commit libexif for openSUSE:Factory
Hello community, here is the log from the commit of package libexif for openSUSE:Factory checked in at 2020-05-26 17:49:29 Comparing /work/SRC/openSUSE:Factory/libexif (Old) and /work/SRC/openSUSE:Factory/.libexif.new.2738 (New) Package is "libexif" Tue May 26 17:49:29 2020 rev:43 rq:809029 version:0.6.22 Changes: --- /work/SRC/openSUSE:Factory/libexif/libexif.changes 2020-05-20 18:37:11.140195918 +0200 +++ /work/SRC/openSUSE:Factory/.libexif.new.2738/libexif.changes 2020-05-26 17:49:34.639914341 +0200 @@ -23,3 +23,3 @@ -* CVE-2020-13114: Time consumption DoS when parsing canon array markers -* CVE-2020-13113: Potential use of uninitialized memory -* CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes +* CVE-2020-13114: Time consumption DoS when parsing canon array markers (bsc#1172121) +* CVE-2020-13113: Potential use of uninitialized memory (bsc#1172105) +* CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes (bsc#1172116) Other differences: --
commit libexif for openSUSE:Factory
Hello community, here is the log from the commit of package libexif for openSUSE:Factory checked in at 2020-05-20 18:37:08 Comparing /work/SRC/openSUSE:Factory/libexif (Old) and /work/SRC/openSUSE:Factory/.libexif.new.2738 (New) Package is "libexif" Wed May 20 18:37:08 2020 rev:42 rq:807015 version:0.6.22 Changes: --- /work/SRC/openSUSE:Factory/libexif/libexif.changes 2018-01-26 13:57:38.874446928 +0100 +++ /work/SRC/openSUSE:Factory/.libexif.new.2738/libexif.changes 2020-05-20 18:37:11.140195918 +0200 @@ -1,0 +2,34 @@ +Mon May 18 16:08:17 UTC 2020 - Marcus Meissner + +- libexif-0.6.22 (2020-05-18) release: + * New translations: ms + * Updated translations for most languages + * Fixed C89 compatibility + * Fixed warnings on recent versions of autoconf + * Some useful EXIF 2.3 tag added: +* EXIF_TAG_GAMMA +* EXIF_TAG_COMPOSITE_IMAGE +* EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE +* EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE +* EXIF_TAG_GPS_H_POSITIONING_ERROR +* EXIF_TAG_CAMERA_OWNER_NAME +* EXIF_TAG_BODY_SERIAL_NUMBER +* EXIF_TAG_LENS_SPECIFICATION +* EXIF_TAG_LENS_MAKE +* EXIF_TAG_LENS_MODEL +* EXIF_TAG_LENS_SERIAL_NUMBER + * Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others. +* CVE-2018-20030: Fix for recursion DoS (bsc#1120943) +* CVE-2020-13114: Time consumption DoS when parsing canon array markers +* CVE-2020-13113: Potential use of uninitialized memory +* CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes +* CVE-2020-0093: read overflow (bsc#1171847) +* CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs (bsc#1160770) +* CVE-2020-12767: fixed division by zero (bsc#1171475) +* CVE-2016-6328: fixed integer overflow when parsing maker notes (bsc#1171475) +* CVE-2017-7544: fixed buffer overread (bsc#1059893) +- removed patch: libexif-build-date.patch (done similar upstream) +- CVE-2016-6328.patch: in upstream release +- CVE-2017-7544.patch: in upstream release + +--- Old: CVE-2016-6328.patch CVE-2017-7544.patch libexif-0.6.21.tar.bz2 libexif-build-date.patch New: libexif-0.6.22.tar.bz2 libexif-0.6.22.tar.bz2.asc libexif.keyring Other differences: -- ++ libexif.spec ++ --- /var/tmp/diff_new_pack.Ql6yXF/_old 2020-05-20 18:37:11.704197100 +0200 +++ /var/tmp/diff_new_pack.Ql6yXF/_new 2020-05-20 18:37:11.704197100 +0200 @@ -1,7 +1,7 @@ # # spec file for package libexif # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,23 +12,22 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: libexif -Version:0.6.21 +Version:0.6.22 Release:0 -Url:http://libexif.sourceforge.net +URL:http://libexif.sourceforge.net Summary:An EXIF Tag Parsing Library for Digital Cameras -License:LGPL-2.1+ +License:LGPL-2.1-or-later Group: Development/Libraries/C and C++ BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2 +Source0:%{name}-%{version}.tar.bz2 +Source2:%{name}-%{version}.tar.bz2.asc +Source3:%name.keyring Source1:baselibs.conf -Patch0: libexif-build-date.patch -Patch1: CVE-2016-6328.patch -Patch2: CVE-2017-7544.patch BuildRequires: doxygen BuildRequires: pkg-config @@ -62,9 +61,6 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p0 %build export CFLAGS="%optflags $(getconf LFS_CFLAGS)" ++ libexif-0.6.21.tar.bz2 -> libexif-0.6.22.tar.bz2 ++ 195809 lines of diff (skipped)
commit libexif for openSUSE:Factory
Hello community, here is the log from the commit of package libexif for openSUSE:Factory checked in at 2018-01-26 13:57:34 Comparing /work/SRC/openSUSE:Factory/libexif (Old) and /work/SRC/openSUSE:Factory/.libexif.new (New) Package is "libexif" Fri Jan 26 13:57:34 2018 rev:41 rq:568909 version:0.6.21 Changes: --- /work/SRC/openSUSE:Factory/libexif/libexif.changes 2017-08-21 11:33:30.116051941 +0200 +++ /work/SRC/openSUSE:Factory/.libexif.new/libexif.changes 2018-01-26 13:57:38.874446928 +0100 @@ -1,0 +2,15 @@ +Wed Jan 24 11:36:21 UTC 2018 - jeng...@inai.de + +- Remove %__-type macro indirections. Fix SRPM group. +- Use %_smp_mflags for parallel build. +- Drop pointless --with-pic (no effect since --disable-static). + +--- +Wed Jan 17 09:32:25 UTC 2018 - kbabi...@suse.com + +- Add CVE-2016-6328.patch: Fix integer overflow in parsing MNOTE + entry data of the input file (bnc#1055857) +- Add CVE-2017-7544.patch: Fix vulnerable out-of-bounds heap read + vulnerability (bnc#1059893) + +--- New: CVE-2016-6328.patch CVE-2017-7544.patch Other differences: -- ++ libexif.spec ++ --- /var/tmp/diff_new_pack.0Rx5Gz/_old 2018-01-26 13:57:40.206384740 +0100 +++ /var/tmp/diff_new_pack.0Rx5Gz/_new 2018-01-26 13:57:40.206384740 +0100 @@ -1,7 +1,7 @@ # # spec file for package libexif # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,25 +17,26 @@ Name: libexif -BuildRequires: doxygen -BuildRequires: pkg-config +Version:0.6.21 +Release:0 Url:http://libexif.sourceforge.net Summary:An EXIF Tag Parsing Library for Digital Cameras License:LGPL-2.1+ -Group: System/Libraries -Version:0.6.21 -Release:0 +Group: Development/Libraries/C and C++ BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2 Source1:baselibs.conf Patch0: libexif-build-date.patch +Patch1: CVE-2016-6328.patch +Patch2: CVE-2017-7544.patch +BuildRequires: doxygen +BuildRequires: pkg-config %define pname libexif12 %define debug_package_requires %{pname} = %{version}-%{release} %package -n %{pname} - Summary:An EXIF Tag Parsing Library for Digital Cameras Group: System/Libraries Provides: libexif = %{version} @@ -62,12 +63,15 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 +%patch2 -p0 + %build export CFLAGS="%optflags $(getconf LFS_CFLAGS)" -%configure --with-pic \ +%configure \ --disable-static \ --with-doc-dir=%{_docdir}/%{name} -%{__make} %{?jobs:-j%jobs} +make %{?_smp_mflags} %check make check @@ -75,7 +79,7 @@ %install %makeinstall %find_lang %{name}-12 -%{__rm} -f %{buildroot}%{_libdir}/*.la +rm -f %{buildroot}/%{_libdir}/*.la %post -n %{pname} -p /sbin/ldconfig ++ CVE-2016-6328.patch ++ >From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 From: Marcus MeissnerDate: Tue, 25 Jul 2017 23:44:44 +0200 Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax makernote entries. This should fix: https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 --- libexif/pentax/mnote-pentax-entry.c | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c index d03d159..ea0429a 100644 --- a/libexif/pentax/mnote-pentax-entry.c +++ b/libexif/pentax/mnote-pentax-entry.c @@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, case EXIF_FORMAT_SHORT: { const unsigned char *data = entry->data; - size_t k, len = strlen(val); + size_t k, len = strlen(val), sizeleft; + + sizeleft = entry->size; for(k=0; kcomponents; k++) { + if (sizeleft < 2) + break; vs = exif_get_short (data, entry->order); snprintf (val+len, maxlen-len, "%i ", vs); len = strlen(val); data += 2; + sizeleft -= 2;
commit libexif for openSUSE:Factory
Hello community, here is the log from the commit of package libexif for openSUSE:Factory checked in at 2017-08-21 11:33:23 Comparing /work/SRC/openSUSE:Factory/libexif (Old) and /work/SRC/openSUSE:Factory/.libexif.new (New) Package is "libexif" Mon Aug 21 11:33:23 2017 rev:40 rq:515431 version:0.6.21 Changes: --- /work/SRC/openSUSE:Factory/libexif/libexif.changes 2014-08-28 21:05:04.0 +0200 +++ /work/SRC/openSUSE:Factory/.libexif.new/libexif.changes 2017-08-21 11:33:30.116051941 +0200 @@ -1,0 +2,5 @@ +Mon Aug 7 15:10:07 UTC 2017 - meiss...@suse.com + +- add a libexif-devel-biarch for building with -m32 + +--- Other differences: -- ++ libexif.spec ++ --- /var/tmp/diff_new_pack.rC63fD/_old 2017-08-21 11:33:31.179902327 +0200 +++ /var/tmp/diff_new_pack.rC63fD/_new 2017-08-21 11:33:31.199899515 +0200 @@ -1,7 +1,7 @@ # # spec file for package libexif # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -77,9 +77,6 @@ %find_lang %{name}-12 %{__rm} -f %{buildroot}%{_libdir}/*.la -%clean -rm -rf $RPM_BUILD_ROOT - %post -n %{pname} -p /sbin/ldconfig %postun -n %{pname} -p /sbin/ldconfig ++ baselibs.conf ++ --- /var/tmp/diff_new_pack.rC63fD/_old 2017-08-21 11:33:31.339879828 +0200 +++ /var/tmp/diff_new_pack.rC63fD/_new 2017-08-21 11:33:31.351878141 +0200 @@ -1,3 +1,6 @@ libexif12 obsoletes "libexif- < " provides "libexif- = " +libexif-devel +-requires "libexif-" +requires "libexif12- = "
commit libexif for openSUSE:Factory
Hello community, here is the log from the commit of package libexif for openSUSE:Factory checked in at 2014-08-28 21:05:03 Comparing /work/SRC/openSUSE:Factory/libexif (Old) and /work/SRC/openSUSE:Factory/.libexif.new (New) Package is libexif Changes: --- /work/SRC/openSUSE:Factory/libexif/libexif.changes 2014-06-02 07:00:51.0 +0200 +++ /work/SRC/openSUSE:Factory/.libexif.new/libexif.changes 2014-08-28 21:05:04.0 +0200 @@ -1,0 +2,5 @@ +Tue Aug 26 11:37:30 UTC 2014 - fcro...@suse.com + +- Add obsoletes/provides to baselibs.conf. + +--- Other differences: -- ++ baselibs.conf ++ --- /var/tmp/diff_new_pack.fc9ysg/_old 2014-08-28 21:05:05.0 +0200 +++ /var/tmp/diff_new_pack.fc9ysg/_new 2014-08-28 21:05:05.0 +0200 @@ -1 +1,3 @@ libexif12 +obsoletes libexif-targettype version +provides libexif-targettype = version -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libexif for openSUSE:Factory
Hello community, here is the log from the commit of package libexif for openSUSE:Factory checked in at 2014-06-02 07:00:28 Comparing /work/SRC/openSUSE:Factory/libexif (Old) and /work/SRC/openSUSE:Factory/.libexif.new (New) Package is libexif Changes: --- /work/SRC/openSUSE:Factory/libexif/libexif.changes 2014-05-27 18:23:57.0 +0200 +++ /work/SRC/openSUSE:Factory/.libexif.new/libexif.changes 2014-06-02 07:00:51.0 +0200 @@ -1,0 +2,5 @@ +Fri May 30 15:00:27 UTC 2014 - opens...@dstoecker.de + +- fix description to be UTF-8 + +--- Other differences: -- ++ libexif.spec ++ --- /var/tmp/diff_new_pack.4Dpbz3/_old 2014-06-02 07:00:52.0 +0200 +++ /var/tmp/diff_new_pack.4Dpbz3/_new 2014-06-02 07:00:52.0 +0200 @@ -49,7 +49,6 @@ This library is used to parse EXIF information from JPEGs created by digital cameras. - %package devel Summary:An EXIF Tag Parsing Library for Digital Cameras (Development files) Group: Development/Libraries/C and C++ @@ -60,13 +59,6 @@ This library is used to parse EXIF information from JPEGs created by digital cameras. - - -Authors: - -Lutz M�ller l...@users.sourceforge.net -Curtis Galloway curt...@users.sourceforge.net - %prep %setup -q %patch0 -p1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libexif for openSUSE:Factory
Hello community, here is the log from the commit of package libexif for openSUSE:Factory checked in at 2014-05-27 18:23:40 Comparing /work/SRC/openSUSE:Factory/libexif (Old) and /work/SRC/openSUSE:Factory/.libexif.new (New) Package is libexif Changes: --- /work/SRC/openSUSE:Factory/libexif/libexif.changes 2012-07-13 11:31:56.0 +0200 +++ /work/SRC/openSUSE:Factory/.libexif.new/libexif.changes 2014-05-27 18:23:57.0 +0200 @@ -1,0 +2,10 @@ +Mon May 26 20:55:15 UTC 2014 - crrodrig...@opensuse.org + +- Do not include timestamps in files (libexif-build-date.patch) + +--- +Sun May 25 20:14:49 UTC 2014 - crrodrig...@opensuse.org + +- Use LFS_CFLAGS in 32 bit systems. + +--- New: libexif-build-date.patch Other differences: -- ++ libexif.spec ++ --- /var/tmp/diff_new_pack.OEmHYx/_old 2014-05-27 18:23:59.0 +0200 +++ /var/tmp/diff_new_pack.OEmHYx/_new 2014-05-27 18:23:59.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package libexif # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,6 +28,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2 Source1:baselibs.conf +Patch0: libexif-build-date.patch %define pname libexif12 @@ -68,8 +69,9 @@ %prep %setup -q - +%patch0 -p1 %build +export CFLAGS=%optflags $(getconf LFS_CFLAGS) %configure --with-pic \ --disable-static \ --with-doc-dir=%{_docdir}/%{name} ++ libexif-build-date.patch ++ --- libexif-0.6.21.orig/doc/Doxyfile-internals.in +++ libexif-0.6.21/doc/Doxyfile-internals.in @@ -1214,3 +1214,4 @@ DOT_CLEANUP= YES # used. If set to NO the values of all tags below this one will be ignored. SEARCHENGINE = NO +HTML_TIMESTAMP = NO --- libexif-0.6.21.orig/doc/Doxyfile.in +++ libexif-0.6.21/doc/Doxyfile.in @@ -1214,3 +1214,4 @@ DOT_CLEANUP= YES # used. If set to NO the values of all tags below this one will be ignored. SEARCHENGINE = NO +HTML_TIMESTAMP = NO -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libexif for openSUSE:Factory
Hello community, here is the log from the commit of package libexif for openSUSE:Factory checked in at 2012-07-13 11:31:52 Comparing /work/SRC/openSUSE:Factory/libexif (Old) and /work/SRC/openSUSE:Factory/.libexif.new (New) Package is libexif, Maintainer is meiss...@suse.com Changes: --- /work/SRC/openSUSE:Factory/libexif/libexif.changes 2011-09-23 02:08:11.0 +0200 +++ /work/SRC/openSUSE:Factory/.libexif.new/libexif.changes 2012-07-13 11:31:56.0 +0200 @@ -1,0 +2,40 @@ +Thu Jul 12 20:02:18 UTC 2012 - meiss...@suse.com + +- updated to 0.6.21 + * Fixed some buffer overflows in exif_entry_format_value() +This fixes CVE-2012-2814. Reported by Mateusz Jurczyk of +Google Security Team + * Fixed an off-by-one error in exif_convert_utf16_to_utf8() +This can cause a one-byte NUL write past the end of the buffer. +This fixes CVE-2012-2840 + * Don't read past the end of a tag when converting from UTF-16 +This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of +Google Security Team + * Fixed an out of bounds read on corrupted input +The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not, +NUL-terminated. +This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of +Google Security Team + * Fixed a buffer overflow problem in exif_entry_get_value +If the application passed in a buffer length of 0, then it would +be treated as the buffer had unlimited length. +This fixes CVE-2012-2841 + * Fix a buffer overflow on corrupt EXIF data. +This fixes bug #3434540 and fixes part of CVE-2012-2836 +Reported by Yunho Kim + * Fix a buffer overflow on corrupted JPEG data +An unsigned data length might wrap around when decremented +below zero, bypassing sanity checks on length. +This code path can probably only occur if exif_data_load_data() +is called directly by the application on data that wasn't parsed +by libexif itself. +This solves the other part of CVE-2012-2836 + * Fixed some possible division-by-zeros in Olympus-style makernotes +This fixes bug #3434545, a.k.a. CVE-2012-2837 +Reported by Yunho Kim + + * lots and lots of translations updates. + * added more Canon lenses. + * changed knots to nautical miles + +--- Old: libexif-0.6.20.tar.bz2 New: libexif-0.6.21.tar.bz2 Other differences: -- ++ libexif.spec ++ --- /var/tmp/diff_new_pack.8pcfmQ/_old 2012-07-13 11:32:00.0 +0200 +++ /var/tmp/diff_new_pack.8pcfmQ/_new 2012-07-13 11:32:00.0 +0200 @@ -1,7 +1,7 @@ # -# spec file for package libexif (Version 0.6.20) +# spec file for package libexif # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,19 +15,18 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - Name: libexif -BuildRequires: doxygen pkg-config +BuildRequires: doxygen +BuildRequires: pkg-config Url:http://libexif.sourceforge.net +Summary:An EXIF Tag Parsing Library for Digital Cameras License:LGPL-2.1+ Group: System/Libraries -Summary:An EXIF Tag Parsing Library for Digital Cameras -Version:0.6.20 -Release:2 +Version:0.6.21 +Release:0 BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0:%{name}-%{version}.tar.bz2 +Source0: https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2 Source1:baselibs.conf %define pname libexif12 @@ -36,7 +35,6 @@ %package -n %{pname} - Summary:An EXIF Tag Parsing Library for Digital Cameras Group: System/Libraries Provides: libexif = %{version} @@ -52,10 +50,10 @@ %package devel -License:LGPL-2.1+ -Group: Development/Libraries/C and C++ Summary:An EXIF Tag Parsing Library for Digital Cameras (Development files) -Requires: %{pname} = %{version} glibc-devel +Group: Development/Libraries/C and C++ +Requires: %{pname} = %{version} +Requires: glibc-devel %description devel This library is used to parse EXIF information from JPEGs created by ++ libexif-0.6.20.tar.bz2 - libexif-0.6.21.tar.bz2 ++ 106386 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org