Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package utf8proc for openSUSE:Factory checked in at 2026-01-03 17:25:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/utf8proc (Old) and /work/SRC/openSUSE:Factory/.utf8proc.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "utf8proc" Sat Jan 3 17:25:44 2026 rev:17 rq:1325058 version:2.11.3 Changes: -------- --- /work/SRC/openSUSE:Factory/utf8proc/utf8proc.changes 2025-11-25 15:51:10.394249630 +0100 +++ /work/SRC/openSUSE:Factory/.utf8proc.new.1928/utf8proc.changes 2026-01-03 17:25:47.235723581 +0100 @@ -1,0 +2,7 @@ +Wed Dec 31 12:48:03 UTC 2025 - Andreas Stieger <[email protected]> + +- update to 2.11.3: + * Correct out-of-bounds memory access when calling utf8proc_map + with both UTF8PROC_CHARBOUND and UTF8PROC_COMPOSE + +------------------------------------------------------------------- Old: ---- utf8proc-2.11.2.tar.gz New: ---- utf8proc-2.11.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ utf8proc.spec ++++++ --- /var/tmp/diff_new_pack.EV02BG/_old 2026-01-03 17:25:48.447773281 +0100 +++ /var/tmp/diff_new_pack.EV02BG/_new 2026-01-03 17:25:48.447773281 +0100 @@ -19,7 +19,7 @@ %define lib_ver 3 Name: utf8proc -Version: 2.11.2 +Version: 2.11.3 Release: 0 Summary: Library for processing UTF-8 encoded Unicode strings License: MIT ++++++ utf8proc-2.11.2.tar.gz -> utf8proc-2.11.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8proc-2.11.2/.github/workflows/ci-fuzz.yml new/utf8proc-2.11.3/.github/workflows/ci-fuzz.yml --- old/utf8proc-2.11.2/.github/workflows/ci-fuzz.yml 2025-11-22 20:14:03.000000000 +0100 +++ new/utf8proc-2.11.3/.github/workflows/ci-fuzz.yml 2025-12-30 17:54:31.000000000 +0100 @@ -16,7 +16,7 @@ fuzz-seconds: 600 dry-run: false - name: Upload Crash - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 if: failure() with: name: artifacts diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8proc-2.11.2/.github/workflows/cmake.yml new/utf8proc-2.11.3/.github/workflows/cmake.yml --- old/utf8proc-2.11.2/.github/workflows/cmake.yml 2025-11-22 20:14:03.000000000 +0100 +++ new/utf8proc-2.11.3/.github/workflows/cmake.yml 2025-12-30 17:54:31.000000000 +0100 @@ -27,7 +27,7 @@ run: ctest --test-dir build -V - name: Upload shared lib if: matrix.shared == 'ON' - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: ${{ matrix.os }} path: | @@ -73,7 +73,7 @@ run: ctest --test-dir build -V - name: Upload shared lib if: matrix.shared == 'ON' - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: windows-mingw64 path: build/libutf8proc.* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8proc-2.11.2/.github/workflows/make.yml new/utf8proc-2.11.3/.github/workflows/make.yml --- old/utf8proc-2.11.2/.github/workflows/make.yml 2025-11-22 20:14:03.000000000 +0100 +++ new/utf8proc-2.11.3/.github/workflows/make.yml 2025-12-30 17:54:31.000000000 +0100 @@ -35,7 +35,7 @@ - name: Make lib run: make - name: Upload shared lib - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: make-${{ matrix.os }} path: libutf8proc.* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8proc-2.11.2/CMakeLists.txt new/utf8proc-2.11.3/CMakeLists.txt --- old/utf8proc-2.11.2/CMakeLists.txt 2025-11-22 20:14:03.000000000 +0100 +++ new/utf8proc-2.11.3/CMakeLists.txt 2025-12-30 17:54:31.000000000 +0100 @@ -5,14 +5,14 @@ disallow_intree_builds() # API version - be sure to update utf8proc.h and Makefile, too! -project (utf8proc VERSION 2.11.2 LANGUAGES C) +project (utf8proc VERSION 2.11.3 LANGUAGES C) # This is the ABI version number, which may differ from the # API version number (defined in utf8proc.h and above). # Be sure to also update these in Makefile and MANIFEST! set(SO_MAJOR 3) set(SO_MINOR 2) -set(SO_PATCH 2) +set(SO_PATCH 3) option(UTF8PROC_INSTALL "Enable installation of utf8proc" On) option(UTF8PROC_ENABLE_TESTING "Enable testing of utf8proc" Off) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8proc-2.11.2/MANIFEST new/utf8proc-2.11.3/MANIFEST --- old/utf8proc-2.11.2/MANIFEST 2025-11-22 20:14:03.000000000 +0100 +++ new/utf8proc-2.11.3/MANIFEST 2025-12-30 17:54:31.000000000 +0100 @@ -2,8 +2,8 @@ include/utf8proc.h lib/ lib/libutf8proc.a -lib/libutf8proc.so -> libutf8proc.so.3.2.2 -lib/libutf8proc.so.2 -> libutf8proc.so.3.2.2 -lib/libutf8proc.so.3.2.2 +lib/libutf8proc.so -> libutf8proc.so.3.2.3 +lib/libutf8proc.so.2 -> libutf8proc.so.3.2.3 +lib/libutf8proc.so.3.2.3 lib/pkgconfig/ lib/pkgconfig/libutf8proc.pc diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8proc-2.11.2/Makefile new/utf8proc-2.11.3/Makefile --- old/utf8proc-2.11.2/Makefile 2025-11-22 20:14:03.000000000 +0100 +++ new/utf8proc-2.11.3/Makefile 2025-12-30 17:54:31.000000000 +0100 @@ -24,10 +24,10 @@ # Be sure to also update these ABI versions in MANIFEST and CMakeLists.txt! MAJOR=3 MINOR=2 -PATCH=2 +PATCH=3 # api version (also in utf8proc.h and CMakeLists.txt) -VERSION=2.11.2 +VERSION=2.11.3 OS := $(shell uname) ifeq ($(OS),Darwin) # MacOS X diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8proc-2.11.2/NEWS.md new/utf8proc-2.11.3/NEWS.md --- old/utf8proc-2.11.2/NEWS.md 2025-11-22 20:14:03.000000000 +0100 +++ new/utf8proc-2.11.3/NEWS.md 2025-12-30 17:54:31.000000000 +0100 @@ -1,5 +1,11 @@ # utf8proc release history # +## Version 2.11.3 ## + +2025-12-30 + +- Correct out-of-bounds memory access when calling `utf8proc_map` with both `UTF8PROC_CHARBOUND` and `UTF8PROC_COMPOSE` ([#323]). + ## Version 2.11.2 ## 2025-11-22 @@ -484,3 +490,4 @@ [#295]: https://github.com/JuliaStrings/utf8proc/issues/295 [#311]: https://github.com/JuliaStrings/utf8proc/issues/311 [#317]: https://github.com/JuliaStrings/utf8proc/issues/317 +[#323]: https://github.com/JuliaStrings/utf8proc/issues/323 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8proc-2.11.2/test/fuzzer.c new/utf8proc-2.11.3/test/fuzzer.c --- old/utf8proc-2.11.2/test/fuzzer.c 2025-11-22 20:14:03.000000000 +0100 +++ new/utf8proc-2.11.3/test/fuzzer.c 2025-12-30 17:54:31.000000000 +0100 @@ -93,5 +93,8 @@ utf8proc_map(data, len, &str, UTF8PROC_CHARBOUND | UTF8PROC_DECOMPOSE); free(str); + utf8proc_map(data, len, &str, UTF8PROC_CHARBOUND | UTF8PROC_COMPOSE); + free(str); + return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8proc-2.11.2/utf8proc.c new/utf8proc-2.11.3/utf8proc.c --- old/utf8proc-2.11.2/utf8proc.c 2025-11-22 20:14:03.000000000 +0100 +++ new/utf8proc-2.11.3/utf8proc.c 2025-12-30 17:54:31.000000000 +0100 @@ -662,6 +662,10 @@ utf8proc_ssize_t wpos = 0; for (rpos = 0; rpos < length; rpos++) { utf8proc_int32_t current_char = buffer[rpos]; + if (current_char < 0) { + /* skip grapheme break */ + continue; + } const utf8proc_property_t *current_property = unsafe_get_property(current_char); if (starter && current_property->combining_class > max_combining_class) { /* combination perhaps possible */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8proc-2.11.2/utf8proc.h new/utf8proc-2.11.3/utf8proc.h --- old/utf8proc-2.11.2/utf8proc.h 2025-11-22 20:14:03.000000000 +0100 +++ new/utf8proc-2.11.3/utf8proc.h 2025-12-30 17:54:31.000000000 +0100 @@ -73,7 +73,7 @@ /** The MINOR version number (increased when new functionality is added in a backwards-compatible manner). */ #define UTF8PROC_VERSION_MINOR 11 /** The PATCH version (increased for fixes that do not change the API). */ -#define UTF8PROC_VERSION_PATCH 2 +#define UTF8PROC_VERSION_PATCH 3 /** @} */ #include <stdlib.h>
