packages/assimp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:be92267e89568367ae2b6b78f4cce6e42e4066bf
Branches Tags
packages:main
...
compare: packages:b66c5d84c919967d480b7d2879b8c2bd034e46aa
Branches Tags
packages:main

10 Commits
be92267e89 ... b66c5d84c9

Author SHA1 Message Date
openeuler-ci-bot
b66c5d84c9
!54 [sync] PR-45: Fix CVE-2024-48425 
From: @openeuler-sync-bot 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
 2024-11-05 01:26:01 +00:00
liningjie
aaeb06ea95 Fix CVE-2024-48425 
(cherry picked from commit 9d21edb49c686d053a84f4e101850dd738193e97)
 2024-11-04 16:02:41 +08:00
openeuler-ci-bot
561bb46f8c
!41 [sync] PR-39: fix CVE-2024-45679 
From: @openeuler-sync-bot 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
 2024-09-19 09:49:38 +00:00
wk333
9194af68f2 fix CVE-2024-45679 
(cherry picked from commit 50af6653b5e7d1dd112722624c6f1b48dd5f68a5)
 2024-09-19 14:23:35 +08:00
openeuler-ci-bot
65868bd122
!34 [sync] PR-29: fix CVE-2024-40724 
From: @openeuler-sync-bot 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
 2024-07-22 09:42:35 +00:00
yinyongkang
729508b205 fix CVE-2024-40724 
(cherry picked from commit 668be84e41799743974066dc4c7f9ce42f7ba1d2)
 2024-07-22 16:14:53 +08:00
openeuler-ci-bot
f4adda733a
!31 [sync] PR-27: Add executable binary file assimp 
From: @openeuler-sync-bot 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
 2024-07-22 08:00:39 +00:00
wang--ge
87fe49da78 add executable binary file assimp 
(cherry picked from commit c99b974f4f0f2e4af15bda3f57ff6119ef10a8de)
 2024-07-22 14:45:19 +08:00
openeuler-ci-bot
d40c34fa0a
!26 update to 5.3.1 
From: @yaqiangchen 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
 2023-10-24 01:57:13 +00:00
yaqiangchen
f5457f96c4 update to 5.3.1 2023-10-23 17:48:32 +08:00
5 changed files with 127 additions and 5 deletions
Show Stats Expand all files Collapse all files

27
CVE-2024-40724-Fix-out-of-bound-access-5651.patch Normal file
View File

@ -0,0 +1,27 @@
From ddb74c2bbdee1565dda667e85f0c82a0588c8053 Mon Sep 17 00:00:00 2001
From: Kim Kulling <kimkulling@users.noreply.github.com>
Date: Wed, 3 Jul 2024 21:37:24 +0200
Subject: [PATCH] Fix out of bound access (#5651)
---
code/AssetLib/Ply/PlyLoader.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/code/AssetLib/Ply/PlyLoader.cpp b/code/AssetLib/Ply/PlyLoader.cpp
index 783c7f1..e109541 100644
--- a/code/AssetLib/Ply/PlyLoader.cpp
+++ b/code/AssetLib/Ply/PlyLoader.cpp
@@ -567,6 +567,10 @@ void PLYImporter::LoadFace(const PLY::Element *pcElement, const PLY::ElementInst
if (mGeneratedMesh->mFaces == nullptr) {
mGeneratedMesh->mNumFaces = pcElement->NumOccur;
mGeneratedMesh->mFaces = new aiFace[mGeneratedMesh->mNumFaces];
+ } else {
+ if (mGeneratedMesh->mNumFaces < pcElement->NumOccur) {
+ throw DeadlyImportError("Invalid .ply file: Too many faces");
+ }
}
if (!bIsTriStrip) {
--
2.41.0

38
CVE-2024-45679.patch Normal file
View File

@ -0,0 +1,38 @@
From e4e2c63e0c2c449cd69fb9a3269e865eb83c241d Mon Sep 17 00:00:00 2001
From: Alexandre Avenel <alexandre.avenel@ls-vr.com>
Date: Sat, 4 Nov 2023 10:28:19 +0100
Subject: [PATCH] Fix heap-buffer overflow in PLY parser
Origin: https://github.com/assimp/assimp/commit/e4e2c63e0c2c449cd69fb9a3269e865eb83c241d
---
code/AssetLib/Ply/PlyParser.cpp | 3 ++-
include/assimp/IOStreamBuffer.h | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/code/AssetLib/Ply/PlyParser.cpp b/code/AssetLib/Ply/PlyParser.cpp
index 6edba71fca..662da805ea 100644
--- a/code/AssetLib/Ply/PlyParser.cpp
+++ b/code/AssetLib/Ply/PlyParser.cpp
@@ -425,7 +425,8 @@ bool PLY::DOM::ParseHeader(IOStreamBuffer<char> &streamBuffer, std::vector<char>
break;
} else {
// ignore unknown header elements
- streamBuffer.getNextLine(buffer);
+ if (!streamBuffer.getNextLine(buffer))
+ return false;
}
}
diff --git a/include/assimp/IOStreamBuffer.h b/include/assimp/IOStreamBuffer.h
index fae480e715..47db35a957 100644
--- a/include/assimp/IOStreamBuffer.h
+++ b/include/assimp/IOStreamBuffer.h
@@ -287,7 +287,7 @@ static AI_FORCE_INLINE bool isEndOfCache(size_t pos, size_t cacheSize) {
template <class T>
AI_FORCE_INLINE bool IOStreamBuffer<T>::getNextLine(std::vector<T> &buffer) {
buffer.resize(m_cacheSize);
- if (isEndOfCache(m_cachePos, m_cacheSize) || 0 == m_filePos) {
+ if (m_cachePos >= m_cacheSize || 0 == m_filePos) {
if (!readNextBlock()) {
return false;
}

29
CVE-2024-48425.patch Normal file
View File

@ -0,0 +1,29 @@
From ecdf8d24b85367b22ba353b4f82299d4af7f1f97 Mon Sep 17 00:00:00 2001
From: Kim Kulling <kimkulling@users.noreply.github.com>
Date: Mon, 7 Oct 2024 10:30:45 +0200
Subject: [PATCH] SplitLargeMeshes: Fix crash (#5799)
- Fix nullptr access when rootnode of the scene is a nullptr. This can happen even if the scene stores any kind of meshes. closes https://github.com/assimp/assimp/issues/5791
---
code/PostProcessing/SplitLargeMeshes.cpp | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/code/PostProcessing/SplitLargeMeshes.cpp b/code/PostProcessing/SplitLargeMeshes.cpp
index 3bee28521..cb9727651 100644
--- a/code/PostProcessing/SplitLargeMeshes.cpp
+++ b/code/PostProcessing/SplitLargeMeshes.cpp
@@ -100,6 +100,11 @@ void SplitLargeMeshesProcess_Triangle::SetupProperties( const Importer* pImp) {
// ------------------------------------------------------------------------------------------------
// Update a node after some meshes have been split
void SplitLargeMeshesProcess_Triangle::UpdateNode(aiNode* pcNode, const std::vector<std::pair<aiMesh*, unsigned int> >& avList) {
+ if (pcNode == nullptr) {
+ ASSIMP_LOG_WARN("UpdateNode skipped, nullptr detected.");
+ return;
+ }
+
// for every index in out list build a new entry
std::vector<unsigned int> aiEntries;
aiEntries.reserve(pcNode->mNumMeshes + 1);
--
2.33.0

BIN
v5.2.5.tar.gz → assimp-5.3.1-free.tar.xz
View File

Binary file not shown.

38
assimp.spec
View File

@ -1,10 +1,21 @@
Name: assimp
Version: 5.2.5
Release: 1
Version: 5.3.1
Release: 5
Summary: Library to load and process various 3D model formats into applications.
License: BSD and MIT and LGPL-2.1 and LGPL-2.0 and GPL-2.0 and LGPL-3.0 and GPL-3.0
URL: http://www.assimp.org/
Source0: https://github.com/assimp/assimp/archive/v%{version}.tar.gz
#wget https://github.com/assimp/assimp/archive/v%{version}.tar.gz
#tar xf v%{version}.tar.gz
#cd assimp-%{version}
#rm -rf test/models-nonbsd
#cd ..
#tar czf assimp-%{version}-free.tar.xz assimp-%{version}
Source0: assimp-%{version}-free.tar.xz
Patch01: CVE-2024-40724-Fix-out-of-bound-access-5651.patch
Patch02: CVE-2024-45679.patch
Patch03: CVE-2024-48425.patch
BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel
BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zziplib)
BuildRequires: pkgconfig(zlib) pkgconfig(minizip) gmock-devel make
@ -46,10 +57,11 @@ Assimp help doc.
%prep
%autosetup -n assimp-%{version} -p1
sed -i '/Werror/d' code/CMakeLists.txt
%build
%cmake
%cmake -DASSIMP_BUILD_ASSIMP_TOOLS=TRUE \
-DASSIMP_BUILD_ZLIB=OFF
%make_build
%install
@ -66,6 +78,7 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass
%files
%doc CREDITS LICENSE
%{_libdir}/*.so.*
%{_bindir}/assimp
%files devel
%{_includedir}/assimp
@ -81,6 +94,21 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass
%{python3_sitelib}/pyassimp
%changelog
* Sat Oct 26 2024 liningjie <liningjie@xfusion.com> - 5.3.1-5
- Fix CVE-2024-48425
* Thu Sep 19 2024 wangkai <13474090681@163.com> - 5.3.1-4
- fix CVE-2024-45679
* Mon Jul 22 2024 yinyongkang <yinyongkang@kylinos.cn> - 5.3.1-3
- fix CVE-2024-40724
* Thu Mar 28 2024 Ge Wang <wang__ge@126.com> - 5.3.1-2
- Add executable binary file assimp
* Wed Oct 18 2023 chenyaqiang <chengyaqiang@huawei.com> - 5.3.1-1
- update to 5.3.1
* Sat Feb 04 2023 wenchaofan <349464272@qq.com> - 5.2.5-1
- Update to 5.2.5 version