Done for both Cauldron and mga7!

CC: (none) => geiger.david68210

Advisory:
========================

Updated gdal packages fix security vulnerability:

Double free vulnerability in OGRExpatRealloc (CVE-2019-17545).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17545
https://lists.opensuse.org/opensuse-updates/2019-11/msg00046.html
========================

Updated packages in core/updates_testing:
========================
gdal-2.4.3-1.mga7
python2-gdal-2.4.3-1.mga7
python3-gdal-2.4.3-1.mga7
libgdal20-2.4.3-1.mga7
libgdal-devel-2.4.3-1.mga7
libgdal-static-devel-2.4.3-1.mga7

from gdal-2.4.3-1.mga7.src.rpm

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)
Assignee: bugsquad => qa-bugs

MGA7-64 Plasma on Lenovo B50
No installation issues
Ref to bug 23824 Comment 5, I installed merkaartor (tx to Mercator aka Geeraard De Cremer from Rupelmonde - Flanders)
at CLI:
$ merkaartor 
****  "2019-12-10T12:12:49"  -- Starting  "Merkaartor 0.18.3"
------- "using Qt version 5.12.6 (built with 5.12.2)"
------- "using PROJ4 version 6.0.0"
------- "using GDAL version 2.4.1"
and some more. I cpuld draw a liitle and save the file, so that should be OK.
But trying to run one of the commands from the gdal package gives trouble.
Ref to https://medium.com/planet-stories/a-gentle-introduction-to-gdal-part-1-a3253eb96082
at CLI:

$ gdalinfo --version
/usr/bin/gdalinfo: error: '/usr/bin/.libs/gdalinfo' does not exist

Sounds awkward to me.

CC: (none) => herman.viaene

I agree - Herman, I'm setting the feedback request.

Probably just an object or reference in the wrong directory.

Whiteboard: (none) => feedback
CC: (none) => brtians1

Hmmm! yes strange this issue! and we have this problem for a while apparently.

The gdalinfo script says:

#!/usr/bin/sh

# gdalinfo - temporary wrapper script for .libs/gdalinfo
# Generated by libtool (GNU libtool) 2.4.6
#
# The gdalinfo program cannot be directly executed until all the libtool
# libraries that it depends on are installed.
#
# This wrapper script should never be moved out of the build directory.
# If it is, it will not operate correctly.

# Sed substitution that helps us do robust quoting.  It backslashifies
# metacharacters that are still active within double-quoted strings.




The real problem is that gdalinfo should be a binary and not just a script.

I tried locally to find what is going wrong but without success.

I have an answer : the problems comes first from the install target in the makefile for apps directory

$ diff -u apps/GNUmakefile.orig apps/GNUmakefile
--- apps/GNUmakefile.orig	2020-01-23 13:43:42.990620775 +0100
+++ apps/GNUmakefile	2020-01-23 11:35:46.774852333 +0100
@@ -216,6 +216,8 @@
 
 install: default
 	for f in $(BIN_LIST) ; do $(INSTALL) $$f $(DESTDIR)$(INST_BIN) ; done
+	mkdir -p $(DESTDIR)$(INST_BIN)/.libs
+	for f in $(BIN_LIST) ; do $(INSTALL) .libs/$$f $(DESTDIR)$(INST_BIN)/.libs ; done
 	$(INSTALL_DATA) gdal_utils.h $(DESTDIR)$(INST_INCLUDE)
 	$(INSTALL) gdal-config-inst $(DESTDIR)$(INST_BIN)/gdal-config

this will install also the real binaries in .libs directory

the second change will be in gdal spec file :

diff -u gdal.spec.orig gdal.spec
--- gdal.spec.orig	2020-01-23 13:45:44.543398861 +0100
+++ gdal.spec	2020-01-23 13:45:52.873589247 +0100
@@ -256,7 +256,6 @@
 %doc NEWS VERSION
 %{_datadir}/gdal
 %{_bindir}/*
-%{_bindir}/.libs/*
 %{_mandir}/man1/*
 %{_datadir}/bash-completion/completions/*
 %exclude %{_bindir}/gdal-config

this will include the real binaries in rpm package

CC: (none) => eric.gerbier

The issue from comment 3 onward is now the subject of its own bug 26122.
Setting this bug as depending on that; and that as blocking this.

CC: (none) => lewyssmith
Depends on: (none) => 26122

Thanks Eric!  Fixed package uploaded by David.

gdal-2.4.3-1.1.mga7
python2-gdal-2.4.3-1.1.mga7
python3-gdal-2.4.3-1.1.mga7
libgdal20-2.4.3-1.1.mga7
libgdal-devel-2.4.3-1.1.mga7
libgdal-static-devel-2.4.3-1.1.mga7

from gdal-2.4.3-1.1.mga7.src.rpm

Assignee: geiger.david68210 => qa-bugs
CC: qa-bugs => (none)
Status comment: Update built but gdalinfo command is broken => (none)

Tested new version with merkaartor: I could loa a map, draw a route on it,save the file, reopen the file and see all is there.
Not very successfull at rasping what all the gdal commands are for, but none of them showed the error as before.Two with some success:
$ gdalinfo --version
GDAL 2.4.3, released 2019/10/28
$ gdalsrsinfo meierhoek.mdc (the ile I created with merkaartor

PROJ.4 : +proj=longlat +datum=WGS84 +no_defs 

OGC WKT :
GEOGCS["WGS 84",
    DATUM["WGS_1984",
        SPHEROID["WGS 84",6378137,298.257223563,
            AUTHORITY["EPSG","7030"]],
        AUTHORITY["EPSG","6326"]],
    PRIMEM["Greenwich",0,
        AUTHORITY["EPSG","8901"]],
    UNIT["degree",0.0174532925199433,
        AUTHORITY["EPSG","9122"]],
    AUTHORITY["EPSG","4326"]]
This might make more sense to someone else as to me, but at least there is no immediate problem cropping up.
And
$ ogrinfo meierhoek.mdc 
INFO: Open of `meierhoek.mdc'
      using driver `OSM' successful.
1: points (Point)
2: lines (Line String)
3: multilinestrings (Multi Line String)
4: multipolygons (Multi Polygon)
5: other_relations (Geometry Collection)

Whiteboard: (none) => MGA7-64-OK

Advisory:
========================

Updated gdal packages fix security vulnerability:

Double free vulnerability in OGRExpatRealloc (CVE-2019-17545).

Also, the gdalinfo command, which had been built incorrectly, has been fixed.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17545
https://lists.opensuse.org/opensuse-updates/2019-11/msg00046.html
https://bugs.mageia.org/show_bug.cgi?id=25809
https://bugs.mageia.org/show_bug.cgi?id=26122

Validating this much, anyway. Advisory in Comment 10

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

in reality this package install is broken by design...

installing stuff in ".libs" under %{_bindir} is just broken...

It should be properly fixed atleast in cauldron...

Keywords: (none) => advisory
CC: (none) => tmb

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0068.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED