AArch64 | |
ppc64le | |
s390x | |
x86-64 |
- Update to tag 0.12.5.5907 * Addressed CVE-2022-33025 [boo#1200898], CVE-2023-36271 [boo#1212709], CVE-2023-36272 [boo#1212707], CVE-2023-36273 [boo#1212706], CVE-2023-36274 [boo#1212705] - Delete 0001-bits-change-bit_copy_chain.patch, 0001-fix-obj_flush_hdlstream-GH-497.patch (merged)
- Add 0001-bits-change-bit_copy_chain.patch, 0001-fix-obj_flush_hdlstream-GH-497.patch [CVE-2022-35164] [boo#1202553]
- Update to release 0.12.5 [boo#1193372] [CVE-2021-28237] * Restricted accepted DXF objects to all stable and unstable classes, minus MATERIAL, ARC_DIMENSION, SUN, PROXY*. I.e. most unstable objects do not allow unknown DXF codes anymore. This fixed most oss-fuzz errors.
- Update to release 0.11.1 * Fixed decode of Unicode string streams. * Fixed UCS-2 to UTF-8 conversion for the chars 128-255. * Moved PSPACE entities from BLOCKS to ENTITIES * Fixed \r\n quoting in DXF texts * Generalize and fix DXF text splitup into 255 chunks and quoting, add basic shift-jis quoting support for Katagana and Hiragana letters (Japanese \M+1xxxx => Unicode \U+XXXX) * Added indxf dwg_has_subclass check to avoid buffer overflows when writing to wrong subclasses. * Improved SAB 2 to SAT 1 conversion: Split overlarge blocks into block_size of max 4096. Add "^ " quoting rule. * Fixed decode of empty classes section, esp. for r13c3 and r14. * Keep IDBUFFER for old DXFs (r13-r14) * Fixed SummaryInfo types from T to TU16, relevant for DXF headers too. * Add missing UTF-8 conversion in geojson for TEXT, MTEXT, GEOPOSITIONMARKER.
- update to 0.11: * new programs dwgfilter, dxfwrite * improved file support for r2004+ (incomplete) * Add support for GeoJSON RFC794a godsend for the json importer) * API extensions and breaking changes
- update to 0.10.1: * Fixed dwg2SVG htmlescape overflows and off-by-ones * Removed direct usages of fprintf and stderr in the lib * Fuzzing fixes for dwg2SVG, dwgread * Fixed eed.raw leaks
- Update to release 0.10 * API breaking changes: * Added a new int *isnewp argument to all dynapi utf8text getters, if the returned string is freshly malloced or not. * removed the UNKNOWN supertype, there are only UNKNOWN_OBJ and UNKNOWN_ENT left, with common_entity_data. * renamed BLOCK_HEADER.preview_data to preview, preview_data_size to preview_size. * renamed SHAPE.shape_no to style_id. * renamed CLASS.wasazombie to is_zombie. * Bugfixes: * Harmonized INDXFB with INDXF, removed extra src/in_dxfb.c. * Fixed encoding of added r2000 AUXHEADER address. * Fixed EED encoding from dwgrewrite. * Add several checks against [CVE-2020-6609, boo#1160520], [CVE-2020-6610, boo#1160522], [CVE-2020-6611, boo#1160523], [CVE-2020-6612, boo#1160524], [CVE-2020-6613, boo#1160525], [CVE-2020-6614, boo#1160526], [CVE-2020-6615, boo#1160527]