Hello community, here is the log from the commit of package upx for openSUSE:Leap:15.2 checked in at 2020-02-04 17:59:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/upx (Old) and /work/SRC/openSUSE:Leap:15.2/.upx.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "upx" Tue Feb 4 17:59:51 2020 rev:10 rq:769895 version:3.96 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/upx/upx.changes 2020-01-15 16:27:05.332708341 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.upx.new.26092/upx.changes 2020-02-04 18:00:00.856951939 +0100 @@ -1,0 +2,41 @@ +Thu Jan 23 06:58:20 UTC 2020 - Ismail Dönmez <[email protected]> + +- Update to version 3.96 + * Bug fixes: + [CVE-2019-1010048, boo#1141777] + [CVE-2019-14296, boo#1143839] + [CVE-2019-20021, boo#1159833] + [CVE-2019-20053, boo#1159920] + [CVE-2018-11243 partially - ticket 206 ONLY, boo#1094138] + +------------------------------------------------------------------- +Tue Oct 30 09:54:31 UTC 2018 - Jan Engelhardt <[email protected]> + +- Trim bias from description. + +------------------------------------------------------------------- +Sun Oct 28 18:27:40 UTC 2018 - Luigi Baldoni <[email protected]> + +- Update to version 3.95 + * Flag --force-pie when ET_DYN main program is not marked as + DF_1_PIE + * Better compatibility with varying layout of address space on + Linux + * Support for 4 PT_LOAD layout in ELF generated by binutils-2.31 + * bug fixes, particularly better diagnosis of malformed input + * bug fixes - see https://github.com/upx/upx/milestone/4 + +- Dropped 0001-Protect-against-bad-crafted-input.patch, + 0002-Protect-against-bad-crafted-input.patch and + 0001-Mach-o-defend-against-bad-crafted-input.patch (merged + upstream) + +- Drop lzma922.tar.bz2 (which wasn't being used in the first + place) and lzma-x-endian.patch which no longer applies to + the integrated lzma-sdk. The in-tree lzma-sdk is actually a fork + from an older version but recommended by the author, see + src/stub/src/c/Makevars.lzma + +- Spec cleanup + +------------------------------------------------------------------- Old: ---- 0001-Mach-o-defend-against-bad-crafted-input.patch 0001-Protect-against-bad-crafted-input.patch 0002-Protect-against-bad-crafted-input.patch lzma-x-endian.patch lzma922.tar.bz2 upx-3.94-src.tar.xz New: ---- upx-3.96-src.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ upx.spec ++++++ --- /var/tmp/diff_new_pack.i1LlUd/_old 2020-02-04 18:00:01.492952323 +0100 +++ /var/tmp/diff_new_pack.i1LlUd/_new 2020-02-04 18:00:01.500952328 +0100 @@ -1,7 +1,7 @@ # # spec file for package upx # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,72 +12,52 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: upx -Version: 3.94 +Version: 3.96 Release: 0 Summary: The Ultimate Packer for eXecutables -License: GPL-2.0+ +License: GPL-2.0-or-later Group: Development/Tools/Other -Url: https://upx.github.io/ - +URL: https://upx.github.io/ Source: https://github.com/upx/upx/releases/download/v%{version}/upx-%{version}-src.tar.xz -Source1: http://downloads.sf.net/sevenzip/lzma922.tar.bz2 +Patch0: upx-aarch64.patch +Patch1: upx-endiantests.patch BuildRequires: gcc-c++ BuildRequires: libucl1-devel BuildRequires: zlib-devel -BuildRoot: %{_tmppath}/%{name}-%{version}-build -Patch0: upx-aarch64.patch -Patch1: upx-endiantests.patch -Patch2: lzma-x-endian.patch -Patch3: 0001-Protect-against-bad-crafted-input.patch -Patch4: 0002-Protect-against-bad-crafted-input.patch -Patch5: 0001-Mach-o-defend-against-bad-crafted-input.patch %description -UPX is a free, portable, extendable, high-performance executable packer -for several different executable formats. It achieves an excellent -compression ratio and offers very fast decompression. Your executables -suffer no memory overhead or other drawbacks. +UPX is a compressor for several different executable formats. +Programs receive a stub that makes them self-runnable. When run, +decompression either happens in memory in-place if possible, or to a +temporary file, the latter of which does not support setuid programs, +or the proper name in argv[0]. %prep %setup -q -n %{name}-%{version}-src %patch0 -p1 %patch1 -p1 -mkdir "%_builddir/lzma-x" -pushd "%_builddir/lzma-x" -tar -xf "%{S:1}" -%patch2 -p1 -popd -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -# BSD-4 clause licensed file, remove just in case bnc#753791 +# BSD-4-Clause licensed file, remove just in case bnc#753791 rm src/stub/src/i386-dos32.djgpp2-stubify.asm %build -export UPX_LZMADIR="%{_builddir}/lzma-x" -export UPX_LZMA_VERSION=0x922 -export UPX_UCLDIR=%{_prefix} -export CXX=g++ -# silly whitespace checker runs over all files and chokes on upx.out -make %{?_smp_mflags} -C src CHECK_WHITESPACE=/bin/true \ - CXXFLAGS_OPTIMIZE="%{optflags} -fvisibility=hidden -fvisibility-inlines-hidden" -make -C doc +make %{?_smp_mflags} -C src CXXFLAGS_OPTIMIZE="%{optflags}" +make %{?_smp_mflags} -C doc %install install -D -m 0755 src/upx.out %{buildroot}%{_bindir}/upx install -D -m 0644 doc/upx.1 %{buildroot}%{_mandir}/man1/upx.1 %files -%defattr(-, root, root) -%doc BUGS COPYING LICENSE NEWS PROJECTS README README.SRC THANKS +%license COPYING LICENSE +%doc BUGS NEWS PROJECTS README README.SRC THANKS %doc doc/upx.html -%doc %{_mandir}/man1/* -%{_bindir}/* +%{_bindir}/%{name} +%{_mandir}/man1/%{name}.1%{?ext_man} %changelog ++++++ upx-3.94-src.tar.xz -> upx-3.96-src.tar.xz ++++++ ++++ 84965 lines of diff (skipped)
