Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kissfft for openSUSE:Factory checked in at 2026-04-21 12:44:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kissfft (Old) and /work/SRC/openSUSE:Factory/.kissfft.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kissfft" Tue Apr 21 12:44:25 2026 rev:6 rq:1348348 version:131.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kissfft/kissfft.changes 2025-12-03 14:13:56.466145322 +0100 +++ /work/SRC/openSUSE:Factory/.kissfft.new.11940/kissfft.changes 2026-04-21 12:47:04.468033548 +0200 @@ -1,0 +2,7 @@ +Tue Apr 21 05:03:54 UTC 2026 - Luigi Baldoni <[email protected]> + +- Add kissfft-check_for_overflow.patch + (fixes boo#1262416 CVE-2026-41445) +- Add kissfft-fix_testcpp_acosl.patch (fixes build error on 16.0) + +------------------------------------------------------------------- New: ---- kissfft-check_for_overflow.patch kissfft-fix_testcpp_acosl.patch ----------(New B)---------- New: - Add kissfft-check_for_overflow.patch (fixes boo#1262416 CVE-2026-41445) New: (fixes boo#1262416 CVE-2026-41445) - Add kissfft-fix_testcpp_acosl.patch (fixes build error on 16.0) ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kissfft.spec ++++++ --- /var/tmp/diff_new_pack.Kd2iG5/_old 2026-04-21 12:47:06.996138416 +0200 +++ /var/tmp/diff_new_pack.Kd2iG5/_new 2026-04-21 12:47:06.996138416 +0200 @@ -1,7 +1,7 @@ # # spec file for package kissfft # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2020 Packman Team <[email protected]> # Copyright (c) 2017-2020 Fedora Release Engineering <[email protected]> # Copyright (c) 2016 František Dvořák <[email protected]> @@ -32,6 +32,10 @@ Patch1: kissfft-fix_overflow_32bit.patch # PATCH-FIX-UPSTREAM kissfft-fix_python_binary_detection.patch -- fixes test#8 Patch2: kissfft-fix_python_binary_detection.patch +# PATCH-FIX-UPSTREAM kissfft-check_for_overflow.patch -- fixes boo#1262416 +Patch3: kissfft-check_for_overflow.patch +# PATCH-FIX-UPSTREAM kissfft-fix_testcpp_acosl.patch +Patch4: kissfft-fix_testcpp_acosl.patch BuildRequires: cmake # TESTS BuildRequires: gcc-c++ ++++++ kissfft-check_for_overflow.patch ++++++ >From 8a8e66e33d692bad1376fe7904d87d767730537f Mon Sep 17 00:00:00 2001 From: Mark Borgerding <[email protected]> Date: Sat, 31 Jan 2026 16:06:10 -0500 Subject: [PATCH] kiss_fftndr_alloc: check for overflow (and _perhaps_ let combined dims > INT_MAX) --- kiss_fftndr.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/kiss_fftndr.c b/kiss_fftndr.c index e979d03..c1cd27b 100644 --- a/kiss_fftndr.c +++ b/kiss_fftndr.c @@ -13,15 +13,15 @@ struct kiss_fftndr_state { int dimReal; - int dimOther; + size_t dimOther; kiss_fftr_cfg cfg_r; kiss_fftnd_cfg cfg_nd; void * tmpbuf; }; -static int prod(const int *dims, int ndims) +static size_t prod(const int *dims, int ndims) { - int x=1; + size_t x=1; while (ndims--) x *= *dims++; return x; @@ -34,18 +34,30 @@ kiss_fftndr_cfg kiss_fftndr_alloc(const int *dims,int ndims,int inverse_fft,void kiss_fftndr_cfg st = NULL; size_t nr=0 , nd=0,ntmp=0; int dimReal = dims[ndims-1]; - int dimOther = prod(dims,ndims-1); + size_t dimOther = prod(dims,ndims-1); size_t memneeded; char * ptr = NULL; + int k,check; (void)kiss_fftr_alloc(dimReal,inverse_fft,NULL,&nr); (void)kiss_fftnd_alloc(dims,ndims-1,inverse_fft,NULL,&nd); ntmp = MAX( 2*dimOther , dimReal+2) * sizeof(kiss_fft_scalar) // freq buffer for one pass - + dimOther*(dimReal+2) * sizeof(kiss_fft_scalar); // large enough to hold entire input in case of in-place + + dimOther*(size_t)(dimReal+2) * sizeof(kiss_fft_scalar); // large enough to hold entire input in case of in-place memneeded = KISS_FFT_ALIGN_SIZE_UP(sizeof( struct kiss_fftndr_state )) + KISS_FFT_ALIGN_SIZE_UP(nr) + KISS_FFT_ALIGN_SIZE_UP(nd) + KISS_FFT_ALIGN_SIZE_UP(ntmp); + /* check for overflow */ + check = memneeded; + for (k=0;k<ndims;++k) { + check /= dims[k]; + if (check <= sizeof(kiss_fft_scalar)) { + if (lenmem!=NULL) + *lenmem = (size_t)(-1); + return NULL; + } + } + if (lenmem==NULL) { ptr = (char*) malloc(memneeded); }else{ @@ -73,9 +85,9 @@ kiss_fftndr_cfg kiss_fftndr_alloc(const int *dims,int ndims,int inverse_fft,void void kiss_fftndr(kiss_fftndr_cfg st,const kiss_fft_scalar *timedata,kiss_fft_cpx *freqdata) { - int k1,k2; - int dimReal = st->dimReal; - int dimOther = st->dimOther; + size_t k1,k2; + size_t dimReal = (size_t)st->dimReal; + size_t dimOther = st->dimOther; int nrbins = dimReal/2+1; kiss_fft_cpx * tmp1 = (kiss_fft_cpx*)st->tmpbuf; ++++++ kissfft-fix_testcpp_acosl.patch ++++++ >From 5899ee71c5d1590488f7c5580ab78d9980f9c0b1 Mon Sep 17 00:00:00 2001 From: Mark Borgerding <[email protected]> Date: Wed, 26 Nov 2025 10:41:21 -0500 Subject: [PATCH] std::acosl was introduced in c++11, std::acos(long double) overload appears more robust --- test/testcpp.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/testcpp.cc b/test/testcpp.cc index b9dee94..50acada 100644 --- a/test/testcpp.cc +++ b/test/testcpp.cc @@ -45,7 +45,7 @@ void dotest(int nfft) // Create long double constant for pi because M_PIl is not defined by // all toolchains. - const long double pi = std::acosl(-1); + const long double pi = std::acos(static_cast<long double>(-1)); for (int k0=0;k0<nfft;++k0) { complex<long double> acc = 0;
