Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libcaca for openSUSE:Factory checked in at 2026-05-29 18:03:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libcaca (Old) and /work/SRC/openSUSE:Factory/.libcaca.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcaca" Fri May 29 18:03:54 2026 rev:54 rq:1355584 version:0.99.beta20+git.1776622070.7c8e333 Changes: -------- --- /work/SRC/openSUSE:Factory/libcaca/libcaca.changes 2026-05-21 18:25:28.869982206 +0200 +++ /work/SRC/openSUSE:Factory/.libcaca.new.1937/libcaca.changes 2026-05-29 18:04:01.642714603 +0200 @@ -1,0 +2,7 @@ +Thu May 28 08:12:03 UTC 2026 - Valentin Lefebvre <[email protected]> + +- Improve the fix of CVE-2026-42046 for 32bit system. + [Fix-32-bit-overflow-in-CVE-2026-42046-patch.patch, + bsc#1264984, CVE-2026-42046] + +------------------------------------------------------------------- New: ---- Fix-32-bit-overflow-in-CVE-2026-42046-patch.patch ----------(New B)---------- New:- Improve the fix of CVE-2026-42046 for 32bit system. [Fix-32-bit-overflow-in-CVE-2026-42046-patch.patch, bsc#1264984, CVE-2026-42046] ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libcaca.spec ++++++ --- /var/tmp/diff_new_pack.59FyS1/_old 2026-05-29 18:04:03.338784753 +0200 +++ /var/tmp/diff_new_pack.59FyS1/_new 2026-05-29 18:04:03.342784919 +0200 @@ -40,6 +40,8 @@ Patch9: bsc1197028-correctly-handle-zero-width-or-height-images.patch Patch10: %{name}-autoconf-2.69.patch Patch11: %{name}-0.99.beta20-gcc14.patch +# https://github.com/cacalabs/libcaca/pull/90 +Patch12: Fix-32-bit-overflow-in-CVE-2026-42046-patch.patch BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module wheel} ++++++ Fix-32-bit-overflow-in-CVE-2026-42046-patch.patch ++++++ >From 8ff61c90362f540894aa9a3ed7d7b113abfa78d6 Mon Sep 17 00:00:00 2001 From: vlefebvre <[email protected]> Date: Wed, 13 May 2026 11:39:03 +0200 Subject: [PATCH] Fix 32-bit overflow in CVE-2026-42046 patch This patch adds an additional overflow check after computing new_size to ensure the multiplication by sizeof(uint32_t) will not overflow: if (new_size > 0 && (size_t)new_size > SIZE_MAX / sizeof(uint32_t)) This check is added in: - caca_resize() in caca/canvas.c - caca_create_frame() in caca/frame.c Fixes #86 Fixes #89 Fixes CVE-2026-42046 --- caca/canvas.c | 7 +++++++ caca/frame.c | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/caca/canvas.c b/caca/canvas.c index 62b72b7..418ca54 100644 --- a/caca/canvas.c +++ b/caca/canvas.c @@ -375,6 +375,13 @@ int caca_resize(caca_canvas_t *cv, int width, int height) return -1; } int new_size = width * height; + /* Check for overflow when multiplying by sizeof(uint32_t) on 32-bit + * systems */ + if (new_size > 0 && (size_t)new_size > SIZE_MAX / sizeof(uint32_t)) + { + seterrno(EOVERFLOW); + return -1; + } old_width = cv->width; old_height = cv->height; diff --git a/caca/frame.c b/caca/frame.c index c960092..9f88392 100644 --- a/caca/frame.c +++ b/caca/frame.c @@ -147,6 +147,15 @@ int caca_create_frame(caca_canvas_t *cv, int id) int size = cv->width * cv->height; int f; + + /* Check for overflow when multiplying by sizeof(uint32_t) on 32-bit + * systems */ + if (size > 0 && (size_t)size > SIZE_MAX / sizeof(uint32_t)) + { + seterrno(EOVERFLOW); + return -1; + } + if(id < 0) id = 0; else if(id > cv->framecount) -- 2.54.0
