Hello community, here is the log from the commit of package SDL_image for openSUSE:Factory checked in at 2019-08-28 16:01:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/SDL_image (Old) and /work/SRC/openSUSE:Factory/.SDL_image.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "SDL_image" Wed Aug 28 16:01:38 2019 rev:31 rq:725585 version:1.2.12+hg695 Changes: -------- --- /work/SRC/openSUSE:Factory/SDL_image/SDL_image.changes 2015-01-08 23:05:37.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.SDL_image.new.7948/SDL_image.changes 2019-08-28 16:01:41.246798650 +0200 @@ -1,0 +2,19 @@ +Fri Aug 23 13:23:44 UTC 2019 - Jan Engelhardt <[email protected]> + +- Update to new snapshot 1.2.12+hg695 + * Fixed TALOS-2019-0821 CVE-2019-5052 + * Fixed TALOS-2019-0841 CVE-2019-5057 boo#1143763 + * Fixed TALOS-2019-0842 CVE-2019-5058 boo#1143764 + * Fixed TALOS-2019-0843 CVE-2019-5059 boo#1143766 + * Fixed TALOS-2019-0844 CVE-2019-5060 boo#1143768 + * Fixed CVE-2019-7635 + * Fixed CVE-2019-13616 boo#1141844 +- Drop CVE-2019-13616.patch (merged) + +------------------------------------------------------------------- +Thu Aug 22 19:51:00 UTC 2019 - Michael Gorse <[email protected]> + +- Add CVE-2019-13616.patch: fix heap buffer overflow when reading + a crafted bmp file (boo#1141844 CVE-2019-13616). + +------------------------------------------------------------------- Old: ---- SDL_image-1.2.12-repack.tar.bz2 New: ---- SDL_image-1.2.12+hg695.tar.xz _service ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SDL_image.spec ++++++ --- /var/tmp/diff_new_pack.jfbntG/_old 2019-08-28 16:01:43.362798331 +0200 +++ /var/tmp/diff_new_pack.jfbntG/_new 2019-08-28 16:01:43.366798330 +0200 @@ -1,7 +1,7 @@ # # spec file for package SDL_image # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,26 +12,26 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: SDL_image %define lname libSDL_image-1_2-0 -Version: 1.2.12 +Version: 1.2.12+hg695 Release: 0 Summary: SDL image loading library -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: Development/Libraries/X11 -Url: http://libsdl.org/projects/SDL_image/release-1.2.html +URL: https://libsdl.org/projects/SDL_image/release-1.2.html -# removed VisualC.zip, VisualCE.zip, Watcom-OS2.zip, Xcode.tar.gz, Xcode_iPhone.tar.gz from upstream tarball [bnc#508084] -Source: %name-%version-repack.tar.bz2 +#Hg-Clone: http://hg.libsdl.org/SDL_image/ +Source: %name-%version.tar.xz Source3: baselibs.conf -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libjpeg-devel BuildRequires: libtiff-devel BuildRequires: pkg-config +BuildRequires: xz BuildRequires: pkgconfig(libpng) BuildRequires: pkgconfig(libwebp) BuildRequires: pkgconfig(sdl) @@ -65,7 +65,7 @@ TIFF and WEBP formats. %prep -%setup -q +%autosetup -p1 %build %configure --disable-png-shared --disable-jpg-shared --disable-tif-shared \ @@ -80,12 +80,11 @@ %postun -n %lname -p /sbin/ldconfig %files -n %lname -%defattr(-,root,root) -%doc CHANGES COPYING README +%license COPYING %_libdir/libSDL_image-1*.so.* %files -n libSDL_image-devel -%defattr(-,root,root) +%doc CHANGES README %_includedir/SDL/ %_libdir/libSDL_image.so %_libdir/pkgconfig/SDL_image.pc ++++++ _service ++++++ <services> <service name="tar_scm" mode="disabled"> <param name="scm">hg</param> <param name="url">http://hg.libsdl.org/SDL_image/</param> <param name="revision">SDL-1.2</param> <param name="versionformat">1.2.12+hg{rev}</param> <!-- boo#508084 --> <param name="exclude">VisualC*</param> <param name="exclude">Xcode*</param> <param name="exclude">Watcom*</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> <param name="compression">xz</param> </service> <service name="set_version" mode="disabled"/> </services>
