libexif: Update to version 0.6.24
Commit Message
- Update from version 0.6.22 to 0.6.24
- Update of rootfile not required
- source file no longer provided in xz format - changed to bz2
- Changelog (Two CVE's fixed in 0.6.23)
libexif-0.6.24 (2021-11-25):
* Translation updates: sr, vi, pl, uk, french
* fixed regression in exif_data_load_data which could not load EXIF in JPEG data anymore
* Decode lots of Canon tag names
* removed empty strings from translation (empty string would translate to the PO info header)
* various warning removals and code improvements
* added sample "persistent" afl fuzzer (100x faster than normal afl fuzzer)
libexif-0.6.23 (2021-09-12):
* Translation updates: es, pl, uk, fr
* EXIF_TAG_SENSITIVITY_TYPE decoder added, added some more Exif 2.3 tags:
- EXIF_TAG_STANDARD_OUTPUT_SENSITIVITY
- EXIF_TAG_RECOMMENDED_EXPOSURE_INDEX
- EXIF_TAG_ISO_SPEED
- EXIF_TAG_ISO_SPEEDLatitudeYYY
- EXIF_TAG_ISO_SPEEDLatitudeZZZ
- EXIF_TAG_OFFSET_TIME
- EXIF_TAG_OFFSET_TIME_ORIGINAL
- EXIF_TAG_OFFSET_TIME_DIGITIZED
- EXIF_TAG_IMAGE_DEPTH
* be more relaxed to out of order JPG / EXIF dataheaders in files generated by some tools
* default GPS IFD table added
* Decode more Nikon Makernote tag names
* Added Apple iOS Makernote
* Security fixes:
* CVE-2020-0198: unsigned integer overflow in exif_data_load_data_content
* CVE-2020-0452: compiler optimization could remove an a
bufferoverflow check, making a buffer overflow possible with some
EXIF tags
* some more denial of service (compute time or stack exhaustion) counter-measures
added that avoid minutes of decoding time with malformed files found
by OSS-Fuzz
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
lfs/libexif | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
> - Update from version 0.6.22 to 0.6.24
> - Update of rootfile not required
> - source file no longer provided in xz format - changed to bz2
> - Changelog (Two CVE's fixed in 0.6.23)
> libexif-0.6.24 (2021-11-25):
> * Translation updates: sr, vi, pl, uk, french
> * fixed regression in exif_data_load_data which could not load EXIF in JPEG data anymore
> * Decode lots of Canon tag names
> * removed empty strings from translation (empty string would translate to the PO info header)
> * various warning removals and code improvements
> * added sample "persistent" afl fuzzer (100x faster than normal afl fuzzer)
> libexif-0.6.23 (2021-09-12):
> * Translation updates: es, pl, uk, fr
> * EXIF_TAG_SENSITIVITY_TYPE decoder added, added some more Exif 2.3 tags:
> - EXIF_TAG_STANDARD_OUTPUT_SENSITIVITY
> - EXIF_TAG_RECOMMENDED_EXPOSURE_INDEX
> - EXIF_TAG_ISO_SPEED
> - EXIF_TAG_ISO_SPEEDLatitudeYYY
> - EXIF_TAG_ISO_SPEEDLatitudeZZZ
> - EXIF_TAG_OFFSET_TIME
> - EXIF_TAG_OFFSET_TIME_ORIGINAL
> - EXIF_TAG_OFFSET_TIME_DIGITIZED
> - EXIF_TAG_IMAGE_DEPTH
> * be more relaxed to out of order JPG / EXIF dataheaders in files generated by some tools
> * default GPS IFD table added
> * Decode more Nikon Makernote tag names
> * Added Apple iOS Makernote
> * Security fixes:
> * CVE-2020-0198: unsigned integer overflow in exif_data_load_data_content
> * CVE-2020-0452: compiler optimization could remove an a
> bufferoverflow check, making a buffer overflow possible with some
> EXIF tags
> * some more denial of service (compute time or stack exhaustion) counter-measures
> added that avoid minutes of decoding time with malformed files found
> by OSS-Fuzz
>
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> lfs/libexif | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/lfs/libexif b/lfs/libexif
> index c23dfd573..c89232b1c 100644
> --- a/lfs/libexif
> +++ b/lfs/libexif
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
> +# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -26,15 +26,15 @@ include Config
>
> SUMMARY = An EXIF Tag Parsing Library for Digital Cameras
>
> -VER = 0.6.22
> +VER = 0.6.24
>
> THISAPP = libexif-$(VER)
> -DL_FILE = $(THISAPP).tar.xz
> +DL_FILE = $(THISAPP).tar.bz2
> DL_FROM = $(URL_IPFIRE)
> DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> PROG = libexif
> -PAK_VER = 2
> +PAK_VER = 3
>
> DEPS =
>
> @@ -48,7 +48,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 3771dcf2d6a9d9a63e2d3fcdd49487bec7af45d1d18aef1bf3d427893b0cfc464fab37adfbfa549571a58540c7c1eb402724afe05c36baa51a6b7f19ee17ed2b
> +$(DL_FILE)_BLAKE2 = 75d3a2b4fefd7b7706226e70d31250ef7e99eeb81a4839ddc36cc9e3180534542d8a02851f8e6fd5034bbc925a616ead8c4bfb0cce8bc5886c3ec54811914a6b
>
> install : $(TARGET)
>
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,15 +26,15 @@ include Config
SUMMARY = An EXIF Tag Parsing Library for Digital Cameras
-VER = 0.6.22
+VER = 0.6.24
THISAPP = libexif-$(VER)
-DL_FILE = $(THISAPP).tar.xz
+DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libexif
-PAK_VER = 2
+PAK_VER = 3
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3771dcf2d6a9d9a63e2d3fcdd49487bec7af45d1d18aef1bf3d427893b0cfc464fab37adfbfa549571a58540c7c1eb402724afe05c36baa51a6b7f19ee17ed2b
+$(DL_FILE)_BLAKE2 = 75d3a2b4fefd7b7706226e70d31250ef7e99eeb81a4839ddc36cc9e3180534542d8a02851f8e6fd5034bbc925a616ead8c4bfb0cce8bc5886c3ec54811914a6b
install : $(TARGET)