4 changed files with 47 additions and 235 deletions
--- a/SOURCES/avoid-overflow-on-32bit-system-when-reading-nikon-makernotes.patch
+++ b/SOURCES/avoid-overflow-on-32bit-system-when-reading-nikon-makernotes.patch
@ -1,30 +0,0 @@
 From 93003b93e50b3d259bd2227d8775b73a53c35d58 Mon Sep 17 00:00:00 2001
 From: Marcus Meissner <meissner@suse.de>
 Date: Fri, 3 Apr 2026 11:18:47 +0200
 Subject: [PATCH] Avoid overflow on 32bit system when reading Nikon MakerNotes
 The addition o2 = datao + exif_get_long(buf + o2, n->order)
 could have overflowed on systems with 32bit unsigned int size_t.
 This could have caused out of bound reads of data, leading to
 misparsing of exif / crashes.
 Reported-By: Kerwin <kerwinxia66001@gmail.com>
 ---
 libexif/olympus/exif-mnote-data-olympus.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c
 index 428f365..37f08ff 100644
 --- a/libexif/olympus/exif-mnote-data-olympus.c
 +++ b/libexif/olympus/exif-mnote-data-olympus.c
@@ -386,6 +386,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
 		o2 += 2;
 		/* Go to where the number of entries is. */
 +		if (CHECKOVERFLOW(o2,buf_size,exif_get_long (buf + o2, n->order))) return;
 		o2 = datao + exif_get_long (buf + o2, n->order);
 		break;
 --
 2.53.0
--- a/SOURCES/fixed-2-unsigned-integer-underflows.patch
+++ b/SOURCES/fixed-2-unsigned-integer-underflows.patch
@ -1,41 +0,0 @@
 From dc6eac6e9655d14d0779d99e82d0f5f442d2f34b Mon Sep 17 00:00:00 2001
 From: Marcus Meissner <meissner@suse.de>
 Date: Thu, 2 Apr 2026 13:26:31 +0200
 Subject: [PATCH] fixed 2 unsigned integer underflows
 this could cause crashes or data leaks.
 Reported-by: Kerwin <kerwinxia66001@gmail.com>
 ---
 libexif/fuji/exif-mnote-data-fuji.c       | 2 +-
 libexif/olympus/exif-mnote-data-olympus.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 diff --git a/libexif/fuji/exif-mnote-data-fuji.c b/libexif/fuji/exif-mnote-data-fuji.c
 index c28c541..2dcb877 100644
 --- a/libexif/fuji/exif-mnote-data-fuji.c
 +++ b/libexif/fuji/exif-mnote-data-fuji.c
@@ -70,7 +70,7 @@ exif_mnote_data_fuji_get_value (ExifMnoteData *d, unsigned int i, char *val, uns
 	ExifMnoteDataFuji *n = (ExifMnoteDataFuji *) d;
 	if (!d || !val) return NULL;
 -	if (i > n->count -1) return NULL;
 +	if (i >= n->count) return NULL;
 /*
 	exif_log (d->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataFuji",
 		  "Querying value for tag '%s'...",
 diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c
 index a57af17..428f365 100644
 --- a/libexif/olympus/exif-mnote-data-olympus.c
 +++ b/libexif/olympus/exif-mnote-data-olympus.c
@@ -78,7 +78,7 @@ exif_mnote_data_olympus_get_value (ExifMnoteData *d, unsigned int i, char *val,
 	ExifMnoteDataOlympus *n = (ExifMnoteDataOlympus *) d;
 	if (!d || !val) return NULL;
 -	if (i > n->count -1) return NULL;
 +	if (i >= n->count) return NULL;
 /*
 	exif_log (d->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
 		  "Querying value for tag '%s'...",
 --
 2.53.0
--- a/SOURCES/strip-gettext-nondeterminism
+++ b/SOURCES/strip-gettext-nondeterminism
@ -1,117 +0,0 @@
 #!/usr/bin/perl
 #
 # This is a hacked version of gettext.pm from Debian's strip-nondeterminism project.
 # It is a workaround for https://savannah.gnu.org/bugs/?49654
 #
 # Copyright 2016 Reiner Herrmann <reiner@reiner-h.de>
 # Copyright 2016 Chris Lamb <lamby@debian.org>
 #
 # This file is part of strip-nondeterminism.
 #
 # strip-nondeterminism is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # strip-nondeterminism is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with strip-nondeterminism.  If not, see <http://www.gnu.org/licenses/>.
 #
 use Time::Piece;
 use POSIX qw(strftime);
 use strict;
 use warnings;
 =head1 DEPRECATION PLAN
 Situation unclear. Whilst #792687 is closed, many Gettext related files are
 being normalised based on anecdotal viewings of build logs.
 =cut
 sub read_file($) {
 	my $filename = shift;
 	local $/ = undef;
 	open(my $fh, '<', $filename)
 	  or die "Can't open file $filename for reading: $!";
 	binmode($fh);
 	my $buf = <$fh>;
 	close($fh);
 	return $buf;
 }
 sub normalize {
 	my ($mo_filename, %options) = @_;
 	my $fmt;
 	my $buf = read_file($mo_filename);
 	my $magic = unpack("V", substr($buf, 0*4, 4));
 	if ($magic == 0x950412DE) {
 		# little endian
 		$fmt = "V";
 	} elsif ($magic == 0xDE120495) {
 		# big endian
 		$fmt = "N";
 	} else {
 		# unknown format
 		return 0;
 	}
 	my ($revision, $nstrings, $orig_to, $trans_to)
 	  = unpack($fmt x 4, substr($buf, 1*4, 4*4));
 	my $major = int($revision / 256);
 	my $minor = int($revision % 256);
 	return 0 if $major > 1;
 	my $modified = 0;
 	for (my $i=0; $i < $nstrings; $i++) {
 		my $len = unpack($fmt, substr($buf, $orig_to + $i*8, 4));
 		next if $len > 0;
 		my $offset = unpack($fmt, substr($buf, $orig_to + $i*8 + 4, 4));
 		my $trans_len = unpack($fmt, substr($buf, $trans_to + $i*8));
 		my $trans_offset = unpack($fmt, substr($buf, $trans_to + $i*8 + 4));
 		my $trans_msg = substr($buf, $trans_offset, $trans_len);
 		next unless $trans_msg =~ m/^POT-Creation-Date: (.*)/m;
 		my $pot_date = $1;
 		my $time;
 		eval {$time = Time::Piece->strptime($pot_date, "%Y-%m-%d %H:%M%z");};
 		next if $@;
 		my $new_time = strftime("%Y-%m-%d %H:%M+0000", gmtime(0));
 		$trans_msg
 		  =~ s/\QPOT-Creation-Date: $pot_date\E/POT-Creation-Date: $new_time/;
 		print("Replaced POT-Creation-Date $pot_date with $new_time.\n");
 		next if length($trans_msg) != $trans_len;
 		$buf
 		  = substr($buf, 0, $trans_offset)
 		  . $trans_msg
 		  . substr($buf, $trans_offset + $trans_len);
 		$modified = 1;
 	}
 	if ($modified) {
 		open(my $fh, '>', $mo_filename)
 		  or die "Can't open file $mo_filename for writing: $!";
 		binmode($fh);
 		print $fh $buf;
 		close($fh);
 	}
 	return $modified;
 }
 print("Removing timestamp from " . $ARGV[0] . "...\n");
 normalize($ARGV[0])
--- a/SPECS/libexif.spec
+++ b/SPECS/libexif.spec
@ -2,36 +2,23 @@ Summary:	Library for extracting extra information from image files
 Name:		libexif
 Version:	0.6.22
 Release:	6%{?dist}
 Group:		System Environment/Libraries
 License:	LGPLv2+
 URL:		https://libexif.github.io/
 %global tarball_version %(echo %{version} | sed -e 's|\\.|_|g')
 Source0:	https://github.com/libexif/libexif/archive/libexif-%{tarball_version}-release.tar.gz
 Source1:        strip-gettext-nondeterminism
-# https://bugzilla.redhat.com/show_bug.cgi?id=1847753
+# https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c
 # https://bugzilla.redhat.com/show_bug.cgi?id=1847761
 Patch0:         CVE-2020-0181-CVE-2020-0198.patch
 # https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06
 Patch1:         CVE-2020-0452.patch
 # CVE-2026-40386
 # https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b
 # CVE-2026-40385
 # https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58
 Patch2:         fixed-2-unsigned-integer-underflows.patch
 Patch3:         avoid-overflow-on-32bit-system-when-reading-nikon-makernotes.patch
 BuildRequires:	autoconf
 BuildRequires:	automake
 BuildRequires:	doxygen
 BuildRequires:	gettext-devel
 BuildRequires:	libtool
 BuildRequires:	pkgconfig
-
+BuildRequires: make
 # For strip-gettext-nondeterminism
 BuildRequires:  perl(Time::Piece)
 %description
 Most digital cameras produce EXIF files, which are JPEG files with
@ -40,38 +27,40 @@ allows you to parse an EXIF file and read the data from those tags.
 %package devel
 Summary:	Files needed for libexif application development
 Group:		Development/Libraries
 Requires:	%{name}%{?_isa} = %{version}-%{release}
 Requires:	pkgconfig
 %description devel
 The libexif-devel package contains the libraries and header files
 for writing programs that use libexif.
 %package doc
 Summary:	The EXIF Library API documentation
 Group:		Development/Libraries
 Requires:	%{name}%{?_isa} = %{version}-%{release}
 %description doc
 API Documentation for programmers wishing to use libexif in their programs.
 %prep
 %autosetup -n libexif-libexif-%{tarball_version}-release -p1
 %build
 autoreconf -fiv
-%configure --disable-static
+
-make %{?_smp_mflags}
+%configure \
  --disable-static
 %make_build
 %install
-make DESTDIR=%{buildroot} install
+%make_install
-find %{buildroot} -name "*.la" -exec rm -v {} \;
+
 rm -fv %{buildroot}%{_libdir}/lib*.la
 rm -rf %{buildroot}%{_datadir}/doc/libexif
 cp -R doc/doxygen-output/libexif-api.html .
 iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING
 iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README
 find %{buildroot} -type f -name '*.mo' -exec %{SOURCE1} {} \;
 %find_lang libexif-12
 %check
@ -80,43 +69,54 @@ make check
 %ldconfig_scriptlets
 %files -f libexif-12.lang
-%doc COPYING README NEWS
+%doc README NEWS
 %license COPYING
 %{_libdir}/libexif.so.12*
 %files devel
 %{_includedir}/libexif
-%{_libdir}/*.so
+%{_libdir}/libexif.so
 %{_libdir}/pkgconfig/libexif.pc
 %files doc
 %doc libexif-api.html
 %changelog
-* Thu May 07 2026 Jan Grulich <jgrulich@redhat.com> - 0.6.22-6
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.22-6
- Fix integer underflow in MakerNote decoding (CVE-2026-40386)
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
- Fix integer overflow in Nikon MakerNote handling (CVE-2026-40385)
+  Related: rhbz#1991688
  Resolves: RHEL-170243, RHEL-170220
-* Mon Dec 07 2020 Richard Hughes <rhughes@redhat.com> - 0.6.22-5
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.22-5
- Fix CVE-2020-0452
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 - Resolves: #1902594
-* Thu Jun 25 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-4
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.22-4
- Add patch for CVE-2020-0181/CVE-2020-0198
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 - Resolves: #1847753
 - Resolves: #1847761
-* Thu Jun 04 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-3
+* Mon Nov 09 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-3
- Also remove timezone from the .mo files
+- Fix CVE-2020-0181, CVE-2020-0198, and CVE-2020-0452
 - Related: #1841320
-* Wed Jun 03 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-2
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.22-2
- Remove timestamps from the .mo files to avoid multilib conflicts
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 - Related: #1841320
-* Mon Jun 01 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.6.22-1
+* Mon May 18 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.6.22-1
- Upgrade to 0.6.22
+- 0.6.22
- Resolves: #1841320
+- .spec cleanup
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-21
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-20
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Tue Feb 12 2019 Yaakov Selkowitz <yselkowi@redhat.com> - 0.6.21-19
 - Fix for CVE-2018-20030 (#1663879)
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-18
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-17
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.21-16
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild