Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package netpbm for openSUSE:Factory checked
in at 2024-07-14 08:48:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/netpbm (Old)
and /work/SRC/openSUSE:Factory/.netpbm.new.17339 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "netpbm"
Sun Jul 14 08:48:47 2024 rev:82 rq:1187057 version:11.7.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/netpbm/netpbm.changes 2024-02-06
16:32:34.206737681 +0100
+++ /work/SRC/openSUSE:Factory/.netpbm.new.17339/netpbm.changes 2024-07-14
08:49:00.949183373 +0200
@@ -1,0 +2,45 @@
+Fri Jul 12 10:29:32 UTC 2024 - pgaj...@suse.com
+
+- fix CVE-2024-38526 [bsc#1227693] Polyfill Supplay Chain Attack
+
+-------------------------------------------------------------------
+Fri Jul 12 09:55:14 UTC 2024 - pgaj...@suse.com
+
+- version update to 11.7.0
+ * Release 11.07.00
+ + libnetpbm: Fix double free crash when memory allocation via
+ REALLOCARRAY fails. Introduced in Netpbm 10.40 (September
+ 2007).
+ + libnetpbm: Allow color dictionary with more than 1000 entries.
+ + ppmhist, ppmtoxpm: Work with color dictionary with more than
+ 1000 color entries.
+ + rgb.txt: Add Resene paint colors, 2010.
+ * Release 11.06.00
+ + pamcut: add -reportonly.
+ + infotopam: Add input validation.
+ + infotopam: Remove input file name from messages. Add -verbose
+ and issue informational message only if it is specified.
+ + libnetpbm: Don't ignore garbage at the end of a color specifier
+ (e.g. rgbi:0/.5/1xyz).
+ + color database: change names of "Spring Green", "Lamp Black",
+ and "light grey" to "SpringGreen", "LampBlack", and "LightGrey"
+ to be consistent with other color names.
+ + pamcut: fix incorrect output when rectangle to cut is entirely
+ above the input image. Invisible junk after image. Always
+ broken. (The ability to cut outside the input image was new in
+ pamcut's predecessor pnmcut in Netpbm 9.7 (August 2000).
+ + pamcut: fix incorrect output with PBM input when rectangle to
+ cut is entirely below the input image. Invisible junk after
+ image. Broken in Netpbm 10.44 (September 2008).
+ + ppmtowinicon: fix array overrun with 4 and 8 bits per pixel.
+ Broken in Netpbm 11.05 (December 2023).
+ + infotopam: fix incorrect output -- columns always in wrong
+ place. Always broken. (infotopam was new in Netpbm 10.22 (May
+ 2004)).
+ + pamseq: fix typo in error message.
+ + build: makeman: fix warning about backslashes in strings.
+- modified patches
+ % netpbm-gcc-warnings.patch (refreshed)
+ % netpbm-security-code.patch (refreshed)
+
+-------------------------------------------------------------------
Old:
----
netpbm-11.5.2-documentation.tar.bz2
netpbm-11.5.2-nohpcdtoppm-noppmtompeg.tar.bz2
New:
----
netpbm-11.7.0-documentation.tar.bz2
netpbm-11.7.0-nohpcdtoppm-noppmtompeg.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ netpbm.spec ++++++
--- /var/tmp/diff_new_pack.zAJmQ4/_old 2024-07-14 08:49:01.797214392 +0200
+++ /var/tmp/diff_new_pack.zAJmQ4/_new 2024-07-14 08:49:01.797214392 +0200
@@ -20,10 +20,10 @@
%define asan_build 0
%define ubsan_build 0
%define libmaj 11
-%define libmin 105
+%define libmin 107
%define libver %{libmaj}.%{libmin}
Name: netpbm
-Version: 11.5.2
+Version: 11.7.0
Release: 0
Summary: A Graphics Conversion Package
License: BSD-3-Clause AND GPL-2.0-or-later AND IJG AND MIT AND
SUSE-Public-Domain
@@ -117,9 +117,12 @@
%endif
make %{?_smp_mflags} CFLAGS="$CFLAGS"
rm doc/INSTALL
-#
-# convert html to man pages
+# DOC
cd netpbm.sourceforge.net/doc
+# CVE-2024-38526
+# notified upstream on 2024-07-12
+sed -i 's/polyfill.io/cdnjs.cloudflare.com/' pamhomography.html
+# convert html to man pages
../../buildtools/makeman *.html
for i in 1 3 5 ; do
mkdir -p ../../man/man${i}
@@ -145,6 +148,10 @@
%postun -n libnetpbm%{libmaj} -p /sbin/ldconfig
%check
+# HOWTO run tests manually:
+# $ LD_LIBRARY_PATH=lib PATH=package/bin pamtowinicon -pngthreshold=1
package-test-tmp/testimg1.pam
+# pamtowinicon: bad magic number 0xf0f - not a PAM, PPM, PGM, or PBM file
+# $
%if %{asan_build}
export LSAN_OPTIONS="detect_leaks=0"
%endif
@@ -159,14 +166,19 @@
sed -i '/stdin-ppm3.test/d' test/Test-Order
# pstopnm is not shipped
sed -i '/^l\?ps.*\.test/d' test/Test-Order
-# new winicon-roundtrip2.test failure reported to bry...@giraffe-data.com on
2020-12-29
-# $ LD_LIBRARY_PATH=lib PATH=package/bin pamtowinicon -pngthreshold=1
package-test-tmp/testimg1.pam
-# pamtowinicon: bad magic number 0xf0f - not a PAM, PPM, PGM, or PBM file
-# $
-sed -i '/winicon-roundtrip2.test/d' test/Test-Order
# Unable to exec 'gs'
sed -i '/pbmtextps.test/d' test/Test-Order
sed -i '/stdin-pnm2.test/d' test/Test-Order
+# reported to bry...@giraffe-data.com on 2024-07-12
+# == xpm-roundtrip.test ==
+# ppmtoxpm: (Computing colormap...
+# ppmtoxpm: ...Done. 20314 colors found.)
+# ppmtoxpm: (Computing colormap...
+# ppmtoxpm: ...Done. 2 colors found.)
+# xpmtoppm: EOF or read error on input file
+# pgmtopbm: Error reading first byte of what is expected to be a Netpbm magic
number. Most often, this means your input file is empty
+# xpm-roundtrip.test: FAILURE
+sed -i '/xpm-roundtrip.test/d' test/Test-Order
mkdir package-test-{tmp,results}
make pkgdir=`pwd`/package tmpdir=`pwd`/package-test-tmp
RESULTDIR=`pwd`/package-test-results check-package
++++++ netpbm-11.5.2-documentation.tar.bz2 ->
netpbm-11.7.0-documentation.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/netpbm/netpbm-11.5.2-documentation.tar.bz2
/work/SRC/openSUSE:Factory/.netpbm.new.17339/netpbm-11.7.0-documentation.tar.bz2
differ: char 11, line 1
++++++ netpbm-11.5.2-nohpcdtoppm-noppmtompeg.tar.bz2 ->
netpbm-11.7.0-nohpcdtoppm-noppmtompeg.tar.bz2 ++++++
++++ 12977 lines of diff (skipped)
++++++ netpbm-gcc-warnings.patch ++++++
--- /var/tmp/diff_new_pack.zAJmQ4/_old 2024-07-14 08:49:02.749249214 +0200
+++ /var/tmp/diff_new_pack.zAJmQ4/_new 2024-07-14 08:49:02.753249360 +0200
@@ -1,7 +1,7 @@
-Index: netpbm-11.5.2/converter/other/pngx.c
+Index: netpbm-11.7.0/converter/other/pngx.c
===================================================================
---- netpbm-11.5.2.orig/converter/other/pngx.c
-+++ netpbm-11.5.2/converter/other/pngx.c
+--- netpbm-11.7.0.orig/converter/other/pngx.c
++++ netpbm-11.7.0/converter/other/pngx.c
@@ -370,6 +370,7 @@ pngx_srgbIntentDesc(pngx_srgbIntent cons
case PNGX_ABSOLUTE_COLORIMETRIC: return "ABSOLUTE_COLORIMETRIC";
}
@@ -18,22 +18,22 @@
}
-Index: netpbm-11.5.2/lib/libpm.c
+Index: netpbm-11.7.0/lib/libpm.c
===================================================================
---- netpbm-11.5.2.orig/lib/libpm.c
-+++ netpbm-11.5.2/lib/libpm.c
+--- netpbm-11.7.0.orig/lib/libpm.c
++++ netpbm-11.7.0/lib/libpm.c
@@ -440,6 +440,7 @@ pm_maxvaltobits(int const maxval) {
- pm_error( "maxval of %d is too large!", maxval );
+ pm_error("maxval of %d is too large!", maxval);
assert(false);
+ return 0;
}
-Index: netpbm-11.5.2/lib/libpnm3.c
+Index: netpbm-11.7.0/lib/libpnm3.c
===================================================================
---- netpbm-11.5.2.orig/lib/libpnm3.c
-+++ netpbm-11.5.2/lib/libpnm3.c
+--- netpbm-11.7.0.orig/lib/libpnm3.c
++++ netpbm-11.7.0/lib/libpnm3.c
@@ -446,6 +446,8 @@ pnm_bittoxel(bit const inputBit,
case PBM_WHITE: return pnm_whitexel(maxval, PBM_TYPE); break;
default:
++++++ netpbm-security-code.patch ++++++
++++ 961 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/netpbm/netpbm-security-code.patch
++++ and /work/SRC/openSUSE:Factory/.netpbm.new.17339/netpbm-security-code.patch
