* Mon May 18 2020 meissner@suse.com
- libexif-0.6.22 (2020-05-18) release:
* New translations: ms
* Updated translations for most languages
* Fixed C89 compatibility
* Fixed warnings on recent versions of autoconf
* Some useful EXIF 2.3 tag added:
* EXIF_TAG_GAMMA
* EXIF_TAG_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
* EXIF_TAG_GPS_H_POSITIONING_ERROR
* EXIF_TAG_CAMERA_OWNER_NAME
* EXIF_TAG_BODY_SERIAL_NUMBER
* EXIF_TAG_LENS_SPECIFICATION
* EXIF_TAG_LENS_MAKE
* EXIF_TAG_LENS_MODEL
* EXIF_TAG_LENS_SERIAL_NUMBER
* Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others.
* CVE-2018-20030: Fix for recursion DoS (bsc#1120943)
* CVE-2020-13114: Time consumption DoS when parsing canon array markers (bsc#1172121)
* CVE-2020-13113: Potential use of uninitialized memory (bsc#1172105)
* CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes (bsc#1172116)
* CVE-2020-0093: read overflow (bsc#1171847)
* CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs (bsc#1160770)
* CVE-2020-12767: fixed division by zero (bsc#1171475)
* CVE-2016-6328: fixed integer overflow when parsing maker notes (bsc#1171475)
* CVE-2017-7544: fixed buffer overread (bsc#1059893)
- removed patch: libexif-build-date.patch (done similar upstream)
- CVE-2016-6328.patch: in upstream release
- CVE-2017-7544.patch: in upstream release
- libexif-CVE-2018-20030.patch: in upstream release
- libexif-CVE-2019-9278.patch: in upstream release
* Fri Jan 31 2020 meissner@suse.com
- libexif-CVE-2019-9278.patch: fixed an integer overflow on large
file handling (bsc#1160770 CVE-2019-9278)
- libexif-CVE-2018-20030.patch: Fixed a denial of service by endless
recursion (bsc#1120943 CVE-2018-20030)
* Wed Jan 24 2018 jengelh@inai.de
- Remove %__-type macro indirections. Fix SRPM group.
- Use %_smp_mflags for parallel build.
- Drop pointless --with-pic (no effect since --disable-static).
* Wed Jan 17 2018 kbabioch@suse.com
- Add CVE-2016-6328.patch: Fix integer overflow in parsing MNOTE
entry data of the input file (bnc#1055857)
- Add CVE-2017-7544.patch: Fix vulnerable out-of-bounds heap read
vulnerability (bnc#1059893)
* Mon Aug 07 2017 meissner@suse.com
- add a libexif-devel-biarch for building with -m32
* Tue Aug 26 2014 fcrozat@suse.com
- Add obsoletes/provides to baselibs.conf.
* Fri May 30 2014 opensuse@dstoecker.de
- fix description to be UTF-8
* Mon May 26 2014 crrodriguez@opensuse.org
- Do not include timestamps in files (libexif-build-date.patch)
* Sun May 25 2014 crrodriguez@opensuse.org
- Use LFS_CFLAGS in 32 bit systems.
* Thu Jul 12 2012 meissner@suse.com
- updated to 0.6.21
* Fixed some buffer overflows in exif_entry_format_value()
This fixes CVE-2012-2814. Reported by Mateusz Jurczyk of
Google Security Team
* Fixed an off-by-one error in exif_convert_utf16_to_utf8()
This can cause a one-byte NUL write past the end of the buffer.
This fixes CVE-2012-2840
* Don't read past the end of a tag when converting from UTF-16
This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of
Google Security Team
* Fixed an out of bounds read on corrupted input
The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not,
NUL-terminated.
This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of
Google Security Team
* Fixed a buffer overflow problem in exif_entry_get_value
If the application passed in a buffer length of 0, then it would
be treated as the buffer had unlimited length.
This fixes CVE-2012-2841
* Fix a buffer overflow on corrupt EXIF data.
This fixes bug #3434540 and fixes part of CVE-2012-2836
Reported by Yunho Kim
* Fix a buffer overflow on corrupted JPEG data
An unsigned data length might wrap around when decremented
below zero, bypassing sanity checks on length.
This code path can probably only occur if exif_data_load_data()
is called directly by the application on data that wasn't parsed
by libexif itself.
This solves the other part of CVE-2012-2836
* Fixed some possible division-by-zeros in Olympus-style makernotes
This fixes bug #3434545, a.k.a. CVE-2012-2837
Reported by Yunho Kim
* lots and lots of translations updates.
* added more Canon lenses.
* changed "knots" to "nautical miles"
* Thu Dec 23 2010 aj@suse.de
- Provide/obsolete old libexif package name so that upgrade and
dependencies from other packages continue to work.
* Fri Dec 17 2010 meissner@suse.de
- updated to 0.6.20
* New translations: bs, tr
* Updated translations: be, cs, da, de, en_GB, en_CA, it, ja, nl, pl, pt_BR,
pt, ru, sk, sq, sr, sv, vi, zh_CN
* Fixed some problems in the write-exif.c example program
* Stop listing -lm as a required library for dynamic linking in libexif.pc
* Turned on the --enable-silent-rules configure option
* Changed a lot of strings to make the case of the text more consistent
* exif_entry_dump() now displays the correct tag name for GPS tags
* Fixed some invalid format specifiers that caused problems on some platforms
* Display rational numbers with the right number of significant figures
- shared library packaging policy , new package libexif12
* Sat Apr 24 2010 coolo@novell.com
- buildrequire pkg-config to fix provides
* Thu Dec 24 2009 jengelh@medozas.de
- package baselibs.conf
* Sun Nov 15 2009 meissner@suse.de
- updated to 0.6.19
* Fixed a heap buffer overflow during tag format conversion
* Updated and new translations
* Now using a binary search to make searching through the tag table faster
- updated to 0.6.18
* Updated and new translations
* Added some example programs
* libexif is now thread safe when the underlying C library is thread safe
and when each object allocated by libexif isn't used by more than one
thread simultaneously
* Expanded the Doxygen API documentation
* Access to the raw EXIF data through the ExifEntry structure members is
now officially documented
* Fixed some Olympus/Sanyo MakerNote interpretations
* Added support for Epson MakerNotes
* Fixed bug #1946138 to stop ignoring CFLAGS in the sqrt configure test
* Added remaining GPS tags from the EXIF 2.2 spec to the tag table
* Fixed the interpretation of some tags as being optional in IFD 1
(to match the EXIF 2.2 spec) which stops them from being erroneously
removed from a file when EXIF_DATA_OPTION_IGNORE_UNKNOWN_TAGS is set
* Changed exif_tag_get_support_level_in_ifd() to return a value when possible
when the data type for the given EXIF data is unknown. This will cause
tags to be added or deleted when tag fixup is requested even, without a
data type being set.
* Added support for writing Pentax and Casio type2 MakerNotes
* Improved display of Pentax and Casio type2 MakerNotes
* Completely fixed bug #1617997 to display APEX values correctly
* Stopped some crashes due to read-beyond-buffer accesses in MakerNotes
* Don't abort MakerNote parsing after the first invalid tag
* Sped up exif_content_fix()
* Fixed negative exposure values in Canon makernotes (bug #2797280)
* New API entry point: exif_loader_get_buf()
* Mon Jan 26 2009 crrodriguez@suse.de
- remove "la" files
* Wed Jan 07 2009 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Sat Nov 08 2008 meissner@suse.de
- updated to 0.6.17 (rc1/final)
* Updated translations: cs, de, pl, sk, vi
* New translations: nl, se, en_CA
* Enabled sv translation by default
* Bug fixes: #1773810, #1774626, #1536244, CVE-2007-6351, CVE-2007-6352,
[#2071600] and others
* Enhanced support of Canon and Olympus makernotes
* Added support for Fuji and Sanyo makernotes
* Added support for the NO_VERBOSE_TAG_STRINGS and NO_VERBOSE_TAG_DATA
macros to reduce size for embedded applications
* Added support for more tags
* Fri Sep 19 2008 meissner@suse.de
- updated dutch translation
- crash fix if exiftag not present
* Fri Jul 25 2008 meissner@suse.de
- fixed eog and gimp crashes bnc#404475, bnc#406299