From c2c598e4a223b6d45252b0656207a924f2bdf33f Mon Sep 17 00:00:00 2001 From: Artur Frenszek-Iwicki Date: Tue, 2 May 2023 14:16:49 +0200 Subject: [PATCH 1/2] Add a patch to fix program aborting at launch --- ...-fix-buffer-overflow-abort-on-launch.patch | 28 ++++++++++ 0001-unbundle-kissfft.patch | 51 +++++++++++++++++++ ckb-next.spec | 32 +++++++++--- 3 files changed, 104 insertions(+), 7 deletions(-) create mode 100644 0000-fix-buffer-overflow-abort-on-launch.patch create mode 100644 0001-unbundle-kissfft.patch diff --git a/0000-fix-buffer-overflow-abort-on-launch.patch b/0000-fix-buffer-overflow-abort-on-launch.patch new file mode 100644 index 0000000..0808ce5 --- /dev/null +++ b/0000-fix-buffer-overflow-abort-on-launch.patch @@ -0,0 +1,28 @@ +From c29a9f5e314ddb987b75cb05793ae1bf2bb9ae0c Mon Sep 17 00:00:00 2001 +From: Tasos Sahanidis +Date: Sat, 18 Mar 2023 16:13:51 +0200 +Subject: [PATCH] Fix buffer overflow detected with _FORTIFY_SOURCE + +Technically there's no buffer overflow taking place, but the size +argument passed to snprintf was incorrect. + +Closes #940 +--- + src/daemon/device_bragi.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/daemon/device_bragi.c b/src/daemon/device_bragi.c +index e0690d32..8de99570 100644 +--- a/src/daemon/device_bragi.c ++++ b/src/daemon/device_bragi.c +@@ -178,8 +178,8 @@ static int start_bragi_common(usbdevice* kb){ + } + + char str[PAIR_ID_SIZE*3+1] = {0}; +- for(uint32_t i = 0; i < PAIR_ID_SIZE; i++) +- snprintf(str + i * 3, sizeof(str), "%02hhx ", kb->wl_pairing_id[i]); ++ for(int i = 0; i < PAIR_ID_SIZE; i++) ++ snprintf(str + i * 3, sizeof(str) - i * 3, "%02hhx ", kb->wl_pairing_id[i]); + + ckb_info("ckb%d: Pairing id: %s", INDEX_OF(kb, keyboard), str); + diff --git a/0001-unbundle-kissfft.patch b/0001-unbundle-kissfft.patch new file mode 100644 index 0000000..436ed6b --- /dev/null +++ b/0001-unbundle-kissfft.patch @@ -0,0 +1,51 @@ +diff -r -U4 ckb-next-0.5.0--orig/src/animations/mviz/CMakeLists.txt ckb-next-0.5.0--patched/src/animations/mviz/CMakeLists.txt +--- ckb-next-0.5.0--orig/src/animations/mviz/CMakeLists.txt 2022-05-27 12:30:46.000000000 +0200 ++++ ckb-next-0.5.0--patched/src/animations/mviz/CMakeLists.txt 2023-05-02 13:32:28.810939157 +0200 +@@ -65,14 +65,18 @@ + + set(AUDIO_LIBRARIES "${PULSEAUDIOSIMPLE_LIBRARIES}") + endif () + ++add_library(kissfft STATIC IMPORTED) ++set_target_properties(kissfft PROPERTIES IMPORTED_LOCATION "${LIB_INSTALL_DIR}/libkiss_fft_float.a") ++add_library(kissfftr STATIC IMPORTED) ++set_target_properties(kissfftr PROPERTIES IMPORTED_LOCATION "${LIB_INSTALL_DIR}/libkiss_fftr_float.a") ++ + if (MACOS) + target_link_libraries( + mviz + PRIVATE + m +- KissFFT::KissFFT + ${CMAKE_PROJECT_NAME}::Animation + ${CORESERVICES_LIBRARY} + ${COREFOUNDATION_LIBRARY} + ${AUDIOUNIT_LIBRARY} +@@ -83,9 +87,10 @@ + target_link_libraries( + mviz + PRIVATE + m +- KissFFT::KissFFT ++ kissfft ++ kissfftr + ${CMAKE_PROJECT_NAME}::Animation + "${AUDIO_LIBRARIES}") + else() + message(WARNING "PortAudio link library has not been specified for this OS.") +diff -r -U4 ckb-next-0.5.0--orig/src/libs/CMakeLists.txt ckb-next-0.5.0--patched/src/libs/CMakeLists.txt +--- ckb-next-0.5.0--orig/src/libs/CMakeLists.txt 2022-05-27 12:30:46.000000000 +0200 ++++ ckb-next-0.5.0--patched/src/libs/CMakeLists.txt 2023-05-02 13:02:24.305285201 +0200 +@@ -24,12 +24,8 @@ + # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + # POSSIBILITY OF SUCH DAMAGE. + +-if (WITH_MVIZ) # otherwise doesn't make sense to include +- add_subdirectory(kissfft) +-endif () +- + if (WITH_GUI) + find_package(QuaZip) + if(NOT QuaZip_FOUND) + set(WITH_SHIPPED_QUAZIP ON) diff --git a/ckb-next.spec b/ckb-next.spec index cd90e7a..81628bf 100644 --- a/ckb-next.spec +++ b/ckb-next.spec @@ -1,10 +1,13 @@ Name: ckb-next Version: 0.5.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Unofficial driver for Corsair RGB keyboards -# ckb-next is GPLv2 -# The kissfft library (src/libs/kissfft) is BSD +# ckb-next is GPLv2. +# +# The kissfft library (src/libs/kissfft) is BSD. +# This library is un-bundled by Patch1, but since it's statically linked, +# its license is still included here. License: GPLv2 and BSD URL: https://github.com/ckb-next/ckb-next @@ -15,6 +18,17 @@ Source1: ckb-next.appdata.xml Source2: ckb-next.1 Source3: 99-ckb-next.preset +# Fix the program aborting at launch because of a detected buffer overflow. +# Backport of upstream commit: +# https://github.com/ckb-next/ckb-next/commit/c29a9f5e314ddb987b75cb05793ae1bf2bb9ae0c +# See bug reports at: +# - https://bugzilla.redhat.com/show_bug.cgi?id=2192159 +# - https://github.com/ckb-next/ckb-next/issues/940 +Patch0: 0000-fix-buffer-overflow-abort-on-launch.patch + +# CMakeLists need to be adjusted to compile properly with un-bundled kissfft +Patch1: 0001-unbundle-kissfft.patch + BuildRequires: cmake BuildRequires: desktop-file-utils BuildRequires: gcc-c++ @@ -23,6 +37,7 @@ BuildRequires: libappstream-glib BuildRequires: qt5-linguist BuildRequires: dbusmenu-qt5-devel +BuildRequires: kiss-fft-devel BuildRequires: libappindicator-devel BuildRequires: libgudev-devel BuildRequires: libxcb-devel @@ -40,8 +55,6 @@ BuildRequires: systemd-devel Requires: qt5-qtbase >= 5.2.0 Requires: qt5ct -Provides: bundled(kissfft) - # ckb-next, as the name suggests, is a re-activation and continuation of "ckb". # The last released version of the original "ckb" was 0.2.7. Obsoletes: ckb < 0.2.8-0 @@ -55,9 +68,10 @@ supports much of the same functionality, including full RGB animations. %prep -%setup -q +%autosetup -p1 -# Remove the bundled quazip library +# Remove the bundled libraries +rm -rf src/libs/kissfft rm -rf src/libs/quazip # Fedora uses /usr/libexec for daemons @@ -135,6 +149,10 @@ udevadm control --reload-rules 2>&1 > /dev/null || : %changelog +* Tue May 02 2023 Artur Frenszek-Iwicki - 0.5.0-3 +- Add a patch to fix program aborting on launch +- Un-bundle kissfft + * Wed Jul 20 2022 Fedora Release Engineering - 0.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From 1ee84893571cdf55c378514f241430fbc7b633ba Mon Sep 17 00:00:00 2001 From: Artur Frenszek-Iwicki Date: Sun, 25 Jun 2023 23:45:00 +0200 Subject: [PATCH 2/2] Update to v0.6.0 --- .gitignore | 1 + ...-fix-buffer-overflow-abort-on-launch.patch | 28 ------------------- 0001-unbundle-kissfft.patch | 22 +++++++-------- ckb-next.spec | 19 +++++-------- sources | 2 +- 5 files changed, 19 insertions(+), 53 deletions(-) delete mode 100644 0000-fix-buffer-overflow-abort-on-launch.patch diff --git a/.gitignore b/.gitignore index 44110b9..9177031 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ /ckb-next-0.4.3.tar.gz /ckb-next-0.4.4.tar.gz /ckb-next-0.5.0.tar.gz +/ckb-next-0.6.0.tar.gz diff --git a/0000-fix-buffer-overflow-abort-on-launch.patch b/0000-fix-buffer-overflow-abort-on-launch.patch deleted file mode 100644 index 0808ce5..0000000 --- a/0000-fix-buffer-overflow-abort-on-launch.patch +++ /dev/null @@ -1,28 +0,0 @@ -From c29a9f5e314ddb987b75cb05793ae1bf2bb9ae0c Mon Sep 17 00:00:00 2001 -From: Tasos Sahanidis -Date: Sat, 18 Mar 2023 16:13:51 +0200 -Subject: [PATCH] Fix buffer overflow detected with _FORTIFY_SOURCE - -Technically there's no buffer overflow taking place, but the size -argument passed to snprintf was incorrect. - -Closes #940 ---- - src/daemon/device_bragi.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/daemon/device_bragi.c b/src/daemon/device_bragi.c -index e0690d32..8de99570 100644 ---- a/src/daemon/device_bragi.c -+++ b/src/daemon/device_bragi.c -@@ -178,8 +178,8 @@ static int start_bragi_common(usbdevice* kb){ - } - - char str[PAIR_ID_SIZE*3+1] = {0}; -- for(uint32_t i = 0; i < PAIR_ID_SIZE; i++) -- snprintf(str + i * 3, sizeof(str), "%02hhx ", kb->wl_pairing_id[i]); -+ for(int i = 0; i < PAIR_ID_SIZE; i++) -+ snprintf(str + i * 3, sizeof(str) - i * 3, "%02hhx ", kb->wl_pairing_id[i]); - - ckb_info("ckb%d: Pairing id: %s", INDEX_OF(kb, keyboard), str); - diff --git a/0001-unbundle-kissfft.patch b/0001-unbundle-kissfft.patch index 436ed6b..56f0254 100644 --- a/0001-unbundle-kissfft.patch +++ b/0001-unbundle-kissfft.patch @@ -1,9 +1,9 @@ -diff -r -U4 ckb-next-0.5.0--orig/src/animations/mviz/CMakeLists.txt ckb-next-0.5.0--patched/src/animations/mviz/CMakeLists.txt ---- ckb-next-0.5.0--orig/src/animations/mviz/CMakeLists.txt 2022-05-27 12:30:46.000000000 +0200 -+++ ckb-next-0.5.0--patched/src/animations/mviz/CMakeLists.txt 2023-05-02 13:32:28.810939157 +0200 +diff -r -U4 ckb-next-0.6.0--orig/src/animations/mviz/CMakeLists.txt ckb-next-0.6.0--patched/src/animations/mviz/CMakeLists.txt +--- ckb-next-0.6.0--orig/src/animations/mviz/CMakeLists.txt 2023-06-22 23:07:29.000000000 +0200 ++++ ckb-next-0.6.0--patched/src/animations/mviz/CMakeLists.txt 2023-06-25 22:59:31.481115661 +0200 @@ -65,14 +65,18 @@ - set(AUDIO_LIBRARIES "${PULSEAUDIOSIMPLE_LIBRARIES}") + set(AUDIO_LIBRARIES "${PULSEAUDIO_LIBRARIES}") endif () +add_library(kissfft STATIC IMPORTED) @@ -33,10 +33,10 @@ diff -r -U4 ckb-next-0.5.0--orig/src/animations/mviz/CMakeLists.txt ckb-next-0.5 "${AUDIO_LIBRARIES}") else() message(WARNING "PortAudio link library has not been specified for this OS.") -diff -r -U4 ckb-next-0.5.0--orig/src/libs/CMakeLists.txt ckb-next-0.5.0--patched/src/libs/CMakeLists.txt ---- ckb-next-0.5.0--orig/src/libs/CMakeLists.txt 2022-05-27 12:30:46.000000000 +0200 -+++ ckb-next-0.5.0--patched/src/libs/CMakeLists.txt 2023-05-02 13:02:24.305285201 +0200 -@@ -24,12 +24,8 @@ +diff -r -U4 ckb-next-0.6.0--orig/src/libs/CMakeLists.txt ckb-next-0.6.0--patched/src/libs/CMakeLists.txt +--- ckb-next-0.6.0--orig/src/libs/CMakeLists.txt 2023-06-22 23:07:29.000000000 +0200 ++++ ckb-next-0.6.0--patched/src/libs/CMakeLists.txt 2023-06-25 22:59:56.191319405 +0200 +@@ -24,10 +24,6 @@ # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. @@ -45,7 +45,5 @@ diff -r -U4 ckb-next-0.5.0--orig/src/libs/CMakeLists.txt ckb-next-0.5.0--patched - add_subdirectory(kissfft) -endif () - - if (WITH_GUI) - find_package(QuaZip) - if(NOT QuaZip_FOUND) - set(WITH_SHIPPED_QUAZIP ON) + # ckb-next libraries + add_subdirectory(ckb-next) diff --git a/ckb-next.spec b/ckb-next.spec index 81628bf..893e31d 100644 --- a/ckb-next.spec +++ b/ckb-next.spec @@ -1,6 +1,6 @@ Name: ckb-next -Version: 0.5.0 -Release: 3%{?dist} +Version: 0.6.0 +Release: 1%{?dist} Summary: Unofficial driver for Corsair RGB keyboards # ckb-next is GPLv2. @@ -18,14 +18,6 @@ Source1: ckb-next.appdata.xml Source2: ckb-next.1 Source3: 99-ckb-next.preset -# Fix the program aborting at launch because of a detected buffer overflow. -# Backport of upstream commit: -# https://github.com/ckb-next/ckb-next/commit/c29a9f5e314ddb987b75cb05793ae1bf2bb9ae0c -# See bug reports at: -# - https://bugzilla.redhat.com/show_bug.cgi?id=2192159 -# - https://github.com/ckb-next/ckb-next/issues/940 -Patch0: 0000-fix-buffer-overflow-abort-on-launch.patch - # CMakeLists need to be adjusted to compile properly with un-bundled kissfft Patch1: 0001-unbundle-kissfft.patch @@ -72,7 +64,6 @@ supports much of the same functionality, including full RGB animations. # Remove the bundled libraries rm -rf src/libs/kissfft -rm -rf src/libs/quazip # Fedora uses /usr/libexec for daemons sed -e '/^ExecStart/cExecStart=%{_libexecdir}/ckb-next-daemon' -i linux/systemd/ckb-next-daemon.service.in @@ -90,7 +81,6 @@ sed -e 's|"/lib/udev/rules.d"|"%{_udevrulesdir}"|g' -i CMakeLists.txt -DFORCE_INIT_SYSTEM=systemd \ -DSAFE_INSTALL=OFF \ -DSAFE_UNINSTALL=OFF \ - -DWITH_SHIPPED_QUAZIP=OFF \ %cmake_build @@ -135,6 +125,7 @@ udevadm control --reload-rules 2>&1 > /dev/null || : %{_bindir}/ckb-next %{_bindir}/ckb-next-dev-detect %{_libexecdir}/ckb-next-daemon +%{_libexecdir}/ckb-next-sinfo %{_libexecdir}/ckb-next-animations/ %{_libdir}/cmake/ckb-next/ %{_datadir}/applications/ckb-next.desktop @@ -149,6 +140,10 @@ udevadm control --reload-rules 2>&1 > /dev/null || : %changelog +* Sun Jun 25 2023 Artur Frenszek-Iwicki - 0.6.0-1 +- Update to v0.6.0 +- Drop Patch0 (buffer overflow fix - backported from this release) + * Tue May 02 2023 Artur Frenszek-Iwicki - 0.5.0-3 - Add a patch to fix program aborting on launch - Un-bundle kissfft diff --git a/sources b/sources index 1798b34..9fc37d7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ckb-next-0.5.0.tar.gz) = d4e46466df4cdac7f4d4be05072592101780c94af261ec1b0bf6ec8bb1f97f892fb5da17dd91cf5f9b45fe128547cc7393c13e29843d6a7ae0de7a4688a5cdb1 +SHA512 (ckb-next-0.6.0.tar.gz) = 34236199d420b663bb71db9400622bb868a3a0b384b58d5da3f80d2bd7ec9586d4e4ac9caad0b047b8440dc4200e4dd6077f4e0d1edb5a75a1327bf9c9ba9392