[gentoo-commits] repo/gentoo:master commit in: media-gfx/exif/files/, media-gfx/exif/

[gentoo-commits] repo/gentoo:master commit in: media-gfx/exif/files/, media-gfx/exif/

[Sam James]

commit:     bd33507695886a6e0936f556cf6ec9de7595e7f9
Author:     Federico Denkena <federico.denkena <AT> posteo <DOT> de>
AuthorDate: Thu Jul  7 20:36:01 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jul  8 22:14:34 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd335076

media-gfx/exif: Security fix for CVE-2021-27815

This commit adds two patches from upstream and bumps the revision.

Bug: https://bugs.gentoo.org/783522
Signed-off-by: Federico Denkena <federico.denkena <AT> posteo.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 media-gfx/exif/exif-0.6.22-r1.ebuild               | 31 +++++++++++++++++
 .../files/exif-0.6.22-empty-string-check.patch     | 40 ++++++++++++++++++++++
 2 files changed, 71 insertions(+)

diff --git a/media-gfx/exif/exif-0.6.22-r1.ebuild b/media-gfx/exif/exif-0.6.22-r1.ebuild
new file mode 100644
index 000000000000..fd7f812a2eb9
--- /dev/null
+++ b/media-gfx/exif/exif-0.6.22-r1.ebuild
@@ -0,0 +1,31 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DESCRIPTION="Small CLI util to show EXIF infos hidden in JPEG files"
+HOMEPAGE="https://libexif.github.io/ https://github.com/libexif/exif"
+SRC_URI="https://github.com/lib${PN}/${PN}/releases/download/${PN}-${PV//./_}-release/${P}.tar.gz"
+
+LICENSE="LGPL-2+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE="nls"
+
+BDEPEND="
+	virtual/pkgconfig
+	nls? ( sys-devel/gettext )
+"
+DEPEND="
+	dev-libs/popt
+	>=media-libs/libexif-${PV}
+"
+RDEPEND="${DEPEND}"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-empty-string-check.patch
+)
+
+src_configure() {
+	econf $(use_enable nls)
+}

diff --git a/media-gfx/exif/files/exif-0.6.22-empty-string-check.patch b/media-gfx/exif/files/exif-0.6.22-empty-string-check.patch
new file mode 100644
index 000000000000..377e905940b5
--- /dev/null
+++ b/media-gfx/exif/files/exif-0.6.22-empty-string-check.patch
@@ -0,0 +1,40 @@
+https://bugs.gentoo.org/783522
+
+Source: https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c.patch
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Thu, 25 Feb 2021 08:31:53 +0100
+Subject: [PATCH] added empty strign check, which would lead to NULL ptr
+ deref/crash in exif XML display. fixes
+ https://github.com/libexif/exif/issues/4
+
+--- a/exif/actions.c
++++ b/exif/actions.c
+@@ -661,6 +661,8 @@ escape_xml(const char *text)
+ 	char *out;
+ 	size_t len;
+ 
++	if (!strlen(text)) return "empty string";
++
+ 	for (out=escaped, len=0; *text; ++len, ++out, ++text) {
+ 		/* Make sure there's plenty of room for a quoted character */
+ 		if ((len + 8) > escaped_size) {
+
+Source: https://github.com/libexif/exif/commit/eb84b0e3c5f2a86013b6fcfb800d187896a648fa.patch
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Thu, 25 Feb 2021 09:45:36 +0100
+Subject: [PATCH] actually return empty stringand not 'em,pty string' as
+ expected
+
+--- a/exif/actions.c
++++ b/exif/actions.c
+@@ -661,7 +661,7 @@ escape_xml(const char *text)
+ 	char *out;
+ 	size_t len;
+
+-	if (!strlen(text)) return "empty string";
++	if (!strlen(text)) return "";
+
+ 	for (out=escaped, len=0; *text; ++len, ++out, ++text) {
+ 		/* Make sure there's plenty of room for a quoted character */
+
+