Hello community, here is the log from the commit of package exiv2.12260 for openSUSE:Leap:15.1:Update checked in at 2020-04-08 20:18:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/exiv2.12260 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.exiv2.12260.new.3248 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exiv2.12260" Wed Apr 8 20:18:49 2020 rev:1 rq:791250 version:0.26 Changes: -------- New Changes file: --- /dev/null 2020-04-01 01:12:57.297512941 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.exiv2.12260.new.3248/exiv2.changes 2020-04-08 20:18:52.098442660 +0200 @@ -0,0 +1,834 @@ +------------------------------------------------------------------- +Tue Mar 24 16:51:29 UTC 2020 - Dirk Mueller <dmuel...@suse.com> + +- add 0001-Avoid-null-pointer-exception-due-to-NULL-return-valu.patch (bsc#1142684, CVE-2019-13114): + * fixes null-pointer dereference in http.c causing denial of service +- add 0001-IptcData-printStructure-Remove-buffer-overrun.patch (bsc#1088424, CVE-2018-9305): + * fixes an out-of-bounds read in IptcData::printStructure in iptc.c +- add 0001-Fix-SEGV-in-DataValue-Copy.patch (bsc#1109299, CVE-2018-17282): + * fixes null pointer dereference in Exiv2:DataValue:copy in value.cpp +- add 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch, + 0002-PSD-enforce-Length-of-image-resource-section-file-si.patch (CVE-2018-19108, bsc#1115364): + * fixes denial of service in Exiv2::PsdImage::readMetadata +- add 0001-Fix-561.-Use-proper-counter-for-the-idx-variable.patch (CVE-2018-19607, bsc#1117513): + * fixes a denial of service (NULL pointer dereference and application crash) + +------------------------------------------------------------------- +Tue Oct 16 16:08:55 UTC 2018 - Dirk Mueller <dmuel...@suse.com> + +- update to latest 0.26 branch: + * Fixes CVE-2018-12264, CVE-2018-12265 (bsc#1097599) + * Fixes CVE-2017-9239 (bsc#1040973): null pointer dereference in doWriteImage + * Fixes CVE-2018-17229 (bsc#1109175): (Heap buffer overflow in Exiv2::d2Data) + * Fixes CVE-2018-17230 (bsc#1109176): (heap-based buffer overflow in Exiv2::ul2Data) + * Fixes CVE-2017-1000126 (Stack out of bounds read in webp parser) (bsc#1068873) + +------------------------------------------------------------------- +Fri Jun 29 12:20:33 UTC 2018 - tchva...@suse.com + +- Fix build on python3 only system by making sure we use + python3 when building + +------------------------------------------------------------------- +Wed May 30 11:36:20 UTC 2018 - dmuel...@suse.com + +- update to latest 0.26 branch: + * obsoletes 0001-Use-more-GNUInstallDirs.patch + d4e4288d839d0d9546a05986771f8738c382060c.patch + gcc-version-check.patch + 7f5b0778fa301b68c1c88e3820ec3afbd09dd0a5.patch + fix-crash.patch + * adds exiv2-update-to-0.26-branch.patch + * Fixes CVE-2017-14864 (bsc#1060995), + CVE-2017-14862 (bsc#1060996), CVE-2017-14859 (bsc#1061000) + CVE-2017-14860 (bsc#1048883), CVE-2017-11337 (bsc#1048883), + CVE-2017-11338 (bsc#1048883), CVE-2017-11339 (bsc#1048883), + CVE-2017-11340 (bsc#1048883), CVE-2017-11553, + CVE-2017-12955 (bsc#1054593), CVE-2017-12956, + CVE-2017-12957, CVE-2017-11683, CVE-2017-11592, + CVE-2017-11591 (bsc#1050257) + +------------------------------------------------------------------- +Fri Nov 24 04:10:00 UTC 2017 - cf...@kde.org + +- split developer documentation into separate package + +------------------------------------------------------------------- +Tue Oct 17 09:34:26 UTC 2017 - dmuel...@suse.com + +- add 0001-Use-more-GNUInstallDirs.patch (bsc#938600) +- add d4e4288d839d0d9546a05986771f8738c382060c.patch ( + CVE-2017-14864 bsc#1060995, + CVE-2017-14862 bsc#1060996, + CVE-2017-14859 bsc#1061000) + +------------------------------------------------------------------- +Wed Aug 9 09:53:36 UTC 2017 - wba...@tmo.at + +- Add fix-crash.patch to prevent crashes in gwenview with certain + images (boo#1051782) +- Update source tarball to the fixed upstream re-release and remove + the workaround in the spec file +- Replace gcc-version-check.patch with the version committed + upstream + +------------------------------------------------------------------- +Tue Jul 4 09:09:22 UTC 2017 - wba...@tmo.at + +- Fix baselibs.conf + +------------------------------------------------------------------- +Fri Jun 30 14:49:55 UTC 2017 - wba...@tmo.at + +- Update to version 0.26 + * See http://www.exiv2.org/changelog.html +- Add gcc-version-check.patch to fix build on Tumbleweed +- Dropped the following upstreamed patches: + * exiv2-cmake-libsuffix.patch + * exiv2_r3889_r3890_fix_boo964344.diff + +------------------------------------------------------------------- +Thu May 5 11:53:59 UTC 2016 - suse-b...@cboltz.de + +- add exiv2_r3889_r3890_fix_boo964344.diff (taken from revisions linked + in http://dev.exiv2.org/issues/1106) to fix crash in darktable (boo#964344) + +------------------------------------------------------------------- +Wed Jul 15 15:03:47 UTC 2015 - jeng...@inai.de + +- Adjust RPM groups +- Put manpage in proper subpackage + +------------------------------------------------------------------- +Tue Jun 23 06:07:21 UTC 2015 - dmuel...@suse.com + +- readd parallel-build-dep.patch + +------------------------------------------------------------------- +Mon Jun 22 12:20:15 UTC 2015 - tittiatc...@gmail.com + +- Update to version 0.25 + * exivsimple has array index errors when stripping quotes form + trivial input strings + * Use SVN eol-style LF on all files + * Access violation on IptcData::operator[] when key is invalid + * PNG images with tiff tags throw exceptions + * Plasma kde crashes when specific jpeg is on the Desktop + * TIFF parser,Binary array elements should be decoded using the + Makernote's endianness, not that of the image + * Coverity scan : Issue CID 981992 , 981993 + * Wrong key name in output of addmodel sample + * Printing tags does not honor multi-byte label widths correctly + * Wrong ApertureValue written + * pyexiv2 fails on cifs shares on an Ubuntu client + * TIFF parser,Parse TIFF PageNumber + * Add new sample applications exifdata and exivvalue + * Add option -K Key (--key Key) to specify one or more keys to + output + * "exiv2 -eX" followed by "exiv2 -iX" produces invalid XMP + metadata packet + * Sony NEX Lens Information + * Handle Pentax makernotes in samsung-rebranded cameras + * Olympus XZ-1 FocusDistance incorrect + * Support Panasonic Makernote + * detection of Pentax DA 35/2.4 lens + * Canon EOS M EF-M lenses + * Lens matching on Canon + * Tamron 18-270 is not detected anymore + * Wrong aperture for Tamron 70-300? + * Recognize Samsung NX 10mm Fisheye + * Pentax/Sigma 24-70mm F2.8 IF EX DG HSM data + * See also http://www.exiv2.org/changelog.html + +- Dropped the following upstreamed patches: + * fix-overflow-in-info-tags-r3264.patch + * fix-video-timescale-handling.patch + * parallel-build-dep.patch + * fix-parallel-build.patch + +------------------------------------------------------------------- +Thu Jun 18 15:01:30 UTC 2015 - dims...@opensuse.org + +- Switch to cmake build system: there are various code snips that + use variables that are only defined in the cmake build system + (e.g. src/utils.cpp uses EXV_HAVE_UNISTD_H to include unistd.h, + which is not done with configure. With gcc5 this results now in + a failure, as unistd.h is no longer implicit). +- Add exiv2-cmake-libsuffix.patch: Install the library to lib64 on + the respective archs. + +------------------------------------------------------------------- +Sun May 24 13:29:40 UTC 2015 - ger...@hillier.de + +- add fix-video-timescale-handling.patch: Fix crash when scanning mp4 videos. + +------------------------------------------------------------------- +Tue May 12 10:18:32 UTC 2015 - dmuel...@suse.com + +- add parallel-build-dep.patch: Fix build dependencies + +------------------------------------------------------------------- +Mon Feb 9 00:34:20 UTC 2015 - nico.kru...@gmail.com + +- fix a Buffer Overflow in INFO tags of RIFFVIDEO.CPP + (fix-overflow-in-info-tags-r3264.patch) (CVE-2014-9449). + +------------------------------------------------------------------- +Mon May 26 20:46:15 UTC 2014 - crrodrig...@opensuse.org + +- Build with large file support in 32 bit systems. +- Ensure we do not use __DATE__ or __TIME__ anywhere + (exiv2-build-date.patch) +------------------------------------------------------------------- +Mon May 5 09:49:40 UTC 2014 - co...@suse.com + +- add fix-parallel-build.patch to fix -j, notified upstream about it + +------------------------------------------------------------------- +Mon Apr 14 18:32:06 UTC 2014 - ctri...@opensuse.org + +- Update to version 0.24 + * exiv2 (0.19-1) 00_hyphens_used_as_minus.diff + * (Reported with patch by Mark Purcell, fixed by Niels Kristian Bech Jensen) + * Video metadata support (Abhinav Badola for GSoC 2012) + * Samsung NX100 JPG exports have broken EXIF (Reported by Pascal de Bruijn) + * Warnings while compiling with g++4.5 + * (Reported by Sebastien Gilles, fixed by Robin Mills) + * For TIFF-like images, non-intrusive writing is not used when it should ++++ 637 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.exiv2.12260.new.3248/exiv2.changes New: ---- 0001-Avoid-null-pointer-exception-due-to-NULL-return-valu.patch 0001-Fix-561.-Use-proper-counter-for-the-idx-variable.patch 0001-Fix-SEGV-in-DataValue-Copy.patch 0001-IptcData-printStructure-Remove-buffer-overrun.patch 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch 0002-PSD-enforce-Length-of-image-resource-section-file-si.patch baselibs.conf exiv2-build-date.patch exiv2-update-to-0.26-branch.patch exiv2.changes exiv2.spec parallel-build-dep.patch v0.26.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exiv2.spec ++++++ # # spec file for package exiv2 # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: exiv2 Version: 0.26 Release: 0 Summary: Tool to access image Exif metadata License: GPL-2.0-or-later Group: Productivity/Graphics/Other URL: http://www.exiv2.org/ Source0: https://github.com/Exiv2/exiv2/archive/v0.26.tar.gz Source1: baselibs.conf Patch1: exiv2-build-date.patch Patch2: parallel-build-dep.patch # git diff --no-merges v0.26..upstream/0.26 Patch3: exiv2-update-to-0.26-branch.patch Patch4: 0001-Avoid-null-pointer-exception-due-to-NULL-return-valu.patch Patch5: 0001-IptcData-printStructure-Remove-buffer-overrun.patch Patch6: 0001-Fix-SEGV-in-DataValue-Copy.patch Patch7: 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch Patch8: 0002-PSD-enforce-Length-of-image-resource-section-file-si.patch Patch9: 0001-Fix-561.-Use-proper-counter-for-the-idx-variable.patch BuildRequires: autoconf BuildRequires: cmake BuildRequires: doxygen BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: gettext-devel # doxygen likes to have this BuildRequires: graphviz BuildRequires: libexpat-devel BuildRequires: libxslt BuildRequires: pkgconfig BuildRequires: python3-base BuildRequires: zlib-devel Recommends: %{name}-lang = %{version} %description Exiv2 is a command line utility to access image metadata from tags like Exif. %package -n libexiv2-26 Summary: Library to access image metadata Group: System/Libraries %description -n libexiv2-26 libexiv2 is a C++ library with a C compatibility interface to access image metadata, esp from Exif tags. %package -n libexiv2-devel Summary: Development Headers for Exiv2 Group: Development/Libraries/C and C++ Requires: libexiv2-26 = %{version} Requires: libstdc++-devel %description -n libexiv2-devel Exiv2 is a C++ library and a command line utility to access image metadata. %package -n libexiv2-doc Summary: Library to access image metadata - Documentation Group: System/Libraries %description -n libexiv2-doc libexiv2 is a C++ library with a C compatibility interface to access image metadata, esp from Exif tags. This package contains the developer documentation in HTML format. %lang_package %prep %setup -q %patch1 -p1 %patch2 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 # use python3 not env python sed -i -e 's:#! %{_bindir}/env python:#!%{_bindir}/python3:' doc/templates/gen.py %build export CXXFLAGS="%{optflags} $(getconf LFS_CFLAGS)" %cmake \ -DEXIV2_ENABLE_BUILD_PO:BOOL=ON \ -DEXIV2_ENABLE_BUILD_SAMPLES:BOOL=OFF make %{?_smp_mflags} make %{?_smp_mflags} doc %install %cmake_install %find_lang exiv2 %fdupes -s doc/html find %{buildroot} -type f -name "*.la" -delete -print rm -f %{buildroot}%{_libdir}/*.a rm %{buildroot}%{_libdir}/pkgconfig/exiv2.lsm %post -n libexiv2-26 -p /sbin/ldconfig %postun -n libexiv2-26 -p /sbin/ldconfig %files lang -f exiv2.lang %files %doc doc/ChangeLog doc/cmd.txt %{_bindir}/exiv2 %{_mandir}/man1/* %files -n libexiv2-26 %{_libdir}/libexiv2.so.* %files -n libexiv2-devel %{_includedir}/exiv2 %{_libdir}/libexiv2.so %{_libdir}/pkgconfig/exiv2.pc %files -n libexiv2-doc %doc doc/html %changelog ++++++ 0001-Avoid-null-pointer-exception-due-to-NULL-return-valu.patch ++++++ >From 4930814f688b194dc36b78fa050d97340c98c042 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse <k...@semmle.com> Date: Tue, 30 Apr 2019 11:15:06 +0100 Subject: [PATCH] Avoid null pointer exception due to NULL return value from strchr. This fixes #793. (cherry picked from commit ae20c30805b330275b2aa0303a42e1f2bbd53661) --- src/http.cpp | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/src/http.cpp b/src/http.cpp index 86b7ebb7..d9096a92 100644 --- a/src/http.cpp +++ b/src/http.cpp @@ -345,10 +345,14 @@ int Exiv2::http(Exiv2::Dictionary& request,Exiv2::Dictionary& response,std::stri // search for the body for ( size_t b = 0 ; bSearching && b < lengthof(blankLines) ; b++ ) { - if ( strstr(buffer,blankLines[b]) ) { + const char* blankLinePos = strstr(buffer,blankLines[b]); + if ( blankLinePos ) { bSearching = false ; - body = (int) ( strstr(buffer,blankLines[b]) - buffer ) + strlen(blankLines[b]) ; - status = atoi(strchr(buffer,' ')) ; + body = blankLinePos - buffer + strlen(blankLines[b]); + const char* firstSpace = strchr(buffer,' '); + if (firstSpace) { + status = atoi(firstSpace); + } } } @@ -358,9 +362,19 @@ int Exiv2::http(Exiv2::Dictionary& request,Exiv2::Dictionary& response,std::stri char N = '\n'; int i = 0 ; // initial byte in buffer while(buffer[i] == N ) i++; - h = strchr(h+i,N)+1; + h = strchr(h+i,N); + if (!h) { + status = 0; + break; + } + h++; response[""]=std::string(buffer+i).substr(0,h-buffer-2); - result = atoi(strchr(buffer,' ')); + const char* firstSpace = strchr(buffer,' '); + if ( !firstSpace ) { + status = 0; + break; + } + result = atoi(firstSpace); char* c = strchr(h,C); char* n = strchr(h,N); while ( c && n && c < n && h < buffer+body ) { -- 2.25.1 ++++++ 0001-Fix-561.-Use-proper-counter-for-the-idx-variable.patch ++++++ >From 39343557d154b12479fc69febe2ed6aee3f60173 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <pipon...@gmail.com> Date: Mon, 26 Nov 2018 14:24:14 +0100 Subject: [PATCH] Fix #561. Use proper counter for the idx variable (cherry picked from commit 6e42c1b55e0fc4f360cc56010b0ffe19aa6062d9) --- src/easyaccess.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/easyaccess.cpp b/src/easyaccess.cpp index cb9ddacf..97570fbc 100644 --- a/src/easyaccess.cpp +++ b/src/easyaccess.cpp @@ -161,7 +161,7 @@ namespace Exiv2 { std::ostringstream os; md_st->write(os, &ed); bool ok = false; - long st_val = parseLong(os.str(), ok); + const long st_val = parseLong(os.str(), ok); // SensivityType out of range or cannot be parsed properly if (!ok || st_val < 1 || st_val > 7) break; @@ -182,7 +182,7 @@ namespace Exiv2 { md = md_st; break; } - while (strcmp(sensKeys->keys[idx++], md_st->key().c_str()) != 0 && idx < cnt) {} + while (strcmp(sensKeys->keys[idx++], md_st->key().c_str()) != 0 && idx < sensKeys->count) {} } break; } -- 2.25.1 ++++++ 0001-Fix-SEGV-in-DataValue-Copy.patch ++++++ >From 43c3eb52b99b7cc48c59a5caa56368fb1b1b1885 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <pipon...@gmail.com> Date: Sat, 13 Oct 2018 10:04:30 +0200 Subject: [PATCH] Fix #457 (cherry picked from commit 670fb73dd5ee8acab90971c4878de29f9fc43a02) --- src/tiffimage.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/tiffimage.cpp b/src/tiffimage.cpp index 415c018f..fd5a4769 100644 --- a/src/tiffimage.cpp +++ b/src/tiffimage.cpp @@ -199,12 +199,16 @@ namespace Exiv2 { // read profile from the metadata Exiv2::ExifKey key("Exif.Image.InterColorProfile"); Exiv2::ExifData::iterator pos = exifData_.findKey(key); - if ( pos != exifData_.end() ) { - iccProfile_.alloc(pos->count()*pos->typeSize()); + if ( pos != exifData_.end() ) { + long size = pos->count() * pos->typeSize(); + if (size == 0) { + throw Error(kerFailedToReadImageData); + } + iccProfile_.alloc(size); pos->copy(iccProfile_.pData_,bo); } - } // TiffImage::readMetadata + } void TiffImage::writeMetadata() { -- 2.25.1 ++++++ 0001-IptcData-printStructure-Remove-buffer-overrun.patch ++++++ >From f9b4f4669e2d181a22235bbd3f108b55542abbb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cer...@cgc-instruments.com> Date: Fri, 6 Jul 2018 11:39:45 +0200 Subject: [PATCH] [IptcData::printStructure] Remove buffer overrun The loop condition will perform a range check correctly, but it will always dereference bytes[i], even if i is too large and fails the second check. => move the bytes[i] == 0x1c check into a if, after the range check was successfull (cherry picked from commit b2c3b61abcdb8e1a904e7c3f8b9f683c1b0b5668) --- src/iptc.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/iptc.cpp b/src/iptc.cpp index 99f5ee5b..fc3df043 100644 --- a/src/iptc.cpp +++ b/src/iptc.cpp @@ -359,7 +359,10 @@ namespace Exiv2 { while ( i < size-3 && bytes[i] != 0x1c ) i++; depth++; out << Internal::indent(depth) << "Record | DataSet | Name | Length | Data" << std::endl; - while ( bytes[i] == 0x1c && i < size-3 ) { + while ( i < size-3 ) { + if (bytes[i] != 0x1c) { + break; + } char buff[100]; uint16_t record = bytes[i+1]; uint16_t dataset = bytes[i+2]; -- 2.25.1 ++++++ 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch ++++++ >From 4e962f9b8ef1e90f1acc309db50207096c9a2a67 Mon Sep 17 00:00:00 2001 From: Luis Diaz Mas <pipon...@gmail.com> Date: Sun, 4 Nov 2018 22:33:03 +0100 Subject: [PATCH 1/2] PSD: Use Safe::add for preventing overflows in PSD files (cherry picked from commit 68966932510213b5656fcf433ab6d7e26f48e23b) --- src/psdimage.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/psdimage.cpp b/src/psdimage.cpp index 5f721c70..7c5beeff 100644 --- a/src/psdimage.cpp +++ b/src/psdimage.cpp @@ -38,6 +38,7 @@ EXIV2_RCSID("@(#) $Id$") #include "basicio.hpp" #include "error.hpp" #include "futils.hpp" +#include "safe_op.hpp" // + standard includes #include <string> @@ -233,7 +234,8 @@ namespace Exiv2 { readResourceBlock(resourceId, resourceSize); resourceSize = (resourceSize + 1) & ~1; // pad to even io_->seek(curOffset + resourceSize, BasicIo::beg); - resourcesLength -= (12 + resourceNameLength + resourceSize); + resourcesLength -= Safe::add(Safe::add(static_cast<uint32_t>(12), resourceNameLength), + resourceSize); } } // PsdImage::readMetadata -- 2.25.1 ++++++ 0002-PSD-enforce-Length-of-image-resource-section-file-si.patch ++++++ >From 4eb0b282dfb2ef14213903bdd7c026a8f732233f Mon Sep 17 00:00:00 2001 From: Luis Diaz Mas <pipon...@gmail.com> Date: Mon, 5 Nov 2018 13:30:18 +0100 Subject: [PATCH 2/2] PSD: enforce Length of image resource section < file size (cherry picked from commit b7c71f3ad0386cd7af3b73443c0615ada073f0d5) --- src/psdimage.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/psdimage.cpp b/src/psdimage.cpp index 7c5beeff..f7c6ef46 100644 --- a/src/psdimage.cpp +++ b/src/psdimage.cpp @@ -38,7 +38,9 @@ EXIV2_RCSID("@(#) $Id$") #include "basicio.hpp" #include "error.hpp" #include "futils.hpp" + #include "safe_op.hpp" +#include "enforce.hpp" // + standard includes #include <string> @@ -202,6 +204,8 @@ namespace Exiv2 { throw Error(3, "Photoshop"); } uint32_t resourcesLength = getULong(buf, bigEndian); + enforce(resourcesLength < io_->size(), Exiv2::kerCorruptedMetadata); + while (resourcesLength > 0) { if (io_->read(buf, 8) != 8) -- 2.25.1 ++++++ baselibs.conf ++++++ libexiv2-26 ++++++ exiv2-build-date.patch ++++++ diff -urB exiv2-trunk/config/Doxyfile new/config/Doxyfile --- exiv2-trunk/config/Doxyfile 2017-03-16 19:13:12.000000000 +0100 +++ new/config/Doxyfile 2017-05-07 13:03:56.000000000 +0200 @@ -981,7 +981,7 @@ # page will contain the date and time when the page was generated. Setting # this to NO can help when comparing the output of multiple runs. -HTML_TIMESTAMP = YES +HTML_TIMESTAMP = NO # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the diff -urB exiv2-trunk/samples/geotag.cpp new/samples/geotag.cpp --- exiv2-trunk/samples/geotag.cpp 2016-09-29 19:06:02.000000000 +0200 +++ new/samples/geotag.cpp 2017-05-07 13:04:39.000000000 +0200 @@ -667,7 +667,7 @@ int version(const char* program) { - printf("%s: %s %s\n",program,__DATE__,__TIME__); + printf("%s\n",program); return 0; } diff -urB exiv2-trunk/src/version.cpp new/src/version.cpp --- exiv2-trunk/src/version.cpp 2017-04-23 21:29:19.000000000 +0200 +++ new/src/version.cpp 2017-05-07 13:05:20.000000000 +0200 @@ -524,8 +524,6 @@ output(os,keys,"cplusplus" , __cplusplus); output(os,keys,"cplusplus11" , __cplusplus >= CPLUSPLUS11 ); output(os,keys,"version" , __VERSION__); - output(os,keys,"date" , __DATE__ ); - output(os,keys,"time" , __TIME__ ); output(os,keys,"svn" , SVN_VERSION); output(os,keys,"ssh" , EXV_USE_SSH); #if EXV_USE_CURL == 1 ++++++ exiv2-update-to-0.26-branch.patch ++++++ ++++ 3287 lines (skipped) ++++++ parallel-build-dep.patch ++++++ Index: src/Makefile =================================================================== --- src/Makefile.orig +++ src/Makefile @@ -170,7 +170,7 @@ CCLOBJ = $(CCSRC:.cpp=.lo) COBJ = $(CSRC:.c=.o) CLOBJ = $(CSRC:.c=.lo) -SRC = $(CCSRC) $(CSRC) +SRC = $(CCSRC) $(CSRC) $(EXIV2MAIN) HDR = $(CCHDR) rwlock.hpp OBJ = $(CCOBJ) $(COBJ) LOBJ = $(CCLOBJ) $(CLOBJ)