This patch updates the graphics/libexif port from 0.6.10
to 0.6.12. The version currently in the ports contains
remotely exploitable buffer overflows, as reported by
portaudit (see URL below). The problems are supposed to
be fixed in version 0.6.12.
For this PR, I chose to select severity "serious" and
priority "medium" (instead of "low") because libexif is
a default dependency of GIMP, gphoto and several other
ports, so a significant number of users might be affected.
By the way, I tried to contact the maintainer of the port
but did not get a reply so far.
Fix: Remove the "files" directory (it contains a patch for
configure which is obsolete) and apply the following
patch. It modifies Makefile, distinfo and pkg-plist.
The pkg-descr file is not changed.
The complete new port can also be found here:
URL from portaudit:
Grab. Also, maintainer is on the way.
The maintainer updated my patch and submitted PR ports/79281,
which supersedes this PR. Therefore, please close this PR.
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'
Committed, Thank you.