Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package synce4l for openSUSE:Factory checked in at 2025-11-14 16:14:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/synce4l (Old) and /work/SRC/openSUSE:Factory/.synce4l.new.2061 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "synce4l" Fri Nov 14 16:14:07 2025 rev:3 rq:1317648 version:1.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/synce4l/synce4l.changes 2024-10-21 16:26:54.150717313 +0200 +++ /work/SRC/openSUSE:Factory/.synce4l.new.2061/synce4l.changes 2025-11-14 16:14:39.636676059 +0100 @@ -1,0 +2,15 @@ +Wed Nov 12 10:39:10 UTC 2025 - Dirk Müller <[email protected]> + +- update to 1.1.1: + * fix possible resource leak + * fix requested thread stack size + * fix scorecard.yml + * initialize pin ID to -1 + * fix crash in dpll_rt_recv() + * create scorecard.yml + * unlink smc_socket_path before binding + * check smc_socket_path length + * change default smc_socket_path to /run/synce4l_socket + * fix more compiler warnings + +------------------------------------------------------------------- Old: ---- synce4l-1.1.0.tar.gz New: ---- synce4l-1.1.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ synce4l.spec ++++++ --- /var/tmp/diff_new_pack.j4z7n5/_old 2025-11-14 16:14:42.848810880 +0100 +++ /var/tmp/diff_new_pack.j4z7n5/_new 2025-11-14 16:14:42.848810880 +0100 @@ -1,7 +1,7 @@ # # spec file for package synce4l # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: synce4l -Version: 1.1.0 +Version: 1.1.1 Release: 0 Summary: Synchronous Ethernet (SyncE) License: GPL-2.0-only @@ -28,11 +28,17 @@ %{?systemd_requires} %description -synce4l is a software implementation of Synchronous Ethernet (SyncE) according to ITU-T Recommendation G.8264. The design goal is to provide logic to supported hardware by processing Ethernet Synchronization Messaging Channel (ESMC) and control Ethernet Equipment Clock (EEC) on Network Card Interface (NIC). +synce4l is a software implementation of Synchronous Ethernet (SyncE) according +to ITU-T Recommendation G.8264. The design goal is to provide logic to +supported hardware by processing Ethernet Synchronization Messaging Channel +(ESMC) and control Ethernet Equipment Clock (EEC) on Network Card Interface +(NIC). -Application can operate in two mutually exclusive input modes: line or external. Both modes are described in next paragraphs. +Application can operate in two mutually exclusive input modes: line or +external. Both modes are described in next paragraphs. -The best source selection is done according to ITU-T Recommendations G.781 and G.8264. Two network options are supported: option 1 and option 2. +The best source selection is done according to ITU-T Recommendations G.781 and +G.8264. Two network options are supported: option 1 and option 2. %prep %autosetup ++++++ synce4l-1.1.0.tar.gz -> synce4l-1.1.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/synce4l-1.1.0/.github/workflows/scorecard.yml new/synce4l-1.1.1/.github/workflows/scorecard.yml --- old/synce4l-1.1.0/.github/workflows/scorecard.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/synce4l-1.1.1/.github/workflows/scorecard.yml 2025-07-01 17:25:48.000000000 +0200 @@ -0,0 +1,73 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '39 18 * * 1' + push: + branches: [ "main" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard (optional). + # Commenting out will disable upload of results to your repo's Code Scanning dashboard + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + with: + sarif_file: results.sarif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/synce4l-1.1.0/CHANGELOG.md new/synce4l-1.1.1/CHANGELOG.md --- old/synce4l-1.1.0/CHANGELOG.md 2024-05-24 19:01:46.000000000 +0200 +++ new/synce4l-1.1.1/CHANGELOG.md 2025-07-01 17:25:48.000000000 +0200 @@ -1,6 +1,18 @@ # Changelog This file will carry any notable changes made to `synce4l` project. +## 1.1.1 - 1st July 2025 +* fix possible resource leak +* fix requested thread stack size +* fix scorecard.yml +* initialize pin ID to -1 +* fix crash in dpll_rt_recv() +* create scorecard.yml +* unlink smc_socket_path before binding +* check smc_socket_path length +* change default smc_socket_path to /run/synce4l_socket +* fix more compiler warnings + ## 1.1.0 - 24th May 2024 * fix DPLL pin ID assignment with invalid input * fix new_tlv.value NULL dereference diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/synce4l-1.1.0/README.md new/synce4l-1.1.1/README.md --- old/synce4l-1.1.0/README.md 2024-05-24 19:01:46.000000000 +0200 +++ new/synce4l-1.1.1/README.md 2025-07-01 17:25:48.000000000 +0200 @@ -125,7 +125,7 @@ | `logging_level` | `6` | `0-7` | Minimum log level required to appear in a log. | | `message_tag` | None | string | Tag reported in a log. | | `poll_interval_msec` | 20 | 0-500 | Sleep time between subsequent SyncE clock polls | -| `smc_socket_path` | `/tmp/synce4l_socket` | string | Full path to socket file for external application communication | +| `smc_socket_path` | `/run/synce4l_socket` | string | Full path to socket file for external application communication | | `use_syslog` | `1` | `0`, `1` | Set to 1 if `syslog` should be used. | | `verbose` | `0` | `0`, `1` | Set to 1 to log extra information. | @@ -200,7 +200,7 @@ use_syslog 0 verbose 1 message_tag [synce4l] -smc_socket_path /tmp/synce4l_socket +smc_socket_path /run/synce4l_socket [<synce1>] network_option 1 @@ -239,7 +239,7 @@ use_syslog 0 verbose 1 message_tag [synce4l] -smc_socket_path /tmp/synce4l_socket +smc_socket_path /run/synce4l_socket [<synce1>] network_option 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/synce4l-1.1.0/VERSION new/synce4l-1.1.1/VERSION --- old/synce4l-1.1.0/VERSION 2024-05-24 19:01:46.000000000 +0200 +++ new/synce4l-1.1.1/VERSION 2025-07-01 17:25:48.000000000 +0200 @@ -1 +1 @@ -1.1.0 +1.1.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/synce4l-1.1.0/config.c new/synce4l-1.1.1/config.c --- old/synce4l-1.1.0/config.c 2024-05-24 19:01:46.000000000 +0200 +++ new/synce4l-1.1.1/config.c 2025-07-01 17:25:48.000000000 +0200 @@ -180,7 +180,7 @@ GLOB_ITEM_STR("message_tag", NULL), GLOB_ITEM_INT("poll_interval_msec", 20, CLOCK_POLL_INTERVAL_MIN, CLOCK_POLL_INTERVAL_MAX), - GLOB_ITEM_STR("smc_socket_path", "/tmp/synce4l_socket"), + GLOB_ITEM_STR("smc_socket_path", "/run/synce4l_socket"), GLOB_ITEM_INT("use_syslog", 1, 0, 1), GLOB_ITEM_STR("userDescription", ""), GLOB_ITEM_INT("verbose", 0, 0, 1), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/synce4l-1.1.0/configs/synce4l.cfg new/synce4l-1.1.1/configs/synce4l.cfg --- old/synce4l-1.1.0/configs/synce4l.cfg 2024-05-24 19:01:46.000000000 +0200 +++ new/synce4l-1.1.1/configs/synce4l.cfg 2025-07-01 17:25:48.000000000 +0200 @@ -7,7 +7,7 @@ use_syslog 0 verbose 1 message_tag [synce4l] -smc_socket_path /tmp/synce4l_socket +smc_socket_path /run/synce4l_socket # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/synce4l-1.1.0/configs/synce4l_dpll.cfg new/synce4l-1.1.1/configs/synce4l_dpll.cfg --- old/synce4l-1.1.0/configs/synce4l_dpll.cfg 2024-05-24 19:01:46.000000000 +0200 +++ new/synce4l-1.1.1/configs/synce4l_dpll.cfg 2025-07-01 17:25:48.000000000 +0200 @@ -7,7 +7,7 @@ use_syslog 0 verbose 1 message_tag [synce4l] -smc_socket_path /tmp/synce4l_socket +smc_socket_path /run/synce4l_socket # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/synce4l-1.1.0/dpll_mon.c new/synce4l-1.1.1/dpll_mon.c --- old/synce4l-1.1.0/dpll_mon.c 2024-05-24 19:01:46.000000000 +0200 +++ new/synce4l-1.1.1/dpll_mon.c 2025-07-01 17:25:48.000000000 +0200 @@ -240,6 +240,7 @@ } pr_debug("%s %p", __func__, pin); pin->parent_used_by = PARENT_NOT_USED; + pin->id = -1; STAILQ_INIT(&pin->parents); return pin; @@ -256,12 +257,12 @@ free(pin); } -void remove_no_ifname_pin(struct dpll_mon *dm, uint32_t pin_id) +void remove_no_ifname_pin(struct dpll_mon *dm, uint32_t pin_id, struct dpll_mon_pin *except) { struct dpll_mon_pin *pin; STAILQ_FOREACH(pin, &dm->pins, list) - if (pin && pin_id == pin->id && pin->ifname == NULL) { + if (pin && pin != except && pin_id == pin->id && pin->ifname == NULL) { pr_debug_pin("removed duplicated pin", pin); STAILQ_REMOVE(&dm->pins, pin, dpll_mon_pin, list); pin_destroy(pin); @@ -589,7 +590,7 @@ goto unlock; pin_id = nla_get_u32(an[DPLL_A_PIN_ID]); if (pin) { - remove_no_ifname_pin(dm, pin_id); + remove_no_ifname_pin(dm, pin_id, pin); pin->id = pin_id; pr_debug_pin("pin assigned id", pin); } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/synce4l-1.1.0/synce_dev.c new/synce4l-1.1.1/synce_dev.c --- old/synce4l-1.1.0/synce_dev.c 2024-05-24 19:01:46.000000000 +0200 +++ new/synce4l-1.1.1/synce_dev.c 2025-07-01 17:25:48.000000000 +0200 @@ -579,7 +579,7 @@ int rebuild_inputs_prio(struct synce_dev *dev) { struct synce_clock_source *c, *best_c, **all, **prioritized; - int i = 0, prio_count = 0, j, best_c_idx, ret; + int i = 0, prio_count = 0, j, best_c_idx = 0, ret; uint32_t prio; all = calloc(dev->num_clock_sources, sizeof(*all)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/synce4l-1.1.0/synce_manager.c new/synce4l-1.1.1/synce_manager.c --- old/synce4l-1.1.0/synce_manager.c 2024-05-24 19:01:46.000000000 +0200 +++ new/synce4l-1.1.1/synce_manager.c 2025-07-01 17:25:48.000000000 +0200 @@ -97,6 +97,7 @@ if (!*tlv_array) { synce_manager_generate_err_tlv(err_tlv, "Internal parsing error"); pr_err("%s Failed reallocating memory", __func__); + free(new_tlv.value); return -1; } @@ -256,9 +257,15 @@ exit(EXIT_FAILURE); } + if (strlen(synce_clock_get_socket_path(clk)) >= sizeof(server.sun_path)) { + pr_err("%s smc_socket_path is too long", __func__); + exit(EXIT_FAILURE); + } server.sun_family = AF_UNIX; - strncpy(server.sun_path, synce_clock_get_socket_path(clk), - sizeof(server.sun_path)); + snprintf(server.sun_path, sizeof(server.sun_path), "%s", + synce_clock_get_socket_path(clk)); + + unlink(server.sun_path); if (bind(server_fd, (struct sockaddr *)&server, sizeof(server)) < 0) { pr_err("%s Bind failed", __func__); @@ -289,10 +296,12 @@ bytes_read = recv(new_socket, command, MAX_COMMAND_SIZE, 0); if (bytes_read <= 0) { synce_manager_generate_err_tlv(&err_tlv, "NULL command"); + ret = -1; goto return_response; } else if (bytes_read > MAX_COMMAND_SIZE) { synce_manager_generate_err_tlv(&err_tlv, "Command size exceeds MAX_COMMAND_SIZE"); + ret = -1; goto return_response; } ret = synce_manager_parse_input(command, bytes_read, &tlv_array, @@ -340,8 +349,8 @@ if (tlv_array) free((void *)tlv_array); - if (!ret) - write(new_socket, response, resp_len); + if (!ret && write(new_socket, response, resp_len) != resp_len) + ret = -1; close(new_socket); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/synce4l-1.1.0/synce_thread_common.h new/synce4l-1.1.1/synce_thread_common.h --- old/synce4l-1.1.0/synce_thread_common.h 2024-05-24 19:01:46.000000000 +0200 +++ new/synce4l-1.1.1/synce_thread_common.h 2025-07-01 17:25:48.000000000 +0200 @@ -13,7 +13,8 @@ #define MSEC_TO_USEC(X) (X * 1000) #define THREAD_STOP_SLEEP_USEC MSEC_TO_USEC(50) #define THREAD_START_SLEEP_USEC MSEC_TO_USEC(20) -#define SYNCE_THREAD_STACK_SIZE 0xffff +#define SYNCE_THREAD_STACK_SIZE (0xffff > PTHREAD_STACK_MIN ? \ + 0xffff : PTHREAD_STACK_MIN) #define TASK_COMM_LEN 16 #endif /* HAVE_SYNCE_THREAD_COMMON_H */
