commit exiv2 for openSUSE:Factory

Thu, 12 Feb 2015 01:22:25 -0800 

Hello community,

here is the log from the commit of package exiv2 for openSUSE:Factory checked 
in at 2015-02-12 10:22:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/exiv2 (Old)
 and      /work/SRC/openSUSE:Factory/.exiv2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "exiv2"

Changes:
--------
--- /work/SRC/openSUSE:Factory/exiv2/exiv2.changes      2014-06-18 
07:49:18.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.exiv2.new/exiv2.changes 2015-02-12 
10:22:04.000000000 +0100
@@ -1,0 +2,6 @@
+Mon Feb  9 00:34:20 UTC 2015 - nico.kru...@gmail.com
+
+- fix a Buffer Overflow in INFO tags of RIFFVIDEO.CPP
+  (fix-overflow-in-info-tags-r3264.patch)
+
+-------------------------------------------------------------------

New:
----
  fix-overflow-in-info-tags-r3264.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ exiv2.spec ++++++
--- /var/tmp/diff_new_pack.p4njrL/_old  2015-02-12 10:22:05.000000000 +0100
+++ /var/tmp/diff_new_pack.p4njrL/_new  2015-02-12 10:22:05.000000000 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package exiv2
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -28,6 +28,8 @@
 # PATCH-FIX-UPSTREAM co...@suse.de -- broken Makefile, emailed A.Huggel
 Patch0:         fix-parallel-build.patch
 Patch1:         exiv2-build-date.patch
+# PATCH-FIX-UPSTREAM fix-overflow-in-info-tags-r3264.patch 
nico.kru...@gmail.com -- fix overflow in info tags from svn rev 3264, also 
fixes kde#340373
+Patch2:         fix-overflow-in-info-tags-r3264.patch
 BuildRequires:  doxygen
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
@@ -69,6 +71,7 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 export CXXFLAGS="%optflags $(getconf LFS_CFLAGS)"

++++++ fix-overflow-in-info-tags-r3264.patch ++++++
Index: exiv2-0.24/src/riffvideo.cpp
===================================================================
--- exiv2-0.24.orig/src/riffvideo.cpp   (revision 3201)
+++ exiv2-0.24/src/riffvideo.cpp        (revision 3264)
@@ -856,7 +856,7 @@
 
     void RiffVideo::infoTagsHandler()
     {
-        const long bufMinSize = 100;
+        const long bufMinSize = 10000;
         DataBuf buf(bufMinSize);
         buf.pData_[4] = '\0';
         io_->seek(-12, BasicIo::cur);
@@ -879,10 +879,14 @@
             if(infoSize >= 0) {
                 size -= infoSize;
                 io_->read(buf.pData_, infoSize);
+                if(infoSize < 4)
+                    buf.pData_[infoSize] = '\0';
             }
 
             if(tv)
                 xmpData_[exvGettext(tv->label_)] = buf.pData_;
+            else
+                continue;
         }
         io_->seek(cur_pos + size_external, BasicIo::beg);
     } // RiffVideo::infoTagsHandler
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to