diff --git a/cve-2007-6351.patch b/cve-2007-6351.patch deleted file mode 100644 index c737981..0000000 --- a/cve-2007-6351.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 libexif-0.6.13/libexif/exif-loader.c ---- libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 2007-12-15 22:16:06.000000000 -0500 -+++ libexif-0.6.13/libexif/exif-loader.c 2007-12-15 22:16:42.000000000 -0500 -@@ -173,6 +173,9 @@ exif_loader_write (ExifLoader *eld, unsi - break; - } - -+ if (!len) -+ return 1; -+ - exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader", - "Scanning %i byte(s) of data...", len); - diff --git a/cve-2007-6352.patch b/cve-2007-6352.patch deleted file mode 100644 index b390546..0000000 --- a/cve-2007-6352.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up libexif-0.6.13/libexif/exif-data.c.cve-2007-6352 libexif-0.6.13/libexif/exif-data.c ---- libexif-0.6.13/libexif/exif-data.c.cve-2007-6352 2007-12-15 22:06:15.000000000 -0500 -+++ libexif-0.6.13/libexif/exif-data.c 2007-12-15 22:07:27.000000000 -0500 -@@ -285,10 +285,9 @@ static void - exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d, - unsigned int ds, ExifLong offset, ExifLong size) - { -- if (ds < offset + size) { -+ if ((ds < offset + size) || (offset < 0) || (size < 0) || (offset + size < offset)) { - exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", -- "Bogus thumbnail offset and size: %i < %i + %i.", -- (int) ds, (int) offset, (int) size); -+ "Bogus thumbnail offset and size"); - return; - } - if (data->data) diff --git a/libexif-0.6.12-gcc4.patch b/libexif-0.6.12-gcc4.patch deleted file mode 100644 index 3dfec4b..0000000 --- a/libexif-0.6.12-gcc4.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- libexif-0.6.12/libexif/exif-utils.c.gcc4 2005-03-28 16:40:50.000000000 -0500 -+++ libexif-0.6.12/libexif/exif-utils.c 2005-03-28 16:41:09.000000000 -0500 -@@ -83,7 +83,7 @@ - } - } - --static ExifSShort -+ExifSShort - exif_get_sshort (const unsigned char *buf, ExifByteOrder order) - { - if (!buf) return 0; diff --git a/libexif-0.6.12-odd.patch b/libexif-0.6.12-odd.patch deleted file mode 100644 index 89a8f02..0000000 --- a/libexif-0.6.12-odd.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- libexif-0.6.12/libexif/exif-data.c.odd 2005-04-24 22:39:24.611317000 -0400 -+++ libexif-0.6.12/libexif/exif-data.c 2005-04-24 22:39:49.290613000 -0400 -@@ -231,7 +231,7 @@ - * the offset must be an even number. If we need to introduce - * a padding byte, we set it to 0. - */ -- if (s & 1) *ds++; -+ if (s & 1) (*ds)++; - *d = exif_mem_realloc (data->priv->mem, *d, *ds); - if (!*d) { - EXIF_LOG_NO_MEMORY (data->priv->log, "ExifData", *ds); diff --git a/libexif-0.6.12-recurse.patch b/libexif-0.6.12-recurse.patch deleted file mode 100644 index acd1cae..0000000 --- a/libexif-0.6.12-recurse.patch +++ /dev/null @@ -1,70 +0,0 @@ ---- libexif-0.6.12/libexif/exif-data.c.recurse 2005-05-06 13:35:17.610294000 -0400 -+++ libexif-0.6.12/libexif/exif-data.c 2005-05-06 13:37:35.112654000 -0400 -@@ -284,9 +284,10 @@ - } - - static void --exif_data_load_data_content (ExifData *data, ExifContent *ifd, -- const unsigned char *d, -- unsigned int ds, unsigned int offset) -+exif_data_load_data_content_recurse (ExifData *data, ExifContent *ifd, -+ const unsigned char *d, -+ unsigned int ds, unsigned int offset, -+ unsigned int level) - { - ExifLong o, thumbnail_offset = 0, thumbnail_length = 0; - ExifShort n; -@@ -296,6 +297,13 @@ - - if (!data || !data->priv) return; - -+ if (level > 150) -+ { -+ exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", -+ "Deep recursion in exif_data_load_data_content"); -+ return 0; -+ } -+ - /* Read the number of entries */ - if (offset >= ds - 1) return; - n = exif_get_short (d + offset, data->priv->order); -@@ -320,18 +328,18 @@ - switch (tag) { - case EXIF_TAG_EXIF_IFD_POINTER: - CHECK_REC (EXIF_IFD_EXIF); -- exif_data_load_data_content (data, -- data->ifd[EXIF_IFD_EXIF], d, ds, o); -+ exif_data_load_data_content_recurse (data, -+ data->ifd[EXIF_IFD_EXIF], d, ds, o, level + 1); - break; - case EXIF_TAG_GPS_INFO_IFD_POINTER: - CHECK_REC (EXIF_IFD_GPS); -- exif_data_load_data_content (data, -- data->ifd[EXIF_IFD_GPS], d, ds, o); -+ exif_data_load_data_content_recurse (data, -+ data->ifd[EXIF_IFD_GPS], d, ds, o, level + 1); - break; - case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: - CHECK_REC (EXIF_IFD_INTEROPERABILITY); -- exif_data_load_data_content (data, -- data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o); -+ exif_data_load_data_content_recurse (data, -+ data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o, level + 1); - break; - case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: - thumbnail_offset = o; -@@ -373,6 +381,14 @@ - } - - static void -+exif_data_load_data_content (ExifData *data, ExifContent *ifd, -+ const unsigned char *d, -+ unsigned int ds, unsigned int offset) -+{ -+ exif_data_load_data_content_recurse (data, ifd, d, ds, offset, 0); -+} -+ -+static void - exif_data_save_data_content (ExifData *data, ExifContent *ifd, - unsigned char **d, unsigned int *ds, - unsigned int offset) diff --git a/libexif-0.6.13-dont-build-docs.patch b/libexif-0.6.13-dont-build-docs.patch deleted file mode 100644 index 7b4b671..0000000 --- a/libexif-0.6.13-dont-build-docs.patch +++ /dev/null @@ -1,54 +0,0 @@ ---- libexif-0.6.13/doc/Makefile.dont-build-docs 2007-01-16 12:07:31.000000000 -0500 -+++ libexif-0.6.13/doc/Makefile 2007-01-25 15:25:05.000000000 -0500 -@@ -204,7 +204,7 @@ - EXTRA_DIST = Doxyfile.in Doxyfile-internals.in README.apidocs $(HTML_APIDOC_DIR).tar.gz - doc_DATA = $(DOXYGEN_FILES) README.apidocs - CLEANFILES = $(DOXYGEN_FILES) $(DOXYGEN_STAMPS) --all: all-am -+all: - - .SUFFIXES: - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) -@@ -442,7 +442,7 @@ - rsync -avz --progress $(DOXYGEN_OUTPUT_DIR)/$(HTML_APIDOC_INTERNALS_DIR)/ sf:/home/users/h/hu/hun/libexif/htdocs/internals/ - ssh "sf" "find /home/groups/l/li/libexif/htdocs/internals /home/groups/l/li/libexif/htdocs/api \( -type d -exec chgrp libexif {} \; -exec chmod g+rwxs,a+rx {} \; \) -or \( -type f -exec chgrp libexif {} \; -exec chmod g+rw {} \; \( -name '*.html' -or -name '*.png' -or -name '*.php' -or -name '*.jpg' -or -name '*.css' -name '*.dot' -name '*.map' \) -exec chmod a+r {} \; \)" - --all-local: $(DOXYGEN_STAMPS) -+all-local: - - install-data-local: install-apidocs install-apidocs-internals - ---- libexif-0.6.13/doc/Makefile.in.dont-build-docs 2005-12-27 16:18:36.000000000 -0500 -+++ libexif-0.6.13/doc/Makefile.in 2007-01-25 15:31:12.000000000 -0500 -@@ -204,7 +204,7 @@ - EXTRA_DIST = Doxyfile.in Doxyfile-internals.in README.apidocs $(HTML_APIDOC_DIR).tar.gz - doc_DATA = $(DOXYGEN_FILES) README.apidocs - CLEANFILES = $(DOXYGEN_FILES) $(DOXYGEN_STAMPS) --all: all-am -+all: - - .SUFFIXES: - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) -@@ -415,11 +415,11 @@ - @HAVE_DOXYGEN_TRUE@$(HTML_APIDOC_INTERNALS_DIR).tar.gz: $(DOXYGEN_OUTPUT_DIR).stamp - @HAVE_DOXYGEN_TRUE@ (cd $(DOXYGEN_OUTPUT_DIR) && $(AMTAR) chof - $(HTML_APIDOC_INTERNALS_DIR) | GZIP=--best gzip -c) > $@ - --@HAVE_DOXYGEN_TRUE@install-apidocs-internals: $(HTML_APIDOC_INTERNALS_DIR).stamp -+@HAVE_DOXYGEN_TRUE@install-apidocs-internals: - @HAVE_DOXYGEN_TRUE@ $(INSTALL) -m 0755 -d $(DESTDIR)$(docdir)/$(DOC_APIDOC_INTERNALS_HTML) - @HAVE_DOXYGEN_TRUE@ $(INSTALL) -m 0644 $(DOXYGEN_OUTPUT_DIR)/$(HTML_APIDOC_INTERNALS_DIR)/* $(DESTDIR)$(docdir)/$(DOC_APIDOC_INTERNALS_HTML)/ - --@HAVE_DOXYGEN_TRUE@install-apidocs: $(HTML_APIDOC_DIR).stamp -+@HAVE_DOXYGEN_TRUE@install-apidocs: - @HAVE_DOXYGEN_TRUE@ $(INSTALL) -m 0755 -d $(DESTDIR)$(docdir)/$(DOC_APIDOC_HTML) - @HAVE_DOXYGEN_TRUE@ $(INSTALL) -m 0644 $(DOXYGEN_OUTPUT_DIR)/$(HTML_APIDOC_DIR)/* $(DESTDIR)$(docdir)/$(DOC_APIDOC_HTML)/ - -@@ -442,7 +442,7 @@ - @HAVE_DOXYGEN_TRUE@ rsync -avz --progress $(DOXYGEN_OUTPUT_DIR)/$(HTML_APIDOC_INTERNALS_DIR)/ sf:/home/users/h/hu/hun/libexif/htdocs/internals/ - @HAVE_DOXYGEN_TRUE@ ssh "sf" "find /home/groups/l/li/libexif/htdocs/internals /home/groups/l/li/libexif/htdocs/api \( -type d -exec chgrp libexif {} \; -exec chmod g+rwxs,a+rx {} \; \) -or \( -type f -exec chgrp libexif {} \; -exec chmod g+rw {} \; \( -name '*.html' -or -name '*.png' -or -name '*.php' -or -name '*.jpg' -or -name '*.css' -name '*.dot' -name '*.map' \) -exec chmod a+r {} \; \)" - --all-local: $(DOXYGEN_STAMPS) -+all-local: - - install-data-local: install-apidocs install-apidocs-internals - diff --git a/libexif-0.6.13-mock.patch b/libexif-0.6.13-mock.patch deleted file mode 100644 index bb21b85..0000000 --- a/libexif-0.6.13-mock.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- libexif-0.6.13/configure.mock 2006-05-24 00:25:09.000000000 -0400 -+++ libexif-0.6.13/configure 2006-05-24 00:26:21.000000000 -0400 -@@ -20365,17 +20365,8 @@ - echo "${ECHO_T}no" >&6 - fi - -- -- --if test "x$DOXYGEN" != "xfalse"; then -- HAVE_DOXYGEN_TRUE= -- HAVE_DOXYGEN_FALSE='#' --else -- HAVE_DOXYGEN_TRUE='#' -- HAVE_DOXYGEN_FALSE= --fi -- -- -+HAVE_DOXYGEN_TRUE='#' -+HAVE_DOXYGEN_FALSE= - - if test "x$DOT" != "xfalse"; then - HAVE_DOT_TRUE= diff --git a/libexif-cve-2007-4168.patch b/libexif-cve-2007-4168.patch deleted file mode 100644 index 3ee847d..0000000 --- a/libexif-cve-2007-4168.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- libexif-0.6.13/libexif/exif-data.c.cve-2007-4168 2005-08-22 16:32:02.000000000 -0400 -+++ libexif-0.6.13/libexif/exif-data.c 2007-06-12 12:14:35.000000000 -0400 -@@ -174,9 +174,15 @@ exif_data_load_data_entry (ExifData *dat - * Size? If bigger than 4 bytes, the actual data is not - * in the entry but somewhere else (offset). - */ -- s = exif_format_get_size (entry->format) * entry->components; -- if (!s) -- return 0; -+ /* {0,1,2,4,8} x { 0x00000000 .. 0xffffffff } -+ * -> { 0x000000000 .. 0x7fffffff8 } */ -+ s = exif_format_get_size(entry->format) * entry->components; -+ if (s < entry->components) { -+ return 0; -+ } -+ if (0 == s) -+ return 0; -+ - if (s > 4) - doff = exif_get_long (d + offset + 8, data->priv->order); - else diff --git a/libexif-integer-overflow.patch b/libexif-integer-overflow.patch deleted file mode 100644 index 8429035..0000000 --- a/libexif-integer-overflow.patch +++ /dev/null @@ -1,22 +0,0 @@ -Patch to prevent integer overflow that might result in out-of-bound -write in memcpy() #240055 - -Index: libexif/exif-data.c -=================================================================== -RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v -retrieving revision 1.89 -retrieving revision 1.90 -diff -u -p -r1.89 -r1.90 ---- libexif/exif-data.c 9 May 2007 06:09:05 -0000 1.89 -+++ libexif/exif-data.c 10 May 2007 14:32:01 -0000 1.90 -@@ -179,7 +179,9 @@ exif_data_load_data_entry (ExifData *dat - else - doff = offset + 8; - -- /* Sanity check */ -+ /* Sanity checks */ -+ if ((doff + s < doff) || (doff + s < s)) -+ return 0; - if (size < doff + s) - return 0; - diff --git a/olympus-byte-order.patch b/olympus-byte-order.patch deleted file mode 100644 index 282f2d0..0000000 --- a/olympus-byte-order.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -up libexif-0.6.15/libexif/olympus/exif-mnote-data-olympus.c.olympus-byte-order libexif-0.6.15/libexif/olympus/exif-mnote-data-olympus.c ---- libexif-0.6.15/libexif/olympus/exif-mnote-data-olympus.c.olympus-byte-order 2008-02-05 19:54:41.000000000 -0500 -+++ libexif-0.6.15/libexif/olympus/exif-mnote-data-olympus.c 2008-02-05 19:59:28.000000000 -0500 -@@ -230,6 +230,15 @@ exif_mnote_data_olympus_load (ExifMnoteD - else if (buf[o2 + 6 + 1] == 1) - n->order = EXIF_BYTE_ORDER_MOTOROLA; - o2 += 8; -+ if (o2 >= buf_size) return; -+ c = exif_get_short (buf + o2, n->order); -+ if ((!(c & 0xFF)) && (c > 0x500)) { -+ if (n->order == EXIF_BYTE_ORDER_INTEL) { -+ n->order = EXIF_BYTE_ORDER_MOTOROLA; -+ } else { -+ n->order = EXIF_BYTE_ORDER_INTEL; -+ } -+ } - - } else if (!memcmp (buf + o2, "OLYMPUS", 8)) { - /* Olympus S760, S770 */ -@@ -267,6 +276,16 @@ exif_mnote_data_olympus_load (ExifMnoteD - case nikonV1: - - base = MNOTE_NIKON1_TAG_BASE; -+ /* Fix endianness, if needed */ -+ if (o2 >= buf_size) return; -+ c = exif_get_short (buf + o2, n->order); -+ if ((!(c & 0xFF)) && (c > 0x500)) { -+ if (n->order == EXIF_BYTE_ORDER_INTEL) { -+ n->order = EXIF_BYTE_ORDER_MOTOROLA; -+ } else { -+ n->order = EXIF_BYTE_ORDER_INTEL; -+ } -+ } - break; - - case nikonV2: