Hello community, here is the log from the commit of package libexif.12855 for openSUSE:Leap:15.1:Update checked in at 2020-06-11 10:32:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/libexif.12855 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.libexif.12855.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libexif.12855" Thu Jun 11 10:32:59 2020 rev:1 rq:812460 version:0.6.22 Changes: -------- New Changes file: --- /dev/null 2020-05-28 02:28:09.919761697 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.libexif.12855.new.3606/libexif.changes 2020-06-11 10:33:00.588610636 +0200 @@ -0,0 +1,475 @@ +------------------------------------------------------------------- +Mon May 18 16:08:17 UTC 2020 - Marcus Meissner <[email protected]> + +- libexif-0.6.22 (2020-05-18) release: + * New translations: ms + * Updated translations for most languages + * Fixed C89 compatibility + * Fixed warnings on recent versions of autoconf + * Some useful EXIF 2.3 tag added: + * EXIF_TAG_GAMMA + * EXIF_TAG_COMPOSITE_IMAGE + * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE + * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE + * EXIF_TAG_GPS_H_POSITIONING_ERROR + * EXIF_TAG_CAMERA_OWNER_NAME + * EXIF_TAG_BODY_SERIAL_NUMBER + * EXIF_TAG_LENS_SPECIFICATION + * EXIF_TAG_LENS_MAKE + * EXIF_TAG_LENS_MODEL + * EXIF_TAG_LENS_SERIAL_NUMBER + * Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others. + * CVE-2018-20030: Fix for recursion DoS (bsc#1120943) + * CVE-2020-13114: Time consumption DoS when parsing canon array markers (bsc#1172121) + * CVE-2020-13113: Potential use of uninitialized memory (bsc#1172105) + * CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes (bsc#1172116) + * CVE-2020-0093: read overflow (bsc#1171847) + * CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs (bsc#1160770) + * CVE-2020-12767: fixed division by zero (bsc#1171475) + * CVE-2016-6328: fixed integer overflow when parsing maker notes (bsc#1171475) + * CVE-2017-7544: fixed buffer overread (bsc#1059893) +- removed patch: libexif-build-date.patch (done similar upstream) +- CVE-2016-6328.patch: in upstream release +- CVE-2017-7544.patch: in upstream release +- libexif-CVE-2018-20030.patch: in upstream release +- libexif-CVE-2019-9278.patch: in upstream release + +------------------------------------------------------------------- +Fri Jan 31 14:54:39 UTC 2020 - Marcus Meissner <[email protected]> + +- libexif-CVE-2019-9278.patch: fixed an integer overflow on large + file handling (bsc#1160770 CVE-2019-9278) +- libexif-CVE-2018-20030.patch: Fixed a denial of service by endless + recursion (bsc#1120943 CVE-2018-20030) + +------------------------------------------------------------------- +Wed Jan 24 11:36:21 UTC 2018 - [email protected] + +- Remove %__-type macro indirections. Fix SRPM group. +- Use %_smp_mflags for parallel build. +- Drop pointless --with-pic (no effect since --disable-static). + +------------------------------------------------------------------- +Wed Jan 17 09:32:25 UTC 2018 - [email protected] + +- Add CVE-2016-6328.patch: Fix integer overflow in parsing MNOTE + entry data of the input file (bnc#1055857) +- Add CVE-2017-7544.patch: Fix vulnerable out-of-bounds heap read + vulnerability (bnc#1059893) + +------------------------------------------------------------------- +Mon Aug 7 15:10:07 UTC 2017 - [email protected] + +- add a libexif-devel-biarch for building with -m32 + +------------------------------------------------------------------- +Tue Aug 26 11:37:30 UTC 2014 - [email protected] + +- Add obsoletes/provides to baselibs.conf. + +------------------------------------------------------------------- +Fri May 30 15:00:27 UTC 2014 - [email protected] + +- fix description to be UTF-8 + +------------------------------------------------------------------- +Mon May 26 20:55:15 UTC 2014 - [email protected] + +- Do not include timestamps in files (libexif-build-date.patch) + +------------------------------------------------------------------- +Sun May 25 20:14:49 UTC 2014 - [email protected] + +- Use LFS_CFLAGS in 32 bit systems. + +------------------------------------------------------------------- +Thu Jul 12 20:02:18 UTC 2012 - [email protected] + +- updated to 0.6.21 + * Fixed some buffer overflows in exif_entry_format_value() + This fixes CVE-2012-2814. Reported by Mateusz Jurczyk of + Google Security Team + * Fixed an off-by-one error in exif_convert_utf16_to_utf8() + This can cause a one-byte NUL write past the end of the buffer. + This fixes CVE-2012-2840 + * Don't read past the end of a tag when converting from UTF-16 + This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of + Google Security Team + * Fixed an out of bounds read on corrupted input + The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not, + NUL-terminated. + This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of + Google Security Team + * Fixed a buffer overflow problem in exif_entry_get_value + If the application passed in a buffer length of 0, then it would + be treated as the buffer had unlimited length. + This fixes CVE-2012-2841 + * Fix a buffer overflow on corrupt EXIF data. + This fixes bug #3434540 and fixes part of CVE-2012-2836 + Reported by Yunho Kim + * Fix a buffer overflow on corrupted JPEG data + An unsigned data length might wrap around when decremented + below zero, bypassing sanity checks on length. + This code path can probably only occur if exif_data_load_data() + is called directly by the application on data that wasn't parsed + by libexif itself. + This solves the other part of CVE-2012-2836 + * Fixed some possible division-by-zeros in Olympus-style makernotes + This fixes bug #3434545, a.k.a. CVE-2012-2837 + Reported by Yunho Kim + + * lots and lots of translations updates. + * added more Canon lenses. + * changed "knots" to "nautical miles" + +------------------------------------------------------------------- +Thu Dec 23 12:24:10 UTC 2010 - [email protected] + +- Provide/obsolete old libexif package name so that upgrade and + dependencies from other packages continue to work. + +------------------------------------------------------------------- +Fri Dec 17 15:41:00 CET 2010 - [email protected] + +- updated to 0.6.20 + * New translations: bs, tr + * Updated translations: be, cs, da, de, en_GB, en_CA, it, ja, nl, pl, pt_BR, + pt, ru, sk, sq, sr, sv, vi, zh_CN + * Fixed some problems in the write-exif.c example program + * Stop listing -lm as a required library for dynamic linking in libexif.pc + * Turned on the --enable-silent-rules configure option + * Changed a lot of strings to make the case of the text more consistent + * exif_entry_dump() now displays the correct tag name for GPS tags + * Fixed some invalid format specifiers that caused problems on some platforms + * Display rational numbers with the right number of significant figures +- shared library packaging policy , new package libexif12 + +------------------------------------------------------------------- +Sat Apr 24 09:49:02 UTC 2010 - [email protected] + +- buildrequire pkg-config to fix provides + +------------------------------------------------------------------- +Thu Dec 24 14:37:16 CET 2009 - [email protected] + +- package baselibs.conf + +------------------------------------------------------------------- +Sun Nov 15 15:03:53 CET 2009 - [email protected] + +- updated to 0.6.19 + * Fixed a heap buffer overflow during tag format conversion + * Updated and new translations + * Now using a binary search to make searching through the tag table faster + +- updated to 0.6.18 + * Updated and new translations + * Added some example programs + * libexif is now thread safe when the underlying C library is thread safe + and when each object allocated by libexif isn't used by more than one + thread simultaneously + * Expanded the Doxygen API documentation + * Access to the raw EXIF data through the ExifEntry structure members is + now officially documented + * Fixed some Olympus/Sanyo MakerNote interpretations + * Added support for Epson MakerNotes + * Fixed bug #1946138 to stop ignoring CFLAGS in the sqrt configure test + * Added remaining GPS tags from the EXIF 2.2 spec to the tag table + * Fixed the interpretation of some tags as being optional in IFD 1 + (to match the EXIF 2.2 spec) which stops them from being erroneously + removed from a file when EXIF_DATA_OPTION_IGNORE_UNKNOWN_TAGS is set + * Changed exif_tag_get_support_level_in_ifd() to return a value when possible + when the data type for the given EXIF data is unknown. This will cause + tags to be added or deleted when tag fixup is requested even, without a + data type being set. + * Added support for writing Pentax and Casio type2 MakerNotes + * Improved display of Pentax and Casio type2 MakerNotes + * Completely fixed bug #1617997 to display APEX values correctly + * Stopped some crashes due to read-beyond-buffer accesses in MakerNotes + * Don't abort MakerNote parsing after the first invalid tag + * Sped up exif_content_fix() + * Fixed negative exposure values in Canon makernotes (bug #2797280) + * New API entry point: exif_loader_get_buf() + +------------------------------------------------------------------- +Mon Jan 26 21:46:50 CET 2009 - [email protected] + +- remove "la" files ++++ 278 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.libexif.12855.new.3606/libexif.changes New: ---- baselibs.conf libexif-0.6.22.tar.bz2 libexif-0.6.22.tar.bz2.asc libexif.changes libexif.keyring libexif.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libexif.spec ++++++ # # spec file for package libexif # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: libexif Version: 0.6.22 Release: 0 Url: http://libexif.sourceforge.net Summary: An EXIF Tag Parsing Library for Digital Cameras License: LGPL-2.1+ Group: Development/Libraries/C and C++ BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: %{name}-%{version}.tar.bz2 Source2: %{name}-%{version}.tar.bz2.asc Source3: %name.keyring Source1: baselibs.conf BuildRequires: doxygen BuildRequires: pkg-config %define pname libexif12 %define debug_package_requires %{pname} = %{version}-%{release} %package -n %{pname} Summary: An EXIF Tag Parsing Library for Digital Cameras Group: System/Libraries Provides: libexif = %{version} Obsoletes: libexif < %{version} %description This library is used to parse EXIF information from JPEGs created by digital cameras. %description -n %{pname} This library is used to parse EXIF information from JPEGs created by digital cameras. %package devel Summary: An EXIF Tag Parsing Library for Digital Cameras (Development files) Group: Development/Libraries/C and C++ Requires: %{pname} = %{version} Requires: glibc-devel %description devel This library is used to parse EXIF information from JPEGs created by digital cameras. %prep %setup -q %build export CFLAGS="%optflags $(getconf LFS_CFLAGS)" %configure \ --disable-static \ --with-doc-dir=%{_docdir}/%{name} make %{?_smp_mflags} %check make check %install %makeinstall %find_lang %{name}-12 rm -f %{buildroot}/%{_libdir}/*.la %post -n %{pname} -p /sbin/ldconfig %postun -n %{pname} -p /sbin/ldconfig %files -n %{pname} -f %{name}-12.lang %defattr(-,root,root) %{_libdir}/*.so.* %files devel %defattr(-,root,root) %doc %{_docdir}/%{name} %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc %{_includedir}/* %changelog ++++++ baselibs.conf ++++++ libexif12 obsoletes "libexif-<targettype> < <version>" provides "libexif-<targettype> = <version>" libexif-devel -requires "libexif-<targettype>" requires "libexif12-<targettype> = <version>"
