Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libexiv2-26-0.26-150400.9.21.1 RPM for x86_64

From OpenSuSE Leap 15.6 for x86_64

Name: libexiv2-26 Distribution: SUSE Linux Enterprise 15
Version: 0.26 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150400.9.21.1 Build date: Thu Nov 17 16:09:26 2022
Group: System/Libraries Build host: sheep27
Size: 3211936 Source RPM: exiv2-0_26-0.26-150400.9.21.1.src.rpm
Packager: https://www.suse.com/
Url: http://www.exiv2.org/
Summary: Library to access image metadata
libexiv2 is a C++ library with a C compatibility interface to access
image metadata, esp from Exif tags.

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Mon Nov 14 2022 dmueller@suse.com
  - add CVE-2021-29473.patch (CVE-2021-29473, bsc#1186231):
    avoid out-of-bounds read in Exiv2:Jp2Image:doWriteMetadata
  - add CVE-2019-17402.patch (CVE-2019-17402, bsc#1153577):
    improper validation of the total size to the offset and size leads to a crash in Exiv2::getULong in types.cpp
  - add CVE-2019-13109.patch (CVE-2019-13109, bsc#1142677):
    denial of service in PngImage:readMetadata
  - add CVE-2018-20099.patch (CVE-2018-20099, bsc#1119559):
    fix infinite loop in Exiv2::Jp2Image::encodeJp2Header
    this includes CVE-2018-20098, bsc#1119560
  - add CVE-2018-20097.patch (CVE-2018-20097, bsc#1119562):
    avoid null pointer dereference in TiffParserWorker::findPrimaryGroups
  - add CVE-2018-17581.patch (CVE-2018-17581, bsc#1110282):
    avoid recursion in CiffDirectory::readDirectory()
  - add CVE-2021-32815.patch (CVE-2021-32815, bsc#1189337):
    avoid assertion failure in crwimage
* Fri Oct 28 2022 dmueller@suse.com
  - add CVE-2021-34334.patch (CVE-2021-34334, bsc#1189338)
* Wed Oct 26 2022 dmueller@suse.com
  - add CVE-2019-13111.patch (CVE-2019-13111, bsc#1142679)
  - add CVE-2021-29463.patch (CVE-2021-29463, bsc#1185913)
  - add webp-alpha-detection.patch
  - add improve-pngchunk-bounds-checking.patch
* Wed Sep 28 2022 dmueller@suse.com
  - add exiv2 0.26 library for compatibility (jsc#PED-1393)
* Tue Sep 27 2022 dmueller@suse.com
  - add CVE-2021-37621.patch (CVE-2021-37621, bsc#1189333)
  - add CVE-2021-32617.patch (CVE-2021-32617, bsc#1186192)
  - add CVE-2020-19716.patch (CVE-2020-19716, bsc#1188645)
  - add CVE-2019-14368.patch (CVE-2019-14368, bsc#1143278)
  - add CVE-2019-20421.patch (CVE-2019-20421, bsc#1161901)
* Mon Sep 26 2022 dmueller@suse.com
  - add CVE-2018-10772.patch (CVE-2018-10772, bsc#1092096)
  - add CVE-2018-18915.patch (CVE-2018-18915, bsc#1114690)
  - add CVE-2021-37620.patch (CVE-2021-37620, bsc#1189332)
  - add CVE-2021-29470.patch (CVE-2021-29470, bsc#1185447)
* Fri Aug 12 2022 dmueller@suse.com
  - add CVE-2018-5772.patch (CVE-2018-5772, bsc#1076579)
  - add CVE-2018-8976.patch (CVE-2018-8976, bsc#1086810)
  - add CVE-2018-8977.patch (CVE-2018-8977, bsc#1086798)
  - add CVE-2020-18898.patch (CVE-2020-18898, bsc#1189780)
  - add CVE-2021-31291.patch (CVE-2021-29457 and CVE-2021-31291, bsc#1185002 and bsc#1188733)
  - add CVE-2021-31292.patch (CVE-2021-31292, bsc#1188756)
  - add CVE-2021-37618.patch (CVE-2021-37618, bsc#1189330)
  - add CVE-2021-37619.patch (CVE-2021-37619, bsc#1189331)
  - add CVE-2020-18899.patch (CVE-2020-18899, bsc#1189636)
* Tue Mar 24 2020 dmueller@suse.com
  - add 0001-Avoid-null-pointer-exception-due-to-NULL-return-valu.patch (bsc#1142684, CVE-2019-13114):
    * fixes null-pointer dereference in http.c causing denial of service
  - add 0001-IptcData-printStructure-Remove-buffer-overrun.patch  (bsc#1088424, CVE-2018-9305):
    * fixes an out-of-bounds read in IptcData::printStructure in iptc.c
  - add 0001-Fix-SEGV-in-DataValue-Copy.patch (bsc#1109299, CVE-2018-17282):
    * fixes null pointer dereference in Exiv2:DataValue:copy in value.cpp
  - add 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch,
    0002-PSD-enforce-Length-of-image-resource-section-file-si.patch (CVE-2018-19108, bsc#1115364):
    * fixes denial of service in Exiv2::PsdImage::readMetadata
  - add 0001-Fix-561.-Use-proper-counter-for-the-idx-variable.patch (CVE-2018-19607, bsc#1117513):
    * fixes a denial of service (NULL pointer dereference and application crash)
* Tue Oct 16 2018 dmueller@suse.com
  - update to latest 0.26 branch:
    * Includes fix for CVE-2019-14982 (bsc#1146294)
    * Fixes CVE-2018-12264, CVE-2018-12265 (bsc#1097599)
    * Fixes CVE-2017-9239 (bsc#1040973): null pointer dereference in doWriteImage
    * Fixes CVE-2018-17229 (bsc#1109175): (Heap buffer overflow in Exiv2::d2Data)
    * Fixes CVE-2018-17230 (bsc#1109176): (heap-based buffer overflow in Exiv2::ul2Data)
    * Fixes CVE-2017-1000126 (Stack out of bounds read in webp parser) (bsc#1068873)
* Fri Jun 29 2018 tchvatal@suse.com
  - Fix build on python3 only system by making sure we use
    python3 when building
* Wed May 30 2018 dmueller@suse.com
  - update to latest 0.26 branch:
    * obsoletes 0001-Use-more-GNUInstallDirs.patch
    d4e4288d839d0d9546a05986771f8738c382060c.patch
    gcc-version-check.patch
    7f5b0778fa301b68c1c88e3820ec3afbd09dd0a5.patch
    fix-crash.patch
    * adds exiv2-update-to-0.26-branch.patch
    * Fixes CVE-2017-14864 (bsc#1060995),
    CVE-2017-14862 (bsc#1060996), CVE-2017-14859 (bsc#1061000)
    CVE-2017-14860 (bsc#1048883), CVE-2017-11337 (bsc#1048883),
    CVE-2017-11338 (bsc#1048883), CVE-2017-11339 (bsc#1048883),
    CVE-2017-11340 (bsc#1048883), CVE-2017-11553,
    CVE-2017-12955 (bsc#1054593), CVE-2017-12956,
    CVE-2017-12957, CVE-2017-11683, CVE-2017-11592,
    CVE-2017-11591 (bsc#1050257), CVE-2018-11531 (bsc#1095070),
    CVE-2019-13110 (bsc#1142678)
* Fri Nov 24 2017 cfeck@kde.org
  - split developer documentation into separate package
* Tue Oct 17 2017 dmueller@suse.com
  - add 0001-Use-more-GNUInstallDirs.patch (bsc#938600)
  - add d4e4288d839d0d9546a05986771f8738c382060c.patch (
      CVE-2017-14864 bsc#1060995,
      CVE-2017-14862 bsc#1060996,
      CVE-2017-14859 bsc#1061000)
* Wed Aug 09 2017 wbauer@tmo.at
  - Add fix-crash.patch to prevent crashes in gwenview with certain
    images (boo#1051782)
  - Update source tarball to the fixed upstream re-release and remove
    the workaround in the spec file
  - Replace gcc-version-check.patch with the version committed
    upstream
* Tue Jul 04 2017 wbauer@tmo.at
  - Fix baselibs.conf
* Fri Jun 30 2017 wbauer@tmo.at
  - Update to version 0.26
    * See http://www.exiv2.org/changelog.html
  - Add gcc-version-check.patch to fix build on Tumbleweed
  - Dropped the following upstreamed patches:
    * exiv2-cmake-libsuffix.patch
    * exiv2_r3889_r3890_fix_boo964344.diff
* Thu May 05 2016 suse-beta@cboltz.de
  - add exiv2_r3889_r3890_fix_boo964344.diff (taken from revisions linked
    in http://dev.exiv2.org/issues/1106) to fix crash in darktable (boo#964344)
* Wed Jul 15 2015 jengelh@inai.de
  - Adjust RPM groups
  - Put manpage in proper subpackage
* Tue Jun 23 2015 dmueller@suse.com
  - readd parallel-build-dep.patch
* Mon Jun 22 2015 tittiatcoke@gmail.com
  - Update to version 0.25
    * exivsimple has array index errors when stripping quotes form
      trivial input strings
    * Use SVN eol-style LF on all files
    * Access violation on IptcData::operator[] when key is invalid
    * PNG images with tiff tags throw exceptions
    * Plasma kde crashes when specific jpeg is on the Desktop
    * TIFF parser,Binary array elements should be decoded using the
      Makernote's endianness, not that of the image
    * Coverity scan : Issue CID 981992 , 981993
    * Wrong key name in output of addmodel sample
    * Printing tags does not honor multi-byte label widths correctly
    * Wrong ApertureValue written
    * pyexiv2 fails on cifs shares on an Ubuntu client
    * TIFF parser,Parse TIFF PageNumber
    * Add new sample applications exifdata and exivvalue
    * Add option -K Key (--key Key) to specify one or more keys to
      output
    * "exiv2 -eX" followed by "exiv2 -iX" produces invalid XMP
      metadata packet
    * Sony NEX Lens Information
    * Handle Pentax makernotes in samsung-rebranded cameras
    * Olympus XZ-1 FocusDistance incorrect
    * Support Panasonic Makernote
    * detection of Pentax DA 35/2.4 lens
    * Canon EOS M EF-M lenses
    * Lens matching on Canon
    * Tamron 18-270 is not detected anymore
    * Wrong aperture for Tamron 70-300?
    * Recognize Samsung NX 10mm Fisheye
    * Pentax/Sigma 24-70mm F2.8 IF EX DG HSM data
    * See also http://www.exiv2.org/changelog.html
  - Dropped the following upstreamed patches:
    * fix-overflow-in-info-tags-r3264.patch
    * fix-video-timescale-handling.patch
    * parallel-build-dep.patch
    * fix-parallel-build.patch
* Thu Jun 18 2015 dimstar@opensuse.org
  - Switch to cmake build system: there are various code snips that
    use variables that are only defined in the cmake build system
    (e.g. src/utils.cpp uses EXV_HAVE_UNISTD_H to include unistd.h,
    which is not done with configure. With gcc5 this results now in
    a failure, as unistd.h is no longer implicit).
  - Add exiv2-cmake-libsuffix.patch: Install the library to lib64 on
    the respective archs.
* Sun May 24 2015 gernot@hillier.de
  - add fix-video-timescale-handling.patch: Fix crash when scanning mp4 videos.
* Tue May 12 2015 dmueller@suse.com
  - add parallel-build-dep.patch: Fix build dependencies
* Mon Feb 09 2015 nico.kruber@gmail.com
  - fix a Buffer Overflow in INFO tags of RIFFVIDEO.CPP
    (fix-overflow-in-info-tags-r3264.patch) (CVE-2014-9449).

Files

/usr/lib64/libexiv2.so.26
/usr/lib64/libexiv2.so.26.0.0


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 20:06:21 2024