Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gsl for openSUSE:Factory checked in at 2026-03-28 20:13:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gsl (Old) and /work/SRC/openSUSE:Factory/.gsl.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gsl" Sat Mar 28 20:13:19 2026 rev:57 rq:1342918 version:2.8 Changes: -------- --- /work/SRC/openSUSE:Factory/gsl/gsl.changes 2025-04-03 16:46:00.293086851 +0200 +++ /work/SRC/openSUSE:Factory/.gsl.new.8177/gsl.changes 2026-03-28 20:14:33.008392161 +0100 @@ -1,0 +2,6 @@ +Thu Mar 26 13:52:55 UTC 2026 - Adam Majer <[email protected]> + +- CVE-2024-50610.patch: add patch for integer overflow (invalid API call) (bsc#1232453, CVE-2024-50610) +- Use autosetup for patches + +------------------------------------------------------------------- New: ---- CVE-2024-50610.patch _scmsync.obsinfo build.specials.obscpio ----------(New B)---------- New: - CVE-2024-50610.patch: add patch for integer overflow (invalid API call) (bsc#1232453, CVE-2024-50610) - Use autosetup for patches ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gsl.spec ++++++ --- /var/tmp/diff_new_pack.bswVOV/_old 2026-03-28 20:14:33.660419071 +0100 +++ /var/tmp/diff_new_pack.bswVOV/_new 2026-03-28 20:14:33.660419071 +0100 @@ -29,6 +29,7 @@ Source0: https://ftp.gnu.org/pub/gnu/%{name}/%{name}-%{version}.tar.gz Source1: https://ftp.gnu.org/pub/gnu/%{name}/%{name}-%{version}.tar.gz.sig Source2: https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gsl&download=1#/%{name}.keyring +Patch1: CVE-2024-50610.patch Patch6: gsl-qawc-test-x86-precision.diff Patch7: gsl-disable-fma.patch # PATCH-FIX-UPSTREAM gsl-bspline-missing-definition.patch svg#65868 [email protected] -- Add missing definition for gsl_bspline_eval_nonzero @@ -124,10 +125,7 @@ This package contains examples for GSL %prep -%setup -q -n %{name}-%{version} -%patch -P 6 -%patch -P 7 -p1 -%patch -P 8 -p1 +%autosetup -n %{name}-%{version} -p1 %build autoreconf -fiv ++++++ CVE-2024-50610.patch ++++++ Description: The n_tries parameter has to be positive Author: Dirk Eddelbuettel <[email protected]> Bug-Debian: https://bugs.debian.org/1086206 Bug: https://lists.gnu.org/archive/html/bug-gsl/2024-09/msg00000.html Last-Update: 2024-10-28 Index: gsl-2.8/siman/siman.c =================================================================== --- gsl-2.8.orig/siman/siman.c +++ gsl-2.8/siman/siman.c @@ -197,6 +197,9 @@ gsl_siman_solve_many (const gsl_rng * r, double u; /* throw the die to choose a new "x" */ int n_iter; + /* this function requires that n_tries be positive */ + assert(params.n_tries > 0); + if (print_position) { printf ("#-iter temperature position"); printf (" delta_pos energy\n"); ++++++ _scmsync.obsinfo ++++++ mtime: 1774534342 commit: 2ec4b574be01c905f83a91b026682b839cfce0521a5b24d164c818d54d0880ec url: https://src.opensuse.org/adamm/gsl.git revision: factory ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-03-26 16:03:19.000000000 +0100 @@ -0,0 +1,4 @@ +*.obscpio +*.osc +_build.* +.pbuild ++++++ gsl-qawc-test-x86-precision.diff ++++++ --- /var/tmp/diff_new_pack.bswVOV/_old 2026-03-28 20:14:33.816425510 +0100 +++ /var/tmp/diff_new_pack.bswVOV/_new 2026-03-28 20:14:33.824425840 +0100 @@ -1,5 +1,5 @@ ---- integration/test.c.orig -+++ integration/test.c +--- a/integration/test.c ++++ b/integration/test.c @@ -1754,7 +1754,11 @@ int main (void) gsl_test_rel(w->rlist[i],r[i],1e-14,"qawc(f459) rlist") ; @@ -12,8 +12,8 @@ for (i = 0; i < 6 ; i++) gsl_test_int((int)w->order[i],order[i]-1,"qawc(f459) order"); ---- configure.ac.orig -+++ configure.ac +--- a/configure.ac ++++ b/configure.ac @@ -87,7 +87,9 @@ AC_CANONICAL_HOST dnl Checks for programs.
