Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gsasl for openSUSE:Factory checked in at 2026-05-29 18:04:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gsasl (Old) and /work/SRC/openSUSE:Factory/.gsasl.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gsasl" Fri May 29 18:04:19 2026 rev:6 rq:1355631 version:2.2.3 Changes: -------- --- /work/SRC/openSUSE:Factory/gsasl/gsasl.changes 2026-03-20 21:19:59.353955099 +0100 +++ /work/SRC/openSUSE:Factory/.gsasl.new.1937/gsasl.changes 2026-05-29 18:04:38.648245161 +0200 @@ -1,0 +2,10 @@ +Thu May 28 06:38:21 UTC 2026 - Samuel Cabrero <[email protected]> + +- Update to release 2.2.3 + * DIGEST-MD5: Fix NULL pointer dereference in parser; + (CVE-2026-48829); (bsc#1266371) + * Support Dovecot 2.3 and 2.4 in tests/gsasl-dovecot-gssapi.sh + * Update gnulib files and various minor fixes +- Drop patch gsasl-const-correctness.patch (merged) + +------------------------------------------------------------------- Old: ---- gsasl-2.2.2.tar.gz gsasl-2.2.2.tar.gz.sig gsasl-const-correctness.patch New: ---- gsasl-2.2.3.tar.gz gsasl-2.2.3.tar.gz.sig ----------(Old B)---------- Old: * Update gnulib files and various minor fixes - Drop patch gsasl-const-correctness.patch (merged) ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gsasl.spec ++++++ --- /var/tmp/diff_new_pack.ORrd3X/_old 2026-05-29 18:04:39.568283215 +0200 +++ /var/tmp/diff_new_pack.ORrd3X/_new 2026-05-29 18:04:39.572283380 +0200 @@ -1,7 +1,6 @@ # # spec file for package gsasl # -# Copyright (c) 2026 SUSE LLC # Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties @@ -18,7 +17,7 @@ Name: gsasl -Version: 2.2.2 +Version: 2.2.3 Release: 0 Summary: Implementation of the SASL framework and a few common SASL mechanisms License: GPL-3.0-or-later AND LGPL-2.1-or-later @@ -30,7 +29,6 @@ Source3: %{name}.keyring Patch1: 0001-uninitialized_x.patch Patch2: authzid.patch -Patch3: gsasl-const-correctness.patch BuildRequires: gcc-c++ BuildRequires: gettext-devel >= 0.19.8 BuildRequires: makeinfo ++++++ 0001-uninitialized_x.patch ++++++ --- /var/tmp/diff_new_pack.ORrd3X/_old 2026-05-29 18:04:39.596284373 +0200 +++ /var/tmp/diff_new_pack.ORrd3X/_new 2026-05-29 18:04:39.604284704 +0200 @@ -117,11 +117,10 @@ | lto1: all warnings being treated as errors -Index: gsasl-2.2.1/lib/gl/sha256.c -=================================================================== ---- gsasl-2.2.1.orig/lib/gl/sha256.c -+++ gsasl-2.2.1/lib/gl/sha256.c -@@ -446,6 +446,8 @@ sha256_process_block (const void *buffer +diff -ru gsasl-2.2.3.orig/lib/gl/sha256.c gsasl-2.2.3/lib/gl/sha256.c +--- gsasl-2.2.3.orig/lib/gl/sha256.c 2026-05-13 10:43:46.000000000 +0200 ++++ gsasl-2.2.3/lib/gl/sha256.c 2026-05-28 10:03:36.596469284 +0200 +@@ -332,6 +332,8 @@ D += t1; H = t0 + t1; \ } while(0) @@ -129,5 +128,5 @@ + while (words < endp) { - uint32_t tm; + /* FIXME: see sha1.c for a better implementation. */ ++++++ authzid.patch ++++++ --- /var/tmp/diff_new_pack.ORrd3X/_old 2026-05-29 18:04:39.624285531 +0200 +++ /var/tmp/diff_new_pack.ORrd3X/_new 2026-05-29 18:04:39.636286027 +0200 @@ -21,7 +21,7 @@ else if (authzid && !gsasl_property_fast (server, GSASL_AUTHZID)) fail ("did not get authzid? %s\n", authzid); - else if (strcmp (authzid, gsasl_property_fast (server, GSASL_AUTHZID)) != 0) -+ else if (authzid == nullptr || strcmp (authzid, gsasl_property_fast (server, GSASL_AUTHZID)) != 0) ++ else if (authzid == NULL || strcmp (authzid, gsasl_property_fast (server, GSASL_AUTHZID)) != 0) fail ("authzid comparison failed: got %s expected %s\n", - gsasl_property_fast (server, GSASL_AUTHZID), authzid); + gsasl_property_fast (server, GSASL_AUTHZID), authzid ? authzid : ""); ++++++ gsasl-2.2.2.tar.gz -> gsasl-2.2.3.tar.gz ++++++ ++++ 136125 lines of diff (skipped)
