Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package shapelib for openSUSE:Factory checked in at 2022-02-21 17:46:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shapelib (Old) and /work/SRC/openSUSE:Factory/.shapelib.new.1958 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shapelib" Mon Feb 21 17:46:47 2022 rev:4 rq:956385 version:1.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/shapelib/shapelib.changes 2019-04-04 12:08:31.141377159 +0200 +++ /work/SRC/openSUSE:Factory/.shapelib.new.1958/shapelib.changes 2022-02-21 17:48:58.055636308 +0100 @@ -1,0 +2,5 @@ +Mon Feb 21 11:01:12 UTC 2022 - Dirk Stoecker <[email protected]> + +- fix CVE-2022-0699, patch c75b9281a5b9452d92e1682bdfe6019a13ed819f.diff + +------------------------------------------------------------------- New: ---- c75b9281a5b9452d92e1682bdfe6019a13ed819f.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shapelib.spec ++++++ --- /var/tmp/diff_new_pack.0YRX8J/_old 2022-02-21 17:48:58.523636448 +0100 +++ /var/tmp/diff_new_pack.0YRX8J/_new 2022-02-21 17:48:58.531636450 +0100 @@ -1,7 +1,7 @@ # # spec file for package shapelib # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -21,13 +21,15 @@ Version: 1.5.0 Release: 0 Summary: Library for ESRI Shapefile Handling -License: (LGPL-2.0-or-later OR MIT) AND GPL-2.0-or-later AND SUSE-Public-Domain +License: GPL-2.0-or-later AND (LGPL-2.0-or-later OR MIT) AND SUSE-Public-Domain Group: Productivity/Graphics/Other URL: http://shapelib.maptools.org/ Source0: http://download.osgeo.org/shapelib/%{name}-%{version}.tar.gz # PATCH-FIX-UPSTREAM rpmlint-errors.patch -- Fix some of the rpmlint errors # to get package acceptable to Factory Patch0: rpmlint-errors.patch +# PATCH-Fix-UPSTREAM double free, CVE-2022-0699, https://github.com/OSGeo/shapelib/issues/39 +Patch1: https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f.diff BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: pkgconfig @@ -68,6 +70,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 # Fix rpmlint warning "wrong-file-end-of-line-encoding" sed -i 's/\r$//' contrib/doc/shpsort.txt ++++++ c75b9281a5b9452d92e1682bdfe6019a13ed819f.diff ++++++ diff --git a/contrib/shpsort.c b/contrib/shpsort.c index e21e9e0..920cd8c 100644 --- a/contrib/shpsort.c +++ b/contrib/shpsort.c @@ -113,7 +113,6 @@ static char ** split(const char *arg, const char *delim) { free(result[--i]); } free(result); - free(copy); return NULL; } result = tmp;
