From 4f33e84315c7ab505fe83f052447eea858f7a40486408782c602a102921093a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= Date: Wed, 19 Jan 2022 20:31:30 +0000 Subject: [PATCH 1/2] Add CVE-2021-45463 ref to .changes This update fixed CVE-2021-45463. OBS-URL: https://build.opensuse.org/package/show/graphics/gegl?expand=0&rev=117 --- gegl.changes | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/gegl.changes b/gegl.changes index 26d6221..938f38a 100644 --- a/gegl.changes +++ b/gegl.changes @@ -14,6 +14,22 @@ Tue Dec 21 19:08:52 UTC 2021 - Marcus Rueckert operations using it avoiding polluting the GEGL library symbol table with the ctx symbols. +------------------------------------------------------------------- +Tue Dec 21 19:08:52 UTC 2021 - Marcus Rueckert + +- Update to version 0.4.34 (CVE-2021-45463): + + Operations: + - magick-load: use g_spawn_async instead of system to run the + image magick convert fallback - preventing shell expansion on + non-escaped/filtered paths in constructed commandline. + - ripple: avoid a possible division by zero. + + Build: + - Explicit dependency specification in meson for generated CL + files. + - ctx has been moved to be part of gegl-common.so nearer to the + operations using it avoiding polluting the GEGL library + symbol table with the ctx symbols. + ------------------------------------------------------------------- Wed Oct 27 21:23:26 UTC 2021 - Michael Gorse From ef8755e87327716fd375c9bc0d45b0fba16a4808dfa672f8b262dd9adb164067 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= Date: Wed, 19 Jan 2022 20:33:39 +0000 Subject: [PATCH 2/2] We need just the one .changes entry... OBS-URL: https://build.opensuse.org/package/show/graphics/gegl?expand=0&rev=119 --- gegl.changes | 16 ---------------- gegl.spec | 2 +- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/gegl.changes b/gegl.changes index 938f38a..38edfc0 100644 --- a/gegl.changes +++ b/gegl.changes @@ -1,22 +1,6 @@ ------------------------------------------------------------------- Tue Dec 21 19:08:52 UTC 2021 - Marcus Rueckert -- Update to version 0.4.34: - + Operations: - - magick-load: use g_spawn_async instead of system to run the - image magick convert fallback - preventing shell expansion on - non-escaped/filtered paths in constructed commandline. - - ripple: avoid a possible division by zero. - + Build: - - Explicit dependency specification in meson for generated CL - files. - - ctx has been moved to be part of gegl-common.so nearer to the - operations using it avoiding polluting the GEGL library - symbol table with the ctx symbols. - -------------------------------------------------------------------- -Tue Dec 21 19:08:52 UTC 2021 - Marcus Rueckert - - Update to version 0.4.34 (CVE-2021-45463): + Operations: - magick-load: use g_spawn_async instead of system to run the diff --git a/gegl.spec b/gegl.spec index 083306c..fddb3a5 100644 --- a/gegl.spec +++ b/gegl.spec @@ -1,7 +1,7 @@ # # spec file for package gegl # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed