Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sratom for openSUSE:Factory checked in at 2022-04-14 17:24:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sratom (Old) and /work/SRC/openSUSE:Factory/.sratom.new.1941 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sratom" Thu Apr 14 17:24:23 2022 rev:16 rq:969493 version:0.6.8 Changes: -------- --- /work/SRC/openSUSE:Factory/sratom/sratom.changes 2021-03-11 20:08:05.100253978 +0100 +++ /work/SRC/openSUSE:Factory/.sratom.new.1941/sratom.changes 2022-04-14 17:24:41.747209412 +0200 @@ -1,0 +2,6 @@ +Tue Apr 12 08:35:33 UTC 2022 - Martin Li??ka <mli...@suse.cz> + +- Add fix-FORTIFY_SOURCE3.patch that is suggested to upstream: + gh#lv2/sratom#6 + +------------------------------------------------------------------- New: ---- fix-FORTIFY_SOURCE3.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sratom.spec ++++++ --- /var/tmp/diff_new_pack.h3A8Ro/_old 2022-04-14 17:24:42.235209983 +0200 +++ /var/tmp/diff_new_pack.h3A8Ro/_new 2022-04-14 17:24:42.239209987 +0200 @@ -1,7 +1,7 @@ # # spec file for package sratom # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,7 @@ URL: http://drobilla.net/software/sratom/ Source0: http://download.drobilla.net/sratom-%{version}.tar.bz2 Source1: baselibs.conf +Patch0: fix-FORTIFY_SOURCE3.patch BuildRequires: doxygen BuildRequires: graphviz BuildRequires: pkgconfig @@ -55,7 +56,7 @@ Development files for libsratom. %prep -%setup -q +%autosetup -p1 %build export CFLAGS='%{optflags} -std=gnu99' ++++++ fix-FORTIFY_SOURCE3.patch ++++++ >From 03ea6915c99b9ca0d8ac576e4cfd1c2eca62338c Mon Sep 17 00:00:00 2001 From: Martin Liska <mli...@suse.cz> Date: Mon, 11 Apr 2022 09:14:28 +0200 Subject: [PATCH] Fix buffer overflow detected with -D_FORTIFY_SOURCE=3. Correctly set maximum buffer length for snprintf call. Fixes: #5. --- src/sratom.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/sratom.c b/src/sratom.c index 692257d..b6ba7ed 100644 --- a/src/sratom.c +++ b/src/sratom.c @@ -334,10 +334,11 @@ sratom_write(Sratom* sratom, new_node = true; datatype = serd_node_from_string(SERD_URI, USTR(LV2_MIDI__MidiEvent)); - uint8_t* str = (uint8_t*)calloc(size * 2 + 1, 1); + size_t strlen = size * 2 + 1; + uint8_t* str = (uint8_t*)calloc(strlen, 1); for (uint32_t i = 0; i < size; ++i) { snprintf((char*)str + (2 * i), - size * 2 + 1, + strlen - (2 * i), "%02X", (unsigned)*((const uint8_t*)body + i)); }
