Skip to content

Release 0.12.1
Compare
Choose a tag to compare
@rurban rurban released this 31 Jan 14:54
0.12.1
This tag was signed with the committer’s verified signature.
rurban Reini Urban
GPG key ID: B4F63339E65D6414
Learn about vigilant mode.
b84db06
This commit was signed with the committer’s verified signature.
rurban Reini Urban
GPG key ID: B4F63339E65D6414
Learn about vigilant mode.

Major bugfixes:

  • fixed dwg_bmp() and dwgbmp for >= r2004. Wrong dat offset.
  • Fixed EED with code 3 for layer handles. (Fixes GH #310, shanzhugit)
  • Fixed bit_convert_TU utf8 conversion with ubsan, wrong endian-ness.
    Various fuzzing errors detected and fuzzed by Chew Kin Zhong (See GH #304):
  • Fix possible null-deref with broken DWG's in dwg_get_first_object.
  • Fix possible null-deref with broken DWG's in dwg_find_class with empty
    CLASS.dxfname. (GH #309)
  • Fix possible null-deref with broken DWG's in dwglayers with empty
    LAYER.name. (GH #308)
  • Fix short integer overflow in EED checks when decoding malcrafted DWG's,
    which also led to encode buffer overflows. (GH #307)
  • Fix possible null-derefs with broken DWG's in json export. (GH #306)
  • Fix possible null-deref with broken DWG's in dwg_next_entity iterator. (GH #305)
  • Fix wrong TFF overflow check for static strings, where we cannot set
    the string nor the size. (GH #304)
  • Fix heap-overflows and invalid free's when decoding broken 3DSOLID's
    in malcrafted DWG's. Only accept version 1 and 2. (GH #304)

Minor features:

  • Added string converters with known TU sizes: bit_TU_to_utf8_len, bit_read_TU_len.

See https://www.gnu.org/software/libredwg/ and NEWS

Here are the compressed sources:
http://ftp.gnu.org/gnu/libredwg/libredwg-0.12.1.tar.gz (17.4MB)
http://ftp.gnu.org/gnu/libredwg/libredwg-0.12.1.tar.xz (9MB)

Here are the GPG detached signatures[*]:
http://ftp.gnu.org/gnu/libredwg/libredwg-0.12.1.tar.gz.sig
http://ftp.gnu.org/gnu/libredwg/libredwg-0.12.1.tar.xz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html

Here are more binaries:
https://github.com/LibreDWG/libredwg/releases/tag/0.12.1

Here are the SHA256 checksums:

5a71bcb391f9da29e268e86edda3911ae0763fcdba3b21a3c139510474098542  libredwg-0.12.1.tar.gz
dedf502b7085bed716d4ffb669d1b699a988eabd928a48d13e30176b43823128  libredwg-0.12.1.tar.xz
cfa8e91e12761b14d3d6826cf3b5b336d12db74d805a99defe45bb25f029ae17  libredwg-0.12.1-win32.zip
1fd2a4c6c682a7ed9263d0c30780545b8c82f038fc483a206d7eeaf4d41c5cc1  libredwg-0.12.1-win64.zip

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify libredwg-0.12.1.tar.gz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

gpg --keyserver keys.gnupg.net --recv-keys B4F63339E65D6414

and rerun the gpg --verify command.

Assets 10
Loading