Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package librttopo for openSUSE:Factory checked in at 2022-07-06 15:41:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/librttopo (Old) and /work/SRC/openSUSE:Factory/.librttopo.new.1548 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "librttopo" Wed Jul 6 15:41:52 2022 rev:2 rq:986876 version:1.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/librttopo/librttopo.changes 2021-08-31 19:56:07.557994576 +0200 +++ /work/SRC/openSUSE:Factory/.librttopo.new.1548/librttopo.changes 2022-07-06 15:42:04.922524519 +0200 @@ -1,0 +2,10 @@ +Tue Jul 5 13:25:15 UTC 2022 - Bruno Friedmann <br...@ioda-net.ch> + +- Fix boo#1201215 VUL-0: CVE-2017-18359: librttopo: + denial of service in rtgeom_to_x3d3() + by adding upstream patches + + 2a9cc526.patch + + 41.patch +- Update copyright year + +------------------------------------------------------------------- New: ---- 2a9cc526.patch 41.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ librttopo.spec ++++++ --- /var/tmp/diff_new_pack.OAtLVx/_old 2022-07-06 15:42:05.446525291 +0200 +++ /var/tmp/diff_new_pack.OAtLVx/_new 2022-07-06 15:42:05.450525298 +0200 @@ -1,7 +1,7 @@ # # spec file for package librttopo # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,17 +25,19 @@ License: GPL-2.0-or-later URL: https://git.osgeo.org/gitea/rttopo/librttopo Source: https://git.osgeo.org/gitea/rttopo/librttopo/archive/%{name}-%{version}.tar.gz -BuildRequires: fdupes +Patch0: https://git.osgeo.org/gitea/rttopo/librttopo/commit/2a9cc526.patch +Patch1: https://git.osgeo.org/gitea/rttopo/librttopo/pulls/41.patch BuildRequires: autoconf BuildRequires: automake -BuildRequires: libtool +BuildRequires: fdupes BuildRequires: gcc-c++ +BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: sqlite-devel >= 3.7.3 -BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(geos) -BuildRequires: pkgconfig(proj) +BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(minizip) +BuildRequires: pkgconfig(proj) BuildRequires: pkgconfig(zlib) %description @@ -71,6 +73,7 @@ %prep %setup -q -n %{name} +%autopatch -p1 ./autogen.sh %build ++++++ 2a9cc526.patch ++++++ >From 2a9cc526b1da8ea58422ed0158f57dabd82c498d Mon Sep 17 00:00:00 2001 From: Andrea Peri <aperi2...@gmail.com> Date: Fri, 31 Dec 2021 14:56:36 +0000 Subject: [PATCH] apply patch postgis https://trac.osgeo.org/postgis/changeset/15444 --- src/rtout_x3d.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/rtout_x3d.c b/src/rtout_x3d.c index 3dad3ab..0165bf2 100644 --- a/src/rtout_x3d.c +++ b/src/rtout_x3d.c @@ -63,6 +63,20 @@ rtgeom_to_x3d3(const RTCTX *ctx, const RTGEOM *geom, char *srs, int precision, i { int type = geom->type; +/* apply patch postgis: https://trac.osgeo.org/postgis/changeset/15444 */ +/* https://trac.osgeo.org/postgis/ticket/3704 */ + +/* Empty string for empties */ + if( lwgeom_is_empty(geom) ) + { + char *ret = NULL; + ret = lwalloc(1); + ret[0] = '\0'; + return ret; + } + +/* end patch */ + switch (type) { case RTPOINTTYPE: ++++++ 41.patch ++++++ >From 1b5c6df4d01891c28c222655541fc483b4ee7aa5 Mon Sep 17 00:00:00 2001 From: jmckenna <jmcke...@gatewaygeomatics.com> Date: Thu, 24 Feb 2022 13:10:10 -0400 Subject: [PATCH] fix security patch --- src/rtout_x3d.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/rtout_x3d.c b/src/rtout_x3d.c index 4d4c130..f6bbee2 100644 --- a/src/rtout_x3d.c +++ b/src/rtout_x3d.c @@ -67,10 +67,10 @@ rtgeom_to_x3d3(const RTCTX *ctx, const RTGEOM *geom, char *srs, int precision, i /* https://trac.osgeo.org/postgis/ticket/3704 */ /* Empty string for empties */ - if( lwgeom_is_empty(geom) ) + if( rtgeom_is_empty(ctx, geom) ) { char *ret = NULL; - ret = lwalloc(1); + ret = rtalloc(ctx, 1); ret[0] = '\0'; return ret; } -- 2.20.1
