Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2015-04-07 09:27:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libpng16" Changes: -------- --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes 2015-01-23 16:19:00.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2015-04-07 09:27:44.000000000 +0200 @@ -1,0 +2,37 @@ +Wed Apr 1 11:07:11 UTC 2015 - pgajdos@suse.com + +- Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c. + + libpng-rgb_to_gray-checks.patch + +------------------------------------------------------------------- +Mon Mar 30 07:10:35 UTC 2015 - pgajdos@suse.com + +- updated to 1.6.17: + Corrected the width limit calculation in png_check_IHDR(). + Removed user limits from pngfix. Also pass NULL pointers to + png_read_row to skip the unnecessary row de-interlace stuff. + Implement previously untested cases of libpng transforms in pngvalid.c + Fixed byte order in 2-byte filler, in png_do_read_filler(). + Made the check for out-of-range values in png_set_tRNS() detect + values that are exactly 2^bit_depth, and work on 16-bit platforms. + Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47. + Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and + pngset.c to avoid warnings about dead code. + Do not build png_product2() when it is unused. + Display user limits in the output from pngtest. + Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column + and 1-million-row default limits in pnglibconf.dfa, that can be reset + by the user at build time or run time. This provides a more robust + defense against DOS and as-yet undiscovered overflows. + Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default. + Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins). + Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block + of png.h. + Free the unknown_chunks structure even when it contains no data. + Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha + value was wrong. It's not clear if this affected the final stored + value; in the obvious code path the upper and lower 8-bits of the + alpha value were identical and the alpha was truncated to 8-bits + rather than dividing by 257 (John Bowler). + +------------------------------------------------------------------- Old: ---- libpng-1.6.16.tar.xz libpng-1.6.16.tar.xz.asc New: ---- libpng-1.6.17.tar.xz libpng-1.6.17.tar.xz.asc libpng-rgb_to_gray-checks.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng16.spec ++++++ --- /var/tmp/diff_new_pack.405p7p/_old 2015-04-07 09:27:44.000000000 +0200 +++ /var/tmp/diff_new_pack.405p7p/_new 2015-04-07 09:27:44.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package libpng16 # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ # %define major 1 %define minor 6 -%define micro 16 +%define micro 17 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} @@ -35,6 +35,7 @@ Source2: libpng16.keyring Source3: rpm-macros.libpng-tools Source4: baselibs.conf +Patch0: libpng-rgb_to_gray-checks.patch #BuildRequires: gpg-offline BuildRequires: libtool BuildRequires: pkg-config @@ -110,6 +111,7 @@ %prep %setup -n libpng-%{version} +%patch0 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 ++++++ libpng-1.6.16.tar.xz -> libpng-1.6.17.tar.xz ++++++ ++++ 26136 lines of diff (skipped) ++++++ libpng-rgb_to_gray-checks.patch ++++++ ++++ 855 lines (skipped)