Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package assimp for openSUSE:Factory checked in at 2026-05-04 21:17:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/assimp (Old) and /work/SRC/openSUSE:Factory/.assimp.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "assimp" Mon May 4 21:17:03 2026 rev:36 rq:1350460 version:6.0.5 Changes: -------- --- /work/SRC/openSUSE:Factory/assimp/assimp.changes 2026-02-11 18:47:39.734390849 +0100 +++ /work/SRC/openSUSE:Factory/.assimp.new.30200/assimp.changes 2026-05-04 21:17:07.667616925 +0200 @@ -1,0 +2,11 @@ +Sat May 2 12:31:22 UTC 2026 - Christophe Marin <[email protected]> + +- Update to 6.0.5 + * https://github.com/assimp/assimp/releases/tag/v6.0.5 +- Drop patches, merged upstream: + * CVE-2025-5167.patch + * CVE-2025-5200.patch + * CVE-2025-2756.patch + * 0001-Fix-invalid-verifying-in-OpenDDLParser-parseStringLi.patch + +------------------------------------------------------------------- @@ -10,0 +22,9 @@ +Mon Feb 9 12:50:36 UTC 2026 - Christophe Marin <[email protected]> + +- Add upstream changes: + * CVE-2025-5167.patch (CVE-2025-5167) + * CVE-2025-5200.patch (CVE-2025-5200, boo#1243689) + * CVE-2025-2756.patch (CVE-2025-2756, boo#1240026, CVE-2025-2754, 1240024) + * 0001-Fix-invalid-verifying-in-OpenDDLParser-parseStringLi.patch + +------------------------------------------------------------------- @@ -488 +508 @@ - * Update/update pugi xml + * Update/update pugi xml by @kimkulling in #6229 Old: ---- 0001-Fix-invalid-verifying-in-OpenDDLParser-parseStringLi.patch CVE-2025-2756.patch CVE-2025-5167.patch CVE-2025-5200.patch assimp-6.0.4.tar.xz New: ---- assimp-6.0.5.tar.xz ----------(Old B)---------- Old: * CVE-2025-2756.patch * 0001-Fix-invalid-verifying-in-OpenDDLParser-parseStringLi.patch Old: * CVE-2025-5200.patch * CVE-2025-2756.patch * 0001-Fix-invalid-verifying-in-OpenDDLParser-parseStringLi.patch Old:- Drop patches, merged upstream: * CVE-2025-5167.patch * CVE-2025-5200.patch Old: * CVE-2025-5167.patch * CVE-2025-5200.patch * CVE-2025-2756.patch ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ assimp.spec ++++++ --- /var/tmp/diff_new_pack.bTkSyW/_old 2026-05-04 21:17:11.319766482 +0200 +++ /var/tmp/diff_new_pack.bTkSyW/_new 2026-05-04 21:17:11.319766482 +0200 @@ -18,7 +18,7 @@ %define sover 6 Name: assimp -Version: 6.0.4 +Version: 6.0.5 Release: 0 Summary: Library to load and process 3D scenes from various data formats License: BSD-3-Clause AND MIT @@ -26,14 +26,6 @@ Source0: %{name}-%{version}.tar.xz # PATCH-FIX-UPSTREAM -- don't reject 'find_package(assimp 5)' calls Patch0: 0001-Accept-find_package-Assimp-5.x-calls.patch -# PATCH-FIX-UPSTREAM -Patch1: CVE-2025-5167.patch -# PATCH-FIX-UPSTREAM -Patch2: CVE-2025-5200.patch -# PATCH-FIX-UPSTREAM -Patch3: CVE-2025-2756.patch -# PATCH-FIX-UPSTREAM -Patch4: 0001-Fix-invalid-verifying-in-OpenDDLParser-parseStringLi.patch BuildRequires: cmake >= 3.22 BuildRequires: gcc-c++ BuildRequires: pkgconfig ++++++ _service ++++++ --- /var/tmp/diff_new_pack.bTkSyW/_old 2026-05-04 21:17:11.375768775 +0200 +++ /var/tmp/diff_new_pack.bTkSyW/_new 2026-05-04 21:17:11.379768939 +0200 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="disabled"> <param name="scm">git</param> <param name="url">https://github.com/assimp/assimp</param> - <param name="revision">v6.0.4</param> + <param name="revision">v6.0.5</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <!-- non-OSI media --> ++++++ assimp-6.0.4.tar.xz -> assimp-6.0.5.tar.xz ++++++ /work/SRC/openSUSE:Factory/assimp/assimp-6.0.4.tar.xz /work/SRC/openSUSE:Factory/.assimp.new.30200/assimp-6.0.5.tar.xz differ: char 15, line 1
