Hello community, here is the log from the commit of package GraphicsMagick for openSUSE:Factory checked in at 2017-07-01 14:06:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/GraphicsMagick (Old) and /work/SRC/openSUSE:Factory/.GraphicsMagick.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "GraphicsMagick" Sat Jul 1 14:06:12 2017 rev:57 rq:507403 version:1.3.25 Changes: -------- --- /work/SRC/openSUSE:Factory/GraphicsMagick/GraphicsMagick.changes 2016-09-27 13:45:15.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.GraphicsMagick.new/GraphicsMagick.changes 2017-07-01 14:06:35.167304852 +0200 @@ -1,0 +2,6 @@ +Mon Jun 26 06:49:55 UTC 2017 - pgaj...@suse.com + +- complementary fix for CVE-2017-8350 [bsc#1036985 c13-c21] + * GraphicsMagick-CVE-2017-8350.patch + +------------------------------------------------------------------- New: ---- GraphicsMagick-CVE-2017-8350.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ GraphicsMagick.spec ++++++ --- /var/tmp/diff_new_pack.Dt7xQN/_old 2017-07-01 14:06:35.763220996 +0200 +++ /var/tmp/diff_new_pack.Dt7xQN/_new 2017-07-01 14:06:35.767220433 +0200 @@ -1,7 +1,7 @@ # # spec file for package GraphicsMagick # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -36,6 +36,7 @@ Patch0: %{name}-perl-link.patch Patch2: %{name}-debian-fixed.patch Patch10: %{name}-include.patch +Patch11: GraphicsMagick-CVE-2017-8350.patch BuildRequires: cups-client BuildRequires: dcraw BuildRequires: freetype2-devel @@ -150,7 +151,6 @@ %package devel Summary: Viewer and Converter for Images - files mandatory for development Group: Development/Libraries/C and C++ -# These comes from check in AB for 11.4 Requires: glibc-devel Requires: libGraphicsMagick-Q%{quant}-%{so_ver} = %{version} Requires: libGraphicsMagickWand-Q%{quant}-%{wand_so_ver} = %{version} @@ -231,6 +231,7 @@ %patch0 -p1 %patch2 -p1 %patch10 +%patch11 -p1 %build export PERLOPTS="PREFIX=%{buildroot}%{_prefix}" ++++++ GraphicsMagick-CVE-2017-8350.patch ++++++ --- a/coders/png.c Mon Jun 19 08:42:07 2017 -0500 +++ b/coders/png.c Thu Jun 22 16:20:44 2017 -0400 @@ -3531,6 +3531,7 @@ Don't throw exception here since ReadImage() will already have thrown it. */ + DestroyImage(image); return (Image *) NULL; }