Bug 79158
| Summary: | [patch] [security] graphics/libexif update to 0.6.12 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Oliver Fromme <olli> | ||||
| Component: | Individual Port(s) | Assignee: | Cheng-Lung Sung <clsung> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | yinjieh | ||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
Responsible Changed From-To: freebsd-ports-bugs->clsung Grab. Also, maintainer is on the way. The maintainer updated my patch and submitted PR ports/79281, which supersedes this PR. Therefore, please close this PR. Thanks! Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' State Changed From-To: open->closed Committed, Thank you. |
This patch updates the graphics/libexif port from 0.6.10 to 0.6.12. The version currently in the ports contains remotely exploitable buffer overflows, as reported by portaudit (see URL below). The problems are supposed to be fixed in version 0.6.12. For this PR, I chose to select severity "serious" and priority "medium" (instead of "low") because libexif is a default dependency of GIMP, gphoto and several other ports, so a significant number of users might be affected. By the way, I tried to contact the maintainer of the port but did not get a reply so far. Fix: Remove the "files" directory (it contains a patch for configure which is obsolete) and apply the following patch. It modifies Makefile, distinfo and pkg-plist. The pkg-descr file is not changed. The complete new port can also be found here: http://www.secnetix.de/~olli/libexif-0.6.12/ How-To-Repeat: URL from portaudit: http://www.FreeBSD.org/ports/portaudit/624fe633-9006-11d9-a22c-0001020eed82.html