openSUSE: 2022:0067-1 important: libdxfrw, librecad
Description
This update for libdxfrw, librecad fixes the following issues: - Update to version 1.0.1+git.20220109: * fixed ambiguous error for DRW_Dimension::parseDwg() * fixed enless while()-loop for pre 2004 versions * dwgReader::readDwgObjects() stop reading after 1st error * dwgReader::readDwgEntities() stop reading after 1st error * replace ENTRY_PARSE macro with template method * remove unused DRW_Class::parseCode() method * protect vector<>.reserve() calls * Added NULL check for hatch code 93 * Fix bounds check in DRW_LWPolyline * fix, check maxClassNum for valid value * fixed wrong 2010+ check for 64-bit size * Set compiler warnings on by default, because makes harder for bugs to go undetected. modified: CMakeLists.txt * Fixed fall through and other warnings (#54) * fix "Vertex ID" printout - Update to version 1.0.1+git.20211110: * fixed heap use after free vulnerability CVE-2021-21900 (boo#1192938) * minor improvements to dwg2dxf, formatting and message output on success * fixed heap buffer overflow vulnerability CVE-2021-21899 (boo#1192937) * dwg2dxf - enable debug output of libdxfrw by command line switch * fixed out-of-bounds write vulnerability CVE-2021-21898 (boo#1192936) * fixed please note section formatting * updated README.md for LibreCAD_3 branch and sf.net successor * fixed LibreCAD 2 issue #1371, read failed with binary DXF * Use ununordered_map instead of map * manual merge changes from LibreCAD2 * and much more - Update to version 1.0.1+git.20200429: * Fix includes install dir * Export target as libdxfrw::libdxfrw to keep consistency with Conan packages * Add archive destination in install * Install DXFRW::dxfrw target * Remove duplicate target properties * Remove version from pkg-config file * Let CMake handle C++11 compiler definition * Change minimal required CMake version to 3.0 * cmake: add doc target * README.md: fix typo * cmake: generate and install pkgconfig * cmake: add one for dwg2dxf * cmake: set library VERSIONs * cmake: use GNUInstallDirs - Update to version 0.6.3+git.20190501: * Add build status and update example link * Add Travis-CI script * [#10] Fix compilation on GCC * Fix bugs with .dwg import of TEXT and MTEXT entities * This was unnecessary * Link libdxfrw against libstdc++ * Return an error when the file ends prematurely * Add version getter * Fix polyline 2d/3d write * Initialize return buffers in GetRawChar8 et al. - update to 2.2.0-rc3 * major release * DWG imports are more reliable now * and a lot more of bugfixes and improvements
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-67=1
Package List
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1 libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1 libdxfrw1-1.0.1+git.20220109-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64): librecad-2.2.0~rc3-bp153.2.3.1 librecad-debuginfo-2.2.0~rc3-bp153.2.3.1 librecad-debugsource-2.2.0~rc3-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (noarch): librecad-parts-2.2.0~rc3-bp153.2.3.1
References
https://www.suse.com/security/cve/CVE-2021-21898.html https://www.suse.com/security/cve/CVE-2021-21899.html https://www.suse.com/security/cve/CVE-2021-21900.html https://bugzilla.suse.com/1192936 https://bugzilla.suse.com/1192937 https://bugzilla.suse.com/1192938
