commit 4c5ada2a3bbde181d052eb7f59d788708c49144b
Author: overweight <5324761+overweight@user.noreply.gitee.com>
Date:   Mon Sep 30 10:56:00 2019 -0400

    Package init

diff --git a/41bd04234b104312f54d25822f68738ba8d7133d.patch b/41bd04234b104312f54d25822f68738ba8d7133d.patch
new file mode 100644
index 0000000..0568f27
--- /dev/null
+++ b/41bd04234b104312f54d25822f68738ba8d7133d.patch
@@ -0,0 +1,60 @@
+From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Tue, 25 Jul 2017 23:44:44 +0200
+Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
+ makernote entries.
+
+This should fix:
+https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
+---
+ libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
+index d03d159..ea0429a 100644
+--- a/libexif/pentax/mnote-pentax-entry.c
++++ b/libexif/pentax/mnote-pentax-entry.c
+@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ 		case EXIF_FORMAT_SHORT:
+ 		  {
+ 			const unsigned char *data = entry->data;
+-		  	size_t k, len = strlen(val);
++		  	size_t k, len = strlen(val), sizeleft;
++
++			sizeleft = entry->size;
+ 		  	for(k=0; k<entry->components; k++) {
++				if (sizeleft < 2)
++					break;
+ 				vs = exif_get_short (data, entry->order);
+ 				snprintf (val+len, maxlen-len, "%i ", vs);
+ 				len = strlen(val);
+ 				data += 2;
++				sizeleft -= 2;
+ 			}
+ 		  }
+ 		  break;
+ 		case EXIF_FORMAT_LONG:
+ 		  {
+ 			const unsigned char *data = entry->data;
+-		  	size_t k, len = strlen(val);
++		  	size_t k, len = strlen(val), sizeleft;
++
++			sizeleft = entry->size;
+ 		  	for(k=0; k<entry->components; k++) {
++				if (sizeleft < 4)
++					break;
+ 				vl = exif_get_long (data, entry->order);
+ 				snprintf (val+len, maxlen-len, "%li", (long int) vl);
+ 				len = strlen(val);
+ 				data += 4;
++				sizeleft -= 4;
+ 			}
+ 		  }
+ 		  break;
+@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ 		break;
+ 	}
+ 
+-	return (val);
++	return val;
+ }
diff --git a/CVE-2018-20030.patch b/CVE-2018-20030.patch
new file mode 100644
index 0000000..5c15587
--- /dev/null
+++ b/CVE-2018-20030.patch
@@ -0,0 +1,93 @@
+--- libexif-0.6.21-bak/libexif/exif-data.c	2019-06-13 21:49:15.711000000 -0400
++++ libexif-0.6.21/libexif/exif-data.c	2019-06-13 23:31:41.672000000 -0400
+@@ -35,6 +35,7 @@
+ #include <libexif/olympus/exif-mnote-data-olympus.h>
+ #include <libexif/pentax/exif-mnote-data-pentax.h>
+ 
++#include <math.h>
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
+@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) {				\
+ 	break;						\
+ }
+ 
++/*! Calculate the recursion cost added by one level of IFD loading.
++ *
++ * The work performed is related to the cost in the exponential relation
++ *   work=1.1**cost
++ */
++static unsigned int
++level_cost(unsigned int n)
++{
++    static const double log_1_1 = 0.09531017980432493;
++
++	/* Adding 0.1 protects against the case where n==1 */
++	return ceil(log(n + 0.1)/log_1_1);
++}
++
+ /*! Load data for an IFD.
+  *
+  * \param[in,out] data #ExifData
+@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) {				\
+  * \param[in] d pointer to buffer containing raw IFD data
+  * \param[in] ds size of raw data in buffer at \c d
+  * \param[in] offset offset into buffer at \c d at which IFD starts
+- * \param[in] recursion_depth number of times this function has been
+- * recursively called without returning
++ * \param[in] recursion_cost factor indicating how expensive this recursive
++ * call could be
+  */
+ static void
+ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 			     const unsigned char *d,
+-			     unsigned int ds, unsigned int offset, unsigned int recursion_depth)
++			     unsigned int ds, unsigned int offset, unsigned int recursion_cost)
+ {
+ 	ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
+ 	ExifShort n;
+@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *d
+ 	if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
+ 	  return;
+ 
+-	if (recursion_depth > 30) {
++      	if (recursion_cost > 170) {
++		/*
++		 * recursion_cost is a logarithmic-scale indicator of how expensive this
++		 * recursive call might end up being. It is an indicator of the depth of
++		 * recursion as well as the potential for worst-case future recursive
++		 * calls. Since it's difficult to tell ahead of time how often recursion
++		 * will occur, this assumes the worst by assuming every tag could end up
++		 * causing recursion.
++		 * The value of 170 was chosen to limit typical EXIF structures to a
++		 * recursive depth of about 6, but pathological ones (those with very
++		 * many tags) to only 2.
++		 */ 
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+-			  "Deep recursion detected!");
++               		  "Deep/expensive recursion detected!"); 
+ 		return;
+ 	}
+ 
+@@ -422,15 +448,18 @@ exif_data_load_data_content (ExifData *d
+ 			switch (tag) {
+ 			case EXIF_TAG_EXIF_IFD_POINTER:
+ 				CHECK_REC (EXIF_IFD_EXIF);
+-				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1);
++				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o,
++					recursion_cost + level_cost(n));
+ 				break;
+ 			case EXIF_TAG_GPS_INFO_IFD_POINTER:
+ 				CHECK_REC (EXIF_IFD_GPS);
+-				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1);
++				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o,
++					recursion_cost + level_cost(n));
+ 				break;
+ 			case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
+ 				CHECK_REC (EXIF_IFD_INTEROPERABILITY);
+-				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1);
++				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o,
++					recursion_cost + level_cost(n));
+ 				break;
+ 			case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
+ 				thumbnail_offset = o;
diff --git a/libexif-0.6.21.tar.bz2 b/libexif-0.6.21.tar.bz2
new file mode 100644
index 0000000..1864b66
Binary files /dev/null and b/libexif-0.6.21.tar.bz2 differ
diff --git a/libexif-0.6.21_CVE-2017-7544.patch b/libexif-0.6.21_CVE-2017-7544.patch
new file mode 100644
index 0000000..166334a
--- /dev/null
+++ b/libexif-0.6.21_CVE-2017-7544.patch
@@ -0,0 +1,17 @@
+diff --git a/libexif/exif-data.c b/libexif/exif-data.c
+index 67df4db..91f4c33 100644
+--- a/libexif/exif-data.c
++++ b/libexif/exif-data.c
+@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e,
+ 			exif_mnote_data_set_offset (data->priv->md, *ds - 6);
+ 			exif_mnote_data_save (data->priv->md, &e->data, &e->size);
+ 			e->components = e->size;
++			if (exif_format_get_size (e->format) != 1) {
++				/* e->format is taken from input code,
++				 * but we need to make sure it is a 1 byte
++				 * entity due to the multiplication below. */
++				e->format = EXIF_FORMAT_UNDEFINED;
++			}
+ 		}
+ 	}
+ 
diff --git a/libexif.spec b/libexif.spec
new file mode 100644
index 0000000..bf60ff2
--- /dev/null
+++ b/libexif.spec
@@ -0,0 +1,71 @@
+Name:           libexif
+Summary:        Library for extracting extra information from image files
+Version:        0.6.21
+Release:        18
+License:        LGPLv2+
+URL:            https://libexif.github.io/
+Source0:        https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
+#patch0 comes from fedora
+Patch0:         41bd04234b104312f54d25822f68738ba8d7133d.patch
+
+Patch6000:      libexif-0.6.21_CVE-2017-7544.patch
+Patch6001:      CVE-2018-20030.patch
+
+BuildRequires:  autoconf automake doxygen gettext-devel libtool pkgconfig git
+
+%description
+Most digital cameras produce EXIF files, which are JPEG files with
+extra tags that contain information about the image. The EXIF library
+allows you to parse an EXIF file and read the data from those tags.
+
+%package        devel
+Summary:        Files needed for libexif application development
+Requires:       %{name}%{?_isa} = %{version}-%{release} pkgconfig
+
+%description devel
+The libexif-devel package contains the libraries and header files
+for writing programs that use libexif.
+
+%package_help
+
+%prep
+%autosetup -n %{name}-%{version} -p1 -S git
+%build
+autoreconf -fiv
+%configure
+%make_build
+
+%install
+%make_install
+%delete_la
+cp -R doc/doxygen-output/libexif-api.html .
+iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING
+iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README
+%find_lang libexif-12
+
+%check
+make check
+
+%ldconfig_scriptlets
+
+%files -f libexif-12.lang
+%defattr(-,root,root)
+%doc COPYING README
+%{_libdir}/libexif.so.*
+
+%files devel
+%defattr(-,root,root)
+%{_includedir}/libexif
+%{_libdir}/*.so
+%{_libdir}/*.a
+%{_libdir}/pkgconfig/*.pc
+%exclude %{_datadir}/doc/libexif
+
+%files help
+%defattr(-,root,root)
+%doc libexif-api.html NEWS
+
+%changelog
+* Thu Sep 12 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.6.21-18
+- Package init
+