From 5c9749397e916aaccad0d89d11575488493c4dfdedb277fd9f5c63995d5a2076 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Mon, 20 Jun 2022 07:58:31 +0000 Subject: [PATCH] - Update to 1.12.1: * Increased GLib minimum version to 2.20. * Added 12 new test inputs, including bad inputs to handle gracefully. * Added a few symbols to API documentation that were accidentally left out. * Bug fixes: + huntr.dev CVE-2022-2061: Out-of-bounds read in libnsgif's lzw_decode() + [unfiled] Undefined behavior in libnsgif due to uninitialized frame fields. + [unfiled] Signed integer overflow in chafa_pack_color(). + [unfiled] Integer overflow in normalization pass on some images. + [unfiled] Potential unaligned access with corrupt XWD images. + [unfiled] Integer overflow in quantization on some images. + [unfiled] Calculating offset from NULL pointer in LodePNG. OBS-URL: https://build.opensuse.org/package/show/graphics/chafa?expand=0&rev=31 --- chafa-1.12.0.tar.xz | 3 --- chafa-1.12.1.tar.xz | 3 +++ chafa.changes | 16 ++++++++++++++++ chafa.spec | 4 ++-- 4 files changed, 21 insertions(+), 5 deletions(-) delete mode 100644 chafa-1.12.0.tar.xz create mode 100644 chafa-1.12.1.tar.xz diff --git a/chafa-1.12.0.tar.xz b/chafa-1.12.0.tar.xz deleted file mode 100644 index a76d9ee..0000000 --- a/chafa-1.12.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:aafde6275e498f34e5120b56dc20dd15f6bb5e9b35ac590f52fde5ad6b2c7319 -size 638560 diff --git a/chafa-1.12.1.tar.xz b/chafa-1.12.1.tar.xz new file mode 100644 index 0000000..7a97c43 --- /dev/null +++ b/chafa-1.12.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f08cbcd87f604ba20cf8699dc107349400f21b825be20491e8e0ada8995194ea +size 653624 diff --git a/chafa.changes b/chafa.changes index aea58da..3422f90 100644 --- a/chafa.changes +++ b/chafa.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Mon Jun 20 07:53:37 UTC 2022 - Michael Vetter + +- Update to 1.12.1: + * Increased GLib minimum version to 2.20. + * Added 12 new test inputs, including bad inputs to handle gracefully. + * Added a few symbols to API documentation that were accidentally left out. + * Bug fixes: + + huntr.dev CVE-2022-2061: Out-of-bounds read in libnsgif's lzw_decode() + + [unfiled] Undefined behavior in libnsgif due to uninitialized frame fields. + + [unfiled] Signed integer overflow in chafa_pack_color(). + + [unfiled] Integer overflow in normalization pass on some images. + + [unfiled] Potential unaligned access with corrupt XWD images. + + [unfiled] Integer overflow in quantization on some images. + + [unfiled] Calculating offset from NULL pointer in LodePNG. + ------------------------------------------------------------------- Mon Jun 6 09:22:07 UTC 2022 - Michael Vetter diff --git a/chafa.spec b/chafa.spec index 002d118..155b373 100644 --- a/chafa.spec +++ b/chafa.spec @@ -17,7 +17,7 @@ Name: chafa -Version: 1.12.0 +Version: 1.12.1 Release: 0 Summary: Image-to-text converter for terminal License: LGPL-3.0-or-later @@ -27,7 +27,7 @@ Source0: https://github.com/hpjansson/%{name}/releases/download/%{version BuildRequires: ImageMagick-devel BuildRequires: freetype2-devel BuildRequires: gcc -BuildRequires: glib2-devel +BuildRequires: glib2-devel >= 2.20 BuildRequires: gtk-doc BuildRequires: libtool Requires: libchafa0 = %{version}