Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kdegraphics-thumbnailers for
openSUSE:Factory checked in at 2026-04-17 21:47:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kdegraphics-thumbnailers (Old)
and /work/SRC/openSUSE:Factory/.kdegraphics-thumbnailers.new.11940 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kdegraphics-thumbnailers"
Fri Apr 17 21:47:31 2026 rev:186 rq:1347415 version:26.04.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/kdegraphics-thumbnailers/kdegraphics-thumbnailers.changes
2026-03-07 20:02:35.013648545 +0100
+++
/work/SRC/openSUSE:Factory/.kdegraphics-thumbnailers.new.11940/kdegraphics-thumbnailers.changes
2026-04-17 21:48:16.742608371 +0200
@@ -1,0 +2,34 @@
+Sat Apr 11 16:13:46 UTC 2026 - Christophe Marin <[email protected]>
+
+- Update to 26.04.0
+ * New feature release
+ * For more details please see:
+ * https://kde.org/announcements/gear/26.04.0/
+- Changes since 26.03.90:
+ * Fix off by one access
+ * Fix invalid memory access
+ * Fix memory leak
+
+-------------------------------------------------------------------
+Mon Mar 30 12:10:15 UTC 2026 - Christophe Marin <[email protected]>
+
+- Update to 26.03.90
+ * New feature release
+- No code change since 26.03.80
+
+-------------------------------------------------------------------
+Sat Mar 14 09:09:23 UTC 2026 - Christophe Marin <[email protected]>
+
+- Update to 26.03.80
+ * New feature release
+- Changes since 25.12.3:
+ * Tweak the defensive check in dsc_scan_data
+ * blender thumbnailer: Bail out if we did not read the amount of data we
expected
+ * ps thumbnailer: Allocating a string of negative lenth makes no sense
+ * ps: Fix crash on malformed files
+ * Fix crash on malformed files
+ * Fix crash on broken files
+ * blender: Fix multiplication overflow ending up in crash
+ * Fix OSS-Fuzz AFL builds
+
+-------------------------------------------------------------------
Old:
----
kdegraphics-thumbnailers-25.12.3.tar.xz
kdegraphics-thumbnailers-25.12.3.tar.xz.sig
New:
----
kdegraphics-thumbnailers-26.04.0.tar.xz
kdegraphics-thumbnailers-26.04.0.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kdegraphics-thumbnailers.spec ++++++
--- /var/tmp/diff_new_pack.6qYuaS/_old 2026-04-17 21:48:17.626644796 +0200
+++ /var/tmp/diff_new_pack.6qYuaS/_new 2026-04-17 21:48:17.626644796 +0200
@@ -1,7 +1,7 @@
#
# spec file for package kdegraphics-thumbnailers
#
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
%bcond_without released
Name: kdegraphics-thumbnailers
-Version: 25.12.3
+Version: 26.04.0
Release: 0
Summary: Graphics file thumbnail generators
License: GPL-2.0-or-later AND LGPL-2.1-or-later
++++++ kdegraphics-thumbnailers-25.12.3.tar.xz ->
kdegraphics-thumbnailers-26.04.0.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kdegraphics-thumbnailers-25.12.3/autotests/ossfuzz/build_fuzzers.sh
new/kdegraphics-thumbnailers-26.04.0/autotests/ossfuzz/build_fuzzers.sh
--- old/kdegraphics-thumbnailers-25.12.3/autotests/ossfuzz/build_fuzzers.sh
2026-02-23 04:18:18.000000000 +0100
+++ new/kdegraphics-thumbnailers-26.04.0/autotests/ossfuzz/build_fuzzers.sh
2026-04-09 05:27:39.000000000 +0200
@@ -8,6 +8,9 @@
export PATH="$WORK/bin:$WORK/libexec:$PATH"
export PKG_CONFIG="$(which pkg-config) --static"
export
PKG_CONFIG_PATH="$WORK/lib/pkgconfig:$WORK/share/pkgconfig:$WORK/lib/x86_64-linux-gnu/pkgconfig"
+if [[ $FUZZING_ENGINE == "afl" ]]; then
+ export LDFLAGS="-fuse-ld=lld"
+fi
# For MobiThumbnail
cd $SRC/kdegraphics-mobipocket
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kdegraphics-thumbnailers-25.12.3/blend/blendercreator.cpp
new/kdegraphics-thumbnailers-26.04.0/blend/blendercreator.cpp
--- old/kdegraphics-thumbnailers-25.12.3/blend/blendercreator.cpp
2026-02-23 04:18:18.000000000 +0100
+++ new/kdegraphics-thumbnailers-26.04.0/blend/blendercreator.cpp
2026-04-09 05:27:39.000000000 +0200
@@ -120,14 +120,19 @@
blendStream.readRawData(xy.data(), 8);
const qint32 x = toInt32(xy.left(4));
const qint32 y = toInt32(xy.right(4));
-
- qint32 imgSize = fileBlockSize - 8;
- if (imgSize != x * y * 4) {
+ const qint32 imgSize = fileBlockSize - 8;
+ if (imgSize <= 0 || x <= 0 || y <= 0) {
+ return KIO::ThumbnailResult::fail();
+ }
+ if (imgSize / 4 / y != x) {
return KIO::ThumbnailResult::fail();
}
QByteArray imgBuffer(imgSize, '\0');
- blendStream.readRawData(imgBuffer.data(), imgSize);
+ const qint32 readData = blendStream.readRawData(imgBuffer.data(), imgSize);
+ if (readData != imgSize) {
+ return KIO::ThumbnailResult::fail();
+ }
QImage thumbnail((const uchar*)imgBuffer.constData(), x, y,
QImage::Format_ARGB32);
if(request.targetSize().width() != 128) {
thumbnail = thumbnail.scaledToWidth(request.targetSize().width(),
Qt::SmoothTransformation);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kdegraphics-thumbnailers-25.12.3/org.kde.kdegraphics-thumbnailers.metainfo.xml
new/kdegraphics-thumbnailers-26.04.0/org.kde.kdegraphics-thumbnailers.metainfo.xml
---
old/kdegraphics-thumbnailers-25.12.3/org.kde.kdegraphics-thumbnailers.metainfo.xml
2026-02-23 04:18:18.000000000 +0100
+++
new/kdegraphics-thumbnailers-26.04.0/org.kde.kdegraphics-thumbnailers.metainfo.xml
2026-04-09 05:27:39.000000000 +0200
@@ -119,6 +119,7 @@
<p xml:lang="pt-BR">Estes plugins permitem aos aplicativos do KDE exibirem
miniaturas para arquivos RAW, Mobipocket e Blender.</p>
<p xml:lang="ro">Aceste extensii permit programelor KDE să afișeze
miniaturi pentru fișiere PostScript, RAW, Mobipocket, și Blender.</p>
<p xml:lang="ru">Эти подключаемые модули служат для вывода миниатюр файлов
форматов PostScript, RAW, Mobipocket и Blender в приложениях KDE.</p>
+ <p xml:lang="sk">Tieto doplnky umožňujú softvéru KDE vytvárať miniatúry
pre pokročilé formáty grafických súborov PostScript a Raw.</p>
<p xml:lang="sl">Ti vtičniki omogočajo programski opremi KDE, da prikazuje
sličice iz datotek PostScript, RAW, Mobipocket in Blender.</p>
<p xml:lang="sv">Insticksprogrammen låter KDE-programvara visa
miniatyrbilder för Postscript, Mobipocket Blender och obehandlade filer.</p>
<p xml:lang="tr">Bu eklentiler; KDE yazılımlarının PostScript, RAW,
Mobipocket ve Blender dosyaları için küçük görseller görüntülemesine olanak
tanır.</p>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kdegraphics-thumbnailers-25.12.3/ps/dscparse.cpp
new/kdegraphics-thumbnailers-26.04.0/ps/dscparse.cpp
--- old/kdegraphics-thumbnailers-25.12.3/ps/dscparse.cpp 2026-02-23
04:18:18.000000000 +0100
+++ new/kdegraphics-thumbnailers-26.04.0/ps/dscparse.cpp 2026-04-09
05:27:39.000000000 +0200
@@ -308,6 +308,7 @@
if (dsc->id == CDSC_NOTDSC)
return CDSC_NOTDSC;
+
dsc->id = CDSC_OK;
if (dsc->eof)
return CDSC_OK; /* ignore */
@@ -322,6 +323,9 @@
break;
if (length != 0) {
+ if (dsc->data_index > dsc->data_length)
+ return CDSC_NOTDSC;
+
/* move existing data if needed */
if (dsc->data_length > CDSC_DATA_LENGTH/2) {
memmove(dsc->data, dsc->data + dsc->data_index,
@@ -941,12 +945,12 @@
}
do {
- dsc->line = dsc->data + dsc->data_index;
- last = dsc->data + dsc->data_length;
- if (dsc->data_index == dsc->data_length) {
+ if (dsc->data_index >= dsc->data_length) {
dsc->line_length = 0;
return 0;
}
+ dsc->line = dsc->data + dsc->data_index;
+ last = dsc->data + dsc->data_length;
if (dsc->eol) {
/* if previous line was complete, increment line count */
dsc->line_count++;
@@ -1158,6 +1162,7 @@
dsc_read_doseps(CDSC *dsc)
{
unsigned char *line = (unsigned char *)dsc->line;
+ dsc_memfree(dsc, dsc->doseps);
if ((dsc->doseps = (CDSCDOSEPS *)dsc_memalloc(dsc, sizeof(CDSCDOSEPS))) ==
NULL)
return CDSC_ERROR; /* no memory */
@@ -1769,6 +1774,9 @@
dsc_private int
dsc_scan_type(CDSC *dsc)
{
+ if (dsc->data_index > dsc->data_length)
+ return CDSC_NOTDSC;
+
unsigned char *p;
unsigned char *line = (unsigned char *)(dsc->data + dsc->data_index);
int length = dsc->data_length - dsc->data_index;
@@ -2048,7 +2056,7 @@
char name[MAXSTR];
char *p;
dsc->id = CDSC_DOCUMENTPAPERSIZES;
- while (i && (dsc->line[n]!='\r') && (dsc->line[n]!='\n')) {
+ while (i && n < dsc->line_length && (dsc->line[n]!='\r') &&
(dsc->line[n]!='\n')) {
p = dsc_copy_string(name, sizeof(name)-1,
dsc->line+n, dsc->line_length-n, &i);
if (i && p) {
@@ -2125,6 +2133,9 @@
char *p;
dsc->id = CDSC_DOCUMENTPAPERCOLORS;
while (i && (dsc->line[n]!='\r') && (dsc->line[n]!='\n')) {
+ if (n > dsc->line_length) {
+ break;
+ }
p = dsc_copy_string(colour, sizeof(colour)-1,
dsc->line+n, dsc->line_length-n, &i);
if (i && p) {
@@ -3108,6 +3119,10 @@
dsc_private char *
dsc_alloc_string(CDSC *dsc, const char *str, int len)
{
+ if (len < 0) {
+ return nullptr;
+ }
+
char *p;
if (dsc->string_head == NULL) {
dsc->string_head = (CDSCSTRING *)dsc_memalloc(dsc, sizeof(CDSCSTRING));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kdegraphics-thumbnailers-25.12.3/ps/gscreator.cpp
new/kdegraphics-thumbnailers-26.04.0/ps/gscreator.cpp
--- old/kdegraphics-thumbnailers-25.12.3/ps/gscreator.cpp 2026-02-23
04:18:18.000000000 +0100
+++ new/kdegraphics-thumbnailers-26.04.0/ps/gscreator.cpp 2026-04-09
05:27:39.000000000 +0200
@@ -265,6 +265,9 @@
break;
case CDSC_EPSI:
{
+ if (!bbox) {
+ break;
+ }
const int xscale = bbox->width() / width;
const int yscale = bbox->height() / height;
const int scale = xscale < yscale ? xscale : yscale;
@@ -516,20 +519,21 @@
fp = fopen(QFile::encodeName(path), "r");
if (fp == nullptr) return KIO::ThumbnailResult::fail();
- const long previewsize = end - start + 1;
+ const long bufSize = end - start + 1;
- char *buf = (char *) malloc(previewsize);
+ char *buf = (char *) malloc(bufSize);
fseek(fp, start, SEEK_SET);
- int count = fread(buf, sizeof(char), previewsize - 1, fp);
+ const int previewsize = fread(buf, sizeof(char), bufSize - 1, fp);
fclose(fp);
- buf[previewsize - 1] = 0;
- if (count != previewsize - 1)
+ buf[bufSize - 1] = 0;
+ if (previewsize != bufSize - 1)
{
free(buf);
return KIO::ThumbnailResult::fail();
}
- QString previewstr = QString::fromLatin1(buf);
+ const QString previewstr = QString::fromLatin1(buf);
+ Q_ASSERT(previewstr.length() == previewsize);
free(buf);
int offset = 0;
