diff --git a/0000-fix-buffer-overflow-abort-on-launch.patch b/0000-fix-buffer-overflow-abort-on-launch.patch new file mode 100644 index 0000000..0808ce5 --- /dev/null +++ b/0000-fix-buffer-overflow-abort-on-launch.patch @@ -0,0 +1,28 @@ +From c29a9f5e314ddb987b75cb05793ae1bf2bb9ae0c Mon Sep 17 00:00:00 2001 +From: Tasos Sahanidis +Date: Sat, 18 Mar 2023 16:13:51 +0200 +Subject: [PATCH] Fix buffer overflow detected with _FORTIFY_SOURCE + +Technically there's no buffer overflow taking place, but the size +argument passed to snprintf was incorrect. + +Closes #940 +--- + src/daemon/device_bragi.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/daemon/device_bragi.c b/src/daemon/device_bragi.c +index e0690d32..8de99570 100644 +--- a/src/daemon/device_bragi.c ++++ b/src/daemon/device_bragi.c +@@ -178,8 +178,8 @@ static int start_bragi_common(usbdevice* kb){ + } + + char str[PAIR_ID_SIZE*3+1] = {0}; +- for(uint32_t i = 0; i < PAIR_ID_SIZE; i++) +- snprintf(str + i * 3, sizeof(str), "%02hhx ", kb->wl_pairing_id[i]); ++ for(int i = 0; i < PAIR_ID_SIZE; i++) ++ snprintf(str + i * 3, sizeof(str) - i * 3, "%02hhx ", kb->wl_pairing_id[i]); + + ckb_info("ckb%d: Pairing id: %s", INDEX_OF(kb, keyboard), str); + diff --git a/0001-unbundle-kissfft.patch b/0001-unbundle-kissfft.patch new file mode 100644 index 0000000..436ed6b --- /dev/null +++ b/0001-unbundle-kissfft.patch @@ -0,0 +1,51 @@ +diff -r -U4 ckb-next-0.5.0--orig/src/animations/mviz/CMakeLists.txt ckb-next-0.5.0--patched/src/animations/mviz/CMakeLists.txt +--- ckb-next-0.5.0--orig/src/animations/mviz/CMakeLists.txt 2022-05-27 12:30:46.000000000 +0200 ++++ ckb-next-0.5.0--patched/src/animations/mviz/CMakeLists.txt 2023-05-02 13:32:28.810939157 +0200 +@@ -65,14 +65,18 @@ + + set(AUDIO_LIBRARIES "${PULSEAUDIOSIMPLE_LIBRARIES}") + endif () + ++add_library(kissfft STATIC IMPORTED) ++set_target_properties(kissfft PROPERTIES IMPORTED_LOCATION "${LIB_INSTALL_DIR}/libkiss_fft_float.a") ++add_library(kissfftr STATIC IMPORTED) ++set_target_properties(kissfftr PROPERTIES IMPORTED_LOCATION "${LIB_INSTALL_DIR}/libkiss_fftr_float.a") ++ + if (MACOS) + target_link_libraries( + mviz + PRIVATE + m +- KissFFT::KissFFT + ${CMAKE_PROJECT_NAME}::Animation + ${CORESERVICES_LIBRARY} + ${COREFOUNDATION_LIBRARY} + ${AUDIOUNIT_LIBRARY} +@@ -83,9 +87,10 @@ + target_link_libraries( + mviz + PRIVATE + m +- KissFFT::KissFFT ++ kissfft ++ kissfftr + ${CMAKE_PROJECT_NAME}::Animation + "${AUDIO_LIBRARIES}") + else() + message(WARNING "PortAudio link library has not been specified for this OS.") +diff -r -U4 ckb-next-0.5.0--orig/src/libs/CMakeLists.txt ckb-next-0.5.0--patched/src/libs/CMakeLists.txt +--- ckb-next-0.5.0--orig/src/libs/CMakeLists.txt 2022-05-27 12:30:46.000000000 +0200 ++++ ckb-next-0.5.0--patched/src/libs/CMakeLists.txt 2023-05-02 13:02:24.305285201 +0200 +@@ -24,12 +24,8 @@ + # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + # POSSIBILITY OF SUCH DAMAGE. + +-if (WITH_MVIZ) # otherwise doesn't make sense to include +- add_subdirectory(kissfft) +-endif () +- + if (WITH_GUI) + find_package(QuaZip) + if(NOT QuaZip_FOUND) + set(WITH_SHIPPED_QUAZIP ON) diff --git a/ckb-next.spec b/ckb-next.spec index 292def9..bce4df7 100644 --- a/ckb-next.spec +++ b/ckb-next.spec @@ -1,10 +1,13 @@ Name: ckb-next Version: 0.5.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Unofficial driver for Corsair RGB keyboards -# ckb-next is GPLv2 -# The kissfft library (src/libs/kissfft) is BSD +# ckb-next is GPLv2. +# +# The kissfft library (src/libs/kissfft) is BSD. +# This library is un-bundled by Patch1, but since it's statically linked, +# its license is still included here. License: GPLv2 and BSD URL: https://github.com/ckb-next/ckb-next @@ -15,6 +18,17 @@ Source1: ckb-next.appdata.xml Source2: ckb-next.1 Source3: 99-ckb-next.preset +# Fix the program aborting at launch because of a detected buffer overflow. +# Backport of upstream commit: +# https://github.com/ckb-next/ckb-next/commit/c29a9f5e314ddb987b75cb05793ae1bf2bb9ae0c +# See bug reports at: +# - https://bugzilla.redhat.com/show_bug.cgi?id=2192159 +# - https://github.com/ckb-next/ckb-next/issues/940 +Patch0: 0000-fix-buffer-overflow-abort-on-launch.patch + +# CMakeLists need to be adjusted to compile properly with un-bundled kissfft +Patch1: 0001-unbundle-kissfft.patch + BuildRequires: cmake BuildRequires: desktop-file-utils BuildRequires: gcc-c++ @@ -23,6 +37,7 @@ BuildRequires: libappstream-glib BuildRequires: qt5-linguist BuildRequires: dbusmenu-qt5-devel +BuildRequires: kiss-fft-devel BuildRequires: libappindicator-devel BuildRequires: libgudev-devel BuildRequires: libxcb-devel @@ -40,8 +55,6 @@ BuildRequires: systemd-devel Requires: qt5-qtbase >= 5.2.0 Requires: qt5ct -Provides: bundled(kissfft) - # ckb-next, as the name suggests, is a re-activation and continuation of "ckb". # The last released version of the original "ckb" was 0.2.7. Obsoletes: ckb < 0.2.8-0 @@ -55,9 +68,10 @@ supports much of the same functionality, including full RGB animations. %prep -%setup -q +%autosetup -p1 -# Remove the bundled quazip library +# Remove the bundled libraries +rm -rf src/libs/kissfft rm -rf src/libs/quazip # Fedora uses /usr/libexec for daemons @@ -135,6 +149,10 @@ udevadm control --reload-rules 2>&1 > /dev/null || : %changelog +* Tue May 02 2023 Artur Frenszek-Iwicki - 0.5.0-2 +- Add a patch to fix program aborting on launch +- Un-bundle kissfft + * Fri May 27 2022 Artur Frenszek-Iwicki - 0.5.0-1 - Update to v0.5.0 - Remove the Qt QPA fix from desktop file