[Git][debian-gis-team/shapelib][master] 3 commits: Add upstream patch to fix CVE-2022-0699. (closes: #1022557)

Bas Couwenberg (@sebastic) gitlab at salsa.debian.org
Mon Oct 24 05:07:27 BST 2022 


Bas Couwenberg pushed to branch master at Debian GIS Project / shapelib


Commits:
ab94dcc7 by Bas Couwenberg at 2022-10-24T05:38:50+02:00
Add upstream patch to fix CVE-2022-0699. (closes: #1022557)

- - - - -
62be6a94 by Bas Couwenberg at 2022-10-24T05:54:19+02:00
Update lintian overrides.

- - - - -
1ef35f5c by Bas Couwenberg at 2022-10-24T05:54:19+02:00
Set distribution to unstable.

- - - - -


4 changed files:

- debian/changelog
- + debian/patches/0001-Remove-double-free-in-contrib-shpsrt-issue-39.patch
- + debian/patches/series
- + debian/source/lintian-overrides


Changes:

=====================================
debian/changelog
=====================================
@@ -1,12 +1,14 @@
-shapelib (1.5.0-3) UNRELEASED; urgency=medium
+shapelib (1.5.0-3) unstable; urgency=high
 
   * Bump watch file version to 4.
   * Update lintian overrides.
   * Bump Standards-Version to 4.6.1, no changes.
   * Bump debhelper compat to 12, changes:
     - Drop --list-missing from dh_install
+  * Add upstream patch to fix CVE-2022-0699.
+    (closes: #1022557)
 
- -- Bas Couwenberg <sebastic at debian.org>  Fri, 06 Nov 2020 19:59:25 +0100
+ -- Bas Couwenberg <sebastic at debian.org>  Mon, 24 Oct 2022 05:38:54 +0200
 
 shapelib (1.5.0-2) unstable; urgency=medium
 


=====================================
debian/patches/0001-Remove-double-free-in-contrib-shpsrt-issue-39.patch
=====================================
@@ -0,0 +1,16 @@
+Description: Remove double free() in contrib/shpsrt, issue #39
+Author: Albin Eldstål-Ahrens <laeder.keps at gmail.com>
+Origin: https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
+Bug: https://github.com/OSGeo/shapelib/issues/39
+Bug-Debian: https://bugs.debian.org/1022557
+
+--- a/contrib/shpsort.c
++++ b/contrib/shpsort.c
+@@ -279,7 +279,6 @@ static char ** split(const char *arg, co
+ 	free(result[--i]);
+       }
+       free(result);
+-      free(copy);
+       return NULL;
+     }
+     result = tmp;


=====================================
debian/patches/series
=====================================
@@ -0,0 +1 @@
+0001-Remove-double-free-in-contrib-shpsrt-issue-39.patch


=====================================
debian/source/lintian-overrides
=====================================
@@ -0,0 +1,3 @@
+# False positive
+source-is-missing [web/shapelib-tools.html]
+



View it on GitLab: https://salsa.debian.org/debian-gis-team/shapelib/-/compare/a275380d8bd8605d6d466f8946935115161c4cd9...1ef35f5cf52cae9933799c4a8c9f934f667d0d8a

-- 
View it on GitLab: https://salsa.debian.org/debian-gis-team/shapelib/-/compare/a275380d8bd8605d6d466f8946935115161c4cd9...1ef35f5cf52cae9933799c4a8c9f934f667d0d8a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-grass-devel/attachments/20221024/f2840c1b/attachment-0001.htm>

More information about the Pkg-grass-devel mailing list