gnu: libexif: Fix CVE-2017-7544.

* gnu/packages/patches/libexif-CVE-2017-7544.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (feh)[source]: Use it.
This commit is contained in:
Leo Famulari 2017-12-21 02:55:44 -05:00
parent 417f3d494f
commit ce16d312c6
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08
3 changed files with 32 additions and 0 deletions

View file

@ -805,6 +805,7 @@ dist_patch_DATA = \
%D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch \ %D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch \
%D%/packages/patches/libevent-2.1-dns-tests.patch \ %D%/packages/patches/libevent-2.1-dns-tests.patch \
%D%/packages/patches/libevent-2.1-skip-failing-test.patch \ %D%/packages/patches/libevent-2.1-skip-failing-test.patch \
%D%/packages/patches/libexif-CVE-2017-7544.patch \
%D%/packages/patches/libgit2-0.25.1-mtime-0.patch \ %D%/packages/patches/libgit2-0.25.1-mtime-0.patch \
%D%/packages/patches/libgdata-fix-tests.patch \ %D%/packages/patches/libgdata-fix-tests.patch \
%D%/packages/patches/libgdata-glib-duplicate-tests.patch \ %D%/packages/patches/libgdata-glib-duplicate-tests.patch \

View file

@ -0,0 +1,29 @@
Fix CVE-2017-7544:
https://sourceforge.net/p/libexif/bugs/130/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
Patch copied from upstream bug tracker:
https://sourceforge.net/p/libexif/bugs/130/#489a
Index: libexif/exif-data.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
retrieving revision 1.131
diff -u -r1.131 exif-data.c
--- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131
+++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000
@@ -255,6 +255,12 @@
exif_mnote_data_set_offset (data->priv->md, *ds - 6);
exif_mnote_data_save (data->priv->md, &e->data, &e->size);
e->components = e->size;
+ if (exif_format_get_size (e->format) != 1) {
+ /* e->format is taken from input code,
+ * but we need to make sure it is a 1 byte
+ * entity due to the multiplication below. */
+ e->format = EXIF_FORMAT_UNDEFINED;
+ }
}
}

View file

@ -28,6 +28,7 @@ (define-module (gnu packages photo)
#:use-module ((guix licenses) #:prefix license:) #:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages) #:use-module (guix packages)
#:use-module (guix utils) #:use-module (guix utils)
#:use-module (gnu packages)
#:use-module (gnu packages algebra) #:use-module (gnu packages algebra)
#:use-module (gnu packages autotools) #:use-module (gnu packages autotools)
#:use-module (gnu packages base) #:use-module (gnu packages base)
@ -89,6 +90,7 @@ (define-public libexif
(method url-fetch) (method url-fetch)
(uri (string-append "mirror://sourceforge/libexif/libexif/" (uri (string-append "mirror://sourceforge/libexif/libexif/"
version "/libexif-" version ".tar.bz2")) version "/libexif-" version ".tar.bz2"))
(patches (search-patches "libexif-CVE-2017-7544.patch"))
(sha256 (sha256
(base32 (base32
"06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n")))) "06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n"))))