Hello community, here is the log from the commit of package exiv2 for openSUSE:Factory checked in at 2015-02-12 10:22:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/exiv2 (Old) and /work/SRC/openSUSE:Factory/.exiv2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exiv2" Changes: -------- --- /work/SRC/openSUSE:Factory/exiv2/exiv2.changes 2014-06-18 07:49:18.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.exiv2.new/exiv2.changes 2015-02-12 10:22:04.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Feb 9 00:34:20 UTC 2015 - nico.kru...@gmail.com + +- fix a Buffer Overflow in INFO tags of RIFFVIDEO.CPP + (fix-overflow-in-info-tags-r3264.patch) + +------------------------------------------------------------------- New: ---- fix-overflow-in-info-tags-r3264.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exiv2.spec ++++++ --- /var/tmp/diff_new_pack.p4njrL/_old 2015-02-12 10:22:05.000000000 +0100 +++ /var/tmp/diff_new_pack.p4njrL/_new 2015-02-12 10:22:05.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package exiv2 # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,6 +28,8 @@ # PATCH-FIX-UPSTREAM co...@suse.de -- broken Makefile, emailed A.Huggel Patch0: fix-parallel-build.patch Patch1: exiv2-build-date.patch +# PATCH-FIX-UPSTREAM fix-overflow-in-info-tags-r3264.patch nico.kru...@gmail.com -- fix overflow in info tags from svn rev 3264, also fixes kde#340373 +Patch2: fix-overflow-in-info-tags-r3264.patch BuildRequires: doxygen BuildRequires: fdupes BuildRequires: gcc-c++ @@ -69,6 +71,7 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build export CXXFLAGS="%optflags $(getconf LFS_CFLAGS)" ++++++ fix-overflow-in-info-tags-r3264.patch ++++++ Index: exiv2-0.24/src/riffvideo.cpp =================================================================== --- exiv2-0.24.orig/src/riffvideo.cpp (revision 3201) +++ exiv2-0.24/src/riffvideo.cpp (revision 3264) @@ -856,7 +856,7 @@ void RiffVideo::infoTagsHandler() { - const long bufMinSize = 100; + const long bufMinSize = 10000; DataBuf buf(bufMinSize); buf.pData_[4] = '\0'; io_->seek(-12, BasicIo::cur); @@ -879,10 +879,14 @@ if(infoSize >= 0) { size -= infoSize; io_->read(buf.pData_, infoSize); + if(infoSize < 4) + buf.pData_[infoSize] = '\0'; } if(tv) xmpData_[exvGettext(tv->label_)] = buf.pData_; + else + continue; } io_->seek(cur_pos + size_external, BasicIo::beg); } // RiffVideo::infoTagsHandler -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org