Hello community, here is the log from the commit of package libexif for openSUSE:12.2 checked in at 2012-07-31 14:04:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2/libexif (Old) and /work/SRC/openSUSE:12.2/.libexif.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libexif", Maintainer is "meiss...@suse.com" Changes: -------- --- /work/SRC/openSUSE:12.2/libexif/libexif.changes 2012-06-25 15:43:55.000000000 +0200 +++ /work/SRC/openSUSE:12.2/.libexif.new/libexif.changes 2012-07-31 14:10:42.000000000 +0200 @@ -1,0 +2,40 @@ +Tue Jul 17 15:33:36 UTC 2012 - meiss...@suse.com + +- updated to 0.6.21 + * Fixed some buffer overflows in exif_entry_format_value() + This fixes CVE-2012-2814. Reported by Mateusz Jurczyk of + Google Security Team + * Fixed an off-by-one error in exif_convert_utf16_to_utf8() + This can cause a one-byte NUL write past the end of the buffer. + This fixes CVE-2012-2840 + * Don't read past the end of a tag when converting from UTF-16 + This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of + Google Security Team + * Fixed an out of bounds read on corrupted input + The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not, + NUL-terminated. + This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of + Google Security Team + * Fixed a buffer overflow problem in exif_entry_get_value + If the application passed in a buffer length of 0, then it would + be treated as the buffer had unlimited length. + This fixes CVE-2012-2841 + * Fix a buffer overflow on corrupt EXIF data. + This fixes bug #3434540 and fixes part of CVE-2012-2836 + Reported by Yunho Kim + * Fix a buffer overflow on corrupted JPEG data + An unsigned data length might wrap around when decremented + below zero, bypassing sanity checks on length. + This code path can probably only occur if exif_data_load_data() + is called directly by the application on data that wasn't parsed + by libexif itself. + This solves the other part of CVE-2012-2836 + * Fixed some possible division-by-zeros in Olympus-style makernotes + This fixes bug #3434545, a.k.a. CVE-2012-2837 + Reported by Yunho Kim + + * lots and lots of translations updates. + * added more Canon lenses. + * changed "knots" to "nautical miles" + +------------------------------------------------------------------- Old: ---- libexif-0.6.20.tar.bz2 New: ---- libexif-0.6.21.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libexif.spec ++++++ --- /var/tmp/diff_new_pack.4HqA8u/_old 2012-07-31 14:10:45.000000000 +0200 +++ /var/tmp/diff_new_pack.4HqA8u/_new 2012-07-31 14:10:45.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package libexif (Version 0.6.20) +# spec file for package libexif # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,17 +15,16 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - Name: libexif -BuildRequires: doxygen pkg-config +BuildRequires: doxygen +BuildRequires: pkg-config Url: http://libexif.sourceforge.net +Summary: An EXIF Tag Parsing Library for Digital Cameras License: LGPL-2.1+ Group: System/Libraries -Summary: An EXIF Tag Parsing Library for Digital Cameras -Version: 0.6.20 -Release: 2 +Version: 0.6.21 +Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: %{name}-%{version}.tar.bz2 Source1: baselibs.conf @@ -36,7 +35,6 @@ %package -n %{pname} - Summary: An EXIF Tag Parsing Library for Digital Cameras Group: System/Libraries Provides: libexif = %{version} @@ -52,10 +50,10 @@ %package devel -License: LGPL-2.1+ -Group: Development/Libraries/C and C++ Summary: An EXIF Tag Parsing Library for Digital Cameras (Development files) -Requires: %{pname} = %{version} glibc-devel +Group: Development/Libraries/C and C++ +Requires: %{pname} = %{version} +Requires: glibc-devel %description devel This library is used to parse EXIF information from JPEGs created by ++++++ libexif-0.6.20.tar.bz2 -> libexif-0.6.21.tar.bz2 ++++++ ++++ 106386 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org