Hello community,

here is the log from the commit of package ansilove for openSUSE:Factory 
checked in at 2020-10-23 12:22:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ansilove (Old)
 and      /work/SRC/openSUSE:Factory/.ansilove.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ansilove"

Fri Oct 23 12:22:33 2020 rev:8 rq:843537 version:4.1.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/ansilove/ansilove.changes        2020-09-21 
17:43:00.700889758 +0200
+++ /work/SRC/openSUSE:Factory/.ansilove.new.3463/ansilove.changes      
2020-10-23 12:24:03.284771657 +0200
@@ -1,0 +2,13 @@
+Thu Oct 22 19:44:21 UTC 2020 - Martin Hauke <mar...@gmx.de>
+
+- Update to version 4.1.4
+  * Move read_status variable declaration to the top of the function
+  * Check fread() return values in readComments() and add error
+    handling
+  * Introduce the READ_RECORD function-like macro, for fread error
+    handling
+  * Use READ_RECORD in readRecord() to add fread() error handling
+  * Only call memset() if the malloc call succeeds
+  * Check strdup() return value and error out on failed allocation
+
+-------------------------------------------------------------------

Old:
----
  ansilove-4.1.3.tar.gz

New:
----
  ansilove-4.1.4.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ansilove.spec ++++++
--- /var/tmp/diff_new_pack.FQYdDw/_old  2020-10-23 12:24:03.848773275 +0200
+++ /var/tmp/diff_new_pack.FQYdDw/_new  2020-10-23 12:24:03.852773287 +0200
@@ -18,7 +18,7 @@
 
 
 Name:           ansilove
-Version:        4.1.3
+Version:        4.1.4
 Release:        0
 Summary:        ANSI and ASCII art to PNG converter
 License:        BSD-2-Clause

++++++ ansilove-4.1.3.tar.gz -> ansilove-4.1.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/.travis.yml 
new/ansilove-4.1.4/.travis.yml
--- old/ansilove-4.1.3/.travis.yml      2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/.travis.yml      2020-10-22 21:31:29.000000000 +0200
@@ -35,7 +35,7 @@
   coverity_scan:
     project:
       name: "ansilove/ansilove"
-      version: 4.1.3
+      version: 4.1.4
       description: "ANSi / ASCII art to PNG converter in C"
     notification_email: f...@statdns.com
     build_command_prepend: cmake .
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/CMakeLists.txt 
new/ansilove-4.1.4/CMakeLists.txt
--- old/ansilove-4.1.3/CMakeLists.txt   2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/CMakeLists.txt   2020-10-22 21:31:29.000000000 +0200
@@ -34,6 +34,7 @@
 find_library(ANSILOVE_LIBRARIES NAMES ansilove REQUIRED)
 include_directories(${ANSILOVE_INCLUDE_DIRS})
 
+set(CMAKE_BUILD_TYPE Release)
 set(SRC src/ansilove.c src/types.c src/strtolower.c src/sauce.c)
 
 if(NOT HAVE_PLEDGE)
@@ -44,7 +45,7 @@
   set (SRC ${SRC} compat/strtonum.c)
 endif()
 
-add_definitions(-D_GNU_SOURCE -Wall -Wextra -std=c99 -pedantic)
+add_definitions(-D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -Wall -Wextra -std=c99 
-pedantic)
 add_executable(ansilove ${SRC})
 
 target_link_libraries(ansilove ${ANSILOVE_LIBRARIES} m)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/ChangeLog new/ansilove-4.1.4/ChangeLog
--- old/ansilove-4.1.3/ChangeLog        2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/ChangeLog        2020-10-22 21:31:29.000000000 +0200
@@ -1,3 +1,16 @@
+AnsiLove/C 4.1.4 (2020-10-22)
+
+- Set CMAKE_BUILD_TYPE to "Release" in CMakeLists.txt
+- Enable FORTIFY_SOURCE level 2
+- Move read_status variable declaration to the top of the function
+- Check fread() return values in readComments() and add error handling
+- Introduce the READ_RECORD function-like macro, for fread error handling
+- Use READ_RECORD in readRecord() to add fread() error handling
+- Only call memset() if the malloc call succeeds
+- Check strdup() return value and error out on failed allocation
+
+
+
 AnsiLove/C 4.1.3 (2020-09-18)
 
 - Adjust SAUCE flag output to be binary
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/FILE_ID.DIZ 
new/ansilove-4.1.4/FILE_ID.DIZ
--- old/ansilove-4.1.3/FILE_ID.DIZ      2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/FILE_ID.DIZ      2020-10-22 21:31:29.000000000 +0200
@@ -17,7 +17,7 @@
  - -----------//______|----------------- -
   :                                     :
   |                                     |
-  |           Ansilove/C 4.1.3          |
+  |           Ansilove/C 4.1.4          |
   |                                     |
   |    ANSi=>PNG converter & library    |
   |                                     |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/src/ansilove.c 
new/ansilove-4.1.4/src/ansilove.c
--- old/ansilove-4.1.3/src/ansilove.c   2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/src/ansilove.c   2020-10-22 21:31:29.000000000 +0200
@@ -1,6 +1,6 @@
 /*
  * ansilove.c
- * Ansilove 4.1.3
+ * Ansilove 4.1.4
  * https://www.ansilove.org
  *
  * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus
@@ -329,6 +329,8 @@
                /* get file extension */
                char *fext = strrchr(input, '.');
                fext = fext ? strtolower(strdup(++fext)) : strdup("");
+               if (!fext)
+                       errx(EXIT_FAILURE, "Memory allocation error.");
 
                /* check if current file has a .diz extension */
                if (!strcmp(fext, "diz"))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/src/config.h 
new/ansilove-4.1.4/src/config.h
--- old/ansilove-4.1.3/src/config.h     2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/src/config.h     2020-10-22 21:31:29.000000000 +0200
@@ -1,6 +1,6 @@
 /*
  * config.h
- * Ansilove 4.1.3
+ * Ansilove 4.1.4
  * https://www.ansilove.org
  *
  * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus
@@ -16,7 +16,7 @@
 #include <stdint.h>
 
 /* configuration defines */
-#define VERSION "4.1.3"
+#define VERSION "4.1.4"
 
 enum {
        FONTS = 38,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/src/fonts.h 
new/ansilove-4.1.4/src/fonts.h
--- old/ansilove-4.1.3/src/fonts.h      2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/src/fonts.h      2020-10-22 21:31:29.000000000 +0200
@@ -1,6 +1,6 @@
 /*
  * fonts.h
- * Ansilove 4.1.3
+ * Ansilove 4.1.4
  * https://www.ansilove.org
  *
  * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/src/sauce.c 
new/ansilove-4.1.4/src/sauce.c
--- old/ansilove-4.1.3/src/sauce.c      2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/src/sauce.c      2020-10-22 21:31:29.000000000 +0200
@@ -1,6 +1,6 @@
 /*
  * sauce.c
- * Ansilove 4.1.3
+ * Ansilove 4.1.4
  * https://www.ansilove.org
  *
  * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus
@@ -36,47 +36,54 @@
 {
        struct sauce *record;
        record = malloc(sizeof *record);
-       memset(record, 0, sizeof *record);
 
        if (record != NULL) {
+               memset(record, 0, sizeof *record);
                readRecord(file, record);
        }
        return record;
 }
 
+#define READ_RECORD(record, size) \
+       read_status = fread(record, size, 1, file); \
+       if (read_status != 1) \
+               return;
+
 void
 readRecord(FILE *file, struct sauce *record)
 {
+       size_t read_status;
+
        if (fseek(file, 0 - RECORD_SIZE, SEEK_END) != 0) {
                return;
        }
 
-       size_t read_status = fread(record->ID, sizeof (record->ID) - 1, 1, 
file);
+       read_status = fread(record->ID, sizeof (record->ID) - 1, 1, file);
        record->ID[sizeof (record->ID) - 1] = '\0';
 
        if (read_status != 1 || strcmp(record->ID, SAUCE_ID) != 0) {
                return;
        }
-       fread(record->version, sizeof (record->version) - 1, 1, file);
+       READ_RECORD(record->version, sizeof(record->version) - 1);
        record->version[sizeof (record->version) - 1] = '\0';
-       fread(record->title, sizeof (record->title) - 1, 1, file);
+       READ_RECORD(record->title, sizeof(record->title) - 1);
        record->title[sizeof (record->title) - 1] = '\0';
-       fread(record->author, sizeof (record->author) - 1, 1, file);
+       READ_RECORD(record->author, sizeof(record->author) -1);
        record->author[sizeof (record->author) - 1] = '\0';
-       fread(record->group, sizeof (record->group) - 1, 1, file);
+       READ_RECORD(record->group, sizeof(record->group) - 1);
        record->group[sizeof (record->group) - 1] = '\0';
-       fread(record->date, sizeof (record->date) - 1, 1, file);
+       READ_RECORD(record->date, sizeof(record->date) - 1);
        record->date[sizeof (record->date) - 1] = '\0';
-       fread(&(record->fileSize), sizeof (record->fileSize), 1, file);
-       fread(&(record->dataType), sizeof (record->dataType), 1, file);
-       fread(&(record->fileType), sizeof (record->fileType), 1, file);
-       fread(&(record->tinfo1), sizeof (record->tinfo1), 1, file);
-       fread(&(record->tinfo2), sizeof (record->tinfo2), 1, file);
-       fread(&(record->tinfo3), sizeof (record->tinfo3), 1, file);
-       fread(&(record->tinfo4), sizeof (record->tinfo4), 1, file);
-       fread(&(record->comments), sizeof (record->comments), 1, file);
-       fread(&(record->flags), sizeof (record->flags), 1, file);
-       fread(record->tinfos, sizeof (record->tinfos) - 1, 1, file);
+       READ_RECORD(&(record->fileSize), sizeof (record->fileSize));
+       READ_RECORD(&(record->dataType), sizeof (record->dataType));
+       READ_RECORD(&(record->fileType), sizeof (record->fileType));
+       READ_RECORD(&(record->tinfo1), sizeof (record->tinfo1));
+       READ_RECORD(&(record->tinfo2), sizeof (record->tinfo2));
+       READ_RECORD(&(record->tinfo3), sizeof (record->tinfo3));
+       READ_RECORD(&(record->tinfo4), sizeof (record->tinfo4));
+       READ_RECORD(&(record->comments), sizeof (record->comments));
+       READ_RECORD(&(record->flags), sizeof (record->flags));
+       READ_RECORD(record->tinfos, sizeof(record->tinfos) - 1);
        record->tinfos[sizeof (record->tinfos) - 1] = '\0';
 
        if (ferror(file) != 0) {
@@ -98,10 +105,14 @@
 readComments(FILE *file, char **comment_lines, int32_t comments)
 {
        int32_t i;
+       size_t read_status;
 
        if (fseek(file, 0 - (RECORD_SIZE + 5 + COMMENT_SIZE *comments), 
SEEK_END) == 0) {
                char ID[6];
-               fread(ID, sizeof (ID) - 1, 1, file);
+               read_status = fread(ID, sizeof (ID) - 1, 1, file);
+               if (read_status != 1)
+                       return -1;
+
                ID[sizeof (ID) - 1] = '\0';
 
                if (strcmp(ID, COMMENT_ID) != 0) {
@@ -111,7 +122,10 @@
                for (i = 0; i < comments; i++) {
                        char buf[COMMENT_SIZE + 1] = "";
 
-                       fread(buf, COMMENT_SIZE, 1, file);
+                       read_status = fread(buf, COMMENT_SIZE, 1, file);
+                       if (read_status != 1)
+                               return -1;
+
                        buf[COMMENT_SIZE] = '\0';
 
                        if (ferror(file) == 0) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/src/sauce.h 
new/ansilove-4.1.4/src/sauce.h
--- old/ansilove-4.1.3/src/sauce.h      2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/src/sauce.h      2020-10-22 21:31:29.000000000 +0200
@@ -1,6 +1,6 @@
 /*
  * sauce.h
- * Ansilove 4.1.3
+ * Ansilove 4.1.4
  * https://www.ansilove.org
  *
  * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/src/seccomp.h 
new/ansilove-4.1.4/src/seccomp.h
--- old/ansilove-4.1.3/src/seccomp.h    2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/src/seccomp.h    2020-10-22 21:31:29.000000000 +0200
@@ -1,6 +1,6 @@
 /*
  * seccomp.h
- * Ansilove 4.1.3
+ * Ansilove 4.1.4
  * https://www.ansilove.org
  *
  * Copyright (c) 2019-2020, Frederic Cambus
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/src/strtolower.c 
new/ansilove-4.1.4/src/strtolower.c
--- old/ansilove-4.1.3/src/strtolower.c 2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/src/strtolower.c 2020-10-22 21:31:29.000000000 +0200
@@ -1,6 +1,6 @@
 /*
  * strtolower.c
- * Ansilove 4.1.3
+ * Ansilove 4.1.4
  * https://www.ansilove.org
  *
  * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/src/strtolower.h 
new/ansilove-4.1.4/src/strtolower.h
--- old/ansilove-4.1.3/src/strtolower.h 2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/src/strtolower.h 2020-10-22 21:31:29.000000000 +0200
@@ -1,6 +1,6 @@
 /*
  * strtolower.h
- * Ansilove 4.1.3
+ * Ansilove 4.1.4
  * https://www.ansilove.org
  *
  * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/src/types.c 
new/ansilove-4.1.4/src/types.c
--- old/ansilove-4.1.3/src/types.c      2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/src/types.c      2020-10-22 21:31:29.000000000 +0200
@@ -1,6 +1,6 @@
 /*
  * types.c
- * Ansilove 4.1.3
+ * Ansilove 4.1.4
  * https://www.ansilove.org
  *
  * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ansilove-4.1.3/src/types.h 
new/ansilove-4.1.4/src/types.h
--- old/ansilove-4.1.3/src/types.h      2020-09-18 09:05:20.000000000 +0200
+++ new/ansilove-4.1.4/src/types.h      2020-10-22 21:31:29.000000000 +0200
@@ -1,6 +1,6 @@
 /*
  * types.h
- * Ansilove 4.1.3
+ * Ansilove 4.1.4
  * https://www.ansilove.org
  *
  * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus


Reply via email to