packages/assimp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!62 Fix CVE-2025-2151

Browse Source 
From: @wk333 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
This commit is contained in:
openeuler-ci-bot 2025-03-20 06:11:44 +00:00 committed by Gitee
commit 99d4d5360a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2025-2151.patch Normal file
View File

@ -0,0 +1,32 @@
From d2c6e64a1122884570caf4aaa589d810f5351f28 Mon Sep 17 00:00:00 2001
From: Kim Kulling <kimkulling@users.noreply.github.com>
Date: Thu, 13 Mar 2025 10:17:43 +0100
Subject: [PATCH] Fix: Avoid override in line parsing (#6048)
Origin: https://github.com/assimp/assimp/commit/d2c6e64a1122884570caf4aaa589d810f5351f28
* Fix: Avoid override in line parsing
- closes https://github.com/assimp/assimp/issues/6026
* Update ParsingUtils.h
---
code/ParsingUtils.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/code/ParsingUtils.h b/code/ParsingUtils.h
index 2371ee6..1617112 100644
--- a/code/ParsingUtils.h
+++ b/code/ParsingUtils.h
@@ -184,7 +184,7 @@ AI_FORCE_INLINE bool GetNextLine( const char_t*& buffer, char_t out[ BufferSize
}
*_out = (char_t)'\0';
- while( IsLineEnd( *buffer ) && '\0' != *buffer ) {
+ while( IsLineEnd( *buffer ) && '\0' != *buffer && buffer != end) {
++buffer;
}
--
2.33.0

6
assimp.spec
View File

@ -1,6 +1,6 @@
Name: assimp Name: assimp
Version: 3.3.1 Version: 3.3.1
Release: 21 Release: 22
Summary: Library to load and process various 3D model formats into applications. Summary: Library to load and process various 3D model formats into applications.
License: BSD and MIT License: BSD and MIT
URL: http://assimp.sourceforge.net URL: http://assimp.sourceforge.net
@ -14,6 +14,7 @@ Patch0006: 0001-Morph-animation-support-for-collada.patch
Patch0007: 0001-Enable-doxygen-been-properly-used-from-cmake-build-a.patch Patch0007: 0001-Enable-doxygen-been-properly-used-from-cmake-build-a.patch
Patch0008: 0001-Apply-mechanism-to-decide-use-for-IrrXML-external-or.patch Patch0008: 0001-Apply-mechanism-to-decide-use-for-IrrXML-external-or.patch
Patch0009: CVE-2024-48425.patch Patch0009: CVE-2024-48425.patch
Patch0010: CVE-2025-2151.patch
BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel
BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zzip-zlib-config) BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zzip-zlib-config)
BuildRequires: pkgconfig(zlib) pkgconfig(minizip) pkgconfig(python2) python2-rpm-macros BuildRequires: pkgconfig(zlib) pkgconfig(minizip) pkgconfig(python2) python2-rpm-macros
@ -117,6 +118,9 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass
%{python3_sitelib}/pyassimp %{python3_sitelib}/pyassimp
%changelog %changelog
* Thu Mar 20 2025 wangkai <13474090681@163.com> - 3.3.1-22
- Fix CVE-2025-2151
* Sat Oct 26 2024 liningjie <liningjie@xfusion.com> - 3.3.1-21 * Sat Oct 26 2024 liningjie <liningjie@xfusion.com> - 3.3.1-21
- Fix CVE-2024-48425 - Fix CVE-2024-48425