Hello community,
here is the log from the commit of package libuser.3939 for openSUSE:13.2:Update checked in at 2015-08-03 09:17:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/libuser.3939 (Old)
and /work/SRC/openSUSE:13.2:Update/.libuser.3939.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libuser.3939"
Changes:
--------
New Changes file:
--- /dev/null 2015-07-22 21:25:44.928025004 +0200
+++ /work/SRC/openSUSE:13.2:Update/.libuser.3939.new/libuser.changes 2015-08-03 09:17:43.000000000 +0200
@@ -0,0 +1,150 @@
+-------------------------------------------------------------------
+Fri Jul 17 07:17:02 UTC 2015 - kkaempf@suse.com
+
+- Refuse to write field value which contain \n
+ bsc#937533 CVE-2015-3246
+ Add 0001-Refuse-to-write-field-values-which-contain-n.-bsc-93.patch
+
+-------------------------------------------------------------------
+Wed Jan 15 08:50:48 UTC 2014 - kkaempf@suse.com
+
+- Split into libuser1 and libuser for shared lib policy
+ libuser-0.60.patch: adjust installation target.
+
+- Fix build for SLE11. Add g_malloc0_n.patch
+
+- Split off -lang subpackage.
+
+-------------------------------------------------------------------
+Wed Jan 15 07:50:03 UTC 2014 - kkaempf@suse.com
+
+- Updated to 0.60
+
+ 0.60:
+ * New functions lu_homedir_remove_for_user() and
+ lu_homedir_remove_for_user_if_owned().
+ * libuser's pkg-config file no longer refers to internally-used libraries.
+ glib-2.0 and gobject-2.0 are still included because they are required to
+ use the API anyway.
+ * When setting dates in shadow fields, avoid the special value 0 if the clock is
+ incorrect.
+ * Miscellaneous cleanups.
+
+-------------------------------------------------------------------
+Sat Jun 15 16:30:11 UTC 2013 - mc@suse.com
+
+- add suse-ldap.dif: fix path to slapd in SUSE
+
+- update to 0.59
+
+ 0.59:
+ * Fixed security vulnerabilities:
+ * Race conditions in copying and removing home directories (CVE-2012-5630)
+ * Information disclosure when moving users' home directory (CVE-2012-5644)
+ Related changes:
+ - INCOMPATIBLE API CHANGES: lu_homedir_move() and lu_homedir_populate()
+ will refuse to use a pre-existing directory as a destination.
+ - setuid/setgid bits are now preserved when copying regular files in home
+ directories (from /etc/skel or when moving a home directory)
+ * Empty fields in /etc/shadow are now treated as "missing", like libc does.
+ * Specific values of the attributes can be used to represent "missing data".
+ * lchage(1) now handles missing fields on both input and output.
+ * Refuse to build when secure_getenv() is not available.
+ * Miscellaneous bug fixes and cleanups.
+
+ 0.58
+ * API enhancements:
+ * New helpers for attribute access replace 4-5 function calls with 1:
+ lu_ent_get_first_{string,id,value_strdup}(),
+ lu_ent_set_{string,id,long}()
+ * New header , providing lu_homedir_{populate,move,remove},
+ lu_nscd_flush_cache(), and lu_mail_spool_{create,remove}.
+ * lu_users_enumerate_by_group_full() and lu_groups_enumerate_by_user_full()
+ are now fully supported.
+ * New module-private function lu_util_append_values().
+ * Documented that LU_*PASSWORD should not be manipulated directly.
+ * deleteUser in Python bindings now removes the mail spool instead of
+ creating it.
+ * New warning in libuser.conf.5 about storing a LDAP password in system-wide
+ configuration.
+ * Module interface ABI has changed.
+ * Miscellaneous bug fixes and cleanups, quite a few memory leaks fixed.
+
+ 0.57.7
+ * lu_users_enumerate_by_group_full() added, implemented ONLY for LDAP for now.
+ Related functions and functionality in other modules will be added later.
+ Applications are advised to NOT USE these functions yet.
+ * group/user list by name of a user/group now returns an error if the
+ user/group was not found. The Python bindings enumerateUsersFull and
+ enumerateGroupsFull no longer crash in this situation.
+ * Updated translations.
+
+ 0.57.6
+ * Make it possible to use ldapi: URLs by not trying to use TLS (based on
+ a patch by ).
+ * Hopefully fix races in test suite, causing failures on slower computers.
+ * Mark --help messages for translation and improve them a bit.
+ * Update translations.
+
+ 0.57.5
+ * Update translations.
+
+ 0.57.4
+ * Don't crash when a database file size is a multiple of page size.
+ * Miscellaneous bug fixes and cleanups.
+
+ 0.57.3
+ * Don't assume user/group IDs start at 500 in Python getFirstUnusedGid and
+ getFirstUnusedUid.
+ * Preserve S_ISGID and other bits when copying directories from /etc/skel.
+ * Deprecate lu_*_t typedefs: use {struct,enum} lu_* instead.
+ * Update to build with recent gtk-doc.
+
+ 0.57.2
+ * Fix adding LDAP users with empty gecos.
+ * Correctly preserve algorithm used to hash an LDAP password when changing it.
+ * Don't hard-code ports used in the test suite (to allow parallel development
+ and builds).
+ * Miscellaneous bug fixes.
+
+ 0.57.1
+ * Fix a crash when a module refuses to load with a warning (e.g. the "shadow"
+ module when /etc/shadow is not present)
+
+ 0.57
+ * Resolve an ambiguity about "password" value format that could cause setting
+ a known plaintext password in LDAP accounts: the "files"/"shadow" and LDAP
+ modules may not be used together any more, and the module interface ABI has
+ changed to support this.
+ * Don't authenticate the user (in lchfn, lchsh, lpasswd) if the application
+ is not set*id and it does not need elevated privileges. In particular, this
+ allows the above programs to be used for LDAP administration by unprivileged
+ users.
+ * Change default crypt_style to sha512.
+ * Don't abort on invalid ID values.
+ * Miscellaneous bug fixes.
+
+ 0.56.18
+ * Update translations.
+
+ 0.56.17
+ * New Python constant VALUE_INVALID_ID and function validateIdValue.
+ * Update translations.
+
+ 0.56.16
+ * Update translations.
+
+ 0.56.15
+ * Update translations.
+
+-------------------------------------------------------------------
+Thu Feb 25 15:34:46 UTC 2010 - prusnak@suse.cz
+
+- updated to 0.56.14
+
+-------------------------------------------------------------------
+Mon Dec 1 14:46:15 CET 2008 - prusnak@suse.cz
+
+- created package (version 0.56.9)
+ * based on Fedora package
+
New:
----
0001-Refuse-to-write-field-values-which-contain-n.-bsc-93.patch
g_malloc0_n.patch
libuser-0.60.patch
libuser-0.60.tar.xz
libuser.changes
libuser.spec
suse-ldap.dif
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libuser.spec ++++++
#
# spec file for package libuser
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: libuser
%define libname %{name}1
Version: 0.60
Release: 0
Url: https://fedorahosted.org/libuser/
Summary: A user and group account administration library
License: LGPL-2.0+
Group: System Environment/Base
Source: %{name}-%{version}.tar.xz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: cyrus-sasl-devel
BuildRequires: glib2-devel
BuildRequires: libselinux-devel
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: popt-devel
BuildRequires: python-devel
BuildRequires: sgmltool
%if 0%{?suse_version}
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
# redefine pkglibdir to honor SUSE shared lib rules, kkaempf@suse.de
Patch1: libuser-0.60.patch
# fix path to slapd for SUSE, mc@suse.de
Patch2: suse-ldap.dif
%if 0%{?suse_version} <= 1110
# fix SLE11 build, kkaempf@suse.de
Patch3: g_malloc0_n.patch
BuildRequires: xz
%endif
%endif
Patch4: 0001-Refuse-to-write-field-values-which-contain-n.-bsc-93.patch
%description
The libuser library implements a standardized interface for manipulating
and administering user and group accounts. The library uses pluggable
back-ends to interface to its data sources.
Sample applications modeled after those included with the shadow password
suite are included.
%package -n %libname
Summary: A user and group account administration library
Group: System/Libraries
%description -n %libname
The libuser library implements a standardized interface for manipulating
and administering user and group accounts. The library uses pluggable
back-ends to interface to its data sources.
%lang_package -r %libname
%package devel
Summary: Files needed for developing applications which use libuser
Group: Development/Libraries
Requires: %{name} = %{version}
Requires: glib2-devel
%description devel
The libuser-devel package contains header files, static libraries, and other
files useful for developing applications with libuser.
%package python
Summary: Python bindings for the libuser library
Group: Development/Libraries
Requires: %{name} = %{version}
%description python
The libuser-python package contains the Python bindings for
the libuser library, which provides a Python API for manipulating and
administering user and group accounts.
%prep
%setup -q
%if 0%{?suse_version}
%patch1 -p1
%patch2 -p1
%if 0%{?suse_version} <= 1110
%patch3 -p1
%endif
%endif
%patch4 -p1
%build
%if 0%{?suse_version}
autoreconf -f -i
%endif
%configure --with-selinux --with-ldap --with-html-dir=%{_datadir}/gtk-doc/html
make %{?_smp_mflags}
%install
make DESTDIR=$RPM_BUILD_ROOT install
%find_lang %{name}
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la $RPM_BUILD_ROOT%{_libdir}/%{libname}/*.la $RPM_BUILD_ROOT%{py_sitedir}/*.la
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files
%defattr(-,root,root)
%doc AUTHORS COPYING NEWS README TODO docs/*.txt
%attr(0755,root,root) %{_bindir}/*
%attr(0755,root,root) %{_sbindir}/*
%{_mandir}/man1/*
%{_mandir}/man5/*
%files -n %{libname}
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/libuser.conf
%{_libdir}/*.so.*
%dir %{_libdir}/%{libname}
%{_libdir}/%{libname}/*.so
%files lang -f %{name}.lang
%files python
%defattr(-,root,root)
%doc python/modules.txt
%{py_sitedir}/*.so
%files devel
%defattr(-,root,root)
%dir %{_datadir}/gtk-doc
%dir %{_datadir}/gtk-doc/html
%doc %{_datadir}/gtk-doc/html/*
%{_includedir}/libuser
%{_libdir}/*.so
%{_libdir}/pkgconfig/*
%changelog
++++++ 0001-Refuse-to-write-field-values-which-contain-n.-bsc-93.patch ++++++
++++ 1558 lines (skipped)
++++++ g_malloc0_n.patch ++++++
diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs ../orig-libuser-0.59/lib/user.h ./lib/user.h
--- ../orig-libuser-0.59/lib/user.h 2013-03-29 15:46:36.000000000 +0100
+++ ./lib/user.h 2013-09-27 09:10:40.776591577 +0200
@@ -21,6 +21,9 @@
#include
#include
+/* glib in SLE11 does not define g_malloc0_n or g_malloc_n */
+#define g_malloc0_n(blocks,bytes) g_malloc0((blocks)*(bytes))
+#define g_malloc_n(blocks,bytes) g_malloc((blocks)*(bytes))
#include "config.h"
#include "entity.h"
#include "error.h"
++++++ libuser-0.60.patch ++++++
diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs ../orig-libuser-0.60/Makefile.am ./Makefile.am
--- ../orig-libuser-0.60/Makefile.am 2013-10-12 23:56:07.000000000 +0200
+++ ./Makefile.am 2014-01-15 09:40:19.713478232 +0100
@@ -3,6 +3,8 @@
## Settings
pkgconfigdir = $(libdir)/pkgconfig
+pkglibdir = $(libdir)/$(PACKAGE)1
+
ACLOCAL_AMFLAGS = -I m4
AM_DISTCHECK_CONFIGURE_FLAGS = --enable-gtk-doc --with-ldap
++++++ suse-ldap.dif ++++++
diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs ../orig-libuser-0.60/tests/default_pw_test ./tests/default_pw_test
--- ../orig-libuser-0.60/tests/default_pw_test 2013-10-12 23:56:08.000000000 +0200
+++ ./tests/default_pw_test 2014-02-05 13:23:22.696034846 +0100
@@ -98,7 +98,7 @@
# This is racy, but much better than a static port
[ -z "$ldap_port" ] && ldap_port=$(tests/alloc_port)
# FIXME: path
- /usr/sbin/slapd -h ldap://127.0.0.1:"$ldap_port"/ \
+ /usr/lib/openldap/slapd -h ldap://127.0.0.1:"$ldap_port"/ \
-f "$workdir"/slapd.conf &
tests/wait_for_slapd_start "$workdir"/slapd.pid "$ldap_port"
slapd_pid=$(cat "$workdir"/slapd.pid)
diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs ../orig-libuser-0.60/tests/ldap_test ./tests/ldap_test
--- ../orig-libuser-0.60/tests/ldap_test 2013-10-12 23:56:08.000000000 +0200
+++ ./tests/ldap_test 2014-02-05 13:23:22.696034846 +0100
@@ -50,7 +50,7 @@
sed "s|@WORKDIR@|$workdir|g" < "$srcdir"/slapd.conf.in > "$workdir"/slapd.conf
ldap_port=$(tests/alloc_port) # This is racy, but much better than a static port
# FIXME: path
-/usr/sbin/slapd -h ldap://127.0.0.1:"$ldap_port"/ -f "$workdir"/slapd.conf &
+/usr/lib/openldap/slapd -h ldap://127.0.0.1:"$ldap_port"/ -f "$workdir"/slapd.conf &
tests/wait_for_slapd_start "$workdir"/slapd.pid "$ldap_port"
slapd_pid=$(cat "$workdir"/slapd.pid)
trap 'status=$?; kill $slapd_pid