* Mon Jul 08 2024 dmueller@suse.com
- update to 0.28.3 (bsc#1227528, CVE-2024-39695):
* Release Notes:
+ https://github.com/Exiv2/exiv2/issues/3008
+ https://github.com/Exiv2/exiv2/milestone/14?closed=1
* This release also fixes a low-severity security issue in
asfvideo.cpp: out-of-bounds read in AsfVideo::streamProperties.
* Mon Jul 08 2024 dmueller@suse.com
- use --parallel as single-dash parameters are eaten by
ctest's rpm macro
* Wed Mar 06 2024 bwiedemann@suse.com
- Fix build with --nochecks
* Wed Feb 28 2024 dmueller@suse.com
- update to 0.28.2 (bsc#1219870, CVE-2024-24826, bsc#1219871,
CVE-2024-25112):
* CVE-2024-24826: out-of-bounds read in
QuickTimeVideo::NikonTagsDecoder.
* CVE-2024-25112: denial of service due to unbounded
recursion in QuickTimeVideo::multipleEntriesDecoder.
* Tue Nov 07 2023 dmueller@suse.com
- update to 0.28.1 (bsc#1216923, CVE-2023-44398):
* Release Notes:
https://github.com/Exiv2/exiv2/issues/2813
- drop exiv2-metadata-null-checks.patch (upstream)
* Fri Jul 07 2023 kv@kott.no-ip.biz
- add exiv2-metadata-null-checks.patch fixes gwenview crashes and
other apps https://github.com/Exiv2/exiv2/issues/2638
* Fri Jun 30 2023 dmueller@suse.com
- add a x86-64-v3 build, remove 32bit build (not used)
* Wed Jun 21 2023 mkubecek@suse.cz
- drop old C++ standard hack (patched line dropped in 0.28)
- use g++-11 for Leap 15 builds (fix for failed std::filesystem
check)
* Mon Jun 19 2023 dmueller@suse.com
- update to 0.28.0:
- long list of improvements and security fixes, see
https://github.com/Exiv2/exiv2/issues/2406#issuecomment-1529139799
- drop always-use-signed-char-for-conversion.patch (code no longer exists)
- drop CVE-2022-3953.patch (merged upstream)
- drop xml-static subpackage, cannot be built from shared builds anymore
and appears to be unused
* Tue Jan 24 2023 dmueller@suse.com
- add always-use-signed-char-for-conversion.patch for test suite
fixes on non-x86_64