Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package csync2 for openSUSE:Factory checked in at 2026-04-22 17:02:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/csync2 (Old) and /work/SRC/openSUSE:Factory/.csync2.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "csync2" Wed Apr 22 17:02:44 2026 rev:26 rq:1348771 version:2.0+git.1600444747.83b3644 Changes: -------- --- /work/SRC/openSUSE:Factory/csync2/csync2.changes 2025-12-22 22:56:16.946443033 +0100 +++ /work/SRC/openSUSE:Factory/.csync2.new.11940/csync2.changes 2026-04-22 17:03:26.857508751 +0200 @@ -1,0 +2,7 @@ +Wed Apr 22 12:25:24 UTC 2026 - Peter Varkoly <[email protected]> + +- VUL-1 CVE-2026-41051: csync2: uses insecure temporary directories when compiled with C99 or later + (bsc#1262472) Add patch: + configure_mkstemp_c99.patch + +------------------------------------------------------------------- New: ---- configure_mkstemp_c99.patch ----------(New B)---------- New: (bsc#1262472) Add patch: configure_mkstemp_c99.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ csync2.spec ++++++ --- /var/tmp/diff_new_pack.6IOtZH/_old 2026-04-22 17:03:28.033557394 +0200 +++ /var/tmp/diff_new_pack.6IOtZH/_new 2026-04-22 17:03:28.053558221 +0200 @@ -1,7 +1,7 @@ # # spec file for package csync2 # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,7 @@ Source1: csync2-README.quickstart Source2: csync2-rm-ssl-cert Source3: csync2.conf +Patch1: configure_mkstemp_c99.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bison @@ -50,7 +51,7 @@ It is expedient for HA-clusters, HPC-clusters, COWs and server farms. %prep -%setup -q +%autosetup -p 1 %build autoreconf -fvi ++++++ configure_mkstemp_c99.patch ++++++ diff -ru csync2-2.0+git.1600444747.83b3644/configure.ac csync2-2.0+git.1600444747.83b3644.patched/configure.ac --- csync2-2.0+git.1600444747.83b3644/configure.ac 2026-04-21 16:43:15.869922567 +0200 +++ csync2-2.0+git.1600444747.83b3644.patched/configure.ac 2026-04-21 16:43:55.568864520 +0200 @@ -41,7 +41,7 @@ #include <sys/types.h> #include <sys/stat.h> #include <unistd.h> -main() { +int main() { struct stat st; char tpl[20]="/tmp/test.XXXXXX"; int fd = mkstemp(tpl);
