commit ckb-next for openSUSE:Factory

Source-Sync Mon, 10 Apr 2023 12:49:03 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package ckb-next for openSUSE:Factory 
checked in at 2023-04-10 21:48:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ckb-next (Old)
 and      /work/SRC/openSUSE:Factory/.ckb-next.new.19717 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "ckb-next"

Mon Apr 10 21:48:36 2023 rev:16 rq:1078293 version:0.5.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/ckb-next/ckb-next.changes        2022-05-28 
00:28:22.041674096 +0200
+++ /work/SRC/openSUSE:Factory/.ckb-next.new.19717/ckb-next.changes     
2023-04-10 21:48:36.945052786 +0200
@@ -1,0 +2,6 @@
+Mon Apr 10 18:21:31 UTC 2023 - Luigi Baldoni <aloi...@gmx.com>
+
+- Add fix_buffer_overflow_FORTIFY_SOURCE.patch (see
+  gh#ckb-next/ckb-next/issues#940)
+
+-------------------------------------------------------------------

New:
----
  fix_buffer_overflow_FORTIFY_SOURCE.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ckb-next.spec ++++++
--- /var/tmp/diff_new_pack.rP8TQr/_old  2023-04-10 21:48:37.533056209 +0200
+++ /var/tmp/diff_new_pack.rP8TQr/_new  2023-04-10 21:48:37.541056256 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package ckb-next
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -35,6 +35,8 @@
 # PATCH-FIX-OPENSUSE 422.patch boo#1135528
 Patch5:         422.patch
 Patch6:         harden_ckb-next-daemon.service.patch
+# PATCH-FIX-UPSTREAM fix_buffer_overflow_FORTIFY_SOURCE.patch
+Patch7:         fix_buffer_overflow_FORTIFY_SOURCE.patch
 BuildRequires:  ImageMagick
 BuildRequires:  cmake
 BuildRequires:  hicolor-icon-theme

++++++ fix_buffer_overflow_FORTIFY_SOURCE.patch ++++++
>From c29a9f5e314ddb987b75cb05793ae1bf2bb9ae0c Mon Sep 17 00:00:00 2001
From: Tasos Sahanidis <ta...@tasossah.com>
Date: Sat, 18 Mar 2023 16:13:51 +0200
Subject: [PATCH] Fix buffer overflow detected with _FORTIFY_SOURCE

Technically there's no buffer overflow taking place, but the size
argument passed to snprintf was incorrect.

Closes #940
---
 src/daemon/device_bragi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/daemon/device_bragi.c b/src/daemon/device_bragi.c
index e0690d32..8de99570 100644
--- a/src/daemon/device_bragi.c
+++ b/src/daemon/device_bragi.c
@@ -178,8 +178,8 @@ static int start_bragi_common(usbdevice* kb){
     }
 
     char str[PAIR_ID_SIZE*3+1] = {0};
-    for(uint32_t i = 0; i < PAIR_ID_SIZE; i++)
-        snprintf(str + i * 3, sizeof(str), "%02hhx ", kb->wl_pairing_id[i]);
+    for(int i = 0; i < PAIR_ID_SIZE; i++)
+        snprintf(str + i * 3, sizeof(str) - i * 3, "%02hhx ", 
kb->wl_pairing_id[i]);
 
     ckb_info("ckb%d: Pairing id: %s", INDEX_OF(kb, keyboard), str);

commit ckb-next for openSUSE:Factory

Reply via email to