif/files/libexif-0.6.21-CVE-2018-20030.patch 
b/media-libs/libexif/files/libexif-0.6.21-CVE-2018-20030.patch
deleted file mode 100644
index 08179f84b50..000
--- a/media-libs/libexif/files/libexif-0.6.21-CVE-2018-20030.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001
-From: Dan Fandrich 
-Date: Fri, 12 Oct 2018 16:01:45 +0200
-Subject: [PATCH] Improve deep recursion detection in
- exif_data_load_data_content.
-
-The existing detection was still vulnerable to pathological cases
-causing DoS by wasting CPU. The new algorithm takes the number of tags
-into account to make it harder to abuse by cases using shallow recursion
-but with a very large number of tags.  This improves on commit 5d28011c
-which wasn't sufficient to counter this kind of case.
-
-The limitation in the previous fix was discovered by Laurent Delosieres,
-Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned
-the identifier CVE-2018-20030.
-
-Adjusted for missing 
https://github.com/libexif/libexif/commit/5d28011c40ec86cf52cffad541093d37c263898a
-

- libexif/exif-data.c | 45 +
- 2 files changed, 38 insertions(+), 8 deletions(-)
-
-diff --git a/libexif/exif-data.c b/libexif/exif-data.c
-index e35403d..a6f9c94 100644
 a/libexif/exif-data.c
-+++ b/libexif/exif-data.c
-@@ -35,6 +35,7 @@
- #include 
- #include 
- 
-+#include 
- #include 
- #include 
- #include 
-@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) {  
\
-   break;  \
- }
-

[gentoo-commits] repo/gentoo:master commit in: media-libs/libexif/, media-libs/libexif/files/

2019-03-04 Thread Thomas Deutschmann

commit: bcce9fb0f933198672777469411dd4774bb39ba3
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Mon Mar  4 18:18:27 2019 +
Commit: Thomas Deutschmann  gentoo  org>
CommitDate: Mon Mar  4 18:18:46 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcce9fb0

media-libs/libexif: rev bump to fix CVE-2018-20030

While here, fix C89 compatibility issue, too.

Bug: https://bugs.gentoo.org/679418
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann  gentoo.org>

 .../files/libexif-0.6.21-CVE-2018-20030.patch  | 117 +
 ...ibexif-0.6.21-fix-C89-compatibility-issue.patch |  30 ++
 media-libs/libexif/libexif-0.6.21-r3.ebuild|  52 +
 3 files changed, 199 insertions(+)

diff --git a/media-libs/libexif/files/libexif-0.6.21-CVE-2018-20030.patch 
b/media-libs/libexif/files/libexif-0.6.21-CVE-2018-20030.patch
new file mode 100644
index 000..08179f84b50
--- /dev/null
+++ b/media-libs/libexif/files/libexif-0.6.21-CVE-2018-20030.patch
@@ -0,0 +1,117 @@
+From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001
+From: Dan Fandrich 
+Date: Fri, 12 Oct 2018 16:01:45 +0200
+Subject: [PATCH] Improve deep recursion detection in
+ exif_data_load_data_content.
+
+The existing detection was still vulnerable to pathological cases
+causing DoS by wasting CPU. The new algorithm takes the number of tags
+into account to make it harder to abuse by cases using shallow recursion
+but with a very large number of tags.  This improves on commit 5d28011c
+which wasn't sufficient to counter this kind of case.
+
+The limitation in the previous fix was discovered by Laurent Delosieres,
+Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned
+the identifier CVE-2018-20030.
+
+Adjusted for missing 
https://github.com/libexif/libexif/commit/5d28011c40ec86cf52cffad541093d37c263898a
+
+---
+ libexif/exif-data.c | 45 +
+ 2 files changed, 38 insertions(+), 8 deletions(-)
+
+diff --git a/libexif/exif-data.c b/libexif/exif-data.c
+index e35403d..a6f9c94 100644
+--- a/libexif/exif-data.c
 b/libexif/exif-data.c
+@@ -35,6 +35,7 @@
+ #include 
+ #include 
+ 
++#include 
+ #include 
+ #include 
+ #include 
+@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) {  
\
+   break;  \
+ }
+ 
++/*! Calculate the recursion cost added by one level of IFD loading.
++ *
++ * The work performed is related to the cost in the exponential relation
++ *   work=1.1**cost
++ */
++static unsigned int
++level_cost(unsigned int n)
++{
++static const double log_1_1 = 0.09531017980432493;
++
++  /* Adding 0.1 protects against the case where n==1 */
++  return ceil(log(n + 0.1)/log_1_1);
++}
++
+ /*! Load data for an IFD.
+  *
+  * \param[in,out] data #ExifData
+@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) { 
\
+  * \param[in] d pointer to buffer containing raw IFD data
+  * \param[in] ds size of raw data in buffer at \c d
+  * \param[in] offset offset into buffer at \c d at which IFD starts
+- * \param[in] recursion_depth number of times this function has been
+- * recursively called without returning
++ * \param[in] recursion_cost factor indicating how expensive this recursive
++ * call could be
+  */
+ static void
+ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+const unsigned char *d,
+-   unsigned int ds, unsigned int offset, unsigned int 
recursion_depth)
++   unsigned int ds, unsigned int offset, unsigned int 
recursion_cost)
+ {
+   ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
+   ExifShort n;
+@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+   if int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
+ return;
+ 
+-  if (recursion_depth > 30) {
++  if (recursion_cost > 170) {
++  /*
++   * recursion_cost is a logarithmic-scale indicator of how 
expensive this
++   * recursive call might end up being. It is an indicator of the 
depth of
++   * recursion as well as the potential for worst-case future 
recursive
++   * calls. Since it's difficult to tell ahead of time how often 
recursion
++   * will occur, this assumes the worst by assuming every tag 
could end up
++   * causing recursion.
++   * The value of 170 was chosen to limit typical EXIF structures 
to a
++   * recursive depth of about 6, but pathological ones (those 
with very
++   * many tags) to only 2.
++   */
+   exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, 
"ExifData",
+-"Deep recursion detected!");
++"Deep/expensive recursion detected!");
+

[gentoo-commits] repo/gentoo:master commit in: media-libs/libexif/, media-libs/libexif/files/

[gentoo-commits] repo/gentoo:master commit in: media-libs/libexif/, media-libs/libexif/files/

2 matches

Site Navigation

Mail list logo

Footer information