Accepting request 1284185 from games

- Update to 6.0.2
  * Fix export fbx: Wrong Materials in LayerElementMaterial
    if a node contains multi meshes
  * Fix compile error when ASSIMP_DOUBLE_PRECISION enable
  * Updated Inner Cone formula for Spot Lights in GLTF
  * Update/update pugi xml
  * Fixes CVE-2025-2751: Out-of-bounds Read in
    Assimp::CSMImporter::InternReadFile (CVE-2025-2751, boo#1240016)
  * Fixes CVE-2025-2757: Heap-based Buffer Overflow in
    AI_MD5_PARSE_STRING_IN_QUOTATION (CVE-2025-2757, boo#1240027)
  * Fixes CVE-2025-2750: out of bounds write by assigning to
    wrong array element count tracking (CVE-2025-2750, boo#1240014)
  * fix-CVE-2025-3158: Heap-based Buffer Overflow in
    Assimp::LWO::AnimResolver::UpdateAnimRangeSetup (CVE-2025-3158, boo#1240773)
  * Update SECURITY.md
  * Fix the function aiGetMaterialColor when the flag ASSIMP_DOUBLE_PRECISION

  * Fixes CVE-2025-3548, boo#1241364

OBS-URL: https://build.opensuse.org/request/show/1284185
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/assimp?expand=0&rev=34

0001-Accept-find_package-Assimp-5.x-calls.patch

@@ -0,0 +1,26 @@
+From 97f58ac8d173736ede30a952f34506c55771fe92 Mon Sep 17 00:00:00 2001
+From: Christophe Marin <christophe@krop.fr>
+Date: Mon, 2 Jun 2025 18:02:46 +0200
+Subject: [PATCH] Accept find_package(Assimp 5.x) calls
+
+With assimp 6.0.x, the library SOVERSION is still 5 and should still be backward compatible
+---
+ CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 7acaf7476..0c103bd7e 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -502,7 +502,7 @@ set(INCLUDE_INSTALL_DIR "include")
+ include(CMakePackageConfigHelpers)
+ 
+ # Note: PROJECT_VERSION is used as a VERSION
+-write_basic_package_version_file("${VERSION_CONFIG}" COMPATIBILITY SameMajorVersion)
++write_basic_package_version_file("${VERSION_CONFIG}" COMPATIBILITY AnyNewerVersion)
+ 
+ configure_package_config_file(
+     ${CMAKE_CONFIG_TEMPLATE_FILE}
+-- 
+2.49.0
+

_service

@@ -2,7 +2,7 @@
     <service name="tar_scm" mode="disabled">
         <param name="scm">git</param>
         <param name="url">https://github.com/assimp/assimp</param>
-        <param name="revision">v5.4.3</param>
+        <param name="revision">v6.0.2</param>
         <param name="versionformat">@PARENT_TAG@</param>
         <param name="versionrewrite-pattern">v(.*)</param>
         <!-- non-OSI media -->

assimp-6.0.2.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9aef3b6a55f5424130d51925a64174273bb1f5d341177df3d642b7492bf51a30
+size 84686160

assimp.changes

@@ -1,3 +1,89 @@
+-------------------------------------------------------------------
+Mon Jun  9 11:25:08 UTC 2025 - Christophe Marin <christophe@krop.fr>
+
+- Update to 6.0.2
+  * Fix export fbx: Wrong Materials in LayerElementMaterial
+    if a node contains multi meshes
+  * Fix compile error when ASSIMP_DOUBLE_PRECISION enable
+  * Updated Inner Cone formula for Spot Lights in GLTF
+  * Update/update pugi xml
+  * Fixes CVE-2025-2751: Out-of-bounds Read in
+    Assimp::CSMImporter::InternReadFile (CVE-2025-2751, boo#1240016)
+  * Fixes CVE-2025-2757: Heap-based Buffer Overflow in
+    AI_MD5_PARSE_STRING_IN_QUOTATION (CVE-2025-2757, boo#1240027)
+  * Fixes CVE-2025-2750: out of bounds write by assigning to
+    wrong array element count tracking (CVE-2025-2750, boo#1240014)
+  * fix-CVE-2025-3158: Heap-based Buffer Overflow in
+    Assimp::LWO::AnimResolver::UpdateAnimRangeSetup (CVE-2025-3158, boo#1240773)
+  * Update SECURITY.md
+  * Fix the function aiGetMaterialColor when the flag ASSIMP_DOUBLE_PRECISION
+
+-------------------------------------------------------------------
+Sun Jun  1 08:08:00 UTC 2025 - Christophe Marin <christophe@krop.fr>
+
+- Update to 6.0.1. Too many changes, check
+  https://github.com/assimp/assimp/releases/tag/v6.0.0 for the
+  full list.
+  * Fixes CVE-2025-3196, boo#1240775
+  * Fixes CVE-2025-2152, boo#1239221
+  * Fixes CVE-2025-3548, boo#1241364
+- Drop patches, merged upstream:
+  * 0001-SplitLargeMeshes-Fix-crash-5799.patch
+  * 0001-Fix-leak-5762.patch
+  * CVE-2024-48423.patch
+  * CVE-2024-48424.patch
+  * CVE-2024-53425.patch
+  * 0001-ASE-Fix-possible-out-of-bound-access.patch
+  * 0001-MDL-Limit-max-texture-sizes.patch
+  * 0001-MDL-Fix-overflow-check.patch
+  * CVE-2025-2151.patch
+  * 0001-Bugfix-Fix-possible-nullptr-dereferencing.patch
+  * 0001-Potential-use-after-free.patch
+  * 0001-ASE-Use-correct-vertex-container.patch
+  * 0001-CMS-Fix-possible-overflow-access.patch
+  * 0001-NDO-Fix-possible-overflow-access.patch
+- Add patch:
+  * 0001-Accept-find_package-Assimp-5.x-calls.patch
+
+-------------------------------------------------------------------
+Tue Apr  1 09:37:57 UTC 2025 - Christophe Marin <christophe@krop.fr>
+
+- Add patch:
+  * 0001-NDO-Fix-possible-overflow-access.patch
+
+-------------------------------------------------------------------
+Mon Mar 17 09:20:30 UTC 2025 - Christophe Marin <christophe@krop.fr>
+
+- Add upstream changes:
+  * 0001-ASE-Fix-possible-out-of-bound-access.patch (CVE-2025-3015, boo#1240412)
+  * 0001-MDL-Limit-max-texture-sizes.patch
+    (gh#assimp/assimp#6022, CVE-2025-3016, boo#1240413)
+  * 0001-MDL-Fix-overflow-check.patch
+    (gh#assimp/assimp#6009, CVE-2025-2591, boo#1239920)
+  * CVE-2025-2151.patch (CVE-2025-2151, boo#1239220)
+  * 0001-Bugfix-Fix-possible-nullptr-dereferencing.patch
+    (CVE-2025-3160, boo#1240776, gh#assimp/assimp#6025)
+  * 0001-Potential-use-after-free.patch
+  * 0001-ASE-Use-correct-vertex-container.patch
+    (CVE-2025-3159, boo#1240774, gh#assimp/assimp#6024)
+  * 0001-CMS-Fix-possible-overflow-access.patch
+    (CVE-2025-2592, boo#1239916, gh#assimp/assimp#6010)
+
+-------------------------------------------------------------------
+Fri Dec 27 08:05:57 UTC 2024 - Christophe Marin <christophe@krop.fr>
+
+- Add patches:
+  * 0001-Fix-leak-5762.patch
+  * CVE-2024-48423.patch (boo#1232322, CVE-2024-48423)
+  * CVE-2024-48424.patch (boo#1232323, CVE-2024-48424)
+  * CVE-2024-53425.patch (boo#1233633, CVE-2024-53425)
+
+-------------------------------------------------------------------
+Wed Oct 30 09:42:38 UTC 2024 - Christophe Marin <christophe@krop.fr>
+
+- Add upstream change (boo#1232324, CVE-2024-48425)
+  * 0001-SplitLargeMeshes-Fix-crash-5799.patch
+
 -------------------------------------------------------------------
 Tue Sep 10 07:32:23 UTC 2024 - Christophe Marin <christophe@krop.fr>
 
@@ -50,6 +136,7 @@ Tue Sep 10 07:32:23 UTC 2024 - Christophe Marin <christophe@krop.fr>
   * Fix compile warning
   * Replace raw pointers by std::string
   * Fix potential heapbuffer overflow in md5 parsing
+  * Fixes bsc#1230679, CVE-2024-45679.
 
 -------------------------------------------------------------------
 Thu Jul 11 15:28:24 UTC 2024 - Dirk Müller <dmueller@suse.com>

assimp.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package assimp
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,19 +16,18 @@
 #
 
 
-%define sover 5
+%define sover 6
 Name:           assimp
-Version:        5.4.3
+Version:        6.0.2
 Release:        0
 Summary:        Library to load and process 3D scenes from various data formats
 License:        BSD-3-Clause AND MIT
-Group:          Development/Libraries/C and C++
 URL:            https://github.com/assimp/assimp
 Source0:        %{name}-%{version}.tar.xz
+# PATCH-FIX-UPSTREAM -- don't reject 'find_package(assimp 5)' calls
+Patch0:         0001-Accept-find_package-Assimp-5.x-calls.patch
 BuildRequires:  cmake >= 3.22
-BuildRequires:  dos2unix
 BuildRequires:  gcc-c++
-BuildRequires:  irrlicht-devel
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(minizip)
 BuildRequires:  pkgconfig(zlib)
@@ -42,7 +41,6 @@ engine-specific format for easy and fast every-day-loading.
 
 %package -n libassimp%{sover}
 Summary:        Library to load and process 3D scenes from various data formats
-Group:          System/Libraries
 
 %description -n libassimp%{sover}
 Assimp is a library to load and process geometric scenes from various data formats.
@@ -53,7 +51,6 @@ engine-specific format for easy and fast every-day-loading.
 
 %package devel
 Summary:        Headers, docs and command-line utility for assimp
-Group:          Development/Libraries/C and C++
 Requires:       glibc-devel
 Requires:       libassimp%{sover} = %{version}
 Requires:       libstdc++-devel
@@ -111,6 +108,7 @@ gtest_filter="${gtest_filter}:utMD5Importer.importBoarMan"
 gtest_filter="${gtest_filter}:utMD5Importer.importBob"
 gtest_filter="${gtest_filter}:utPMXImporter.importTest"
 gtest_filter="${gtest_filter}:utQ3BSPImportExport.importerTest"
+gtest_filter="${gtest_filter}:utX3DImportExport.importX3DChevyTahoe"
 gtest_filter="${gtest_filter}:utXImporter.importDwarf"
 
 %ifnarch x86_64
@@ -131,7 +129,7 @@ popd
 
 %files -n lib%{name}%{sover}
 %license LICENSE
-%{_libdir}/libassimp.so.%{sover}*
+%{_libdir}/libassimp.so.*
 
 %files devel
 %doc CHANGES CREDITS