Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package GraphicsMagick for openSUSE:Factory checked in at 2023-08-12 15:05:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/GraphicsMagick (Old) and /work/SRC/openSUSE:Factory/.GraphicsMagick.new.11712 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "GraphicsMagick" Sat Aug 12 15:05:42 2023 rev:85 rq:1103475 version:1.3.40 Changes: -------- --- /work/SRC/openSUSE:Factory/GraphicsMagick/GraphicsMagick.changes 2023-03-03 22:24:39.246566160 +0100 +++ /work/SRC/openSUSE:Factory/.GraphicsMagick.new.11712/GraphicsMagick.changes 2023-08-12 15:05:43.786324380 +0200 @@ -1,0 +2,6 @@ +Tue Aug 8 08:23:35 UTC 2023 - Dirk Müller <dmuel...@suse.com> + +- add strlcpy-wrong-sizing.patch: fix incorrect usages of + strlcpy and strlcat detected by glibc 2.38's fortify + +------------------------------------------------------------------- New: ---- strlcpy-wrong-sizing.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ GraphicsMagick.spec ++++++ --- /var/tmp/diff_new_pack.DZXHAE/_old 2023-08-12 15:05:44.518329110 +0200 +++ /var/tmp/diff_new_pack.DZXHAE/_new 2023-08-12 15:05:44.522329135 +0200 @@ -33,6 +33,7 @@ Source: https://downloads.sourceforge.net/project/graphicsmagick/graphicsmagick/%{version}/%{name}-%{version}.tar.xz Patch0: GraphicsMagick-perl-linkage.patch Patch1: GraphicsMagick-disable-insecure-coders.patch +Patch2: strlcpy-wrong-sizing.patch BuildRequires: cups-client BuildRequires: dcraw BuildRequires: gcc-c++ ++++++ strlcpy-wrong-sizing.patch ++++++ Index: GraphicsMagick-1.3.40/coders/cineon.c =================================================================== --- GraphicsMagick-1.3.40.orig/coders/cineon.c +++ GraphicsMagick-1.3.40/coders/cineon.c @@ -1138,7 +1138,7 @@ static void GenerateCineonTimeStamp(char (void) memset(date_str,0,date_str_length); (void) strlcpy(date_str,timestamp,11); (void) memset(time_str,0,time_str_length); - (void) strlcpy(time_str,timestamp+11,15); + (void) strlcpy(time_str,timestamp+11,time_str_length); } Index: GraphicsMagick-1.3.40/magick/attribute.c =================================================================== --- GraphicsMagick-1.3.40.orig/magick/attribute.c +++ GraphicsMagick-1.3.40/magick/attribute.c @@ -3301,7 +3301,7 @@ SetImageAttribute(Image *image,const cha { /* nada */}; MagickReallocMemory(char *,p->value,realloc_l); if (p->value != (char *) NULL) - (void) strlcat(p->value+p->length,attribute->value,min_l); + (void) memcpy(p->value+p->length,attribute->value,attribute->length+1); p->length += attribute->length; DestroyImageAttribute(attribute); }
