Hello community, here is the log from the commit of package leptonica for openSUSE:Factory checked in at 2018-12-18 14:59:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/leptonica (Old) and /work/SRC/openSUSE:Factory/.leptonica.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "leptonica" Tue Dec 18 14:59:39 2018 rev:16 rq:658973 version:1.77.0 Changes: -------- --- /work/SRC/openSUSE:Factory/leptonica/leptonica.changes 2018-05-13 16:05:04.630305366 +0200 +++ /work/SRC/openSUSE:Factory/.leptonica.new.28833/leptonica.changes 2018-12-18 15:01:26.033976852 +0100 @@ -1,0 +2,28 @@ +Mon Dec 17 08:12:03 UTC 2018 - Karol Babioch <[email protected]> + +- Update to 1.77.0 + + * CVE-2018-7442: potential injection attack because '/' is allowed in gplot + rootdir. (bsc#1082748) + * CVE-2018-7186: number of characters not limited in fscanf or sscanf, + allowing possible attack with buffer overflow. (bsc#1081576) + * CVE-2018-3836: command injection vulnerability in gplotMakeOutput(). + (bsc#1079358) + * CVE-2017-18196: duplicated path components. (bsc#1082843) + * CVE-2018-7441: hardcoded /tmp pathnames. (bsc#1082749) + * CVE-2018-7247: input 'rootname' can overflow a buffer. (bsc#1081631) + * CVE-2018-7440: command injection in gplotMakeOutput using $(command). + (bsc#1082747) + * Using a packed struct for bmp headers to avoid crash on some big-endians. + * Fixed a bug in the prototype parser for xtractprotos that was + surfaced by a typedef declaration for the bmp headers. + * Added some basic pixa functions for rotation and translation. + * Added an iterative method to find rectangular coverings for arbitrary + connected components. + * Enabled read/write for standard jpeg compressed tiff images. + * Enabled reading for the old (deprecated) jpeg-encoded tiffs. + * Fix range selectors for pixa, pixaa, boxa, boxaa, pta: Now, last = -1 goes + to the end. + * When reading tiff --> pix, insert IMAGEDESCRIPTION into text field. + +------------------------------------------------------------------- Old: ---- leptonica-1.76.0.tar.gz New: ---- leptonica-1.77.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ leptonica.spec ++++++ --- /var/tmp/diff_new_pack.aivgbG/_old 2018-12-18 15:01:26.813975685 +0100 +++ /var/tmp/diff_new_pack.aivgbG/_new 2018-12-18 15:01:26.833975654 +0100 @@ -12,14 +12,14 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define major 5 Name: leptonica -Version: 1.76.0 +Version: 1.77.0 Release: 0 Summary: Library for image processing and image analysis applications License: BSD-2-Clause ++++++ leptonica-1.76.0.tar.gz -> leptonica-1.77.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/leptonica/leptonica-1.76.0.tar.gz /work/SRC/openSUSE:Factory/.leptonica.new.28833/leptonica-1.77.0.tar.gz differ: char 5, line 1
