Hello community, here is the log from the commit of package libexif for openSUSE:Factory checked in at 2020-05-20 18:37:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libexif (Old) and /work/SRC/openSUSE:Factory/.libexif.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libexif" Wed May 20 18:37:08 2020 rev:42 rq:807015 version:0.6.22 Changes: -------- --- /work/SRC/openSUSE:Factory/libexif/libexif.changes 2018-01-26 13:57:38.874446928 +0100 +++ /work/SRC/openSUSE:Factory/.libexif.new.2738/libexif.changes 2020-05-20 18:37:11.140195918 +0200 @@ -1,0 +2,34 @@ +Mon May 18 16:08:17 UTC 2020 - Marcus Meissner <meiss...@suse.com> + +- libexif-0.6.22 (2020-05-18) release: + * New translations: ms + * Updated translations for most languages + * Fixed C89 compatibility + * Fixed warnings on recent versions of autoconf + * Some useful EXIF 2.3 tag added: + * EXIF_TAG_GAMMA + * EXIF_TAG_COMPOSITE_IMAGE + * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE + * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE + * EXIF_TAG_GPS_H_POSITIONING_ERROR + * EXIF_TAG_CAMERA_OWNER_NAME + * EXIF_TAG_BODY_SERIAL_NUMBER + * EXIF_TAG_LENS_SPECIFICATION + * EXIF_TAG_LENS_MAKE + * EXIF_TAG_LENS_MODEL + * EXIF_TAG_LENS_SERIAL_NUMBER + * Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others. + * CVE-2018-20030: Fix for recursion DoS (bsc#1120943) + * CVE-2020-13114: Time consumption DoS when parsing canon array markers + * CVE-2020-13113: Potential use of uninitialized memory + * CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes + * CVE-2020-0093: read overflow (bsc#1171847) + * CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs (bsc#1160770) + * CVE-2020-12767: fixed division by zero (bsc#1171475) + * CVE-2016-6328: fixed integer overflow when parsing maker notes (bsc#1171475) + * CVE-2017-7544: fixed buffer overread (bsc#1059893) +- removed patch: libexif-build-date.patch (done similar upstream) +- CVE-2016-6328.patch: in upstream release +- CVE-2017-7544.patch: in upstream release + +------------------------------------------------------------------- Old: ---- CVE-2016-6328.patch CVE-2017-7544.patch libexif-0.6.21.tar.bz2 libexif-build-date.patch New: ---- libexif-0.6.22.tar.bz2 libexif-0.6.22.tar.bz2.asc libexif.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libexif.spec ++++++ --- /var/tmp/diff_new_pack.Ql6yXF/_old 2020-05-20 18:37:11.704197100 +0200 +++ /var/tmp/diff_new_pack.Ql6yXF/_new 2020-05-20 18:37:11.704197100 +0200 @@ -1,7 +1,7 @@ # # spec file for package libexif # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,23 +12,22 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: libexif -Version: 0.6.21 +Version: 0.6.22 Release: 0 -Url: http://libexif.sourceforge.net +URL: http://libexif.sourceforge.net Summary: An EXIF Tag Parsing Library for Digital Cameras -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2 +Source0: %{name}-%{version}.tar.bz2 +Source2: %{name}-%{version}.tar.bz2.asc +Source3: %name.keyring Source1: baselibs.conf -Patch0: libexif-build-date.patch -Patch1: CVE-2016-6328.patch -Patch2: CVE-2017-7544.patch BuildRequires: doxygen BuildRequires: pkg-config @@ -62,9 +61,6 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p0 %build export CFLAGS="%optflags $(getconf LFS_CFLAGS)" ++++++ libexif-0.6.21.tar.bz2 -> libexif-0.6.22.tar.bz2 ++++++ ++++ 195809 lines of diff (skipped)
