Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sso-mib for openSUSE:Factory checked in at 2026-04-23 17:09:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sso-mib (Old) and /work/SRC/openSUSE:Factory/.sso-mib.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sso-mib" Thu Apr 23 17:09:45 2026 rev:3 rq:1348935 version:0.8.1 Changes: -------- --- /work/SRC/openSUSE:Factory/sso-mib/sso-mib.changes 2026-03-18 16:51:48.676305614 +0100 +++ /work/SRC/openSUSE:Factory/.sso-mib.new.11940/sso-mib.changes 2026-04-23 17:14:09.000226203 +0200 @@ -1,0 +2,7 @@ +Thu Apr 23 11:32:49 UTC 2026 - Luca Boccassi <[email protected]> + +- Import version 0.8.1 + This bugfix release hardens the codebase against various kinds of + errors + +------------------------------------------------------------------- Old: ---- sso-mib-0.8.0.tar.gz New: ---- sso-mib-0.8.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sso-mib.spec ++++++ --- /var/tmp/diff_new_pack.CaWzpH/_old 2026-04-23 17:14:09.884262611 +0200 +++ /var/tmp/diff_new_pack.CaWzpH/_new 2026-04-23 17:14:09.888262775 +0200 @@ -18,7 +18,7 @@ %global soversion 0 Name: sso-mib -Version: 0.8.0 +Version: 0.8.1 Release: 1%{?dist} Summary: Tools and library for Single-Sign-On with CA for Entra via Himmelblau ++++++ sso-mib-0.8.0.tar.gz -> sso-mib-0.8.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sso-mib-0.8.0/debian/changelog new/sso-mib-0.8.1/debian/changelog --- old/sso-mib-0.8.0/debian/changelog 2026-03-17 10:52:48.000000000 +0100 +++ new/sso-mib-0.8.1/debian/changelog 2026-04-23 12:55:06.000000000 +0200 @@ -1,3 +1,9 @@ +sso-mib (0.8.1) unstable; urgency=medium + + * Update to 0.8.1 release + + -- Felix Moessbauer <[email protected]> Thu, 23 Apr 2026 12:37:34 +0200 + sso-mib (0.8.0) unstable; urgency=medium * Update to 0.8.0 release diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sso-mib-0.8.0/examples/avatar/main.c new/sso-mib-0.8.1/examples/avatar/main.c --- old/sso-mib-0.8.0/examples/avatar/main.c 2026-03-17 10:52:48.000000000 +0100 +++ new/sso-mib-0.8.1/examples/avatar/main.c 2026-04-23 12:55:06.000000000 +0200 @@ -77,8 +77,8 @@ printf("Acquire Bearer token\n"); scopes = g_slist_append(scopes, g_strdup("User.Read")); - MIBPrt *prt = - mib_client_app_acquire_token_silent(app, account, scopes, NULL, NULL, NULL); + MIBPrt *prt = mib_client_app_acquire_token_silent(app, account, scopes, + NULL, NULL, NULL); if (!prt) { printf("Failed to get Graph API token\n"); ret = -1; @@ -90,7 +90,8 @@ printf("Successfully stored avatar picture in 'avatar.jpg'\n"); cleanup: - fclose(f); + if (f) + fclose(f); g_slist_free_full(scopes, (GDestroyNotify)g_free); g_slist_free_full(accounts, (GDestroyNotify)g_object_unref); g_clear_object(&prt); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sso-mib-0.8.0/examples/onedrive/main.c new/sso-mib-0.8.1/examples/onedrive/main.c --- old/sso-mib-0.8.0/examples/onedrive/main.c 2026-03-17 10:52:48.000000000 +0100 +++ new/sso-mib-0.8.1/examples/onedrive/main.c 2026-04-23 12:55:06.000000000 +0200 @@ -9,6 +9,7 @@ #include "sso-mib.h" #include <curl/curl.h> #include <json-glib/json-glib.h> +#include <stdint.h> /* OneDrive Client for Linux */ #define CLIENT_ID "d50ca740-c83f-4d1b-b616-12c519384f0c" @@ -31,9 +32,16 @@ */ static size_t cb(char *data, size_t size, size_t nmemb, void *clientp) { - size_t realsize = size * nmemb; + size_t realsize; struct memory *mem = (struct memory *)clientp; + if (size != 0 && nmemb > SIZE_MAX / size) + return 0; + realsize = size * nmemb; + + if (realsize > SIZE_MAX - mem->size - 1) + return 0; + char *ptr = realloc(mem->response, mem->size + realsize + 1); if (!ptr) return 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sso-mib-0.8.0/meson.build new/sso-mib-0.8.1/meson.build --- old/sso-mib-0.8.0/meson.build 2026-03-17 10:52:48.000000000 +0100 +++ new/sso-mib-0.8.1/meson.build 2026-04-23 12:55:06.000000000 +0200 @@ -3,7 +3,7 @@ project( 'sso-mib', 'c', - version : '0.8.0', + version : '0.8.1', default_options : ['c_std=gnu11', 'warning_level=3'], ) project_description = 'Library to interact with the Microsoft Device Broker for SSO' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sso-mib-0.8.0/src/mib-client-app.c new/sso-mib-0.8.1/src/mib-client-app.c --- old/sso-mib-0.8.0/src/mib-client-app.c 2026-03-17 10:52:48.000000000 +0100 +++ new/sso-mib-0.8.1/src/mib-client-app.c 2026-04-23 12:55:06.000000000 +0200 @@ -90,13 +90,14 @@ g_assert(client_id); g_assert(authority); - if (strlen(client_id) != UUID_STR_LEN - 1) { + uuid_t client_uuid; + if (uuid_parse(client_id, client_uuid) != 0) { g_warning("client id is not a UUID\n"); return NULL; } MIBClientApp *self = g_object_new(MIB_TYPE_CLIENT_APP, NULL); - strncpy(self->client_id, client_id, UUID_STR_LEN - 1); + uuid_unparse_lower(client_uuid, self->client_id); uuid_generate_random(correlation_id); uuid_unparse_lower(correlation_id, self->correlation_id); self->authority = g_strdup(authority); @@ -169,9 +170,13 @@ return NULL; } JsonObject *accounts = json_object_from_string(response); + g_free(response); + if (!accounts) { + g_warning("could not parse accounts response"); + return NULL; + } debug_print_json_object("mib_client_app_get_accounts_raw", "response", accounts); - g_free(response); return accounts; } @@ -483,8 +488,12 @@ return NULL; } token = json_object_from_string(response); - debug_print_json_object("mib_acquire_token_silent_raw", "response", token); g_free(response); + if (!token) { + g_warning("could not parse token response"); + return NULL; + } + debug_print_json_object("mib_acquire_token_silent_raw", "response", token); return token; } @@ -572,9 +581,13 @@ return NULL; } token = json_object_from_string(response); + g_free(response); + if (!token) { + g_warning("could not parse token response"); + return NULL; + } debug_print_json_object("mib_acquire_token_interactive_raw", "response", token); - g_free(response); return token; } @@ -683,9 +696,13 @@ return NULL; } cookie = json_object_from_string(response); + g_free(response); + if (!cookie) { + g_warning("could not parse PRT SSO cookie response"); + return NULL; + } debug_print_json_object("mib_acquire_prt_sso_cookie_raw", "response", cookie); - g_free(response); return cookie; } @@ -741,9 +758,13 @@ return NULL; } JsonObject *token = json_object_from_string(response); + g_free(response); + if (!token) { + g_warning("could not parse signed HTTP request response"); + return NULL; + } debug_print_json_object("mib_generate_signed_http_request_raw", "response", token); - g_free(response); return token; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sso-mib-0.8.0/src/mib-utils.c new/sso-mib-0.8.1/src/mib-utils.c --- old/sso-mib-0.8.0/src/mib-utils.c 2026-03-17 10:52:48.000000000 +0100 +++ new/sso-mib-0.8.1/src/mib-utils.c 2026-04-23 12:55:06.000000000 +0200 @@ -50,7 +50,7 @@ gboolean parse_ok = json_parser_load_from_data(parser, data, -1, &error); if (!parse_ok) { g_warning("could not parse JSON: %s", error->message); - g_warning("data: %s", data); + g_debug("data: %s", data); g_error_free(error); g_object_unref(parser); return NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sso-mib-0.8.0/src/sso-mib-tool.c new/sso-mib-0.8.1/src/sso-mib-tool.c --- old/sso-mib-0.8.0/src/sso-mib-tool.c 2026-03-17 10:52:48.000000000 +0100 +++ new/sso-mib-0.8.1/src/sso-mib-tool.c 2026-04-23 12:55:06.000000000 +0200 @@ -195,16 +195,19 @@ static void print_account(MIBAccount *account, gchar *prefix) { - char realm_str[37]; + char realm_str[UUID_STR_LEN]; uuid_t realm; mib_account_get_realm(account, realm); uuid_unparse(realm, realm_str); - g_print("%sclient-info: %s\n", prefix, - mib_account_get_client_info(account)); + const gchar *client_info = mib_account_get_client_info(account); + const gchar *family_name = mib_account_get_family_name(account); + + if (client_info) + g_print("%sclient-info: %s\n", prefix, client_info); g_print("%senvironment: %s\n", prefix, mib_account_get_environment(account)); - g_print("%sfamily-name: %s\n", prefix, - mib_account_get_family_name(account)); + if (family_name) + g_print("%sfamily-name: %s\n", prefix, family_name); g_print("%sgiven-name: %s\n", prefix, mib_account_get_given_name(account)); g_print("%shome-account-id: %s\n", prefix, mib_account_get_home_account_id(account)); @@ -229,7 +232,7 @@ static void json_builder_add_account(JsonBuilder *builder, MIBAccount *account) { - char realm_str[37]; + char realm_str[UUID_STR_LEN]; uuid_t realm; mib_account_get_realm(account, realm); uuid_unparse(realm, realm_str); @@ -577,6 +580,10 @@ g_print("Error: -c <command> is required\n"); return 1; } + if (account_idx < 0) { + g_print("Error: -a <account-idx> cannot be negative\n"); + return 1; + } if (scopes && (strncmp(command, "acquire", strlen("acquire")) != 0)) { g_slist_free_full(scopes, g_free); g_printerr( @@ -649,11 +656,15 @@ g_slist_free_full(accounts, (GDestroyNotify)g_object_unref); } else if (strcmp(command, "removeAccount") == 0) { GSList *accounts = mib_client_app_get_accounts(app); - if (!accounts) { - g_print("No accounts registered\n"); + if (!accounts || (unsigned)account_idx >= g_slist_length(accounts)) { + if (!accounts) + g_print("No accounts registered\n"); + else + g_print("Invalid account index\n"); + g_slist_free_full(accounts, (GDestroyNotify)g_object_unref); g_object_unref(app); g_object_unref(cancellable); - return 0; + return 1; } MIBAccount *account = g_slist_nth_data(accounts, account_idx); g_print("Selected account: %s\n", mib_account_get_username(account)); @@ -670,9 +681,11 @@ } else if (strcmp(command, "acquirePrtSsoCookie") == 0) { scopes = default_scope_if_empty(scopes); GSList *accounts = mib_client_app_get_accounts(app); - if (!accounts) { - g_print("Error[acquirePrtSsoCookie]: No accounts found\n"); + if (!accounts || (unsigned)account_idx >= g_slist_length(accounts)) { + g_print("Error[acquirePrtSsoCookie]: %s\n", + !accounts ? "No accounts found" : "Invalid account index"); g_slist_free_full(scopes, g_free); + g_slist_free_full(accounts, (GDestroyNotify)g_object_unref); g_object_unref(app); g_object_unref(cancellable); return 1; @@ -702,9 +715,11 @@ } else if (strcmp(command, "acquireTokenSilent") == 0) { scopes = default_scope_if_empty(scopes); GSList *accounts = mib_client_app_get_accounts(app); - if (!accounts) { - g_print("Error[acquireTokenSilent]: No accounts found\n"); + if (!accounts || (unsigned)account_idx >= g_slist_length(accounts)) { + g_print("Error[acquireTokenSilent]: %s\n", + !accounts ? "No accounts found" : "Invalid account index"); g_slist_free_full(scopes, g_free); + g_slist_free_full(accounts, (GDestroyNotify)g_object_unref); g_object_unref(app); g_object_unref(cancellable); return 1; @@ -768,8 +783,10 @@ } } else if (strcmp(command, "generateSignedHttpRequest") == 0) { GSList *accounts = mib_client_app_get_accounts(app); - if (!accounts) { - g_print("Error[generateSignedHttpRequest]: No accounts found\n"); + if (!accounts || (unsigned)account_idx >= g_slist_length(accounts)) { + g_print("Error[generateSignedHttpRequest]: %s\n", + !accounts ? "No accounts found" : "Invalid account index"); + g_slist_free_full(accounts, (GDestroyNotify)g_object_unref); g_object_unref(app); g_object_unref(cancellable); return 1;
