Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package orcania for openSUSE:Factory checked in at 2023-09-21 22:14:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/orcania (Old) and /work/SRC/openSUSE:Factory/.orcania.new.1770 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "orcania" Thu Sep 21 22:14:05 2023 rev:14 rq:1112556 version:2.3.3 Changes: -------- --- /work/SRC/openSUSE:Factory/orcania/orcania.changes 2023-01-12 22:45:19.645213262 +0100 +++ /work/SRC/openSUSE:Factory/.orcania.new.1770/orcania.changes 2023-09-21 22:15:07.547613930 +0200 @@ -1,0 +2,6 @@ +Mon Sep 18 14:51:21 UTC 2023 - Martin Hauke <mar...@gmx.de> + +- Update to version 2.3.3 + * Enforce base64decode + +------------------------------------------------------------------- Old: ---- orcania-2.3.2.tar.gz New: ---- orcania-2.3.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ orcania.spec ++++++ --- /var/tmp/diff_new_pack.ABcLui/_old 2023-09-21 22:15:08.539649935 +0200 +++ /var/tmp/diff_new_pack.ABcLui/_new 2023-09-21 22:15:08.543650080 +0200 @@ -19,7 +19,7 @@ %define sover 2_3 Name: orcania -Version: 2.3.2 +Version: 2.3.3 Release: 0 Summary: MISC function Library License: LGPL-2.1-or-later ++++++ orcania-2.3.2.tar.gz -> orcania-2.3.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/orcania-2.3.2/.github/workflows/codeql-analysis.yml new/orcania-2.3.3/.github/workflows/codeql-analysis.yml --- old/orcania-2.3.2/.github/workflows/codeql-analysis.yml 2022-12-17 22:22:11.000000000 +0100 +++ new/orcania-2.3.3/.github/workflows/codeql-analysis.yml 2023-08-11 22:57:11.000000000 +0200 @@ -1,4 +1,4 @@ -name: "CodeQL" +name: "CodeQL V1" on: push: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/orcania-2.3.2/.github/workflows/codeql-v2.yml new/orcania-2.3.3/.github/workflows/codeql-v2.yml --- old/orcania-2.3.2/.github/workflows/codeql-v2.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/orcania-2.3.3/.github/workflows/codeql-v2.yml 2023-08-11 22:57:11.000000000 +0200 @@ -0,0 +1,88 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL V2" + +on: + push: + branches: [ "master" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "master" ] + schedule: + - cron: '42 7 * * 0' + +jobs: + analyze: + name: Analyze + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners + # Consider using larger runners for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'cpp' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ] + # Use only 'java' to analyze code written in Java, Kotlin or both + # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # â¹ï¸ Command-line programs to run using the OS shell. + # ð See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + - run: | + sudo apt-get update + sudo apt-get install -y cmake pkg-config doxygen + mkdir build + cd build + cmake -DBUILD_ORCANIA_DOCUMENTATION=on .. + make + make doc + sudo make install + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/orcania-2.3.2/CHANGELOG.md new/orcania-2.3.3/CHANGELOG.md --- old/orcania-2.3.2/CHANGELOG.md 2022-12-17 22:22:11.000000000 +0100 +++ new/orcania-2.3.3/CHANGELOG.md 2023-08-11 22:57:11.000000000 +0200 @@ -1,5 +1,9 @@ # Orcania Changelog +## 2.3.3 + +- Enforce base64decode + ## 2.3.2 - Improve cmake script and MSVC support diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/orcania-2.3.2/CMakeLists.txt new/orcania-2.3.3/CMakeLists.txt --- old/orcania-2.3.2/CMakeLists.txt 2022-12-17 22:22:11.000000000 +0100 +++ new/orcania-2.3.3/CMakeLists.txt 2023-08-11 22:57:11.000000000 +0200 @@ -30,7 +30,7 @@ set(PROJECT_BUGREPORT_PATH "https://github.com/babelouest/orcania/issues";) set(LIBRARY_VERSION_MAJOR "2") set(LIBRARY_VERSION_MINOR "3") -set(LIBRARY_VERSION_PATCH "2") +set(LIBRARY_VERSION_PATCH "3") set(PROJECT_VERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}") set(PROJECT_VERSION_MAJOR ${LIBRARY_VERSION_MAJOR}) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/orcania-2.3.2/doc/doxygen.cfg new/orcania-2.3.3/doc/doxygen.cfg --- old/orcania-2.3.2/doc/doxygen.cfg 2022-12-17 22:22:11.000000000 +0100 +++ new/orcania-2.3.3/doc/doxygen.cfg 2023-08-11 22:57:11.000000000 +0200 @@ -15,7 +15,6 @@ CREATE_SUBDIRS = NO ALLOW_UNICODE_NAMES = NO OUTPUT_LANGUAGE = English -OUTPUT_TEXT_DIRECTION = None BRIEF_MEMBER_DESC = YES REPEAT_BRIEF = YES ABBREVIATE_BRIEF = "The $name class" \ @@ -71,3 +70,4 @@ MACRO_EXPANSION = NO EXPAND_ONLY_PREDEF = NO SEARCH_INCLUDES = YES +HAVE_DOT = NO diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/orcania-2.3.2/src/Makefile new/orcania-2.3.3/src/Makefile --- old/orcania-2.3.2/src/Makefile 2022-12-17 22:22:11.000000000 +0100 +++ new/orcania-2.3.3/src/Makefile 2023-08-11 22:57:11.000000000 +0200 @@ -34,7 +34,7 @@ OUTPUT=liborcania.so VERSION_MAJOR=2 VERSION_MINOR=3 -VERSION_PATCH=2 +VERSION_PATCH=3 OBJECTS=orcania.o memory.o base64.o LIBSDEP=-lm LIBS=-lc diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/orcania-2.3.2/src/base64.c new/orcania-2.3.3/src/base64.c --- old/orcania-2.3.2/src/base64.c 2022-12-17 22:22:11.000000000 +0100 +++ new/orcania-2.3.3/src/base64.c 2023-08-11 22:57:11.000000000 +0200 @@ -120,7 +120,7 @@ count = 0; *out_len = 0; for (i = 0; i < len; i++) { - if (!o_strchr((const char *)table, src[i]) && src[i] != '=' && src[i] != '\n' && src[i] != '\t' && src[i] != ' ') { + if (!o_strnchr((const char *)table, table_size, (char)src[i]) && ((src[i] != '=')||(!right_pad && src[i] == '=')) && src[i] != '\n' && src[i] != '\t' && src[i] != ' ') { // character invalid return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/orcania-2.3.2/test/str_test.c new/orcania-2.3.3/test/str_test.c --- old/orcania-2.3.2/test/str_test.c 2022-12-17 22:22:11.000000000 +0100 +++ new/orcania-2.3.3/test/str_test.c 2023-08-11 22:57:11.000000000 +0200 @@ -367,6 +367,34 @@ } END_TEST +START_TEST(test_split_string) +{ + char ** array; + + ck_assert_int_eq(split_string("Alice,Bob,Carol,Dave,Eve,Isaac", ",", &array), 6); + free_string_array(array); + array = NULL; + + ck_assert_int_eq(split_string("Alice,Bob,Carol,Dave,Eve,Isaac", " ", &array), 1); + free_string_array(array); + array = NULL; + + ck_assert_int_eq(split_string("Alice,Bob,Carol,Dave,Eve,Isaac", ",D", &array), 2); + free_string_array(array); + array = NULL; + + ck_assert_int_eq(split_string("Alice,Bob,Carol,Dave,Eve,Isaac", ",g", &array), 1); + free_string_array(array); + array = NULL; + + ck_assert_int_eq(split_string("", ",", &array), 1); + free_string_array(array); + array = NULL; + + ck_assert_int_eq(split_string(NULL, ",", &array), 0); +} +END_TEST + START_TEST(test_string_array) { char ** array, * str_orig = "Alice,Bob,Carol,Dave,Eve,Isaac"; @@ -407,8 +435,8 @@ START_TEST(test_base64) { - char * src = "source string", encoded[128] = {0}, decoded[128] = {0}, b64_error[] = ";error;"; - size_t encoded_size, decoded_size; + char * src = "source string", encoded[128] = {0}, decoded[128] = {0}, b64_error[] = ";error;", b64_error_2[] = "c291cmNlIHN0cmluZw=="; + size_t encoded_size, decoded_size, b64_error_2_len = 20; ck_assert_int_eq(o_base64_encode((unsigned char *)src, o_strlen(src), (unsigned char *)encoded, &encoded_size), 1); ck_assert_str_eq(encoded, "c291cmNlIHN0cmluZw=="); ck_assert_int_eq(20, encoded_size); @@ -417,6 +445,24 @@ ck_assert_int_eq(decoded_size, o_strlen(src)); ck_assert_int_eq(o_base64_decode((unsigned char *)b64_error, o_strlen(b64_error), NULL, &decoded_size), 0); ck_assert_int_eq(o_base64_decode((unsigned char *)b64_error, o_strlen(b64_error), (unsigned char *)decoded, &decoded_size), 0); + + ck_assert_int_eq(o_base64_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 1); + // Insert invalid characters + b64_error_2[4] = 0; + ck_assert_int_eq(o_base64_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); + b64_error_2[4] = 2; + ck_assert_int_eq(o_base64_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); + b64_error_2[4] = 11; + ck_assert_int_eq(o_base64_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); + b64_error_2[4] = 128; + ck_assert_int_eq(o_base64_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); + b64_error_2[4] = '='; + ck_assert_int_eq(o_base64_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 1); + ck_assert_int_gt(o_strlen(src), decoded_size); + b64_error_2[4] = '-'; + ck_assert_int_eq(o_base64_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); + b64_error_2[4] = '_'; + ck_assert_int_eq(o_base64_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); } END_TEST @@ -476,8 +522,8 @@ START_TEST(test_base64url) { - char * src = "source string", encoded[128] = {0}, decoded[128] = {0}, b64_error[] = ";error;"; - size_t encoded_size, decoded_size; + char * src = "source string", encoded[128] = {0}, decoded[128] = {0}, b64_error[] = ";error;", b64_error_2[] = "c291cmNlIHN0cmluZw"; + size_t encoded_size, decoded_size, b64_error_2_len = 18; ck_assert_int_eq(o_base64url_encode((unsigned char *)src, o_strlen(src), (unsigned char *)encoded, &encoded_size), 1); ck_assert_str_eq(encoded, "c291cmNlIHN0cmluZw"); ck_assert_int_eq(18, encoded_size); @@ -486,6 +532,23 @@ ck_assert_int_eq(decoded_size, o_strlen(src)); ck_assert_int_eq(o_base64url_decode((unsigned char *)b64_error, o_strlen(b64_error), NULL, &decoded_size), 0); ck_assert_int_eq(o_base64url_decode((unsigned char *)b64_error, o_strlen(b64_error), (unsigned char *)decoded, &decoded_size), 0); + + ck_assert_int_eq(o_base64url_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 1); + // Insert invalid characters + b64_error_2[4] = 0; + ck_assert_int_eq(o_base64url_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); + b64_error_2[4] = 2; + ck_assert_int_eq(o_base64url_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); + b64_error_2[4] = 11; + ck_assert_int_eq(o_base64url_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); + b64_error_2[4] = 128; + ck_assert_int_eq(o_base64url_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); + b64_error_2[4] = '='; + ck_assert_int_eq(o_base64url_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); + b64_error_2[4] = '+'; + ck_assert_int_eq(o_base64url_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); + b64_error_2[4] = '/'; + ck_assert_int_eq(o_base64url_decode((unsigned char *)b64_error_2, b64_error_2_len, (unsigned char *)decoded, &decoded_size), 0); } END_TEST @@ -761,6 +824,7 @@ tcase_add_test(tc_core, test_base64_more_test_cases_alloc); tcase_add_test(tc_core, test_base64url_2_base64_alloc); tcase_add_test(tc_core, test_base64_2_base64url_alloc); + tcase_add_test(tc_core, test_split_string); tcase_add_test(tc_core, test_string_array); tcase_add_test(tc_core, test_string_array_has_trimmed_value); tcase_add_test(tc_core, test_str_null_or_empty);
