Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2018-02-01 21:26:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libpng16" Thu Feb 1 21:26:04 2018 rev:37 rq:571330 version:1.6.34 Changes: -------- --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes 2017-08-12 19:42:49.729133282 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2018-02-01 21:26:05.706310202 +0100 @@ -1,0 +2,126 @@ +Wed Jan 31 09:57:56 UTC 2018 - pgaj...@suse.com + +- check with -j1 + +------------------------------------------------------------------- +Tue Jan 30 21:56:04 UTC 2018 - jeng...@inai.de + +- Fix SRPM group and grammar issues. + +------------------------------------------------------------------- +Tue Jan 30 15:32:19 UTC 2018 - pgaj...@suse.com + +- removed obsoleted Obsoletes + +------------------------------------------------------------------- +Sun Jan 28 02:00:45 UTC 2018 - avin...@opensuse.org + +- update to 1.6.34: + * Removed contrib/pngsuite/i*.png; some of these were incorrect + and caused test failures. +- includes 1.6.33: + * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added + missing parenthesis in contrib/pngminus/pnm2png.c + * Fixed off-by-one error in png_do_check_palette_indexes() + * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc + to fix shortlived oss-fuzz issue 3234. + * Compute a larger limit on IDAT because some applications write + a deflate buffer for each row + * Use current date (DATE) instead of release-date (RDATE) in last + changed date of contrib/oss-fuzz files. + * Enabled ARM support in CMakeLists.txt + * Fixed incorrect typecast of some arguments to png_malloc() and + png_calloc() that were png_uint_32 instead of png_alloc_size_t + * Use pnglibconf.h.prebuilt when building for ANDROID with cmake + * Initialize memory allocated by png_inflate to zero, using + memset, to stop an oss-fuzz "use of uninitialized value" + detection in png_set_text_2() due to truncated iTXt or zTXt + chunk. + * Initialize memory allocated by png_read_buffer to zero, using + memset, to stop an oss-fuzz "use of uninitialized value" + detection in png_icc_check_tag_table() due to truncated iCCP + chunk. + * Removed redundant tests + * Added an interlaced version of each file in contrib/pngsuite. + * Relocate new memset() call in pngrutil.c + * Add support for loading images with associated alpha in the + Simplified API + * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 + state + * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc + * Add end_info structure and png_read_end() to the libpng fuzzer +- includes 1.6.32: + * Avoid possible NULL dereference in png_handle_eXIf when + benign_errors are allowed. Avoid leaking the input buffer + "eXIf_buf". + * Eliminated png_ptr->num_exif member from pngstruct.h and added + num_exif to arguments for png_get_eXIf() and png_set_eXIf(). + * Added calls to png_handle_eXIf(() in pngread.c and + png_write_eXIf() in pngwrite.c, and made various other fixes + to png_write_eXIf(). + * Changed name of png_get_eXIF and png_set_eXIf() to + png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid + breaking API compatibility with libpng-1.6.31. + * Updated contrib/libtests/pngunknown.c with eXIf chunk. + * Initialized btoa[] in pngstest.c + * Stop memory leak when returning from png_handle_eXIf() with an + error + * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). + * Update libpng.3 and libpng-manual.txt about eXIf functions. + * Restored png_get_eXIf() and png_set_eXIf() to maintain API + compatability. + * Removed png_get_eXIf_1() and png_set_eXIf_1(). + * Check length of all chunks except IDAT against user limit to + fix an OSS-fuzz issue (Fixes CVE-2017-12652) + * Check length of IDAT against maximum possible IDAT size, + accounting for height, rowbytes, interlacing and zlib/deflate + overhead. + * Restored png_get_eXIf_1() and png_set_eXIf_1(), because + strlen(eXIf_buf) does not work (the eXIf chunk data can + contain zeroes). + * Revised symlink creation, no longer using deprecated cmake + LOCATION feature + * Fixed five-byte error in the calculation of IDAT maximum + possible size. + * Moved chunk-length check into a png_check_chunk_length() + private function + * Moved bad pngs from tests to contrib/libtests/crashers + * Moved testing of bad pngs into a separate + tests/pngtest-badpngs script + * Added the --xfail (expected FAIL) option to pngtest.c. It + writes XFAIL in the output but PASS for the libpng test. + * Require cmake-3.0.2 in CMakeLists.txt + * Fix "const" declaration info_ptr argument to png_get_eXIf_1() + and the num_exif argument to png_get_eXIf_1() + * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). + * Added huge_IDAT.png and empty_ancillary_chunks.png to + testpngs/crashers. + * Make pngtest --strict, --relax, --xfail options imply -m + (multiple). + * Removed unused chunk_name parameter from png_check_chunk_length(). + * Relocated setting free_me for eXIf data, to stop an OSS-fuzz' + leak. + * Initialize profile_header[] in png_handle_iCCP() to fix + OSS-fuzz issue. + * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix + OSS-fuzz UMR. + * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. + * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), + to account for the minimum 'deflate' stream, and relocate the + test to a point after the keyword has been read. + * Check that the eXIf chunk has at least 2 bytes and begins with + "II" or "MM". + * Added a set of "huge_xxxx_chunk.png" files to + contrib/testpngs/crashers, one for each known chunk type, with + length = 2GB-1. + * Check for 0 return from png_get_rowbytes() and added some + (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity + issues (162705, 162706, and 162707). + * Renamed chunks in contrib/testpngs/crashers to avoid having + files whose names differ only in case; this causes problems with + some platforms + * Added contrib/oss-fuzz directory which contains files used by + the oss-fuzz project +- cleanup with spec-cleaner + +------------------------------------------------------------------- Old: ---- libpng-1.6.31.tar.xz libpng-1.6.31.tar.xz.asc New: ---- libpng-1.6.34.tar.xz libpng-1.6.34.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng16.spec ++++++ --- /var/tmp/diff_new_pack.7tqzgM/_old 2018-02-01 21:26:06.482273933 +0100 +++ /var/tmp/diff_new_pack.7tqzgM/_new 2018-02-01 21:26:06.486273746 +0100 @@ -1,7 +1,7 @@ # # spec file for package libpng16 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,67 +19,53 @@ # %define major 1 %define minor 6 -%define micro 31 +%define micro 34 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} - +%define debug_package_requires %{libname} = %{version}-%{release} Name: libpng16 -Url: http://www.libpng.org/pub/png/libpng.html Version: %{major}.%{minor}.%{micro} Release: 0 Summary: Library for the Portable Network Graphics Format (PNG) License: Zlib -Group: System/Libraries +Group: Development/Libraries/C and C++ +Url: http://www.libpng.org/pub/png/libpng.html Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{version}.tar.xz.asc Source2: libpng16.keyring Source3: rpm-macros.libpng-tools Source4: baselibs.conf -#BuildRequires: gpg-offline BuildRequires: libtool -BuildRequires: pkg-config +BuildRequires: pkgconfig BuildRequires: zlib-devel -BuildRoot: %{_tmppath}/%{name}-%{version}-build -%define debug_package_requires %{libname} = %{version}-%{release} %package -n %{libname} Summary: Library for the Portable Network Graphics Format (PNG) -# bug437293 Group: System/Libraries -%ifarch ppc64 -Obsoletes: libpng-64bit -%endif -# -Obsoletes: libpng < %{version} -Provides: libpng = %{version}-%{release} %package devel -Summary: Development Tools for applications which will use the Libpng +Summary: Development tools for applications which will use libpng Group: Development/Libraries/C and C++ Requires: %{libname} = %{version} Requires: glibc-devel -Requires: pkg-config +Requires: pkgconfig Requires: zlib-devel Recommends: libpng%{branch}-compat-devel -# bug437293 -%ifarch ppc64 -Obsoletes: libpng-devel-64bit -%endif # %package compat-devel -Summary: Development Tools for applications which will use the Libpng +Summary: Development tools for applications which will use libpng Group: Development/Libraries/C and C++ Requires: libpng%{branch}-devel = %{version} +Conflicts: libpng-devel Provides: libpng-devel = %{version} Obsoletes: libpng-devel < 1.2.44 -Conflicts: otherproviders(libpng-devel) %package tools Summary: Tools for Manipulating PNG Images Group: Productivity/Graphics/Other +Conflicts: libpng-tools Provides: libpng-tools = %{version} -Conflicts: otherproviders(libpng-tools) %description libpng is the official reference library for the Portable Network @@ -108,11 +94,11 @@ PNG files. %prep -%setup -n libpng-%{version} +%setup -q -n libpng-%{version} %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 -export CFLAGS="%optflags -O3 -DPNG_SAFE_LIMITS_SUPPORTED -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" +export CFLAGS="%{optflags} -O3 -DPNG_SAFE_LIMITS_SUPPORTED -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" export LDFLAGS="-Wl,-z,relro,-z,now" %configure \ @@ -120,25 +106,22 @@ make %{?_smp_mflags} %check -make check +make -j1 check %install -make install DESTDIR=$RPM_BUILD_ROOT -rm $RPM_BUILD_ROOT/%{_libdir}/libpng*.la +%make_install +rm %{buildroot}/%{_libdir}/libpng*.la mkdir -p %{buildroot}%{_sysconfdir}/rpm cp -a %{SOURCE3} \ %{buildroot}%{_sysconfdir}/rpm/macros.libpng-tools %post -n %{libname} -p /sbin/ldconfig - %postun -n %{libname} -p /sbin/ldconfig %files -n %{libname} -%defattr(-,root,root) %{_libdir}/libpng%{branch}.so.* %files devel -%defattr(-,root,root) %{_bindir}/libpng%{branch}-config %{_includedir}/libpng%{branch} %{_libdir}/libpng%{branch}.so @@ -146,17 +129,15 @@ %doc CHANGES README TODO ANNOUNCE LICENSE libpng-*.txt %files compat-devel -%defattr(-,root,root) %{_bindir}/libpng-config %{_includedir}/*.h %{_libdir}/libpng.so %{_libdir}/pkgconfig/libpng.pc -%doc %{_mandir}/man3/libpng.3.gz -%doc %{_mandir}/man3/libpngpf.3.gz -%doc %{_mandir}/man5/png.5.gz +%{_mandir}/man3/libpng.3%{ext_man} +%{_mandir}/man3/libpngpf.3%{ext_man} +%{_mandir}/man5/png.5%{ext_man} %files tools -%defattr(-,root,root) %{_bindir}/png-fix-itxt %{_bindir}/pngfix %{_sysconfdir}/rpm/macros.libpng-tools ++++++ libpng-1.6.31.tar.xz -> libpng-1.6.34.tar.xz ++++++ ++++ 3154 lines of diff (skipped)