Update to 0.16-7

Resolves: https://issues.redhat.com/browse/RHEL-29753

.libpciaccess.metadata

@@ -0,0 +1 @@
+ffaa13f2df5f822da1089b55223b217c142ef919 libpciaccess-0.16.tar.bz2

0001-vgaarb-Check-snprintf-return-value.patch

@@ -0,0 +1,69 @@
+From c4af0f3ab992977d7fde65240a15481a1adc859c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jexposit@redhat.com>
+Date: Tue, 19 Mar 2024 13:45:19 +0100
+Subject: [PATCH] vgaarb: Check snprintf return value
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+snprintf() might return a negative value if an error occurs.
+Check its return value before using it in vgaarb_write().
+
+Signed-off-by: José Expósito <jexposit@redhat.com>
+---
+ src/common_vgaarb.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/common_vgaarb.c b/src/common_vgaarb.c
+index 515275f..a1edfab 100644
+--- a/src/common_vgaarb.c
++++ b/src/common_vgaarb.c
+@@ -238,6 +238,8 @@ pci_device_vgaarb_set_target(struct pci_device *dev)
+ 
+     len = snprintf(buf, BUFSIZE, "target PCI:%04x:%02x:%02x.%x",
+                    dev->domain, dev->bus, dev->dev, dev->func);
++    if (len < 0 || len >= BUFSIZE)
++        return -1;
+ 
+     ret = vgaarb_write(pci_sys->vgaarb_fd, buf, len);
+     if (ret)
+@@ -268,6 +270,9 @@ pci_device_vgaarb_decodes(int new_vgaarb_rsrc)
+         return 0;
+ 
+     len = snprintf(buf, BUFSIZE, "decodes %s", rsrc_to_str(new_vgaarb_rsrc));
++    if (len < 0 || len >= BUFSIZE)
++        return -1;
++
+     ret = vgaarb_write(pci_sys->vgaarb_fd, buf, len);
+     if (ret == 0)
+         dev->vgaarb_rsrc = new_vgaarb_rsrc;
+@@ -297,6 +302,8 @@ pci_device_vgaarb_lock(void)
+         return 0;
+ 
+     len = snprintf(buf, BUFSIZE, "lock %s", rsrc_to_str(dev->vgaarb_rsrc));
++    if (len < 0 || len >= BUFSIZE)
++        return -1;
+ 
+     return vgaarb_write(pci_sys->vgaarb_fd, buf, len);
+ }
+@@ -315,6 +322,8 @@ pci_device_vgaarb_trylock(void)
+         return 0;
+ 
+     len = snprintf(buf, BUFSIZE, "trylock %s", rsrc_to_str(dev->vgaarb_rsrc));
++    if (len < 0 || len >= BUFSIZE)
++        return -1;
+ 
+     return vgaarb_write(pci_sys->vgaarb_fd, buf, len);
+ }
+@@ -333,6 +342,8 @@ pci_device_vgaarb_unlock(void)
+         return 0;
+ 
+     len = snprintf(buf, BUFSIZE, "unlock %s", rsrc_to_str(dev->vgaarb_rsrc));
++    if (len < 0 || len >= BUFSIZE)
++        return -1;
+ 
+     return vgaarb_write(pci_sys->vgaarb_fd, buf, len);
+ }
+-- 
+2.44.0
+

libpciaccess.spec

@@ -1,6 +1,6 @@
 Name:           libpciaccess
 Version:        0.16
-Release:        5%{?dist}
+Release:        7%{?dist}
 Summary:        PCI access library
 
 License:        MIT
@@ -13,6 +13,7 @@ Source0:	https://www.x.org/archive/individual/lib/%{name}-%{version}.tar.bz2
 Source1:        make-libpciaccess-snapshot.sh
 
 Patch2:		libpciaccess-rom-size.patch
+Patch3:		0001-vgaarb-Check-snprintf-return-value.patch
 
 BuildRequires:  autoconf automake libtool pkgconfig xorg-x11-util-macros
 BuildRequires: make
@@ -56,6 +57,14 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
 %{_libdir}/pkgconfig/pciaccess.pc
 
 %changelog
+* Wed Mar 20 2024 José Expósito <jexposit@redhat.com> - 0.16-7
+- Fix findings from static application security testing (SAST)
+  Resolves: https://issues.redhat.com/browse/RHEL-29753
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.16-6
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.16-5
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937