Hello community, here is the log from the commit of package libvpd2 for openSUSE:Factory checked in at 2018-06-02 12:15:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvpd2 (Old) and /work/SRC/openSUSE:Factory/.libvpd2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvpd2" Sat Jun 2 12:15:02 2018 rev:27 rq:613503 version:2.2.5 Changes: -------- --- /work/SRC/openSUSE:Factory/libvpd2/libvpd2.changes 2017-10-20 14:48:03.258116377 +0200 +++ /work/SRC/openSUSE:Factory/.libvpd2.new/libvpd2.changes 2018-06-02 12:15:27.948688885 +0200 @@ -1,0 +2,15 @@ +Fri Jun 1 13:49:07 UTC 2018 - [email protected] + +- Add 6 patches from upstream: + 0001-Modify-char-array-initialization-style.patch + this one differ from upstream as do not remove QUERY_BUF_LENGTH + still used in not upstream libvpd.async.patch + 0002-Null-check-before-passing-pointer-to-strlen-call.patch + 0003-Typo-correction-in-README-file.patch + 0004-libvpd-Validate-memory-allocation.patch + 0005-libvpd-Corrects-data-type-of-variables.patch + 0006-Changes-run.vpdupdate-creation-path-from-var-lib-lsv.patch + last one to avoid reported error systemd-udevd error: + 'touch /var/lib/lsvpd/run.vpdupdate' failed with exit code 1 + +------------------------------------------------------------------- New: ---- 0001-Modify-char-array-initialization-style.patch 0002-Null-check-before-passing-pointer-to-strlen-call.patch 0003-Typo-correction-in-README-file.patch 0004-libvpd-Validate-memory-allocation.patch 0005-libvpd-Corrects-data-type-of-variables.patch 0006-Changes-run.vpdupdate-creation-path-from-var-lib-lsv.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvpd2.spec ++++++ --- /var/tmp/diff_new_pack.1GmbPA/_old 2018-06-02 12:15:28.876654847 +0200 +++ /var/tmp/diff_new_pack.1GmbPA/_new 2018-06-02 12:15:28.876654847 +0200 @@ -1,7 +1,7 @@ # # spec file for package libvpd2 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,12 @@ Source2: baselibs.conf Patch1: libvpd2.makefile.patch Patch3: libvpd.async.patch +Patch4: 0001-Modify-char-array-initialization-style.patch +Patch5: 0002-Null-check-before-passing-pointer-to-strlen-call.patch +Patch6: 0003-Typo-correction-in-README-file.patch +Patch7: 0004-libvpd-Validate-memory-allocation.patch +Patch8: 0005-libvpd-Corrects-data-type-of-variables.patch +Patch9: 0006-Changes-run.vpdupdate-creation-path-from-var-lib-lsv.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc-c++ @@ -56,6 +62,12 @@ %setup -q -n libvpd-%{version} %patch1 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 %build autoreconf -fiv @@ -75,8 +87,6 @@ %defattr(-,root,root) %{_libdir}/*.so.* /%{_udevrulesdir}/90-vpdupdate.rules -%dir %{_localstatedir}/lib/lsvpd -%{_localstatedir}/lib/lsvpd/run.vpdupdate %files devel %defattr(-,root,root) ++++++ 0001-Modify-char-array-initialization-style.patch ++++++ >From cf5d29342e449032d6c7d1f4f8b7516052a2210b Mon Sep 17 00:00:00 2001 From: Kamalesh Babulal <[email protected]> Date: Mon, 16 Nov 2015 11:06:10 +0530 Subject: [PATCH] Modify char array initialization style As per secure coding standards its recommend to not initialize character array with bounds specified. Remove the last remaining such initialization and also the define which defines the buffer size. This patch replaces usage strlen() with compile time alternative sizeof() to find length of sql statement array(s) and remove constification of a sql char array. Signed-off-by: Kamalesh Babulal <[email protected]> Cc: Vaibhav Jain <[email protected]> Acked-by: Vaibhav Jain <[email protected]> Signed-off-by: Vasant Hegde <[email protected]> --- src/vpddbenv_c.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) Index: libvpd-2.2.5/src/vpddbenv_c.c =================================================================== --- libvpd-2.2.5.orig/src/vpddbenv_c.c +++ libvpd-2.2.5/src/vpddbenv_c.c @@ -97,10 +97,9 @@ struct component* fetch_component( struc sqlite3_stmt *pstmt = NULL; int rc; const char *out; - const char sql[QUERY_BUF_LENGTH] = "SELECT " DATA " FROM " TABLE_NAME " WHERE " ID "=?"; + char sql[] = {"SELECT " DATA " FROM " TABLE_NAME " WHERE " ID "=?"}; - rc = SQLITE3_PREPARE( db->db, sql, strlen( sql ) + 1, - &pstmt, &out ); + rc = SQLITE3_PREPARE( db->db, sql, sizeof( sql ), &pstmt, &out ); if( rc != SQLITE_OK ) goto FETCH_COMP_ERR; @@ -136,8 +135,7 @@ struct system* fetch_system( struct vpdd const char *out; char sql[] = "SELECT " DATA " FROM " TABLE_NAME " WHERE " ID "='" SYS_ID "';"; - rc = SQLITE3_PREPARE( db->db, sql, strlen( sql ) + 1, - &pstmt, &out ); + rc = SQLITE3_PREPARE( db->db, sql, sizeof( sql ), &pstmt, &out ); if( rc != SQLITE_OK ) goto FETCH_SYS_ERR; ++++++ 0002-Null-check-before-passing-pointer-to-strlen-call.patch ++++++ >From a791b3134c575430b1e0d9d9644cc55236e583ca Mon Sep 17 00:00:00 2001 From: Ankit Kumar <[email protected]> Date: Wed, 7 Sep 2016 19:25:57 +0530 Subject: [PATCH] Null check before passing pointer to strlen call strlen operation on NULL pointer results in segmentation fault. Hence this patch checks pointer before passing it to strlen function. Signed-off-by: Ankit Kumar <[email protected]> Reviewed-by: Mukesh Ojha <[email protected]> Signed-off-by: Vasant Hegde <[email protected]> --- src/vpddbenv_c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: libvpd-2.2.5/src/vpddbenv_c.c =================================================================== --- libvpd-2.2.5.orig/src/vpddbenv_c.c +++ libvpd-2.2.5/src/vpddbenv_c.c @@ -104,7 +104,7 @@ struct component* fetch_component( struc goto FETCH_COMP_ERR; rc = sqlite3_bind_text(pstmt, 1, deviceID, - strlen(deviceID), SQLITE_STATIC); + deviceID ? strlen(deviceID):0, SQLITE_STATIC); if (rc != SQLITE_OK) goto FETCH_COMP_ERR; ++++++ 0003-Typo-correction-in-README-file.patch ++++++ >From 8cb3fe06b8d2e6125235eb1973e624a0fb12837c Mon Sep 17 00:00:00 2001 From: Ankit Kumar <[email protected]> Date: Thu, 22 Sep 2016 12:17:54 +0530 Subject: [PATCH] Typo correction in README file This patch corrects typo for required package name in README file. Signed-off-by: Ankit Kumar <[email protected]> Signed-off-by: Vasant Hegde <[email protected]> --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: libvpd-2.2.5/README =================================================================== --- libvpd-2.2.5.orig/README +++ libvpd-2.2.5/README @@ -34,7 +34,7 @@ Note: package. Please check your linux distribution package naming convention and make sure you have installed right packages. - For users of older RHEL and SLES versions - slqite is not available in the default repositories for some of the older + sqlite is not available in the default repositories for some of the older RHEL (<= 5.x?) and SLES (<= 10.x?) versions. If you want to run the new lsvpd/libvpd setup you need build sqlite version 3.0.0 or newer from source (available here: http://www.sqlite.org) or find an appropriate ++++++ 0004-libvpd-Validate-memory-allocation.patch ++++++ >From 86446bb873e2de0c471c1e280e4ebe438861b8ab Mon Sep 17 00:00:00 2001 From: Vasant Hegde <[email protected]> Date: Tue, 13 Dec 2016 11:06:03 +0530 Subject: [PATCH] libvpd: Validate memory allocation new_list() allocates memory using calloc. Validate new_list() return value before using. 'next' is already validated and we don't need to validate again. Signed-off-by: Vasant Hegde <[email protected]> --- src/component_c.c | 2 +- src/system_c.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Index: libvpd-2.2.5/src/component_c.c =================================================================== --- libvpd-2.2.5.orig/src/component_c.c +++ libvpd-2.2.5/src/component_c.c @@ -475,7 +475,7 @@ struct component * unpack_component( voi while( strncmp( next, CHILD_END, strlen( CHILD_END ) ) != 0 ) { item = new_list( ); - if( !next ) + if( !item ) goto unpackerr; item->data = strdup( next ); if (item->data == NULL) Index: libvpd-2.2.5/src/system_c.c =================================================================== --- libvpd-2.2.5.orig/src/system_c.c +++ libvpd-2.2.5/src/system_c.c @@ -265,7 +265,7 @@ struct system * unpack_system( void * bu while( strncmp( next, CHILD_END, strlen( CHILD_END ) ) != 0 ) { item = new_list( ); - if( !next ) + if( !item ) goto unpackerr; item->data = strdup( next ); if (item->data == NULL) { ++++++ 0005-libvpd-Corrects-data-type-of-variables.patch ++++++ >From 777067b47454e7503d04866e1bad685d6103b526 Mon Sep 17 00:00:00 2001 From: Mukesh Ojha <[email protected]> Date: Fri, 23 Dec 2016 16:24:25 +0530 Subject: [PATCH] libvpd: Corrects data type of variables In the below snippet the result of comparison between 'string::npos' (size_t) and 'end' (unsigned int) variable was always a false statement catched by coverity tool and same is the case with comparison between 'string::npos' and 'z' (unsigned int) variable. Snippet: ... if ( string::npos == (end = s1.find("*", beg))) { //No more stars - base case if (string::npos != (z = s2.find(s1.substr(beg, end), 0))) { return true; ... This patch fixes the issue by changing the data type of 'end' and 'z' to size_t. Signed-off-by: Mukesh Ojha <[email protected]> Signed-off-by: Vasant Hegde <[email protected]> --- src/helper_functions.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: libvpd-2.2.5/src/helper_functions.cpp =================================================================== --- libvpd-2.2.5.orig/src/helper_functions.cpp +++ libvpd-2.2.5/src/helper_functions.cpp @@ -428,8 +428,8 @@ string HelperFunctions::parseString(cons */ bool HelperFunctions::matches(const string& s1, const string& s2) { - unsigned int beg = 0, end; - unsigned int z; + size_t beg = 0, end; + size_t z; // coutd << " s1 = " << s1 << ", s2 = " << s2 << endl; //strings have matched to end - base case ++++++ 0006-Changes-run.vpdupdate-creation-path-from-var-lib-lsv.patch ++++++ >From 7d959c5ff48978853b01c43e959236988a46a018 Mon Sep 17 00:00:00 2001 From: Brahadambal Srinivasan <[email protected]> Date: Fri, 23 Jun 2017 11:13:27 +0530 Subject: [PATCH] Changes run.vpdupdate creation path from /var/lib/lsvpd to /run Process '/bin/touch /var/lib/lsvpd/run.vpdupdate' failed with exit code 1. Canonical folks suggested that it can happen if any of below condition meets: - If it's running before /var/lib/lsvpd is mounted - If it's being run while the root filesystem is still mounted read only? and suggested to create file under /run/ if we are not worried about file data. Advantage when we create file under /run: - If udev triggers libvpd rules before mounting /var or even if it is read-only then also we won't get above mentioned issue. This patch changes run.vpdupdate file creation path from /var/lib/lsvpd/ to /run/ . Signed-off-by: Brahadambal Srinivasan <[email protected]> Tested-by: Ankit Kumar <[email protected]> Reviewed-by: Ankit Kumar <[email protected]> Signed-off-by: Vasant Hegde <[email protected]> --- 90-vpdupdate.rules | 2 +- Makefile.am | 2 -- libvpd.spec.in | 1 - src/vpdretriever.cpp | 4 ++-- 4 files changed, 3 insertions(+), 6 deletions(-) Index: libvpd-2.2.5/90-vpdupdate.rules =================================================================== --- libvpd-2.2.5.orig/90-vpdupdate.rules +++ libvpd-2.2.5/90-vpdupdate.rules @@ -1 +1 @@ -KERNELS=="*", ACTION=="*", DEVPATH=="/devices/*", RUN+="/bin/touch /var/lib/lsvpd/run.vpdupdate" +KERNELS=="*", ACTION=="*", DEVPATH=="/devices/*", RUN+="/bin/touch /run/run.vpdupdate" Index: libvpd-2.2.5/Makefile.am =================================================================== --- libvpd-2.2.5.orig/Makefile.am +++ libvpd-2.2.5/Makefile.am @@ -67,7 +67,5 @@ libtool: $(LIBTOOL_DEPS) install-exec-hook: mkdir -p $(DESTDIR)/usr/lib/udev/rules.d/ mkdir -p $(DESTDIR)/${localstatedir}/lib/lsvpd/ - install -D --mode=644 run.vpdupdate \ - ${DESTDIR}/${localstatedir}/lib/lsvpd/run.vpdupdate install -D --mode=644 90-vpdupdate.rules \ ${DESTDIR}/usr/lib/udev/rules.d/90-vpdupdate.rules Index: libvpd-2.2.5/libvpd.spec.in =================================================================== --- libvpd-2.2.5.orig/libvpd.spec.in +++ libvpd-2.2.5/libvpd.spec.in @@ -53,7 +53,6 @@ Contains header files for building with %{_libdir}/libvpd_cxx-@[email protected].* %{_libdir}/libvpd-@[email protected].* %{_sysconfdir}/udev/rules.d/90-vpdupdate.rules -%{_var}/lib/lsvpd/run.vpdupdate %files devel %defattr(-,root,root,-) Index: libvpd-2.2.5/src/vpdretriever.cpp =================================================================== --- libvpd-2.2.5.orig/src/vpdretriever.cpp +++ libvpd-2.2.5/src/vpdretriever.cpp @@ -44,7 +44,7 @@ namespace lsvpd { const string VpdRetriever::DEFAULT_DIR ( "/var/lib/lsvpd/" ); const string VpdRetriever::DEFAULT_FILE ( "vpd.db" ); - const string VpdRetriever::UDEV_NOTIFY_FILE ( "run.vpdupdate" ); + const string VpdRetriever::UDEV_NOTIFY_FILE ( "/run/run.vpdupdate" ); VpdRetriever::VpdRetriever( string envDir, string dbFileName ) throw( VpdException& ) @@ -63,7 +63,7 @@ namespace lsvpd { struct stat vpd_stat,udev_stat; const string vpddb = VpdRetriever::DEFAULT_DIR + VpdRetriever::DEFAULT_FILE; - const string udev_file = VpdRetriever::DEFAULT_DIR + VpdRetriever::UDEV_NOTIFY_FILE; + const string udev_file = VpdRetriever::UDEV_NOTIFY_FILE; Logger logger; int flag = 1;
