Accepting request 629184 from home:AndreasStieger:branches:devel:libraries:c_c++

libredwg 0.6 OBS-URL: https://build.opensuse.org/request/show/629184 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libredwg?expand=0&rev=9
2018-08-14 07:31:51 +00:00 · 2018-08-14 07:31:51 +00:00 · a848c4676d
commit a848c4676d
parent 4a90581b26
8 changed files with 30 additions and 103 deletions
--- a/CVE-2018-14471.patch
+++ b/CVE-2018-14471.patch
@ -1,29 +0,0 @@
-From 7bb6307da56c753b962de127a43ebde3e621ecbb Mon Sep 17 00:00:00 2001
-From: Reini Urban <rurban@cpan.org>
-Date: Fri, 20 Jul 2018 22:29:51 +0200
-Subject: [PATCH] protect dwg_obj_block_control_get_block_headers
-
-from empty ctrl->block_headers. Fixes [GH #32]
---
- src/dwg_api.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/src/dwg_api.c b/src/dwg_api.c
-index f44f6207..82776188 100644
--- a/src/dwg_api.c
-+++ b/src/dwg_api.c
-@@ -17888,7 +17888,13 @@ dwg_obj_block_control_get_block_headers(const dwg_obj_block_control *restrict ct
- {
-   dwg_object_ref **ptx = (dwg_object_ref**)
-     malloc(ctrl->num_entries * sizeof(Dwg_Object_Ref *));
-  if (ptx)
-+  if (ctrl->num_entries && !ctrl->block_headers)
-+    {
-+      *error = 1;
-+      LOG_ERROR("%s: null block_headers", __FUNCTION__);
-+      return NULL;
-+    }
-+  else if (ptx)
-     {
-       BITCODE_BS i;
-       *error = 0;
--- a/CVE-2018-14524.patch
+++ b/CVE-2018-14524.patch
@ -1,55 +0,0 @@
-From 9a8b9fb49108bab5d12f3353292f8fd8ea12898f Mon Sep 17 00:00:00 2001
-From: Reini Urban <rurban@cpan.org>
-Date: Mon, 23 Jul 2018 15:22:08 +0200
-Subject: [PATCH] free: improve eed double-free
-
-Fixes [GH #33], detected by jinyu00
---
- src/decode.c | 2 ++
- src/free.c   | 6 ++----
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/decode.c b/src/decode.c
-index 74668403..fb09f11a 100644
--- a/src/decode.c
-+++ b/src/decode.c
-@@ -2309,6 +2309,7 @@ dwg_decode_eed(Bit_Chain * dat, Dwg_Object_Object * obj)
-         LOG_ERROR("No EED[%d].handle", idx);
-         obj->num_eed = 0;
-         free(obj->eed);
-+        obj->eed = NULL;
-         return error;
-       } else {
-         end = dat->byte + size;
-@@ -2372,6 +2373,7 @@ dwg_decode_eed(Bit_Chain * dat, Dwg_Object_Object * obj)
-                       free(obj->eed[idx].raw);
-                     free(obj->eed[idx].data);
-                     free(obj->eed);
-+                    obj->eed = NULL;
-                     dat->byte = end;
-                     return DWG_ERR_VALUEOUTOFBOUNDS; /* may not continue */
- #endif
-diff --git a/src/free.c b/src/free.c
-index ce6940e7..65fb3f9e 100644
--- a/src/free.c
-+++ b/src/free.c
-@@ -267,8 +267,7 @@ dwg_free_eed(Dwg_Object* obj)
-     for (i=0; i < _obj->num_eed; i++) {
-       if (_obj->eed[i].size)
-         FREE_IF(_obj->eed[i].raw);
-      if (_obj->eed[i].data)
-        FREE_IF(_obj->eed[i].data);
-+      FREE_IF(_obj->eed[i].data);
-     }
-     FREE_IF(_obj->eed);
-   }
-@@ -277,8 +276,7 @@ dwg_free_eed(Dwg_Object* obj)
-     for (i=0; i < _obj->num_eed; i++) {
-       if (_obj->eed[i].size)
-         FREE_IF(_obj->eed[i].raw);
-      if (_obj->eed[i].data)
-        FREE_IF(_obj->eed[i].data);
-+      FREE_IF(_obj->eed[i].data);
-     }
-     FREE_IF(_obj->eed);
-   }
--- a/libredwg-0.5.tar.xz
+++ b/libredwg-0.5.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fd7b6d029ec1c974afcb72c0849785db0451d4ef148e03ca4a6c4a4221b479c0
-size 3488920
--- a/libredwg-0.5.tar.xz.sig
+++ b/libredwg-0.5.tar.xz.sig
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEKJWogdNCcPq/6PdHtPYzOeZdZBQFAls9OS8ACgkQtPYzOeZd
-ZBSgSQgAkXx8zcCj4/H2KJoct/Q/PW0o/2auaXsd6qHBLnnVEQ0xx/AlF5EGZp1J
-pxxzdpNxLLbzWgVontVSk8UCEaVHuWQJ6IicMiDzTYqr6di0jrH6r87fEiO/LXrJ
-Kk29Ac/OyP5yDqbzyhm5MUEOBQ6oXugGXqNzsg0eVBeLlmDRhyiKXgsSKNiytHtx
-9zKD4jwv3BTkkOZARIgt3XY+PVBVXYe8ccJQ2Ez95urL65d7FDT649pUWTqgM3lG
-/jkenPRW3A+GF5+s9D48gy+JIYoMGkiF1XzttL6fvkYC9jIv95ogZ0+C4z5aZvqj
-BpI3E0wCiESSoDlf5ThtD56T7eDqXA==
-=gFzc
-----END PGP SIGNATURE-----
--- a/libredwg-0.6.tar.xz
+++ b/libredwg-0.6.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6d525ca849496852f62ad6a11b7b801d0aafd1fa1366c45bdb0f11a90bd6f878
+size 3608836
--- a/libredwg-0.6.tar.xz.sig
+++ b/libredwg-0.6.tar.xz.sig
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEKJWogdNCcPq/6PdHtPYzOeZdZBQFAltxUjUACgkQtPYzOeZd
+ZBQZSgf8CR1bPWJ68mksWXscmL1Dp4K1uA33obMcSYeHilYcXXwTTynXcfgMEAGI
+djjwJkjE4W8UWUpfICYA9NhhrXS6dMsEnXIepmT4DzCVCA5zsyOYvhVidpKG5zBj
+t9B7DSuisHjERe63ff1qQnBhWz6CZQNH5rtCucmOOggi6F++630si/mD2maJ+2uw
+R3s5du2MUiV8VWo4kQo9jsJRlHJ/AcEyVNk+h39Fd6ORQl2nV+aRUEQYN99fbuUl
+1L17w4zkC+u4vD4axGoh01LWpoZGc/yBiSZiEgmA9t7OJYEtZanZ2g6axZmvaRpO
+aFLyFEeMbRLx6nB9nW85gMgQtgahtg==
+=8CUy
+-----END PGP SIGNATURE-----
--- a/libredwg.changes
+++ b/libredwg.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Aug 14 07:18:39 UTC 2018 - astieger@suse.com
+
+- update to 0.6:
+  * API breaking changes:
+    + Removed dwg_obj_proxy_get_reactors(), use dwg_obj_get_reactors() instead.
+    + Renamed SORTENTSTABLE.owner_handle to SORTENTSTABLE.owner_dict.
+    + Renamed all -as-rNNNN program options to --as-rNNNN.
+  * a number of bug fixes, correctness fixes and memory leak fixes
+  * Add support for more DWG objects
+  * Add pkg-config file
+- drop patches (upstream): CVE-2018-14524.patch, CVE-2018-14471.patch
+
 -------------------------------------------------------------------
 Thu Aug  9 09:34:20 UTC 2018 - astieger@suse.com

--- a/libredwg.spec
+++ b/libredwg.spec
@ -17,7 +17,7 @@


 Name:           libredwg
-Version:        0.5
+Version:        0.6
 Release:        0
 Summary:        A library to handle DWG files
 License:        GPL-3.0-or-later
@ -27,8 +27,7 @@ Source:         https://ftp.gnu.org/pub/gnu/%{name}/%{name}-%{version}.tar.xz
 Source2:        https://ftp.gnu.org/pub/gnu/%{name}/%{name}-%{version}.tar.xz.sig
 Source3:        http://savannah.gnu.org/people/viewgpg.php?user_id=101103#/%{name}.keyring
 Source4:        %{name}-rpmlintrc
-Patch0:         CVE-2018-14471.patch
-Patch1:         CVE-2018-14524.patch
+BuildRequires:  pkgconfig

 %description
 GNU LibreDWG is a C library to handle DWG files. It can replace the
@ -69,8 +68,6 @@ OpenDWG libraries. DWG is the native file format of AutoCAD.

 %prep
 %setup -q
-%patch0 -p1
-%patch1 -p1

 %build
 %configure \
@ -101,6 +98,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %doc AUTHORS ChangeLog README README-alpha TODO
 %{_includedir}/*.h
 %{_libdir}/libredwg.so
+%{_libdir}/pkgconfig/libredwg.pc

 %files -n %{name}0
 %license COPYING