From 9c3fc0fbb7e6ff507ed1c4e6da10960203d1cfdf98d3a25512b3b44c77986789 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Thu, 12 Jul 2012 20:04:02 +0000
Subject: [PATCH 1/2] - updated to 0.6.21   * Fixed some buffer overflows in
 exif_entry_format_value()     This fixes CVE-2012-2814.  Reported by Mateusz
 Jurczyk of     Google Security Team   * Fixed an off-by-one error in
 exif_convert_utf16_to_utf8()     This can cause a one-byte NUL write past the
 end of the buffer.     This fixes CVE-2012-2840   * Don't read past the end
 of a tag when converting from UTF-16     This fixes CVE-2012-2813. Reported
 by Mateusz Jurczyk of     Google Security Team   * Fixed an out of bounds
 read on corrupted input     The EXIF_TAG_COPYRIGHT tag ought to be, but
 perhaps is not,     NUL-terminated.     This fixes CVE-2012-2812. Reported by
 Mateusz Jurczyk of     Google Security Team   * Fixed a buffer overflow
 problem in exif_entry_get_value     If the application passed in a buffer
 length of 0, then it would     be treated as the buffer had unlimited length.
     This fixes CVE-2012-2841   * Fix a buffer overflow on corrupt EXIF data. 
    This fixes bug #3434540 and fixes part of CVE-2012-2836     Reported by
 Yunho Kim   * Fix a buffer overflow on corrupted JPEG data     An unsigned
 data length might wrap around when decremented     below zero, bypassing
 sanity checks on length.     This code path can probably only occur if
 exif_data_load_data()     is called directly by the application on data that
 wasn't parsed     by libexif itself.     This solves the other part of
 CVE-2012-2836   * Fixed some possible division-by-zeros in Olympus-style
 makernotes

OBS-URL: https://build.opensuse.org/package/show/graphics/libexif?expand=0&rev=18
---
 libexif-0.6.20.tar.bz2 |  3 ---
 libexif-0.6.21.tar.bz2 |  3 +++
 libexif.changes        | 40 ++++++++++++++++++++++++++++++++++++++++
 libexif.spec           | 25 ++++++++++++-------------
 4 files changed, 55 insertions(+), 16 deletions(-)
 delete mode 100644 libexif-0.6.20.tar.bz2
 create mode 100644 libexif-0.6.21.tar.bz2

diff --git a/libexif-0.6.20.tar.bz2 b/libexif-0.6.20.tar.bz2
deleted file mode 100644
index 35b4361..0000000
--- a/libexif-0.6.20.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a772d20bd8fb9802d7f0d70fde6ac8872f87d0c66c52b0d14026dafcaa83d715
-size 1412921
diff --git a/libexif-0.6.21.tar.bz2 b/libexif-0.6.21.tar.bz2
new file mode 100644
index 0000000..c98f723
--- /dev/null
+++ b/libexif-0.6.21.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:27028e5a41a68335ca3d8101bf6d78aed01810d6e272284d617beb810bcc3113
+size 1368576
diff --git a/libexif.changes b/libexif.changes
index 7ea60aa..f0c0bc8 100644
--- a/libexif.changes
+++ b/libexif.changes
@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Thu Jul 12 20:02:18 UTC 2012 - meissner@suse.com
+
+- updated to 0.6.21
+  * Fixed some buffer overflows in exif_entry_format_value()
+    This fixes CVE-2012-2814.  Reported by Mateusz Jurczyk of
+    Google Security Team
+  * Fixed an off-by-one error in exif_convert_utf16_to_utf8()
+    This can cause a one-byte NUL write past the end of the buffer.
+    This fixes CVE-2012-2840
+  * Don't read past the end of a tag when converting from UTF-16
+    This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of
+    Google Security Team
+  * Fixed an out of bounds read on corrupted input
+    The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not,
+    NUL-terminated.
+    This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of
+    Google Security Team
+  * Fixed a buffer overflow problem in exif_entry_get_value
+    If the application passed in a buffer length of 0, then it would
+    be treated as the buffer had unlimited length.
+    This fixes CVE-2012-2841
+  * Fix a buffer overflow on corrupt EXIF data.
+    This fixes bug #3434540 and fixes part of CVE-2012-2836
+    Reported by Yunho Kim
+  * Fix a buffer overflow on corrupted JPEG data
+    An unsigned data length might wrap around when decremented
+    below zero, bypassing sanity checks on length.
+    This code path can probably only occur if exif_data_load_data()
+    is called directly by the application on data that wasn't parsed
+    by libexif itself.
+    This solves the other part of CVE-2012-2836
+  * Fixed some possible division-by-zeros in Olympus-style makernotes
+    This fixes bug #3434545, a.k.a. CVE-2012-2837
+    Reported by Yunho Kim
+
+  * lots and lots of translations updates.
+  * added more Canon lenses.
+  * changed "knots" to "nautical miles"
+
 -------------------------------------------------------------------
 Thu Dec 23 12:24:10 UTC 2010 - aj@suse.de
 
diff --git a/libexif.spec b/libexif.spec
index 859caa3..acfe4b5 100644
--- a/libexif.spec
+++ b/libexif.spec
@@ -1,7 +1,7 @@
 #
-# spec file for package libexif (Version 0.6.20)
+# spec file for package libexif
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -15,19 +15,18 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-# norootforbuild
-
 
 Name:           libexif
-BuildRequires:  doxygen pkg-config
+BuildRequires:  doxygen
+BuildRequires:  pkg-config
 Url:            http://libexif.sourceforge.net
-License:        LGPLv2.1+
-Group:          System/Libraries
 Summary:        An EXIF Tag Parsing Library for Digital Cameras
-Version:        0.6.20
-Release:        1
+License:        LGPL-2.1+
+Group:          System/Libraries
+Version:        0.6.21
+Release:        0
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Source0:        %{name}-%{version}.tar.bz2
+Source0:        https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2
 Source1:        baselibs.conf
 
 %define pname libexif12
@@ -51,10 +50,10 @@ digital cameras.
 
 
 %package devel
-License:        LGPLv2.1+
-Group:          Development/Libraries/C and C++
 Summary:        An EXIF Tag Parsing Library for Digital Cameras (Development files)
-Requires:       %{pname} = %{version} glibc-devel
+Group:          Development/Libraries/C and C++
+Requires:       %{pname} = %{version}
+Requires:       glibc-devel
 
 %description devel
 This library is used to parse EXIF information from JPEGs created by

From f4bf8a62e8e59b2c71903e6ae401fe8e45d50a4692f39621b498f62c1f7d5213 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Fri, 13 Jul 2012 05:33:39 +0000
Subject: [PATCH 2/2] tarball was replaced

OBS-URL: https://build.opensuse.org/package/show/graphics/libexif?expand=0&rev=19
---
 libexif-0.6.21.tar.bz2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libexif-0.6.21.tar.bz2 b/libexif-0.6.21.tar.bz2
index c98f723..aaac9d5 100644
--- a/libexif-0.6.21.tar.bz2
+++ b/libexif-0.6.21.tar.bz2
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:27028e5a41a68335ca3d8101bf6d78aed01810d6e272284d617beb810bcc3113
-size 1368576
+oid sha256:16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a
+size 1368435