Github messages for voidlinux
 help / color / mirror / Atom feed
* [PR PATCH] jhead: update to 3.0.4
@ 2021-01-17 15:49 UsernameRandomlyGenerated
  2021-01-19 23:23 ` [PR PATCH] [Merged]: " ericonr
  0 siblings, 1 reply; 2+ messages in thread
From: UsernameRandomlyGenerated @ 2021-01-17 15:49 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 381 bytes --]

There is a new pull request by UsernameRandomlyGenerated against master on the void-packages repository

https://github.com/UsernameRandomlyGenerated/void-packages jhead
https://github.com/void-linux/void-packages/pull/27982

jhead: update to 3.0.4
CVEs were fixed so I'm deleting patches.

A patch file from https://github.com/void-linux/void-packages/pull/27982.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-jhead-27982.patch --]
[-- Type: text/x-diff, Size: 3350 bytes --]

From 4b6d5802ac32152f56c5cb5a58f2e9e84f6bc903 Mon Sep 17 00:00:00 2001
From: UsernameRandomlyGenerated <coredavid@tutanota.com>
Date: Sun, 17 Jan 2021 16:43:49 +0100
Subject: [PATCH] jhead: update to 3.0.4

---
 srcpkgs/jhead/patches/CVE-2018-16554.patch | 20 ----------------
 srcpkgs/jhead/patches/CVE-2018-17088.patch | 27 ----------------------
 srcpkgs/jhead/template                     |  4 ++--
 3 files changed, 2 insertions(+), 49 deletions(-)
 delete mode 100644 srcpkgs/jhead/patches/CVE-2018-16554.patch
 delete mode 100644 srcpkgs/jhead/patches/CVE-2018-17088.patch

diff --git a/srcpkgs/jhead/patches/CVE-2018-16554.patch b/srcpkgs/jhead/patches/CVE-2018-16554.patch
deleted file mode 100644
index ba47806e370..00000000000
--- a/srcpkgs/jhead/patches/CVE-2018-16554.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-From: Ludovic Rousseau <rousseau@debian.org>
-Date: Sat Sep  8 16:19:07 CEST 2018
-Subject: fix heap buffer overflow
-
-Bug-Debian: https://bugs.debian.org/908176
-Description: Fix CVE-2018-16554
-
---- gpsinfo.c
-+++ gpsinfo.c
-@@ -162,7 +162,8 @@
-                 break;
- 
-             case TAG_GPS_ALT:
--                sprintf(ImageInfo.GpsAlt + 1, "%.2fm", 
-+                snprintf(ImageInfo.GpsAlt + 1, sizeof(ImageInfo.GpsAlt) -1,
-+                    "%.2fm",
-                     ConvertAnyFormat(ValuePtr, Format));
-                 break;
-         }
-
diff --git a/srcpkgs/jhead/patches/CVE-2018-17088.patch b/srcpkgs/jhead/patches/CVE-2018-17088.patch
deleted file mode 100644
index 733c7f31bf1..00000000000
--- a/srcpkgs/jhead/patches/CVE-2018-17088.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Ludovic Rousseau <rousseau@debian.org>
-Date: Wed Sep  5 15:32:00 CEST 2018
-Subject: Fix heap buffer overflow
-
-Bug-Debian: http://bugs.debian.org/907925
-Description: Fix CVE-2018-17088
-
---- gpsinfo.c
-+++ gpsinfo.c
-@@ -4,6 +4,7 @@
- // Matthias Wandel,  Dec 1999 - Dec 2002 
- //--------------------------------------------------------------------------
- #include "jhead.h"
-+#include <stdint.h>
- 
- #define MAX_GPS_TAG 0x1e
- 
-@@ -101,7 +102,7 @@
-             unsigned OffsetVal;
-             OffsetVal = Get32u(DirEntry+8);
-             // If its bigger than 4 bytes, the dir entry contains an offset.
--            if (OffsetVal+ByteCount > ExifLength){
-+            if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){
-                 // Bogus pointer offset and / or bytecount value
-                 ErrNonfatal("Illegal value pointer for Exif gps tag %04x", Tag,0);
-                 continue;
-
diff --git a/srcpkgs/jhead/template b/srcpkgs/jhead/template
index facb6bc2d7d..e6774d93ea9 100644
--- a/srcpkgs/jhead/template
+++ b/srcpkgs/jhead/template
@@ -1,6 +1,6 @@
 # Template file for 'jhead'
 pkgname=jhead
-version=3.03
+version=3.04
 revision=1
 build_style=gnu-makefile
 short_desc="Display and manipulate EXIF header of JPEG images"
@@ -8,7 +8,7 @@ maintainer="Oliver Kiddle <okiddle@yahoo.co.uk>"
 license="Public Domain"
 homepage="http://www.sentex.net/~mwandel/jhead/"
 distfiles="${homepage}/jhead-${version}.tar.gz"
-checksum=82194e0128d9141038f82fadcb5845391ca3021d61bc00815078601619f6c0c2
+checksum=ef89bbcf4f6c25ed88088cf242a47a6aedfff4f08cc7dc205bf3e2c0f10a03c9
 
 post_extract() {
 	sed -i -e 's,/local,,' -e '/CC.*-o/s/$/ $(LDFLAGS)/' makefile

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [PR PATCH] [Merged]: jhead: update to 3.0.4
  2021-01-17 15:49 [PR PATCH] jhead: update to 3.0.4 UsernameRandomlyGenerated
@ 2021-01-19 23:23 ` ericonr
  0 siblings, 0 replies; 2+ messages in thread
From: ericonr @ 2021-01-19 23:23 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 196 bytes --]

There's a merged pull request on the void-packages repository

jhead: update to 3.0.4
https://github.com/void-linux/void-packages/pull/27982

Description:
CVEs were fixed so I'm deleting patches.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-01-19 23:23 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-17 15:49 [PR PATCH] jhead: update to 3.0.4 UsernameRandomlyGenerated
2021-01-19 23:23 ` [PR PATCH] [Merged]: " ericonr

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).