Index: head/graphics/libexif/files/patch-chromium-7344-and-14543 =================================================================== --- head/graphics/libexif/files/patch-chromium-7344-and-14543 (revision 551525) +++ head/graphics/libexif/files/patch-chromium-7344-and-14543 (nonexistent) @@ -1,35 +0,0 @@ -https://github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff.patch -From f9bb9f263fb00f0603ecbefa8957cad24168cbff Mon Sep 17 00:00:00 2001 -From: Dan Fandrich -Date: Wed, 4 Jul 2018 11:06:09 +0200 -Subject: [PATCH] Fix a buffer read overflow in exif_entry_get_value - -While parsing EXIF_TAG_FOCAL_LENGTH it was possible to read 8 bytes past -the end of a heap buffer. This was detected by the OSS Fuzz project. -Patch from Google. - -Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7344 and -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14543 ---- - libexif/exif-entry.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git libexif/exif-entry.c libexif/exif-entry.c -index 61260d3..a224ac2 100644 ---- libexif/exif-entry.c -+++ libexif/exif-entry.c -@@ -1040,12 +1040,12 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen) - d = 0.; - entry = exif_content_get_entry ( - e->parent->parent->ifd[EXIF_IFD_0], EXIF_TAG_MAKE); -- if (entry && entry->data && -+ if (entry && entry->data && entry->size >= 7 && - !strncmp ((char *)entry->data, "Minolta", 7)) { - entry = exif_content_get_entry ( - e->parent->parent->ifd[EXIF_IFD_0], - EXIF_TAG_MODEL); -- if (entry && entry->data) { -+ if (entry && entry->data && entry->size >= 8) { - if (!strncmp ((char *)entry->data, "DiMAGE 7", 8)) - d = 3.9; - else if (!strncmp ((char *)entry->data, "DiMAGE 5", 8)) Property changes on: head/graphics/libexif/files/patch-chromium-7344-and-14543 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/graphics/libexif/files/patch-CVE-2019-9278 =================================================================== --- head/graphics/libexif/files/patch-CVE-2019-9278 (revision 551525) +++ head/graphics/libexif/files/patch-CVE-2019-9278 (nonexistent) @@ -1,86 +0,0 @@ -https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566.patch -From 75aa73267fdb1e0ebfbc00369e7312bac43d0566 Mon Sep 17 00:00:00 2001 -From: Marcus Meissner -Date: Sat, 18 Jan 2020 09:29:42 +0100 -Subject: [PATCH] fix CVE-2019-9278 - -avoid the use of unsafe integer overflow checking constructs (unsigned integer operations cannot overflow, so "u1 + u2 > u1" can be optimized away) - -check for the actual sizes, which should also handle the overflows -document other places google patched, but do not seem relevant due to other restrictions - -fixes https://github.com/libexif/libexif/issues/26 ---- - libexif/exif-data.c | 28 ++++++++++++++++++---------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git libexif/exif-data.c libexif/exif-data.c -index a6f9c94..6332cd1 100644 ---- libexif/exif-data.c -+++ libexif/exif-data.c -@@ -192,9 +192,15 @@ exif_data_load_data_entry (ExifData *data, ExifEntry *entry, - doff = offset + 8; - - /* Sanity checks */ -- if ((doff + s < doff) || (doff + s < s) || (doff + s > size)) { -+ if (doff >= size) { - exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", -- "Tag data past end of buffer (%u > %u)", doff+s, size); -+ "Tag starts past end of buffer (%u > %u)", doff, size); -+ return 0; -+ } -+ -+ if (s > size - doff) { -+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", -+ "Tag data goes past end of buffer (%u > %u)", doff+s, size); - return 0; - } - -@@ -315,13 +321,14 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d, - unsigned int ds, ExifLong o, ExifLong s) - { - /* Sanity checks */ -- if ((o + s < o) || (o + s < s) || (o + s > ds) || (o > ds)) { -- exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", -- "Bogus thumbnail offset (%u) or size (%u).", -- o, s); -+ if (o >= ds) { -+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o); -+ return; -+ } -+ if (s > ds - o) { -+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o); - return; - } -- - if (data->data) - exif_mem_free (data->priv->mem, data->data); - if (!(data->data = exif_data_alloc (data, s))) { -@@ -947,7 +954,7 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig, - exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", - "IFD 0 at %i.", (int) offset); - -- /* Sanity check the offset, being careful about overflow */ -+ /* ds is restricted to 16 bit above, so offset is restricted too, and offset+8 should not overflow. */ - if (offset > ds || offset + 6 + 2 > ds) - return; - -@@ -956,6 +963,7 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig, - - /* IFD 1 offset */ - n = exif_get_short (d + 6 + offset, data->priv->order); -+ /* offset < 2<<16, n is 16 bit at most, so this op will not overflow */ - if (offset + 6 + 2 + 12 * n + 4 > ds) - return; - -@@ -964,8 +972,8 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig, - exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", - "IFD 1 at %i.", (int) offset); - -- /* Sanity check. */ -- if (offset > ds || offset + 6 > ds) { -+ /* Sanity check. ds is ensured to be above 6 above, offset is 16bit */ -+ if (offset > ds - 6) { - exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, - "ExifData", "Bogus offset of IFD1."); - } else { Property changes on: head/graphics/libexif/files/patch-CVE-2019-9278 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/graphics/libexif/files/patch-chromium-8884 =================================================================== --- head/graphics/libexif/files/patch-chromium-8884 (revision 551525) +++ head/graphics/libexif/files/patch-chromium-8884 (nonexistent) @@ -1,24 +0,0 @@ -https://github.com/libexif/libexif/commit/a0c04d9cb6ab0c41a6458def9f892754e84160a0.patch -From a0c04d9cb6ab0c41a6458def9f892754e84160a0 Mon Sep 17 00:00:00 2001 -From: Marcus Meissner -Date: Sat, 15 Jun 2019 18:40:48 +0200 -Subject: [PATCH] fixed a buffer overread (OSS-Fuzz) - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8884 - ---- - libexif/olympus/exif-mnote-data-olympus.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git libexif/olympus/exif-mnote-data-olympus.c libexif/olympus/exif-mnote-data-olympus.c -index dac7f5b..669e4ec 100644 ---- libexif/olympus/exif-mnote-data-olympus.c -+++ libexif/olympus/exif-mnote-data-olympus.c -@@ -344,7 +344,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en, - - case nikonV2: - o2 += 6; -- if (o2 >= buf_size) return; -+ if (o2 + 8 >= buf_size) return; - exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus", - "Parsing Nikon maker note v2 (0x%02x, %02x, %02x, " - "%02x, %02x, %02x, %02x, %02x)...", Property changes on: head/graphics/libexif/files/patch-chromium-8884 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/graphics/libexif/Makefile =================================================================== --- head/graphics/libexif/Makefile (revision 551525) +++ head/graphics/libexif/Makefile (revision 551526) @@ -1,44 +1,44 @@ # Created by: Peter Schmiedeskamp # $FreeBSD$ PORTNAME= libexif -PORTVERSION= 0.6.21 -PORTREVISION= 5 +PORTVERSION= 0.6.22 CATEGORIES= graphics -MASTER_SITES= SF +MASTER_SITES= https://github.com/libexif/libexif/releases/download/libexif-${PORTVERSION:S|.|_|g}-release/ MAINTAINER= dbaio@FreeBSD.org COMMENT= Library to read digital camera file meta-data LICENSE= LGPL21 LICENSE_FILE= ${WRKSRC}/COPYING -OPTIONS_DEFINE= DOCS NLS +USES= cpe gmake libtool localbase pathfix pkgconfig tar:xz -USES= cpe gmake libtool pathfix pkgconfig tar:bzip2 CPE_VENDOR= curtis_galloway -CPPFLAGS+= -I${LOCALBASE}/include -LDFLAGS+= -L${LOCALBASE}/lib -GNU_CONFIGURE= yes + CONFIGURE_ARGS= --disable-docs +GNU_CONFIGURE= yes +INSTALL_TARGET= install-strip USE_LDCONFIG= yes PORTDOCS= AUTHORS ChangeLog NEWS README + +OPTIONS_DEFINE= DOCS NLS OPTIONS_SUB= yes NLS_USES= gettext NLS_CONFIGURE_ENV_OFF= am_cv_func_iconv=no NLS_CONFIGURE_ENABLE= nls post-patch: @${REINPLACE_CMD} -e '/^SUBDIRS =/s|doc||g ; \ /^am__installdirs =/s|$$(docdir)||g ; \ /^install-data-am:/s|install-docDATA||g' ${WRKSRC}/Makefile.in -post-install: +post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} .for file in ${PORTDOCS} ${INSTALL_DATA} ${WRKSRC}/${file} ${STAGEDIR}${DOCSDIR} .endfor .include Index: head/graphics/libexif/distinfo =================================================================== --- head/graphics/libexif/distinfo (revision 551525) +++ head/graphics/libexif/distinfo (revision 551526) @@ -1,2 +1,3 @@ -SHA256 (libexif-0.6.21.tar.bz2) = 16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a -SIZE (libexif-0.6.21.tar.bz2) = 1368435 +TIMESTAMP = 1590479705 +SHA256 (libexif-0.6.22.tar.xz) = 5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56 +SIZE (libexif-0.6.22.tar.xz) = 1347040 Index: head/graphics/libexif/pkg-descr =================================================================== --- head/graphics/libexif/pkg-descr (revision 551525) +++ head/graphics/libexif/pkg-descr (revision 551526) @@ -1,4 +1,4 @@ This library allows metadata that is written to files on a digital camera to be read. This library will be required for the gphoto2 port. -WWW: https://sourceforge.net/projects/libexif/ +WWW: https://libexif.github.io/ Index: head/graphics/libexif/pkg-plist =================================================================== --- head/graphics/libexif/pkg-plist (revision 551525) +++ head/graphics/libexif/pkg-plist (revision 551526) @@ -1,44 +1,45 @@ include/libexif/_stdint.h include/libexif/exif-byte-order.h include/libexif/exif-content.h include/libexif/exif-data-type.h include/libexif/exif-data.h include/libexif/exif-entry.h include/libexif/exif-format.h include/libexif/exif-ifd.h include/libexif/exif-loader.h include/libexif/exif-log.h include/libexif/exif-mem.h include/libexif/exif-mnote-data.h include/libexif/exif-tag.h include/libexif/exif-utils.h lib/libexif.a lib/libexif.so lib/libexif.so.12 -lib/libexif.so.12.3.3 +lib/libexif.so.12.3.4 libdata/pkgconfig/libexif.pc %%NLS%%share/locale/be/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/bs/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/cs/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/da/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/de/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/en_AU/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/en_CA/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/en_GB/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/es/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/fr/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/it/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/ja/LC_MESSAGES/libexif-12.mo +%%NLS%%share/locale/ms/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/nl/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/pl/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/pt/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/pt_BR/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/ru/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/sk/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/sq/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/sr/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/sv/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/tr/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/uk/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/vi/LC_MESSAGES/libexif-12.mo %%NLS%%share/locale/zh_CN/LC_MESSAGES/libexif-12.mo