Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libyui for openSUSE:Factory checked in at 2023-06-01 17:19:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libyui (Old) and /work/SRC/openSUSE:Factory/.libyui.new.2531 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libyui" Thu Jun 1 17:19:06 2023 rev:89 rq:1089818 version:4.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libyui/libyui.changes 2023-04-27 19:59:28.377410018 +0200 +++ /work/SRC/openSUSE:Factory/.libyui.new.2531/libyui.changes 2023-06-01 17:19:12.246047887 +0200 @@ -1,0 +2,14 @@ +Tue May 30 11:56:44 UTC 2023 - Stefan Hundhammer <[email protected]> + +- NCurses UI: Prevent buffer overflow when drawing very wide labels + (bsc#1211354) +- 4.6.0 + +------------------------------------------------------------------- +Tue May 30 11:41:14 UTC 2023 - Stefan Hundhammer <[email protected]> + +- Cherry-picked BLumia's patch from community PR #97: + CMake: use pkg-config to find and use ncurses libs + by Wang Zichong <[email protected]> + +------------------------------------------------------------------- Old: ---- libyui-4.5.2.tar.bz2 New: ---- libyui-4.6.0.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libyui-bindings.spec ++++++ --- /var/tmp/diff_new_pack.nij4i6/_old 2023-06-01 17:19:13.030052535 +0200 +++ /var/tmp/diff_new_pack.nij4i6/_new 2023-06-01 17:19:13.034052559 +0200 @@ -20,7 +20,7 @@ Name: libyui-bindings # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 Summary: Bindings for libyui License: LGPL-2.1-only OR LGPL-3.0-only ++++++ libyui-ncurses-pkg.spec ++++++ --- /var/tmp/diff_new_pack.nij4i6/_old 2023-06-01 17:19:13.058052701 +0200 +++ /var/tmp/diff_new_pack.nij4i6/_new 2023-06-01 17:19:13.062052725 +0200 @@ -19,7 +19,7 @@ Name: libyui-ncurses-pkg # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 %define so_version 16 libyui-ncurses-rest-api.spec: same change libyui-ncurses.spec: same change ++++++ libyui-qt-graph.spec ++++++ --- /var/tmp/diff_new_pack.nij4i6/_old 2023-06-01 17:19:13.162053318 +0200 +++ /var/tmp/diff_new_pack.nij4i6/_new 2023-06-01 17:19:13.166053342 +0200 @@ -19,7 +19,7 @@ Name: libyui-qt-graph # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 %define so_version 16 ++++++ libyui-qt-pkg.spec ++++++ --- /var/tmp/diff_new_pack.nij4i6/_old 2023-06-01 17:19:13.190053484 +0200 +++ /var/tmp/diff_new_pack.nij4i6/_new 2023-06-01 17:19:13.198053531 +0200 @@ -19,7 +19,7 @@ Name: libyui-qt-pkg # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 %define so_version 16 libyui-qt-rest-api.spec: same change libyui-qt.spec: same change libyui-rest-api.spec: same change libyui.spec: same change ++++++ libyui-4.5.2.tar.bz2 -> libyui-4.6.0.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/VERSION.cmake new/libyui-4.6.0/VERSION.cmake --- old/libyui-4.5.2/VERSION.cmake 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/VERSION.cmake 2023-05-30 15:00:39.000000000 +0200 @@ -1,6 +1,6 @@ SET( VERSION_MAJOR "4") -SET( VERSION_MINOR "5" ) -SET( VERSION_PATCH "2" ) +SET( VERSION_MINOR "6" ) +SET( VERSION_PATCH "0" ) SET( VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}" ) SET( SONAME_MAJOR "16" ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/libyui-ncurses/src/CMakeLists.txt new/libyui-4.6.0/libyui-ncurses/src/CMakeLists.txt --- old/libyui-4.5.2/libyui-ncurses/src/CMakeLists.txt 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/libyui-ncurses/src/CMakeLists.txt 2023-05-30 15:00:39.000000000 +0200 @@ -2,16 +2,14 @@ include( ../../VERSION.cmake ) include( GNUInstallDirs ) # set CMAKE_INSTALL_INCLUDEDIR, ..._LIBDIR +find_package( PkgConfig REQUIRED ) # pkg_check_modules() # Check if the libs we link against are available. # They are all part of package ncurses-devel. -find_library( NCURSESW_LIB NAMES ncursesw REQUIRED ) -find_library( PANELW_LIB NAMES panelw REQUIRED ) -find_library( TINFO_LIB NAMES tinfo REQUIRED ) -set( NCURSES_LIBS ${NCURSESW_LIB} ${PANELW_LIB} ${TINFO_LIB} ) +pkg_check_modules( NCurses REQUIRED IMPORTED_TARGET ncursesw panelw ) # @@ -251,9 +249,9 @@ # Libraries that are needed to build this shared lib # # If in doubt what is really needed, check with "ldd -u" which libs are unused. -target_link_libraries( ${TARGETLIB} +target_link_libraries( ${TARGETLIB} PRIVATE yui - ${NCURSES_LIBS} + PkgConfig::NCurses ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/libyui-ncurses/src/ncursesw.cc new/libyui-4.6.0/libyui-ncurses/src/ncursesw.cc --- old/libyui-4.5.2/libyui-ncurses/src/ncursesw.cc 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/libyui-ncurses/src/ncursesw.cc 2023-05-30 15:00:39.000000000 +0200 @@ -64,6 +64,8 @@ #define COLORS_MONOCHROME 1 #define COLORS_ARE_REALLY_THERE 2 +#define PRINTW_BUFFER_SIZE 8192 + // // static class variables // @@ -75,11 +77,18 @@ int NCursesWindow::printw( const char * fmt, ... ) { + char buf[ PRINTW_BUFFER_SIZE ]; va_list args; + + // vsnprintf() conforms to C++11 and guarantees to write at most 'size' bytes + // and to always zero-terminate the buffer (unlike strncpy()). + // + // -- shundhammer 2023-05-22 + va_start( args, fmt ); - char buf[BUFSIZ]; - vsprintf( buf, fmt, args ); + vsnprintf( buf, sizeof( buf ), fmt, args ); va_end( args ); + return waddstr( w, buf ); } @@ -88,21 +97,24 @@ NCursesWindow::printw( int y, int x, const char * fmt, ... ) { va_list args; - va_start( args, fmt ); + int result = wmove( w, y, x ); if ( result == OK ) { - char buf[BUFSIZ]; - vsprintf( buf, fmt, args ); + char buf[ PRINTW_BUFFER_SIZE ]; + + va_start( args, fmt ); + vsnprintf( buf, sizeof( buf ), fmt, args ); + va_end( args ); + result = waddstr( w, buf ); } - va_end( args ); - return result; } + int NCursesWindow::addwstr( int y, int x, const wchar_t * str, int n ) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/package/libyui-bindings.spec new/libyui-4.6.0/package/libyui-bindings.spec --- old/libyui-4.5.2/package/libyui-bindings.spec 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/package/libyui-bindings.spec 2023-05-30 15:00:39.000000000 +0200 @@ -20,7 +20,7 @@ Name: libyui-bindings # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 Summary: Bindings for libyui License: LGPL-2.1-only OR LGPL-3.0-only diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/package/libyui-ncurses-pkg.spec new/libyui-4.6.0/package/libyui-ncurses-pkg.spec --- old/libyui-4.5.2/package/libyui-ncurses-pkg.spec 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/package/libyui-ncurses-pkg.spec 2023-05-30 15:00:39.000000000 +0200 @@ -19,7 +19,7 @@ Name: libyui-ncurses-pkg # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 %define so_version 16 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/package/libyui-ncurses-rest-api.spec new/libyui-4.6.0/package/libyui-ncurses-rest-api.spec --- old/libyui-4.5.2/package/libyui-ncurses-rest-api.spec 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/package/libyui-ncurses-rest-api.spec 2023-05-30 15:00:39.000000000 +0200 @@ -19,7 +19,7 @@ Name: libyui-ncurses-rest-api # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 %define so_version 16 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/package/libyui-ncurses.spec new/libyui-4.6.0/package/libyui-ncurses.spec --- old/libyui-4.5.2/package/libyui-ncurses.spec 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/package/libyui-ncurses.spec 2023-05-30 15:00:39.000000000 +0200 @@ -19,7 +19,7 @@ Name: libyui-ncurses # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 %define so_version 16 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/package/libyui-qt-graph.spec new/libyui-4.6.0/package/libyui-qt-graph.spec --- old/libyui-4.5.2/package/libyui-qt-graph.spec 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/package/libyui-qt-graph.spec 2023-05-30 15:00:39.000000000 +0200 @@ -19,7 +19,7 @@ Name: libyui-qt-graph # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 %define so_version 16 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/package/libyui-qt-pkg.spec new/libyui-4.6.0/package/libyui-qt-pkg.spec --- old/libyui-4.5.2/package/libyui-qt-pkg.spec 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/package/libyui-qt-pkg.spec 2023-05-30 15:00:39.000000000 +0200 @@ -19,7 +19,7 @@ Name: libyui-qt-pkg # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 %define so_version 16 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/package/libyui-qt-rest-api.spec new/libyui-4.6.0/package/libyui-qt-rest-api.spec --- old/libyui-4.5.2/package/libyui-qt-rest-api.spec 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/package/libyui-qt-rest-api.spec 2023-05-30 15:00:39.000000000 +0200 @@ -19,7 +19,7 @@ Name: libyui-qt-rest-api # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 %define so_version 16 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/package/libyui-qt.spec new/libyui-4.6.0/package/libyui-qt.spec --- old/libyui-4.5.2/package/libyui-qt.spec 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/package/libyui-qt.spec 2023-05-30 15:00:39.000000000 +0200 @@ -19,7 +19,7 @@ Name: libyui-qt # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 %define so_version 16 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/package/libyui-rest-api.spec new/libyui-4.6.0/package/libyui-rest-api.spec --- old/libyui-4.5.2/package/libyui-rest-api.spec 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/package/libyui-rest-api.spec 2023-05-30 15:00:39.000000000 +0200 @@ -19,7 +19,7 @@ Name: libyui-rest-api # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 %define so_version 16 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/package/libyui.changes new/libyui-4.6.0/package/libyui.changes --- old/libyui-4.5.2/package/libyui.changes 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/package/libyui.changes 2023-05-30 15:00:39.000000000 +0200 @@ -1,4 +1,18 @@ ------------------------------------------------------------------- +Tue May 30 11:56:44 UTC 2023 - Stefan Hundhammer <[email protected]> + +- NCurses UI: Prevent buffer overflow when drawing very wide labels + (bsc#1211354) +- 4.6.0 + +------------------------------------------------------------------- +Tue May 30 11:41:14 UTC 2023 - Stefan Hundhammer <[email protected]> + +- Cherry-picked BLumia's patch from community PR #97: + CMake: use pkg-config to find and use ncurses libs + by Wang Zichong <[email protected]> + +------------------------------------------------------------------- Tue Apr 25 13:34:17 UTC 2023 - Stefan Hundhammer <[email protected]> - Qt UI: Fixed regression for icon loading (bsc#1210712) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libyui-4.5.2/package/libyui.spec new/libyui-4.6.0/package/libyui.spec --- old/libyui-4.5.2/package/libyui.spec 2023-04-26 11:52:26.000000000 +0200 +++ new/libyui-4.6.0/package/libyui.spec 2023-05-30 15:00:39.000000000 +0200 @@ -19,7 +19,7 @@ Name: libyui # DO NOT manually bump the version here; instead, use rake version:bump -Version: 4.5.2 +Version: 4.6.0 Release: 0 %define so_version 16
