Hello community, here is the log from the commit of package lasem for openSUSE:Factory checked in at 2017-08-29 11:44:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lasem (Old) and /work/SRC/openSUSE:Factory/.lasem.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "lasem" Tue Aug 29 11:44:59 2017 rev:8 rq:519089 version:0.4.3 Changes: -------- --- /work/SRC/openSUSE:Factory/lasem/lasem.changes 2016-06-07 23:50:05.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.lasem.new/lasem.changes 2017-08-29 11:45:10.907010133 +0200 @@ -1,0 +2,11 @@ +Sat Aug 26 16:40:40 UTC 2017 - jengelh@inai.de + +- Fix RPM group and summaries. + +------------------------------------------------------------------- +Thu Aug 24 15:08:34 UTC 2017 - zaitor@opensuse.org + +- Add lasem-cairo-avoid-integer-overflow.patch cairo: Avoid integer + overflow (CVE-2013-7447). + +------------------------------------------------------------------- New: ---- lasem-cairo-avoid-integer-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lasem.spec ++++++ --- /var/tmp/diff_new_pack.4kyVcV/_old 2017-08-29 11:45:11.834879338 +0200 +++ /var/tmp/diff_new_pack.4kyVcV/_new 2017-08-29 11:45:11.842878210 +0200 @@ -1,7 +1,7 @@ # # spec file for package lasem # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,11 +20,13 @@ Name: lasem Version: 0.4.3 Release: 0 -Summary: Mathml and SVG rendering library +Summary: MathML and SVG rendering library License: LGPL-2.1+ -Group: System/Libraries +Group: Development/Libraries/C and C++ Url: https://live.gnome.org/Lasem Source: http://download.gnome.org/sources/%{name}/%{api}/%{name}-%{version}.tar.xz +# PATCH-FIX-UPSTREAM lasem-cairo-avoid-integer-overflow.patch CVE-2013-7447 zaitor@opensuse.org -- cairo: Avoid integer overflow +Patch0: lasem-cairo-avoid-integer-overflow.patch BuildRequires: bison BuildRequires: gobject-introspection >= 0.6.7 BuildRequires: intltool >= 0.35.0 @@ -38,31 +40,32 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -Lasem is a library for rendering SVG and Mathml, implementing a DOM like API. -It's based on GObject and use Pango and Cairo for the rendering. Included in the package, -there is a simple application, lasemrender, which is able to convert a Mathml, a latex -math or a SVG file to either a PNG, PDF or SVG image. +Lasem is a library for rendering SVG and MathML, implementing a DOM like API. +It's based on GObject and uses Pango and Cairo for the rendering. Included in the package +is a simple application, lasemrender, which is able to convert a MathML, a Latex +math or an SVG file to either PNG, PDF or an SVG image. %package -n liblasem-0_4-4 -Summary: Mathml and SVG rendering library +Summary: MathML and SVG rendering library Group: System/Libraries Recommends: %{name}-lang %description -n liblasem-0_4-4 -Lasem is a library for rendering SVG and Mathml, implementing a DOM like API. -It's based on GObject and use Pango and Cairo for the rendering. +Lasem is a library for rendering SVG and MathML, implementing a DOM like API. +It's based on GObject and uses Pango and Cairo for the rendering. %package devel -Summary: Mathml and SVG rendering library -- Development files +Summary: Development files for lasem, a MathML and SVG rendering library Group: Development/Languages/C and C++ Requires: liblasem-0_4-4 = %{version} %description devel -Lasem is a library for rendering SVG and Mathml, implementing a DOM like API. -It's based on GObject and use Pango and Cairo for the rendering. +Lasem is a library for rendering SVG and MathML, implementing a DOM like API. +It's based on GObject and uses Pango and Cairo for the rendering. %prep %setup -q +%patch0 -p1 %build %configure \ ++++++ lasem-cairo-avoid-integer-overflow.patch ++++++

From 6f2feed780d9139a45c06e1ad399d06a4f351fbf Mon Sep 17 00:00:00 2001 From: RyuzakiKK <aasonykk@gmail.com> Date: Sat, 5 Aug 2017 21:40:55 +0200 Subject: cairo: Avoid integer overflow CVE-2013-7447

lasem is affected by a possible integer overflow, that was also found and patched upstream in gtk+ https://git.gnome.org/browse/gtk+/commit/?id=894b1ae76a32720f4bb3d39cf460402... --- src/lsmcairo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lsmcairo.c b/src/lsmcairo.c index c568fd5..73fb93e 100644 --- a/src/lsmcairo.c +++ b/src/lsmcairo.c @@ -528,7 +528,7 @@ lsm_cairo_set_source_pixbuf (cairo_t *cairo, format = CAIRO_FORMAT_ARGB32; cairo_stride = cairo_format_stride_for_width (format, width); - cairo_pixels = g_malloc (height * cairo_stride); + cairo_pixels = g_malloc_n (height, cairo_stride); surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels, format, width, height, cairo_stride); -- cgit v0.12