head	1.3;
access;
symbols
	pkgsrc-2013Q2:1.3.0.36
	pkgsrc-2013Q2-base:1.3
	pkgsrc-2012Q4:1.3.0.34
	pkgsrc-2012Q4-base:1.3
	pkgsrc-2011Q4:1.3.0.32
	pkgsrc-2011Q4-base:1.3
	pkgsrc-2011Q2:1.3.0.30
	pkgsrc-2011Q2-base:1.3
	pkgsrc-2009Q4:1.3.0.28
	pkgsrc-2009Q4-base:1.3
	pkgsrc-2008Q4:1.3.0.26
	pkgsrc-2008Q4-base:1.3
	pkgsrc-2008Q3:1.3.0.24
	pkgsrc-2008Q3-base:1.3
	cube-native-xorg:1.3.0.22
	cube-native-xorg-base:1.3
	pkgsrc-2008Q2:1.3.0.20
	pkgsrc-2008Q2-base:1.3
	pkgsrc-2008Q1:1.3.0.18
	pkgsrc-2008Q1-base:1.3
	pkgsrc-2007Q4:1.3.0.16
	pkgsrc-2007Q4-base:1.3
	pkgsrc-2007Q3:1.3.0.14
	pkgsrc-2007Q3-base:1.3
	pkgsrc-2007Q2:1.3.0.12
	pkgsrc-2007Q2-base:1.3
	pkgsrc-2007Q1:1.3.0.10
	pkgsrc-2007Q1-base:1.3
	pkgsrc-2006Q4:1.3.0.8
	pkgsrc-2006Q4-base:1.3
	pkgsrc-2006Q3:1.3.0.6
	pkgsrc-2006Q3-base:1.3
	pkgsrc-2006Q2:1.3.0.4
	pkgsrc-2006Q2-base:1.3
	pkgsrc-2006Q1:1.3.0.2
	pkgsrc-2006Q1-base:1.3
	pkgsrc-2005Q4:1.2.0.6
	pkgsrc-2005Q4-base:1.2
	pkgsrc-2005Q3:1.2.0.4
	pkgsrc-2005Q3-base:1.2
	pkgsrc-2005Q2:1.2.0.2
	pkgsrc-2005Q2-base:1.2
	pkgsrc-2005Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.3
date	2006.01.06.15.19.18;	author wiz;	state dead;
branches;
next	1.2;

1.2
date	2005.05.27.14.20.36;	author jschauma;	state Exp;
branches;
next	1.1;

1.1
date	2005.05.13.11.57.59;	author salo;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2005.05.13.11.57.59;	author snj;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2005.05.14.05.49.56;	author snj;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Update to 0.6.13.

New in 0.6.13:

  * Bug fixes: #803191, #1051994, #1054321, #1054323, #1196787

  * For pkg-config users, force usage of #include <libexif/exif-*.h>
    (disable #include <exif-.h>)

  * Updated German translation

  * Build system tuning

  * Misc changes:
    Fix COPYRIGHT tag, fix memory corruption, use qsort.
@
text
@$NetBSD: patch-ac,v 1.2 2005/05/27 14:20:36 jschauma Exp $

--- ./libexif/exif-data.c.orig	2005-03-12 21:27:13.000000000 -0500
+++ ./libexif/exif-data.c	2005-05-27 10:08:40.000000000 -0400
@@@@ -284,9 +284,10 @@@@
 }
 
 static void
-exif_data_load_data_content (ExifData *data, ExifContent *ifd,
+exif_data_load_data_content_recurse (ExifData *data, ExifContent *ifd,
 			     const unsigned char *d,
-			     unsigned int ds, unsigned int offset)
+				     unsigned int ds, unsigned int offset,
+				     unsigned int level)
 {
 	ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
 	ExifShort n;
@@@@ -296,6 +297,13 @@@@
 
 	if (!data || !data->priv) return;
 
+	if (level > 150)
+	  {
+	    exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+		      "Deep recursion in exif_data_load_data_content");
+	    return;
+	  }
+
 	/* Read the number of entries */
 	if (offset >= ds - 1) return;
 	n = exif_get_short (d + offset, data->priv->order);
@@@@ -320,18 +328,18 @@@@
 			switch (tag) {
 			case EXIF_TAG_EXIF_IFD_POINTER:
 				CHECK_REC (EXIF_IFD_EXIF);
-				exif_data_load_data_content (data,
-					data->ifd[EXIF_IFD_EXIF], d, ds, o);
+				exif_data_load_data_content_recurse (data,
+					data->ifd[EXIF_IFD_EXIF], d, ds, o, level + 1);
 				break;
 			case EXIF_TAG_GPS_INFO_IFD_POINTER:
 				CHECK_REC (EXIF_IFD_GPS);
-				exif_data_load_data_content (data,
-					data->ifd[EXIF_IFD_GPS], d, ds, o);
+				exif_data_load_data_content_recurse (data,
+					data->ifd[EXIF_IFD_GPS], d, ds, o, level + 1);
 				break;
 			case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
 				CHECK_REC (EXIF_IFD_INTEROPERABILITY);
-				exif_data_load_data_content (data,
-					data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o);
+				exif_data_load_data_content_recurse (data,
+					data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o, level + 1);
 				break;
 			case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
 				thumbnail_offset = o;
@@@@ -373,6 +381,14 @@@@
 }
 
 static void
+exif_data_load_data_content (ExifData *data, ExifContent *ifd,
+			     const unsigned char *d,
+			     unsigned int ds, unsigned int offset)
+{
+  exif_data_load_data_content_recurse (data, ifd, d, ds, offset, 0);
+}
+
+static void
 exif_data_save_data_content (ExifData *data, ExifContent *ifd,
 			     unsigned char **d, unsigned int *ds,
 			     unsigned int offset)
@


1.2
log
@don't return a value in a void function, just return.
This fixes the build for IRIX MIPSPro compilers, that actually bail out
on this condition with an error.
@
text
@d1 1
a1 1
$NetBSD: $
@


1.1
log
@Security fix:

"Matthias Clasen has reported a vulnerability in libexif, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an infinite recursion in the
"exif_data_load_data_content()" function and can be exploited to
cause a stack overflow when parsing a specially crafted image.

Successful exploitation may crash an application linked against the
vulnerable library."

Bump PKGREVISION.  Patch from:
http://sourceforge.net/tracker/index.php?func=detail&aid=1196787&group_id=12272&atid=112272
@
text
@d1 1
a1 1
$NetBSD$
d3 2
a4 2
--- libexif/exif-data.c.orig	2005-03-13 03:27:13.000000000 +0100
+++ libexif/exif-data.c	2005-05-13 13:48:13.000000000 +0200
d26 1
a26 1
+	    return 0;
@


1.1.2.1
log
@file patch-ac was added on branch pkgsrc-2005Q1 on 2005-05-13 11:57:59 +0000
@
text
@d1 71
@


1.1.2.2
log
@Pullup ticket 500 - requested by Lubomir Sedlacik
security fix for libexif

Revisions pulled up:
- pkgsrc/graphics/libexif/Makefile		1.24, 1.25
- pkgsrc/graphics/libexif/PLIST			1.12
- pkgsrc/graphics/libexif/distinfo		1.13, 1.14, 1.15
- pkgsrc/graphics/libexif/buildlink3.mk		1.7
- pkgsrc/graphics/libexif/patches/patch-aa	1.3
- pkgsrc/graphics/libexif/patches/patch-ab	1.3
- pkgsrc/graphics/libexif/patches/patch-ac	1.1

    Module Name:    pkgsrc
    Committed By:   adam
    Date:           Wed Apr 20 12:40:41 UTC 2005

    Modified Files:
            pkgsrc/graphics/libexif: Makefile PLIST distinfo
    Removed Files:
            pkgsrc/graphics/libexif/patches: patch-aa patch-ab

    Log Message:
    Changes 0.6.12:
      * Final fix of Ubuntu Security Notice USN-91-1 (CAN-2005-0664)
        https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152
      * Updated build system with cross compile capabilities
      * Small fixes:
        Fix tag order, use even offsets, improve Nikon&Olympus mnote tags.
----
    Module Name:    pkgsrc
    Committed By:   minskim
    Date:           Mon May  9 13:21:16 UTC 2005

    Modified Files:
            pkgsrc/graphics/libexif: distinfo
    Added Files:
            pkgsrc/graphics/libexif/patches: patch-aa patch-ab

    Log Message:
    Declare a static function in .c, not in .h.
----
    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Fri May 13 11:58:00 UTC 2005

    Modified Files:
            pkgsrc/graphics/libexif: Makefile buildlink3.mk distinfo
    Added Files:
            pkgsrc/graphics/libexif/patches: patch-ac

    Log Message:
    Security fix:

    "Matthias Clasen has reported a vulnerability in libexif, which can be
    exploited by malicious people to cause a DoS (Denial of Service).

    The vulnerability is caused due to an infinite recursion in the
    "exif_data_load_data_content()" function and can be exploited to
    cause a stack overflow when parsing a specially crafted image.

    Successful exploitation may crash an application linked against the
    vulnerable library."

    Bump PKGREVISION.  Patch from:
    http://sourceforge.net/tracker/index.php?func=detail&aid=1196787&group_id=12272&atid=112272
@
text
@a0 71
$NetBSD: patch-ac,v 1.1.2.1 2005/05/14 05:49:56 snj Exp $

--- libexif/exif-data.c.orig	2005-03-13 03:27:13.000000000 +0100
+++ libexif/exif-data.c	2005-05-13 13:48:13.000000000 +0200
@@@@ -284,9 +284,10 @@@@
 }
 
 static void
-exif_data_load_data_content (ExifData *data, ExifContent *ifd,
+exif_data_load_data_content_recurse (ExifData *data, ExifContent *ifd,
 			     const unsigned char *d,
-			     unsigned int ds, unsigned int offset)
+				     unsigned int ds, unsigned int offset,
+				     unsigned int level)
 {
 	ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
 	ExifShort n;
@@@@ -296,6 +297,13 @@@@
 
 	if (!data || !data->priv) return;
 
+	if (level > 150)
+	  {
+	    exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+		      "Deep recursion in exif_data_load_data_content");
+	    return 0;
+	  }
+
 	/* Read the number of entries */
 	if (offset >= ds - 1) return;
 	n = exif_get_short (d + offset, data->priv->order);
@@@@ -320,18 +328,18 @@@@
 			switch (tag) {
 			case EXIF_TAG_EXIF_IFD_POINTER:
 				CHECK_REC (EXIF_IFD_EXIF);
-				exif_data_load_data_content (data,
-					data->ifd[EXIF_IFD_EXIF], d, ds, o);
+				exif_data_load_data_content_recurse (data,
+					data->ifd[EXIF_IFD_EXIF], d, ds, o, level + 1);
 				break;
 			case EXIF_TAG_GPS_INFO_IFD_POINTER:
 				CHECK_REC (EXIF_IFD_GPS);
-				exif_data_load_data_content (data,
-					data->ifd[EXIF_IFD_GPS], d, ds, o);
+				exif_data_load_data_content_recurse (data,
+					data->ifd[EXIF_IFD_GPS], d, ds, o, level + 1);
 				break;
 			case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
 				CHECK_REC (EXIF_IFD_INTEROPERABILITY);
-				exif_data_load_data_content (data,
-					data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o);
+				exif_data_load_data_content_recurse (data,
+					data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o, level + 1);
 				break;
 			case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
 				thumbnail_offset = o;
@@@@ -373,6 +381,14 @@@@
 }
 
 static void
+exif_data_load_data_content (ExifData *data, ExifContent *ifd,
+			     const unsigned char *d,
+			     unsigned int ds, unsigned int offset)
+{
+  exif_data_load_data_content_recurse (data, ifd, d, ds, offset, 0);
+}
+
+static void
 exif_data_save_data_content (ExifData *data, ExifContent *ifd,
 			     unsigned char **d, unsigned int *ds,
 			     unsigned int offset)
@