347 lines
14 KiB
Plaintext
347 lines
14 KiB
Plaintext
<patchinfo incident="126">
|
|
<!-- generated from request(s) 345436 -->
|
|
<issue tracker="bnc" id="1207377">VUL-0: CVE-2022-45748: assimp: UaF in ColladaParser:ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.</issue>
|
|
<issue tracker="bnc" id="1218474">build failure for assimp</issue>
|
|
<issue tracker="bnc" id="1228142">VUL-0: CVE-2024-40724: TRACKERBUG: assimp: heap-based buffer overflow in the PLY importer class</issue>
|
|
<issue tracker="bnc" id="1230679">VUL-0: CVE-2024-45679: assimp: Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.</issue>
|
|
<issue tracker="cve" id="2022-45748"/>
|
|
<issue tracker="cve" id="2024-40724"/>
|
|
<issue tracker="cve" id="2024-45679"/>
|
|
<packager>alarrosa</packager>
|
|
<rating>important</rating>
|
|
<category>security</category>
|
|
<summary>Security update for assimp</summary>
|
|
<description>This update for assimp fixes the following issues:
|
|
|
|
- CVE-2022-45748: Fixed UaF in ColladaParser:ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp. (bsc#1207377)
|
|
|
|
Update to 5.4.3
|
|
|
|
* Ply-Importer: Fix vulnerability
|
|
* `build`: Add ccache support
|
|
* Update glTF2AssetWriter.inl
|
|
* Update PyAssimp structs with Skeleton & SkeletonBone members
|
|
* FBX: add metadata as properties
|
|
* Fix casting typo in D3MFExporter::writeBaseMaterials (color
|
|
channels < 1.0f were zeroed out)
|
|
* Fix to judge 'multi-configuration' correctly
|
|
* Fix potential memory leak in SceneCombiner for LWS/IRR/MD3
|
|
loader
|
|
* Fix copying private data when source pointer is NULL
|
|
* Bump softprops/action-gh-release from 1 to 2
|
|
* Bump actions/upload-artifact from 1 to 4
|
|
* Bump actions/download-artifact from 1 to 4
|
|
* fix GetShortFilename function
|
|
* Added more Maya materials
|
|
* Sparky kitty studios master
|
|
* Expose aiGetEmbeddedTexture to C-API
|
|
* Fix leak in loader
|
|
* Fix MSVC build error
|
|
* Revert variable name (fix broken build on android)
|
|
* Fixes possible out-of-bound read in findDegenerate
|
|
* Remove recursive include
|
|
* include Exceptional.h in 3DSExporter.cpp
|
|
* Use DRACO_GLTF_BITSTREAM
|
|
* Fix MSVC PDBs and permit them to be disabled if required
|
|
* Added AND condition in poly2tri dll_symbol.h
|
|
* fixing static build
|
|
* FBX exporter - handle multiple vertex color channels
|
|
* Update DefaultIOSystem.cpp
|
|
* Make coord transfor for hs1 files optional
|
|
* Return false instead of crash
|
|
* A fuzzed stride could cause the max count to become negative
|
|
and hence wrap around uint
|
|
* CalcTangents: zero vector is invalid for tangent/bitangent
|
|
* Mosfet80 updatedpoli2tri
|
|
* Fix a fuzz test heap buffer overflow in mdl material loader
|
|
* Introduce interpolation mode to vectro and quaternion keys
|
|
* Update Python structs with missing fields
|
|
* Introduce interpolation mode to vectro and quaternion keys
|
|
* Kimkulling/fix double precision tests
|
|
* [USD] Integrate "tinyusdz" project
|
|
* Update Readme.md
|
|
* Allow empty slots in mTextureCoords
|
|
* Fix compile warning
|
|
* Replace raw pointers by std::string
|
|
* Fix potential heapbuffer overflow in md5 parsing
|
|
* Fixes bsc#1230679, CVE-2024-45679.
|
|
|
|
- fix check failure on s390x (bsc#1218474)
|
|
|
|
- Update to 5.4.2
|
|
* Fix building on Haiku
|
|
* Reduce memory consumption in JoinVerticesProcess::ProcessMesh()
|
|
significantly
|
|
* Fix: Add check for invalid input argument
|
|
* Replace an assert
|
|
* Extension of skinning data export to GLB/GLTF format
|
|
* Fix output floating-point values to fbx
|
|
* Update ImproveCacheLocality.cpp
|
|
* Update Readme.md
|
|
* Deep arsdk bone double free
|
|
* Fix Spelling error
|
|
* use size in order to be compatible with float and double
|
|
* Fix: Add missing transformation for normalized normals.
|
|
* Fix: Implicit Conversion Error
|
|
* Fix add checks for indices
|
|
* Update FBXBinaryTokenizer.cpp
|
|
* link to external minizip with full path
|
|
* utf8 header not found
|
|
* Rm unnecessary deg->radian conversion in FBX exporter
|
|
* Fix empty mesh handling
|
|
* Refactoring: Some cleanups
|
|
* Fix invalid read of uint from uvwsrc
|
|
* Remove double delete
|
|
* fix mesh-name error.
|
|
* COLLADA fixes for textures in C4D input
|
|
* Use the correct allocator for deleting objects in case of
|
|
duplicate animation Ids
|
|
* Fix container overflow in MMD parser
|
|
* Fix: PLY heap buffer overflow
|
|
* Fix: Check if index for mesh access is out of range
|
|
* Update FBXConverter.cpp
|
|
* FBX: Use correct time scaling
|
|
* Drop explicit inclusion of contrib/ headers
|
|
* Update Build.md
|
|
* Fix buffer overflow in FBX::Util::DecodeBase64()
|
|
* Readme.md: correct 2 errors in section headers
|
|
* Fix double free in Video::~Video()
|
|
* FBXMeshGeometry: solve issue #5116 using patch provided
|
|
* Fix target names not being imported on some gLTF2 models
|
|
* correct grammar/typographic errors in comments (8 files)
|
|
* KHR_materials_specular fixes
|
|
* Disable Hunter
|
|
* fixed several issues
|
|
* Fix leak
|
|
* Check validity of archive without parsing
|
|
* Fix integer overflow
|
|
* Add a test before generating the txture folder
|
|
* Build: Disable building zlib for non-windows
|
|
* null check.
|
|
* Bump actions/upload-artifact from 3 to 4
|
|
* fix: KHR_materials_pbrSpecularGlossiness/diffuseFactor convert
|
|
to pbrMetallicRoughness/baseColorFactor
|
|
* fix building errors for MinGW
|
|
* dynamic_cast error.
|
|
* Add missing IRR textures
|
|
* Update Dockerfile
|
|
* Fix handling of X3D IndexedLineSet nodes
|
|
* Improve acc file loading
|
|
* Readme.md: present hyperlinks in a more uniform style
|
|
* FBX Blendshape FullWeight: Vec<Float> -> FullWeight: Vec<Double>
|
|
* Fix for issues #5422, #3411, and #5443 -- DXF insert scaling
|
|
fix and colour fix
|
|
* Update StbCommon.h to stay up-to-date with stb_image.h.
|
|
* Introduce aiBuffer
|
|
* Add bounds checks to the parsing utilities.
|
|
* Fix crash in viewer
|
|
* Static code analysis fixes
|
|
* Kimkulling/fix bahavior of remove redundat mats issue 5438
|
|
* Fix X importer breakage introduced in commit f844c33
|
|
* Fileformats.md: clarify that import of .blend files is deprecated
|
|
* feat:1.add 3mf vertex color read 2.fix 3mf read texture bug
|
|
* More GLTF loading hardening
|
|
* Bump actions/cache from 3 to 4
|
|
* Update CMakeLists.txt
|
|
* Blendshape->Geometry in FBX Export
|
|
* Fix identity matrix check
|
|
* Fix PyAssimp under Python >= 3.12 and macOS library search support
|
|
* Add ISC LICENSE file
|
|
* ColladaParser: check values length
|
|
* Include defs in not cpp-section
|
|
* Add correct double zero check
|
|
* Add zlib-header to ZipArchiveIOSystem.h
|
|
* Add 2024 to copyright infos
|
|
* Append a new setting "AI_CONFIG_EXPORT_FBX_TRANSPARENCY_FACTOR_REFER_TO_OPACITY"
|
|
* Eliminate non-ascii comments in clipper
|
|
* Fix compilation for MSVC14.
|
|
* Add correction of fbx model rotation
|
|
* Delete tools/make directory
|
|
* Delete packaging/windows-mkzip directory
|
|
* Fix #5420 duplicate degrees to radians conversion in fbx importer
|
|
* Respect merge identical vertices in ObjExporter
|
|
* Fix utDefaultIOStream test under MinGW
|
|
* Fix typos
|
|
* Add initial macOS support to C4D importer
|
|
* Update hunter into CMakeLists.txt
|
|
* Fix: add missing import for AI_CONFIG_CHECK_IDENTITY_MATRIX_EPSILON_DEFAULT
|
|
* updated json
|
|
* Cleanup: Fix review findings
|
|
* CMake: Allow linking draco statically if ASSIMP_BUILD_DRACO_STATIC is set.
|
|
* updated minizip to last version
|
|
* updated STBIMAGElib
|
|
* fix issue #5461 (segfault after removing redundant materials)
|
|
* Update ComputeUVMappingProcess.cpp
|
|
* add some ASSIMP_INSTALL checks
|
|
* Fix SplitByBoneCount typo that prevented node updates
|
|
* Q3DLoader: Fix possible material string overflow
|
|
* Reverts the changes introduced
|
|
* fix a collada import bug
|
|
* mention IQM loader in Fileformats.md
|
|
* Kimkulling/fix pyassimp compatibility
|
|
* fix ASE loader crash when *MATERIAL_COUNT or *NUMSUBMTLS is not specified
|
|
or is 0
|
|
* Add checks for invalid buffer and size
|
|
* Make sure for releases revision will be zero
|
|
* glTF2Importer: Support .vrm extension
|
|
* Prepare v5.4.1
|
|
* Remove deprecated c++11 warnings
|
|
* fix ci
|
|
* Fix integer overflow
|
|
* Assimp viewer fixes
|
|
* Optimize readability
|
|
* Temporary fix for #5557 GCC 13+ build issue -Warray-bounds
|
|
* Fix a bug that could cause assertion failure.
|
|
* Fix possible nullptr dereferencing.
|
|
* Update ObjFileParser.cpp
|
|
* Fix for #5592 Disabled maybe-uninitialized error for
|
|
AssetLib/Obj/ObjFileParser.cpp
|
|
* updated zip
|
|
* Postprocessing: Fix endless loop
|
|
* Build: Fix compilation for VS-2022 debug mode - warning
|
|
* Converted a size_t to mz_uint that was being treated as an error
|
|
* Add trim to xml string parsing
|
|
* Replace duplicated trim
|
|
* Move aiScene constructor
|
|
* Move revision.h and revision.h.in to include folder
|
|
* Update MDLMaterialLoader.cpp
|
|
* Create inno_setup
|
|
* clean HunterGate.cmake
|
|
* Draft: Update init of aiString
|
|
* Fix init aistring issue 5622 inpython module
|
|
* update dotnet example
|
|
* Make stepfile schema validation more robust.
|
|
* fix PLY binary export color from float to uchar
|
|
* Some FBXs do not have "Materials" information, which can cause
|
|
parsing errors
|
|
* Fix collada uv channels - temporary was stored and then updated.
|
|
* remove ASE parsing break
|
|
* FBX-Exporter: Fix nullptr dereferencing
|
|
* Fix FBX exporting incorrect bone order
|
|
* fixes potential memory leak on malformed obj file
|
|
* Update zip.c
|
|
* Fixes some uninit bool loads
|
|
* Fix names of enum values in docstring of aiProcess_FindDegenerates
|
|
* Fix: StackAllocator Undefined Reference fix
|
|
* Plx: Fix out of bound access (CVE-2024-40724, bsc#1228142)
|
|
|
|
- Update to 5.4.1
|
|
* CMake: Allow linking draco statically if ASSIMP_BUILD_DRACO_STATIC is set.
|
|
* Deps: updated minizip to last version
|
|
* Deps: updated STBIMAGElib
|
|
* Fix issue #5461 (segfault after removing redundant materials)
|
|
* Update ComputeUVMappingProcess.cpp
|
|
* Add some ASSIMP_INSTALL checks
|
|
* Fix SplitByBoneCount typo that prevented node updates
|
|
* Q3DLoader: Fix possible material string overflow
|
|
* Reverts the changes introduced by commit ad766cb in February 2022
|
|
* Fix a collada import bug
|
|
* Mention IQM loader in Fileformats.md
|
|
* Fix ASE loader crash when *MATERIAL_COUNT or *NUMSUBMTLS is not specified
|
|
or is 0
|
|
* Add checks for invalid buffer and size
|
|
* Make sure for releases revision will be zero
|
|
* glTF2Importer: Support .vrm extension
|
|
|
|
- Update to 5.4.0
|
|
* Reduce memory consumption in JoinVerticesProcess::ProcessMesh()
|
|
* Fix: Add check for invalid input argument
|
|
* Replace an assert
|
|
* Extension of skinning data export to GLB/GLTF format
|
|
* Fix output floating-point values to fbx
|
|
* Update ImproveCacheLocality.cpp
|
|
* Deep arsdk bone double free
|
|
* Fix Spelling error
|
|
* use size to be compatible with float and double
|
|
* Fix: Add missing transformation for normalized normals.
|
|
* Fix: Implicit Conversion Error
|
|
* Fix add checks for indices
|
|
* Update FBXBinaryTokenizer.cpp
|
|
* link to external minizip with full path
|
|
* utf8 header not found
|
|
* Rm unnecessary deg->radian conversion in FBX exporter
|
|
* Fix empty mesh handling
|
|
* Refactoring: Some cleanups
|
|
* Fix invalid read of uint from uvwsrc
|
|
* Remove double delete
|
|
* fix the mesh-name error.
|
|
* COLLADA fixes for textures in C4D input
|
|
* Use the correct allocator for deleting objects in case of
|
|
duplicate animation Ids
|
|
* Fix container overflow in MMD parser
|
|
* Fix: PLY heap buffer overflow
|
|
* Fix: Check if index for mesh access is out of range
|
|
* Update FBXConverter.cpp
|
|
* FBX: Use correct time scaling
|
|
* Drop explicit inclusion of contrib/ headers
|
|
* Update Build.md
|
|
* Fix buffer overflow in FBX::Util::DecodeBase64()
|
|
* Readme.md: correct 2 errors in section headers
|
|
* Fix double free in Video::~Video()
|
|
* FBXMeshGeometry: solve issue #5116 using patch provided
|
|
* Fix target names not being imported on some gLTF2 models
|
|
* correct grammar/typographic errors in comments (8 files)
|
|
* KHR_materials_specular fixes
|
|
* Disable Hunter
|
|
* fixed several issues
|
|
* Fix leak
|
|
* Check the validity of the archive without parsing
|
|
* Fix integer overflow
|
|
* Add a test before generating the texture folder
|
|
* Build: Disable building zlib for non-windows
|
|
* null check.
|
|
* Bump actions/upload-artifact from 3 to 4
|
|
* fix: KHR_materials_pbrSpecularGlossiness/diffuseFactor convert
|
|
to pbrMetallicRoughness/baseColorFactor
|
|
* dynamic_cast error.
|
|
* Add missing IRR textures
|
|
* Fix handling of X3D IndexedLineSet nodes
|
|
* Improve acc file loading
|
|
* Readme.md: present hyperlinks in a more uniform style
|
|
* FBX Blendshape FullWeight: Vec<Float> -> FullWeight: Vec<Double>
|
|
* Fix for issues #5422, #3411, and #5443 -- DXF insert scaling fix
|
|
and colour fix
|
|
* Update StbCommon.h to stay up-to-date with stb_image.h.
|
|
* Introduce aiBuffer
|
|
* Add bounds checks to the parsing utilities.
|
|
* Fix crash in viewer
|
|
* Static code analysis fixes
|
|
* Kimkulling/fix behavior of remove redundant mats issue 5438
|
|
* Fix X importer breakage introduced in commit f844c33
|
|
* Fileformats.md: clarify that import of .blend files is deprecated
|
|
* feat:1.add 3mf vertex color read 2.fix 3mf read texture bug
|
|
* More GLTF loading hardening
|
|
* Bump actions/cache from 3 to 4
|
|
* Blendshape->Geometry in FBX Export
|
|
* Fix identity matrix check
|
|
* Fix PyAssimp under Python >= 3.12 and macOS library search support
|
|
* Add ISC LICENSE file
|
|
* ColladaParser: check values length
|
|
* Include defs in not cpp-section
|
|
* Add correct double zero check
|
|
* Add zlib-header to ZipArchiveIOSystem.h
|
|
* Add 2024 to copyright infos
|
|
* Append a new setting "AI_CONFIG_EXPORT_FBX_TRANSPARENCY_FACTOR_REFER_TO_OPACITY"
|
|
* Eliminate non-ascii comments in clipper
|
|
* Fix compilation for MSVC14.
|
|
* Add correction of fbx model rotation
|
|
* Delete tools/make directory
|
|
* Delete packaging/windows-mkzip directory
|
|
* Fix #5420 duplicate degrees to radians conversion in fbx importer
|
|
* Respect merge identical vertices in ObjExporter
|
|
* Fix utDefaultIOStream test under MinGW
|
|
* Fix typos
|
|
* Add initial macOS support to C4D importer
|
|
* Update hunter into CMakeLists.txt
|
|
* Fix: add a missing import for AI_CONFIG_CHECK_IDENTITY_MATRIX_EPSILON_DEFAULT
|
|
* updated json
|
|
* Cleanup: Fix review findings
|
|
* Update CMakeLists.txt
|
|
|
|
- Reenable the Collada parser.
|
|
|
|
|
|
</description>
|
|
<package>assimp</package>
|
|
<seperate_build_arch/>
|
|
</patchinfo> |