Hello community,
here is the log from the commit of package libredwg.11811 for
openSUSE:Leap:15.1:Update checked in at 2020-01-23 00:11:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.1:Update/libredwg.11811 (Old)
and /work/SRC/openSUSE:Leap:15.1:Update/.libredwg.11811.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libredwg.11811"
Thu Jan 23 00:11:42 2020 rev:1 rq:765357 version:0.10
Changes:
--------
New Changes file:
--- /dev/null 2019-12-19 10:12:34.003146842 +0100
+++
/work/SRC/openSUSE:Leap:15.1:Update/.libredwg.11811.new.26092/libredwg.changes
2020-01-23 00:11:42.715125893 +0100
@@ -0,0 +1,121 @@
+Thu Jan 9 13:22:34 UTC 2020 - Jan Engelhardt <[email protected]>
+
+- Update to release 0.10
+ * API breaking changes:
+ * Added a new int *isnewp argument to all dynapi utf8text
+ getters, if the returned string is freshly malloced or not.
+ * removed the UNKNOWN supertype, there are only UNKNOWN_OBJ and
+ UNKNOWN_ENT left, with common_entity_data.
+ * renamed BLOCK_HEADER.preview_data to preview,
+ preview_data_size to preview_size.
+ * renamed SHAPE.shape_no to style_id.
+ * renamed CLASS.wasazombie to is_zombie.
+ * Bugfixes:
+ * Harmonized INDXFB with INDXF, removed extra src/in_dxfb.c.
+ * Fixed encoding of added r2000 AUXHEADER address.
+ * Fixed EED encoding from dwgrewrite.
+ * Add several checks against
+ [CVE-2020-6609, boo#1160520], [CVE-2020-6610, boo#1160522],
+ [CVE-2020-6611, boo#1160523], [CVE-2020-6612, boo#1160524],
+ [CVE-2020-6613, boo#1160525], [CVE-2020-6614, boo#1160526],
+ [CVE-2020-6615, boo#1160527]
+
+-------------------------------------------------------------------
+Sun Dec 29 20:45:54 UTC 2019 - Jan Engelhardt <[email protected]>
+
+- Update to release 0.9.3
+ * Added the -x,--extnames option to dwglayers for r13-r14 DWGs.
+ * Fixed some leaks: SORTENTSTABLE, PROXY_ENTITY.ownerhandle
+ for r13.
+ * Add DICTIONARY.itemhandles[] for r13 and r14.
+ * Fixed some dwglayers null pointer derefs, and flush its output
+ for each layer.
+ * Added several overflow checks from fuzzing
+ [CVE-2019-20010, boo#1159825], [CVE-2019-20011, boo#1159826],
+ [CVE-2019-20012, boo#1159827], [CVE-2019-20013, boo#1159828],
+ [CVE-2019-20014, boo#1159831], [CVE-2019-20015, boo#1159832]
+ * Disallow illegal SPLINE scenarios
+ [CVE-2019-20009, boo#1159824]
+
+-------------------------------------------------------------------
+Wed Oct 30 14:46:09 UTC 2019 - Jan Engelhardt <[email protected]>
+
+- Update to release 0.9.1
+ * Fixed more null pointer dereferences, overflows, hangs and
+ memory leaks for fuzzed (i.e. illegal) DWGs.
+- Update to release 0.9 [boo#1154080]
+ * Added the DXF importer, using the new dynapi and the r2000
+ encoder. Only for r2000 DXFs.
+ * Added utf8text conversion functions to the dynapi.
+ * Added 3DSOLID encoder.
+ * Added APIs to find handles for names, searching in tables
+ and dicts.
+ * API breaking changes - see NEWS file in package.
+ * Fixed null pointer dereferences, and memory leaks (except DXF
+ importer)
+ [boo#1129868, CVE-2019-9779]
+ [boo#1129869, CVE-2019-9778]
+ [boo#1129870, CVE-2019-9777]
+ [boo#1129873, CVE-2019-9776]
+ [boo#1129874, CVE-2019-9773]
+ [boo#1129875, CVE-2019-9772]
+ [boo#1129876, CVE-2019-9771]
+ [boo#1129878, CVE-2019-9775]
+ [boo#1129879, CVE-2019-9774]
+ [boo#1129881, CVE-2019-9770]
+
+-------------------------------------------------------------------
+Thu Aug 1 11:00:01 UTC 2019 - Andreas Stieger <[email protected]>
+
+- update to 0.8:
+ * add a new dynamic API, read and write all header and object
+ fields by name
+ * API breaking changes
+ * Fix many errors in DXF output
+ * Fix JSON output
+ * Many more bug fixes to handle specific object types
+
+-------------------------------------------------------------------
+Mon Dec 10 09:49:22 UTC 2018 - [email protected]
+
+- update to 0.7:
+ * add API to retrieve all objects in a DWG
+ * various API breaking changes
+ * Various fixes for memory leaks and double free and other issues
+
+-------------------------------------------------------------------
+Sat Nov 10 12:26:48 UTC 2018 - [email protected]
+
+- update to 0.6.2:
+ * Improved handling of DWG files found in the wild
+
+-------------------------------------------------------------------
+Tue Aug 14 07:18:39 UTC 2018 - [email protected]
+
+- update to 0.6:
+ * API breaking changes:
+ + Removed dwg_obj_proxy_get_reactors(), use dwg_obj_get_reactors() instead.
+ + Renamed SORTENTSTABLE.owner_handle to SORTENTSTABLE.owner_dict.
+ + Renamed all -as-rNNNN program options to --as-rNNNN.
+ * a number of bug fixes, correctness fixes and memory leak fixes
+ * Add support for more DWG objects
+ * Add pkg-config file
+- drop patches (upstream): CVE-2018-14524.patch, CVE-2018-14471.patch
+
+-------------------------------------------------------------------
+Thu Aug 9 09:34:20 UTC 2018 - [email protected]
+
+- CVE-2018-14524: double free (boo#1102702)
+ add CVE-2018-14524.patch
+- CVE-2018-14471: NULL pointer dereference DoS (boo#1102696)
+ add CVE-2018-14471.patch
+
+-------------------------------------------------------------------
+Sat Jul 14 10:00:58 UTC 2018 - [email protected]
+
+- Trim redundant wording and future aims.
+
+-------------------------------------------------------------------
+Tue Jul 10 09:46:52 UTC 2018 - [email protected]
+
+- initial version (0.5)
New:
----
libredwg-0.10.tar.xz
libredwg-0.10.tar.xz.sig
libredwg-rpmlintrc
libredwg.changes
libredwg.keyring
libredwg.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libredwg.spec ++++++
#
# spec file for package libredwg
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: libredwg
%define lname libredwg0
Version: 0.10
Release: 0
Summary: A library to handle DWG files
License: GPL-3.0-or-later
Group: Development/Libraries/C and C++
URL: https://www.gnu.org/software/libredwg/
#Git-Clone: https://github.com/LibreDWG/libredwg/
Source: https://ftp.gnu.org/pub/gnu/libredwg/%name-%version.tar.xz
Source2: https://ftp.gnu.org/pub/gnu/libredwg/%name-%version.tar.xz.sig
Source3:
http://savannah.gnu.org/people/viewgpg.php?user_id=101103#/%name.keyring
Source4: %name-rpmlintrc
BuildRequires: pkg-config
%description
GNU LibreDWG is a C library to handle DWG files. It can replace the
OpenDWG libraries. DWG is the native file format of AutoCAD.
%package tools
Summary: Command line utilities for handling DWG file
Group: Productivity/File utilities
Requires(post): %install_info_prereq
Requires(preun): %install_info_prereq
# Both packages ship a %_bindir/dwg2dxf
Conflicts: libdxfrw-tools
%description tools
GNU LibreDWG is a C library to handle DWG files. It can replace the
OpenDWG libraries. DWG is the native file format of AutoCAD.
This package contains some command line utilities using this library.
%package devel
Summary: Development files for libredwg
Group: Development/Libraries/C and C++
Requires: %lname = %version
%description devel
GNU LibreDWG is a C library to handle DWG files. It can replace the
OpenDWG libraries. DWG is the native file format of AutoCAD.
This package contains the files required for development with libredwg.
%package -n %lname
Summary: A library to handle DWG files
Group: System/Libraries
%description -n %lname
GNU LibreDWG is a C library to handle DWG files. It can replace the
OpenDWG libraries. DWG is the native file format of AutoCAD.
%prep
%autosetup -p1
%build
# No management of SO version despite ABI breaking changes:
# Force-add some symvers so RPM can produce meaningful deps.
echo 'V_%version { global: *; };' >src/sv.sym
%configure \
--disable-static
make %{?_smp_mflags} libredwg_la_LDFLAGS=-Wl,-version-script,sv.sym
libredwg_la_LIBADD=-lm
%install
%make_install
find "%buildroot" -type f -name "*.la" -delete -print
%post tools
%install_info --info-dir="%_infodir" "%_infodir/LibreDWG.info.gz"
%preun tools
%install_info_delete --info-dir="%_infodir" "%_infodir/LibreDWG.info.gz"
%post -n %lname -p /sbin/ldconfig
%postun -n %lname -p /sbin/ldconfig
%files tools
%license COPYING
%_bindir/dwg*
%_bindir/dxf*
%_mandir/man?/*.1%{?ext_man}
%_infodir/LibreDWG.info%{?ext_info}
%files devel
%license COPYING
%doc AUTHORS ChangeLog NEWS README TODO
%_includedir/*.h
%_libdir/libredwg.so
%_libdir/pkgconfig/libredwg.pc
%files -n %lname
%license COPYING
%_libdir/*.so.*
%changelog
++++++ libredwg-rpmlintrc ++++++
# the library tries to be smart with the libre prefix
addFilter("shlib-policy-missing-lib.*")
addFilter("shlib-policy-name-error .*libredwg0")
