From 8fd6106cd44fe38ce69275257a36379ce879aac4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 29 Nov 2024 18:01:05 +0100 Subject: [PATCH] Adding patchinfo patchinfo.20241129134332322530.90520734224245 --- assimp | 2 +- .../_patchinfo | 347 ++++++++++++++++++ 2 files changed, 348 insertions(+), 1 deletion(-) create mode 100644 patchinfo.20241129134332322530.90520734224245/_patchinfo diff --git a/assimp b/assimp index 0a0a5e3..ee52c47 160000 --- a/assimp +++ b/assimp @@ -1 +1 @@ -Subproject commit 0a0a5e34fb76d3a5e514d4666e01f2860717376c +Subproject commit ee52c47e3df0f24245301a2f327ed983142e6db0 diff --git a/patchinfo.20241129134332322530.90520734224245/_patchinfo b/patchinfo.20241129134332322530.90520734224245/_patchinfo new file mode 100644 index 0000000..d327456 --- /dev/null +++ b/patchinfo.20241129134332322530.90520734224245/_patchinfo @@ -0,0 +1,347 @@ + + + VUL-0: CVE-2022-45748: assimp: UaF in ColladaParser:ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp. + build failure for assimp + VUL-0: CVE-2024-40724: TRACKERBUG: assimp: heap-based buffer overflow in the PLY importer class + VUL-0: CVE-2024-45679: assimp: Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. + + + + alarrosa + important + security + Security update for assimp + This update for assimp fixes the following issues: + +- CVE-2022-45748: Fixed UaF in ColladaParser:ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp. (bsc#1207377) + +Update to 5.4.3 + + * Ply-Importer: Fix vulnerability + * `build`: Add ccache support + * Update glTF2AssetWriter.inl + * Update PyAssimp structs with Skeleton & SkeletonBone members + * FBX: add metadata as properties + * Fix casting typo in D3MFExporter::writeBaseMaterials (color + channels < 1.0f were zeroed out) + * Fix to judge 'multi-configuration' correctly + * Fix potential memory leak in SceneCombiner for LWS/IRR/MD3 + loader + * Fix copying private data when source pointer is NULL + * Bump softprops/action-gh-release from 1 to 2 + * Bump actions/upload-artifact from 1 to 4 + * Bump actions/download-artifact from 1 to 4 + * fix GetShortFilename function + * Added more Maya materials + * Sparky kitty studios master + * Expose aiGetEmbeddedTexture to C-API + * Fix leak in loader + * Fix MSVC build error + * Revert variable name (fix broken build on android) + * Fixes possible out-of-bound read in findDegenerate + * Remove recursive include + * include Exceptional.h in 3DSExporter.cpp + * Use DRACO_GLTF_BITSTREAM + * Fix MSVC PDBs and permit them to be disabled if required + * Added AND condition in poly2tri dll_symbol.h + * fixing static build + * FBX exporter - handle multiple vertex color channels + * Update DefaultIOSystem.cpp + * Make coord transfor for hs1 files optional + * Return false instead of crash + * A fuzzed stride could cause the max count to become negative + and hence wrap around uint + * CalcTangents: zero vector is invalid for tangent/bitangent + * Mosfet80 updatedpoli2tri + * Fix a fuzz test heap buffer overflow in mdl material loader + * Introduce interpolation mode to vectro and quaternion keys + * Update Python structs with missing fields + * Introduce interpolation mode to vectro and quaternion keys + * Kimkulling/fix double precision tests + * [USD] Integrate "tinyusdz" project + * Update Readme.md + * Allow empty slots in mTextureCoords + * Fix compile warning + * Replace raw pointers by std::string + * Fix potential heapbuffer overflow in md5 parsing + * Fixes bsc#1230679, CVE-2024-45679. + +- fix check failure on s390x (bsc#1218474) + +- Update to 5.4.2 + * Fix building on Haiku + * Reduce memory consumption in JoinVerticesProcess::ProcessMesh() + significantly + * Fix: Add check for invalid input argument + * Replace an assert + * Extension of skinning data export to GLB/GLTF format + * Fix output floating-point values to fbx + * Update ImproveCacheLocality.cpp + * Update Readme.md + * Deep arsdk bone double free + * Fix Spelling error + * use size in order to be compatible with float and double + * Fix: Add missing transformation for normalized normals. + * Fix: Implicit Conversion Error + * Fix add checks for indices + * Update FBXBinaryTokenizer.cpp + * link to external minizip with full path + * utf8 header not found + * Rm unnecessary deg->radian conversion in FBX exporter + * Fix empty mesh handling + * Refactoring: Some cleanups + * Fix invalid read of uint from uvwsrc + * Remove double delete + * fix mesh-name error. + * COLLADA fixes for textures in C4D input + * Use the correct allocator for deleting objects in case of + duplicate animation Ids + * Fix container overflow in MMD parser + * Fix: PLY heap buffer overflow + * Fix: Check if index for mesh access is out of range + * Update FBXConverter.cpp + * FBX: Use correct time scaling + * Drop explicit inclusion of contrib/ headers + * Update Build.md + * Fix buffer overflow in FBX::Util::DecodeBase64() + * Readme.md: correct 2 errors in section headers + * Fix double free in Video::~Video() + * FBXMeshGeometry: solve issue #5116 using patch provided + * Fix target names not being imported on some gLTF2 models + * correct grammar/typographic errors in comments (8 files) + * KHR_materials_specular fixes + * Disable Hunter + * fixed several issues + * Fix leak + * Check validity of archive without parsing + * Fix integer overflow + * Add a test before generating the txture folder + * Build: Disable building zlib for non-windows + * null check. + * Bump actions/upload-artifact from 3 to 4 + * fix: KHR_materials_pbrSpecularGlossiness/diffuseFactor convert + to pbrMetallicRoughness/baseColorFactor + * fix building errors for MinGW + * dynamic_cast error. + * Add missing IRR textures + * Update Dockerfile + * Fix handling of X3D IndexedLineSet nodes + * Improve acc file loading + * Readme.md: present hyperlinks in a more uniform style + * FBX Blendshape FullWeight: Vec<Float> -> FullWeight: Vec<Double> + * Fix for issues #5422, #3411, and #5443 -- DXF insert scaling + fix and colour fix + * Update StbCommon.h to stay up-to-date with stb_image.h. + * Introduce aiBuffer + * Add bounds checks to the parsing utilities. + * Fix crash in viewer + * Static code analysis fixes + * Kimkulling/fix bahavior of remove redundat mats issue 5438 + * Fix X importer breakage introduced in commit f844c33 + * Fileformats.md: clarify that import of .blend files is deprecated + * feat:1.add 3mf vertex color read 2.fix 3mf read texture bug + * More GLTF loading hardening + * Bump actions/cache from 3 to 4 + * Update CMakeLists.txt + * Blendshape->Geometry in FBX Export + * Fix identity matrix check + * Fix PyAssimp under Python >= 3.12 and macOS library search support + * Add ISC LICENSE file + * ColladaParser: check values length + * Include defs in not cpp-section + * Add correct double zero check + * Add zlib-header to ZipArchiveIOSystem.h + * Add 2024 to copyright infos + * Append a new setting "AI_CONFIG_EXPORT_FBX_TRANSPARENCY_FACTOR_REFER_TO_OPACITY" + * Eliminate non-ascii comments in clipper + * Fix compilation for MSVC14. + * Add correction of fbx model rotation + * Delete tools/make directory + * Delete packaging/windows-mkzip directory + * Fix #5420 duplicate degrees to radians conversion in fbx importer + * Respect merge identical vertices in ObjExporter + * Fix utDefaultIOStream test under MinGW + * Fix typos + * Add initial macOS support to C4D importer + * Update hunter into CMakeLists.txt + * Fix: add missing import for AI_CONFIG_CHECK_IDENTITY_MATRIX_EPSILON_DEFAULT + * updated json + * Cleanup: Fix review findings + * CMake: Allow linking draco statically if ASSIMP_BUILD_DRACO_STATIC is set. + * updated minizip to last version + * updated STBIMAGElib + * fix issue #5461 (segfault after removing redundant materials) + * Update ComputeUVMappingProcess.cpp + * add some ASSIMP_INSTALL checks + * Fix SplitByBoneCount typo that prevented node updates + * Q3DLoader: Fix possible material string overflow + * Reverts the changes introduced + * fix a collada import bug + * mention IQM loader in Fileformats.md + * Kimkulling/fix pyassimp compatibility + * fix ASE loader crash when *MATERIAL_COUNT or *NUMSUBMTLS is not specified + or is 0 + * Add checks for invalid buffer and size + * Make sure for releases revision will be zero + * glTF2Importer: Support .vrm extension + * Prepare v5.4.1 + * Remove deprecated c++11 warnings + * fix ci + * Fix integer overflow + * Assimp viewer fixes + * Optimize readability + * Temporary fix for #5557 GCC 13+ build issue -Warray-bounds + * Fix a bug that could cause assertion failure. + * Fix possible nullptr dereferencing. + * Update ObjFileParser.cpp + * Fix for #5592 Disabled maybe-uninitialized error for + AssetLib/Obj/ObjFileParser.cpp + * updated zip + * Postprocessing: Fix endless loop + * Build: Fix compilation for VS-2022 debug mode - warning + * Converted a size_t to mz_uint that was being treated as an error + * Add trim to xml string parsing + * Replace duplicated trim + * Move aiScene constructor + * Move revision.h and revision.h.in to include folder + * Update MDLMaterialLoader.cpp + * Create inno_setup + * clean HunterGate.cmake + * Draft: Update init of aiString + * Fix init aistring issue 5622 inpython module + * update dotnet example + * Make stepfile schema validation more robust. + * fix PLY binary export color from float to uchar + * Some FBXs do not have "Materials" information, which can cause + parsing errors + * Fix collada uv channels - temporary was stored and then updated. + * remove ASE parsing break + * FBX-Exporter: Fix nullptr dereferencing + * Fix FBX exporting incorrect bone order + * fixes potential memory leak on malformed obj file + * Update zip.c + * Fixes some uninit bool loads + * Fix names of enum values in docstring of aiProcess_FindDegenerates + * Fix: StackAllocator Undefined Reference fix + * Plx: Fix out of bound access (CVE-2024-40724, bsc#1228142) + +- Update to 5.4.1 + * CMake: Allow linking draco statically if ASSIMP_BUILD_DRACO_STATIC is set. + * Deps: updated minizip to last version + * Deps: updated STBIMAGElib + * Fix issue #5461 (segfault after removing redundant materials) + * Update ComputeUVMappingProcess.cpp + * Add some ASSIMP_INSTALL checks + * Fix SplitByBoneCount typo that prevented node updates + * Q3DLoader: Fix possible material string overflow + * Reverts the changes introduced by commit ad766cb in February 2022 + * Fix a collada import bug + * Mention IQM loader in Fileformats.md + * Fix ASE loader crash when *MATERIAL_COUNT or *NUMSUBMTLS is not specified + or is 0 + * Add checks for invalid buffer and size + * Make sure for releases revision will be zero + * glTF2Importer: Support .vrm extension + +- Update to 5.4.0 + * Reduce memory consumption in JoinVerticesProcess::ProcessMesh() + * Fix: Add check for invalid input argument + * Replace an assert + * Extension of skinning data export to GLB/GLTF format + * Fix output floating-point values to fbx + * Update ImproveCacheLocality.cpp + * Deep arsdk bone double free + * Fix Spelling error + * use size to be compatible with float and double + * Fix: Add missing transformation for normalized normals. + * Fix: Implicit Conversion Error + * Fix add checks for indices + * Update FBXBinaryTokenizer.cpp + * link to external minizip with full path + * utf8 header not found + * Rm unnecessary deg->radian conversion in FBX exporter + * Fix empty mesh handling + * Refactoring: Some cleanups + * Fix invalid read of uint from uvwsrc + * Remove double delete + * fix the mesh-name error. + * COLLADA fixes for textures in C4D input + * Use the correct allocator for deleting objects in case of + duplicate animation Ids + * Fix container overflow in MMD parser + * Fix: PLY heap buffer overflow + * Fix: Check if index for mesh access is out of range + * Update FBXConverter.cpp + * FBX: Use correct time scaling + * Drop explicit inclusion of contrib/ headers + * Update Build.md + * Fix buffer overflow in FBX::Util::DecodeBase64() + * Readme.md: correct 2 errors in section headers + * Fix double free in Video::~Video() + * FBXMeshGeometry: solve issue #5116 using patch provided + * Fix target names not being imported on some gLTF2 models + * correct grammar/typographic errors in comments (8 files) + * KHR_materials_specular fixes + * Disable Hunter + * fixed several issues + * Fix leak + * Check the validity of the archive without parsing + * Fix integer overflow + * Add a test before generating the texture folder + * Build: Disable building zlib for non-windows + * null check. + * Bump actions/upload-artifact from 3 to 4 + * fix: KHR_materials_pbrSpecularGlossiness/diffuseFactor convert + to pbrMetallicRoughness/baseColorFactor + * dynamic_cast error. + * Add missing IRR textures + * Fix handling of X3D IndexedLineSet nodes + * Improve acc file loading + * Readme.md: present hyperlinks in a more uniform style + * FBX Blendshape FullWeight: Vec<Float> -> FullWeight: Vec<Double> + * Fix for issues #5422, #3411, and #5443 -- DXF insert scaling fix + and colour fix + * Update StbCommon.h to stay up-to-date with stb_image.h. + * Introduce aiBuffer + * Add bounds checks to the parsing utilities. + * Fix crash in viewer + * Static code analysis fixes + * Kimkulling/fix behavior of remove redundant mats issue 5438 + * Fix X importer breakage introduced in commit f844c33 + * Fileformats.md: clarify that import of .blend files is deprecated + * feat:1.add 3mf vertex color read 2.fix 3mf read texture bug + * More GLTF loading hardening + * Bump actions/cache from 3 to 4 + * Blendshape->Geometry in FBX Export + * Fix identity matrix check + * Fix PyAssimp under Python >= 3.12 and macOS library search support + * Add ISC LICENSE file + * ColladaParser: check values length + * Include defs in not cpp-section + * Add correct double zero check + * Add zlib-header to ZipArchiveIOSystem.h + * Add 2024 to copyright infos + * Append a new setting "AI_CONFIG_EXPORT_FBX_TRANSPARENCY_FACTOR_REFER_TO_OPACITY" + * Eliminate non-ascii comments in clipper + * Fix compilation for MSVC14. + * Add correction of fbx model rotation + * Delete tools/make directory + * Delete packaging/windows-mkzip directory + * Fix #5420 duplicate degrees to radians conversion in fbx importer + * Respect merge identical vertices in ObjExporter + * Fix utDefaultIOStream test under MinGW + * Fix typos + * Add initial macOS support to C4D importer + * Update hunter into CMakeLists.txt + * Fix: add a missing import for AI_CONFIG_CHECK_IDENTITY_MATRIX_EPSILON_DEFAULT + * updated json + * Cleanup: Fix review findings + * Update CMakeLists.txt + +- Reenable the Collada parser. + + + + assimp + +