Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2019-04-18 13:57:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new.5536 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libpng16" Thu Apr 18 13:57:46 2019 rev:42 rq:694940 version:1.6.37 Changes: -------- --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes 2019-02-04 21:24:21.295611170 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new.5536/libpng16.changes 2019-04-18 13:58:13.627991261 +0200 @@ -1,0 +2,20 @@ +Wed Apr 17 06:29:11 UTC 2019 - pgaj...@suse.com + +- make check actually works under asan + +------------------------------------------------------------------- +Mon Apr 15 15:02:33 UTC 2019 - pgaj...@suse.com + +- version update to 1.6.37 + Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free. + Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. + Fixed a memory leak in pngtest.c. + Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in + contrib/pngminus; refactor. + Changed the license of contrib/pngminus to MIT; refresh makefile and docs. + (Contributed by Willem van Schaik) + Added makefiles for AddressSanitizer-enabled builds. +- deleted patches + - libpng-arm-free.patch (upstreamed) + +------------------------------------------------------------------- Old: ---- libpng-1.6.36.tar.xz libpng-arm-free.patch New: ---- libpng-1.6.37.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng16.spec ++++++ --- /var/tmp/diff_new_pack.sRYUi0/_old 2019-04-18 13:58:14.291991482 +0200 +++ /var/tmp/diff_new_pack.sRYUi0/_new 2019-04-18 13:58:14.291991482 +0200 @@ -21,7 +21,7 @@ %define major 1 %define minor 6 -%define micro 36 +%define micro 37 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} %define debug_package_requires %{libname} = %{version}-%{release} @@ -32,7 +32,6 @@ License: Zlib Group: Development/Libraries/C and C++ Url: http://www.libpng.org/pub/png/libpng.html -Patch0: libpng-arm-free.patch Source0: http://prdownloads.sourceforge.net/libpng/libpng-%{version}.tar.xz Source2: libpng16.keyring Source3: rpm-macros.libpng-tools @@ -98,7 +97,6 @@ %prep %setup -q -n libpng-%{version} -%patch0 -p1 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 @@ -116,10 +114,6 @@ make %{?_smp_mflags} %check -%if %{asan_build} -# ASAN needs /proc to be mounted -exit 0 -%endif make -j1 check %install ++++++ libpng-1.6.36.tar.xz -> libpng-1.6.37.tar.xz ++++++ ++++ 3105 lines of diff (skipped)