Hello community, here is the log from the commit of package file for openSUSE:Factory checked in at 2014-12-21 11:51:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/file (Old) and /work/SRC/openSUSE:Factory/.file.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "file" Changes: -------- --- /work/SRC/openSUSE:Factory/file/file.changes 2014-10-15 16:19:58.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.file.new/file.changes 2014-12-21 11:49:45.000000000 +0100 @@ -1,0 +2,20 @@ +Wed Dec 17 13:08:34 UTC 2014 - [email protected] + +- Drop patch file-5.20-CVE-2014-3710.patch as now part of upstream +- Update to file version 5.21 + * Fix CVE-2014-8116 and CVE-2014-8117 (bsc#910252 and bsc#910253) + * there was an incorrect free in magic_load_buffers() + * there was an out of bounds read for some pascal strings + * there was a memory leak in magic lists + * don't interpret strings printed from files using the current + locale, convert them to ascii format first. + * there was an out of bounds read in elf note reads + * fix MacOS/X locale.h vs. xlocale.h issues + +------------------------------------------------------------------- +Thu Oct 23 11:36:19 UTC 2014 - [email protected] + +- Add patch file-5.20-CVE-2014-3710.patch to fic bsc#902367 + CVE-2014-3710: file: out-of-bounds read in elf note headers + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/file/python-magic.changes 2014-10-15 16:19:58.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.file.new/python-magic.changes 2014-12-21 11:49:45.000000000 +0100 @@ -1,0 +2,5 @@ +Wed Dec 17 13:13:59 UTC 2014 - [email protected] + +- adapt version in specfile to 5.21 + +------------------------------------------------------------------- Old: ---- file-5.20.tar.gz New: ---- file-5.21.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ file.spec ++++++ --- /var/tmp/diff_new_pack.MGfVxZ/_old 2014-12-21 11:49:46.000000000 +0100 +++ /var/tmp/diff_new_pack.MGfVxZ/_new 2014-12-21 11:49:46.000000000 +0100 @@ -30,7 +30,7 @@ %endif # # Set Version also in python-magic.spec -Version: 5.20 +Version: 5.21 Release: 0 Summary: A Tool to Determine File Types License: BSD-2-Clause ++++++ python-magic.spec ++++++ --- /var/tmp/diff_new_pack.MGfVxZ/_old 2014-12-21 11:49:46.000000000 +0100 +++ /var/tmp/diff_new_pack.MGfVxZ/_new 2014-12-21 11:49:46.000000000 +0100 @@ -23,7 +23,7 @@ BuildRequires: python-devel BuildRequires: zlib-devel Url: http://www.darwinsys.com/file/ -Version: 5.20 +Version: 5.21 Release: 0 Summary: Python module to use libmagic License: BSD-3-Clause and BSD-4-Clause ++++++ file-5.14-tex.dif ++++++ --- /var/tmp/diff_new_pack.MGfVxZ/_old 2014-12-21 11:49:47.000000000 +0100 +++ /var/tmp/diff_new_pack.MGfVxZ/_new 2014-12-21 11:49:47.000000000 +0100 @@ -1,7 +1,7 @@ --- magic/Localstuff +++ magic/Localstuff 2013-09-30 00:00:00.000000000 +0000 @@ -5,3 +5,12 @@ - # $File: Localstuff,v 1.4 2003/03/23 04:17:27 christos Exp $ + # $File: Localstuff,v 1.5 2007/01/12 17:38:27 christos Exp $ # Add any locally observed files here. Remember: # text if readable, executable if runnable binary, data if unreadable. + ++++++ file-5.20.tar.gz -> file-5.21.tar.gz ++++++ ++++ 2973 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
