Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libinput for openSUSE:Factory
checked in at 2022-04-22 21:53:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libinput (Old)
and /work/SRC/openSUSE:Factory/.libinput.new.1538 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libinput"
Fri Apr 22 21:53:33 2022 rev:109 rq:971923 version:1.20.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/libinput/libinput.changes 2022-02-21
17:46:33.487593278 +0100
+++ /work/SRC/openSUSE:Factory/.libinput.new.1538/libinput.changes
2022-04-22 21:54:08.762798598 +0200
@@ -1,0 +2,6 @@
+Wed Apr 20 06:51:42 UTC 2022 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 1.20.1
+ * Format string issue resolved [CVE-2020-1215 bsc#1198111]
+
+-------------------------------------------------------------------
Old:
----
libinput-1.20.0.tar.gz
New:
----
libinput-1.20.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libinput.spec ++++++
--- /var/tmp/diff_new_pack.gvok0g/_old 2022-04-22 21:54:09.530799473 +0200
+++ /var/tmp/diff_new_pack.gvok0g/_new 2022-04-22 21:54:09.534799477 +0200
@@ -1,5 +1,5 @@
#
-# spec file
+# spec file for package libinput
#
# Copyright (c) 2022 SUSE LLC
#
@@ -37,7 +37,7 @@
%define lname libinput10
%define pname libinput
Name: libinput%{?xsuffix}
-Version: 1.20.0
+Version: 1.20.1
Release: 0
Summary: Input device and event processing library
License: MIT
@@ -46,7 +46,7 @@
#Git-Web: https://gitlab.freedesktop.org/libinput/libinput/
#DL-URL: https://gitlab.freedesktop.org/libinput/libinput/-/releases
-Source:
https://gitlab.freedesktop.org/libinput/libinput/-/archive/1.20.0/libinput-1.20.0.tar.gz
+Source:
https://gitlab.freedesktop.org/libinput/libinput/-/archive/%version/libinput-%version.tar.gz
Source3: baselibs.conf
Source5: libinput-rpmlintrc
Patch1: kill-env.diff
++++++ libinput-1.20.0.tar.gz -> libinput-1.20.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libinput-1.20.0/meson.build
new/libinput-1.20.1/meson.build
--- old/libinput-1.20.0/meson.build 2022-02-19 13:32:09.000000000 +0100
+++ new/libinput-1.20.1/meson.build 2022-04-20 07:24:35.000000000 +0200
@@ -1,5 +1,5 @@
project('libinput', 'c',
- version : '1.20.0',
+ version : '1.20.1',
license : 'MIT/Expat',
default_options : [ 'c_std=gnu99', 'warning_level=2' ],
meson_version : '>= 0.49.0')
@@ -733,6 +733,7 @@
'test/litest-device-dell-canvas-totem-touch.c',
'test/litest-device-elantech-touchpad.c',
'test/litest-device-elan-tablet.c',
+ 'test/litest-device-format-string.c',
'test/litest-device-generic-pressurepad.c',
'test/litest-device-generic-singletouch.c',
'test/litest-device-gpio-keys.c',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libinput-1.20.0/src/evdev.c
new/libinput-1.20.1/src/evdev.c
--- old/libinput-1.20.0/src/evdev.c 2022-02-19 13:32:09.000000000 +0100
+++ new/libinput-1.20.1/src/evdev.c 2022-04-20 07:24:35.000000000 +0200
@@ -2356,19 +2356,19 @@
struct libinput *libinput = seat->libinput;
struct evdev_device *device = NULL;
int rc;
- int fd;
+ int fd = -1;
int unhandled_device = 0;
const char *devnode = udev_device_get_devnode(udev_device);
- const char *sysname = udev_device_get_sysname(udev_device);
+ char *sysname = str_sanitize(udev_device_get_sysname(udev_device));
if (!devnode) {
log_info(libinput, "%s: no device node associated\n", sysname);
- return NULL;
+ goto err;
}
if (udev_device_should_be_ignored(udev_device)) {
log_debug(libinput, "%s: device is ignored\n", sysname);
- return NULL;
+ goto err;
}
/* Use non-blocking mode so that we can loop on read on
@@ -2382,13 +2382,15 @@
sysname,
devnode,
strerror(-fd));
- return NULL;
+ goto err;
}
if (!evdev_device_have_same_syspath(udev_device, fd))
goto err;
device = zalloc(sizeof *device);
+ device->sysname = sysname;
+ sysname = NULL;
libinput_device_init(&device->base, seat);
libinput_seat_ref(seat);
@@ -2411,6 +2413,9 @@
device->dispatch = NULL;
device->fd = fd;
device->devname = libevdev_get_name(device->evdev);
+ /* the log_prefix_name is used as part of a printf format string and
+ * must not contain % directives, see evdev_log_msg */
+ device->log_prefix_name = str_sanitize(device->devname);
device->scroll.threshold = 5.0; /* Default may be overridden */
device->scroll.direction_lock_threshold = 5.0; /* Default may be
overridden */
device->scroll.direction = 0;
@@ -2451,12 +2456,16 @@
return device;
err:
- close_restricted(libinput, fd);
- if (device) {
- unhandled_device = device->seat_caps == 0;
- evdev_device_destroy(device);
+ if (fd >= 0) {
+ close_restricted(libinput, fd);
+ if (device) {
+ unhandled_device = device->seat_caps == 0;
+ evdev_device_destroy(device);
+ }
}
+ free(sysname);
+
return unhandled_device ? EVDEV_UNHANDLED_DEVICE : NULL;
}
@@ -2469,7 +2478,7 @@
const char *
evdev_device_get_sysname(struct evdev_device *device)
{
- return udev_device_get_sysname(device->udev_device);
+ return device->sysname;
}
const char *
@@ -3066,6 +3075,8 @@
if (device->base.group)
libinput_device_group_unref(device->base.group);
+ free(device->log_prefix_name);
+ free(device->sysname);
free(device->output_name);
filter_destroy(device->pointer.filter);
libinput_timer_destroy(&device->scroll.timer);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libinput-1.20.0/src/evdev.h
new/libinput-1.20.1/src/evdev.h
--- old/libinput-1.20.0/src/evdev.h 2022-02-19 13:32:09.000000000 +0100
+++ new/libinput-1.20.1/src/evdev.h 2022-04-20 07:24:35.000000000 +0200
@@ -169,6 +169,8 @@
struct udev_device *udev_device;
char *output_name;
const char *devname;
+ char *log_prefix_name;
+ char *sysname;
bool was_removed;
int fd;
enum evdev_device_seat_capability seat_caps;
@@ -786,7 +788,7 @@
sizeof(buf),
"%-7s - %s%s%s",
evdev_device_get_sysname(device),
- (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ? device->devname :
"",
+ (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?
device->log_prefix_name : "",
(priority > LIBINPUT_LOG_PRIORITY_DEBUG) ? ": " : "",
format);
@@ -824,7 +826,7 @@
sizeof(buf),
"%-7s - %s%s%s",
evdev_device_get_sysname(device),
- (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ? device->devname :
"",
+ (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?
device->log_prefix_name : "",
(priority > LIBINPUT_LOG_PRIORITY_DEBUG) ? ": " : "",
format);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libinput-1.20.0/src/util-strings.h
new/libinput-1.20.1/src/util-strings.h
--- old/libinput-1.20.0/src/util-strings.h 2022-02-19 13:32:09.000000000
+0100
+++ new/libinput-1.20.1/src/util-strings.h 2022-04-20 07:24:35.000000000
+0200
@@ -43,6 +43,8 @@
#include <xlocale.h>
#endif
+#include "util-macros.h"
+
static inline bool
streq(const char *str1, const char *str2)
{
@@ -398,3 +400,31 @@
char *
trunkname(const char *filename);
+
+/**
+ * Return a copy of str with all % converted to %% to make the string
+ * acceptable as printf format.
+ */
+static inline char *
+str_sanitize(const char *str)
+{
+ if (!str)
+ return NULL;
+
+ if (!strchr(str, '%'))
+ return strdup(str);
+
+ size_t slen = min(strlen(str), 512);
+ char *sanitized = zalloc(2 * slen + 1);
+ const char *src = str;
+ char *dst = sanitized;
+
+ for (size_t i = 0; i < slen; i++) {
+ if (*src == '%')
+ *dst++ = '%';
+ *dst++ = *src++;
+ }
+ *dst = '\0';
+
+ return sanitized;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libinput-1.20.0/test/litest-device-format-string.c
new/libinput-1.20.1/test/litest-device-format-string.c
--- old/libinput-1.20.0/test/litest-device-format-string.c 1970-01-01
01:00:00.000000000 +0100
+++ new/libinput-1.20.1/test/litest-device-format-string.c 2022-04-20
07:24:35.000000000 +0200
@@ -0,0 +1,56 @@
+
+/*
+ * Copyright ?? 2013 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the next
+ * paragraph) shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#include "config.h"
+
+#include "litest.h"
+#include "litest-int.h"
+
+static struct input_id input_id = {
+ .bustype = 0x3,
+ .vendor = 0x0123,
+ .product = 0x0456,
+};
+
+static int events[] = {
+ EV_KEY, BTN_LEFT,
+ EV_KEY, BTN_RIGHT,
+ EV_KEY, BTN_MIDDLE,
+ EV_REL, REL_X,
+ EV_REL, REL_Y,
+ EV_REL, REL_WHEEL,
+ EV_REL, REL_WHEEL_HI_RES,
+ -1 , -1,
+};
+
+TEST_DEVICE("mouse-format-string",
+ .type = LITEST_MOUSE_FORMAT_STRING,
+ .features = LITEST_RELATIVE | LITEST_BUTTON | LITEST_WHEEL,
+ .interface = NULL,
+
+ .name = "Evil %s %d %x Mouse %p %",
+ .id = &input_id,
+ .absinfo = NULL,
+ .events = events,
+)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libinput-1.20.0/test/litest.h
new/libinput-1.20.1/test/litest.h
--- old/libinput-1.20.0/test/litest.h 2022-02-19 13:32:09.000000000 +0100
+++ new/libinput-1.20.1/test/litest.h 2022-04-20 07:24:35.000000000 +0200
@@ -321,6 +321,7 @@
LITEST_SYNAPTICS_PRESSUREPAD,
LITEST_GENERIC_PRESSUREPAD,
LITEST_WACOM_ISDV4_524C_PEN,
+ LITEST_MOUSE_FORMAT_STRING,
};
#define LITEST_DEVICELESS -2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libinput-1.20.0/test/test-utils.c
new/libinput-1.20.1/test/test-utils.c
--- old/libinput-1.20.0/test/test-utils.c 2022-02-19 13:32:09.000000000
+0100
+++ new/libinput-1.20.1/test/test-utils.c 2022-04-20 07:24:35.000000000
+0200
@@ -1267,6 +1267,31 @@
}
END_TEST
+START_TEST(strsanitize_test)
+{
+ struct strsanitize_test {
+ const char *string;
+ const char *expected;
+ } tests[] = {
+ { "foobar", "foobar" },
+ { "", "" },
+ { "%", "%%" },
+ { "%%%%", "%%%%%%%%" },
+ { "x %s", "x %%s" },
+ { "x %", "x %%" },
+ { "%sx", "%%sx" },
+ { "%s%s", "%%s%%s" },
+ { NULL, NULL },
+ };
+
+ for (struct strsanitize_test *t = tests; t->string; t++) {
+ char *sanitized = str_sanitize(t->string);
+ ck_assert_str_eq(sanitized, t->expected);
+ free(sanitized);
+ }
+}
+END_TEST
+
START_TEST(list_test_insert)
{
struct list_test {
@@ -1489,6 +1514,7 @@
tcase_add_test(tc, strstrip_test);
tcase_add_test(tc, strendswith_test);
tcase_add_test(tc, strstartswith_test);
+ tcase_add_test(tc, strsanitize_test);
tcase_add_test(tc, time_conversion);
tcase_add_test(tc, human_time);
