Hello community, here is the log from the commit of package optipng for openSUSE:Factory checked in at 2018-01-13 21:48:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/optipng (Old) and /work/SRC/openSUSE:Factory/.optipng.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "optipng" Sat Jan 13 21:48:34 2018 rev:36 rq:563780 version:0.7.7 Changes: -------- --- /work/SRC/openSUSE:Factory/optipng/optipng.changes 2017-11-27 22:18:31.458388237 +0100 +++ /work/SRC/openSUSE:Factory/.optipng.new/optipng.changes 2018-01-13 21:48:38.459295751 +0100 @@ -1,0 +2,18 @@ +Fri Jan 12 07:57:59 UTC 2018 - pgaj...@suse.com + +- update to 0.7.7: + * Upgraded minitiff to version 0.2. + !! Fixed a buffer overflow vulnerability in the GIF decoder. + [Reported by Joonun Jang] + !! Fixed an integer overflow vulnerability in the TIFF decoder. + [Reported by Jaeseung Choi] + ! Fixed the build on macOS High Sierra. + [Reported by various users] + [Fixed by Yuen Ho Wong and Friedrich Preuss] + ! Fixed the build on DJGPP. + * Disallowed out-of-bounds values in rangeset options. +- removed upstream patches: + - optipng-CVE-2017-1000229.patch + - optipng-CVE-2017-16938.patch + +------------------------------------------------------------------- Old: ---- optipng-0.7.6.tar.gz optipng-CVE-2017-1000229.patch optipng-CVE-2017-16938.patch New: ---- optipng-0.7.7.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ optipng.spec ++++++ --- /var/tmp/diff_new_pack.uixEgK/_old 2018-01-13 21:48:40.015223210 +0100 +++ /var/tmp/diff_new_pack.uixEgK/_new 2018-01-13 21:48:40.031222464 +0100 @@ -1,7 +1,7 @@ # # spec file for package optipng # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: optipng -Version: 0.7.6 +Version: 0.7.7 Release: 0 Summary: A PNG File Compressor License: Zlib @@ -25,8 +25,6 @@ Url: http://optipng.sourceforge.net/ Source0: http://downloads.sourceforge.net/project/optipng/OptiPNG/optipng-%{version}/optipng-%{version}.tar.gz Source1: macros.optipng -Patch0: optipng-CVE-2017-1000229.patch -Patch1: optipng-CVE-2017-16938.patch BuildRequires: libpng-devel BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -39,8 +37,6 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 %build # not autotools generated configure ++++++ optipng-0.7.6.tar.gz -> optipng-0.7.7.tar.gz ++++++ ++++ 49542 lines of diff (skipped)
