Index: head/graphics/libexif/Makefile
===================================================================
--- head/graphics/libexif/Makefile	(revision 526070)
+++ head/graphics/libexif/Makefile	(revision 526071)
@@ -1,44 +1,44 @@
 # Created by: Peter Schmiedeskamp <pschmied@qwest.net>
 # $FreeBSD$
 
 PORTNAME=	libexif
 PORTVERSION=	0.6.21
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	graphics
 MASTER_SITES=	SF
 
-MAINTAINER=	marius@nuenneri.ch
+MAINTAINER=	dbaio@FreeBSD.org
 COMMENT=	Library to read digital camera file meta-data
 
 LICENSE=	LGPL21
 LICENSE_FILE=	${WRKSRC}/COPYING
 
 OPTIONS_DEFINE=	DOCS NLS
 
 USES=		cpe gmake libtool pathfix pkgconfig tar:bzip2
 CPE_VENDOR=	curtis_galloway
 CPPFLAGS+=	-I${LOCALBASE}/include
 LDFLAGS+=	-L${LOCALBASE}/lib
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--disable-docs
 USE_LDCONFIG=	yes
 
 PORTDOCS=	AUTHORS ChangeLog NEWS README
 OPTIONS_SUB=	yes
 
 NLS_USES=	gettext
 NLS_CONFIGURE_ENV_OFF=	am_cv_func_iconv=no
 NLS_CONFIGURE_ENABLE=	nls
 
 post-patch:
 	@${REINPLACE_CMD} -e '/^SUBDIRS =/s|doc||g ; \
 		 /^am__installdirs =/s|$$(docdir)||g ; \
 		 /^install-data-am:/s|install-docDATA||g' ${WRKSRC}/Makefile.in
 
 post-install:
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
 .for file in ${PORTDOCS}
 	${INSTALL_DATA} ${WRKSRC}/${file} ${STAGEDIR}${DOCSDIR}
 .endfor
 
 .include <bsd.port.mk>
Index: head/graphics/libexif/files/patch-CVE-2019-9278
===================================================================
--- head/graphics/libexif/files/patch-CVE-2019-9278	(nonexistent)
+++ head/graphics/libexif/files/patch-CVE-2019-9278	(revision 526071)
@@ -0,0 +1,86 @@
+https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566.patch
+From 75aa73267fdb1e0ebfbc00369e7312bac43d0566 Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <meissner@suse.de>
+Date: Sat, 18 Jan 2020 09:29:42 +0100
+Subject: [PATCH] fix CVE-2019-9278
+
+avoid the use of unsafe integer overflow checking constructs (unsigned integer operations cannot overflow, so "u1 + u2 > u1" can be optimized away)
+
+check for the actual sizes, which should also handle the overflows
+document other places google patched, but do not seem relevant due to other restrictions
+
+fixes https://github.com/libexif/libexif/issues/26
+---
+ libexif/exif-data.c | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git libexif/exif-data.c libexif/exif-data.c
+index a6f9c94..6332cd1 100644
+--- libexif/exif-data.c
++++ libexif/exif-data.c
+@@ -192,9 +192,15 @@ exif_data_load_data_entry (ExifData *data, ExifEntry *entry,
+ 		doff = offset + 8;
+ 
+ 	/* Sanity checks */
+-	if ((doff + s < doff) || (doff + s < s) || (doff + s > size)) {
++	if (doff >= size) {
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+-				  "Tag data past end of buffer (%u > %u)", doff+s, size);	
++				  "Tag starts past end of buffer (%u > %u)", doff, size);
++		return 0;
++	}
++
++	if (s > size - doff) {
++		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
++				  "Tag data goes past end of buffer (%u > %u)", doff+s, size);
+ 		return 0;
+ 	}
+ 
+@@ -315,13 +321,14 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
+ 			       unsigned int ds, ExifLong o, ExifLong s)
+ {
+ 	/* Sanity checks */
+-	if ((o + s < o) || (o + s < s) || (o + s > ds) || (o > ds)) {
+-		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+-			  "Bogus thumbnail offset (%u) or size (%u).",
+-			  o, s);
++	if (o >= ds) {
++		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
++		return;
++	}
++	if (s > ds - o) {
++		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
+ 		return;
+ 	}
+-
+ 	if (data->data) 
+ 		exif_mem_free (data->priv->mem, data->data);
+ 	if (!(data->data = exif_data_alloc (data, s))) {
+@@ -947,7 +954,7 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig,
+ 	exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", 
+ 		  "IFD 0 at %i.", (int) offset);
+ 
+-	/* Sanity check the offset, being careful about overflow */
++	/* ds is restricted to 16 bit above, so offset is restricted too, and offset+8 should not overflow. */
+ 	if (offset > ds || offset + 6 + 2 > ds)
+ 		return;
+ 
+@@ -956,6 +963,7 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig,
+ 
+ 	/* IFD 1 offset */
+ 	n = exif_get_short (d + 6 + offset, data->priv->order);
++	/* offset < 2<<16, n is 16 bit at most, so this op will not overflow */
+ 	if (offset + 6 + 2 + 12 * n + 4 > ds)
+ 		return;
+ 
+@@ -964,8 +972,8 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig,
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+ 			  "IFD 1 at %i.", (int) offset);
+ 
+-		/* Sanity check. */
+-		if (offset > ds || offset + 6 > ds) {
++		/* Sanity check. ds is ensured to be above 6 above, offset is 16bit */
++		if (offset > ds - 6) {
+ 			exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ 				  "ExifData", "Bogus offset of IFD1.");
+ 		} else {

Property changes on: head/graphics/libexif/files/patch-CVE-2019-9278
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/graphics/libexif/files/patch-chromium-7344-and-14543
===================================================================
--- head/graphics/libexif/files/patch-chromium-7344-and-14543	(nonexistent)
+++ head/graphics/libexif/files/patch-chromium-7344-and-14543	(revision 526071)
@@ -0,0 +1,35 @@
+https://github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff.patch
+From f9bb9f263fb00f0603ecbefa8957cad24168cbff Mon Sep 17 00:00:00 2001
+From: Dan Fandrich <dan@coneharvesters.com>
+Date: Wed, 4 Jul 2018 11:06:09 +0200
+Subject: [PATCH] Fix a buffer read overflow in exif_entry_get_value
+
+While parsing EXIF_TAG_FOCAL_LENGTH it was possible to read 8 bytes past
+the end of a heap buffer. This was detected by the OSS Fuzz project.
+Patch from Google.
+
+Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7344 and
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14543
+---
+ libexif/exif-entry.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git libexif/exif-entry.c libexif/exif-entry.c
+index 61260d3..a224ac2 100644
+--- libexif/exif-entry.c
++++ libexif/exif-entry.c
+@@ -1040,12 +1040,12 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
+ 		d = 0.;
+ 		entry = exif_content_get_entry (
+ 			e->parent->parent->ifd[EXIF_IFD_0], EXIF_TAG_MAKE);
+-		if (entry && entry->data &&
++		if (entry && entry->data && entry->size >= 7 &&
+ 		    !strncmp ((char *)entry->data, "Minolta", 7)) {
+ 			entry = exif_content_get_entry (
+ 					e->parent->parent->ifd[EXIF_IFD_0],
+ 					EXIF_TAG_MODEL);
+-			if (entry && entry->data) {
++			if (entry && entry->data && entry->size >= 8) {
+ 				if (!strncmp ((char *)entry->data, "DiMAGE 7", 8))
+ 					d = 3.9;
+ 				else if (!strncmp ((char *)entry->data, "DiMAGE 5", 8))

Property changes on: head/graphics/libexif/files/patch-chromium-7344-and-14543
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/graphics/libexif/files/patch-chromium-8884
===================================================================
--- head/graphics/libexif/files/patch-chromium-8884	(nonexistent)
+++ head/graphics/libexif/files/patch-chromium-8884	(revision 526071)
@@ -0,0 +1,24 @@
+https://github.com/libexif/libexif/commit/a0c04d9cb6ab0c41a6458def9f892754e84160a0.patch
+From a0c04d9cb6ab0c41a6458def9f892754e84160a0 Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Sat, 15 Jun 2019 18:40:48 +0200
+Subject: [PATCH] fixed a buffer overread (OSS-Fuzz)
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8884
+
+---
+ libexif/olympus/exif-mnote-data-olympus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git libexif/olympus/exif-mnote-data-olympus.c libexif/olympus/exif-mnote-data-olympus.c
+index dac7f5b..669e4ec 100644
+--- libexif/olympus/exif-mnote-data-olympus.c
++++ libexif/olympus/exif-mnote-data-olympus.c
+@@ -344,7 +344,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
+ 
+ 	case nikonV2:
+ 		o2 += 6;
+-		if (o2 >= buf_size) return;
++		if (o2 + 8 >= buf_size) return;
+ 		exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
+ 			"Parsing Nikon maker note v2 (0x%02x, %02x, %02x, "
+ 			"%02x, %02x, %02x, %02x, %02x)...",

Property changes on: head/graphics/libexif/files/patch-chromium-8884
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property