Accepting request 127809 from graphics

- updated to 0.6.21 * Fixed some buffer overflows in exif_entry_format_value() This fixes CVE-2012-2814. Reported by Mateusz Jurczyk of Google Security Team * Fixed an off-by-one error in exif_convert_utf16_to_utf8() This can cause a one-byte NUL write past the end of the buffer. This fixes CVE-2012-2840 * Don't read past the end of a tag when converting from UTF-16 This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of Google Security Team * Fixed an out of bounds read on corrupted input The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not, NUL-terminated. This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of Google Security Team * Fixed a buffer overflow problem in exif_entry_get_value If the application passed in a buffer length of 0, then it would be treated as the buffer had unlimited length. This fixes CVE-2012-2841 * Fix a buffer overflow on corrupt EXIF data. This fixes bug #3434540 and fixes part of CVE-2012-2836 Reported by Yunho Kim * Fix a buffer overflow on corrupted JPEG data An unsigned data length might wrap around when decremented below zero, bypassing sanity checks on length. This code path can probably only occur if exif_data_load_data() is called directly by the application on data that wasn't parsed by libexif itself. This solves the other part of CVE-2012-2836 * Fixed some possible division-by-zeros in Olympus-style makernotes OBS-URL: https://build.opensuse.org/request/show/127809 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libexif?expand=0&rev=33
2012-07-13 09:31:52 +00:00 · 2012-07-13 09:31:52 +00:00 · 74aa6dfd10
commit 74aa6dfd10
parent 1af442ae5b f4bf8a62e8
4 changed files with 54 additions and 16 deletions
--- a/libexif-0.6.20.tar.bz2
+++ b/libexif-0.6.20.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a772d20bd8fb9802d7f0d70fde6ac8872f87d0c66c52b0d14026dafcaa83d715
-size 1412921
--- a/libexif-0.6.21.tar.bz2
+++ b/libexif-0.6.21.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a
+size 1368435
--- a/libexif.changes
+++ b/libexif.changes
@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Thu Jul 12 20:02:18 UTC 2012 - meissner@suse.com
+
+- updated to 0.6.21
+  * Fixed some buffer overflows in exif_entry_format_value()
+    This fixes CVE-2012-2814.  Reported by Mateusz Jurczyk of
+    Google Security Team
+  * Fixed an off-by-one error in exif_convert_utf16_to_utf8()
+    This can cause a one-byte NUL write past the end of the buffer.
+    This fixes CVE-2012-2840
+  * Don't read past the end of a tag when converting from UTF-16
+    This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of
+    Google Security Team
+  * Fixed an out of bounds read on corrupted input
+    The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not,
+    NUL-terminated.
+    This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of
+    Google Security Team
+  * Fixed a buffer overflow problem in exif_entry_get_value
+    If the application passed in a buffer length of 0, then it would
+    be treated as the buffer had unlimited length.
+    This fixes CVE-2012-2841
+  * Fix a buffer overflow on corrupt EXIF data.
+    This fixes bug #3434540 and fixes part of CVE-2012-2836
+    Reported by Yunho Kim
+  * Fix a buffer overflow on corrupted JPEG data
+    An unsigned data length might wrap around when decremented
+    below zero, bypassing sanity checks on length.
+    This code path can probably only occur if exif_data_load_data()
+    is called directly by the application on data that wasn't parsed
+    by libexif itself.
+    This solves the other part of CVE-2012-2836
+  * Fixed some possible division-by-zeros in Olympus-style makernotes
+    This fixes bug #3434545, a.k.a. CVE-2012-2837
+    Reported by Yunho Kim
+
+  * lots and lots of translations updates.
+  * added more Canon lenses.
+  * changed "knots" to "nautical miles"
+
 -------------------------------------------------------------------
 Thu Dec 23 12:24:10 UTC 2010 - aj@suse.de

--- a/libexif.spec
+++ b/libexif.spec
@ -1,7 +1,7 @@
 #
-# spec file for package libexif (Version 0.6.20)
+# spec file for package libexif
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -15,19 +15,18 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #

-# norootforbuild
-

 Name:           libexif
-BuildRequires:  doxygen pkg-config
+BuildRequires:  doxygen
+BuildRequires:  pkg-config
 Url:            http://libexif.sourceforge.net
+Summary:        An EXIF Tag Parsing Library for Digital Cameras
 License:        LGPL-2.1+
 Group:          System/Libraries
-Summary:        An EXIF Tag Parsing Library for Digital Cameras
-Version:        0.6.20
-Release:        2
+Version:        0.6.21
+Release:        0
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Source0:        %{name}-%{version}.tar.bz2
+Source0:        https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2
 Source1:        baselibs.conf

 %define pname libexif12
@ -36,7 +35,6 @@ Source1:        baselibs.conf

 %package -n %{pname}

-
 Summary:        An EXIF Tag Parsing Library for Digital Cameras
 Group:          System/Libraries
 Provides:       libexif = %{version}
@ -52,10 +50,10 @@ digital cameras.


 %package devel
-License:        LGPL-2.1+
-Group:          Development/Libraries/C and C++
 Summary:        An EXIF Tag Parsing Library for Digital Cameras (Development files)
-Requires:       %{pname} = %{version} glibc-devel
+Group:          Development/Libraries/C and C++
+Requires:       %{pname} = %{version}
+Requires:       glibc-devel

 %description devel
 This library is used to parse EXIF information from JPEGs created by