diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..52326ef4af192a76fe667564ff46b865f6db039b --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +*.xz filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..bc8d15942f61298e536ba190b0284eb03fd83bf0 --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/assimp diff --git a/CVE-2024-40724-Fix-out-of-bound-access-5651.patch b/CVE-2024-40724-Fix-out-of-bound-access-5651.patch deleted file mode 100644 index ef009b98f53eba74fc73c25d94d4b713f24fd756..0000000000000000000000000000000000000000 --- a/CVE-2024-40724-Fix-out-of-bound-access-5651.patch +++ /dev/null @@ -1,27 +0,0 @@ -From ddb74c2bbdee1565dda667e85f0c82a0588c8053 Mon Sep 17 00:00:00 2001 -From: Kim Kulling -Date: Wed, 3 Jul 2024 21:37:24 +0200 -Subject: [PATCH] Fix out of bound access (#5651) - ---- - code/AssetLib/Ply/PlyLoader.cpp | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/code/AssetLib/Ply/PlyLoader.cpp b/code/AssetLib/Ply/PlyLoader.cpp -index 783c7f1..e109541 100644 ---- a/code/AssetLib/Ply/PlyLoader.cpp -+++ b/code/AssetLib/Ply/PlyLoader.cpp -@@ -567,6 +567,10 @@ void PLYImporter::LoadFace(const PLY::Element *pcElement, const PLY::ElementInst - if (mGeneratedMesh->mFaces == nullptr) { - mGeneratedMesh->mNumFaces = pcElement->NumOccur; - mGeneratedMesh->mFaces = new aiFace[mGeneratedMesh->mNumFaces]; -+ } else { -+ if (mGeneratedMesh->mNumFaces < pcElement->NumOccur) { -+ throw DeadlyImportError("Invalid .ply file: Too many faces"); -+ } - } - - if (!bIsTriStrip) { --- -2.41.0 - diff --git a/CVE-2024-45679.patch b/CVE-2024-45679.patch deleted file mode 100644 index 389442e6622899d1e5e0a48a955bffa4d9a3a3b3..0000000000000000000000000000000000000000 --- a/CVE-2024-45679.patch +++ /dev/null @@ -1,38 +0,0 @@ -From e4e2c63e0c2c449cd69fb9a3269e865eb83c241d Mon Sep 17 00:00:00 2001 -From: Alexandre Avenel -Date: Sat, 4 Nov 2023 10:28:19 +0100 -Subject: [PATCH] Fix heap-buffer overflow in PLY parser -Origin: https://github.com/assimp/assimp/commit/e4e2c63e0c2c449cd69fb9a3269e865eb83c241d - ---- - code/AssetLib/Ply/PlyParser.cpp | 3 ++- - include/assimp/IOStreamBuffer.h | 2 +- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/code/AssetLib/Ply/PlyParser.cpp b/code/AssetLib/Ply/PlyParser.cpp -index 6edba71fca..662da805ea 100644 ---- a/code/AssetLib/Ply/PlyParser.cpp -+++ b/code/AssetLib/Ply/PlyParser.cpp -@@ -425,7 +425,8 @@ bool PLY::DOM::ParseHeader(IOStreamBuffer &streamBuffer, std::vector - break; - } else { - // ignore unknown header elements -- streamBuffer.getNextLine(buffer); -+ if (!streamBuffer.getNextLine(buffer)) -+ return false; - } - } - -diff --git a/include/assimp/IOStreamBuffer.h b/include/assimp/IOStreamBuffer.h -index fae480e715..47db35a957 100644 ---- a/include/assimp/IOStreamBuffer.h -+++ b/include/assimp/IOStreamBuffer.h -@@ -287,7 +287,7 @@ static AI_FORCE_INLINE bool isEndOfCache(size_t pos, size_t cacheSize) { - template - AI_FORCE_INLINE bool IOStreamBuffer::getNextLine(std::vector &buffer) { - buffer.resize(m_cacheSize); -- if (isEndOfCache(m_cachePos, m_cacheSize) || 0 == m_filePos) { -+ if (m_cachePos >= m_cacheSize || 0 == m_filePos) { - if (!readNextBlock()) { - return false; - } diff --git a/CVE-2024-48423-pre-Fix-leak-5762.patch b/CVE-2024-48423-pre-Fix-leak-5762.patch deleted file mode 100644 index ffbc93240ccfaf588773d314402ef8e4f9a5a782..0000000000000000000000000000000000000000 --- a/CVE-2024-48423-pre-Fix-leak-5762.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 4024726eca89331503bdab33d0b9186e901bbc45 Mon Sep 17 00:00:00 2001 -From: Kim Kulling -Date: Sat, 7 Sep 2024 21:02:34 +0200 -Subject: [PATCH] Fix leak (#5762) - -* Fix leak - -* Update utLogger.cpp ---- - code/Common/Assimp.cpp | 13 ++++++--- - fuzz/assimp_fuzzer.cc | 2 +- - test/CMakeLists.txt | 1 + - test/unit/Common/utLogger.cpp | 52 +++++++++++++++++++++++++++++++++++ - 4 files changed, 63 insertions(+), 5 deletions(-) - create mode 100644 test/unit/Common/utLogger.cpp - -diff --git a/code/Common/Assimp.cpp b/code/Common/Assimp.cpp -index ef3ee7b5d8..91896e4059 100644 ---- a/code/Common/Assimp.cpp -+++ b/code/Common/Assimp.cpp -@@ -359,20 +359,25 @@ void CallbackToLogRedirector(const char *msg, char *dt) { - s->write(msg); - } - -+static LogStream *DefaultStream = nullptr; -+ - // ------------------------------------------------------------------------------------------------ - ASSIMP_API aiLogStream aiGetPredefinedLogStream(aiDefaultLogStream pStream, const char *file) { - aiLogStream sout; - - ASSIMP_BEGIN_EXCEPTION_REGION(); -- LogStream *stream = LogStream::createDefaultStream(pStream, file); -- if (!stream) { -+ if (DefaultStream == nullptr) { -+ DefaultStream = LogStream::createDefaultStream(pStream, file); -+ } -+ -+ if (!DefaultStream) { - sout.callback = nullptr; - sout.user = nullptr; - } else { - sout.callback = &CallbackToLogRedirector; -- sout.user = (char *)stream; -+ sout.user = (char *)DefaultStream; - } -- gPredefinedStreams.push_back(stream); -+ gPredefinedStreams.push_back(DefaultStream); - ASSIMP_END_EXCEPTION_REGION(aiLogStream); - return sout; - } -diff --git a/fuzz/assimp_fuzzer.cc b/fuzz/assimp_fuzzer.cc -index 8178674e82..91ffd9d692 100644 ---- a/fuzz/assimp_fuzzer.cc -+++ b/fuzz/assimp_fuzzer.cc -@@ -47,7 +47,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - using namespace Assimp; - - extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t dataSize) { -- aiLogStream stream = aiGetPredefinedLogStream(aiDefaultLogStream_STDOUT,NULL); -+ aiLogStream stream = aiGetPredefinedLogStream(aiDefaultLogStream_STDOUT, nullptr); - aiAttachLogStream(&stream); - - Importer importer; -diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt -index 7b7fd850ae..1a45adac7e 100644 ---- a/test/CMakeLists.txt -+++ b/test/CMakeLists.txt -@@ -100,6 +100,7 @@ SET( COMMON - unit/Common/utBase64.cpp - unit/Common/utHash.cpp - unit/Common/utBaseProcess.cpp -+ unit/Common/utLogger.cpp - ) - - SET(Geometry -diff --git a/test/unit/Common/utLogger.cpp b/test/unit/Common/utLogger.cpp -new file mode 100644 -index 0000000000..932240a7f6 ---- /dev/null -+++ b/test/unit/Common/utLogger.cpp -@@ -0,0 +1,52 @@ -+/* -+--------------------------------------------------------------------------- -+Open Asset Import Library (assimp) -+--------------------------------------------------------------------------- -+ -+Copyright (c) 2006-2024, assimp team -+ -+All rights reserved. -+ -+Redistribution and use of this software in source and binary forms, -+with or without modification, are permitted provided that the following -+conditions are met: -+ -+* Redistributions of source code must retain the above -+copyright notice, this list of conditions and the -+following disclaimer. -+ -+* Redistributions in binary form must reproduce the above -+copyright notice, this list of conditions and the -+following disclaimer in the documentation and/or other -+materials provided with the distribution. -+ -+* Neither the name of the assimp team, nor the names of its -+contributors may be used to endorse or promote products -+derived from this software without specific prior -+written permission of the assimp team. -+ -+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+--------------------------------------------------------------------------- -+*/ -+ -+#include "UnitTestPCH.h" -+#include -+ -+using namespace Assimp; -+class utLogger : public ::testing::Test {}; -+ -+TEST_F(utLogger, aiGetPredefinedLogStream_leak_test) { -+ aiLogStream stream1 = aiGetPredefinedLogStream(aiDefaultLogStream_STDOUT, nullptr); -+ aiLogStream stream2 = aiGetPredefinedLogStream(aiDefaultLogStream_STDOUT, nullptr); -+ ASSERT_EQ(stream1.callback, stream2.callback); -+} diff --git a/CVE-2024-48423.patch b/CVE-2024-48423.patch deleted file mode 100644 index a1fd324d3916edcd39077ea3af74bdc89c210af6..0000000000000000000000000000000000000000 --- a/CVE-2024-48423.patch +++ /dev/null @@ -1,34 +0,0 @@ -From f12e52198669239af525e525ebb68407977f8e34 Mon Sep 17 00:00:00 2001 -From: tyler92 -Date: Wed, 11 Dec 2024 12:17:14 +0200 -Subject: [PATCH] Fix use after free in the CallbackToLogRedirector (#5918) - -The heap-use-after-free vulnerability occurs in the -CallbackToLogRedirector function. During the process of logging, -a previously freed memory region is accessed, leading to a -use-after-free condition. This vulnerability stems from incorrect -memory management, specifically, freeing a log stream and then -attempting to access it later on. - -This patch sets NULL value for The DefaultStream global pointer. - -Co-authored-by: Kim Kulling ---- - code/Common/Assimp.cpp | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/code/Common/Assimp.cpp b/code/Common/Assimp.cpp -index 91896e4059..22e16bd36a 100644 ---- a/code/Common/Assimp.cpp -+++ b/code/Common/Assimp.cpp -@@ -416,6 +416,10 @@ ASSIMP_API aiReturn aiDetachLogStream(const aiLogStream *stream) { - DefaultLogger::get()->detachStream(it->second); - delete it->second; - -+ if ((Assimp::LogStream *)stream->user == DefaultStream) { -+ DefaultStream = nullptr; -+ } -+ - gActiveLogStreams.erase(it); - - if (gActiveLogStreams.empty()) { diff --git a/CVE-2024-48424.patch b/CVE-2024-48424.patch deleted file mode 100644 index fdbdf9385daaebf5c98c7ad4c2dc437bd00f1af2..0000000000000000000000000000000000000000 --- a/CVE-2024-48424.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 2b773f0f5a726c38dda72307b5311c14fc3a76ae Mon Sep 17 00:00:00 2001 -From: tyler92 -Date: Mon, 16 Dec 2024 23:48:45 +0200 -Subject: [PATCH] Fix heap-buffer-overflow in OpenDDLParser (#5919) - -Co-authored-by: Kim Kulling ---- - contrib/openddlparser/code/OpenDDLParser.cpp | 16 +++++++--------- - 1 file changed, 7 insertions(+), 9 deletions(-) - -diff --git a/contrib/openddlparser/code/OpenDDLParser.cpp b/contrib/openddlparser/code/OpenDDLParser.cpp -index 3d7dce45ec..26591b5ec8 100644 ---- a/contrib/openddlparser/code/OpenDDLParser.cpp -+++ b/contrib/openddlparser/code/OpenDDLParser.cpp -@@ -74,12 +74,11 @@ const char *getTypeToken(Value::ValueType type) { - return Grammar::PrimitiveTypeToken[(size_t)type]; - } - --static void logInvalidTokenError(const char *in, const std::string &exp, OpenDDLParser::logCallback callback) { -- if (callback) { -- std::string full(in); -- std::string part(full.substr(0, 50)); -+static void logInvalidTokenError(const std::string &in, const std::string &exp, OpenDDLParser::logCallback callback) { -+ if (callback) {\ -+ std::string part(in.substr(0, 50)); - std::stringstream stream; -- stream << "Invalid token \"" << *in << "\" " -+ stream << "Invalid token \"" << in << "\" " - << "(expected \"" << exp << "\") " - << "in: \"" << part << "\""; - callback(ddl_error_msg, stream.str()); -@@ -306,7 +305,7 @@ char *OpenDDLParser::parseHeader(char *in, char *end) { - } - - if (*in != Grammar::CommaSeparator[0] && *in != Grammar::ClosePropertyToken[0]) { -- logInvalidTokenError(in, Grammar::ClosePropertyToken, m_logCallback); -+ logInvalidTokenError(std::string(in, end), Grammar::ClosePropertyToken, m_logCallback); - return nullptr; - } - -@@ -355,8 +354,7 @@ char *OpenDDLParser::parseStructure(char *in, char *end) { - ++in; - } - } else { -- ++in; -- logInvalidTokenError(in, std::string(Grammar::OpenBracketToken), m_logCallback); -+ logInvalidTokenError(std::string(in, end), std::string(Grammar::OpenBracketToken), m_logCallback); - error = true; - return nullptr; - } -@@ -427,7 +425,7 @@ char *OpenDDLParser::parseStructureBody(char *in, char *end, bool &error) { - - in = lookForNextToken(in, end); - if (in == end || *in != '}') { -- logInvalidTokenError(in == end ? "" : in, std::string(Grammar::CloseBracketToken), m_logCallback); -+ logInvalidTokenError(std::string(in, end), std::string(Grammar::CloseBracketToken), m_logCallback); - return nullptr; - } else { - //in++; diff --git a/CVE-2024-48425.patch b/CVE-2024-48425.patch deleted file mode 100644 index d10d2a9e4736533c9f0c6b22adab1f7923316909..0000000000000000000000000000000000000000 --- a/CVE-2024-48425.patch +++ /dev/null @@ -1,29 +0,0 @@ -From ecdf8d24b85367b22ba353b4f82299d4af7f1f97 Mon Sep 17 00:00:00 2001 -From: Kim Kulling -Date: Mon, 7 Oct 2024 10:30:45 +0200 -Subject: [PATCH] SplitLargeMeshes: Fix crash (#5799) - -- Fix nullptr access when rootnode of the scene is a nullptr. This can happen even if the scene stores any kind of meshes. closes https://github.com/assimp/assimp/issues/5791 ---- - code/PostProcessing/SplitLargeMeshes.cpp | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/code/PostProcessing/SplitLargeMeshes.cpp b/code/PostProcessing/SplitLargeMeshes.cpp -index 3bee28521..cb9727651 100644 ---- a/code/PostProcessing/SplitLargeMeshes.cpp -+++ b/code/PostProcessing/SplitLargeMeshes.cpp -@@ -100,6 +100,11 @@ void SplitLargeMeshesProcess_Triangle::SetupProperties( const Importer* pImp) { - // ------------------------------------------------------------------------------------------------ - // Update a node after some meshes have been split - void SplitLargeMeshesProcess_Triangle::UpdateNode(aiNode* pcNode, const std::vector >& avList) { -+ if (pcNode == nullptr) { -+ ASSIMP_LOG_WARN("UpdateNode skipped, nullptr detected."); -+ return; -+ } -+ - // for every index in out list build a new entry - std::vector aiEntries; - aiEntries.reserve(pcNode->mNumMeshes + 1); --- -2.33.0 - diff --git a/CVE-2024-53425-pre-Fix-Add-check-for-invalid-input-argument.patch b/CVE-2024-53425-pre-Fix-Add-check-for-invalid-input-argument.patch deleted file mode 100644 index a64970618eec9e2d76825b5e752b06d4c7e126ef..0000000000000000000000000000000000000000 --- a/CVE-2024-53425-pre-Fix-Add-check-for-invalid-input-argument.patch +++ /dev/null @@ -1,196 +0,0 @@ -From d7cde433679a6e21e0a5f22e54ea0951783503fe Mon Sep 17 00:00:00 2001 -From: Kim Kulling -Date: Mon, 2 Oct 2023 10:24:43 +0200 -Subject: [PATCH] Fix: Add check for invalid input argument - ---- - code/AssetLib/MD5/MD5Parser.cpp | 10 +++--- - code/AssetLib/MD5/MD5Parser.h | 62 ++++++++++++++++++--------------- - 2 files changed, 38 insertions(+), 34 deletions(-) - -diff --git a/code/AssetLib/MD5/MD5Parser.cpp b/code/AssetLib/MD5/MD5Parser.cpp -index 7d0b41c24a..8da30e28f7 100644 ---- a/code/AssetLib/MD5/MD5Parser.cpp -+++ b/code/AssetLib/MD5/MD5Parser.cpp -@@ -3,7 +3,7 @@ - Open Asset Import Library (assimp) - --------------------------------------------------------------------------- - --Copyright (c) 2006-2022, assimp team -+Copyright (c) 2006-2023, assimp team - - All rights reserved. - -@@ -87,7 +87,7 @@ MD5Parser::MD5Parser(char *_buffer, unsigned int _fileSize) : buffer(_buffer), b - - // ------------------------------------------------------------------------------------------------ - // Report error to the log stream --/*static*/ AI_WONT_RETURN void MD5Parser::ReportError(const char *error, unsigned int line) { -+AI_WONT_RETURN void MD5Parser::ReportError(const char *error, unsigned int line) { - char szBuffer[1024]; - ::ai_snprintf(szBuffer, 1024, "[MD5] Line %u: %s", line, error); - throw DeadlyImportError(szBuffer); -@@ -95,7 +95,7 @@ MD5Parser::MD5Parser(char *_buffer, unsigned int _fileSize) : buffer(_buffer), b - - // ------------------------------------------------------------------------------------------------ - // Report warning to the log stream --/*static*/ void MD5Parser::ReportWarning(const char *warn, unsigned int line) { -+void MD5Parser::ReportWarning(const char *warn, unsigned int line) { - char szBuffer[1024]; - ::snprintf(szBuffer, sizeof(szBuffer), "[MD5] Line %u: %s", line, warn); - ASSIMP_LOG_WARN(szBuffer); -@@ -122,8 +122,8 @@ void MD5Parser::ParseHeader() { - // print the command line options to the console - // FIX: can break the log length limit, so we need to be careful - char *sz = buffer; -- while (!IsLineEnd(*buffer++)) -- ; -+ while (!IsLineEnd(*buffer++)); -+ - ASSIMP_LOG_INFO(std::string(sz, std::min((uintptr_t)MAX_LOG_MESSAGE_LENGTH, (uintptr_t)(buffer - sz)))); - SkipSpacesAndLineEnd(); - } -diff --git a/code/AssetLib/MD5/MD5Parser.h b/code/AssetLib/MD5/MD5Parser.h -index ad7367e2ab..9b29fbe851 100644 ---- a/code/AssetLib/MD5/MD5Parser.h -+++ b/code/AssetLib/MD5/MD5Parser.h -@@ -2,8 +2,7 @@ - Open Asset Import Library (assimp) - ---------------------------------------------------------------------- - --Copyright (c) 2006-2022, assimp team -- -+Copyright (c) 2006-2023, assimp team - - All rights reserved. - -@@ -93,7 +92,7 @@ struct Section { - std::string mName; - - //! For global elements: the value of the element as string -- //! Iif !length() the section is not a global element -+ //! if !length() the section is not a global element - std::string mGlobalValue; - }; - -@@ -185,7 +184,7 @@ using FrameList = std::vector; - */ - struct VertexDesc { - VertexDesc() AI_NO_EXCEPT -- : mFirstWeight(0), mNumWeights(0) { -+ : mFirstWeight(0), mNumWeights(0) { - // empty - } - -@@ -349,62 +348,61 @@ class MD5Parser { - */ - MD5Parser(char* buffer, unsigned int fileSize); - -- - // ------------------------------------------------------------------- - /** Report a specific error message and throw an exception - * @param error Error message to be reported - * @param line Index of the line where the error occurred - */ -- AI_WONT_RETURN static void ReportError (const char* error, unsigned int line) AI_WONT_RETURN_SUFFIX; -+ AI_WONT_RETURN static void ReportError(const char* error, unsigned int line) AI_WONT_RETURN_SUFFIX; - - // ------------------------------------------------------------------- - /** Report a specific warning - * @param warn Warn message to be reported - * @param line Index of the line where the error occurred - */ -- static void ReportWarning (const char* warn, unsigned int line); -- -+ static void ReportWarning(const char* warn, unsigned int line); - -+ // ------------------------------------------------------------------- -+ /** Report a specific error -+ * @param error Error message to be reported -+ */ - AI_WONT_RETURN void ReportError (const char* error) AI_WONT_RETURN_SUFFIX; - -- void ReportWarning (const char* warn) { -- return ReportWarning(warn, lineNumber); -- } -+ // ------------------------------------------------------------------- -+ /** Report a specific warning -+ * @param error Warn message to be reported -+ */ -+ void ReportWarning (const char* warn); - - //! List of all sections which have been read - SectionList mSections; - - private: -- // ------------------------------------------------------------------- -- /** Parses a file section. The current file pointer must be outside -- * of a section. -- * @param out Receives the section data -- * @return true if the end of the file has been reached -- * @throws ImportErrorException if an error occurs -- */ - bool ParseSection(Section& out); -- -- // ------------------------------------------------------------------- -- /** Parses the file header -- * @throws ImportErrorException if an error occurs -- */ - void ParseHeader(); -- - bool SkipLine(const char* in, const char** out); - bool SkipLine( ); - bool SkipSpacesAndLineEnd( const char* in, const char** out); - bool SkipSpacesAndLineEnd(); - bool SkipSpaces(); - -+private: - char* buffer; - char* bufferEnd; - unsigned int fileSize; - unsigned int lineNumber; - }; - -+// ------------------------------------------------------------------- -+inline void MD5Parser::ReportWarning (const char* warn) { -+ return ReportWarning(warn, lineNumber); -+} -+ -+// ------------------------------------------------------------------- - inline void MD5Parser::ReportError(const char* error) { - ReportError(error, lineNumber); - } -+ - // ------------------------------------------------------------------- - inline bool MD5Parser::SkipLine(const char* in, const char** out) { - ++lineNumber; -@@ -418,18 +416,24 @@ inline bool MD5Parser::SkipLine( ) { - - // ------------------------------------------------------------------- - inline bool MD5Parser::SkipSpacesAndLineEnd( const char* in, const char** out) { -- bool bHad = false; -- bool running = true; -+ if (in == bufferEnd) { -+ *out = in; -+ return false; -+ } -+ -+ bool bHad = false, running = true; - while (running) { - if( *in == '\r' || *in == '\n') { -- // we open files in binary mode, so there could be \r\n sequences ... -+ // we open files in binary mode, so there could be \r\n sequences ... - if (!bHad) { - bHad = true; - ++lineNumber; - } -+ } else if (*in == '\t' || *in == ' ') { -+ bHad = false; -+ } else { -+ break; - } -- else if (*in == '\t' || *in == ' ')bHad = false; -- else break; - ++in; - if (in == bufferEnd) { - break; diff --git a/CVE-2024-53425.patch b/CVE-2024-53425.patch deleted file mode 100644 index 5ba928796397c2d06b96474afbacc5002e0ede22..0000000000000000000000000000000000000000 --- a/CVE-2024-53425.patch +++ /dev/null @@ -1,39 +0,0 @@ -From ecc8a1c8695560df108d6adc00b3d7b1ba15df9f Mon Sep 17 00:00:00 2001 -From: tyler92 -Date: Tue, 17 Dec 2024 19:57:54 +0200 -Subject: [PATCH] Fix buffer overflow in MD5Parser::SkipSpacesAndLineEnd - (#5921) - -Co-authored-by: Kim Kulling ---- - code/AssetLib/MD5/MD5Parser.cpp | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/code/AssetLib/MD5/MD5Parser.cpp b/code/AssetLib/MD5/MD5Parser.cpp -index 2de8d5033c..c5f108586e 100644 ---- a/code/AssetLib/MD5/MD5Parser.cpp -+++ b/code/AssetLib/MD5/MD5Parser.cpp -@@ -115,14 +115,18 @@ void MD5Parser::ParseHeader() { - ReportError("MD5 version tag is unknown (10 is expected)"); - } - SkipLine(); -- if (buffer == bufferEnd) { -- return; -- } - - // print the command line options to the console -- // FIX: can break the log length limit, so we need to be careful - char *sz = buffer; -- while (!IsLineEnd(*buffer++)); -+ while (buffer < bufferEnd) { -+ if (IsLineEnd(*buffer++)) { -+ break; -+ } -+ } -+ -+ if (buffer == bufferEnd) { -+ return; -+ } - - ASSIMP_LOG_INFO(std::string(sz, std::min((uintptr_t)MAX_LOG_MESSAGE_LENGTH, (uintptr_t)(buffer - sz)))); - SkipSpacesAndLineEnd(); diff --git a/CVE-2025-2151.patch b/CVE-2025-2151.patch deleted file mode 100644 index 03b74c8e8e82168bb95fa370215f81a6d2e02017..0000000000000000000000000000000000000000 --- a/CVE-2025-2151.patch +++ /dev/null @@ -1,29 +0,0 @@ -From d2c6e64a1122884570caf4aaa589d810f5351f28 Mon Sep 17 00:00:00 2001 -From: Kim Kulling -Date: Thu, 13 Mar 2025 10:17:43 +0100 -Subject: [PATCH] Fix: Avoid override in line parsing (#6048) - -Origin: https://github.com/assimp/assimp/commit/d2c6e64a1122884570caf4aaa589d810f5351f28 - -* Fix: Avoid override in line parsing - -- closes https://github.com/assimp/assimp/issues/6026 - -* Update ParsingUtils.h ---- - include/assimp/ParsingUtils.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/assimp/ParsingUtils.h b/include/assimp/ParsingUtils.h -index f5908ee245..9882cf1148 100644 ---- a/include/assimp/ParsingUtils.h -+++ b/include/assimp/ParsingUtils.h -@@ -167,7 +167,7 @@ AI_FORCE_INLINE bool GetNextLine(const char_t *&buffer, char_t out[BufferSize]) - } - *_out = (char_t)'\0'; - -- while (IsLineEnd(*buffer) && '\0' != *buffer) { -+ while (IsLineEnd(*buffer) && '\0' != *buffer && buffer != end) { - ++buffer; - } - diff --git a/CVE-2025-3015.patch b/CVE-2025-3015.patch deleted file mode 100644 index 7804ab74d0901f7be1ae5f091d9003aca2953b1c..0000000000000000000000000000000000000000 --- a/CVE-2025-3015.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 7c705fde418d68cca4e8eff56be01b2617b0d6fe Mon Sep 17 00:00:00 2001 -From: Kim Kulling -Date: Wed, 12 Mar 2025 21:12:02 +0100 -Subject: [PATCH] ASE: Fix possible out of bound access. (#6045) ---- - code/AssetLib/ASE/ASELoader.cpp | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/code/AssetLib/ASE/ASELoader.cpp b/code/AssetLib/ASE/ASELoader.cpp -index 4617c9e..a622bb0 100644 ---- a/code/AssetLib/ASE/ASELoader.cpp -+++ b/code/AssetLib/ASE/ASELoader.cpp -@@ -730,6 +730,10 @@ void ASEImporter::BuildUniqueRepresentation(ASE::Mesh &mesh) { - unsigned int iCurrent = 0, fi = 0; - for (std::vector::iterator i = mesh.mFaces.begin(); i != mesh.mFaces.end(); ++i, ++fi) { - for (unsigned int n = 0; n < 3; ++n, ++iCurrent) { -+ const uint32_t curIndex = (*i).mIndices[n]; -+ if (curIndex >= mesh.mPositions.size()) { -+ throw DeadlyImportError("ASE: Invalid vertex index in face ", fi, "."); -+ } - mPositions[iCurrent] = mesh.mPositions[(*i).mIndices[n]]; - - // add texture coordinates --- -2.46.0 - diff --git a/CVE-2025-3016.patch b/CVE-2025-3016.patch deleted file mode 100644 index e576536de3fda00169644e1b281a29e24b728a99..0000000000000000000000000000000000000000 --- a/CVE-2025-3016.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 5d2a7482312db2e866439a8c05a07ce1e718bed1 Mon Sep 17 00:00:00 2001 -From: Kim Kulling -Date: Wed, 12 Mar 2025 21:29:33 +0100 -Subject: [PATCH] MDL: Limit max texture sizes - -- closes https://github.com/assimp/assimp/issues/6022 ---- - code/AssetLib/MDL/MDLMaterialLoader.cpp | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/code/AssetLib/MDL/MDLMaterialLoader.cpp b/code/AssetLib/MDL/MDLMaterialLoader.cpp -index 3d39fa6..9ab1944 100644 ---- a/code/AssetLib/MDL/MDLMaterialLoader.cpp -+++ b/code/AssetLib/MDL/MDLMaterialLoader.cpp -@@ -210,6 +210,8 @@ void MDLImporter::CreateTexture_3DGS_MDL4(const unsigned char *szData, - return; - } - -+static const uint32_t MaxTextureSize = 4096; -+ - // ------------------------------------------------------------------------------------------------ - // Load color data of a texture and convert it to our output format - void MDLImporter::ParseTextureColorData(const unsigned char *szData, -@@ -220,6 +222,11 @@ void MDLImporter::ParseTextureColorData(const unsigned char *szData, - - // allocate storage for the texture image - if (do_read) { -+ // check for max texture sizes -+ if (pcNew->mWidth > MaxTextureSize || pcNew->mHeight > MaxTextureSize) { -+ throw DeadlyImportError("Invalid MDL file. A texture is too big."); -+ } -+ - if(pcNew->mWidth != 0 && pcNew->mHeight > UINT_MAX/pcNew->mWidth) { - throw DeadlyImportError("Invalid MDL file. A texture is too big."); - } --- -2.46.0 - diff --git a/CVE-2025-3159.patch b/CVE-2025-3159.patch deleted file mode 100644 index a8e7d96564b184d5bea3645f003c090e1f0227d9..0000000000000000000000000000000000000000 --- a/CVE-2025-3159.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e8a6286542924e628e02749c4f5ac4f91fdae71b Mon Sep 17 00:00:00 2001 -From: Kim Kulling -Date: Thu, 13 Mar 2025 16:23:36 +0100 -Subject: [PATCH] ASE: Use correct vertex container (#6051) - -- closes https://github.com/assimp/assimp/issues/6024 ---- - code/AssetLib/ASE/ASEParser.cpp | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/code/AssetLib/ASE/ASEParser.cpp b/code/AssetLib/ASE/ASEParser.cpp -index c43eb42..f697861 100644 ---- a/code/AssetLib/ASE/ASEParser.cpp -+++ b/code/AssetLib/ASE/ASEParser.cpp -@@ -1382,8 +1382,8 @@ void Parser::ParseLV4MeshBonesVertices(unsigned int iNumVertices, ASE::Mesh &mes - if (TokenMatch(filePtr, "MESH_BONE_VERTEX", 16)) { - // read the vertex index - unsigned int iIndex = strtoul10(filePtr, &filePtr); -- if (iIndex >= mesh.mPositions.size()) { -- iIndex = (unsigned int)mesh.mPositions.size() - 1; -+ if (iIndex >= mesh.mBoneVertices.size()) { -+ iIndex = (unsigned int)mesh.mBoneVertices.size() - 1; - LogWarning("Bone vertex index is out of bounds. Using the largest valid " - "bone vertex index instead"); - } --- -2.41.0 - diff --git a/CVE-2025-3160.patch b/CVE-2025-3160.patch deleted file mode 100644 index 677160969469dfe4cabfa749fd781f9ae1b8dede..0000000000000000000000000000000000000000 --- a/CVE-2025-3160.patch +++ /dev/null @@ -1,29 +0,0 @@ -From a0993658f40d8e13ff5823990c30b43c82a5daf0 Mon Sep 17 00:00:00 2001 -From: Kim Kulling -Date: Thu, 13 Mar 2025 10:24:20 +0100 -Subject: [PATCH] Bugfix: Fix possible nullptr dereferencing - -- closes https://github.com/assimp/assimp/issues/6025 ---- - code/Common/SceneCombiner.cpp | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/code/Common/SceneCombiner.cpp b/code/Common/SceneCombiner.cpp -index 0188f5d..1edd265 100644 ---- a/code/Common/SceneCombiner.cpp -+++ b/code/Common/SceneCombiner.cpp -@@ -95,6 +95,11 @@ inline void PrefixString(aiString &string, const char *prefix, unsigned int len) - // ------------------------------------------------------------------------------------------------ - // Add node identifiers to a hashing set - void SceneCombiner::AddNodeHashes(aiNode *node, std::set &hashes) { -+ if (node == nullptr) { -+ ASSIMP_LOG_VERBOSE_DEBUG("Pointer to aiNode is nullptr."); -+ return; -+ } -+ - // Add node name to hashing set if it is non-empty - empty nodes are allowed - // and they can't have any anims assigned so its absolutely safe to duplicate them. - if (node->mName.length) { --- -2.41.0 - diff --git a/assimp-5.3.1-free.tar.xz b/assimp-5.3.1-free.tar.xz deleted file mode 100644 index 81687a33f48f96dc2f183f051f2273c62e4dc221..0000000000000000000000000000000000000000 Binary files a/assimp-5.3.1-free.tar.xz and /dev/null differ diff --git a/assimp-6.0.2-free.tar.xz b/assimp-6.0.2-free.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..359e1963406acc90ccc3c6718c797e3ff3d83ef4 --- /dev/null +++ b/assimp-6.0.2-free.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9c016bc3941327ab02fb05c07aa07778dc84bb0149532438b8bea73f9129389f +size 93307044 diff --git a/assimp.spec b/assimp.spec index 608d9ef22d24b936f96680be4c6ca1c629a47c49..3fa094c428c730c5760f19916917b740ace29ef6 100644 --- a/assimp.spec +++ b/assimp.spec @@ -1,9 +1,9 @@ Name: assimp -Version: 5.3.1 -Release: 11 +Version: 6.0.2 +Release: 1 Summary: Library to load and process various 3D model formats into applications. -License: BSD and MIT and LGPL-2.1 and LGPL-2.0 and GPL-2.0 and LGPL-3.0 and GPL-3.0 -URL: http://www.assimp.org/ +License: BSD-3-Clause MIT AND BSL-1.0 AND Zlib +URL: https://www.assimp.org/ #wget https://github.com/assimp/assimp/archive/v%{version}.tar.gz #tar xf v%{version}.tar.gz #cd assimp-%{version} @@ -12,20 +12,6 @@ URL: http://www.assimp.org/ #tar czf assimp-%{version}-free.tar.xz assimp-%{version} Source0: assimp-%{version}-free.tar.xz -Patch01: CVE-2024-40724-Fix-out-of-bound-access-5651.patch -Patch02: CVE-2024-45679.patch -Patch03: CVE-2024-48425.patch -Patch04: CVE-2024-48423-pre-Fix-leak-5762.patch -Patch05: CVE-2024-48423.patch -Patch06: CVE-2024-48424.patch -Patch07: CVE-2024-53425-pre-Fix-Add-check-for-invalid-input-argument.patch -Patch08: CVE-2024-53425.patch -Patch09: CVE-2025-2151.patch -Patch10: CVE-2025-3015.patch -Patch11: CVE-2025-3016.patch -Patch12: CVE-2025-3159.patch -Patch13: CVE-2025-3160.patch - BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zziplib) BuildRequires: pkgconfig(zlib) pkgconfig(minizip) gmock-devel make @@ -73,6 +59,9 @@ This package provides the PyAssimp3 python bindings install -d %{buildroot}%{python3_sitelib}/pyassimp/ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyassimp/ +%check +%ctest + %files %license LICENSE %doc CREDITS @@ -90,6 +79,9 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass %{python3_sitelib}/pyassimp %changelog +* Sun Jul 06 2025 Funda Wang - 6.0.2-1 +- update to 6.0.2 + * Fri Apr 4 2025 changtao - 5.3.1-11 - Type:CVE - CVE:CVE-2025-3160 CVE-2025-3159