Fix CVE-2025-2151
(cherry picked from commit 7720281aa9b3d63bb4c592b9613f476c0bd91e00)
This commit is contained in:
wk333
openeuler-sync-bot
parent
831fad9a52
commit
a43ce9ad4c
29
CVE-2025-2151.patch
Normal file
29
CVE-2025-2151.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From d2c6e64a1122884570caf4aaa589d810f5351f28 Mon Sep 17 00:00:00 2001
|
||||
From: Kim Kulling <kimkulling@users.noreply.github.com>
|
||||
Date: Thu, 13 Mar 2025 10:17:43 +0100
|
||||
Subject: [PATCH] Fix: Avoid override in line parsing (#6048)
|
||||
|
||||
Origin: https://github.com/assimp/assimp/commit/d2c6e64a1122884570caf4aaa589d810f5351f28
|
||||
|
||||
* Fix: Avoid override in line parsing
|
||||
|
||||
- closes https://github.com/assimp/assimp/issues/6026
|
||||
|
||||
* Update ParsingUtils.h
|
||||
---
|
||||
include/assimp/ParsingUtils.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/include/assimp/ParsingUtils.h b/include/assimp/ParsingUtils.h
|
||||
index f5908ee245..9882cf1148 100644
|
||||
--- a/include/assimp/ParsingUtils.h
|
||||
+++ b/include/assimp/ParsingUtils.h
|
||||
@@ -167,7 +167,7 @@ AI_FORCE_INLINE bool GetNextLine(const char_t *&buffer, char_t out[BufferSize])
|
||||
}
|
||||
*_out = (char_t)'\0';
|
||||
|
||||
- while (IsLineEnd(*buffer) && '\0' != *buffer) {
|
||||
+ while (IsLineEnd(*buffer) && '\0' != *buffer && buffer != end) {
|
||||
++buffer;
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: assimp
|
||||
Version: 5.2.4
|
||||
Release: 4
|
||||
Release: 5
|
||||
Summary: Library to load and process various 3D model formats into applications.
|
||||
License: BSD and MIT and LGPL-2.1 and LGPL-2.0 and GPL-2.0 and LGPL-3.0 and GPL-3.0
|
||||
URL: http://www.assimp.org/
|
||||
@ -9,6 +9,7 @@ Patch0001: 0001-Fix-build-with-zlib.patch
|
||||
Patch0002: CVE-2024-40724-Fix-out-of-bound-access-5651.patch
|
||||
Patch0003: CVE-2024-45679.patch
|
||||
Patch0004: CVE-2024-48425.patch
|
||||
Patch0005: CVE-2025-2151.patch
|
||||
|
||||
BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel
|
||||
BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zzip-zlib-config)
|
||||
@ -87,6 +88,9 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass
|
||||
%{python3_sitelib}/pyassimp
|
||||
|
||||
%changelog
|
||||
* Thu Mar 20 2025 wangkai <13474090681@163.com> - 5.2.4-5
|
||||
- Fix CVE-2025-2151
|
||||
|
||||
* Sat Oct 26 2024 liningjie <liningjie@xfusion.com> - 5.2.4-4
|
||||
- Fix CVE-2024-48425
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user