fix an integer overflow

libexif-integer-overflow.patch

@@ -0,0 +1,22 @@
+Patch to prevent integer overflow that might result in out-of-bound
+write in memcpy() #240055
+
+Index: libexif/exif-data.c
+===================================================================
+RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
+retrieving revision 1.89
+retrieving revision 1.90
+diff -u -p -r1.89 -r1.90
+--- libexif/exif-data.c	9 May 2007 06:09:05 -0000	1.89
++++ libexif/exif-data.c	10 May 2007 14:32:01 -0000	1.90
+@@ -179,7 +179,9 @@ exif_data_load_data_entry (ExifData *dat
+ 	else
+ 		doff = offset + 8;
+ 
+-	/* Sanity check */
++	/* Sanity checks */
++	if ((doff + s < doff) || (doff + s < s))
++		return 0;
+ 	if (size < doff + s)
+ 		return 0;
+ 

libexif.spec

@@ -1,13 +1,14 @@
 Summary: Library for extracting extra information from image files
 Name: libexif
 Version: 0.6.13
-Release: 3%{?dist}
+Release: 4%{?dist}
 Group: System Environment/Libraries
 License: LGPL
 URL: http://libexif.sourceforge.net/
 Source0: libexif-%{version}.tar.bz2 
 Source1: libexif-docs.tar.gz
 Patch0: libexif-0.6.13-dont-build-docs.patch
+Patch1: libexif-integer-overflow.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) 
 BuildRequires: doxygen
 
@@ -32,6 +33,7 @@ for writing programs that use libexif.
 # and neuter make all in the docs dir
 tar xzf %{SOURCE1}
 %patch0 -p1 -b .dont-build-docs
+%patch1 -p0 -b .integer-overflow
 
 %build
 %configure --disable-static --disable-docs
@@ -67,6 +69,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/libexif.pc
 
 %changelog
+* Thu May 24 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.13-4
+- Add patch for CVE-2007-2645.
+
 * Sun Feb  4 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.13-3
 - Package review cleanups
 - Avoid multilib conflicts by using pregenerated docs