Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ckb-next for openSUSE:Factory checked in at 2023-04-10 21:48:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ckb-next (Old) and /work/SRC/openSUSE:Factory/.ckb-next.new.19717 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ckb-next" Mon Apr 10 21:48:36 2023 rev:16 rq:1078293 version:0.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/ckb-next/ckb-next.changes 2022-05-28 00:28:22.041674096 +0200 +++ /work/SRC/openSUSE:Factory/.ckb-next.new.19717/ckb-next.changes 2023-04-10 21:48:36.945052786 +0200 @@ -1,0 +2,6 @@ +Mon Apr 10 18:21:31 UTC 2023 - Luigi Baldoni <aloi...@gmx.com> + +- Add fix_buffer_overflow_FORTIFY_SOURCE.patch (see + gh#ckb-next/ckb-next/issues#940) + +------------------------------------------------------------------- New: ---- fix_buffer_overflow_FORTIFY_SOURCE.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ckb-next.spec ++++++ --- /var/tmp/diff_new_pack.rP8TQr/_old 2023-04-10 21:48:37.533056209 +0200 +++ /var/tmp/diff_new_pack.rP8TQr/_new 2023-04-10 21:48:37.541056256 +0200 @@ -1,7 +1,7 @@ # # spec file for package ckb-next # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -35,6 +35,8 @@ # PATCH-FIX-OPENSUSE 422.patch boo#1135528 Patch5: 422.patch Patch6: harden_ckb-next-daemon.service.patch +# PATCH-FIX-UPSTREAM fix_buffer_overflow_FORTIFY_SOURCE.patch +Patch7: fix_buffer_overflow_FORTIFY_SOURCE.patch BuildRequires: ImageMagick BuildRequires: cmake BuildRequires: hicolor-icon-theme ++++++ fix_buffer_overflow_FORTIFY_SOURCE.patch ++++++ >From c29a9f5e314ddb987b75cb05793ae1bf2bb9ae0c Mon Sep 17 00:00:00 2001 From: Tasos Sahanidis <ta...@tasossah.com> Date: Sat, 18 Mar 2023 16:13:51 +0200 Subject: [PATCH] Fix buffer overflow detected with _FORTIFY_SOURCE Technically there's no buffer overflow taking place, but the size argument passed to snprintf was incorrect. Closes #940 --- src/daemon/device_bragi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/daemon/device_bragi.c b/src/daemon/device_bragi.c index e0690d32..8de99570 100644 --- a/src/daemon/device_bragi.c +++ b/src/daemon/device_bragi.c @@ -178,8 +178,8 @@ static int start_bragi_common(usbdevice* kb){ } char str[PAIR_ID_SIZE*3+1] = {0}; - for(uint32_t i = 0; i < PAIR_ID_SIZE; i++) - snprintf(str + i * 3, sizeof(str), "%02hhx ", kb->wl_pairing_id[i]); + for(int i = 0; i < PAIR_ID_SIZE; i++) + snprintf(str + i * 3, sizeof(str) - i * 3, "%02hhx ", kb->wl_pairing_id[i]); ckb_info("ckb%d: Pairing id: %s", INDEX_OF(kb, keyboard), str);