Hello community, here is the log from the commit of package ansilove for openSUSE:Factory checked in at 2020-10-23 12:22:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ansilove (Old) and /work/SRC/openSUSE:Factory/.ansilove.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ansilove" Fri Oct 23 12:22:33 2020 rev:8 rq:843537 version:4.1.4 Changes: -------- --- /work/SRC/openSUSE:Factory/ansilove/ansilove.changes 2020-09-21 17:43:00.700889758 +0200 +++ /work/SRC/openSUSE:Factory/.ansilove.new.3463/ansilove.changes 2020-10-23 12:24:03.284771657 +0200 @@ -1,0 +2,13 @@ +Thu Oct 22 19:44:21 UTC 2020 - Martin Hauke <mar...@gmx.de> + +- Update to version 4.1.4 + * Move read_status variable declaration to the top of the function + * Check fread() return values in readComments() and add error + handling + * Introduce the READ_RECORD function-like macro, for fread error + handling + * Use READ_RECORD in readRecord() to add fread() error handling + * Only call memset() if the malloc call succeeds + * Check strdup() return value and error out on failed allocation + +------------------------------------------------------------------- Old: ---- ansilove-4.1.3.tar.gz New: ---- ansilove-4.1.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ansilove.spec ++++++ --- /var/tmp/diff_new_pack.FQYdDw/_old 2020-10-23 12:24:03.848773275 +0200 +++ /var/tmp/diff_new_pack.FQYdDw/_new 2020-10-23 12:24:03.852773287 +0200 @@ -18,7 +18,7 @@ Name: ansilove -Version: 4.1.3 +Version: 4.1.4 Release: 0 Summary: ANSI and ASCII art to PNG converter License: BSD-2-Clause ++++++ ansilove-4.1.3.tar.gz -> ansilove-4.1.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/.travis.yml new/ansilove-4.1.4/.travis.yml --- old/ansilove-4.1.3/.travis.yml 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/.travis.yml 2020-10-22 21:31:29.000000000 +0200 @@ -35,7 +35,7 @@ coverity_scan: project: name: "ansilove/ansilove" - version: 4.1.3 + version: 4.1.4 description: "ANSi / ASCII art to PNG converter in C" notification_email: f...@statdns.com build_command_prepend: cmake . diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/CMakeLists.txt new/ansilove-4.1.4/CMakeLists.txt --- old/ansilove-4.1.3/CMakeLists.txt 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/CMakeLists.txt 2020-10-22 21:31:29.000000000 +0200 @@ -34,6 +34,7 @@ find_library(ANSILOVE_LIBRARIES NAMES ansilove REQUIRED) include_directories(${ANSILOVE_INCLUDE_DIRS}) +set(CMAKE_BUILD_TYPE Release) set(SRC src/ansilove.c src/types.c src/strtolower.c src/sauce.c) if(NOT HAVE_PLEDGE) @@ -44,7 +45,7 @@ set (SRC ${SRC} compat/strtonum.c) endif() -add_definitions(-D_GNU_SOURCE -Wall -Wextra -std=c99 -pedantic) +add_definitions(-D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -Wall -Wextra -std=c99 -pedantic) add_executable(ansilove ${SRC}) target_link_libraries(ansilove ${ANSILOVE_LIBRARIES} m) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/ChangeLog new/ansilove-4.1.4/ChangeLog --- old/ansilove-4.1.3/ChangeLog 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/ChangeLog 2020-10-22 21:31:29.000000000 +0200 @@ -1,3 +1,16 @@ +AnsiLove/C 4.1.4 (2020-10-22) + +- Set CMAKE_BUILD_TYPE to "Release" in CMakeLists.txt +- Enable FORTIFY_SOURCE level 2 +- Move read_status variable declaration to the top of the function +- Check fread() return values in readComments() and add error handling +- Introduce the READ_RECORD function-like macro, for fread error handling +- Use READ_RECORD in readRecord() to add fread() error handling +- Only call memset() if the malloc call succeeds +- Check strdup() return value and error out on failed allocation + + + AnsiLove/C 4.1.3 (2020-09-18) - Adjust SAUCE flag output to be binary diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/FILE_ID.DIZ new/ansilove-4.1.4/FILE_ID.DIZ --- old/ansilove-4.1.3/FILE_ID.DIZ 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/FILE_ID.DIZ 2020-10-22 21:31:29.000000000 +0200 @@ -17,7 +17,7 @@ - -----------//______|----------------- - : : | | - | Ansilove/C 4.1.3 | + | Ansilove/C 4.1.4 | | | | ANSi=>PNG converter & library | | | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/src/ansilove.c new/ansilove-4.1.4/src/ansilove.c --- old/ansilove-4.1.3/src/ansilove.c 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/src/ansilove.c 2020-10-22 21:31:29.000000000 +0200 @@ -1,6 +1,6 @@ /* * ansilove.c - * Ansilove 4.1.3 + * Ansilove 4.1.4 * https://www.ansilove.org * * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus @@ -329,6 +329,8 @@ /* get file extension */ char *fext = strrchr(input, '.'); fext = fext ? strtolower(strdup(++fext)) : strdup(""); + if (!fext) + errx(EXIT_FAILURE, "Memory allocation error."); /* check if current file has a .diz extension */ if (!strcmp(fext, "diz")) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/src/config.h new/ansilove-4.1.4/src/config.h --- old/ansilove-4.1.3/src/config.h 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/src/config.h 2020-10-22 21:31:29.000000000 +0200 @@ -1,6 +1,6 @@ /* * config.h - * Ansilove 4.1.3 + * Ansilove 4.1.4 * https://www.ansilove.org * * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus @@ -16,7 +16,7 @@ #include <stdint.h> /* configuration defines */ -#define VERSION "4.1.3" +#define VERSION "4.1.4" enum { FONTS = 38, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/src/fonts.h new/ansilove-4.1.4/src/fonts.h --- old/ansilove-4.1.3/src/fonts.h 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/src/fonts.h 2020-10-22 21:31:29.000000000 +0200 @@ -1,6 +1,6 @@ /* * fonts.h - * Ansilove 4.1.3 + * Ansilove 4.1.4 * https://www.ansilove.org * * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/src/sauce.c new/ansilove-4.1.4/src/sauce.c --- old/ansilove-4.1.3/src/sauce.c 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/src/sauce.c 2020-10-22 21:31:29.000000000 +0200 @@ -1,6 +1,6 @@ /* * sauce.c - * Ansilove 4.1.3 + * Ansilove 4.1.4 * https://www.ansilove.org * * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus @@ -36,47 +36,54 @@ { struct sauce *record; record = malloc(sizeof *record); - memset(record, 0, sizeof *record); if (record != NULL) { + memset(record, 0, sizeof *record); readRecord(file, record); } return record; } +#define READ_RECORD(record, size) \ + read_status = fread(record, size, 1, file); \ + if (read_status != 1) \ + return; + void readRecord(FILE *file, struct sauce *record) { + size_t read_status; + if (fseek(file, 0 - RECORD_SIZE, SEEK_END) != 0) { return; } - size_t read_status = fread(record->ID, sizeof (record->ID) - 1, 1, file); + read_status = fread(record->ID, sizeof (record->ID) - 1, 1, file); record->ID[sizeof (record->ID) - 1] = '\0'; if (read_status != 1 || strcmp(record->ID, SAUCE_ID) != 0) { return; } - fread(record->version, sizeof (record->version) - 1, 1, file); + READ_RECORD(record->version, sizeof(record->version) - 1); record->version[sizeof (record->version) - 1] = '\0'; - fread(record->title, sizeof (record->title) - 1, 1, file); + READ_RECORD(record->title, sizeof(record->title) - 1); record->title[sizeof (record->title) - 1] = '\0'; - fread(record->author, sizeof (record->author) - 1, 1, file); + READ_RECORD(record->author, sizeof(record->author) -1); record->author[sizeof (record->author) - 1] = '\0'; - fread(record->group, sizeof (record->group) - 1, 1, file); + READ_RECORD(record->group, sizeof(record->group) - 1); record->group[sizeof (record->group) - 1] = '\0'; - fread(record->date, sizeof (record->date) - 1, 1, file); + READ_RECORD(record->date, sizeof(record->date) - 1); record->date[sizeof (record->date) - 1] = '\0'; - fread(&(record->fileSize), sizeof (record->fileSize), 1, file); - fread(&(record->dataType), sizeof (record->dataType), 1, file); - fread(&(record->fileType), sizeof (record->fileType), 1, file); - fread(&(record->tinfo1), sizeof (record->tinfo1), 1, file); - fread(&(record->tinfo2), sizeof (record->tinfo2), 1, file); - fread(&(record->tinfo3), sizeof (record->tinfo3), 1, file); - fread(&(record->tinfo4), sizeof (record->tinfo4), 1, file); - fread(&(record->comments), sizeof (record->comments), 1, file); - fread(&(record->flags), sizeof (record->flags), 1, file); - fread(record->tinfos, sizeof (record->tinfos) - 1, 1, file); + READ_RECORD(&(record->fileSize), sizeof (record->fileSize)); + READ_RECORD(&(record->dataType), sizeof (record->dataType)); + READ_RECORD(&(record->fileType), sizeof (record->fileType)); + READ_RECORD(&(record->tinfo1), sizeof (record->tinfo1)); + READ_RECORD(&(record->tinfo2), sizeof (record->tinfo2)); + READ_RECORD(&(record->tinfo3), sizeof (record->tinfo3)); + READ_RECORD(&(record->tinfo4), sizeof (record->tinfo4)); + READ_RECORD(&(record->comments), sizeof (record->comments)); + READ_RECORD(&(record->flags), sizeof (record->flags)); + READ_RECORD(record->tinfos, sizeof(record->tinfos) - 1); record->tinfos[sizeof (record->tinfos) - 1] = '\0'; if (ferror(file) != 0) { @@ -98,10 +105,14 @@ readComments(FILE *file, char **comment_lines, int32_t comments) { int32_t i; + size_t read_status; if (fseek(file, 0 - (RECORD_SIZE + 5 + COMMENT_SIZE *comments), SEEK_END) == 0) { char ID[6]; - fread(ID, sizeof (ID) - 1, 1, file); + read_status = fread(ID, sizeof (ID) - 1, 1, file); + if (read_status != 1) + return -1; + ID[sizeof (ID) - 1] = '\0'; if (strcmp(ID, COMMENT_ID) != 0) { @@ -111,7 +122,10 @@ for (i = 0; i < comments; i++) { char buf[COMMENT_SIZE + 1] = ""; - fread(buf, COMMENT_SIZE, 1, file); + read_status = fread(buf, COMMENT_SIZE, 1, file); + if (read_status != 1) + return -1; + buf[COMMENT_SIZE] = '\0'; if (ferror(file) == 0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/src/sauce.h new/ansilove-4.1.4/src/sauce.h --- old/ansilove-4.1.3/src/sauce.h 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/src/sauce.h 2020-10-22 21:31:29.000000000 +0200 @@ -1,6 +1,6 @@ /* * sauce.h - * Ansilove 4.1.3 + * Ansilove 4.1.4 * https://www.ansilove.org * * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/src/seccomp.h new/ansilove-4.1.4/src/seccomp.h --- old/ansilove-4.1.3/src/seccomp.h 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/src/seccomp.h 2020-10-22 21:31:29.000000000 +0200 @@ -1,6 +1,6 @@ /* * seccomp.h - * Ansilove 4.1.3 + * Ansilove 4.1.4 * https://www.ansilove.org * * Copyright (c) 2019-2020, Frederic Cambus diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/src/strtolower.c new/ansilove-4.1.4/src/strtolower.c --- old/ansilove-4.1.3/src/strtolower.c 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/src/strtolower.c 2020-10-22 21:31:29.000000000 +0200 @@ -1,6 +1,6 @@ /* * strtolower.c - * Ansilove 4.1.3 + * Ansilove 4.1.4 * https://www.ansilove.org * * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/src/strtolower.h new/ansilove-4.1.4/src/strtolower.h --- old/ansilove-4.1.3/src/strtolower.h 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/src/strtolower.h 2020-10-22 21:31:29.000000000 +0200 @@ -1,6 +1,6 @@ /* * strtolower.h - * Ansilove 4.1.3 + * Ansilove 4.1.4 * https://www.ansilove.org * * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/src/types.c new/ansilove-4.1.4/src/types.c --- old/ansilove-4.1.3/src/types.c 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/src/types.c 2020-10-22 21:31:29.000000000 +0200 @@ -1,6 +1,6 @@ /* * types.c - * Ansilove 4.1.3 + * Ansilove 4.1.4 * https://www.ansilove.org * * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansilove-4.1.3/src/types.h new/ansilove-4.1.4/src/types.h --- old/ansilove-4.1.3/src/types.h 2020-09-18 09:05:20.000000000 +0200 +++ new/ansilove-4.1.4/src/types.h 2020-10-22 21:31:29.000000000 +0200 @@ -1,6 +1,6 @@ /* * types.h - * Ansilove 4.1.3 + * Ansilove 4.1.4 * https://www.ansilove.org * * Copyright (c) 2011-2020 Stefan Vogt, Brian Cassidy, and Frederic Cambus