commit djvulibre for openSUSE:Factory

Source-Sync Tue, 08 Jul 2025 06:29:43 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package djvulibre for openSUSE:Factory 
checked in at 2025-07-08 15:28:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/djvulibre (Old)
 and      /work/SRC/openSUSE:Factory/.djvulibre.new.7373 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "djvulibre"

Tue Jul  8 15:28:12 2025 rev:47 rq:1290990 version:3.5.29

Changes:
--------
--- /work/SRC/openSUSE:Factory/djvulibre/djvulibre.changes      2024-02-23 
16:40:54.737729933 +0100
+++ /work/SRC/openSUSE:Factory/.djvulibre.new.7373/djvulibre.changes    
2025-07-08 15:28:39.013269621 +0200
@@ -1,0 +2,19 @@
+Mon Jul  7 08:04:45 UTC 2025 - pgaj...@suse.com
+
+- version update to 3.5.29 [bsc#1245773] (CVE-2025-53367)
+  * various bug fixes
+  * additional tests for corrupted files
+  * fixes for clang warnings
+- deleted patches
+  - djvulibre-CVE-2021-32490.patch (upstreamed)
+  - djvulibre-CVE-2021-32491.patch (upstreamed)
+  - djvulibre-CVE-2021-32492.patch (upstreamed)
+  - djvulibre-CVE-2021-32493.patch (upstreamed)
+  - djvulibre-CVE-2021-46310.patch (upstreamed)
+- fixes  CVE-2021-32490 [bsc#1185895]
+         CVE-2021-32491 [bsc#1185900]
+         CVE-2021-32492 [bsc#1185904]
+         CVE-2021-32493 [bsc#1185905]
+         CVE-2021-46310 [bsc#1214670]
+
+-------------------------------------------------------------------

Old:
----
  djvulibre-3.5.28.tar.gz
  djvulibre-CVE-2021-32490.patch
  djvulibre-CVE-2021-32491.patch
  djvulibre-CVE-2021-32492.patch
  djvulibre-CVE-2021-32493.patch
  djvulibre-CVE-2021-46310.patch

New:
----
  djvulibre-3.5.29.tar.gz

----------(Old B)----------
  Old:- deleted patches
  - djvulibre-CVE-2021-32490.patch (upstreamed)
  - djvulibre-CVE-2021-32491.patch (upstreamed)
  Old:  - djvulibre-CVE-2021-32490.patch (upstreamed)
  - djvulibre-CVE-2021-32491.patch (upstreamed)
  - djvulibre-CVE-2021-32492.patch (upstreamed)
  Old:  - djvulibre-CVE-2021-32491.patch (upstreamed)
  - djvulibre-CVE-2021-32492.patch (upstreamed)
  - djvulibre-CVE-2021-32493.patch (upstreamed)
  Old:  - djvulibre-CVE-2021-32492.patch (upstreamed)
  - djvulibre-CVE-2021-32493.patch (upstreamed)
  - djvulibre-CVE-2021-46310.patch (upstreamed)
  Old:  - djvulibre-CVE-2021-32493.patch (upstreamed)
  - djvulibre-CVE-2021-46310.patch (upstreamed)
- fixes  CVE-2021-32490 [bsc#1185895]
----------(Old E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ djvulibre.spec ++++++
--- /var/tmp/diff_new_pack.iEes2S/_old  2025-07-08 15:28:41.993394127 +0200
+++ /var/tmp/diff_new_pack.iEes2S/_new  2025-07-08 15:28:42.009394795 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package djvulibre
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,25 +20,15 @@
 
 %define        libname lib%{name}21
 Name:           djvulibre
-Version:        3.5.28
+Version:        3.5.29
 Release:        0
 Summary:        An Implementation of DjVu
 License:        GPL-2.0-or-later
 Group:          Productivity/Graphics/Other
 URL:            http://djvu.sourceforge.net
 Source:         
https://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz
-# CVE-2021-32490 [bsc#1185895], Out of bounds write in function 
DJVU:filter_bv() via crafted djvu file
-Patch0:         djvulibre-CVE-2021-32490.patch
-# CVE-2021-32491 [bsc#1185900], Integer overflow in function render() in 
tools/ddjvu via crafted djvu file
-Patch1:         djvulibre-CVE-2021-32491.patch
-# CVE-2021-32492 [bsc#1185904], Out of bounds read in function 
DJVU:DataPool:has_data() via crafted djvu file
-Patch2:         djvulibre-CVE-2021-32492.patch
-# CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function 
DJVU:GBitmap:decode() via crafted djvu file
-Patch3:         djvulibre-CVE-2021-32493.patch
 # CVE-2021-3500 [bsc#1186253], Stack overflow in function 
DJVU:DjVuDocument:get_djvu_file() via crafted djvu file
 Patch4:         djvulibre-CVE-2021-3500.patch
-# CVE-2021-46310 [bsc#1214670], divide by zero in IW44Image.cpp
-Patch5:         djvulibre-CVE-2021-46310.patch
 # CVE-2021-46312 [bsc#1214672], divide by zero in IW44EncodeCodec.cpp
 Patch6:         djvulibre-CVE-2021-46312.patch
 BuildRequires:  fdupes

++++++ djvulibre-3.5.28.tar.gz -> djvulibre-3.5.29.tar.gz ++++++
++++ 25705 lines of diff (skipped)

commit djvulibre for openSUSE:Factory

Reply via email to