Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package editorconfig-core-c for
openSUSE:Factory checked in at 2026-04-30 20:25:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/editorconfig-core-c (Old)
and /work/SRC/openSUSE:Factory/.editorconfig-core-c.new.30200 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "editorconfig-core-c"
Thu Apr 30 20:25:40 2026 rev:17 rq:1349884 version:0.12.11
Changes:
--------
--- /work/SRC/openSUSE:Factory/editorconfig-core-c/editorconfig-core-c.changes
2026-03-23 17:11:36.965300148 +0100
+++
/work/SRC/openSUSE:Factory/.editorconfig-core-c.new.30200/editorconfig-core-c.changes
2026-04-30 20:25:42.903316686 +0200
@@ -1,0 +2,8 @@
+Wed Apr 15 22:56:58 UTC 2026 - Andreas Stieger <[email protected]>
+
+- update to 0.12.11:
+ * CVE-2026-40489: l_pattern buffer overflow (boo#1262131)
+ * Fixes for compiler errors/warnings
+- drop editorconfig-core-c-const-correctness.patch
+
+-------------------------------------------------------------------
Old:
----
editorconfig-core-c-0.12.10.tar.gz
editorconfig-core-c-const-correctness.patch
New:
----
editorconfig-core-c-0.12.11.tar.gz
----------(Old B)----------
Old: * Fixes for compiler errors/warnings
- drop editorconfig-core-c-const-correctness.patch
----------(Old E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ editorconfig-core-c.spec ++++++
--- /var/tmp/diff_new_pack.Y8cDwH/_old 2026-04-30 20:25:43.643347059 +0200
+++ /var/tmp/diff_new_pack.Y8cDwH/_new 2026-04-30 20:25:43.643347059 +0200
@@ -18,7 +18,7 @@
Name: editorconfig-core-c
-Version: 0.12.10
+Version: 0.12.11
Release: 0
Summary: EditorConfig core library written in C
License: BSD-2-Clause AND BSD-3-Clause
@@ -26,8 +26,7 @@
URL: https://editorconfig.org/
Source:
https://github.com/editorconfig/editorconfig-core-c/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source99: baselibs.conf
-Patch1: editorconfig-core-c-const-correctness.patch
-BuildRequires: cmake >= 3.16.3
+BuildRequires: cmake >= 3.18.4
BuildRequires: doxygen
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libpcre2-8)
@@ -86,7 +85,7 @@
%build
%cmake
-%make_build
+%cmake_build
%install
%cmake_install
++++++ editorconfig-core-c-0.12.10.tar.gz -> editorconfig-core-c-0.12.11.tar.gz
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/editorconfig-core-c-0.12.10/.github/workflows/CI_build.yml
new/editorconfig-core-c-0.12.11/.github/workflows/CI_build.yml
--- old/editorconfig-core-c-0.12.10/.github/workflows/CI_build.yml
2025-10-04 02:28:10.000000000 +0200
+++ new/editorconfig-core-c-0.12.11/.github/workflows/CI_build.yml
2026-04-15 08:17:14.000000000 +0200
@@ -14,7 +14,7 @@
build_vsver: [17]
steps:
- - uses: actions/checkout@v5
+ - uses: actions/checkout@v6
with:
submodules: recursive
@@ -40,7 +40,7 @@
- name: Archive artifacts for ${{ matrix.build_platform }}
if: matrix.build_configuration == 'Release'
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@v7
with:
name: editorconfig-core-c_${{ env.SHORT_SHA }}_${{
matrix.build_platform }}.zip
path: editorconfig-core-c_${{ env.SHORT_SHA }}_${{
matrix.build_platform }}.zip
@@ -66,7 +66,7 @@
build_platform: ["Unix Makefiles"]
steps:
- - uses: actions/checkout@v5
+ - uses: actions/checkout@v6
with:
submodules: recursive
@@ -104,7 +104,7 @@
build_platform: ["Unix Makefiles"]
steps:
- - uses: actions/checkout@v5
+ - uses: actions/checkout@v6
with:
submodules: recursive
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/editorconfig-core-c-0.12.10/CHANGELOG
new/editorconfig-core-c-0.12.11/CHANGELOG
--- old/editorconfig-core-c-0.12.10/CHANGELOG 2025-10-04 02:28:10.000000000
+0200
+++ new/editorconfig-core-c-0.12.11/CHANGELOG 2026-04-15 08:17:14.000000000
+0200
@@ -1,3 +1,7 @@
+v0.12.11
+
+- Fix CVE-2026-40489
+
v0.12.10
- Make path splitting algorithm UNC-aware (#135)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/editorconfig-core-c-0.12.10/CMakeLists.txt
new/editorconfig-core-c-0.12.11/CMakeLists.txt
--- old/editorconfig-core-c-0.12.10/CMakeLists.txt 2025-10-04
02:28:10.000000000 +0200
+++ new/editorconfig-core-c-0.12.11/CMakeLists.txt 2026-04-15
08:17:14.000000000 +0200
@@ -1,7 +1,7 @@
# CMakeLists.txt for core testing in
# editorconfig-core-c.
#
-# Copyright (c) 2011-2025 EditorConfig Team
+# Copyright (c) 2011-2026 EditorConfig Team
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -26,10 +26,10 @@
# POSSIBILITY OF SUCH DAMAGE.
#
-cmake_minimum_required(VERSION 3.16.3)
-cmake_policy(VERSION 3.16.3)
+cmake_minimum_required(VERSION 3.18.4)
+cmake_policy(VERSION 3.18.4)
-project(editorconfig VERSION "0.12.10" LANGUAGES C)
+project(editorconfig VERSION "0.12.11" LANGUAGES C)
set(PROJECT_VERSION_SUFFIX "")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/editorconfig-core-c-0.12.10/INSTALL.md
new/editorconfig-core-c-0.12.11/INSTALL.md
--- old/editorconfig-core-c-0.12.10/INSTALL.md 2025-10-04 02:28:10.000000000
+0200
+++ new/editorconfig-core-c-0.12.11/INSTALL.md 2026-04-15 08:17:14.000000000
+0200
@@ -6,7 +6,7 @@
Installing From a Binary Package
================================
-Windows binary packages can be downloaded
[here](http://sourceforge.net/projects/editorconfig/files/EditorConfig-C-Core/).
+Windows binary packages can be downloaded the [Release page][].
Windows users can also install EditorConfig core by
[Chocolatey](http://chocolatey.org/packages/editorconfig.core).
@@ -50,8 +50,8 @@
git clone --recursive
https://github.com/editorconfig/editorconfig-core-c.git
-Alternatively, you can download the source tarball/zipfile from [SourceForge][]
-and unarchive it.
+Alternatively, you can download the source tarball/zipfile from the [Release
+page][] and unarchive it.
Start Building
--------------
@@ -181,4 +181,4 @@
[cmake]: https://cmake.org
[PCRE2]: https://pcre.org/
[Visual Studio]: https://visualstudio.microsoft.com
-[SourceForge]:
https://sourceforge.net/projects/editorconfig/files/EditorConfig-C-Core/
+[Release page]: https://github.com/editorconfig/editorconfig-core-c/releases
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/editorconfig-core-c-0.12.10/src/CMakeLists.txt
new/editorconfig-core-c-0.12.11/src/CMakeLists.txt
--- old/editorconfig-core-c-0.12.10/src/CMakeLists.txt 2025-10-04
02:28:10.000000000 +0200
+++ new/editorconfig-core-c-0.12.11/src/CMakeLists.txt 2026-04-15
08:17:14.000000000 +0200
@@ -71,9 +71,15 @@
# Use high warning levels
if(MSVC)
- add_compile_options(/W4 /WX)
+ add_compile_options(/W4)
+ if (CMAKE_BUILD_TYPE STREQUAL "Debug")
+ add_compile_options(/WX)
+ endif()
else()
- add_compile_options(-Wall -Wextra -Wpedantic -Werror)
+ add_compile_options(-Wall -Wextra -Wpedantic)
+ if (CMAKE_BUILD_TYPE STREQUAL "Debug")
+ add_compile_options(-Werror)
+ endif()
endif()
add_subdirectory(lib)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/editorconfig-core-c-0.12.10/src/lib/ec_glob.c
new/editorconfig-core-c-0.12.11/src/lib/ec_glob.c
--- old/editorconfig-core-c-0.12.10/src/lib/ec_glob.c 2025-10-04
02:28:10.000000000 +0200
+++ new/editorconfig-core-c-0.12.11/src/lib/ec_glob.c 2026-04-15
08:17:14.000000000 +0200
@@ -96,8 +96,12 @@
_Bool are_braces_paired = 1;
UT_array * nums; /* number ranges */
int ret = 0;
+ size_t pattern_len = strlen(pattern);
- strcpy(l_pattern, pattern);
+ /* Reject patterns that would overflow l_pattern in the copy below. */
+ if (pattern_len >= sizeof(l_pattern))
+ return -1;
+ memcpy(l_pattern, pattern, pattern_len + 1);
p_pcre = pcre_str + 1;
pcre_str_end = pcre_str + 2 * PATTERN_MAX;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/editorconfig-core-c-0.12.10/src/lib/editorconfig.c
new/editorconfig-core-c-0.12.11/src/lib/editorconfig.c
--- old/editorconfig-core-c-0.12.10/src/lib/editorconfig.c 2025-10-04
02:28:10.000000000 +0200
+++ new/editorconfig-core-c-0.12.11/src/lib/editorconfig.c 2026-04-15
08:17:14.000000000 +0200
@@ -288,7 +288,7 @@
static int split_file_path(char** directory, char** filename,
const char* absolute_path)
{
- char* path_char = strrchr(absolute_path, '/');
+ const char* path_char = strrchr(absolute_path, '/');
if (path_char == NULL) {
if (directory)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/editorconfig-core-c-0.12.10/src/lib/ini.c
new/editorconfig-core-c-0.12.11/src/lib/ini.c
--- old/editorconfig-core-c-0.12.10/src/lib/ini.c 2025-10-04
02:28:10.000000000 +0200
+++ new/editorconfig-core-c-0.12.11/src/lib/ini.c 2026-04-15
08:17:14.000000000 +0200
@@ -90,8 +90,10 @@
/* Version of strncpy that ensures dest (size bytes) is null-terminated. */
static char* strncpy0(char* dest, const char* src, size_t size)
{
- strncpy(dest, src, size);
- dest[size - 1] = '\0';
+ if (size > 0) {
+ strncpy(dest, src, size - 1);
+ dest[size - 1] = '\0';
+ }
return dest;
}
