Hello community,
here is the log from the commit of package libvpd2 for openSUSE:Factory checked in at 2018-06-02 12:15:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libvpd2 (Old)
and /work/SRC/openSUSE:Factory/.libvpd2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvpd2"
Sat Jun 2 12:15:02 2018 rev:27 rq:613503 version:2.2.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/libvpd2/libvpd2.changes 2017-10-20 14:48:03.258116377 +0200
+++ /work/SRC/openSUSE:Factory/.libvpd2.new/libvpd2.changes 2018-06-02 12:15:27.948688885 +0200
@@ -1,0 +2,15 @@
+Fri Jun 1 13:49:07 UTC 2018 - normand@linux.vnet.ibm.com
+
+- Add 6 patches from upstream:
+ 0001-Modify-char-array-initialization-style.patch
+ this one differ from upstream as do not remove QUERY_BUF_LENGTH
+ still used in not upstream libvpd.async.patch
+ 0002-Null-check-before-passing-pointer-to-strlen-call.patch
+ 0003-Typo-correction-in-README-file.patch
+ 0004-libvpd-Validate-memory-allocation.patch
+ 0005-libvpd-Corrects-data-type-of-variables.patch
+ 0006-Changes-run.vpdupdate-creation-path-from-var-lib-lsv.patch
+ last one to avoid reported error systemd-udevd error:
+ 'touch /var/lib/lsvpd/run.vpdupdate' failed with exit code 1
+
+-------------------------------------------------------------------
New:
----
0001-Modify-char-array-initialization-style.patch
0002-Null-check-before-passing-pointer-to-strlen-call.patch
0003-Typo-correction-in-README-file.patch
0004-libvpd-Validate-memory-allocation.patch
0005-libvpd-Corrects-data-type-of-variables.patch
0006-Changes-run.vpdupdate-creation-path-from-var-lib-lsv.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libvpd2.spec ++++++
--- /var/tmp/diff_new_pack.1GmbPA/_old 2018-06-02 12:15:28.876654847 +0200
+++ /var/tmp/diff_new_pack.1GmbPA/_new 2018-06-02 12:15:28.876654847 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libvpd2
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -27,6 +27,12 @@
Source2: baselibs.conf
Patch1: libvpd2.makefile.patch
Patch3: libvpd.async.patch
+Patch4: 0001-Modify-char-array-initialization-style.patch
+Patch5: 0002-Null-check-before-passing-pointer-to-strlen-call.patch
+Patch6: 0003-Typo-correction-in-README-file.patch
+Patch7: 0004-libvpd-Validate-memory-allocation.patch
+Patch8: 0005-libvpd-Corrects-data-type-of-variables.patch
+Patch9: 0006-Changes-run.vpdupdate-creation-path-from-var-lib-lsv.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc-c++
@@ -56,6 +62,12 @@
%setup -q -n libvpd-%{version}
%patch1 -p1
%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
%build
autoreconf -fiv
@@ -75,8 +87,6 @@
%defattr(-,root,root)
%{_libdir}/*.so.*
/%{_udevrulesdir}/90-vpdupdate.rules
-%dir %{_localstatedir}/lib/lsvpd
-%{_localstatedir}/lib/lsvpd/run.vpdupdate
%files devel
%defattr(-,root,root)
++++++ 0001-Modify-char-array-initialization-style.patch ++++++
From cf5d29342e449032d6c7d1f4f8b7516052a2210b Mon Sep 17 00:00:00 2001
From: Kamalesh Babulal
Date: Mon, 16 Nov 2015 11:06:10 +0530
Subject: [PATCH] Modify char array initialization style
As per secure coding standards its recommend to not initialize
character array with bounds specified. Remove the last remaining
such initialization and also the define which defines the buffer
size.
This patch replaces usage strlen() with compile time alternative
sizeof() to find length of sql statement array(s) and remove
constification of a sql char array.
Signed-off-by: Kamalesh Babulal
Cc: Vaibhav Jain
Acked-by: Vaibhav Jain
Signed-off-by: Vasant Hegde
---
src/vpddbenv_c.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
Index: libvpd-2.2.5/src/vpddbenv_c.c
===================================================================
--- libvpd-2.2.5.orig/src/vpddbenv_c.c
+++ libvpd-2.2.5/src/vpddbenv_c.c
@@ -97,10 +97,9 @@ struct component* fetch_component( struc
sqlite3_stmt *pstmt = NULL;
int rc;
const char *out;
- const char sql[QUERY_BUF_LENGTH] = "SELECT " DATA " FROM " TABLE_NAME " WHERE " ID "=?";
+ char sql[] = {"SELECT " DATA " FROM " TABLE_NAME " WHERE " ID "=?"};
- rc = SQLITE3_PREPARE( db->db, sql, strlen( sql ) + 1,
- &pstmt, &out );
+ rc = SQLITE3_PREPARE( db->db, sql, sizeof( sql ), &pstmt, &out );
if( rc != SQLITE_OK )
goto FETCH_COMP_ERR;
@@ -136,8 +135,7 @@ struct system* fetch_system( struct vpdd
const char *out;
char sql[] = "SELECT " DATA " FROM " TABLE_NAME " WHERE " ID "='" SYS_ID "';";
- rc = SQLITE3_PREPARE( db->db, sql, strlen( sql ) + 1,
- &pstmt, &out );
+ rc = SQLITE3_PREPARE( db->db, sql, sizeof( sql ), &pstmt, &out );
if( rc != SQLITE_OK )
goto FETCH_SYS_ERR;
++++++ 0002-Null-check-before-passing-pointer-to-strlen-call.patch ++++++
From a791b3134c575430b1e0d9d9644cc55236e583ca Mon Sep 17 00:00:00 2001
From: Ankit Kumar
Date: Wed, 7 Sep 2016 19:25:57 +0530
Subject: [PATCH] Null check before passing pointer to strlen call
strlen operation on NULL pointer results in segmentation fault.
Hence this patch checks pointer before passing it to strlen function.
Signed-off-by: Ankit Kumar
Reviewed-by: Mukesh Ojha
Signed-off-by: Vasant Hegde
---
src/vpddbenv_c.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: libvpd-2.2.5/src/vpddbenv_c.c
===================================================================
--- libvpd-2.2.5.orig/src/vpddbenv_c.c
+++ libvpd-2.2.5/src/vpddbenv_c.c
@@ -104,7 +104,7 @@ struct component* fetch_component( struc
goto FETCH_COMP_ERR;
rc = sqlite3_bind_text(pstmt, 1, deviceID,
- strlen(deviceID), SQLITE_STATIC);
+ deviceID ? strlen(deviceID):0, SQLITE_STATIC);
if (rc != SQLITE_OK)
goto FETCH_COMP_ERR;
++++++ 0003-Typo-correction-in-README-file.patch ++++++
From 8cb3fe06b8d2e6125235eb1973e624a0fb12837c Mon Sep 17 00:00:00 2001
From: Ankit Kumar
Date: Thu, 22 Sep 2016 12:17:54 +0530
Subject: [PATCH] Typo correction in README file
This patch corrects typo for required package name in README file.
Signed-off-by: Ankit Kumar
Signed-off-by: Vasant Hegde
---
README | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: libvpd-2.2.5/README
===================================================================
--- libvpd-2.2.5.orig/README
+++ libvpd-2.2.5/README
@@ -34,7 +34,7 @@ Note:
package. Please check your linux distribution package naming convention and
make sure you have installed right packages.
- For users of older RHEL and SLES versions
- slqite is not available in the default repositories for some of the older
+ sqlite is not available in the default repositories for some of the older
RHEL (<= 5.x?) and SLES (<= 10.x?) versions. If you want to run the new
lsvpd/libvpd setup you need build sqlite version 3.0.0 or newer from
source (available here: http://www.sqlite.org) or find an appropriate
++++++ 0004-libvpd-Validate-memory-allocation.patch ++++++
From 86446bb873e2de0c471c1e280e4ebe438861b8ab Mon Sep 17 00:00:00 2001
From: Vasant Hegde
Date: Tue, 13 Dec 2016 11:06:03 +0530
Subject: [PATCH] libvpd: Validate memory allocation
new_list() allocates memory using calloc. Validate new_list() return
value before using.
'next' is already validated and we don't need to validate again.
Signed-off-by: Vasant Hegde
---
src/component_c.c | 2 +-
src/system_c.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Index: libvpd-2.2.5/src/component_c.c
===================================================================
--- libvpd-2.2.5.orig/src/component_c.c
+++ libvpd-2.2.5/src/component_c.c
@@ -475,7 +475,7 @@ struct component * unpack_component( voi
while( strncmp( next, CHILD_END, strlen( CHILD_END ) ) != 0 )
{
item = new_list( );
- if( !next )
+ if( !item )
goto unpackerr;
item->data = strdup( next );
if (item->data == NULL)
Index: libvpd-2.2.5/src/system_c.c
===================================================================
--- libvpd-2.2.5.orig/src/system_c.c
+++ libvpd-2.2.5/src/system_c.c
@@ -265,7 +265,7 @@ struct system * unpack_system( void * bu
while( strncmp( next, CHILD_END, strlen( CHILD_END ) ) != 0 )
{
item = new_list( );
- if( !next )
+ if( !item )
goto unpackerr;
item->data = strdup( next );
if (item->data == NULL) {
++++++ 0005-libvpd-Corrects-data-type-of-variables.patch ++++++
From 777067b47454e7503d04866e1bad685d6103b526 Mon Sep 17 00:00:00 2001
From: Mukesh Ojha
Date: Fri, 23 Dec 2016 16:24:25 +0530
Subject: [PATCH] libvpd: Corrects data type of variables
In the below snippet the result of comparison between 'string::npos'
(size_t) and 'end' (unsigned int) variable was always a false statement
catched by coverity tool and same is the case with comparison between
'string::npos' and 'z' (unsigned int) variable.
Snippet:
...
if ( string::npos == (end = s1.find("*", beg))) {
//No more stars - base case
if (string::npos != (z = s2.find(s1.substr(beg, end), 0))) {
return true;
...
This patch fixes the issue by changing the data type of 'end' and 'z'
to size_t.
Signed-off-by: Mukesh Ojha
Signed-off-by: Vasant Hegde
---
src/helper_functions.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: libvpd-2.2.5/src/helper_functions.cpp
===================================================================
--- libvpd-2.2.5.orig/src/helper_functions.cpp
+++ libvpd-2.2.5/src/helper_functions.cpp
@@ -428,8 +428,8 @@ string HelperFunctions::parseString(cons
*/
bool HelperFunctions::matches(const string& s1, const string& s2)
{
- unsigned int beg = 0, end;
- unsigned int z;
+ size_t beg = 0, end;
+ size_t z;
// coutd << " s1 = " << s1 << ", s2 = " << s2 << endl;
//strings have matched to end - base case
++++++ 0006-Changes-run.vpdupdate-creation-path-from-var-lib-lsv.patch ++++++
From 7d959c5ff48978853b01c43e959236988a46a018 Mon Sep 17 00:00:00 2001
From: Brahadambal Srinivasan
Date: Fri, 23 Jun 2017 11:13:27 +0530
Subject: [PATCH] Changes run.vpdupdate creation path from /var/lib/lsvpd to
/run
Process '/bin/touch /var/lib/lsvpd/run.vpdupdate' failed with
exit code 1.
Canonical folks suggested that it can happen if any of below condition meets:
- If it's running before /var/lib/lsvpd is mounted
- If it's being run while the root filesystem is still mounted read only?
and suggested to create file under /run/ if we are not worried about file data.
Advantage when we create file under /run:
- If udev triggers libvpd rules before mounting /var or even if it is
read-only then also we won't get above mentioned issue.
This patch changes run.vpdupdate file creation path from /var/lib/lsvpd/ to /run/ .
Signed-off-by: Brahadambal Srinivasan
Tested-by: Ankit Kumar
Reviewed-by: Ankit Kumar
Signed-off-by: Vasant Hegde
---
90-vpdupdate.rules | 2 +-
Makefile.am | 2 --
libvpd.spec.in | 1 -
src/vpdretriever.cpp | 4 ++--
4 files changed, 3 insertions(+), 6 deletions(-)
Index: libvpd-2.2.5/90-vpdupdate.rules
===================================================================
--- libvpd-2.2.5.orig/90-vpdupdate.rules
+++ libvpd-2.2.5/90-vpdupdate.rules
@@ -1 +1 @@
-KERNELS=="*", ACTION=="*", DEVPATH=="/devices/*", RUN+="/bin/touch /var/lib/lsvpd/run.vpdupdate"
+KERNELS=="*", ACTION=="*", DEVPATH=="/devices/*", RUN+="/bin/touch /run/run.vpdupdate"
Index: libvpd-2.2.5/Makefile.am
===================================================================
--- libvpd-2.2.5.orig/Makefile.am
+++ libvpd-2.2.5/Makefile.am
@@ -67,7 +67,5 @@ libtool: $(LIBTOOL_DEPS)
install-exec-hook:
mkdir -p $(DESTDIR)/usr/lib/udev/rules.d/
mkdir -p $(DESTDIR)/${localstatedir}/lib/lsvpd/
- install -D --mode=644 run.vpdupdate \
- ${DESTDIR}/${localstatedir}/lib/lsvpd/run.vpdupdate
install -D --mode=644 90-vpdupdate.rules \
${DESTDIR}/usr/lib/udev/rules.d/90-vpdupdate.rules
Index: libvpd-2.2.5/libvpd.spec.in
===================================================================
--- libvpd-2.2.5.orig/libvpd.spec.in
+++ libvpd-2.2.5/libvpd.spec.in
@@ -53,7 +53,6 @@ Contains header files for building with
%{_libdir}/libvpd_cxx-@GENERIC_RELEASE@.so.*
%{_libdir}/libvpd-@GENERIC_RELEASE@.so.*
%{_sysconfdir}/udev/rules.d/90-vpdupdate.rules
-%{_var}/lib/lsvpd/run.vpdupdate
%files devel
%defattr(-,root,root,-)
Index: libvpd-2.2.5/src/vpdretriever.cpp
===================================================================
--- libvpd-2.2.5.orig/src/vpdretriever.cpp
+++ libvpd-2.2.5/src/vpdretriever.cpp
@@ -44,7 +44,7 @@ namespace lsvpd
{
const string VpdRetriever::DEFAULT_DIR ( "/var/lib/lsvpd/" );
const string VpdRetriever::DEFAULT_FILE ( "vpd.db" );
- const string VpdRetriever::UDEV_NOTIFY_FILE ( "run.vpdupdate" );
+ const string VpdRetriever::UDEV_NOTIFY_FILE ( "/run/run.vpdupdate" );
VpdRetriever::VpdRetriever( string envDir,
string dbFileName ) throw( VpdException& )
@@ -63,7 +63,7 @@ namespace lsvpd
{
struct stat vpd_stat,udev_stat;
const string vpddb = VpdRetriever::DEFAULT_DIR + VpdRetriever::DEFAULT_FILE;
- const string udev_file = VpdRetriever::DEFAULT_DIR + VpdRetriever::UDEV_NOTIFY_FILE;
+ const string udev_file = VpdRetriever::UDEV_NOTIFY_FILE;
Logger logger;
int flag = 1;