41bd04234b104312f54d25822f68738ba8d7133d.patch

@@ -0,0 +1,60 @@
+From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Tue, 25 Jul 2017 23:44:44 +0200
+Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
+ makernote entries.
+
+This should fix:
+https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
+---
+ libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
+index d03d159..ea0429a 100644
+--- a/libexif/pentax/mnote-pentax-entry.c
++++ b/libexif/pentax/mnote-pentax-entry.c
+@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ 		case EXIF_FORMAT_SHORT:
+ 		  {
+ 			const unsigned char *data = entry->data;
+-		  	size_t k, len = strlen(val);
++		  	size_t k, len = strlen(val), sizeleft;
++
++			sizeleft = entry->size;
+ 		  	for(k=0; k<entry->components; k++) {
++				if (sizeleft < 2)
++					break;
+ 				vs = exif_get_short (data, entry->order);
+ 				snprintf (val+len, maxlen-len, "%i ", vs);
+ 				len = strlen(val);
+ 				data += 2;
++				sizeleft -= 2;
+ 			}
+ 		  }
+ 		  break;
+ 		case EXIF_FORMAT_LONG:
+ 		  {
+ 			const unsigned char *data = entry->data;
+-		  	size_t k, len = strlen(val);
++		  	size_t k, len = strlen(val), sizeleft;
++
++			sizeleft = entry->size;
+ 		  	for(k=0; k<entry->components; k++) {
++				if (sizeleft < 4)
++					break;
+ 				vl = exif_get_long (data, entry->order);
+ 				snprintf (val+len, maxlen-len, "%li", (long int) vl);
+ 				len = strlen(val);
+ 				data += 4;
++				sizeleft -= 4;
+ 			}
+ 		  }
+ 		  break;
+@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ 		break;
+ 	}
+ 
+-	return (val);
++	return val;
+ }

CVE-2018-20030.patch

@@ -0,0 +1,93 @@
+--- libexif-0.6.21-bak/libexif/exif-data.c	2019-06-13 21:49:15.711000000 -0400
++++ libexif-0.6.21/libexif/exif-data.c	2019-06-13 23:31:41.672000000 -0400
+@@ -35,6 +35,7 @@
+ #include <libexif/olympus/exif-mnote-data-olympus.h>
+ #include <libexif/pentax/exif-mnote-data-pentax.h>
+ 
++#include <math.h>
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
+@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) {				\
+ 	break;						\
+ }
+ 
++/*! Calculate the recursion cost added by one level of IFD loading.
++ *
++ * The work performed is related to the cost in the exponential relation
++ *   work=1.1**cost
++ */
++static unsigned int
++level_cost(unsigned int n)
++{
++    static const double log_1_1 = 0.09531017980432493;
++
++	/* Adding 0.1 protects against the case where n==1 */
++	return ceil(log(n + 0.1)/log_1_1);
++}
++
+ /*! Load data for an IFD.
+  *
+  * \param[in,out] data #ExifData
+@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) {				\
+  * \param[in] d pointer to buffer containing raw IFD data
+  * \param[in] ds size of raw data in buffer at \c d
+  * \param[in] offset offset into buffer at \c d at which IFD starts
+- * \param[in] recursion_depth number of times this function has been
+- * recursively called without returning
++ * \param[in] recursion_cost factor indicating how expensive this recursive
++ * call could be
+  */
+ static void
+ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 			     const unsigned char *d,
+-			     unsigned int ds, unsigned int offset, unsigned int recursion_depth)
++			     unsigned int ds, unsigned int offset, unsigned int recursion_cost)
+ {
+ 	ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
+ 	ExifShort n;
+@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *d
+ 	if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
+ 	  return;
+ 
+-	if (recursion_depth > 30) {
++      	if (recursion_cost > 170) {
++		/*
++		 * recursion_cost is a logarithmic-scale indicator of how expensive this
++		 * recursive call might end up being. It is an indicator of the depth of
++		 * recursion as well as the potential for worst-case future recursive
++		 * calls. Since it's difficult to tell ahead of time how often recursion
++		 * will occur, this assumes the worst by assuming every tag could end up
++		 * causing recursion.
++		 * The value of 170 was chosen to limit typical EXIF structures to a
++		 * recursive depth of about 6, but pathological ones (those with very
++		 * many tags) to only 2.
++		 */ 
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+-			  "Deep recursion detected!");
++               		  "Deep/expensive recursion detected!"); 
+ 		return;
+ 	}
+ 
+@@ -422,15 +448,18 @@ exif_data_load_data_content (ExifData *d
+ 			switch (tag) {
+ 			case EXIF_TAG_EXIF_IFD_POINTER:
+ 				CHECK_REC (EXIF_IFD_EXIF);
+-				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1);
++				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o,
++					recursion_cost + level_cost(n));
+ 				break;
+ 			case EXIF_TAG_GPS_INFO_IFD_POINTER:
+ 				CHECK_REC (EXIF_IFD_GPS);
+-				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1);
++				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o,
++					recursion_cost + level_cost(n));
+ 				break;
+ 			case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
+ 				CHECK_REC (EXIF_IFD_INTEROPERABILITY);
+-				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1);
++				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o,
++					recursion_cost + level_cost(n));
+ 				break;
+ 			case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
+ 				thumbnail_offset = o;

CVE-2020-0198.patch

@@ -1,58 +0,0 @@
-From ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Mon, 8 Jun 2020 17:27:06 +0200
-Subject: [PATCH] fixed another unsigned integer overflow
-
-first fixed by google in android fork,
-https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
-
-(use a more generic overflow check method, also check second overflow instance.)
-
-https://security-tracker.debian.org/tracker/CVE-2020-0198
----
- libexif/exif-data.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/libexif/exif-data.c b/libexif/exif-data.c
-index 8b280d3..b495726 100644
---- a/libexif/exif-data.c
-+++ b/libexif/exif-data.c
-@@ -47,6 +47,8 @@
- #undef JPEG_MARKER_APP1
- #define JPEG_MARKER_APP1 0xe1
- 
-+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
-+
- static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
- 
- struct _ExifDataPrivate
-@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
- 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
- 		return;
- 	}
--	if (s > ds - o) {
-+	if (CHECKOVERFLOW(o,ds,s)) {
- 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
- 		return;
- 	}
-@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- 	}
- 
- 	/* Read the number of entries */
--	if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
-+	if (CHECKOVERFLOW(offset, ds, 2)) {
- 		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
--			  "Tag data past end of buffer (%u > %u)", offset+2, ds);
-+			  "Tag data past end of buffer (%u+2 > %u)", offset, ds);
- 		return;
- 	}
- 	n = exif_get_short (d + offset, data->priv->order);
-@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- 	offset += 2;
- 
- 	/* Check if we have enough data. */
--	if (offset + 12 * n > ds) {
-+	if (CHECKOVERFLOW(offset, ds, 12*n)) {
- 		n = (ds - offset) / 12;
- 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
- 				  "Short data; only loading %hu entries...", n);

backport-CVE-2020-0452.patch

@@ -1,31 +0,0 @@
-From 9266d14b5ca4e29b970fa03272318e5f99386e06 Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Thu, 5 Nov 2020 09:50:08 +0100
-Subject: [PATCH] fixed a incorrect overflow check that could be optimized
- away.
-
-inspired by:
-https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b
-
-https://source.android.com/security/bulletin/2020-11-01
-
-CVE-2020-0452
----
- libexif/exif-entry.c | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
-index 3fc0ff92..4b866cee 100644
---- a/libexif/exif-entry.c
-+++ b/libexif/exif-entry.c
-@@ -1371,8 +1371,8 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
- 	{
- 		unsigned char *utf16;
- 
--		/* Sanity check the size to prevent overflow */
--		if (e->size+sizeof(uint16_t)+1 < e->size) break;
-+		/* Sanity check the size to prevent overflow. Note EXIF files are 64kb at most. */
-+		if (e->size >= 65536 - sizeof(uint16_t)*2) break;
- 
- 		/* The tag may not be U+0000-terminated , so make a local
- 		   U+0000-terminated copy before converting it */

backport-fuzz-stack-overflow.patch

@@ -1,34 +0,0 @@
-From 49a74b371c322a1e55e242a230a7bb577ebe065b Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Mon, 6 Sep 2021 08:42:56 +0200
-Subject: [PATCH] replace tail recursion by direct loop, in case the compiler
- does not translate it into a tail recursion it could be used to cause stack
- overruns (oss-fuzz)
-
----
- libexif/exif-loader.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/libexif/exif-loader.c b/libexif/exif-loader.c
-index e376465..5c48faf 100644
---- a/libexif/exif-loader.c
-+++ b/libexif/exif-loader.c
-@@ -154,6 +154,7 @@ exif_loader_write (ExifLoader *eld, unsigned char *buf, unsigned int len)
- {
- 	unsigned int i;
- 
-+begin:
- 	if (!eld || (len && !buf)) 
- 		return 0;
- 
-@@ -310,7 +311,7 @@ exif_loader_write (ExifLoader *eld, unsigned char *buf, unsigned int len)
- 	 * to read all data we need. Fill it with new data.
- 	 */
- 	eld->b_len = 0;
--	return exif_loader_write (eld, buf, len);
-+	goto begin;
- }
- 
- ExifLoader *
--- 
-2.27.0

backport-fuzz-timeout-and-out-of-memory.patch

@@ -1,38 +0,0 @@
-From e93be918878ab98ee45430858e96cb302ffee2bc Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Sat, 30 Jan 2021 14:06:08 +0100
-Subject: [PATCH] limit the amount of tags we allow in the makernote here.
-
-due to memory layout the max amount of 65536 tags could be used
-to exhaust lots of memory and time during parsing,
-as each tag can reuse the same memory range.
-
-(Memory usage DOS (2GB+) and compute dos (several minutes on fast machine, but not endless))
-
-This fixes OSS-FUZZ issue 27280.
-
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27280
----
- libexif/olympus/exif-mnote-data-olympus.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c
-index 45e4bc5..0c68d51 100644
---- a/libexif/olympus/exif-mnote-data-olympus.c
-+++ b/libexif/olympus/exif-mnote-data-olympus.c
-@@ -419,6 +419,13 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
- 	c = exif_get_short (buf + o2, n->order);
- 	o2 += 2;
- 
-+	/* Just use an arbitrary max tag limit here to avoid needing to much memory or time. There are 150 named tags currently.
-+	 * The format allows specifying the same range of memory as often as it can, so this multiplies quickly. */
-+	if (c > 300) {
-+		exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteOlympus", "Too much tags (%d) in Olympus MakerNote", c);
-+		return;
-+	}
-+
- 	/* Remove any old entries */
- 	exif_mnote_data_olympus_clear (n);
- 
--- 
-2.27.0

libexif-0.6.21_CVE-2017-7544.patch

@@ -0,0 +1,17 @@
+diff --git a/libexif/exif-data.c b/libexif/exif-data.c
+index 67df4db..91f4c33 100644
+--- a/libexif/exif-data.c
++++ b/libexif/exif-data.c
+@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e,
+ 			exif_mnote_data_set_offset (data->priv->md, *ds - 6);
+ 			exif_mnote_data_save (data->priv->md, &e->data, &e->size);
+ 			e->components = e->size;
++			if (exif_format_get_size (e->format) != 1) {
++				/* e->format is taken from input code,
++				 * but we need to make sure it is a 1 byte
++				 * entity due to the multiplication below. */
++				e->format = EXIF_FORMAT_UNDEFINED;
++			}
+ 		}
+ 	}
+ 

libexif-bugfix-division-0.patch

@@ -0,0 +1,37 @@
+From d66dea055522290c1ef34e3ae914146cd52b5d8e Mon Sep 17 00:00:00 2001
+From: songnannan2 <songnannan2@huawei.com>
+Date: Sat, 15 Feb 2020 20:44:53 +0800
+Subject: [PATCH] libexif: modification summary
+
+---
+ libexif-0.6.21/libexif/exif-entry.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
+index 54a90a2..436e8a7 100644
+--- a/libexif/exif-entry.c
++++ b/libexif/exif-entry.c
+@@ -1085,7 +1085,7 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
+ 			break;
+ 		}
+ 		d = (double) v_rat.numerator / (double) v_rat.denominator;
+-		if (d < 1)
++		if (d < 1 && d)
+ 			snprintf (val, maxlen, _("1/%i"), (int) (0.5 + 1. / d));
+ 		else
+ 			snprintf (val, maxlen, "%i", (int) d);
+@@ -1102,8 +1102,9 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
+ 		}
+ 		d = (double) v_srat.numerator / (double) v_srat.denominator;
+ 		snprintf (val, maxlen, _("%.02f EV"), d);
+-		d = 1. / pow (2, d);
+-		if (d < 1)
++		if (pow (2, d))
++			d = 1. / pow (2, d);
++		if (d < 1 && d)
+ 		  snprintf (b, sizeof (b), _(" (1/%d sec.)"), (int) (1. / d));
+ 		else
+ 		  snprintf (b, sizeof (b), _(" (%d sec.)"), (int) d);
+-- 
+2.19.1
+

libexif-bugfix-integer-overflow.patch

@@ -0,0 +1,25 @@
+From c7c4de72c04b5b795ce8df9c49648431bd22ee7e Mon Sep 17 00:00:00 2001
+From: songnannan2 <songnannan2@huawei.com>
+Date: Mon, 17 Feb 2020 15:41:28 +0800
+Subject: [PATCH] bugfix in Integer overflow
+
+---
+ libexif/exif-loader.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libexif-0.6.21/libexif/exif-loader.c b/libexif-0.6.21/libexif/exif-loader.c
+index 317b86b..e376465 100644
+--- a/libexif/exif-loader.c
++++ b/libexif/exif-loader.c
+@@ -239,7 +239,7 @@ exif_loader_write (ExifLoader *eld, unsigned char *buf, unsigned int len)
+ 			break;
+ 
+ 		case EL_READ_SIZE_BYTE_24:
+-			eld->size |= eld->b[i] << 24;
++			eld->size |= (unsigned int)eld->b[i] << 24;
+ 			eld->state = EL_READ_SIZE_BYTE_16;
+ 			break;
+ 		case EL_READ_SIZE_BYTE_16:
+-- 
+2.19.1
+

libexif-bugfix-overflow.patch

@@ -0,0 +1,36 @@
+From f9bb9f263fb00f0603ecbefa8957cad24168cbff Mon Sep 17 00:00:00 2001
+From: Dan Fandrich <dan@coneharvesters.com>
+Date: Wed, 4 Jul 2018 11:06:09 +0200
+Subject: [PATCH] Fix a buffer read overflow in exif_entry_get_value
+
+While parsing EXIF_TAG_FOCAL_LENGTH it was possible to read 8 bytes past
+the end of a heap buffer. This was detected by the OSS Fuzz project.
+Patch from Google.
+
+Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7344 and
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14543
+---
+ libexif/exif-entry.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
+index 61260d3..a224ac2 100644
+--- a/libexif/exif-entry.c
++++ b/libexif/exif-entry.c
+@@ -1040,12 +1040,12 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
+ 		d = 0.;
+ 		entry = exif_content_get_entry (
+ 			e->parent->parent->ifd[EXIF_IFD_0], EXIF_TAG_MAKE);
+-		if (entry && entry->data &&
++		if (entry && entry->data && entry->size >= 7 &&
+ 		    !strncmp ((char *)entry->data, "Minolta", 7)) {
+ 			entry = exif_content_get_entry (
+ 					e->parent->parent->ifd[EXIF_IFD_0],
+ 					EXIF_TAG_MODEL);
+-			if (entry && entry->data) {
++			if (entry && entry->data && entry->size >= 8) {
+ 				if (!strncmp ((char *)entry->data, "DiMAGE 7", 8))
+ 					d = 3.9;
+ 				else if (!strncmp ((char *)entry->data, "DiMAGE 5", 8))
+
+

libexif-bugfix-unsigned-int.patch

@@ -0,0 +1,30 @@
+From cf37dc7934bbb10dc5d0c17db260a25aa2831595 Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Sat, 18 Jan 2020 19:50:38 +0100
+Subject: [PATCH] cast to unsigned int before shifting left
+
+(weird integer promotion, a unsigned char will be first tried to be promoted to "int" apparently,
+so we need to cast it to avoid implicit behaviour)
+
+fixes https://github.com/libexif/libexif/issues/20
+---
+ libexif/exif-utils.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libexif/exif-utils.c b/libexif/exif-utils.c
+index 9083ddc..8a92907 100644
+--- a/libexif/exif-utils.c
++++ b/libexif/exif-utils.c
+@@ -132,9 +132,9 @@ exif_get_slong (const unsigned char *b, ExifByteOrder order)
+ 	if (!b) return 0;
+         switch (order) {
+         case EXIF_BYTE_ORDER_MOTOROLA:
+-                return ((b[0] << 24) | (b[1] << 16) | (b[2] << 8) | b[3]);
++                return (((uint32_t)b[0] << 24) | ((uint32_t)b[1] << 16) | ((uint32_t)b[2] << 8) | (uint32_t)b[3]);
+         case EXIF_BYTE_ORDER_INTEL:
+-                return ((b[3] << 24) | (b[2] << 16) | (b[1] << 8) | b[0]);
++                return (((uint32_t)b[3] << 24) | ((uint32_t)b[2] << 16) | ((uint32_t)b[1] << 8) | (uint32_t)b[0]);
+         }
+ 
+ 	/* Won't be reached */
+

libexif.spec

@@ -1,20 +1,21 @@
 Name:           libexif
 Summary:        Library for extracting extra information from image files
-Version:        0.6.22
+Version:        0.6.21
-Release:        5
+Release:        20
 License:        LGPLv2+
 URL:            https://libexif.github.io/
+Source0:        https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
 
-Source0:        https://github.com/libexif/libexif/archive/libexif-%(echo %{version} | sed "s/\./_/g")-release.tar.gz
+Patch0:         41bd04234b104312f54d25822f68738ba8d7133d.patch
+Patch6000:      libexif-0.6.21_CVE-2017-7544.patch
+Patch6001:      CVE-2018-20030.patch
+Patch6003:      libexif-bugfix-division-0.patch
+Patch6004:	libexif-bugfix-integer-overflow.patch
+Patch6005: 	libexif-bugfix-unsigned-int.patch
+Patch6006:	libexif-bugfix-overflow.patch
+Patch9001:	libexif-bugfix-integer-overflow-pentax.patch
 
-Patch0:         CVE-2020-0198.patch
+BuildRequires:  autoconf automake doxygen gettext-devel libtool pkgconfig git
-Patch6000:	backport-fuzz-stack-overflow.patch
-Patch6001:	backport-fuzz-timeout-and-out-of-memory.patch
-Patch6002:      backport-CVE-2020-0452.patch
-
-Patch9000:	libexif-bugfix-integer-overflow-pentax.patch
-
-BuildRequires:  autoconf automake doxygen gettext-devel libtool pkgconfig
 
 %description
 Most digital cameras produce EXIF files, which are JPEG files with
@@ -24,7 +25,6 @@ allows you to parse an EXIF file and read the data from those tags.
 %package        devel
 Summary:        Files needed for libexif application development
 Requires:       %{name}%{?_isa} = %{version}-%{release} pkgconfig
-Requires:       pkgconfig
 
 %description devel
 The libexif-devel package contains the libraries and header files
@@ -33,18 +33,15 @@ for writing programs that use libexif.
 %package_help
 
 %prep
-%autosetup -n libexif-libexif-0_6_22-release -p1 
+%autosetup -n %{name}-%{version} -p1 -S git
-
 %build
 autoreconf -fiv
-%configure --disable-static
+%configure
 %make_build
 
 %install
 %make_install
 %delete_la
-
-rm -rf %{buildroot}%{_datadir}/doc/libexif
 cp -R doc/doxygen-output/libexif-api.html .
 iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING
 iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README
@@ -65,31 +62,15 @@ make check
 %defattr(-,root,root)
 %{_includedir}/libexif
 %{_libdir}/*.so
+%{_libdir}/*.a
 %{_libdir}/pkgconfig/*.pc
+%exclude %{_datadir}/doc/libexif
 
 %files help
 %defattr(-,root,root)
 %doc libexif-api.html NEWS
 
 %changelog
-* Mon Jan 15 2024 zhouwenpei <zhouwenpei1@h-partners.com> - 0.6.22-5
-- fix CVE-2020-0452
-
-* Thu Aug 24 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 0.6.22-4
-- fix typo in changelog
-
-* Tue Oct 18 2022 wangkerong <wangkerong@h-partners.com> - 0.6.22-3
-- fix fuzz test error
-
-* Thu Sep 10 2020 hanhui <hanhui15@huawei.com> - 0.6.22-2
-- Type:bugfix
-- ID:NA
-- SUG:NA
-- DESC:modify source url
-
-* Sat Aug 8 2020 yanan <yanan@huawei.com> - 0.6.22-1
-- update to 0.6.22
-
 * Tue Mar 10 2020 songnannan <songnannan2@huawei.com> - 0.6.21-20
 - bugfix in oss-fuzz