Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libjxl for openSUSE:Factory checked in at 2023-06-17 22:19:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libjxl (Old) and /work/SRC/openSUSE:Factory/.libjxl.new.15902 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libjxl" Sat Jun 17 22:19:48 2023 rev:10 rq:1093137 version:0.8.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libjxl/libjxl.changes 2023-06-11 19:52:50.066274774 +0200 +++ /work/SRC/openSUSE:Factory/.libjxl.new.15902/libjxl.changes 2023-06-17 22:19:52.603380553 +0200 @@ -1,0 +2,6 @@ +Wed Jun 14 13:00:09 UTC 2023 - Jan Engelhardt <[email protected]> + +- Update to release 0.8.2 + * Fix an integer underflow bug in patch decoding. + +------------------------------------------------------------------- Old: ---- v0.8.1.tar.gz New: ---- v0.8.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libjxl.spec ++++++ --- /var/tmp/diff_new_pack.Cn1Y7U/_old 2023-06-17 22:19:54.015389039 +0200 +++ /var/tmp/diff_new_pack.Cn1Y7U/_new 2023-06-17 22:19:54.019389062 +0200 @@ -18,7 +18,7 @@ Name: libjxl %define lname libjxl0_8 -Version: 0.8.1 +Version: 0.8.2 Release: 0 Summary: JPEG XL reference implementation License: BSD-3-Clause ++++++ v0.8.1.tar.gz -> v0.8.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjxl-0.8.1/.github/workflows/conformance.yml new/libjxl-0.8.2/.github/workflows/conformance.yml --- old/libjxl-0.8.1/.github/workflows/conformance.yml 2023-02-03 13:15:36.000000000 +0100 +++ new/libjxl-0.8.2/.github/workflows/conformance.yml 2023-06-14 09:49:21.000000000 +0200 @@ -15,7 +15,7 @@ types: [opened, reopened, labeled, synchronize] env: - LIBJXL_VERSION: 0.8.1 + LIBJXL_VERSION: 0.8.2 LIBJXL_ABI_VERSION: 0.8 concurrency: @@ -23,7 +23,7 @@ cancel-in-progress: ${{ github.event_name == 'pull_request' }} jobs: - warmup: # If necessary, fetch files just once, before tests are run. + warmup: # If necessary, fetch files just once, before tests are run. name: Warmup caches runs-on: ubuntu-latest steps: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjxl-0.8.1/debian/changelog new/libjxl-0.8.2/debian/changelog --- old/libjxl-0.8.1/debian/changelog 2023-02-03 13:15:36.000000000 +0100 +++ new/libjxl-0.8.2/debian/changelog 2023-06-14 09:49:21.000000000 +0200 @@ -1,8 +1,20 @@ -jpeg-xl (0.8.1) UNRELEASED; urgency=medium +jpeg-xl (0.8.2) UNRELEASED; urgency=medium + + * Bump JPEG XL version to 0.8.2. + + -- JPEG XL Maintainers <[email protected]> Mon, 12 Jun 2023 17:07:05 +0200 + +jpeg-xl (0.8.2) unstable; urgency=medium + + * Bump JPEG XL version to 0.8.2. + + -- JPEG XL Maintainers <[email protected]> Mon, 12 Jun 2023 17:07:05 +0200 + +jpeg-xl (0.8.1) unstable; urgency=medium * Bump JPEG XL version to 0.8.1. - -- JPEG XL Maintainers <[email protected]> Thu, 02 Feb 2023 14:10:08 +0100 + -- JPEG XL Maintainers <[email protected]> Mon, 12 Jun 2023 17:01:14 +0200 jpeg-xl (0.8) unstable; urgency=medium diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjxl-0.8.1/lib/CMakeLists.txt new/libjxl-0.8.2/lib/CMakeLists.txt --- old/libjxl-0.8.1/lib/CMakeLists.txt 2023-02-03 13:15:36.000000000 +0100 +++ new/libjxl-0.8.2/lib/CMakeLists.txt 2023-06-14 09:49:21.000000000 +0200 @@ -5,7 +5,7 @@ set(JPEGXL_MAJOR_VERSION 0) set(JPEGXL_MINOR_VERSION 8) -set(JPEGXL_PATCH_VERSION 1) +set(JPEGXL_PATCH_VERSION 2) set(JPEGXL_LIBRARY_VERSION "${JPEGXL_MAJOR_VERSION}.${JPEGXL_MINOR_VERSION}.${JPEGXL_PATCH_VERSION}") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjxl-0.8.1/lib/jxl/dec_patch_dictionary.cc new/libjxl-0.8.2/lib/jxl/dec_patch_dictionary.cc --- old/libjxl-0.8.1/lib/jxl/dec_patch_dictionary.cc 2023-02-03 13:15:36.000000000 +0100 +++ new/libjxl-0.8.2/lib/jxl/dec_patch_dictionary.cc 2023-06-14 09:49:21.000000000 +0200 @@ -107,10 +107,20 @@ pos.x = read_num(kPatchPositionContext); pos.y = read_num(kPatchPositionContext); } else { - pos.x = - positions_.back().x + UnpackSigned(read_num(kPatchOffsetContext)); - pos.y = - positions_.back().y + UnpackSigned(read_num(kPatchOffsetContext)); + ssize_t deltax = UnpackSigned(read_num(kPatchOffsetContext)); + if (deltax < 0 && static_cast<size_t>(-deltax) > positions_.back().x) { + return JXL_FAILURE("Invalid patch: negative x coordinate (%" PRIuS + " base x %" PRIdS " delta x)", + positions_.back().x, deltax); + } + pos.x = positions_.back().x + deltax; + ssize_t deltay = UnpackSigned(read_num(kPatchOffsetContext)); + if (deltay < 0 && static_cast<size_t>(-deltay) > positions_.back().y) { + return JXL_FAILURE("Invalid patch: negative y coordinate (%" PRIuS + " base y %" PRIdS " delta y)", + positions_.back().y, deltay); + } + pos.y = positions_.back().y + deltay; } if (pos.x + ref_pos.xsize > xsize) { return JXL_FAILURE("Invalid patch x: at %" PRIuS " + %" PRIuS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjxl-0.8.1/lib/lib.gni new/libjxl-0.8.2/lib/lib.gni --- old/libjxl-0.8.1/lib/lib.gni 2023-02-03 13:15:36.000000000 +0100 +++ new/libjxl-0.8.2/lib/lib.gni 2023-06-14 09:49:21.000000000 +0200 @@ -9,7 +9,7 @@ libjxl_version_defines = [ "JPEGXL_MAJOR_VERSION=0", "JPEGXL_MINOR_VERSION=8", - "JPEGXL_PATCH_VERSION=1", + "JPEGXL_PATCH_VERSION=2", ] libjxl_public_headers = [
