|
|
|
|
Changelog for exiv2-0.28.3-196.6.x86_64.rpm :
* Mon Jul 08 2024 Dirk Müller - update to 0.28.3 (bsc#1227528, CVE-2024-39695): * Release Notes: + https://github.com/Exiv2/exiv2/issues/3008 + https://github.com/Exiv2/exiv2/milestone/14?closed=1 * This release also fixes a low-severity security issue in asfvideo.cpp: out-of-bounds read in AsfVideo::streamProperties. * Mon Jul 08 2024 Dirk Müller - use --parallel as single-dash parameters are eaten by ctest\'s rpm macro * Wed Mar 06 2024 Bernhard Wiedemann - Fix build with --nochecks * Wed Feb 28 2024 Dirk Müller - update to 0.28.2 (bsc#1219870, CVE-2024-24826, bsc#1219871, CVE-2024-25112): * CVE-2024-24826: out-of-bounds read in QuickTimeVideo::NikonTagsDecoder. * CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder. * Tue Nov 07 2023 Dirk Müller - update to 0.28.1 (bsc#1216923, CVE-2023-44398): * Release Notes: https://github.com/Exiv2/exiv2/issues/2813- drop exiv2-metadata-null-checks.patch (upstream) * Fri Jul 07 2023 Konstantin Voinov - add exiv2-metadata-null-checks.patch fixes gwenview crashes and other apps https://github.com/Exiv2/exiv2/issues/2638 * Fri Jun 30 2023 Dirk Müller - add a x86-64-v3 build, remove 32bit build (not used) * Wed Jun 21 2023 Michal Kubecek - drop old C++ standard hack (patched line dropped in 0.28)- use g++-11 for Leap 15 builds (fix for failed std::filesystem check) * Mon Jun 19 2023 Dirk Müller - update to 0.28.0: - long list of improvements and security fixes, see https://github.com/Exiv2/exiv2/issues/2406#issuecomment-1529139799- drop always-use-signed-char-for-conversion.patch (code no longer exists)- drop CVE-2022-3953.patch (merged upstream)- drop xml-static subpackage, cannot be built from shared builds anymore and appears to be unused * Tue Jan 24 2023 Dirk Müller - add always-use-signed-char-for-conversion.patch for test suite fixes on non-x86_64 * Tue Jan 24 2023 Guillaume GARDET - Disable bugfixes.github.test_CVE_2018_12265.AdditionOverflowInLoaderExifJpeg as it is broken on some archs See: https://github.com/Exiv2/exiv2/issues/933 * Sat Jan 21 2023 Dirk Müller - update to 0.27.6: * Add Nikon3.WhiteBalanceBias2 * Add Nikon LensData v0802 * Add some F mount lenses * Initial support for OM System MakerNote * Add Sony ARW compression to dict * Exif start can be at any byte in payload, not word aligned * Fix exception type when writing BMFF file * Add more MIME type mappings for TIFF-based raws * Fix naming of canon EF 35-80mm * Replace assert with enforce * PNG: always strip the existing iCCP chunk * Account for header bytes for Exif and XMP boxes * Fix Integer overflow in Photoshop::setIptcIrb * Fix Integer-overflow in sumToLong * Fix out of bounds read in isValidBoxFileType() * Fix in Jp2 metadata writing & improvements in reading * Strip XMP raw packet before decoding * Add tiff tags * Add more DNG 1.6 tags * Fix bug in iterating over the elements of dateStrings * Use memmove in TiffEncoder::updateDirEntry * Treat Exif.Sony1.PreviewImage as undefined tag * Wed Jan 04 2023 Dirk Müller - switch to ctest for running the testsuite * Mon Dec 12 2022 Dirk Müller - switch to pkgconfig(zlib) so that alternative providers can be used- require zlib from devel package * Mon Nov 14 2022 Dirk Müller - spec-cleaner run- add CVE-2022-3953.patch (CVE-2022-3953, bsc#1205391) * Wed Sep 28 2022 Dirk Müller - add tracker for SLE (jsc#PED-1393) * Sat Nov 13 2021 Dirk Müller - update to 0.27.5 (bsc#1189332, CVE-2021-37620, bsc#1189333, CVE-2021-37621, bsc#1189334, CVE-2021-37622, bsc#1189338, CVE-2021-34334, bsc#1189335, CVE-2021-37623, bsc#1189337, CVE-2021-32815, bsc#1189340, CVE-2021-34335, bsc#1189341, CVE-2021-37615, bsc#1185003, CVE-2021-29458): * BMFF bug fixes including CR3 previews * Security fixes * libFuzzer target * Exiv2 monitored by oss-fuzz * Minor bugs and fixes * Fri Jun 18 2021 Marcus Rueckert - enable bmff format- disable docs for now: - graphviz was failing for a long time when trying to render the pngs as graphviz-gd was missing - even after adding this it still fails with missing fonts * Fri Jun 18 2021 Marcus Rueckert - Update to 0.27.4 (bsc#1186053, CVE-2021-29623, bsc#1185447, CVE-2021-29470, bsc#1185002, CVE-2021-29457, bsc#1188733, CVE-2021-31291, bsc#1186192, CVE-2021-32617, bsc#1185913, CVE-2021-29463): - Support for bmff files (HEIC, HEIF, AVIF, CR3, JXL/bmff) - Bash test scripts rewritten in python - DNG 1.6 and Exif 2.32 support - Bug and Security fixes - Updated build and test environments - Localisation support on Crowdin - Revised documentation - Other improvements- drop 1271.patch: included in update * Wed May 12 2021 Dominique Leuenberger - Add 1271.patch: Fix build using GCC 11 (boo#1185218).- Drop the sed hack to remove -fcf-protection: this is properly solved with the above patch. * Wed May 12 2021 Ludwig Nussel - -fcf-protection doesn\'t work on i586 with gcc11 either (boo#1185218)
|
|
|