Revisions of libexif
Dominique Leuenberger (dimstar_suse)
accepted
request 934523
from
Marcus Meissner (msmeissn)
(revision 45)
- libexif-0.6.24 (2021-11-25): * Translation updates: sr, vi, pl, uk, french * fixed regression in exif_data_load_data which could not load EXIF in JPEG data anymore * Decode lots of Canon tag names * removed empty strings from translation (empty string would translate to the PO info header) * various warning removals and code improvements * added sample "persistent" afl fuzzer (100x faster than normal afl fuzzer)
Dominique Leuenberger (dimstar_suse)
accepted
request 918663
from
Marcus Meissner (msmeissn)
(revision 44)
- libexif-0.6.23 (2021-09-12):
- Translation updates: es, pl, uk, fr
- EXIF_TAG_SENSITIVITY_TYPE decoder added, added some more Exif 2.3 tags:
EXIF_TAG_STANDARD_OUTPUT_SENSITIVITY
EXIF_TAG_RECOMMENDED_EXPOSURE_INDEX
EXIF_TAG_ISO_SPEED
EXIF_TAG_ISO_SPEEDLatitudeYYY
EXIF_TAG_ISO_SPEEDLatitudeZZZ
EXIF_TAG_OFFSET_TIME
EXIF_TAG_OFFSET_TIME_ORIGINAL
EXIF_TAG_OFFSET_TIME_DIGITIZED
EXIF_TAG_IMAGE_DEPTH
- be more relaxed to out of order JPG / EXIF dataheaders in files generated by some tools
- default GPS IFD table added
- Decode more Nikon Makernote tag names
- Added Apple iOS Makernote
- Security fixes:
- CVE-2020-0198: unsigned integer overflow in exif_data_load_data_content
- CVE-2020-0452: compiler optimization could remove an a
bufferoverflow check, making a buffer overflow possible with some
EXIF tags
- some more denial of service (compute time or stack exhaustion) counter-measures
added that avoid minutes of decoding time with malformed files found
by OSS-Fuzz
Yuchen Lin (maxlin_factory)
accepted
request 809029
from
Marcus Meissner (msmeissn)
(revision 43)
* CVE-2020-13114: Time consumption DoS when parsing canon array markers (bsc#1172121)
* CVE-2020-13113: Potential use of uninitialized memory (bsc#1172105)
* CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes (bsc#1172116)
Dominique Leuenberger (dimstar_suse)
accepted
request 807015
from
Marcus Meissner (msmeissn)
(revision 42)
- libexif-0.6.22 (2020-05-18) release:
* New translations: ms
* Updated translations for most languages
* Fixed C89 compatibility
* Fixed warnings on recent versions of autoconf
* Some useful EXIF 2.3 tag added:
* EXIF_TAG_GAMMA
* EXIF_TAG_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
* EXIF_TAG_GPS_H_POSITIONING_ERROR
* EXIF_TAG_CAMERA_OWNER_NAME
* EXIF_TAG_BODY_SERIAL_NUMBER
* EXIF_TAG_LENS_SPECIFICATION
* EXIF_TAG_LENS_MAKE
* EXIF_TAG_LENS_MODEL
* EXIF_TAG_LENS_SERIAL_NUMBER
* Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others.
* CVE-2018-20030: Fix for recursion DoS (bsc#1120943)
* CVE-2020-13114: Time consumption DoS when parsing canon array markers
* CVE-2020-13113: Potential use of uninitialized memory
* CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes
* CVE-2020-0093: read overflow (bsc#1171847)
* CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs (bsc#1160770)
* CVE-2020-12767: fixed division by zero (bsc#1171475)
* CVE-2016-6328: fixed integer overflow when parsing maker notes (bsc#1171475)
* CVE-2017-7544: fixed buffer overread (bsc#1059893)
- removed patch: libexif-build-date.patch (done similar upstream)
- CVE-2016-6328.patch: in upstream release
- CVE-2017-7544.patch: in upstream release
Dominique Leuenberger (dimstar_suse)
accepted
request 568909
from
Ismail Dönmez (namtrac)
(revision 41)
Dominique Leuenberger (dimstar_suse)
accepted
request 515431
from
Marcus Meissner (msmeissn)
(revision 40)
- add a libexif-devel-biarch for building with -m32
Stephan Kulow (coolo)
accepted
request 246482
from
Marcus Meissner (msmeissn)
(revision 38)
- Add obsoletes/provides to baselibs.conf. (forwarded request 246480 from fcrozat)
Stephan Kulow (coolo)
accepted
request 235469
from
mrdocs
(revision 36)
- Do not include timestamps in files (libexif-build-date.patch) (forwarded request 235458 from elvigia)
Ismail Dönmez (namtrac)
accepted
request 127809
from
Marcus Meissner (msmeissn)
(revision 33)
- updated to 0.6.21
* Fixed some buffer overflows in exif_entry_format_value()
This fixes CVE-2012-2814. Reported by Mateusz Jurczyk of
Google Security Team
* Fixed an off-by-one error in exif_convert_utf16_to_utf8()
This can cause a one-byte NUL write past the end of the buffer.
This fixes CVE-2012-2840
* Don't read past the end of a tag when converting from UTF-16
This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of
Google Security Team
* Fixed an out of bounds read on corrupted input
The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not,
NUL-terminated.
This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of
Google Security Team
* Fixed a buffer overflow problem in exif_entry_get_value
If the application passed in a buffer length of 0, then it would
be treated as the buffer had unlimited length.
This fixes CVE-2012-2841
* Fix a buffer overflow on corrupt EXIF data.
This fixes bug #3434540 and fixes part of CVE-2012-2836
Reported by Yunho Kim
* Fix a buffer overflow on corrupted JPEG data
An unsigned data length might wrap around when decremented
below zero, bypassing sanity checks on length.
This code path can probably only occur if exif_data_load_data()
is called directly by the application on data that wasn't parsed
by libexif itself.
This solves the other part of CVE-2012-2836
* Fixed some possible division-by-zeros in Olympus-style makernotes
Adrian Schröter (adrianSuSE)
committed
(revision 30)
Ruediger Oertel (oertel)
accepted
request 56705
from
mrdocs
(revision 27)
Accepted submit request 56705 from user mrdocs
Displaying revisions 1 - 20 of 45
