Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package htmldoc for openSUSE:Factory checked in at 2022-01-14 23:12:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/htmldoc (Old) and /work/SRC/openSUSE:Factory/.htmldoc.new.1892 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "htmldoc" Fri Jan 14 23:12:45 2022 rev:28 rq:945830 version:1.9.14 Changes: -------- --- /work/SRC/openSUSE:Factory/htmldoc/htmldoc.changes 2021-11-06 18:17:58.476882804 +0100 +++ /work/SRC/openSUSE:Factory/.htmldoc.new.1892/htmldoc.changes 2022-01-14 23:13:22.198636793 +0100 @@ -1,0 +2,23 @@ +Wed Jan 12 09:35:58 UTC 2022 - Danilo Spinella <danilo.spine...@suse.com> + +- Update to version 1.9.14: + * BMP image support is now deprecated and will be removed in a future + release of HTMLDOC. + * Fixed a potential stack overflow bug with GIF images. + * Fixed the PDF creation date (Issue #455) + * Fixed a potential stack overflow bug with BMP images (Issue #456) + * Fixed a compile issue when libpng was not available (Issue #458) +- Update to version 1.9.13: + * Now install a 32x32 icon for Linux (Issue #432) + * Fixed an issue with large values for roman numerals and letters in headings (Issue #433) + * Fixed a crash bug when a HTML comment contains an invalid nul character (Issue #439) + * Fixed a crash bug with bogus BMP images (Issue #444) + * Fixed a potential heap overflow bug with bogus GIF images (Issue #451) + * Fixed a potential stack overflow bug with bogus BMP images (Issue #453) +- Fix CVE-2021-43579 stack-based buffer overflow in image_load_bmp() results in remote code + execution if the victim converts an HTML document linking to a crafted BMP file. + (CVE-2021-43579, bsc#1194487) +- Remove upstreamed patch htmldoc-CVE-2021-40985.patch + + +------------------------------------------------------------------- Old: ---- htmldoc-1.9.12-source.tar.gz htmldoc-CVE-2021-40985.patch New: ---- htmldoc-1.9.14-source.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ htmldoc.spec ++++++ --- /var/tmp/diff_new_pack.222LDS/_old 2022-01-14 23:13:22.702637118 +0100 +++ /var/tmp/diff_new_pack.222LDS/_new 2022-01-14 23:13:22.706637121 +0100 @@ -1,7 +1,7 @@ # # spec file for package htmldoc # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,15 +17,13 @@ Name: htmldoc -Version: 1.9.12 +Version: 1.9.14 Release: 0 Summary: HTML Processor that Generates HTML, PostScript, and PDF Files License: LGPL-2.1-or-later Group: Productivity/Publishing/HTML/Tools URL: https://michaelrsweet.github.io/htmldoc/index.html Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz -# CVE-2021-40985 [bsc#1192357], buffer overflow may lead to DoS via a crafted BMP image -Patch0: htmldoc-CVE-2021-40985.patch BuildRequires: fltk-devel BuildRequires: gcc-c++ BuildRequires: hicolor-icon-theme @@ -42,8 +40,7 @@ Portable Document Format (PDF) files that can be viewed online or printed. %prep -%setup -q -%patch0 -p1 +%autosetup %build %configure \ @@ -66,7 +63,6 @@ %doc CHANGES.md README.md %{_bindir}/htmldoc %{_datadir}/htmldoc -%{_datadir}/pixmaps/htmldoc.xpm %{_datadir}/icons/hicolor/*x*/apps/htmldoc.png %{_datadir}/mime/packages/htmldoc.xml %{_datadir}/applications/htmldoc.desktop ++++++ htmldoc-1.9.12-source.tar.gz -> htmldoc-1.9.14-source.tar.gz ++++++ ++++ 2330 lines of diff (skipped)
