!32 update to 0.6.24

From: @dedv_dwe 
Reviewed-by: @leeffo 
Signed-off-by: @leeffo

41bd04234b104312f54d25822f68738ba8d7133d.patch

@@ -1,60 +0,0 @@
-From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Tue, 25 Jul 2017 23:44:44 +0200
-Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
- makernote entries.
-
-This should fix:
-https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
----
- libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
-index d03d159..ea0429a 100644
---- a/libexif/pentax/mnote-pentax-entry.c
-+++ b/libexif/pentax/mnote-pentax-entry.c
-@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 		case EXIF_FORMAT_SHORT:
- 		  {
- 			const unsigned char *data = entry->data;
--		  	size_t k, len = strlen(val);
-+		  	size_t k, len = strlen(val), sizeleft;
-+
-+			sizeleft = entry->size;
- 		  	for(k=0; k<entry->components; k++) {
-+				if (sizeleft < 2)
-+					break;
- 				vs = exif_get_short (data, entry->order);
- 				snprintf (val+len, maxlen-len, "%i ", vs);
- 				len = strlen(val);
- 				data += 2;
-+				sizeleft -= 2;
- 			}
- 		  }
- 		  break;
- 		case EXIF_FORMAT_LONG:
- 		  {
- 			const unsigned char *data = entry->data;
--		  	size_t k, len = strlen(val);
-+		  	size_t k, len = strlen(val), sizeleft;
-+
-+			sizeleft = entry->size;
- 		  	for(k=0; k<entry->components; k++) {
-+				if (sizeleft < 4)
-+					break;
- 				vl = exif_get_long (data, entry->order);
- 				snprintf (val+len, maxlen-len, "%li", (long int) vl);
- 				len = strlen(val);
- 				data += 4;
-+				sizeleft -= 4;
- 			}
- 		  }
- 		  break;
-@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 		break;
- 	}
- 
--	return (val);
-+	return val;
- }

CVE-2018-20030.patch

@@ -1,93 +0,0 @@
---- libexif-0.6.21-bak/libexif/exif-data.c	2019-06-13 21:49:15.711000000 -0400
-+++ libexif-0.6.21/libexif/exif-data.c	2019-06-13 23:31:41.672000000 -0400
-@@ -35,6 +35,7 @@
- #include <libexif/olympus/exif-mnote-data-olympus.h>
- #include <libexif/pentax/exif-mnote-data-pentax.h>
- 
-+#include <math.h>
- #include <stdlib.h>
- #include <stdio.h>
- #include <string.h>
-@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) {				\
- 	break;						\
- }
- 
-+/*! Calculate the recursion cost added by one level of IFD loading.
-+ *
-+ * The work performed is related to the cost in the exponential relation
-+ *   work=1.1**cost
-+ */
-+static unsigned int
-+level_cost(unsigned int n)
-+{
-+    static const double log_1_1 = 0.09531017980432493;
-+
-+	/* Adding 0.1 protects against the case where n==1 */
-+	return ceil(log(n + 0.1)/log_1_1);
-+}
-+
- /*! Load data for an IFD.
-  *
-  * \param[in,out] data #ExifData
-@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) {				\
-  * \param[in] d pointer to buffer containing raw IFD data
-  * \param[in] ds size of raw data in buffer at \c d
-  * \param[in] offset offset into buffer at \c d at which IFD starts
-- * \param[in] recursion_depth number of times this function has been
-- * recursively called without returning
-+ * \param[in] recursion_cost factor indicating how expensive this recursive
-+ * call could be
-  */
- static void
- exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- 			     const unsigned char *d,
--			     unsigned int ds, unsigned int offset, unsigned int recursion_depth)
-+			     unsigned int ds, unsigned int offset, unsigned int recursion_cost)
- {
- 	ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
- 	ExifShort n;
-@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *d
- 	if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
- 	  return;
- 
--	if (recursion_depth > 30) {
-+      	if (recursion_cost > 170) {
-+		/*
-+		 * recursion_cost is a logarithmic-scale indicator of how expensive this
-+		 * recursive call might end up being. It is an indicator of the depth of
-+		 * recursion as well as the potential for worst-case future recursive
-+		 * calls. Since it's difficult to tell ahead of time how often recursion
-+		 * will occur, this assumes the worst by assuming every tag could end up
-+		 * causing recursion.
-+		 * The value of 170 was chosen to limit typical EXIF structures to a
-+		 * recursive depth of about 6, but pathological ones (those with very
-+		 * many tags) to only 2.
-+		 */ 
- 		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
--			  "Deep recursion detected!");
-+               		  "Deep/expensive recursion detected!"); 
- 		return;
- 	}
- 
-@@ -422,15 +448,18 @@ exif_data_load_data_content (ExifData *d
- 			switch (tag) {
- 			case EXIF_TAG_EXIF_IFD_POINTER:
- 				CHECK_REC (EXIF_IFD_EXIF);
--				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1);
-+				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o,
-+					recursion_cost + level_cost(n));
- 				break;
- 			case EXIF_TAG_GPS_INFO_IFD_POINTER:
- 				CHECK_REC (EXIF_IFD_GPS);
--				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1);
-+				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o,
-+					recursion_cost + level_cost(n));
- 				break;
- 			case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
- 				CHECK_REC (EXIF_IFD_INTEROPERABILITY);
--				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1);
-+				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o,
-+					recursion_cost + level_cost(n));
- 				break;
- 			case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
- 				thumbnail_offset = o;

libexif-0.6.21_CVE-2017-7544.patch

@@ -1,17 +0,0 @@
-diff --git a/libexif/exif-data.c b/libexif/exif-data.c
-index 67df4db..91f4c33 100644
---- a/libexif/exif-data.c
-+++ b/libexif/exif-data.c
-@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e,
- 			exif_mnote_data_set_offset (data->priv->md, *ds - 6);
- 			exif_mnote_data_save (data->priv->md, &e->data, &e->size);
- 			e->components = e->size;
-+			if (exif_format_get_size (e->format) != 1) {
-+				/* e->format is taken from input code,
-+				 * but we need to make sure it is a 1 byte
-+				 * entity due to the multiplication below. */
-+				e->format = EXIF_FORMAT_UNDEFINED;
-+			}
- 		}
- 	}
- 

libexif-bugfix-division-0.patch

@@ -1,37 +0,0 @@
-From d66dea055522290c1ef34e3ae914146cd52b5d8e Mon Sep 17 00:00:00 2001
-From: songnannan2 <songnannan2@huawei.com>
-Date: Sat, 15 Feb 2020 20:44:53 +0800
-Subject: [PATCH] libexif: modification summary
-
----
- libexif-0.6.21/libexif/exif-entry.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
-index 54a90a2..436e8a7 100644
---- a/libexif/exif-entry.c
-+++ b/libexif/exif-entry.c
-@@ -1085,7 +1085,7 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
- 			break;
- 		}
- 		d = (double) v_rat.numerator / (double) v_rat.denominator;
--		if (d < 1)
-+		if (d < 1 && d)
- 			snprintf (val, maxlen, _("1/%i"), (int) (0.5 + 1. / d));
- 		else
- 			snprintf (val, maxlen, "%i", (int) d);
-@@ -1102,8 +1102,9 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
- 		}
- 		d = (double) v_srat.numerator / (double) v_srat.denominator;
- 		snprintf (val, maxlen, _("%.02f EV"), d);
--		d = 1. / pow (2, d);
--		if (d < 1)
-+		if (pow (2, d))
-+			d = 1. / pow (2, d);
-+		if (d < 1 && d)
- 		  snprintf (b, sizeof (b), _(" (1/%d sec.)"), (int) (1. / d));
- 		else
- 		  snprintf (b, sizeof (b), _(" (%d sec.)"), (int) d);
--- 
-2.19.1
-

libexif-bugfix-integer-overflow-pentax.patch

@@ -1,25 +0,0 @@
-From 9474cc8aef621e83b00dd4c414a834426415bfbe Mon Sep 17 00:00:00 2001
-From: songnannan2 <songnannan2@huawei.com>
-Date: Tue, 18 Feb 2020 23:00:27 +0800
-Subject: [PATCH] bugfix about can not be represented in type int
-
----
- libexif-0.6.21/libexif/pentax/mnote-pentax-entry.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
-index dcb1560..691a2bd 100644
---- a/libexif/pentax/mnote-pentax-entry.c
-+++ b/libexif/pentax/mnote-pentax-entry.c
-@@ -365,7 +365,7 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 			CF (entry->format, EXIF_FORMAT_SHORT, val, maxlen);
- 			CC2 (entry->components, 1, 2, val, maxlen);
- 			vs = exif_get_short (entry->data, entry->order);
--			vs2 = exif_get_short (entry->data+2, entry->order) << 16;
-+			vs2 = (ExifShort)exif_get_short (entry->data+2, entry->order) << 16;
- 
- 			/* search the tag */
- 			for (i = 0; (items2[i].tag && items2[i].tag != entry->tag); i++);
--- 
-2.19.1
-

libexif-bugfix-integer-overflow.patch

@@ -1,25 +0,0 @@
-From c7c4de72c04b5b795ce8df9c49648431bd22ee7e Mon Sep 17 00:00:00 2001
-From: songnannan2 <songnannan2@huawei.com>
-Date: Mon, 17 Feb 2020 15:41:28 +0800
-Subject: [PATCH] bugfix in Integer overflow
-
----
- libexif/exif-loader.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libexif-0.6.21/libexif/exif-loader.c b/libexif-0.6.21/libexif/exif-loader.c
-index 317b86b..e376465 100644
---- a/libexif/exif-loader.c
-+++ b/libexif/exif-loader.c
-@@ -239,7 +239,7 @@ exif_loader_write (ExifLoader *eld, unsigned char *buf, unsigned int len)
- 			break;
- 
- 		case EL_READ_SIZE_BYTE_24:
--			eld->size |= eld->b[i] << 24;
-+			eld->size |= (unsigned int)eld->b[i] << 24;
- 			eld->state = EL_READ_SIZE_BYTE_16;
- 			break;
- 		case EL_READ_SIZE_BYTE_16:
--- 
-2.19.1
-

libexif-bugfix-overflow.patch

@@ -1,36 +0,0 @@
-From f9bb9f263fb00f0603ecbefa8957cad24168cbff Mon Sep 17 00:00:00 2001
-From: Dan Fandrich <dan@coneharvesters.com>
-Date: Wed, 4 Jul 2018 11:06:09 +0200
-Subject: [PATCH] Fix a buffer read overflow in exif_entry_get_value
-
-While parsing EXIF_TAG_FOCAL_LENGTH it was possible to read 8 bytes past
-the end of a heap buffer. This was detected by the OSS Fuzz project.
-Patch from Google.
-
-Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7344 and
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14543
----
- libexif/exif-entry.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
-index 61260d3..a224ac2 100644
---- a/libexif/exif-entry.c
-+++ b/libexif/exif-entry.c
-@@ -1040,12 +1040,12 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
- 		d = 0.;
- 		entry = exif_content_get_entry (
- 			e->parent->parent->ifd[EXIF_IFD_0], EXIF_TAG_MAKE);
--		if (entry && entry->data &&
-+		if (entry && entry->data && entry->size >= 7 &&
- 		    !strncmp ((char *)entry->data, "Minolta", 7)) {
- 			entry = exif_content_get_entry (
- 					e->parent->parent->ifd[EXIF_IFD_0],
- 					EXIF_TAG_MODEL);
--			if (entry && entry->data) {
-+			if (entry && entry->data && entry->size >= 8) {
- 				if (!strncmp ((char *)entry->data, "DiMAGE 7", 8))
- 					d = 3.9;
- 				else if (!strncmp ((char *)entry->data, "DiMAGE 5", 8))
-
-

libexif-bugfix-unsigned-int.patch

@@ -1,30 +0,0 @@
-From cf37dc7934bbb10dc5d0c17db260a25aa2831595 Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Sat, 18 Jan 2020 19:50:38 +0100
-Subject: [PATCH] cast to unsigned int before shifting left
-
-(weird integer promotion, a unsigned char will be first tried to be promoted to "int" apparently,
-so we need to cast it to avoid implicit behaviour)
-
-fixes https://github.com/libexif/libexif/issues/20
----
- libexif/exif-utils.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libexif/exif-utils.c b/libexif/exif-utils.c
-index 9083ddc..8a92907 100644
---- a/libexif/exif-utils.c
-+++ b/libexif/exif-utils.c
-@@ -132,9 +132,9 @@ exif_get_slong (const unsigned char *b, ExifByteOrder order)
- 	if (!b) return 0;
-         switch (order) {
-         case EXIF_BYTE_ORDER_MOTOROLA:
--                return ((b[0] << 24) | (b[1] << 16) | (b[2] << 8) | b[3]);
-+                return (((uint32_t)b[0] << 24) | ((uint32_t)b[1] << 16) | ((uint32_t)b[2] << 8) | (uint32_t)b[3]);
-         case EXIF_BYTE_ORDER_INTEL:
--                return ((b[3] << 24) | (b[2] << 16) | (b[1] << 8) | b[0]);
-+                return (((uint32_t)b[3] << 24) | ((uint32_t)b[2] << 16) | ((uint32_t)b[1] << 8) | (uint32_t)b[0]);
-         }
- 
- 	/* Won't be reached */
-

libexif.spec

@@ -1,21 +1,13 @@
 Name:           libexif
 Summary:        Library for extracting extra information from image files
-Version:        0.6.21
-Release:        20
+Version:        0.6.24
+Release:        1
 License:        LGPLv2+
 URL:            https://libexif.github.io/
-Source0:        https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
 
-Patch0:         41bd04234b104312f54d25822f68738ba8d7133d.patch
-Patch6000:      libexif-0.6.21_CVE-2017-7544.patch
-Patch6001:      CVE-2018-20030.patch
-Patch6003:      libexif-bugfix-division-0.patch
-Patch6004:	libexif-bugfix-integer-overflow.patch
-Patch6005: 	libexif-bugfix-unsigned-int.patch
-Patch6006:	libexif-bugfix-overflow.patch
-Patch9001:	libexif-bugfix-integer-overflow-pentax.patch
+Source0:        https://github.com/libexif/libexif/archive/libexif-%(echo %{version} | sed "s/\./_/g")-release.tar.gz
 
-BuildRequires:  autoconf automake doxygen gettext-devel libtool pkgconfig git
+BuildRequires:  autoconf automake doxygen gettext-devel libtool pkgconfig
 
 %description
 Most digital cameras produce EXIF files, which are JPEG files with
@@ -25,6 +17,7 @@ allows you to parse an EXIF file and read the data from those tags.
 %package        devel
 Summary:        Files needed for libexif application development
 Requires:       %{name}%{?_isa} = %{version}-%{release} pkgconfig
+Requires:       pkgconfig
 
 %description devel
 The libexif-devel package contains the libraries and header files
@@ -33,15 +26,18 @@ for writing programs that use libexif.
 %package_help
 
 %prep
-%autosetup -n %{name}-%{version} -p1 -S git
+%autosetup -n libexif-libexif-0_6_24-release -p1 
+
 %build
 autoreconf -fiv
-%configure
+%configure --disable-static
 %make_build
 
 %install
 %make_install
 %delete_la
+
+rm -rf %{buildroot}%{_datadir}/doc/libexif
 cp -R doc/doxygen-output/libexif-api.html .
 iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING
 iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README
@@ -62,15 +58,28 @@ make check
 %defattr(-,root,root)
 %{_includedir}/libexif
 %{_libdir}/*.so
-%{_libdir}/*.a
 %{_libdir}/pkgconfig/*.pc
-%exclude %{_datadir}/doc/libexif
 
 %files help
 %defattr(-,root,root)
 %doc libexif-api.html NEWS
 
 %changelog
+* Fri Aug 18 2023 wangqia <wangqia@uniontech.com> - 0.6.24-1
+- update to 0.6.24
+
+* Tue Oct 18 2022 wangkerong <wangkerong@h-partners.com> - 0.6.21-3
+- fix fuzz test error
+
+* Thu Sep 10 2020 hanhui <hanhui15@huawei.com> - 0.6.21-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:modify source url
+
+* Sat Aug 8 2020 yanan <yanan@huawei.com> - 0.6.22-1
+- update to 0.6.22
+
 * Tue Mar 10 2020 songnannan <songnannan2@huawei.com> - 0.6.21-20
 - bugfix in oss-fuzz
 

libexif.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo: libexif/libexif
+tag_prefix: libexif-(.*)-release
+seperator: _