Fix CVE-2017-7544:

https://sourceforge.net/p/libexif/bugs/130/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544

Patch copied from upstream bug tracker:

https://sourceforge.net/p/libexif/bugs/130/#489a

Index: libexif/exif-data.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
retrieving revision 1.131
diff -u -r1.131 exif-data.c
--- a/libexif/exif-data.c	12 Jul 2012 17:28:26 -0000	1.131
+++ b/libexif/exif-data.c	25 Jul 2017 21:34:06 -0000
@@ -255,6 +255,12 @@
 			exif_mnote_data_set_offset (data->priv->md, *ds - 6);
 			exif_mnote_data_save (data->priv->md, &e->data, &e->size);
 			e->components = e->size;
+			if (exif_format_get_size (e->format) != 1) {
+				/* e->format is taken from input code,
+				 * but we need to make sure it is a 1 byte
+				 * entity due to the multiplication below. */
+				e->format = EXIF_FORMAT_UNDEFINED;
+			}
 		}
 	}
 
ght'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=72db4e234d9d54bb763623fa92e826be163aff0f'>refs</a><a class='active' href='/guix/log/configure.ac'>log</a><a href='/guix/tree/configure.ac?id=72db4e234d9d54bb763623fa92e826be163aff0f'>tree</a><a href='/guix/commit/configure.ac?id=72db4e234d9d54bb763623fa92e826be163aff0f'>commit</a><a href='/guix/diff/configure.ac?id=72db4e234d9d54bb763623fa92e826be163aff0f'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/configure.ac'>
<input type='hidden' name='id' value='72db4e234d9d54bb763623fa92e826be163aff0f'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=72db4e234d9d54bb763623fa92e826be163aff0f'>root</a>/<a href='/guix/log/configure.ac?id=72db4e234d9d54bb763623fa92e826be163aff0f'>configure.ac</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/configure.ac?id=72db4e234d9d54bb763623fa92e826be163aff0f&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-03-11 18:42:09 +0100'>2020-03-11</span></td><td><a href='/guix/commit/configure.ac?id=e688c2df3924423b67892cc9939ca099c729d1cb'>build: Require Guile 2.2.3 or later.</a><span class='msg-avail'>...<span class='msg-tooltip'>* configure.ac: For 2.2.x, require 2.2.3 or later.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-01-17 17:14:20 +0100'>2020-01-17</span></td><td><a href='/guix/commit/configure.ac?id=7b2a47a702b7393cd968640079f8703c932d1405'>build: Allow builds with Guile 3.0.</a><span class='msg-avail'>...<span class='msg-tooltip'>* configure.ac: Add "3.0" in 'GUILE_PKG' invocation.
* doc/guix.texi (Requirements): Mention 3.0.x.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-11-09 00:36:53 +0100'>2019-11-09</span></td><td><a href='/guix/commit/configure.ac?id=c8364ebca82f39fc10ca8b578584b7d1ff546cb1'>build: Warn about etc/indent-code.el when Emacs is absent.</a><span class='msg-avail'>...<span class='msg-tooltip'>* configure.ac: Warn when 'emacs' is not found, and emit
'etc/indent-code.el' otherwise.

Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>zimoun</td></tr>
<tr><td><span title='2019-07-25 00:16:41 +0200'>2019-07-25</span></td><td><a href='/guix/commit/configure.ac?id=81c3dc32244a17241d74eea9fa265edfcb326f6d'>maint: Switch to Guile-JSON 3.x.</a><span class='msg-avail'>...<span class='msg-tooltip'>Guile-JSON 3.x is incompatible with Guile-JSON 1.x, which we relied on
until now: it maps JSON dictionaries to alists (instead of hash tables),
and JSON arrays to vectors (instead of lists).  This commit is about
adjusting all the existing code to this new mapping.

* m4/guix.m4 (GUIX_CHECK_GUILE_JSON): New macro.
* configure.ac: Use it.
* doc/guix.texi (Requirements): Mention the Guile-JSON version.
* guix/git-download.scm (git-fetch)[guile-json]: Use GUILE-JSON-3.
* guix/import/cpan.scm (string-&gt;license): Expect vectors instead of
lists.
(module-&gt;dist-name): Use 'json-fetch' instead of 'json-fetch-alist'.
(cpan-fetch): Likewise.
* guix/import/crate.scm (crate-fetch): Likewise, and call 'vector-&gt;list'
for DEPS.
* guix/import/gem.scm (rubygems-fetch): Likewise.
* guix/import/json.scm (json-fetch-alist): Remove.
* guix/import/pypi.scm (pypi-fetch): Use 'json-fetch' instead of
'json-fetch-alist'.
(latest-source-release, latest-wheel-release): Call 'vector-&gt;list' on
RELEASES.
* guix/import/stackage.scm (stackage-lts-info-fetch): Use 'json-fetch'
instead of 'json-fetch-alist'.
(lts-package-version): Use 'vector-&gt;list'.
* guix/import/utils.scm (hash-table-&gt;alist): Remove.
(alist-&gt;package): Pass 'vector-&gt;list' on the inputs fields, and default
to the empty vector.
* guix/scripts/import/json.scm (guix-import-json): Remove call to
'hash-table-&gt;alist'.
* guix/swh.scm (define-json-reader): Expect pair? or null? instead of
hash-table?.
[extract-field]: Use 'assoc-ref' instead of 'hash-ref'.
(json-&gt;branches): Use 'map' instead of 'hash-map-&gt;list'.
(json-&gt;checksums): Likewise.
(json-&gt;directory-entries, origin-visits): Call 'vector-&gt;list' on the
result of 'json-&gt;scm'.
* tests/import-utils.scm ("alist-&gt;package with dependencies"): New test.
* gnu/installer.scm (build-compiled-file)[builder]: Use GUILE-JSON-3.
* gnu/installer.scm (installer-program)[installer-builder]: Likewise.
* gnu/installer/locale.scm (iso639-&gt;iso639-languages): Use 'assoc-ref'
instead of 'hash-ref', and pass vectors through 'vector-&gt;list'.
(iso3166-&gt;iso3166-territories): Likewise.
* gnu/system/vm.scm (system-docker-image)[build]: Use GUILE-JSON-3.
* guix/docker.scm (manifest, config): Adjust for Guile-JSON 3.
* guix/scripts/pack.scm (docker-image)[build]: Use GUILE-JSON-3.
* guix/import/github.scm (fetch-releases-or-tags): Update docstring.
(latest-released-version): Use 'assoc-ref' instead of 'hash-ref'.  Pass
the result of 'fetch-releases-or-tags' to 'vector-&gt;list'.
* guix/import/launchpad.scm (latest-released-version): Likewise.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-05-06 23:21:33 +0200'>2019-05-06</span></td><td><a href='/guix/commit/configure.ac?id=fea338c6ca1922097fa233be85f424c152a4f507'>Add (guix lzlib).</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/lzlib.scm, tests/lzlib.scm: New files.
* Makefile.am (MODULES): Add guix/lzlib.scm.
(SCM_TESTS): Add tests/lzlib.scm.
* m4/guix.m4 (GUIX_LIBLZ_LIBDIR): New macro.
* configure.ac (LIBLZ_LIBDIR): Use it.  Define and substitute
'LIBLZ'.
* guix/config.scm.in (%liblz): New variable.
* guix/self.scm (make-config.scm): Add TODO comment.

Co-authored-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Pierre Neidhardt</td></tr>
<tr><td><span title='2019-04-17 11:53:53 +0200'>2019-04-17</span></td><td><a href='/guix/commit/configure.ac?id=f2d86ed0b3e371ee95cbc0098b7b2ccb757bc948'>build: No longer substitute 'LIBGCRYPT'.</a><span class='msg-avail'>...<span class='msg-tooltip'>This had become useless since ca719424455465fca4b872c371daf2a46de88b33.

* configure.ac (LIBGCRYPT): Remove.
* guix/config.scm.in (%libgcrypt): Remove.
</span></span></td><td>Ludovic Courtès</td></tr>