Hello community,
here is the log from the commit of package gegl.1133 for openSUSE:12.2:Update checked in at 2012-12-07 10:52:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2:Update/gegl.1133 (Old)
and /work/SRC/openSUSE:12.2:Update/.gegl.1133.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gegl.1133", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2012-11-30 12:21:47.308011256 +0100
+++ /work/SRC/openSUSE:12.2:Update/.gegl.1133.new/gegl.changes 2012-12-07 10:52:07.000000000 +0100
@@ -0,0 +1,232 @@
+-------------------------------------------------------------------
+Wed Nov 21 16:33:36 CET 2012 - sbrabec@suse.cz
+
+- Add gegl-ppm-segfault.patch: Fix overflow by parsing PPM image.
+ (bnc#789835, CVE-2012-4433)
+
+-------------------------------------------------------------------
+Fri May 18 09:50:52 UTC 2012 - dimstar@opensuse.org
+
+- Add gegl-ruby19.patch: Fix build with ruby 1.9.
+- Add liberation-fonts: the documentation references bitstream
+ vera sans font, so we need to provide it for the build.
+
+-------------------------------------------------------------------
+Tue Apr 3 08:45:42 UTC 2012 - vuntz@opensuse.org
+
+- Update to version 0.2.0:
+ + OpenCL support
+ + Build improvements.
+ + High level API to apply ops directly to buffers with arguments.
+ + Final bits of translation infrastructure.
+ + Invalidate regions when disconnecting input pads.
+ + Operations:
+ - New operation: global-matting
+ - Allow transform core to do perspective transforms.
+ - Added string based key/value pairs to operations.
+ - Added arguments for dealing with scaled down preview
+ rendering.
+ + Added human interaction ranges and non-linear mapping to
+ properties.
+ + Buffer:
+ - Removed broken lanczos sampler.
+ - Add gegl_buffer_set_color and gegl_buffer_set_pattern
+ - Added ability to drop cached tiles.
+ - Added API for handling abyss policy (not implemented yet)
+ - Avoid iterating global tile cache when flushing/destroying
+ buffers that have no tiles in the cache.
+- Add intltool BuildRequires: new dependency upstream, for
+ translations.
+- Add lensfun-devel BuildRequires to build with lensfun support.
+- Add libexiv2-devel BuildRequires to build with libexiv2 support.
+- Add libjasper-devel BuildRequires to build with Jasper support.
+- Add libspiro-devel BuildRequires to build with SPIRO support.
+- Add suitesparse-devel BuildRequires to build with UMFPACK
+ support.
+- Uncomment ruby BuildRequires: it was commented out because a file
+ was missing in a earlier tarball.
+- Rename subpackages from gegl-0_1/libgegl-0_1-0 to
+ gegl-0_2/libgegl-0_2-0 following the upstream soname change.
+- Create a gegl-0_2-lang subpackage for new translations.
+
+-------------------------------------------------------------------
+Wed Jan 11 08:57:36 UTC 2012 - vuntz@opensuse.org
+
+- Add gegl-lua52.patch: fix build with lua 5.2, while still being
+ compatible with lua 5.1.
+
+-------------------------------------------------------------------
+Sun Nov 27 14:39:21 UTC 2011 - dimstar@opensuse.org
+
+- Update to version 0.1.8:
+ + New operations: spread, vignette, map-relative,
+ noise-reduction, plasma, fractal-trace, exr-save, lens-correct,
+ emboss, cubism, ripple, color-to-alpha, color-rotate,
+ red-eye-removal, convolution-matrix, deinterlace,
+ polar-coordinates, lens-distortion, pixelise.
+ + Split GeglView GTK Widget into separate utility library
+ + build/test improvements.
+ + Buffer:
+ - Added lohalo resampler, API and infrastructure for doing non
+ affine resamplings.
+- Clean spec-file using spec-cleaner.
+- Drop docs-build-fix.diff: fixed upstream.
+
+-------------------------------------------------------------------
+Mon Jun 20 09:42:30 UTC 2011 - jw@novell.com
+
+- update to 0.1.6 (see NEWS)
+ • New operations: max-rgb, pixelise, motion blur.
+
+ • Fixed a bugs in matting-levin that made GEGL halt due to errors
+ detected by babl sanity code, this made 0.1.4 be unusable if you had
+ all dependendency when building.
+ • build/test improvements.
+ • Buffer:
+ Added API to use external tile backends, allowing to plug-in alien
+ tilebackends, for GIMP/Krita/OSM or similar.
+- remove upstreamed patches bgo609706 bgo610680 (thanks, Vincent)
+
+-------------------------------------------------------------------
+Thu May 5 13:46:33 UTC 2011 - dimstar@opensuse.org
+
+- BuildRequire graphviz-gd instead of graphviz: we do require png
+ capabilities, which are split out of the main package.
+ Theoretically, we should require graphviz-devel, but this package
+ also does not drag in -gd.
+
+-------------------------------------------------------------------
+Mon Feb 22 12:59:17 CET 2010 - vuntz@opensuse.org
+
+- Add gegl-fix-overflow.patch to fix overflow found by gcc 4.5.
+
+-------------------------------------------------------------------
+Wed Feb 10 23:42:49 CET 2010 - vuntz@opensuse.org
+
+- Update to version 0.1.2:
+ + GeglLookup, configurable floating point lookup tables for lazy
+ computation.
+ + Use GFileIOStream in GeglTileBackendFile.
+ + Optimizations: in-place processing for point filters/composers,
+ SIMD version of gegl:opacity, avoid making unneccesary
+ sub-buffers, removed some manual instrumentation from critical
+ paths, improved speed of samplers.
+ + Added xml composition/reference image based regression tests.
+ + Added performance tracking framework.
+ + Syntactic sugar using varargs for constructing gegl graphs from
+ C.
+ + Build fixes on cygwin.
+ + Gegl# fixes.
+ + Initial, but unstable code towards multithreading.
+ + Improvements to lua op in workshop.
+ + Added new resamplers upsize, upsharp, upsmooth, downsize,
+ downsharp and downsmooth.
+ + Removed gegl:tonemap and gegl:normal ops.
+- Drop gegl-new-babl.patch: fixed upstream.
+- Add gegl-fix-build.patch: remove printf that breaks build because
+ of missing include.
+- Rename package from gegl-0_0 and libgegl-0_0-0 to gegl-0_1 and
+ libgegl-0_1-0 following soname bump.
+
+-------------------------------------------------------------------
+Thu Jan 28 15:31:28 CET 2010 - vuntz@opensuse.org
+
+- Add gegl-new-babl.patch to fix build with babl 0.1.2.
+
+-------------------------------------------------------------------
+Mon Jul 20 13:24:19 CEST 2009 - vuntz@novell.com
+
+- Update to version 0.1.0:
+ + Renamed gegl:load-buffer to gegl:buffer-source and
+ gegl:save-buffer to gegl:buffer-sink (but the old names still
+ work)
+ + Represent colors using doubles instead of floats (this change
+ is independent from internal processing)
+ + Removed the GTK+ UI parts of the gegl binary and turned gegl
+ into a pure command line tool (which can still visualize stuff
+ with help help the SDL based display operation)
+ + Consider {x=G_MININT/2, y=G_MININT/2, width=G_MAXINT,
+ height=G_MAXINT} as the only valid region wichin processing
+ may occur. Processing outside of this region is undefined
+ behaviour.
+ + Added support for storing allocation stack traces for
+ GeglBuffers so that debuging buffer leaks becomes much easier
+ + Made small changes and cleanups of the public API, e.g.
+ - Removed gegl_node_adapt_child()
+ - Made GeglConfig an explicit object
+ - Removed most of the ifdeffed stuff to mask away internal
+ structures
+ - Added gegl_rectangle_infinite_plane() and
+ gegl_rectangle_is_infinite_plane()
+ + Added new sampler GeglSamplerSharp
+ + Added format property go gegl:buffer-sink
+ + Cleaned up and made gegl:introspect work again
+ + Add a bunch of test cases using the automake test sytem (make
+ check) and also port buffer tests to automake
+ + General cleanups, bug fixes, increased robustness and improved
+ documentation
+- Drop gegl-babl_api_change.patch: fixed upstream.
+- Temporarly remove ruby BuildRequires as the build is broken when
+ it's there right now.
+
+-------------------------------------------------------------------
+Thu Jun 11 04:04:07 CEST 2009 - vuntz@novell.com
+
+- Add gegl-babl_api_change.patch to make gegl build with babl
+ 0.1.0. Patch taken from Fedora.
+- Remove autoreconf call.
+- Do not make gegl0_0 explicitly Requires libbabl-0_0-0.
+
+-------------------------------------------------------------------
+Wed Dec 31 16:29:21 EST 2008 - hfiguiere@suse.de
+
+- Update to 0.0.22
+ * GeglOperation
+ - operation names are now prefixed, the ops in GEGL use 'gegl:' as prefix.
+ - gegl:opacity - combine value and aux mask input when both are available.
+ - gegl:src-in - deal correctly with extens.
+ - gegl:path - new op covering the stroke/fill needs of SVG.
+ - deprecated gegl:shift, the affine familiy of operations now
+ uses the same fast code paths for integer translations.
+ * GeglBuffer
+ - Profiling motivated speed ups in data reading/writing.
+ - Remove left-over swapfiles from dead processes at startup.
+ * GeglNode
+ - made gegl_node_add_child and gegl_node_remove_child public API. (bgo#507298)
+ * GeglPath: Vector path representation infrastructure,
+- Remove gegl-64bit-warning.diff
++++ 35 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.2:Update/.gegl.1133.new/gegl.changes
New:
----
gegl-0.2.0.tar.bz2
gegl-lua52.patch
gegl-ppm-segfault.patch
gegl-ruby19.patch
gegl.changes
gegl.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gegl.spec ++++++
#
# spec file for package gegl
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: gegl
# Patched code is built by default.
# Use rpmbuild -D 'BUILD_ORIG 1' to build original code.
# Use rpmbuild -D 'BUILD_ORIG 1' -D 'BUILD_ORIG_ADDON 1' to build patched build plus original as addon.
BuildRequires: ImageMagick
BuildRequires: OpenEXR-devel
BuildRequires: SDL-devel
BuildRequires: asciidoc
BuildRequires: babl-devel >= 0.1.10
BuildRequires: enscript
BuildRequires: gcc-c++
BuildRequires: glib2-devel >= 2.16.1
BuildRequires: graphviz-gd
BuildRequires: gtk2-devel
BuildRequires: intltool
BuildRequires: lensfun-devel
# Needed to build the doc, as Bitstream Vera Sans is the referenced font.
BuildRequires: liberation-fonts
BuildRequires: libexiv2-devel
BuildRequires: libjasper-devel >= 1.900.1
BuildRequires: libjpeg-devel
BuildRequires: libopenraw-devel >= 0.0.5
BuildRequires: libpng-devel
BuildRequires: librsvg-devel
BuildRequires: libspiro-devel
BuildRequires: libstdc++-devel
BuildRequires: lua-devel
BuildRequires: ruby
# For umfpack
BuildRequires: suitesparse-devel
# Only for directory ownership:
BuildRequires: gtk-doc
%if 0%{?BUILD_ORIG}
BuildRequires: ffmpeg-devel
%if 0%{?BUILD_ORIG_ADDON}
Provides: patched_subset
%else
Provides: %{name}-orig-addon = %{version}
Obsoletes: %{name}-orig-addon
%endif
%else
Provides: patched_subset
%endif
Url: http://gegl.org/
Version: 0.2.0
Release: 0
Summary: Generic Graphics Library
License: GPL-3.0+ ; LGPL-3.0+
Group: System/Libraries
Source: http://ftp.gtk.org/pub/gegl/0.2/%{name}-%{version}.tar.bz2
# PATCH-FIX-UPSTREAM gegl-lua52.patch bgo#667675 vuntz@opensuse.org -- Fix build with lua 5.2
Patch0: gegl-lua52.patch
# PATCH-FIX-UPSTREAM gegl-ruby19.patch dimstar@opensuse.org -- Fix build with ruby 1.9
Patch1: gegl-ruby19.patch
# PATCH-FIX-SECURITY gegl-ppm-segfault.patch bnc789835 CVE-2012-4433 sbrabec@suse.cz -- Fix overflow by parsing PPM image.
Patch2: gegl-ppm-segfault.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define debug_package_requires libgegl-0_2-0 = %{version}-%{release}
%description
GEGL provides infrastructure to do demand based cached non destructive
image editing on larger than RAM buffers. Through babl it provides
support for a wide range of color models and pixel storage formats for
input and output.
%package 0_2
Summary: Generic Graphics Library
Group: System/Libraries
Recommends: %{name}-0_2-lang
%description 0_2
GEGL provides infrastructure to do demand based cached non destructive
image editing on larger than RAM buffers. Through babl it provides
support for a wide range of color models and pixel storage formats for
input and output.
%if 0%{?BUILD_ORIG}
%if 0%{?BUILD_ORIG_ADDON}
%package 0_2-orig-addon
Summary: Generic Graphics Library
Group: System/Libraries
Supplements: packageand(%{name}-0_2:%(cd %{_libdir} ; rpm -qf --queryformat=%%{NAME} `readlink %{_libdir}/libavcodec.so` ))
%description 0_2-orig-addon
GEGL provides infrastructure to do demand based cached non destructive
image editing on larger than RAM buffers. Through babl it provides
support for a wide range of color models and pixel storage formats for
input and output.
%endif
%endif
%package -n libgegl-0_2-0
Summary: Generic Graphics Library
Group: System/Libraries
Recommends: %{name}-0_2 >= %{version}
%description -n libgegl-0_2-0
GEGL provides infrastructure to do demand based cached non destructive
image editing on larger than RAM buffers. Through babl it provides
support for a wide range of color models and pixel storage formats for
input and output.
%package devel
Summary: Generic Graphics Library
Group: System/Libraries
Requires: babl-devel
Requires: glib2-devel
Requires: glibc-devel
Requires: libgegl-0_2-0 = %{version}
Requires: pcre-devel
%description devel
GEGL provides infratructure to do demand based cached non destructive
image editing on larger than RAM buffers. Through babl it provides
support for a wide range of color models and pixel storage formats for
input and output.
%package doc
Summary: Generic Graphics Library
Group: System/Libraries
Requires: libgegl-0_2-0 = %{version}
%description doc
GEGL provides infrastructure to do demand based cached non destructive
image editing on larger than RAM buffers. Through babl it provides
support for a wide range of color models and pixel storage formats for
input and output.
%lang_package -n %{name}-0_2
%prep
%setup -q
%patch0 -p1
%patch1 -p1
# docs-build-fix.diff
%patch2 -p1
%build
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
## do not use autogen.sh, it intentionally fails, if there is no ruby.
## so why use autogen, when you do not want portability?
# ./autogen.sh
%configure\
--enable-workshop=yes\
--disable-static --disable-silent-rules
make %{?jobs:-j%jobs}
%install
%makeinstall
%if ! 0%{?BUILD_ORIG}
for MODULE in \
%{_libdir}/gegl-0.2/ff-load.so \
; do
rm -f $RPM_BUILD_ROOT$MODULE
done
%endif
find %{buildroot} -type f -name "*.la" -delete -print
%find_lang %{name}-0.2 %{?no_lang_C}
%post -n libgegl-0_2-0 -p /sbin/ldconfig
%postun -n libgegl-0_2-0 -p /sbin/ldconfig
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%{_bindir}/gegl
%files 0_2
%defattr(-,root,root)
%dir %{_libdir}/gegl-0.2/
%{_libdir}/gegl-0.2/*.so
%if 0%{?BUILD_ORIG}
%if 0%{?BUILD_ORIG_ADDON}
%exclude %{_libdir}/gegl-0.2/ff-load.so
%files 0_2-orig-addon
%defattr(-,root,root)
%{_libdir}/gegl-0.2/ff-load.so
%endif
%endif
%files -n libgegl-0_2-0
%defattr(-,root,root)
%doc AUTHORS COPYING COPYING.LESSER ChangeLog NEWS README
%{_libdir}/libgegl-0.2.so.*
%files devel
%defattr(-,root,root)
%{_includedir}/gegl-0.2/
%{_libdir}/libgegl-0.2.so
%{_libdir}/pkgconfig/gegl-0.2.pc
%files doc
%defattr(-,root,root)
%doc %{_datadir}/gtk-doc/html/gegl/
%files -n %{name}-0_2-lang -f %{name}-0.2.lang
%changelog
++++++ gegl-lua52.patch ++++++
commit a5b601502d3293966994911cfcab6a0eb0d68e41
Author: Vincent Untz
From 021add95ac3bcd7f60932c63c7c1ed5cec765c4d Mon Sep 17 00:00:00 2001 From: Nils Philippsen
Date: Tue, 16 Oct 2012 16:58:27 +0200 Subject: [PATCH 1/3] ppm-load: CVE-2012-4433: don't overflow memory allocation
From 147388a43d1a67000a409163098abec30a4194c0 Mon Sep 17 00:00:00 2001 From: Nils Philippsen
Date: Tue, 16 Oct 2012 16:56:40 +0200 Subject: [PATCH 2/3] ppm-load: CVE-2012-4433: add plausibility checks for
Carefully selected width/height values could cause the size of a later
allocation to overflow, resulting in a buffer much too small to store
the data which would then written beyond its end.
---
operations/external/ppm-load.c | 29 +++++++++++++++++++++++++----
1 file changed, 25 insertions(+), 4 deletions(-)
diff --git a/operations/external/ppm-load.c b/operations/external/ppm-load.c
index efe6d56..3d6bce7 100644
--- a/operations/external/ppm-load.c
+++ b/operations/external/ppm-load.c
@@ -84,7 +84,6 @@ ppm_load_read_header(FILE *fp,
/* Get Width and Height */
img->width = strtol (header,&ptr,0);
img->height = atoi (ptr);
- img->numsamples = img->width * img->height * CHANNEL_COUNT;
fgets (header,MAX_CHARS_IN_ROW,fp);
maxval = strtol (header,&ptr,0);
@@ -109,6 +108,16 @@ ppm_load_read_header(FILE *fp,
g_warning ("%s: Programmer stupidity error", G_STRLOC);
}
+ /* Later on, img->numsamples is multiplied with img->bpc to allocate
+ * memory. Ensure it doesn't overflow. */
+ if (!img->width || !img->height ||
+ G_MAXSIZE / img->width / img->height / CHANNEL_COUNT < img->bpc)
+ {
+ g_warning ("Illegal width/height: %ld/%ld", img->width, img->height);
+ return FALSE;
+ }
+ img->numsamples = img->width * img->height * CHANNEL_COUNT;
+
return TRUE;
}
@@ -229,12 +238,24 @@ process (GeglOperation *operation,
if (!ppm_load_read_header (fp, &img))
goto out;
- rect.height = img.height;
- rect.width = img.width;
-
/* Allocating Array Size */
+
+ /* Should use g_try_malloc(), but this causes crashes elsewhere because the
+ * error signalled by returning FALSE isn't properly acted upon. Therefore
+ * g_malloc() is used here which aborts if the requested memory size can't be
+ * allocated causing a controlled crash. */
img.data = (guchar*) g_malloc (img.numsamples * img.bpc);
+ /* No-op without g_try_malloc(), see above. */
+ if (! img.data)
+ {
+ g_warning ("Couldn't allocate %" G_GSIZE_FORMAT " bytes, giving up.", ((gsize)img.numsamples * img.bpc));
+ goto out;
+ }
+
+ rect.height = img.height;
+ rect.width = img.width;
+
switch (img.bpc)
{
case 1:
--
1.7.11.7
header fields
Refuse values that are non-decimal, negative or overflow the target
type.
---
operations/external/ppm-load.c | 33 ++++++++++++++++++++++++++++-----
1 file changed, 28 insertions(+), 5 deletions(-)
diff --git a/operations/external/ppm-load.c b/operations/external/ppm-load.c
index 3d6bce7..465096d 100644
--- a/operations/external/ppm-load.c
+++ b/operations/external/ppm-load.c
@@ -36,6 +36,7 @@ gegl_chant_file_path (path, _("File"), "", _("Path of file to load."))
#include "gegl-chant.h"
#include
From 7085d5362b131726bdd8fa3e5bf30217849046e7 Mon Sep 17 00:00:00 2001 From: Nils Philippsen
Date: Tue, 16 Oct 2012 16:57:37 +0200 Subject: [PATCH 3/3] ppm-load: bring comment in line with reality
--- operations/external/ppm-load.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/external/ppm-load.c b/operations/external/ppm-load.c index 465096d..e22521c 100644 --- a/operations/external/ppm-load.c +++ b/operations/external/ppm-load.c @@ -62,7 +62,7 @@ ppm_load_read_header(FILE *fp, gchar header[MAX_CHARS_IN_ROW]; gint maxval; - /* Check the PPM file Type P2 or P5 */ + /* Check the PPM file Type P3 or P6 */ fgets (header,MAX_CHARS_IN_ROW,fp); if (header[0] != ASCII_P || -- 1.7.11.7 ++++++ gegl-ruby19.patch ++++++ commit 809642a08787638d9682149de25d36ee273902ff Author: Øvind Kolå<pippin gimp org> Date: Thu Apr 5 18:49:54 2012 +0200 tools/create-reference.rb: fix utf8 handling for ruby >= 1.9.x A patch from Tim Mooney, fixing bug #673523 tools/create-reference.rb | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) --- Index: gegl-0.2.0/tools/create-reference.rb =================================================================== --- gegl-0.2.0.orig/tools/create-reference.rb +++ gegl-0.2.0/tools/create-reference.rb @@ -5,6 +5,11 @@ # Use under a public domain license. # +if RUBY_VERSION =~ /^1.9/ or RUBY_VERSION =~ /^[2345]/ + Encoding.default_external = Encoding::UTF_8 + Encoding.default_internal = Encoding::UTF_8 +end + class Argument attr_accessor :name, :data_type, :doc def initialize Index: gegl-0.2.0/tools/gobj2dot.rb =================================================================== --- gegl-0.2.0.orig/tools/gobj2dot.rb +++ gegl-0.2.0/tools/gobj2dot.rb @@ -15,6 +15,11 @@ # # Copyright (C) 2009 Henrik Akesson +if RUBY_VERSION =~ /^1.9/ or RUBY_VERSION =~ /^[2345]/ + Encoding.default_external = Encoding::UTF_8 + Encoding.default_internal = Encoding::UTF_8 +end + require 'find' if ARGV[0] == nil or ARGV.length != 1 or ARGV[0] == "-h" -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de