Bug 244060 - graphics/libexif: Fix security vulnerabilities
Summary: graphics/libexif: Fix security vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Danilo G. Baio
URL: https://github.com/libexif/libexif/is...
Keywords: security
Depends on:
Blocks:
 
Reported: 2020-02-12 00:14 UTC by Danilo G. Baio
Modified: 2020-02-15 16:30 UTC (History)
3 users (show)

See Also:
dbaio: maintainer-feedback+
dbaio: merge-quarterly?
dbaio: exp-run?


Attachments
libexif-security-full-ports.patch (25.29 KB, patch)
2020-02-12 00:14 UTC, Danilo G. Baio
no flags Details | Diff
libexif-security.patch (8.08 KB, patch)
2020-02-12 12:15 UTC, Danilo G. Baio
dbaio: maintainer-approval? (marius)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Danilo G. Baio freebsd_committer 2020-02-12 00:14:46 UTC
Created attachment 211573 [details]
libexif-security-full-ports.patch

- Fix CVE-2019-9278

  In libexif, there is a possible out of bounds write due to an integer
  overflow. This could lead to remote escalation of privilege in the media
  content provider with no additional execution privileges needed. User
  interaction is needed for exploitation.

 - Fix a buffer read overflow in exif_entry_get_value
 
 - Fix a buffer overread in exif_mnote_data_olympus_load

 - Bump PORTREVISION for libexif related ports

Reported by: tj@mrsk.me (email)
Comment 1 commit-hook freebsd_committer 2020-02-12 00:20:02 UTC
A commit references this bug:

Author: dbaio
Date: Wed Feb 12 00:19:39 UTC 2020
New revision: 525894
URL: https://svnweb.freebsd.org/changeset/ports/525894

Log:
  security/vuxml: Document graphics/libexif issue

  PR:		244060
  Reported by:	tj@mrsk.me (email)
  Security:	CVE-2019-9278

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Danilo G. Baio freebsd_committer 2020-02-12 00:23:06 UTC
Antoine and Chromium, do we need an exp-run here?
Comment 3 Antoine Brodin freebsd_committer 2020-02-12 06:32:46 UTC
I don't understand,  why do you bump all the PORTREVISION?  The shared library version doesn't change.
Comment 4 Danilo G. Baio freebsd_committer 2020-02-12 12:15:47 UTC
Created attachment 211587 [details]
libexif-security.patch

my mistake
Comment 5 Antoine Brodin freebsd_committer 2020-02-12 12:33:27 UTC
I don't think this needs an exp-run,  API and ABI are identical
Comment 6 Danilo G. Baio freebsd_committer 2020-02-12 17:06:22 UTC
(In reply to Antoine Brodin from comment #5)

Thank you Antoine
Comment 7 marius 2020-02-13 09:23:08 UTC
Thanks for working on this.
I'm not using libexif anymore, could you remove me as maintainer?
Also libexif-gtk.
Thanks.
Comment 8 commit-hook freebsd_committer 2020-02-13 23:00:04 UTC
A commit references this bug:

Author: dbaio
Date: Thu Feb 13 22:59:13 UTC 2020
New revision: 526071
URL: https://svnweb.freebsd.org/changeset/ports/526071

Log:
  graphics/libexif: Fix security vulnerabilities

   - Fix CVE-2019-9278

    In libexif, there is a possible out of bounds write due to an integer
    overflow. This could lead to remote escalation of privilege in the media
    content provider with no additional execution privileges needed. User
    interaction is needed for exploitation.

   - Fix a buffer read overflow in exif_entry_get_value

   - Fix a buffer overread in exif_mnote_data_olympus_load

  PR:		244060
  Reported by:	tj@mrsk.me (email)
  Approved by:	former maintainer
  MFH:		2020Q1
  Security:	00f30cba-4d23-11ea-86ba-641c67a117d8

Changes:
  head/graphics/libexif/Makefile
  head/graphics/libexif/files/
  head/graphics/libexif/files/patch-CVE-2019-9278
  head/graphics/libexif/files/patch-chromium-7344-and-14543
  head/graphics/libexif/files/patch-chromium-8884
Comment 9 commit-hook freebsd_committer 2020-02-13 23:01:05 UTC
A commit references this bug:

Author: dbaio
Date: Thu Feb 13 23:00:12 UTC 2020
New revision: 526072
URL: https://svnweb.freebsd.org/changeset/ports/526072

Log:
  graphics/libexif-gtk: Take MAINTAINER'ship

  PR:		244060
  Approved by:	former maintainer

Changes:
  head/graphics/libexif-gtk/Makefile
Comment 10 Danilo G. Baio freebsd_committer 2020-02-13 23:05:55 UTC
(In reply to marius from comment #7)

Done, and thanks for your contributions.
Comment 11 commit-hook freebsd_committer 2020-02-15 16:29:28 UTC
A commit references this bug:

Author: dbaio
Date: Sat Feb 15 16:28:42 UTC 2020
New revision: 526229
URL: https://svnweb.freebsd.org/changeset/ports/526229

Log:
  MFH: r526071

  graphics/libexif: Fix security vulnerabilities

   - Fix CVE-2019-9278

    In libexif, there is a possible out of bounds write due to an integer
    overflow. This could lead to remote escalation of privilege in the media
    content provider with no additional execution privileges needed. User
    interaction is needed for exploitation.

   - Fix a buffer read overflow in exif_entry_get_value

   - Fix a buffer overread in exif_mnote_data_olympus_load

  PR:		244060
  Reported by:	tj@mrsk.me (email)
  Approved by:	former maintainer
  Security:	00f30cba-4d23-11ea-86ba-641c67a117d8

  Approved by:	ports-secteam (blanket, backport of security fixes)

Changes:
_U  branches/2020Q1/
  branches/2020Q1/graphics/libexif/Makefile
  branches/2020Q1/graphics/libexif/files/