commit pngcrush for openSUSE:Factory
Hello community, here is the log from the commit of package pngcrush for openSUSE:Factory checked in at 2016-01-28 17:22:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pngcrush (Old) and /work/SRC/openSUSE:Factory/.pngcrush.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "pngcrush" Changes: -------- --- /work/SRC/openSUSE:Factory/pngcrush/pngcrush.changes 2015-03-27 09:41:26.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.pngcrush.new/pngcrush.changes 2016-01-28 17:22:30.000000000 +0100 @@ -1,0 +2,15 @@ +Sun Jan 17 15:04:31 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 1.7.92 +* Fixed segfault while writing a -loco MNG +* Eliminated a potential overflow while adding iTXt chunk +* Fixed a double-free bug (CVE-2015-7700). There was a "free" of + the sPLT chunk structure in pngcrush and then again in png.c. +* Increased some buffer sizes in an attempt to prevent possible + overflows. +* Increased maximum size of a text chunk input from 260 to 2048 + (STR_BUF_SIZE) bytes, to agree with the help screen +* Fixed bug that caused text chunks after IDAT to be written only + when the "-save" option is used. + +------------------------------------------------------------------- Old: ---- pngcrush-1.7.85.tar.gz New: ---- pngcrush-1.7.92.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pngcrush.spec ++++++ --- /var/tmp/diff_new_pack.E8O7eC/_old 2016-01-28 17:22:31.000000000 +0100 +++ /var/tmp/diff_new_pack.E8O7eC/_new 2016-01-28 17:22:31.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package pngcrush # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ Name: pngcrush -Version: 1.7.85 +Version: 1.7.92 Release: 0 Summary: Optimizer for PNG Files that can also insert or delete specified Chunks License: Zlib Group: Productivity/Graphics/Other Url: http://pmt.sourceforge.net/pngcrush/ -Source: http://prdownloads.sourceforge.net/pmt/pngcrush-%{version}.tar.gz +Source: http://downloads.sf.net/pmt/%{name}-%{version}.tar.gz Patch1: pngcrush-makefile-add-optflags.diff BuildRequires: glibc-devel BuildRequires: libpng-devel @@ -33,7 +33,7 @@ %description pngcrush is an excellent batch-mode compression utility for PNG images. Depending on the application that created the original PNGs, it can -improve the file size anywhere from a few percent to 40% or more (completely +improve the file size anywhere from a few percent to 40%% or more (completely losslessly). The utility also allows specified PNG chunks (e.g. text comments) to be inserted or deleted, and it can fix incorrect gamma info written by Photoshop 5.0 as well as the erroneous iCCP chunk written by Photoshop 5.5. ++++++ pngcrush-1.7.85.tar.gz -> pngcrush-1.7.92.tar.gz ++++++ ++++ 7457 lines of diff (skipped)
participants (1)
-
root@hilbert.suse.de