Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package godot for openSUSE:Factory checked 
in at 2022-09-17 20:10:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/godot (Old)
 and      /work/SRC/openSUSE:Factory/.godot.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "godot"

Sat Sep 17 20:10:40 2022 rev:21 rq:1004169 version:3.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/godot/godot.changes      2022-08-15 
20:00:30.509442933 +0200
+++ /work/SRC/openSUSE:Factory/.godot.new.2083/godot.changes    2022-09-17 
20:10:53.257251652 +0200
@@ -0,0 +1,5 @@
+Mon Sep 12 12:00:00 UTC 2022 - cu...@mail.de
+
+- Heap-buffer-overflow in bundled thirdparty tool tinyexr
+  * added tinyexr_thirdparty_upstream.patch from upstream tinyexr (boo#1203278)
+

New:
----
  tinyexr_thirdparty_upstream.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ godot.spec ++++++
--- /var/tmp/diff_new_pack.lxBM0M/_old  2022-09-17 20:10:53.889253475 +0200
+++ /var/tmp/diff_new_pack.lxBM0M/_new  2022-09-17 20:10:53.893253486 +0200
@@ -36,6 +36,8 @@
 Patch0:         linker_pie_flag.patch
 # Use system certificates as fallback for certificates
 Patch1:         certs_fallback.patch
+# Heap-buffer-overflow in bundled tinyexr
+Patch2:         tinyexr_thirdparty_upstream.patch
 BuildRequires:  Mesa-devel
 BuildRequires:  desktop-file-utils
 BuildRequires:  fdupes
@@ -243,6 +245,7 @@
 %setup -q -n %{name}-%{version}-stable
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 cp thirdparty/README.md thirdparty_README.md
 

++++++ tinyexr_thirdparty_upstream.patch ++++++
>From cc1b199dd17b700c3130a53866ea462ab88e7f82 Mon Sep 17 00:00:00 2001
From: 0xdd96 <1011085...@qq.com>
Date: Wed, 6 Jul 2022 12:14:50 +0800
Subject: [PATCH] Add bounds check to address #169
References:   https://bugzilla.opensuse.org/show_bug.cgi?id=1203278
              https://github.com/syoyo/tinyexr/issues/169
              
https://github.com/syoyo/tinyexr/pull/170/commits/cc1b199dd17b700c3130a53866ea462ab88e7f82
Rebased: 20220912 by cunix

diff -r -U 5 a/thirdparty/tinyexr/tinyexr.h b/thirdparty/tinyexr/tinyexr.h
--- a/thirdparty/tinyexr/tinyexr.h
+++ b/thirdparty/tinyexr/tinyexr.h
@@ -1454,11 +1454,11 @@
       in += count;
     } else {
       int count = *in++;
       inLength -= 2;
 
-      if (0 > (maxLength -= count + 1)) return 0;
+      if (0 > (maxLength -= count + 1) || inLength < 0) return 0;
 
       memset(out, *reinterpret_cast<const char *>(in), count + 1);
       out += count + 1;
 
       in++;

Reply via email to