From f6713fbd415177f3008a159444ad2132624ef243 Mon Sep 17 00:00:00 2001
From: Troy Dawson <tdawson@redhat.com>
Date: Thu, 9 Feb 2023 12:35:05 -0800
Subject: [PATCH] Backport fix for CVE-2022-0699 (#2054306)

---
 df1e996c541b3dc3f6bc8d589a140fdc8c544373.patch | 11 +++++++++++
 shapelib.spec                                  |  9 +++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 df1e996c541b3dc3f6bc8d589a140fdc8c544373.patch

diff --git a/df1e996c541b3dc3f6bc8d589a140fdc8c544373.patch b/df1e996c541b3dc3f6bc8d589a140fdc8c544373.patch
new file mode 100644
index 0000000..ea734cc
--- /dev/null
+++ b/df1e996c541b3dc3f6bc8d589a140fdc8c544373.patch
@@ -0,0 +1,11 @@
+diff -rupN --no-dereference shapelib-1.5.0/contrib/shpsort.c shapelib-1.5.0-new/contrib/shpsort.c
+--- shapelib-1.5.0/contrib/shpsort.c	2004-07-06 23:23:17.000000000 +0200
++++ shapelib-1.5.0-new/contrib/shpsort.c	2022-03-02 13:35:48.322878882 +0100
+@@ -279,7 +279,6 @@ static char ** split(const char *arg, co
+ 	free(result[--i]);
+       }
+       free(result);
+-      free(copy);
+       return NULL;
+     }
+     result = tmp;
diff --git a/shapelib.spec b/shapelib.spec
index 69d211a..935075b 100644
--- a/shapelib.spec
+++ b/shapelib.spec
@@ -2,7 +2,7 @@
 
 Name:          shapelib
 Version:       1.5.0
-Release:       5%{?pre:.%pre}%{?dist}
+Release:       12%{?pre:.%pre}%{?dist}
 Summary:       C library for handling ESRI Shapefiles
 # The core library is dual-licensed LGPLv2 or MIT.
 # Some contributed files have different licenses:
@@ -18,6 +18,8 @@ Source0:       http://download.osgeo.org/shapelib/%{name}-%{version}%{?pre:%pre}
 # tar -czf shapelib-man.tar.gz man/
 # rm -r man
 Source1:       %{name}-man.tar.gz
+# Backport fix for CVE-2022-0699
+Patch0:        https://github.com/OSGeo/shapelib/commit/df1e996c541b3dc3f6bc8d589a140fdc8c544373.patch
 
 BuildRequires: automake autoconf libtool
 BuildRequires: gcc-c++
@@ -50,7 +52,7 @@ This package contains various utility programs distributed with shapelib.
 
 
 %prep
-%autosetup -a1
+%autosetup -p1 -a1
 
 
 %build
@@ -92,6 +94,9 @@ install -pm 0644 man/*.1 %{buildroot}%{_mandir}/man1/
 
 
 %changelog
+* Thu Feb 09 2023 Troy Dawson <tdawson@redhat.com> - 1.5.0-12
+- Backport fix for CVE-2022-0699
+
 * Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild