openSUSE Security Update: Security update for wdiff ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10031-1 Rating: moderate References: Cross-References: CVE-2012-3386 Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wdiff fixes the following issues: This update ships wdiff. Updated to 1.2.2: * Updated Vietnamese, Swedish, Estonian, Chinese (traditional), Brazilian Portuguese and Russian translations. * Updated gnulib. * Used more recent autotools: autoconf 2.69 and automake 1.14.1. updated to 1.2.1: * Added Esperanto translation. * Updated Czech, German, Spanish, Finnish, Galician, Italian, Dutch, Polish, Slovenian, Serbian, Swedish, Ukrainian and Vietnamese translations. * Updated gnulib. * Recreated build system using recent versions of autotools. This will avoid security issues in "make distcheck" target. (CVE-2012-3386) updated to 1.1.2: * Backport gnulib change to deal with removal of gets function. This is a build-time-only fix. (Mentioned in Fedora bug #821791) * Added Serbian translation. * Updated Danish and Vietnamese translations. * Work around a bug in the formatting of the man page. (Debian bug #669340) * Updated Czech, German, Spanish, Finnish, Dutch, Polish, Slovenian, Swedish and Ukrainian translations. * Fix several issue with the use of screen in the test suite. * Allow WDIFF_PAGER to override PAGER environment variable. * Do not autodetect less, so we don't auto-enable less-mode. This should improve things for UTF8 text. (Savannah bug #34224) Less-mode is considered deprecated, as it isn't fit for multi-byte encodings. Nevertheless it can still be enabled on the command line. * Introduces use of ngettext to allow correct handling of plural forms updated to 1.0.1: * Updated Polish, Ukrainian, Slovenian, Dutch, Finnish, Swedish and Czech translations * Changed major version to 1 to reflect maturity of the package * Updated Dutch, French, Danish and Slovenian translations * Added Ukrainian translation * Improved error reporting in case a child process has problems * Added tests to the test suite * Updated gnulib updated to 0.6.5: * Never initialize or deinitialize terminals, as we do no cursor movement * Deprecated --no-init-term (-K) command line option * Avoid relative path in man pages * Updated gnulib, might be particularly important for uClibc users updated to 0.6.4: * Updated Catalan translations * Updated gnulib update to 0.6.3: * `wdiff -d' to read input from single unified diff, perhaps stdin. * Updated texinfo documentation taking experimental switch into account. * Experimental programs (mdiff & friends) and a configure switch --enable-experimental to control them. * Recent imports from gnulib, use of recent autotools. * Improved autodetection of termcap library like ncurses. * Reformatted translations, still a number of fuzzy translations. * Changed from CVS to bzr for source code version control. * Various bug fixes. See ChangeLog for a more exhaustive list. * Introduce --with-default-pager=PAGER configure switch. * Fix missing newline in info dir entry list. * Fix shell syntax in configure script * Updated gnulib and gettext, the latter to 0.18 * Updated Dutch translation * Fixed a number of portability issues reported by maint.mk syntax checks * Updated Italian and Swedish translations * Updated gnulib Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10031=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): wdiff-1.2.2-bp154.2.1 - openSUSE Backports SLE-15-SP4 (noarch): wdiff-lang-1.2.2-bp154.2.1 References: https://www.suse.com/security/cve/CVE-2012-3386.html