Hello community, here is the log from the commit of package libexif for openSUSE:Leap:15.2 checked in at 2020-06-10 16:49:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/libexif (Old) and /work/SRC/openSUSE:Leap:15.2/.libexif.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libexif" Wed Jun 10 16:49:44 2020 rev:18 rq:812648 version:0.6.22 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/libexif/libexif.changes 2020-03-02 17:21:30.554082090 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.libexif.new.3606/libexif.changes 2020-06-10 16:49:45.476333540 +0200 @@ -1,0 +2,36 @@ +Mon May 18 16:08:17 UTC 2020 - Marcus Meissner <meiss...@suse.com> + +- libexif-0.6.22 (2020-05-18) release: + * New translations: ms + * Updated translations for most languages + * Fixed C89 compatibility + * Fixed warnings on recent versions of autoconf + * Some useful EXIF 2.3 tag added: + * EXIF_TAG_GAMMA + * EXIF_TAG_COMPOSITE_IMAGE + * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE + * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE + * EXIF_TAG_GPS_H_POSITIONING_ERROR + * EXIF_TAG_CAMERA_OWNER_NAME + * EXIF_TAG_BODY_SERIAL_NUMBER + * EXIF_TAG_LENS_SPECIFICATION + * EXIF_TAG_LENS_MAKE + * EXIF_TAG_LENS_MODEL + * EXIF_TAG_LENS_SERIAL_NUMBER + * Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others. + * CVE-2018-20030: Fix for recursion DoS (bsc#1120943) + * CVE-2020-13114: Time consumption DoS when parsing canon array markers (bsc#1172121) + * CVE-2020-13113: Potential use of uninitialized memory (bsc#1172105) + * CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes (bsc#1172116) + * CVE-2020-0093: read overflow (bsc#1171847) + * CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs (bsc#1160770) + * CVE-2020-12767: fixed division by zero (bsc#1171475) + * CVE-2016-6328: fixed integer overflow when parsing maker notes (bsc#1171475) + * CVE-2017-7544: fixed buffer overread (bsc#1059893) +- removed patch: libexif-build-date.patch (done similar upstream) +- CVE-2016-6328.patch: in upstream release +- CVE-2017-7544.patch: in upstream release +- libexif-CVE-2018-20030.patch: in upstream release +- libexif-CVE-2019-9278.patch: in upstream release + +------------------------------------------------------------------- Old: ---- CVE-2016-6328.patch CVE-2017-7544.patch libexif-0.6.21.tar.bz2 libexif-CVE-2018-20030.patch libexif-CVE-2019-9278.patch libexif-build-date.patch New: ---- libexif-0.6.22.tar.bz2 libexif-0.6.22.tar.bz2.asc libexif.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libexif.spec ++++++ --- /var/tmp/diff_new_pack.rCsDmv/_old 2020-06-10 16:49:45.944334897 +0200 +++ /var/tmp/diff_new_pack.rCsDmv/_new 2020-06-10 16:49:45.944334897 +0200 @@ -17,20 +17,17 @@ Name: libexif -Version: 0.6.21 +Version: 0.6.22 Release: 0 Url: http://libexif.sourceforge.net Summary: An EXIF Tag Parsing Library for Digital Cameras License: LGPL-2.1+ Group: Development/Libraries/C and C++ BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2 +Source0: %{name}-%{version}.tar.bz2 +Source2: %{name}-%{version}.tar.bz2.asc +Source3: %name.keyring Source1: baselibs.conf -Patch0: libexif-build-date.patch -Patch1: CVE-2016-6328.patch -Patch2: CVE-2017-7544.patch -Patch3: libexif-CVE-2018-20030.patch -Patch4: libexif-CVE-2019-9278.patch BuildRequires: doxygen BuildRequires: pkg-config @@ -64,11 +61,6 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p0 -%patch3 -p1 -%patch4 -p1 %build export CFLAGS="%optflags $(getconf LFS_CFLAGS)" ++++++ libexif-0.6.21.tar.bz2 -> libexif-0.6.22.tar.bz2 ++++++ ++++ 195809 lines of diff (skipped)