Sync from SUSE:SLFO:Main assimp revision e3c75e4ebdda5b5ce2c35be95c28c75b

2024-08-27 10:42:50 +02:00 · 2024-08-27 10:42:50 +02:00 · 96adc87c7f
commit 96adc87c7f
parent 2b003f4548
4 changed files with 37 additions and 0 deletions
--- a/0001-Fix-out-of-bound-access.patch
+++ b/0001-Fix-out-of-bound-access.patch
@ -0,0 +1,24 @@
+From 614911bb3b1bfc3a1799ae2b3cca306270f3fb97 Mon Sep 17 00:00:00 2001
+From: Kim Kulling <kim.kulling@googlemail.com>
+Date: Wed, 3 Jul 2024 21:05:53 +0200
+Subject: [PATCH] Fix out of bound access
+
+---
+ code/AssetLib/Ply/PlyLoader.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/code/AssetLib/Ply/PlyLoader.cpp b/code/AssetLib/Ply/PlyLoader.cpp
+index 3e92339fb4..0c2463f240 100644
+--- a/code/AssetLib/Ply/PlyLoader.cpp
+++ b/code/AssetLib/Ply/PlyLoader.cpp
+@@ -564,6 +564,10 @@ void PLYImporter::LoadFace(const PLY::Element *pcElement, const PLY::ElementInst
+         if (mGeneratedMesh->mFaces == nullptr) {
+             mGeneratedMesh->mNumFaces = pcElement->NumOccur;
+             mGeneratedMesh->mFaces = new aiFace[mGeneratedMesh->mNumFaces];
+        } else {
+            if (mGeneratedMesh->mNumFaces < pcElement->NumOccur) {
+                throw DeadlyImportError("Invalid .ply file: Too many faces");
+            }
+         }
+ 
+         if (!bIsTriStrip) {
--- a/2
+++ b/2
@ -3,6 +3,7 @@
  <overwrite>
    <conditions>
      <arch>ppc64</arch>
+      <arch>s390x</arch>
    </conditions>
    <hardware>
      <memory>
@ -13,6 +14,7 @@
  <overwrite>
    <conditions>
      <arch>ppc64</arch>
+      <arch>s390x</arch>
    </conditions>
    <hardware>
      <memory>
--- a/assimp.changes
+++ b/assimp.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri Aug 23 11:52:21 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Add patch from upstream to fix a heap-based buffer overflow in
+  the PLY importer class (bsc#1228142, CVE-2024-40724):
+  * 0001-Fix-out-of-bound-access.patch
+- Set memory and disk constraints for s390x to fix tests failing
+  to build due to out-of-memory errors.
+
 -------------------------------------------------------------------
 Wed Oct  4 14:14:08 UTC 2023 - Christophe Marin <christophe@krop.fr>

--- a/assimp.spec
+++ b/assimp.spec
@ -27,6 +27,8 @@ URL:            https://www.assimp.org/
 Source0:        %{name}-%{version}.tar.xz
 # PATCH-FIX-OPENSUSE
 Patch0:         0001-Don-t-build-the-collada-importer-exporter-tests.patch
+# PATCH-FIX-UPSTREAM 0001-Fix-out-of-bound-access.patch bsc#1228142 CVE-2024-40724 -- Fix heap-based buffer overflow in the PLY importer class
+Patch1:         0001-Fix-out-of-bound-access.patch
 BuildRequires:  cmake
 BuildRequires:  dos2unix
 BuildRequires:  gcc-c++