Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package jhead for openSUSE:Factory checked in at 2023-06-23 21:53:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jhead (Old) and /work/SRC/openSUSE:Factory/.jhead.new.15902 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jhead" Fri Jun 23 21:53:04 2023 rev:32 rq:1094797 version:3.08 Changes: -------- --- /work/SRC/openSUSE:Factory/jhead/jhead.changes 2023-02-17 16:45:57.199183061 +0100 +++ /work/SRC/openSUSE:Factory/.jhead.new.15902/jhead.changes 2023-06-23 21:53:06.622788833 +0200 @@ -1,0 +2,14 @@ +Fri Jun 23 07:51:24 UTC 2023 - [email protected] + +- version update to 3.08 + * Fix various "issues" people have found with fuzz testing. + These can only be produced when running jhead in some memory access testing setup + such as ASAN and throwing carefully crafted garbage at it, causing jhead to read + some bytes past memory it malloced. no real life consequences. +- deleted patches + - jhead-CVE-2021-34055.patch (upstreamed) + - jhead-CVE-2022-41751-1.patch (upstreamed) + - jhead-CVE-2022-41751-2.patch (upstreamed) + - jhead-CVE-2022-41751-3.patch (upstreamed) + +------------------------------------------------------------------- Old: ---- 3.06.0.1.tar.gz jhead-CVE-2021-34055.patch jhead-CVE-2022-41751-1.patch jhead-CVE-2022-41751-2.patch jhead-CVE-2022-41751-3.patch New: ---- 3.08.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jhead.spec ++++++ --- /var/tmp/diff_new_pack.wCqEn9/_old 2023-06-23 21:53:07.342792958 +0200 +++ /var/tmp/diff_new_pack.wCqEn9/_new 2023-06-23 21:53:07.346792982 +0200 @@ -17,25 +17,14 @@ Name: jhead -Version: 3.06.0.1 +Version: 3.08 Release: 0 Summary: Tool to Manipulate the Nonimage Part of EXIF Compliant JPEG Files License: SUSE-Public-Domain Group: Productivity/Graphics/Other -URL: http://www.sentex.net/~mwandel/jhead/ +URL: https://github.com/Matthias-Wandel/jhead Source0: https://github.com/Matthias-Wandel/jhead/archive/refs/tags/%{version}.tar.gz Source1: %{name}.changes -# PATCH FIX UPSTREAM arbitrary OS commands by placing them in a JPEG filename -# https://github.com/Matthias-Wandel/jhead/pull/57 -Patch0: jhead-CVE-2022-41751-1.patch -# PATCH FIX UPSTREAM arbitrary OS commands by placing them in a JPEG filename -# https://github.com/Matthias-Wandel/jhead/commit/ec67262b8e5a4b05d8ad6898a09f1dc3fc032062 -Patch1: jhead-CVE-2022-41751-2.patch -# PATCH FIX UPSTREAM heap-buffer-overflow of exif.c in function Put16u -# https://github.com/Matthias-Wandel/jhead/commit/f0a884210cc46830b176f71fd61569adc8f230a7 -Patch2: jhead-CVE-2021-34055.patch -# [bsc#1207150], https://github.com/Matthias-Wandel/jhead/commit/2a237d866581b3774ebe63d6c312e76459bd0866 -Patch3: jhead-CVE-2022-41751-3.patch Requires: %{_bindir}/jpegtran Requires: %{_bindir}/mogrify BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ 3.06.0.1.tar.gz -> 3.08.tar.gz ++++++ ++++ 2643 lines of diff (skipped)
