![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package sg3_utils for openSUSE:Factory checked in at 2014-09-09 18:59:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sg3_utils (Old) and /work/SRC/openSUSE:Factory/.sg3_utils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "sg3_utils" Changes: -------- --- /work/SRC/openSUSE:Factory/sg3_utils/sg3_utils.changes 2014-06-26 07:57:59.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.sg3_utils.new/sg3_utils.changes 2014-09-09 18:59:47.000000000 +0200 @@ -1,0 +2,8 @@ +Wed Sep 3 15:57:47 CEST 2014 - hare@suse.de + +- Fixup formatting of invalid VPD pages (bnc#884779) + Add: sg3_utils-Fixup-formatting-of-invalid-VPD-page-0x83.patch +- sg_inq: Do not export long identifiers (bnc#884779) + Add: sg3_utils-Do-not-export-long-identifiers.patch + +------------------------------------------------------------------- New: ---- sg3_utils-Do-not-export-long-identifiers.patch sg3_utils-Fixup-formatting-of-invalid-VPD-page-0x83.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sg3_utils.spec ++++++ --- /var/tmp/diff_new_pack.sqtM6R/_old 2014-09-09 18:59:50.000000000 +0200 +++ /var/tmp/diff_new_pack.sqtM6R/_new 2014-09-09 18:59:50.000000000 +0200 @@ -27,6 +27,8 @@ Source: http://sg.danny.cz/sg/p/%name-%version.tar.xz Patch0: sg3_utils-fix-missing-rule-for-scsi_serial-partitions.patch +Patch1: sg3_utils-Fixup-formatting-of-invalid-VPD-page-0x83.patch +Patch2: sg3_utils-Do-not-export-long-identifiers.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: udev BuildRequires: xz @@ -82,6 +84,8 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 +%patch2 -p1 %build %configure --disable-static --with-pic ++++++ sg3_utils-Do-not-export-long-identifiers.patch ++++++
From 6044f09bd55a9e215b662f8822c41b16fba523d2 Mon Sep 17 00:00:00 2001 From: Hannes Reinecke <hare@suse.de> Date: Wed, 3 Sep 2014 15:52:15 +0200 Subject: [PATCH 2/2] sg_inq: Do not export long identifiers
Some targets (accidentally) display really long vendor specific IDs. These will cause a pathname overflow when udev tries to generate links based on that name. So skip any vendor-specific IDs which are longer than 128 characters; vendor-specific IDs are of limited usage anyway. References: bnc#884779 Signed-off-by: Hannes Reinecke <hare@suse.de> --- src/sg_inq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/sg_inq.c b/src/sg_inq.c index a78960f..74b11ff 100644 --- a/src/sg_inq.c +++ b/src/sg_inq.c @@ -1827,6 +1827,8 @@ export_dev_ids(unsigned char * buff, int len, int verbose) } switch (desig_type) { case 0: /* vendor specific */ + if (i_len > 128) + break; printf("SCSI_IDENT_%s_VENDOR=", assoc_str); if ((2 == c_set) || (3 == c_set)) { /* ASCII or UTF-8 */ k = encode_whitespaces(ip, i_len); -- 1.8.4.5 ++++++ sg3_utils-Fixup-formatting-of-invalid-VPD-page-0x83.patch ++++++
From c76bfccf5497b11644425e2020f3b9b1bad59142 Mon Sep 17 00:00:00 2001 From: Hannes Reinecke <hare@suse.de> Date: Wed, 3 Sep 2014 15:26:42 +0200 Subject: [PATCH 1/2] Fixup formatting of invalid VPD page 0x83
Some target present invalid VPD page 0x83 descriptors. This patch fixes up sg_inq and sg_vpd to skip those descriptors. References: bnc#884779 Signed-of-by: Hannes Reinecke <hare@suse.de> --- src/sg_inq.c | 12 +++++++++++- src/sg_vpd.c | 16 +++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/src/sg_inq.c b/src/sg_inq.c index 473d212..a78960f 100644 --- a/src/sg_inq.c +++ b/src/sg_inq.c @@ -1512,7 +1512,7 @@ decode_dev_ids(const char * leadin, unsigned char * buff, int len, int do_hex) switch (desig_type) { case 0: /* vendor specific */ k = 0; - if ((1 == c_set) || (2 == c_set)) { /* ASCII or UTF-8 */ + if ((2 == c_set) || (3 == c_set)) { /* ASCII or UTF-8 */ for (k = 0; (k < i_len) && isprint(ip[k]); ++k) ; if (k >= i_len) @@ -1965,6 +1965,16 @@ export_dev_ids(unsigned char * buff, int len, int verbose) } break; } + if (strncmp((const char *)ip, "eui.", 4) || + strncmp((const char *)ip, "naa.", 4) || + strncmp((const char *)ip, "iqn.", 4)) { + if (verbose) { + pr2serr(" << expected name string prefix>>\n"); + dStrHexErr((const char *)ip, i_len, -1); + } + break; + } + printf("SCSI_IDENT_%s_NAME=%.*s\n", assoc_str, i_len, (const char *)ip); break; diff --git a/src/sg_vpd.c b/src/sg_vpd.c index a69b3ec..2f97e94 100644 --- a/src/sg_vpd.c +++ b/src/sg_vpd.c @@ -1115,6 +1115,13 @@ decode_dev_ids_quiet(unsigned char * buff, int len, int m_assoc, dStrHexErr((const char *)ip, i_len, 0); break; } + if (strncmp((const char *)ip, "eui.", 4) || + strncmp((const char *)ip, "naa.", 4) || + strncmp((const char *)ip, "iqn.", 4)) { + pr2serr(" << expected name string prefix>>\n"); + dStrHexErr((const char *)ip, i_len, -1); + break; + } /* does %s print out UTF-8 ok?? * Seems to depend on the locale. Looks ok here with my * locale setting: en_AU.UTF-8 @@ -1162,7 +1169,7 @@ decode_designation_descriptor(const unsigned char * ip, int i_len, switch (desig_type) { case 0: /* vendor specific */ k = 0; - if ((1 == c_set) || (2 == c_set)) { /* ASCII or UTF-8 */ + if ((2 == c_set) || (3 == c_set)) { /* ASCII or UTF-8 */ for (k = 0; (k < i_len) && isprint(ip[k]); ++k) ; if (k >= i_len) @@ -1405,6 +1412,13 @@ decode_designation_descriptor(const unsigned char * ip, int i_len, dStrHexErr((const char *)ip, i_len, 0); break; } + if (strncmp((const char *)ip, "eui.", 4) || + strncmp((const char *)ip, "naa.", 4) || + strncmp((const char *)ip, "iqn.", 4)) { + pr2serr(" << expected name string prefix>>\n"); + dStrHexErr((const char *)ip, i_len, -1); + break; + } printf(" SCSI name string:\n"); /* does %s print out UTF-8 ok?? * Seems to depend on the locale. Looks ok here with my -- 1.8.4.5 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org