* [gentoo-commits] repo/gentoo:master commit in: sci-geosciences/liblas/, sci-geosciences/liblas/files/
@ 2019-05-24 19:26 Andreas Sturmlechner
0 siblings, 0 replies; 2+ messages in thread
From: Andreas Sturmlechner @ 2019-05-24 19:26 UTC (permalink / raw
To: gentoo-commits
commit: 876f39a654bd15c8fe2dbdfcf07bcee2b7d10bf6
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Fri May 24 19:09:44 2019 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Fri May 24 19:25:47 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=876f39a6
sci-geosciences/liblas: Fix CVE-2018-20540
Bug: https://bugs.gentoo.org/678482
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
.../liblas/files/liblas-1.8.1-CVE-2018-20540.patch | 55 ++++++++++++++++++++++
sci-geosciences/liblas/liblas-1.8.1-r2.ebuild | 1 +
2 files changed, 56 insertions(+)
diff --git a/sci-geosciences/liblas/files/liblas-1.8.1-CVE-2018-20540.patch b/sci-geosciences/liblas/files/liblas-1.8.1-CVE-2018-20540.patch
new file mode 100644
index 00000000000..ab2174f04ff
--- /dev/null
+++ b/sci-geosciences/liblas/files/liblas-1.8.1-CVE-2018-20540.patch
@@ -0,0 +1,55 @@
+From 09d45518776489508f34098f1c159f58b856f459 Mon Sep 17 00:00:00 2001
+From: Mateusz Loskot <mateusz@loskot.net>
+Date: Sun, 20 Jan 2019 02:28:29 +0100
+Subject: [PATCH] Ensure stream is deallocated in case of exception (#162)
+
+Fixes #158
+---
+ include/liblas/liblas.hpp | 32 ++++++++++++++++++++++++--------
+ 1 file changed, 24 insertions(+), 8 deletions(-)
+
+diff --git a/include/liblas/liblas.hpp b/include/liblas/liblas.hpp
+index f5ad44e1..325de3ff 100644
+--- a/include/liblas/liblas.hpp
++++ b/include/liblas/liblas.hpp
+@@ -119,16 +119,32 @@ inline std::istream* Open(std::string const& filename, std::ios::openmode mode)
+ {
+ #ifdef USE_BOOST_IO
+ namespace io = boost::iostreams;
+- io::stream<io::file_source>* ifs = new io::stream<io::file_source>();
+- ifs->open(filename.c_str(), mode);
+- if (ifs->is_open() == false) return NULL;
+- return ifs;
++ io::stream<io::file_source>* ifs = NULL;
++ try
++ {
++ ifs = new io::stream<io::file_source>();
++ ifs->open(filename.c_str(), mode);
++ if (ifs->is_open() == false) return NULL;
++ return ifs;
++ }
++ catch (...)
++ {
++ delete ifs;
++ }
+ #else
+- std::ifstream* ifs = new std::ifstream();
+- ifs->open(filename.c_str(), mode);
+- if (ifs->is_open() == false) return NULL;
+- return ifs;
++ std::ifstream* ifs = NULL;
++ try
++ {
++ ifs = new std::ifstream();
++ ifs->open(filename.c_str(), mode);
++ if (ifs->is_open() == false) return NULL;
++ }
++ catch (...)
++ {
++ delete ifs;
++ }
+ #endif
++ return NULL;
+ }
+
+ /// Create file and open to write in binary mode.
diff --git a/sci-geosciences/liblas/liblas-1.8.1-r2.ebuild b/sci-geosciences/liblas/liblas-1.8.1-r2.ebuild
index 11e130b1404..6153260346a 100644
--- a/sci-geosciences/liblas/liblas-1.8.1-r2.ebuild
+++ b/sci-geosciences/liblas/liblas-1.8.1-r2.ebuild
@@ -30,6 +30,7 @@ S="${WORKDIR}/libLAS-${PV}"
PATCHES=(
"${FILESDIR}"/${PN}-1.8.0_remove-std-c++98.patch
"${FILESDIR}"/${P}-fix-overload-call.patch # bug 661654
+ "${FILESDIR}"/${P}-CVE-2018-20540.patch # bug 678482
)
src_prepare() {
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sci-geosciences/liblas/, sci-geosciences/liblas/files/
@ 2020-02-26 16:56 Andreas Sturmlechner
0 siblings, 0 replies; 2+ messages in thread
From: Andreas Sturmlechner @ 2020-02-26 16:56 UTC (permalink / raw
To: gentoo-commits
commit: e46f6618ca90e250deecbe59263fa144f6aa5a30
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 26 16:52:26 2020 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Wed Feb 26 16:56:20 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e46f6618
sci-geosciences/liblas: fix >=GDAL-2.5.0, USE debug, missing return val
Closes: https://bugs.gentoo.org/698846
Closes: https://bugs.gentoo.org/668778
Closes: https://bugs.gentoo.org/707706
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
.../files/liblas-1.8.1-CVE-2018-20540-fixup.patch | 24 ++++++++++
.../liblas/files/liblas-1.8.1-fix-debug.patch | 18 +++++++
.../liblas/files/liblas-1.8.1-gdal-2.5.0.patch | 34 +++++++++++++
sci-geosciences/liblas/liblas-1.8.1-r3.ebuild | 55 ++++++++++++++++++++++
4 files changed, 131 insertions(+)
diff --git a/sci-geosciences/liblas/files/liblas-1.8.1-CVE-2018-20540-fixup.patch b/sci-geosciences/liblas/files/liblas-1.8.1-CVE-2018-20540-fixup.patch
new file mode 100644
index 00000000000..6f0c132b5c5
--- /dev/null
+++ b/sci-geosciences/liblas/files/liblas-1.8.1-CVE-2018-20540-fixup.patch
@@ -0,0 +1,24 @@
+From 6a666b9101293b13fde4e4eb1d2c627f7613515e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Felipe=20M=2E=20L=C3=B3pez?= <femulop@gmail.com>
+Date: Fri, 19 Jul 2019 08:26:44 +0200
+Subject: [PATCH] Always return NULL when Open() is used (#168)
+
+Attempt to open LAS file using standard stream, without
+Boost supports built in, always failed with
+"Cannot open sample.las for read. Exiting..."
+---
+ include/liblas/liblas.hpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/liblas/liblas.hpp b/include/liblas/liblas.hpp
+index 325de3ff..5c950ce0 100644
+--- a/include/liblas/liblas.hpp
++++ b/include/liblas/liblas.hpp
+@@ -138,6 +138,7 @@ inline std::istream* Open(std::string const& filename, std::ios::openmode mode)
+ ifs = new std::ifstream();
+ ifs->open(filename.c_str(), mode);
+ if (ifs->is_open() == false) return NULL;
++ return ifs;
+ }
+ catch (...)
+ {
diff --git a/sci-geosciences/liblas/files/liblas-1.8.1-fix-debug.patch b/sci-geosciences/liblas/files/liblas-1.8.1-fix-debug.patch
new file mode 100644
index 00000000000..0c3b8ceec26
--- /dev/null
+++ b/sci-geosciences/liblas/files/liblas-1.8.1-fix-debug.patch
@@ -0,0 +1,18 @@
+Description: Fix compilation with -DDEBUG and GDAL >= 2
+Author: Even Rouault <even.rouault@spatialys.com>
+Origin: https://github.com/libLAS/libLAS/commit/72f7709bf1dfd3473b64cdba0259363d3beea3c3
+
+--- a/src/gt_wkt_srs.cpp
++++ b/src/gt_wkt_srs.cpp
+@@ -90,7 +90,11 @@ static const char *papszDatumEquiv[] =
+ /* LibgeotiffOneTimeInit() */
+ /************************************************************************/
+
++#if GDAL_VERSION_MAJOR >= 2
++static CPLMutex* hMutex = NULL;
++#else
+ static void* hMutex = NULL;
++#endif
+
+ void LibgeotiffOneTimeInit()
+ {
diff --git a/sci-geosciences/liblas/files/liblas-1.8.1-gdal-2.5.0.patch b/sci-geosciences/liblas/files/liblas-1.8.1-gdal-2.5.0.patch
new file mode 100644
index 00000000000..0691c16c1b7
--- /dev/null
+++ b/sci-geosciences/liblas/files/liblas-1.8.1-gdal-2.5.0.patch
@@ -0,0 +1,34 @@
+From 3a572ff7e684668da62c794b37ccccbc169723de Mon Sep 17 00:00:00 2001
+From: Andreas Sturmlechner <asturm@gentoo.org>
+Date: Wed, 26 Feb 2020 17:45:30 +0100
+Subject: [PATCH] Fix build against >=GDAL-2.5.0
+
+Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
+---
+ src/gt_wkt_srs.cpp | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/gt_wkt_srs.cpp b/src/gt_wkt_srs.cpp
+index 9871aa0..099972d 100755
+--- a/src/gt_wkt_srs.cpp
++++ b/src/gt_wkt_srs.cpp
+@@ -493,7 +493,6 @@ char *GTIFGetOGISDefn( GTIF *hGTIF, GTIFDefn * psDefn )
+ {
+ char *pszWKT;
+ oSRS.morphFromESRI();
+- oSRS.FixupOrdering();
+ if( oSRS.exportToWkt( &pszWKT ) == OGRERR_NONE )
+ return pszWKT;
+ }
+@@ -1094,8 +1093,6 @@ char *GTIFGetOGISDefn( GTIF *hGTIF, GTIFDefn * psDefn )
+ /* ==================================================================== */
+ char *pszWKT;
+
+- oSRS.FixupOrdering();
+-
+ if( oSRS.exportToWkt( &pszWKT ) == OGRERR_NONE )
+ return pszWKT;
+ else
+--
+2.25.1
+
diff --git a/sci-geosciences/liblas/liblas-1.8.1-r3.ebuild b/sci-geosciences/liblas/liblas-1.8.1-r3.ebuild
new file mode 100644
index 00000000000..30ac4893834
--- /dev/null
+++ b/sci-geosciences/liblas/liblas-1.8.1-r3.ebuild
@@ -0,0 +1,55 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit cmake
+
+DESCRIPTION="C/C++ library for manipulating the LAS LiDAR format common in GIS"
+HOMEPAGE="https://github.com/libLAS/libLAS/"
+SRC_URI="https://github.com/libLAS/libLAS/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="BSD"
+KEYWORDS="~amd64 ~ia64 ~ppc ~ppc64 ~x86"
+IUSE="gdal"
+
+DEPEND="
+ dev-libs/boost:=
+ sci-geosciences/laszip
+ sci-libs/libgeotiff:=
+ gdal? ( sci-libs/gdal:= )
+"
+RDEPEND="${DEPEND}"
+
+# tests known to fail due to LD_LIBRARY_PATH issue
+RESTRICT="test"
+
+S="${WORKDIR}/libLAS-${PV}"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-1.8.0_remove-std-c++98.patch
+ "${FILESDIR}"/${P}-fix-overload-call.patch # bug 661654
+ "${FILESDIR}"/${P}-CVE-2018-20540.patch # bug 678482
+ "${FILESDIR}"/${P}-CVE-2018-20540-fixup.patch # bug 698846
+ "${FILESDIR}"/${P}-fix-debug.patch # bug 668778
+)
+
+src_prepare() {
+ use gdal && has_version ">=sci-libs/gdal-2.5.0" && PATCHES+=(
+ "${FILESDIR}"/${P}-gdal-2.5.0.patch # bug 707706
+ )
+ cmake_src_prepare
+
+ # add missing linkage
+ sed -e 's:${LAS2COL} ${LIBLAS_C_LIB_NAME}:& ${CMAKE_THREAD_LIBS_INIT}:' \
+ -i "${S}/apps/CMakeLists.txt" || die
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -DLIBLAS_LIB_SUBDIR=$(get_libdir)
+ -DWITH_GDAL=$(usex gdal)
+ )
+ cmake_src_configure
+}
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-02-26 16:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-24 19:26 [gentoo-commits] repo/gentoo:master commit in: sci-geosciences/liblas/, sci-geosciences/liblas/files/ Andreas Sturmlechner
-- strict thread matches above, loose matches on Subject: below --
2020-02-26 16:56 Andreas Sturmlechner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox