Bug 79158

Summary: [patch] [security] graphics/libexif update to 0.6.12
Product: Ports & Packages Reporter: Oliver Fromme <olli>
Component: Individual Port(s)Assignee: Cheng-Lung Sung <clsung>
Status: Closed FIXED    
Severity: Affects Only Me CC: yinjieh
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Oliver Fromme 2005-03-23 10:10:02 UTC
    This patch updates the graphics/libexif port from 0.6.10
    to 0.6.12.  The version currently in the ports contains
    remotely exploitable buffer overflows, as reported by
    portaudit (see URL below).  The problems are supposed to
    be fixed in version 0.6.12.

    For this PR, I chose to select severity "serious" and
    priority "medium" (instead of "low") because libexif is
    a default dependency of GIMP, gphoto and several other
    ports, so a significant number of users might be affected.

    By the way, I tried to contact the maintainer of the port
    but did not get a reply so far.

Fix: Remove the "files" directory (it contains a patch for
    configure which is obsolete) and apply the following
    patch.  It modifies Makefile, distinfo and pkg-plist.
    The pkg-descr file is not changed.

    The complete new port can also be found here:
    http://www.secnetix.de/~olli/libexif-0.6.12/
How-To-Repeat: 
    URL from portaudit:
    http://www.FreeBSD.org/ports/portaudit/624fe633-9006-11d9-a22c-0001020eed82.html
Comment 1 Cheng-Lung Sung freebsd_committer freebsd_triage 2005-03-27 17:38:05 UTC
Responsible Changed
From-To: freebsd-ports-bugs->clsung

Grab. Also, maintainer is on the way.
Comment 2 olli 2005-03-28 13:00:32 UTC
The maintainer updated my patch and submitted PR ports/79281,
which supersedes this PR.  Therefore, please close this PR.

Thanks!

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'
Comment 3 Cheng-Lung Sung freebsd_committer freebsd_triage 2005-04-04 06:32:42 UTC
State Changed
From-To: open->closed

Committed, Thank you.