From b9715122730a0ec5b596d3df04f7139dcde7922ef05b7451cae9b9163974b82b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 30 Oct 2019 15:48:23 +0000 Subject: [PATCH] - Update to release 0.9.1 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libredwg?expand=0&rev=17 --- libredwg-0.8.tar.xz | 3 --- libredwg-0.8.tar.xz.sig | 11 ----------- libredwg-0.9.1.tar.xz | 3 +++ libredwg-0.9.1.tar.xz.sig | 11 +++++++++++ libredwg.changes | 27 +++++++++++++++++++++++++++ libredwg.spec | 10 +++++++--- symvers.patch | 17 +++++++++++++++++ 7 files changed, 65 insertions(+), 17 deletions(-) delete mode 100644 libredwg-0.8.tar.xz delete mode 100644 libredwg-0.8.tar.xz.sig create mode 100644 libredwg-0.9.1.tar.xz create mode 100644 libredwg-0.9.1.tar.xz.sig create mode 100644 symvers.patch diff --git a/libredwg-0.8.tar.xz b/libredwg-0.8.tar.xz deleted file mode 100644 index ca119ca..0000000 --- a/libredwg-0.8.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0487c84e962a4dbcfcf3cbe961294b74c1bebd89a128b4929a1353bc7f58af26 -size 4295148 diff --git a/libredwg-0.8.tar.xz.sig b/libredwg-0.8.tar.xz.sig deleted file mode 100644 index f7d6c84..0000000 --- a/libredwg-0.8.tar.xz.sig +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEKJWogdNCcPq/6PdHtPYzOeZdZBQFAl0R55MACgkQtPYzOeZd -ZBQKFAf/bXYbMuoMFhiB7RAT74yG7DysxOZcwWxOpgSK6Q48WVxmIFtk2LfVDpIl -y90kNXzL4K8GiAVO3KNemmS2+hUnelSupHq+TsYIKwpuD2kZyqLRbqR8hS5OQcZG -MsBTS6uqqWZElM/0bP63k6ECnhCEbr7Cxnv4xIaVReHGfU8xtFiK8ByxOkbIsK9N -W3hPMfE7T60e4GUSSu7Eg0IVb+5f+exEjmmXPiClE+0QQ5+EQBPhW+y01k2bsswW -N4dX0OZB6hxOxpiry4cpXNR2fAYFvofVh2ew5eq0ZEPGG/4Z2cteKIQQ2L07ojTL -7hqAOLD1+3Qx4Ghhx7vI/cPzYfIuNg== -=G5xJ ------END PGP SIGNATURE----- diff --git a/libredwg-0.9.1.tar.xz b/libredwg-0.9.1.tar.xz new file mode 100644 index 0000000..39465ac --- /dev/null +++ b/libredwg-0.9.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7563a923a9f1846a0cc122ae59e8306034a04b8b85ed32e3640658f7d3c81f19 +size 4443468 diff --git a/libredwg-0.9.1.tar.xz.sig b/libredwg-0.9.1.tar.xz.sig new file mode 100644 index 0000000..c9d3447 --- /dev/null +++ b/libredwg-0.9.1.tar.xz.sig @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEKJWogdNCcPq/6PdHtPYzOeZdZBQFAl22zqwACgkQtPYzOeZd +ZBQ5MQgAmkIkFJeHbzMjoTlyz5NgkYMD9BGUeOhHoUS0GDwg6c1hGlJZPDI4V4qe +mPZu4mLmJn6mki87zBH5BJ23Js7k2C+XRFXPEtaPiDJjU+ZoWedyTGrX5CM8k5i5 +dfUC+Y5gThCia4J4Mvlr+AWKXI+3fyKXoTYF2eplJcpqTwWW6GIBcCUyNd1m1KBq +03WVWBb5u8gq3DO2DKGtsGtnjpsUlPYgOAYlG5lOtfM1+Fbp3MKJNqBYWGS9reGZ +jO5c+qmZGxCS6n/P2RjJFTwUSPqbZCao0TOqllP5ksoEfCsliS/p1+bKIwweuDKu +qRXBVrhWX0AB8HS35XVa+6Q7XfPLjw== +=EAIP +-----END PGP SIGNATURE----- diff --git a/libredwg.changes b/libredwg.changes index 088266a..0e1918e 100644 --- a/libredwg.changes +++ b/libredwg.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Wed Oct 30 14:46:09 UTC 2019 - Jan Engelhardt + +- Update to release 0.9.1 + * Fixed more null pointer dereferences, overflows, hangs and + memory leaks for fuzzed (i.e. illegal) DWGs. +- Update to release 0.9 + * Added the DXF importer, using the new dynapi and the r2000 + encoder. Only for r2000 DXFs. + * Added utf8text conversion functions to the dynapi. + * Added 3DSOLID encoder. + * Added APIs to find handles for names, searching in tables + and dicts. + * API breaking changes - see NEWS file in package. + * Fixed null pointer dereferences, and memory leaks (except DXF + importer) + [boo#1129868, CVE-2019-9779] + [boo#1129869, CVE-2019-9778] + [boo#1129870, CVE-2019-9777] + [boo#1129873, CVE-2019-9776] + [boo#1129874, CVE-2019-9773] + [boo#1129875, CVE-2019-9772] + [boo#1129876, CVE-2019-9771] + [boo#1129878, CVE-2019-9775] + [boo#1129879, CVE-2019-9774] + [boo#1129881, CVE-2019-9770] + ------------------------------------------------------------------- Thu Aug 1 11:00:01 UTC 2019 - Andreas Stieger diff --git a/libredwg.spec b/libredwg.spec index e73a3b2..9d3e748 100644 --- a/libredwg.spec +++ b/libredwg.spec @@ -17,7 +17,7 @@ Name: libredwg -Version: 0.8 +Version: 0.9.1 Release: 0 Summary: A library to handle DWG files License: GPL-3.0-or-later @@ -70,9 +70,12 @@ OpenDWG libraries. DWG is the native file format of AutoCAD. %setup -q %build +# No management of SO version despite ABI breaking changes: +# Force-add some symvers so RPM can produce meaningful deps. +echo 'V_%version { global: *; };' >src/sv.sym %configure \ --disable-static -make %{?_smp_mflags} +make %{?_smp_mflags} libredwg_la_LDFLAGS=-Wl,-version-script,sv.sym libredwg_la_LIBADD=-lm %install %make_install @@ -90,12 +93,13 @@ find %{buildroot} -type f -name "*.la" -delete -print %files tools %license COPYING %{_bindir}/dwg* +%{_bindir}/dxf* %{_mandir}/man?/*.1%{?ext_man} %{_infodir}/LibreDWG.info%{?ext_info} %files devel %license COPYING -%doc AUTHORS ChangeLog README README-alpha TODO +%doc AUTHORS ChangeLog NEWS README README-alpha TODO %{_includedir}/*.h %{_libdir}/libredwg.so %{_libdir}/pkgconfig/libredwg.pc diff --git a/symvers.patch b/symvers.patch new file mode 100644 index 0000000..ed5dd8d --- /dev/null +++ b/symvers.patch @@ -0,0 +1,17 @@ +--- + src/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: libredwg-0.9.1/src/Makefile.am +=================================================================== +--- libredwg-0.9.1.orig/src/Makefile.am ++++ libredwg-0.9.1/src/Makefile.am +@@ -20,7 +20,7 @@ + lib_LTLIBRARIES = libredwg.la + WARN_CFLAGS = @WARN_CFLAGS@ + AM_CFLAGS = -I$(top_srcdir)/include -I. $(WARN_CFLAGS) +-libredwg_la_LDFLAGS = -version-info $(LIBREDWG_SO_VERSION) -no-undefined -lm ++libredwg_la_LDFLAGS = -version-info $(LIBREDWG_SO_VERSION) -no-undefined -lm -Wl,-version-script,${top_srcdir}/hack.sym + + libredwg_la_SOURCES = \ + dwg.c \