Subject: CVS commit: [pkgsrc-2020Q1] pkgsrc/graphics/libexif
From: Benny Siegert
Date: 2020-05-20 21:15:26
Message id: 20200520191526.53D7AFB27@cvs.NetBSD.org
Log Message:
Pullup ticket #6205 - requested by nia
graphics/libexif: security fix

Revisions pulled up:
- graphics/libexif/Makefile                                     1.48
- graphics/libexif/PLIST                                        1.22
- graphics/libexif/distinfo                                     1.32
- graphics/libexif/patches/patch-libexif_exif-data.c            deleted

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Tue May 19 11:20:01 UTC 2020

   Modified Files:
   	pkgsrc/graphics/libexif: Makefile PLIST distinfo
   Removed Files:
   	pkgsrc/graphics/libexif/patches: patch-libexif_exif-data.c

   Log Message:
   libexif: Update to 0.6.22

   libexif-0.6.22 (2020-05-18):
     * New translations: ms
     * Updated translations for most languages
     * Fixed C89 compatibility
     * Fixed warnings on recent versions of autoconf
     * Some useful EXIF 2.3 tag added:
       * EXIF_TAG_GAMMA
       * EXIF_TAG_COMPOSITE_IMAGE
       * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
       * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
       * EXIF_TAG_GPS_H_POSITIONING_ERROR
       * EXIF_TAG_CAMERA_OWNER_NAME
       * EXIF_TAG_BODY_SERIAL_NUMBER
       * EXIF_TAG_LENS_SPECIFICATION
       * EXIF_TAG_LENS_MAKE
       * EXIF_TAG_LENS_MODEL
       * EXIF_TAG_LENS_SERIAL_NUMBER
     * Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others.
       * CVE-2018-20030: Fix for recursion DoS
       * CVE-2020-13114: Time consumption DoS when parsing canon array markers
       * CVE-2020-13113: Potential use of uninitialized memory
       * CVE-2020-13112: Various buffer overread fixes due to integer overflows \ 
in maker notes
       * CVE-2020-0093: read overflow
       * CVE-2019-9278: replaced integer overflow checks the compiler could \ 
optimize away by safer constructs
       * CVE-2020-12767: fixed division by zero
       * CVE-2016-6328: fixed integer overflow when parsing maker notes
       * CVE-2017-7544: fixed buffer overread
Files:
RevisionActionfile
1.47.2.1modifypkgsrc/graphics/libexif/Makefile
1.21.42.1modifypkgsrc/graphics/libexif/PLIST
1.31.2.1modifypkgsrc/graphics/libexif/distinfo
1.2removepkgsrc/graphics/libexif/patches/patch-libexif_exif-data.c