Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package assimp for openSUSE:Factory checked in at 2025-06-03 17:51:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/assimp (Old) and /work/SRC/openSUSE:Factory/.assimp.new.16005 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "assimp" Tue Jun 3 17:51:14 2025 rev:33 rq:1282033 version:6.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/assimp/assimp.changes 2025-04-02 17:10:32.242236709 +0200 +++ /work/SRC/openSUSE:Factory/.assimp.new.16005/assimp.changes 2025-06-03 17:51:32.740644147 +0200 @@ -1,0 +2,27 @@ +Sun Jun 1 08:08:00 UTC 2025 - Christophe Marin <christo...@krop.fr> + +- Update to 6.0.1. Too many changes, check + https://github.com/assimp/assimp/releases/tag/v6.0.0 for the + full list. + * Fixes CVE-2025-3196, boo#1240775 + * Fixes CVE-2024-48426, boo#1232325 + * Fixes CVE-2025-2152, boo#1239221 +- Drop patches, merged upstream: + * 0001-SplitLargeMeshes-Fix-crash-5799.patch + * 0001-Fix-leak-5762.patch + * CVE-2024-48423.patch + * CVE-2024-48424.patch + * CVE-2024-53425.patch + * 0001-ASE-Fix-possible-out-of-bound-access.patch + * 0001-MDL-Limit-max-texture-sizes.patch + * 0001-MDL-Fix-overflow-check.patch + * CVE-2025-2151.patch + * 0001-Bugfix-Fix-possible-nullptr-dereferencing.patch + * 0001-Potential-use-after-free.patch + * 0001-ASE-Use-correct-vertex-container.patch + * 0001-CMS-Fix-possible-overflow-access.patch + * 0001-NDO-Fix-possible-overflow-access.patch +- Add patch: + * 0001-Accept-find_package-Assimp-5.x-calls.patch + +------------------------------------------------------------------- @@ -18 +45 @@ - (gh#assimp/assimp#6025) + (CVE-2025-3160, boo#1240776, gh#assimp/assimp#6025) @@ -21 +48 @@ - (gh#assimp/assimp#6024) + (CVE-2025-3159, boo#1240774, gh#assimp/assimp#6024) Old: ---- 0001-ASE-Fix-possible-out-of-bound-access.patch 0001-ASE-Use-correct-vertex-container.patch 0001-Bugfix-Fix-possible-nullptr-dereferencing.patch 0001-CMS-Fix-possible-overflow-access.patch 0001-Fix-leak-5762.patch 0001-MDL-Fix-overflow-check.patch 0001-MDL-Limit-max-texture-sizes.patch 0001-NDO-Fix-possible-overflow-access.patch 0001-Potential-use-after-free.patch 0001-SplitLargeMeshes-Fix-crash-5799.patch CVE-2024-48423.patch CVE-2024-48424.patch CVE-2024-53425.patch CVE-2025-2151.patch assimp-5.4.3.tar.xz New: ---- 0001-Accept-find_package-Assimp-5.x-calls.patch assimp-6.0.1.tar.xz BETA DEBUG BEGIN: Old: * CVE-2024-53425.patch * 0001-ASE-Fix-possible-out-of-bound-access.patch * 0001-MDL-Limit-max-texture-sizes.patch Old: * 0001-Potential-use-after-free.patch * 0001-ASE-Use-correct-vertex-container.patch * 0001-CMS-Fix-possible-overflow-access.patch Old: * CVE-2025-2151.patch * 0001-Bugfix-Fix-possible-nullptr-dereferencing.patch * 0001-Potential-use-after-free.patch Old: * 0001-ASE-Use-correct-vertex-container.patch * 0001-CMS-Fix-possible-overflow-access.patch * 0001-NDO-Fix-possible-overflow-access.patch Old: * 0001-SplitLargeMeshes-Fix-crash-5799.patch * 0001-Fix-leak-5762.patch * CVE-2024-48423.patch Old: * 0001-MDL-Limit-max-texture-sizes.patch * 0001-MDL-Fix-overflow-check.patch * CVE-2025-2151.patch Old: * 0001-ASE-Fix-possible-out-of-bound-access.patch * 0001-MDL-Limit-max-texture-sizes.patch * 0001-MDL-Fix-overflow-check.patch Old: * 0001-CMS-Fix-possible-overflow-access.patch * 0001-NDO-Fix-possible-overflow-access.patch - Add patch: Old: * 0001-Bugfix-Fix-possible-nullptr-dereferencing.patch * 0001-Potential-use-after-free.patch * 0001-ASE-Use-correct-vertex-container.patch Old:- Drop patches, merged upstream: * 0001-SplitLargeMeshes-Fix-crash-5799.patch * 0001-Fix-leak-5762.patch Old: * 0001-Fix-leak-5762.patch * CVE-2024-48423.patch * CVE-2024-48424.patch Old: * CVE-2024-48423.patch * CVE-2024-48424.patch * CVE-2024-53425.patch Old: * CVE-2024-48424.patch * CVE-2024-53425.patch * 0001-ASE-Fix-possible-out-of-bound-access.patch Old: * 0001-MDL-Fix-overflow-check.patch * CVE-2025-2151.patch * 0001-Bugfix-Fix-possible-nullptr-dereferencing.patch BETA DEBUG END: BETA DEBUG BEGIN: New:- Add patch: * 0001-Accept-find_package-Assimp-5.x-calls.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ assimp.spec ++++++ --- /var/tmp/diff_new_pack.kY9RvY/_old 2025-06-03 17:51:36.468798764 +0200 +++ /var/tmp/diff_new_pack.kY9RvY/_new 2025-06-03 17:51:36.484799428 +0200 @@ -1,7 +1,7 @@ # # spec file for package assimp # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,38 +16,19 @@ # +# https://github.com/assimp/assimp/issues/6204, soversion is still 5 %define sover 5 Name: assimp -Version: 5.4.3 +Version: 6.0.1 Release: 0 Summary: Library to load and process 3D scenes from various data formats License: BSD-3-Clause AND MIT URL: https://github.com/assimp/assimp Source0: %{name}-%{version}.tar.xz -# PATCH-FIX-UPSTREAM -Patch0: 0001-SplitLargeMeshes-Fix-crash-5799.patch -# PATCH-FIX-UPSTREAM -Patch1: 0001-Fix-leak-5762.patch -Patch2: CVE-2024-48423.patch -# PATCH-FIX-UPSTREAM -Patch3: CVE-2024-48424.patch -# PATCH-FIX-UPSTREAM -Patch4: CVE-2024-53425.patch -# Cumulative upstream changes -Patch5: 0001-ASE-Fix-possible-out-of-bound-access.patch -Patch6: 0001-MDL-Limit-max-texture-sizes.patch -Patch7: 0001-MDL-Fix-overflow-check.patch -Patch8: CVE-2025-2151.patch -Patch9: 0001-Bugfix-Fix-possible-nullptr-dereferencing.patch -Patch10: 0001-Potential-use-after-free.patch -Patch11: 0001-ASE-Use-correct-vertex-container.patch -Patch12: 0001-CMS-Fix-possible-overflow-access.patch -# PATCH-FIX-UPSTREAM -Patch13: 0001-NDO-Fix-possible-overflow-access.patch +# PATCH-FIX-UPSTREAM -- don't reject 'find_package(assimp 5)' calls +Patch0: 0001-Accept-find_package-Assimp-5.x-calls.patch BuildRequires: cmake >= 3.22 -BuildRequires: dos2unix BuildRequires: gcc-c++ -BuildRequires: irrlicht-devel BuildRequires: pkgconfig BuildRequires: pkgconfig(minizip) BuildRequires: pkgconfig(zlib) @@ -128,6 +109,7 @@ gtest_filter="${gtest_filter}:utMD5Importer.importBob" gtest_filter="${gtest_filter}:utPMXImporter.importTest" gtest_filter="${gtest_filter}:utQ3BSPImportExport.importerTest" +gtest_filter="${gtest_filter}:utX3DImportExport.importX3DChevyTahoe" gtest_filter="${gtest_filter}:utXImporter.importDwarf" %ifnarch x86_64 @@ -148,7 +130,7 @@ %files -n lib%{name}%{sover} %license LICENSE -%{_libdir}/libassimp.so.%{sover}* +%{_libdir}/libassimp.so.* %files devel %doc CHANGES CREDITS ++++++ 0001-Accept-find_package-Assimp-5.x-calls.patch ++++++ >From 97f58ac8d173736ede30a952f34506c55771fe92 Mon Sep 17 00:00:00 2001 From: Christophe Marin <christo...@krop.fr> Date: Mon, 2 Jun 2025 18:02:46 +0200 Subject: [PATCH] Accept find_package(Assimp 5.x) calls With assimp 6.0.x, the library SOVERSION is still 5 and should still be backward compatible --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 7acaf7476..0c103bd7e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -502,7 +502,7 @@ set(INCLUDE_INSTALL_DIR "include") include(CMakePackageConfigHelpers) # Note: PROJECT_VERSION is used as a VERSION -write_basic_package_version_file("${VERSION_CONFIG}" COMPATIBILITY SameMajorVersion) +write_basic_package_version_file("${VERSION_CONFIG}" COMPATIBILITY AnyNewerVersion) configure_package_config_file( ${CMAKE_CONFIG_TEMPLATE_FILE} -- 2.49.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.kY9RvY/_old 2025-06-03 17:51:37.108825308 +0200 +++ /var/tmp/diff_new_pack.kY9RvY/_new 2025-06-03 17:51:37.148826967 +0200 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="disabled"> <param name="scm">git</param> <param name="url">https://github.com/assimp/assimp</param> - <param name="revision">v5.4.3</param> + <param name="revision">v6.0.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <!-- non-OSI media --> ++++++ assimp-5.4.3.tar.xz -> assimp-6.0.1.tar.xz ++++++ /work/SRC/openSUSE:Factory/assimp/assimp-5.4.3.tar.xz /work/SRC/openSUSE:Factory/.assimp.new.16005/assimp-6.0.1.tar.xz differ: char 15, line 1
