Hello community, here is the log from the commit of package libvpd2 for openSUSE:Factory checked in at 2015-11-26 17:04:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvpd2 (Old) and /work/SRC/openSUSE:Factory/.libvpd2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libvpd2" Changes: -------- --- /work/SRC/openSUSE:Factory/libvpd2/libvpd2.changes 2015-08-05 19:15:02.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libvpd2.new/libvpd2.changes 2015-11-26 17:04:12.000000000 +0100 @@ -1,0 +2,10 @@ +Tue Nov 24 16:37:39 UTC 2015 - p.drouand@gmail.com + +- Update to version 2.2.5 + * Fixed security issues like buffer overflow, memory allocation + validation + * Replaced popen with secured version + * Improved error handling +- Update libvpd.async.patch + +------------------------------------------------------------------- Old: ---- libvpd-2.2.4.tar.gz New: ---- libvpd-2.2.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvpd2.spec ++++++ --- /var/tmp/diff_new_pack.xwNgBk/_old 2015-11-26 17:04:13.000000000 +0100 +++ /var/tmp/diff_new_pack.xwNgBk/_new 2015-11-26 17:04:13.000000000 +0100 @@ -17,7 +17,7 @@ Name: libvpd2 -Version: 2.2.4 +Version: 2.2.5 Release: 0 Summary: VPD Database access library for lsvpd License: LGPL-2.1+ @@ -65,6 +65,7 @@ %install %make_install +rm -f %{buildroot}%{_libdir}/*.la %post -p /sbin/ldconfig @@ -80,7 +81,6 @@ %files devel %defattr(-,root,root) %doc COPYING README -%exclude %{_libdir}/*.la %{_includedir}/* %{_libdir}/*.so %{_libdir}/pkgconfig/* ++++++ libvpd-2.2.4.tar.gz -> libvpd-2.2.5.tar.gz ++++++ ++++ 2848 lines of diff (skipped) ++++++ libvpd.async.patch ++++++ --- /var/tmp/diff_new_pack.xwNgBk/_old 2015-11-26 17:04:13.000000000 +0100 +++ /var/tmp/diff_new_pack.xwNgBk/_new 2015-11-26 17:04:13.000000000 +0100 @@ -7,10 +7,10 @@ =================================================================== --- libvpd-2.2.2.orig/src/vpddbenv.cpp +++ libvpd-2.2.2/src/vpddbenv.cpp -@@ -77,6 +77,22 @@ namespace lsvpd +@@ -81,6 +81,22 @@ goto CON_ERR; } - + + { + sqlite3_stmt *pstmt; + const char *out; @@ -34,14 +34,14 @@ =================================================================== --- libvpd-2.2.2.orig/src/vpddbenv_c.c +++ libvpd-2.2.2/src/vpddbenv_c.c -@@ -28,6 +28,9 @@ +@@ -29,6 +29,9 @@ struct vpddbenv * new_vpddbenv( const char *dir, const char *file ) { + sqlite3_stmt *pstmt = NULL; + const char *out; + char sql[ QUERY_BUF_LENGTH ]; - struct vpddbenv *ret = NULL; + struct vpddbenv *ret; int rc = 0; @@ -55,6 +58,12 @@ struct vpddbenv * new_vpddbenv( const ch