Fix CVE-2022-0699

reset author
2022-08-17 18:35:48 +08:00 · 2022-08-17 18:35:48 +08:00 · c8d0cd4690
commit c8d0cd4690
parent b291275352
2 changed files with 16 additions and 1 deletions
--- a/CVE-2022-0699.patch
+++ b/CVE-2022-0699.patch
@ -0,0 +1,10 @@
+--- a/contrib/shpsort.c	2022-08-17 14:48:59.276669116 +0800
+++ b/contrib/shpsort.c	2022-08-17 14:49:22.836834517 +0800
+@@ -279,7 +279,6 @@
+ 	free(result[--i]);
+       }
+       free(result);
+-      free(copy);
+       return NULL;
+     }
+     result = tmp;
--- a/shapelib.spec
+++ b/shapelib.spec
@ -1,12 +1,14 @@
 Name:           shapelib
 Version:        1.5.0
-Release:        1
+Release:        2
 Summary:        A Shapefile C Library
 License:        (LGPLv2+ or MIT) and GPLv2+ and Public Domain
 URL:            http://shapelib.maptools.org/
 Source0:        http://download.osgeo.org/shapelib/%{name}-%{version}.tar.gz
 Source1:        https://salsa.debian.org/debian-gis-team/shapelib/-/archive/master/shapelib-master.tar.gz

+Patch0:         CVE-2022-0699.patch
+
 BuildRequires:  automake autoconf libtool gcc-c++ make
 BuildRequires:  rubygem-ronn-ng

@ -72,6 +74,9 @@ install -pm 0644 man/*.1 %{buildroot}%{_mandir}/man1/
 %{_mandir}/man1/*.1*

 %changelog
+* Wed Aug 17 2022 luopihui <luopihui@ncti-gba.cn> - 1.5.0-2
+- Fix CVE-2022-0699
+
 * Tue Feb 15 2022 xu_ping <xuping33@huawei.com> - 1.5.0-1
 - Upgrage 1.5.0