Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package exiv2 for openSUSE:Factory checked in at 2026-03-06 18:16:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/exiv2 (Old) and /work/SRC/openSUSE:Factory/.exiv2.new.561 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exiv2" Fri Mar 6 18:16:42 2026 rev:84 rq:1336572 version:0.28.8 Changes: -------- --- /work/SRC/openSUSE:Factory/exiv2/exiv2.changes 2024-07-14 08:49:24.830056851 +0200 +++ /work/SRC/openSUSE:Factory/.exiv2.new.561/exiv2.changes 2026-03-06 18:16:48.291703006 +0100 @@ -1,0 +2,27 @@ +Wed Mar 4 15:24:00 UTC 2026 - Dirk Müller <[email protected]> + +- update to 0.28.8 (bsc#1259083, CVE-2026-25884, bsc#1259085, + CVE-2026-27631, bsc#1259084, CVE-2026-27596): + * [CVE-2026- + 25884](https://github.com/Exiv2/exiv2/security/advisories/GHS + A-9mxq-4j5g-5wrp) + * [CVE-2026- + 27596](https://github.com/Exiv2/exiv2/security/advisories/GHS + A-3wgv-fg4w-75x7) + * [CVE-2026- + 27631](https://github.com/Exiv2/exiv2/security/advisories/GHS + A-p2pw-7935-c73j) + +------------------------------------------------------------------- +Mon Sep 1 12:11:33 UTC 2025 - Cliff Zhao <[email protected]> + +- Update to 0.28.7: + * Reverts an ABI incompatibility that was accidentally introduced in v0.28.6; + * Fixes two low-severity vulnerabilities: + [CVE-2025-54080](https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39) + [CVE-2025-55304](https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g) + * Fixes a use-after-free vulnerability in `tiffcomposite_int.cpp`: + [CVE-2025-26623](https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7) + (CVE-2025-55304, bsc#1248963, CVE-2025-54080, bsc#1248962) + +------------------------------------------------------------------- @@ -4 +31 @@ -- update to 0.28.3 (bsc#1227528, CVE-2024-39695): +- update to 0.28.3 : @@ -9,0 +37 @@ + (bsc#1227528, CVE-2024-39695) @@ -25,2 +53 @@ -- update to 0.28.2 (bsc#1219870, CVE-2024-24826, bsc#1219871, - CVE-2024-25112): +- update to 0.28.2 : @@ -30,0 +58 @@ + (bsc#1219870, CVE-2024-24826, bsc#1219871, CVE-2024-25112) Old: ---- exiv2-0.28.3.tar.gz New: ---- exiv2-0.28.8.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exiv2.spec ++++++ --- /var/tmp/diff_new_pack.cKfH6q/_old 2026-03-06 18:16:49.127737869 +0100 +++ /var/tmp/diff_new_pack.cKfH6q/_new 2026-03-06 18:16:49.131738036 +0100 @@ -1,7 +1,7 @@ # # spec file for package exiv2 # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,13 +18,13 @@ %bcond_with docs Name: exiv2 -Version: 0.28.3 +Version: 0.28.8 Release: 0 Summary: Tool to access image Exif metadata License: BSD-3-Clause AND GPL-2.0-or-later Group: Productivity/Graphics/Other URL: https://exiv2.org/ -Source0: https://github.com/Exiv2/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz +Source0: https://github.com/Exiv2/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: baselibs.conf Patch0: exiv2-build-date.patch BuildRequires: cmake @@ -170,10 +170,13 @@ %fdupes -s %{buildroot}%{_docdir}/libexiv2 %check +%ifarch %ix86 %arm +disabled_tests="--exclude-regex (bugfixTests|lensTests)" +%endif %ifarch aarch64 ppc64 ppc64le ppc # bugfixes.github.test_CVE_2018_12265.AdditionOverflowInLoaderExifJpeg is broken on some archs # See: https://github.com/Exiv2/exiv2/issues/933 -export disabled_tests="-E bugfixTests" +disabled_tests="--exclude-regex bugfixTests" %endif %ctest --parallel 1 $disabled_tests ++++++ exiv2-0.28.3.tar.gz -> exiv2-0.28.8.tar.gz ++++++ /work/SRC/openSUSE:Factory/exiv2/exiv2-0.28.3.tar.gz /work/SRC/openSUSE:Factory/.exiv2.new.561/exiv2-0.28.8.tar.gz differ: char 16, line 1
