From 5c38502cbf32a7fb388e34c2db25ba9c153dae9c Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Sat, 11 Sep 2021 12:31:24 -0400 Subject: [PATCH 1/5] Unbundle stb_image --- assimp-5.0.1-unbundle.patch | 35 +++++++++++++---------------------- assimp.spec | 11 +++++++++-- 2 files changed, 22 insertions(+), 24 deletions(-) diff --git a/assimp-5.0.1-unbundle.patch b/assimp-5.0.1-unbundle.patch index 0d937d5..506a968 100644 --- a/assimp-5.0.1-unbundle.patch +++ b/assimp-5.0.1-unbundle.patch @@ -1,6 +1,5 @@ -diff -up ./CMakeLists.txt.unbundle ./CMakeLists.txt --- ./CMakeLists.txt.unbundle 2020-01-12 06:56:40.000000000 -0500 -+++ ./CMakeLists.txt 2021-02-27 15:46:23.408557445 -0500 ++++ ./CMakeLists.txt 2021-09-11 12:22:08.270359054 -0400 @@ -485,6 +485,27 @@ IF ( ASSIMP_NO_EXPORT ) MESSAGE( STATUS "Build an import-only version of Assimp." ) ENDIF( ASSIMP_NO_EXPORT ) @@ -29,9 +28,8 @@ diff -up ./CMakeLists.txt.unbundle ./CMakeLists.txt SET ( ASSIMP_BUILD_ARCHITECTURE "" CACHE STRING "describe the current architecture." ) -diff -up ./code/Blender/BlenderTessellator.h.unbundle ./code/Blender/BlenderTessellator.h --- ./code/Blender/BlenderTessellator.h.unbundle 2020-01-12 06:56:40.000000000 -0500 -+++ ./code/Blender/BlenderTessellator.h 2021-02-27 15:46:23.408557445 -0500 ++++ ./code/Blender/BlenderTessellator.h 2021-09-11 12:22:08.271359063 -0400 @@ -144,11 +144,7 @@ namespace Assimp #if ASSIMP_BLEND_WITH_POLY_2_TRI @@ -44,9 +42,8 @@ diff -up ./code/Blender/BlenderTessellator.h.unbundle ./code/Blender/BlenderTess namespace Assimp { -diff -up ./code/CMakeLists.txt.unbundle ./code/CMakeLists.txt --- ./code/CMakeLists.txt.unbundle 2020-01-12 06:56:40.000000000 -0500 -+++ ./code/CMakeLists.txt 2021-02-27 15:46:23.408557445 -0500 ++++ ./code/CMakeLists.txt 2021-09-11 12:22:08.271359063 -0400 @@ -874,7 +874,7 @@ IF(HUNTER_ENABLED) hunter_add_package(utf8) find_package(utf8 CONFIG REQUIRED) @@ -176,9 +173,8 @@ diff -up ./code/CMakeLists.txt.unbundle ./code/CMakeLists.txt ENDIF(HUNTER_ENABLED) if(ASSIMP_ANDROID_JNIIOSYSTEM) -diff -up ./code/Common/BaseImporter.cpp.unbundle ./code/Common/BaseImporter.cpp ---- ./code/Common/BaseImporter.cpp.unbundle 2021-02-27 15:47:27.432812387 -0500 -+++ ./code/Common/BaseImporter.cpp 2021-02-27 15:47:58.526936201 -0500 +--- ./code/Common/BaseImporter.cpp.unbundle 2020-01-12 06:56:40.000000000 -0500 ++++ ./code/Common/BaseImporter.cpp 2021-09-11 12:22:08.272359072 -0400 @@ -341,11 +341,7 @@ std::string BaseImporter::GetExtension( return false; } @@ -192,9 +188,8 @@ diff -up ./code/Common/BaseImporter.cpp.unbundle ./code/Common/BaseImporter.cpp // ------------------------------------------------------------------------------------------------ // Convert to UTF8 data -diff -up ./code/Importer/IFC/IFCGeometry.cpp.unbundle ./code/Importer/IFC/IFCGeometry.cpp --- ./code/Importer/IFC/IFCGeometry.cpp.unbundle 2020-01-12 06:56:40.000000000 -0500 -+++ ./code/Importer/IFC/IFCGeometry.cpp 2021-02-27 15:46:23.408557445 -0500 ++++ ./code/Importer/IFC/IFCGeometry.cpp 2021-09-11 12:22:08.272359072 -0400 @@ -49,13 +49,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE #include "Common/PolyTools.h" #include "PostProcessing/ProcessHelper.h" @@ -211,9 +206,8 @@ diff -up ./code/Importer/IFC/IFCGeometry.cpp.unbundle ./code/Importer/IFC/IFCGeo #include #include -diff -up ./code/Importer/IFC/IFCOpenings.cpp.unbundle ./code/Importer/IFC/IFCOpenings.cpp --- ./code/Importer/IFC/IFCOpenings.cpp.unbundle 2020-01-12 06:56:40.000000000 -0500 -+++ ./code/Importer/IFC/IFCOpenings.cpp 2021-02-27 15:46:23.409557449 -0500 ++++ ./code/Importer/IFC/IFCOpenings.cpp 2021-09-11 12:22:08.273359081 -0400 @@ -49,13 +49,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE #include "Common/PolyTools.h" #include "PostProcessing/ProcessHelper.h" @@ -230,9 +224,8 @@ diff -up ./code/Importer/IFC/IFCOpenings.cpp.unbundle ./code/Importer/IFC/IFCOpe #include -diff -up ./code/Importer/STEPParser/STEPFileEncoding.cpp.unbundle ./code/Importer/STEPParser/STEPFileEncoding.cpp ---- ./code/Importer/STEPParser/STEPFileEncoding.cpp.unbundle 2021-02-27 15:48:15.993005751 -0500 -+++ ./code/Importer/STEPParser/STEPFileEncoding.cpp 2021-02-27 15:48:37.161090042 -0500 +--- ./code/Importer/STEPParser/STEPFileEncoding.cpp.unbundle 2020-01-12 06:56:40.000000000 -0500 ++++ ./code/Importer/STEPParser/STEPFileEncoding.cpp 2021-09-11 12:22:08.273359081 -0400 @@ -45,11 +45,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE */ #include "STEPFileEncoding.h" @@ -246,9 +239,8 @@ diff -up ./code/Importer/STEPParser/STEPFileEncoding.cpp.unbundle ./code/Importe #include -diff -up ./code/MMD/MMDPmxParser.cpp.unbundle ./code/MMD/MMDPmxParser.cpp ---- ./code/MMD/MMDPmxParser.cpp.unbundle 2021-02-27 15:50:16.110484046 -0500 -+++ ./code/MMD/MMDPmxParser.cpp 2021-02-27 15:50:57.573649134 -0500 +--- ./code/MMD/MMDPmxParser.cpp.unbundle 2020-01-12 06:56:40.000000000 -0500 ++++ ./code/MMD/MMDPmxParser.cpp 2021-09-11 12:22:08.273359081 -0400 @@ -42,11 +42,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE #include #include "MMDPmxParser.h" @@ -262,9 +254,8 @@ diff -up ./code/MMD/MMDPmxParser.cpp.unbundle ./code/MMD/MMDPmxParser.cpp #include namespace pmx -diff -up ./code/SIB/SIBImporter.cpp.unbundle ./code/SIB/SIBImporter.cpp ---- ./code/SIB/SIBImporter.cpp.unbundle 2021-02-27 15:48:54.037157241 -0500 -+++ ./code/SIB/SIBImporter.cpp 2021-02-27 15:49:24.194277325 -0500 +--- ./code/SIB/SIBImporter.cpp.unbundle 2020-01-12 06:56:40.000000000 -0500 ++++ ./code/SIB/SIBImporter.cpp 2021-09-11 12:22:08.274359089 -0400 @@ -59,12 +59,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE #include #include diff --git a/assimp.spec b/assimp.spec index 1751c2c..9b59fd5 100644 --- a/assimp.spec +++ b/assimp.spec @@ -1,7 +1,7 @@ %undefine __cmake_in_source_build Name: assimp Version: 5.0.1 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Library to import various 3D model formats into applications # Assimp is BSD @@ -49,7 +49,11 @@ BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(python3) BuildRequires: poly2tri-devel BuildRequires: python3-devel +# Need to BR -static packages for header-only libraries for tracking, per +# guidelines BuildRequires: rapidjson-devel +BuildRequires: stb_image-devel +BuildRequires: stb_image-static BuildRequires: utf8cpp-devel # Incompatible - https://github.com/assimp/assimp/issues/788 @@ -57,7 +61,6 @@ BuildRequires: utf8cpp-devel Provides: bundled(polyclipping) = 4.8.8 Provides: bundled(open3dgc) Provides: bundled(openddl-parser) -Provides: bundled(stb_image) Provides: bundled(unzip) Provides: bundled(minzip) Provides: bundled(zlib) @@ -105,6 +108,7 @@ rm -r contrib/android-cmake rm -r contrib/irrXML rm -r contrib/poly2tri rm -r contrib/rapidjson +rm -r contrib/stb_image rm -r contrib/utf8cpp %patch0 -p1 -b .unbundle @@ -171,6 +175,9 @@ rm -f %{buildroot}%{_libdir}/libzlibstatic.a %endif %changelog +* Sat Sep 11 2021 Benjamin A. Beasley - 5.0.1-4 +- Unbundle stb_image + * Mon Mar 29 2021 Rich Mattes - 5.0.1-3 - Fix library install dir specification (rhbz#1943862) - Remove un-needed build dependency on ILUT From cfc66df8b49d46769b213656a769b0f94a84a951 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Sat, 11 Sep 2021 12:32:02 -0400 Subject: [PATCH 2/5] =?UTF-8?q?Add=20-static=20BR=E2=80=99s=20for=20header?= =?UTF-8?q?-only=20libraries=20utf8cpp=20and=20rapidjson?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- assimp-5.0.1-unbundle.patch | 11 +++++++++++ assimp.spec | 3 +++ 2 files changed, 14 insertions(+) diff --git a/assimp-5.0.1-unbundle.patch b/assimp-5.0.1-unbundle.patch index 506a968..0414ab9 100644 --- a/assimp-5.0.1-unbundle.patch +++ b/assimp-5.0.1-unbundle.patch @@ -270,3 +270,14 @@ #include #include #include +--- ./samples/SimpleTexturedOpenGL/SimpleTexturedOpenGL/src/model_loading.cpp.unbundle 2021-09-11 12:47:39.249727225 -0400 ++++ ./samples/SimpleTexturedOpenGL/SimpleTexturedOpenGL/src/model_loading.cpp 2021-09-11 12:22:39.456631581 -0400 +@@ -19,7 +19,7 @@ + #include + + #define STB_IMAGE_IMPLEMENTATION +-#include "contrib/stb_image/stb_image.h" ++#include "stb_image.h" + + #include + diff --git a/assimp.spec b/assimp.spec index 9b59fd5..b963bbb 100644 --- a/assimp.spec +++ b/assimp.spec @@ -52,9 +52,11 @@ BuildRequires: python3-devel # Need to BR -static packages for header-only libraries for tracking, per # guidelines BuildRequires: rapidjson-devel +BuildRequires: rapidjson-static BuildRequires: stb_image-devel BuildRequires: stb_image-static BuildRequires: utf8cpp-devel +BuildRequires: utf8cpp-static # Incompatible - https://github.com/assimp/assimp/issues/788 #BuildRequires: pkgconfig(polyclipping) @@ -177,6 +179,7 @@ rm -f %{buildroot}%{_libdir}/libzlibstatic.a %changelog * Sat Sep 11 2021 Benjamin A. Beasley - 5.0.1-4 - Unbundle stb_image +- Add -static BR’s for header-only libraries utf8cpp and rapidjson * Mon Mar 29 2021 Rich Mattes - 5.0.1-3 - Fix library install dir specification (rhbz#1943862) From ed8a1b09fd513f022f6b97c9560e80f5e409b300 Mon Sep 17 00:00:00 2001 From: Rich Mattes Date: Wed, 29 Dec 2021 23:16:18 -0500 Subject: [PATCH 3/5] Correct Unlicense shortname (rhbz#2036000) --- assimp.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/assimp.spec b/assimp.spec index b963bbb..3e91b1b 100644 --- a/assimp.spec +++ b/assimp.spec @@ -1,7 +1,7 @@ %undefine __cmake_in_source_build Name: assimp Version: 5.0.1 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Library to import various 3D model formats into applications # Assimp is BSD @@ -12,7 +12,7 @@ Summary: Library to import various 3D model formats into applications # Bundled contrib/unzip is zlib # Bundled contrib/zip is unlicense # Bundled contrib/zlib is zlib -License: BSD and MIT and Boost and unlicense and zlib +License: BSD and MIT and Boost and Unlicense and zlib URL: https://github.com/assimp/assimp # Github releases include nonfree models, source tarball must be re-generated @@ -177,6 +177,9 @@ rm -f %{buildroot}%{_libdir}/libzlibstatic.a %endif %changelog +* Thu Dec 30 2021 Rich Mattes - 5.0.1-5 +- Correct Unlicense shortname (rhbz#2036000) + * Sat Sep 11 2021 Benjamin A. Beasley - 5.0.1-4 - Unbundle stb_image - Add -static BR’s for header-only libraries utf8cpp and rapidjson From 68ff7e35a5478d69c4528e99a2e5302b3459dcc4 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Sat, 23 Apr 2022 13:27:09 -0400 Subject: [PATCH 4/5] Security fix for CVE-2022-28041 --- assimp.spec | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/assimp.spec b/assimp.spec index 3e91b1b..081f8c1 100644 --- a/assimp.spec +++ b/assimp.spec @@ -1,7 +1,7 @@ %undefine __cmake_in_source_build Name: assimp Version: 5.0.1 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Library to import various 3D model formats into applications # Assimp is BSD @@ -53,7 +53,14 @@ BuildRequires: python3-devel # guidelines BuildRequires: rapidjson-devel BuildRequires: rapidjson-static -BuildRequires: stb_image-devel +# Enforce the the minimum EVR to contain fixes for all of CVE-2021-28021, +# CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041. +%if 0%{?el7} || 0%{?el8} +%global min_stb_image 0-0.8.20211022gitaf1a5bc +%else +%global min_stb_image 2.27^20210910gitaf1a5bc-0.2 +%endif +BuildRequires: stb_image-devel >= %{min_stb_image} BuildRequires: stb_image-static BuildRequires: utf8cpp-devel BuildRequires: utf8cpp-static @@ -177,6 +184,9 @@ rm -f %{buildroot}%{_libdir}/libzlibstatic.a %endif %changelog +* Sat Apr 23 2022 Benjamin A. Beasley - 5.0.1-6 +- Security fix for CVE-2022-28041 + * Thu Dec 30 2021 Rich Mattes - 5.0.1-5 - Correct Unlicense shortname (rhbz#2036000) From 78a1c67f790a4951932b31258e1f726594dd0fbe Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Sat, 25 Feb 2023 15:54:33 -0500 Subject: [PATCH 5/5] Ensure stb_image contains the latest CVE patches Fixes RHBZ#2246108, fixes RHBZ#2246114. --- assimp.spec | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/assimp.spec b/assimp.spec index 081f8c1..29529d7 100644 --- a/assimp.spec +++ b/assimp.spec @@ -1,7 +1,7 @@ %undefine __cmake_in_source_build Name: assimp Version: 5.0.1 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Library to import various 3D model formats into applications # Assimp is BSD @@ -53,12 +53,22 @@ BuildRequires: python3-devel # guidelines BuildRequires: rapidjson-devel BuildRequires: rapidjson-static -# Enforce the the minimum EVR to contain fixes for all of CVE-2021-28021, -# CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041. +# Enforce the the minimum EVR to contain fixes for all of: +# CVE-2021-28021 +# CVE-2021-42715 +# CVE-2021-42716 +# CVE-2022-28041 +# CVE-2023-43898 +# CVE-2023-45661 +# CVE-2023-45662 +# CVE-2023-45663 +# CVE-2023-45664 +# CVE-2023-45666 +# CVE-2023-45667 %if 0%{?el7} || 0%{?el8} -%global min_stb_image 0-0.8.20211022gitaf1a5bc +%global min_stb_image 2.28-0.39.20231011gitbeebb24 %else -%global min_stb_image 2.27^20210910gitaf1a5bc-0.2 +%global min_stb_image 2.28^20231011gitbeebb24-12 %endif BuildRequires: stb_image-devel >= %{min_stb_image} BuildRequires: stb_image-static @@ -184,6 +194,10 @@ rm -f %{buildroot}%{_libdir}/libzlibstatic.a %endif %changelog +* Fri Oct 27 2023 Benjamin A. Beasley - 5.0.1-7 +- Ensure stb_image contains the latest CVE patches +- Fixes RHBZ#2246108, RHBZ#2246114 + * Sat Apr 23 2022 Benjamin A. Beasley - 5.0.1-6 - Security fix for CVE-2022-28041