CVE-2019-17545 (https://nvd.nist.gov/vuln/detail/CVE-2019-17545): GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
Upstream patch: https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
gdal-3.0.4-r1 requires >=sci-libs/proj-6.0.0:= while gdal-3.0.4-r1[ogdi] requires sci-libs/ogdi, which requires <sci-libs/proj-6.0.0:= This is no good
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=064fcfbe59e7d0b0519994cc434a597fc3f97d32 commit 064fcfbe59e7d0b0519994cc434a597fc3f97d32 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-04-10 11:14:33 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-04-10 11:30:49 +0000 sci-libs/ogdi: 4.1.0 version bump Bug: https://bugs.gentoo.org/699838 Closes: https://bugs.gentoo.org/706190 Package-Manager: Portage-2.3.98, Repoman-2.3.22 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> sci-libs/ogdi/Manifest | 1 + sci-libs/ogdi/files/ogdi-4.1.0-subdirs.patch | 24 +++++++++++ sci-libs/ogdi/ogdi-4.1.0.ebuild | 60 ++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+)
Unable to check for sanity: > no match for package: dev-python/ijson-2.4
arm64 stable
All sanity-check issues have been resolved
Resetting sanity check; package list is empty or all packages are done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f343fdd68ff4def7e6083fa14258b14867e04e4 commit 7f343fdd68ff4def7e6083fa14258b14867e04e4 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-04-12 21:38:48 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-04-13 09:21:29 +0000 sci-libs/gdal: Drop 2.4.1-r1 and 2.4.3 Bug: https://bugs.gentoo.org/699838 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> sci-libs/gdal/Manifest | 2 - sci-libs/gdal/files/gdal-2.2.3-bashcomp-path.patch | 12 - sci-libs/gdal/files/gdal-2.4.1-poppler-0.75.patch | 148 ---------- sci-libs/gdal/files/gdal-2.4.1-poppler-0.76.patch | 24 -- sci-libs/gdal/files/gdal-2.4.1-poppler-0.82.patch | 53 ---- .../gdal/files/gdal-2.4.1-poppler-0.83-1.patch | 27 -- .../gdal/files/gdal-2.4.1-poppler-0.83-2.patch | 42 --- sci-libs/gdal/files/gdal-2.4.1-swig-4.patch | 115 -------- sci-libs/gdal/gdal-2.4.1-r1.ebuild | 322 --------------------- sci-libs/gdal/gdal-2.4.3.ebuild | 319 -------------------- 10 files changed, 1064 deletions(-)
Security cleanup done.
Downgraded.