From a848c4676dcb7f5a4f153fdeb8fac8f41b4ac9a6e3b91dde6b7434c82daaf321 Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Tue, 14 Aug 2018 07:31:51 +0000 Subject: [PATCH] Accepting request 629184 from home:AndreasStieger:branches:devel:libraries:c_c++ libredwg 0.6 OBS-URL: https://build.opensuse.org/request/show/629184 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libredwg?expand=0&rev=9 --- CVE-2018-14471.patch | 29 ---------------------- CVE-2018-14524.patch | 55 ----------------------------------------- libredwg-0.5.tar.xz | 3 --- libredwg-0.5.tar.xz.sig | 11 --------- libredwg-0.6.tar.xz | 3 +++ libredwg-0.6.tar.xz.sig | 11 +++++++++ libredwg.changes | 13 ++++++++++ libredwg.spec | 8 +++--- 8 files changed, 30 insertions(+), 103 deletions(-) delete mode 100644 CVE-2018-14471.patch delete mode 100644 CVE-2018-14524.patch delete mode 100644 libredwg-0.5.tar.xz delete mode 100644 libredwg-0.5.tar.xz.sig create mode 100644 libredwg-0.6.tar.xz create mode 100644 libredwg-0.6.tar.xz.sig diff --git a/CVE-2018-14471.patch b/CVE-2018-14471.patch deleted file mode 100644 index 922fe4e..0000000 --- a/CVE-2018-14471.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 7bb6307da56c753b962de127a43ebde3e621ecbb Mon Sep 17 00:00:00 2001 -From: Reini Urban -Date: Fri, 20 Jul 2018 22:29:51 +0200 -Subject: [PATCH] protect dwg_obj_block_control_get_block_headers - -from empty ctrl->block_headers. Fixes [GH #32] ---- - src/dwg_api.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/dwg_api.c b/src/dwg_api.c -index f44f6207..82776188 100644 ---- a/src/dwg_api.c -+++ b/src/dwg_api.c -@@ -17888,7 +17888,13 @@ dwg_obj_block_control_get_block_headers(const dwg_obj_block_control *restrict ct - { - dwg_object_ref **ptx = (dwg_object_ref**) - malloc(ctrl->num_entries * sizeof(Dwg_Object_Ref *)); -- if (ptx) -+ if (ctrl->num_entries && !ctrl->block_headers) -+ { -+ *error = 1; -+ LOG_ERROR("%s: null block_headers", __FUNCTION__); -+ return NULL; -+ } -+ else if (ptx) - { - BITCODE_BS i; - *error = 0; diff --git a/CVE-2018-14524.patch b/CVE-2018-14524.patch deleted file mode 100644 index cd543ae..0000000 --- a/CVE-2018-14524.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 9a8b9fb49108bab5d12f3353292f8fd8ea12898f Mon Sep 17 00:00:00 2001 -From: Reini Urban -Date: Mon, 23 Jul 2018 15:22:08 +0200 -Subject: [PATCH] free: improve eed double-free - -Fixes [GH #33], detected by jinyu00 ---- - src/decode.c | 2 ++ - src/free.c | 6 ++---- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/decode.c b/src/decode.c -index 74668403..fb09f11a 100644 ---- a/src/decode.c -+++ b/src/decode.c -@@ -2309,6 +2309,7 @@ dwg_decode_eed(Bit_Chain * dat, Dwg_Object_Object * obj) - LOG_ERROR("No EED[%d].handle", idx); - obj->num_eed = 0; - free(obj->eed); -+ obj->eed = NULL; - return error; - } else { - end = dat->byte + size; -@@ -2372,6 +2373,7 @@ dwg_decode_eed(Bit_Chain * dat, Dwg_Object_Object * obj) - free(obj->eed[idx].raw); - free(obj->eed[idx].data); - free(obj->eed); -+ obj->eed = NULL; - dat->byte = end; - return DWG_ERR_VALUEOUTOFBOUNDS; /* may not continue */ - #endif -diff --git a/src/free.c b/src/free.c -index ce6940e7..65fb3f9e 100644 ---- a/src/free.c -+++ b/src/free.c -@@ -267,8 +267,7 @@ dwg_free_eed(Dwg_Object* obj) - for (i=0; i < _obj->num_eed; i++) { - if (_obj->eed[i].size) - FREE_IF(_obj->eed[i].raw); -- if (_obj->eed[i].data) -- FREE_IF(_obj->eed[i].data); -+ FREE_IF(_obj->eed[i].data); - } - FREE_IF(_obj->eed); - } -@@ -277,8 +276,7 @@ dwg_free_eed(Dwg_Object* obj) - for (i=0; i < _obj->num_eed; i++) { - if (_obj->eed[i].size) - FREE_IF(_obj->eed[i].raw); -- if (_obj->eed[i].data) -- FREE_IF(_obj->eed[i].data); -+ FREE_IF(_obj->eed[i].data); - } - FREE_IF(_obj->eed); - } diff --git a/libredwg-0.5.tar.xz b/libredwg-0.5.tar.xz deleted file mode 100644 index 082cbeb..0000000 --- a/libredwg-0.5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fd7b6d029ec1c974afcb72c0849785db0451d4ef148e03ca4a6c4a4221b479c0 -size 3488920 diff --git a/libredwg-0.5.tar.xz.sig b/libredwg-0.5.tar.xz.sig deleted file mode 100644 index d609599..0000000 --- a/libredwg-0.5.tar.xz.sig +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEKJWogdNCcPq/6PdHtPYzOeZdZBQFAls9OS8ACgkQtPYzOeZd -ZBSgSQgAkXx8zcCj4/H2KJoct/Q/PW0o/2auaXsd6qHBLnnVEQ0xx/AlF5EGZp1J -pxxzdpNxLLbzWgVontVSk8UCEaVHuWQJ6IicMiDzTYqr6di0jrH6r87fEiO/LXrJ -Kk29Ac/OyP5yDqbzyhm5MUEOBQ6oXugGXqNzsg0eVBeLlmDRhyiKXgsSKNiytHtx -9zKD4jwv3BTkkOZARIgt3XY+PVBVXYe8ccJQ2Ez95urL65d7FDT649pUWTqgM3lG -/jkenPRW3A+GF5+s9D48gy+JIYoMGkiF1XzttL6fvkYC9jIv95ogZ0+C4z5aZvqj -BpI3E0wCiESSoDlf5ThtD56T7eDqXA== -=gFzc ------END PGP SIGNATURE----- diff --git a/libredwg-0.6.tar.xz b/libredwg-0.6.tar.xz new file mode 100644 index 0000000..f50bda6 --- /dev/null +++ b/libredwg-0.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6d525ca849496852f62ad6a11b7b801d0aafd1fa1366c45bdb0f11a90bd6f878 +size 3608836 diff --git a/libredwg-0.6.tar.xz.sig b/libredwg-0.6.tar.xz.sig new file mode 100644 index 0000000..9e59b0e --- /dev/null +++ b/libredwg-0.6.tar.xz.sig @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEKJWogdNCcPq/6PdHtPYzOeZdZBQFAltxUjUACgkQtPYzOeZd +ZBQZSgf8CR1bPWJ68mksWXscmL1Dp4K1uA33obMcSYeHilYcXXwTTynXcfgMEAGI +djjwJkjE4W8UWUpfICYA9NhhrXS6dMsEnXIepmT4DzCVCA5zsyOYvhVidpKG5zBj +t9B7DSuisHjERe63ff1qQnBhWz6CZQNH5rtCucmOOggi6F++630si/mD2maJ+2uw +R3s5du2MUiV8VWo4kQo9jsJRlHJ/AcEyVNk+h39Fd6ORQl2nV+aRUEQYN99fbuUl +1L17w4zkC+u4vD4axGoh01LWpoZGc/yBiSZiEgmA9t7OJYEtZanZ2g6axZmvaRpO +aFLyFEeMbRLx6nB9nW85gMgQtgahtg== +=8CUy +-----END PGP SIGNATURE----- diff --git a/libredwg.changes b/libredwg.changes index 5c0a35e..266ee5b 100644 --- a/libredwg.changes +++ b/libredwg.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Aug 14 07:18:39 UTC 2018 - astieger@suse.com + +- update to 0.6: + * API breaking changes: + + Removed dwg_obj_proxy_get_reactors(), use dwg_obj_get_reactors() instead. + + Renamed SORTENTSTABLE.owner_handle to SORTENTSTABLE.owner_dict. + + Renamed all -as-rNNNN program options to --as-rNNNN. + * a number of bug fixes, correctness fixes and memory leak fixes + * Add support for more DWG objects + * Add pkg-config file +- drop patches (upstream): CVE-2018-14524.patch, CVE-2018-14471.patch + ------------------------------------------------------------------- Thu Aug 9 09:34:20 UTC 2018 - astieger@suse.com diff --git a/libredwg.spec b/libredwg.spec index e0d7671..0d68597 100644 --- a/libredwg.spec +++ b/libredwg.spec @@ -17,7 +17,7 @@ Name: libredwg -Version: 0.5 +Version: 0.6 Release: 0 Summary: A library to handle DWG files License: GPL-3.0-or-later @@ -27,8 +27,7 @@ Source: https://ftp.gnu.org/pub/gnu/%{name}/%{name}-%{version}.tar.xz Source2: https://ftp.gnu.org/pub/gnu/%{name}/%{name}-%{version}.tar.xz.sig Source3: http://savannah.gnu.org/people/viewgpg.php?user_id=101103#/%{name}.keyring Source4: %{name}-rpmlintrc -Patch0: CVE-2018-14471.patch -Patch1: CVE-2018-14524.patch +BuildRequires: pkgconfig %description GNU LibreDWG is a C library to handle DWG files. It can replace the @@ -69,8 +68,6 @@ OpenDWG libraries. DWG is the native file format of AutoCAD. %prep %setup -q -%patch0 -p1 -%patch1 -p1 %build %configure \ @@ -101,6 +98,7 @@ find %{buildroot} -type f -name "*.la" -delete -print %doc AUTHORS ChangeLog README README-alpha TODO %{_includedir}/*.h %{_libdir}/libredwg.so +%{_libdir}/pkgconfig/libredwg.pc %files -n %{name}0 %license COPYING