openSUSE Commits
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
June 2006
- 1 participants
- 1015 discussions
Hello community,
here is the log from the commit of package phpMyAdmin
checked in at Fri Jun 2 02:09:26 CEST 2006.
--------
--- phpMyAdmin/phpMyAdmin.changes 2006-05-02 11:01:17.000000000 +0200
+++ phpMyAdmin/phpMyAdmin.changes 2006-06-01 12:20:57.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Jun 1 12:10:23 CEST 2006 - postadal(a)suse.cz
+
+- updated to 2.8.1 (bugfix-only release) [#177091]
+ * fixes some XSS vulnerabilities
+- removed obsoleted patches (2006-1804.patch, 2006-2031.patch)
+
+-------------------------------------------------------------------
Old:
----
phpMyAdmin-2.8.0.3-CVE-2006-1804.patch
phpMyAdmin-2.8.0.3-CVE-2006-2031.patch
phpMyAdmin-2.8.0.3.tar.bz2
New:
----
phpMyAdmin-2.8.1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ phpMyAdmin.spec ++++++
--- /var/tmp/diff_new_pack.eAo9GA/_old 2006-06-02 02:08:37.000000000 +0200
+++ /var/tmp/diff_new_pack.eAo9GA/_new 2006-06-02 02:08:37.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package phpMyAdmin (Version 2.8.0.3)
+# spec file for package phpMyAdmin (Version 2.8.1)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -16,13 +16,11 @@
Group: Productivity/Networking/Web/Frontends
Requires: mod_php_any php-mysql php-bz2 php-gd php-zlib php-iconv php-mcrypt php-session
Autoreqprov: on
-Version: 2.8.0.3
-Release: 8
+Version: 2.8.1
+Release: 1
%define tarversion %{version}
Source0: %{name}-%{tarversion}.tar.bz2
Patch1: %{name}-blowfish_secret.patch
-Patch2: %{name}-%{version}-CVE-2006-1804.patch
-Patch3: %{name}-%{version}-CVE-2006-2031.patch
URL: http://www.phpMyAdmin.net
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Summary: Administration of MySQL over the web
@@ -66,8 +64,6 @@
%prep
%setup -q -n %{name}-%{tarversion}
%patch1
-%patch2
-%patch3
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
find . -type f -name '*.orig' -exec rm {} \;
@@ -130,6 +126,10 @@
%verify(not md5 size mtime) %config(noreplace) %{serverroot}%{name}/libraries/blowfish_secret.inc.php
%changelog -n phpMyAdmin
+* Thu Jun 01 2006 - postadal(a)suse.cz
+- updated to 2.8.1 (bugfix-only release) [#177091]
+ * fixes some XSS vulnerabilities
+- removed obsoleted patches (2006-1804.patch, 2006-2031.patch)
* Tue May 02 2006 - mmarek(a)suse.cz
- fixed XSS in error messages
[#170529] (CVE-2006-2031.patch)
++++++ phpMyAdmin-2.8.0.3.tar.bz2 -> phpMyAdmin-2.8.1.tar.bz2 ++++++
++++ 4948 lines of diff (skipped)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit-unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit-help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package samba
checked in at Fri Jun 2 02:08:35 CEST 2006.
--------
--- samba/samba.changes 2006-05-29 13:09:41.000000000 +0200
+++ samba/samba.changes 2006-06-01 16:20:29.000000000 +0200
@@ -1,0 +2,16 @@
+Thu Jun 1 16:09:32 CEST 2006 - lmuelle(a)suse.de
+
+- Remove SO_SNDBUF and SO_RCVBUF from socket options example; [#165723].
+
+-------------------------------------------------------------------
+Wed May 31 19:51:49 CEST 2006 - gd(a)suse.de
+
+- Add wbinfo --own-domain; [#167344].
+- Fix usability of pam_winbind on a Samba PDC; [bso #3800].
+
+-------------------------------------------------------------------
+Tue May 30 12:28:17 CEST 2006 - lmuelle(a)suse.de
+
+- Remove intrusive affinity patches for winbindd.
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ samba-doc.spec ++++++
--- /var/tmp/diff_new_pack.n8PxMW/_old 2006-06-02 02:08:07.000000000 +0200
+++ /var/tmp/diff_new_pack.n8PxMW/_new 2006-06-02 02:08:07.000000000 +0200
@@ -16,7 +16,7 @@
License: GPL
URL: http://www.samba.org/
Version: 3.0.22
-Release: 26
+Release: 28
Summary: Samba Documentation
Group: Documentation/Other
Autoreqprov: on
@@ -65,14 +65,11 @@
%endif
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%if %{suse_version} < 901
-%define symbols heimdal
-%endif
%prep
%setup -n samba-%{samba_ver} %{setup_common_opts}
# patches
%setup -T -D -a 2 -n samba-%{samba_ver} -q
-for patch in $( patches/tools/guards %symbols <patches/series); do
+for patch in $( patches/tools/guards <patches/series); do
if ! patch -s -E -p0 --no-backup-if-mismatch -i patches/$patch; then
echo "*** Patch $patch failed ***"
exit 1
++++++ samba.spec ++++++
--- /var/tmp/diff_new_pack.n8PxMW/_old 2006-06-02 02:08:07.000000000 +0200
+++ /var/tmp/diff_new_pack.n8PxMW/_new 2006-06-02 02:08:07.000000000 +0200
@@ -20,7 +20,7 @@
URL: http://www.samba.org/
Autoreqprov: on
Version: 3.0.22
-Release: 16
+Release: 17
Provides: sambaxp = %{version}-%{release} samba3 = %{version}-%{release}
Obsoletes: samba-classic samba-ldap sambaxp samba3 < %{version}
Requires: samba-client >= %{version}
@@ -66,9 +66,6 @@
%endif
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%if %{suse_version} < 901
-%define symbols heimdal
-%endif
%package client
Summary: Samba Client Utilities
Group: Productivity/Networking/Samba
@@ -160,7 +157,7 @@
Group: Productivity/Networking/Samba
Autoreqprov: on
Version: 1.34a
-Release: 21
+Release: 22
Requires: perl-ldap
%endif
%if %{suse_version} > 920
@@ -175,7 +172,7 @@
Group: Productivity/Networking/Samba
Autoreqprov: on
Version: 0.3.6b
-Release: 45
+Release: 46
Provides: samba3-vscan = 0.3.6b
Obsoletes: samba3-vscan
Requires: samba = %{samba_ver}
@@ -189,7 +186,7 @@
%endif
# patches
%setup -T -D -a 2 -n samba-%{samba_ver} -q
-for patch in $( patches/tools/guards %symbols <patches/series); do
+for patch in $( patches/tools/guards <patches/series); do
if ! patch -s -E -p0 --no-backup-if-mismatch -i patches/$patch; then
echo "*** Patch $patch failed ***"
exit 1
@@ -1212,6 +1209,13 @@
%endif
%changelog -n samba
+* Thu Jun 01 2006 - lmuelle(a)suse.de
+- Remove SO_SNDBUF and SO_RCVBUF from socket options example; [#165723].
+* Wed May 31 2006 - gd(a)suse.de
+- Add wbinfo --own-domain; [#167344].
+- Fix usability of pam_winbind on a Samba PDC; [bso #3800].
+* Tue May 30 2006 - lmuelle(a)suse.de
+- Remove intrusive affinity patches for winbindd.
* Sun May 28 2006 - jeallison(a)suse.de
- Merge Volker's winbindd crash fix for half-opened connections
in winbindd_cm.c (sessionsetup succeeded but tconX failed).
++++++ patches.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/heimdal/heimdal-0.7.1-light.diff new/patches/heimdal/heimdal-0.7.1-light.diff
--- old/patches/heimdal/heimdal-0.7.1-light.diff 1970-01-01 01:00:00.000000000 +0100
+++ new/patches/heimdal/heimdal-0.7.1-light.diff 2006-05-30 17:38:46.000000000 +0200
@@ -0,0 +1,14 @@
+Author: Björn JACKE <bj at SerNet dot de>
+Subject: Limit build of heimdal to the required components
+
+--- Makefile.in 2005-10-14 12:46:55.325879536 +0000
++++ Makefile.in 2005-10-14 12:47:53.383879902 +0000
+@@ -367,7 +367,7 @@
+ @KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+ @KCM_TRUE@kcm_dir = kcm
+-SUBDIRS = include lib kuser kdc admin kadmin kpasswd $(kcm_dir) appl doc tools
++SUBDIRS = include lib tools
+ ACLOCAL_AMFLAGS = -I cf
+ EXTRA_DIST = Makefile.am.common krb5.conf
+ all: all-recursive
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/heimdal/heimdal-configure-pthread.diff new/patches/heimdal/heimdal-configure-pthread.diff
--- old/patches/heimdal/heimdal-configure-pthread.diff 1970-01-01 01:00:00.000000000 +0100
+++ new/patches/heimdal/heimdal-configure-pthread.diff 2006-05-30 17:39:05.000000000 +0200
@@ -0,0 +1,19 @@
+Author: Lars Mueller <lmuelle at samba dort org>
+Subject: fix pthread libs command line option
+
+We only could patch configure as our autoconf in ul1/ sles8 and 9.0 is too
+old.
+
+Index: configure
+===================================================================
+--- configure
++++ configure
+@@ -22578,7 +22578,7 @@ case "$host" in
+ 2.*)
+ native_pthread_support=yes
+ PTHREADS_CFLAGS=-pthread
+- PTHREADS_LIBS=-pthread
++ PTHREADS_LIBS=-lpthread
+ ;;
+ esac
+ ;;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/heimdal/samba3-exampleheimdal4.diff new/patches/heimdal/samba3-exampleheimdal4.diff
--- old/patches/heimdal/samba3-exampleheimdal4.diff 1970-01-01 01:00:00.000000000 +0100
+++ new/patches/heimdal/samba3-exampleheimdal4.diff 2006-05-30 17:39:14.000000000 +0200
@@ -0,0 +1,14 @@
+Author: Björn JACKE <bj at SerNet dot de>
+Subject: Use the heimdal version we just built
+
+--- ../examples/pdb/Makefile
++++ ../examples/pdb/Makefile 2005-01-25 13:30:14
+@@ -8,7 +8,7 @@
+ SAMBA_INCL = ../../source/include
+ UBIQX_SRC = ../../source/ubiqx
+ SMBWR_SRC = ../../source/smbwrapper
+-CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g -I/usr/include/heimdal -fPIC
++CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g -I../../heimdal/include/ -fPIC
+ PDB_OBJS = test.la
+
+ # Default target
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/heimdal/series new/patches/heimdal/series
--- old/patches/heimdal/series 1970-01-01 01:00:00.000000000 +0100
+++ new/patches/heimdal/series 2006-05-30 16:43:13.000000000 +0200
@@ -0,0 +1,4 @@
+# needed if we build heimdal as part of the Samba build process
+heimdal/heimdal-0.7.1-light.diff -p0
+heimdal/heimdal-configure-pthread.diff -p0
+heimdal/samba3-exampleheimdal4.diff -p0
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/13310 new/patches/samba.org/13310
--- old/patches/samba.org/13310 2006-05-29 12:36:16.000000000 +0200
+++ new/patches/samba.org/13310 1970-01-01 01:00:00.000000000 +0100
@@ -1,686 +0,0 @@
-------------------------------------------------------------------------
-r13310 | jerry | 2006-02-03 22:19:24 +0100 (Fr, 03 Feb 2006) | 1 line
-
-first round of server affinity patches for winbindd & net ads join
-------------------------------------------------------------------------
-Index: source/nsswitch/winbindd_cm.c
-===================================================================
---- source/nsswitch/winbindd_cm.c (Revision 13309)
-+++ source/nsswitch/winbindd_cm.c (Revision 13310)
-@@ -358,6 +358,10 @@
-
- session_setup_done:
-
-+ /* cache the server name for later connections */
-+
-+ saf_store( (*cli)->domain, (*cli)->desthost );
-+
- if (!cli_send_tconX(*cli, "IPC$", "IPC", "", 0)) {
-
- result = cli_nt_error(*cli);
-@@ -658,14 +662,6 @@
- return True;
- }
-
-- if ( is_our_domain
-- && must_use_pdc(domain->name)
-- && get_pdc_ip(domain->name, &ip))
-- {
-- if (add_one_dc_unique(mem_ctx, domain->name, inet_ntoa(ip), ip, dcs, num_dcs))
-- return True;
-- }
--
- /* try standard netbios queries first */
-
- get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False);
-@@ -752,12 +748,35 @@
- {
- TALLOC_CTX *mem_ctx;
- NTSTATUS result;
--
-+ char *saf_servername = saf_fetch( domain->name );
- int retries;
-
- if ((mem_ctx = talloc_init("cm_open_connection")) == NULL)
- return NT_STATUS_NO_MEMORY;
-
-+ /* we have to check the server affinity cache here since
-+ later we selecte a DC based on response time and not preference */
-+
-+ if ( saf_servername )
-+ {
-+ /* convert an ip address to a name */
-+ if ( is_ipaddress( saf_servername ) )
-+ {
-+ fstring saf_name;
-+ struct in_addr ip;
-+
-+ ip = *interpret_addr2( saf_servername );
-+ dcip_to_name( domain->name, domain->alt_name, &domain->sid, ip, saf_name );
-+ fstrcpy( domain->dcname, saf_name );
-+ }
-+ else
-+ {
-+ fstrcpy( domain->dcname, saf_servername );
-+ }
-+
-+ SAFE_FREE( saf_servername );
-+ }
-+
- for (retries = 0; retries < 3; retries++) {
-
- int fd = -1;
-@@ -765,27 +784,28 @@
-
- result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
-
-- if ((strlen(domain->dcname) > 0) &&
-- NT_STATUS_IS_OK(check_negative_conn_cache(
-- domain->name, domain->dcname)) &&
-- (resolve_name(domain->dcname, &domain->dcaddr.sin_addr,
-- 0x20))) {
-- int dummy;
-- struct sockaddr_in addrs[2];
-- addrs[0] = domain->dcaddr;
-- addrs[0].sin_port = htons(445);
-- addrs[1] = domain->dcaddr;
-- addrs[1].sin_port = htons(139);
-- if (!open_any_socket_out(addrs, 2, 10000,
-- &dummy, &fd)) {
-+ if ((strlen(domain->dcname) > 0)
-+ && NT_STATUS_IS_OK(check_negative_conn_cache( domain->name, domain->dcname))
-+ && (resolve_name(domain->dcname, &domain->dcaddr.sin_addr, 0x20)))
-+ {
-+ struct sockaddr_in *addrs = NULL;
-+ int num_addrs = 0;
-+ int dummy = 0;
-+
-+
-+ add_sockaddr_to_array(mem_ctx, domain->dcaddr.sin_addr, 445, &addrs, &num_addrs);
-+ add_sockaddr_to_array(mem_ctx, domain->dcaddr.sin_addr, 139, &addrs, &num_addrs);
-+
-+ if (!open_any_socket_out(addrs, num_addrs, 10000, &dummy, &fd)) {
- fd = -1;
- }
- }
-
-- if ((fd == -1) &&
-- !find_new_dc(mem_ctx, domain, domain->dcname,
-- &domain->dcaddr, &fd))
-+ if ((fd == -1)
-+ && !find_new_dc(mem_ctx, domain, domain->dcname, &domain->dcaddr, &fd))
-+ {
- break;
-+ }
-
- new_conn->cli = NULL;
-
-Index: source/lib/gencache.c
-===================================================================
---- source/lib/gencache.c (Revision 13309)
-+++ source/lib/gencache.c (Revision 13310)
-@@ -268,7 +268,7 @@
- SAFE_FREE(entry_buf);
-
- DEBUG(10, ("Returning %s cache entry: key = %s, value = %s, "
-- "timeout = %s\n", t > time(NULL) ? "valid" :
-+ "timeout = %s", t > time(NULL) ? "valid" :
- "expired", keystr, v, ctime(&t)));
-
- if (valstr)
-@@ -281,20 +281,18 @@
-
- return t > time(NULL);
-
-- } else {
-- SAFE_FREE(databuf.dptr);
-+ }
-
-- if (valstr)
-- *valstr = NULL;
-+ SAFE_FREE(databuf.dptr);
-
-- if (timeout)
-- timeout = NULL;
-+ if (valstr)
-+ *valstr = NULL;
-+ if (timeout)
-+ timeout = NULL;
-
-- DEBUG(10, ("Cache entry with key = %s couldn't be found\n",
-- keystr));
-+ DEBUG(10, ("Cache entry with key = %s couldn't be found\n", keystr));
-
-- return False;
-- }
-+ return False;
- }
-
-
-Index: source/libsmb/namequery.c
-===================================================================
---- source/libsmb/namequery.c (Revision 13309)
-+++ source/libsmb/namequery.c (Revision 13310)
-@@ -24,7 +24,95 @@
- /* nmbd.c sets this to True. */
- BOOL global_in_nmbd = False;
-
-+
-+/****************************
-+ * SERVER AFFINITY ROUTINES *
-+ ****************************/
-+
-+ /* Server affinity is the concept of preferring the last domain
-+ controller with whom you had a successful conversation */
-+
- /****************************************************************************
-+****************************************************************************/
-+#define SAFKEY_FMT "SAF/DOMAIN/%s"
-+#define SAF_TTL 900
-+
-+static char *saf_key(const char *domain)
-+{
-+ char *keystr;
-+
-+ asprintf( &keystr, SAFKEY_FMT, strupper_static(domain) );
-+
-+ return keystr;
-+}
-+
-+/****************************************************************************
-+****************************************************************************/
-+
-+BOOL saf_store( const char *domain, const char *servername )
-+{
-+ char *key;
-+ time_t expire;
-+ BOOL ret = False;
-+
-+ if ( !domain || !servername ) {
-+ DEBUG(2,("saf_store: Refusing to store empty domain or servername!\n"));
-+ return False;
-+ }
-+
-+ if ( !gencache_init() )
-+ return False;
-+
-+ key = saf_key( domain );
-+ expire = time( NULL ) + SAF_TTL;
-+
-+
-+ DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%d]\n",
-+ domain, servername, expire ));
-+
-+ ret = gencache_set( key, servername, expire );
-+
-+ SAFE_FREE( key );
-+
-+ return ret;
-+}
-+
-+/****************************************************************************
-+****************************************************************************/
-+
-+char *saf_fetch( const char *domain )
-+{
-+ char *server = NULL;
-+ time_t timeout;
-+ BOOL ret = False;
-+ char *key = NULL;
-+
-+ if ( !domain ) {
-+ DEBUG(2,("saf_fetch: Empty domain name!\n"));
-+ return NULL;
-+ }
-+
-+ if ( !gencache_init() )
-+ return False;
-+
-+ key = saf_key( domain );
-+
-+ ret = gencache_get( key, &server, &timeout );
-+
-+ SAFE_FREE( key );
-+
-+ if ( !ret ) {
-+ DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n", domain ));
-+ } else {
-+ DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
-+ server, domain ));
-+ }
-+
-+ return server;
-+}
-+
-+
-+/****************************************************************************
- Generate a random trn_id.
- ****************************************************************************/
-
-@@ -1261,6 +1349,18 @@
- int *count, BOOL ads_only, int *ordered)
- {
- fstring resolve_order;
-+ char *saf_servername;
-+ pstring pserver;
-+ const char *p;
-+ char *port_str;
-+ int port;
-+ fstring name;
-+ int num_addresses = 0;
-+ int local_count, i, j;
-+ struct ip_service *return_iplist = NULL;
-+ struct ip_service *auto_ip_list = NULL;
-+ BOOL done_auto_lookup = False;
-+ int auto_count = 0;
-
- /* if we are restricted to solely using DNS for looking
- up a domain controller, make sure that host lookups
-@@ -1277,148 +1377,145 @@
- fstrcpy( resolve_order, "NULL" );
- }
-
-+ *ordered = False;
-
-- *ordered = False;
--
-- /* If it's our domain then use the 'password server' parameter. */
--
-+ /* fetch the server we have affinity for. Add the
-+ 'password server' list to a search for our domain controllers */
-+
-+ saf_servername = saf_fetch( domain );
-+
- if ( strequal(domain, lp_workgroup()) || strequal(domain, lp_realm()) ) {
-- const char *p;
-- char *pserver = lp_passwordserver(); /* UNIX charset. */
-- char *port_str;
-- int port;
-- fstring name;
-- int num_addresses = 0;
-- int local_count, i, j;
-- struct ip_service *return_iplist = NULL;
-- struct ip_service *auto_ip_list = NULL;
-- BOOL done_auto_lookup = False;
-- int auto_count = 0;
--
-+ pstr_sprintf( pserver, "%s, %s",
-+ saf_servername ? saf_servername : "",
-+ lp_passwordserver() );
-+ } else {
-+ pstr_sprintf( pserver, "%s, *",
-+ saf_servername ? saf_servername : "" );
-+ }
-
-- if (!*pserver)
-- return internal_resolve_name(domain, 0x1C, ip_list, count, resolve_order);
-+ SAFE_FREE( saf_servername );
-
-- p = pserver;
-+ /* if we are starting from scratch, just lookup DOMAIN<0x1c> */
-
-- /*
-- * if '*' appears in the "password server" list then add
-- * an auto lookup to the list of manually configured
-- * DC's. If any DC is listed by name, then the list should be
-- * considered to be ordered
-- */
--
-- while (next_token(&p,name,LIST_SEP,sizeof(name))) {
-- if (strequal(name, "*")) {
-- if ( internal_resolve_name(domain, 0x1C, &auto_ip_list, &auto_count, resolve_order) )
-- num_addresses += auto_count;
-- done_auto_lookup = True;
-- DEBUG(8,("Adding %d DC's from auto lookup\n", auto_count));
-- } else {
-- num_addresses++;
-- }
-+ if ( !*pserver ) {
-+ DEBUG(10,("get_dc_list: no preferred domain controllers.\n"));
-+ return internal_resolve_name(domain, 0x1C, ip_list, count, resolve_order);
-+ }
-+
-+ DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
-+
-+ /*
-+ * if '*' appears in the "password server" list then add
-+ * an auto lookup to the list of manually configured
-+ * DC's. If any DC is listed by name, then the list should be
-+ * considered to be ordered
-+ */
-+
-+ p = pserver;
-+ while (next_token(&p,name,LIST_SEP,sizeof(name))) {
-+ if (strequal(name, "*")) {
-+ if ( internal_resolve_name(domain, 0x1C, &auto_ip_list, &auto_count, resolve_order) )
-+ num_addresses += auto_count;
-+ done_auto_lookup = True;
-+ DEBUG(8,("Adding %d DC's from auto lookup\n", auto_count));
-+ } else {
-+ num_addresses++;
- }
-+ }
-
-- /* if we have no addresses and haven't done the auto lookup, then
-- just return the list of DC's */
-+ /* if we have no addresses and haven't done the auto lookup, then
-+ just return the list of DC's. Or maybe we just failed. */
-
-- if ( (num_addresses == 0) && !done_auto_lookup ) {
-+ if ( (num_addresses == 0) ) {
-+ if ( !done_auto_lookup ) {
- return internal_resolve_name(domain, 0x1C, ip_list, count, resolve_order);
-- }
--
-- /* maybe we just failed? */
--
-- if ( num_addresses == 0 ) {
-- DEBUG(4,("get_dc_list: no servers found\n"));
-+ } else {
-+ DEBUG(4,("get_dc_list: no servers found\n"));
- return False;
- }
--
-- if ( (return_iplist = SMB_MALLOC_ARRAY(struct ip_service, num_addresses)) == NULL ) {
-- DEBUG(3,("get_dc_list: malloc fail !\n"));
-- return False;
-- }
-+ }
-
-- p = pserver;
-- local_count = 0;
-+ if ( (return_iplist = SMB_MALLOC_ARRAY(struct ip_service, num_addresses)) == NULL ) {
-+ DEBUG(3,("get_dc_list: malloc fail !\n"));
-+ return False;
-+ }
-
-- /* fill in the return list now with real IP's */
-+ p = pserver;
-+ local_count = 0;
-+
-+ /* fill in the return list now with real IP's */
-
-- while ( (local_count<num_addresses) && next_token(&p,name,LIST_SEP,sizeof(name)) ) {
-- struct in_addr name_ip;
-+ while ( (local_count<num_addresses) && next_token(&p,name,LIST_SEP,sizeof(name)) ) {
-+ struct in_addr name_ip;
-
-- /* copy any addersses from the auto lookup */
-+ /* copy any addersses from the auto lookup */
-
-- if ( strequal(name, "*") ) {
-- for ( j=0; j<auto_count; j++ ) {
-- /* Check for and don't copy any known bad DC IP's. */
-- if(!NT_STATUS_IS_OK(check_negative_conn_cache(domain,
-- inet_ntoa(auto_ip_list[j].ip)))) {
-- DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",
-- inet_ntoa(auto_ip_list[j].ip) ));
-- continue;
-- }
-- return_iplist[local_count].ip = auto_ip_list[j].ip;
-- return_iplist[local_count].port = auto_ip_list[j].port;
-- local_count++;
-+ if ( strequal(name, "*") ) {
-+ for ( j=0; j<auto_count; j++ ) {
-+ /* Check for and don't copy any known bad DC IP's. */
-+ if(!NT_STATUS_IS_OK(check_negative_conn_cache(domain,
-+ inet_ntoa(auto_ip_list[j].ip)))) {
-+ DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",
-+ inet_ntoa(auto_ip_list[j].ip) ));
-+ continue;
- }
-- continue;
-+ return_iplist[local_count].ip = auto_ip_list[j].ip;
-+ return_iplist[local_count].port = auto_ip_list[j].port;
-+ local_count++;
- }
-+ continue;
-+ }
-
-
-- /* added support for address:port syntax for ads (not that I think
-- anyone will ever run the LDAP server in an AD domain on something
-- other than port 389 */
-+ /* added support for address:port syntax for ads (not that I think
-+ anyone will ever run the LDAP server in an AD domain on something
-+ other than port 389 */
-
-- port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
-- if ( (port_str=strchr(name, ':')) != NULL ) {
-- *port_str = '\0';
-- port_str++;
-- port = atoi( port_str );
-- }
-+ port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE;
-+ if ( (port_str=strchr(name, ':')) != NULL ) {
-+ *port_str = '\0';
-+ port_str++;
-+ port = atoi( port_str );
-+ }
-
-- /* explicit lookup; resolve_name() will handle names & IP addresses */
-- if ( resolve_name( name, &name_ip, 0x20 ) ) {
-+ /* explicit lookup; resolve_name() will handle names & IP addresses */
-+ if ( resolve_name( name, &name_ip, 0x20 ) ) {
-
-- /* Check for and don't copy any known bad DC IP's. */
-- if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain, inet_ntoa(name_ip))) ) {
-- DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",name ));
-- continue;
-- }
-+ /* Check for and don't copy any known bad DC IP's. */
-+ if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain, inet_ntoa(name_ip))) ) {
-+ DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",name ));
-+ continue;
-+ }
-
-- return_iplist[local_count].ip = name_ip;
-- return_iplist[local_count].port = port;
-- local_count++;
-- *ordered = True;
-- }
-+ return_iplist[local_count].ip = name_ip;
-+ return_iplist[local_count].port = port;
-+ local_count++;
-+ *ordered = True;
- }
-+ }
-
-- SAFE_FREE(auto_ip_list);
-+ SAFE_FREE(auto_ip_list);
-
-- /* need to remove duplicates in the list if we have any
-- explicit password servers */
--
-- if ( local_count ) {
-- local_count = remove_duplicate_addrs2( return_iplist, local_count );
-- }
-+ /* need to remove duplicates in the list if we have any
-+ explicit password servers */
-+
-+ if ( local_count ) {
-+ local_count = remove_duplicate_addrs2( return_iplist, local_count );
-+ }
-
-- if ( DEBUGLEVEL >= 4 ) {
-- DEBUG(4,("get_dc_list: returning %d ip addresses in an %sordered list\n", local_count,
-- *ordered ? "":"un"));
-- DEBUG(4,("get_dc_list: "));
-- for ( i=0; i<local_count; i++ )
-- DEBUGADD(4,("%s:%d ", inet_ntoa(return_iplist[i].ip), return_iplist[i].port ));
-- DEBUGADD(4,("\n"));
-- }
-+ if ( DEBUGLEVEL >= 4 ) {
-+ DEBUG(4,("get_dc_list: returning %d ip addresses in an %sordered list\n", local_count,
-+ *ordered ? "":"un"));
-+ DEBUG(4,("get_dc_list: "));
-+ for ( i=0; i<local_count; i++ )
-+ DEBUGADD(4,("%s:%d ", inet_ntoa(return_iplist[i].ip), return_iplist[i].port ));
-+ DEBUGADD(4,("\n"));
-+ }
-
-- *ip_list = return_iplist;
-- *count = local_count;
-+ *ip_list = return_iplist;
-+ *count = local_count;
-
-- return (*count != 0);
-- }
--
-- DEBUG(10,("get_dc_list: defaulting to internal auto lookup for domain %s\n", domain));
--
-- return internal_resolve_name(domain, 0x1C, ip_list, count, resolve_order);
-+ return (*count != 0);
- }
-
- /*********************************************************************
-Index: source/libsmb/namequery_dc.c
-===================================================================
---- source/libsmb/namequery_dc.c (Revision 13309)
-+++ source/libsmb/namequery_dc.c (Revision 13310)
-@@ -75,31 +75,10 @@
- struct ip_service *ip_list = NULL;
- struct in_addr dc_ip, exclude_ip;
- int count, i;
-- BOOL use_pdc_only;
- NTSTATUS result;
-
- zero_ip(&exclude_ip);
-
-- use_pdc_only = must_use_pdc(domain);
--
-- /* Lookup domain controller name */
--
-- if ( use_pdc_only && get_pdc_ip(domain, &dc_ip) )
-- {
-- DEBUG(10,("rpc_dc_name: Atempting to lookup PDC to avoid sam sync delays\n"));
--
-- /* check the connection cache and perform the node status
-- lookup only if the IP is not found to be bad */
--
-- if (name_status_find(domain, 0x1b, 0x20, dc_ip, srv_name) ) {
-- result = check_negative_conn_cache( domain, srv_name );
-- if ( NT_STATUS_IS_OK(result) )
-- goto done;
-- }
-- /* Didn't get name, remember not to talk to this DC. */
-- exclude_ip = dc_ip;
-- }
--
- /* get a list of all domain controllers */
-
- if ( !get_sorted_dc_list(domain, &ip_list, &count, False) ) {
-@@ -109,13 +88,6 @@
-
- /* Remove the entry we've already failed with (should be the PDC). */
-
-- if ( use_pdc_only ) {
-- for (i = 0; i < count; i++) {
-- if (ip_equal( exclude_ip, ip_list[i].ip))
-- zero_ip(&ip_list[i].ip);
-- }
-- }
--
- for (i = 0; i < count; i++) {
- if (is_zero_ip(ip_list[i].ip))
- continue;
-Index: source/libsmb/cliconnect.c
-===================================================================
---- source/libsmb/cliconnect.c (Revision 13309)
-+++ source/libsmb/cliconnect.c (Revision 13310)
-@@ -865,14 +865,16 @@
- DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
- return False;
- }
-- return True;
-+ } else {
-+ /* otherwise do a NT1 style session setup */
-+ if ( !cli_session_setup_nt1(cli, user, pass, passlen, ntpass, ntpasslen, workgroup) ) {
-+ DEBUG(3,("cli_session_setup: NT1 session setup failed!\n"));
-+ return False;
-+ }
- }
-
-- /* otherwise do a NT1 style session setup */
-+ return True;
-
-- return cli_session_setup_nt1(cli, user,
-- pass, passlen, ntpass, ntpasslen,
-- workgroup);
- }
-
- /****************************************************************************
-Index: source/passdb/secrets.c
-===================================================================
---- source/passdb/secrets.c (Revision 13309)
-+++ source/passdb/secrets.c (Revision 13310)
-@@ -821,35 +821,6 @@
- DEBUG(10,("secrets_named_mutex: released mutex for %s\n", name ));
- }
-
--/*********************************************************
-- Check to see if we must talk to the PDC to avoid sam
-- sync delays
-- ********************************************************/
--
--BOOL must_use_pdc( const char *domain )
--{
-- time_t now = time(NULL);
-- time_t last_change_time;
-- unsigned char passwd[16];
--
-- if ( !secrets_fetch_trust_account_password(domain, passwd, &last_change_time, NULL) )
-- return False;
--
-- /*
-- * If the time the machine password has changed
-- * was less than about 15 minutes then we need to contact
-- * the PDC only, as we cannot be sure domain replication
-- * has yet taken place. Bug found by Gerald (way to go
-- * Gerald !). JRA.
-- */
--
-- if ( now - last_change_time < SAM_SYNC_WINDOW )
-- return True;
--
-- return False;
--
--}
--
- /*******************************************************************************
- Store a complete AFS keyfile into secrets.tdb.
- *******************************************************************************/
-Index: source/include/smb.h
-===================================================================
---- source/include/smb.h (Revision 13309)
-+++ source/include/smb.h (Revision 13310)
-@@ -238,14 +238,6 @@
-
- #define MAX_HOURS_LEN 32
-
--/*
-- * window during which we must talk to the PDC to avoid
-- * sam sync delays; expressed in seconds (15 minutes is the
-- * default period for SAM replication under Windows NT 4.0
-- */
--#define SAM_SYNC_WINDOW 900
--
--
- #ifndef MAXSUBAUTHS
- #define MAXSUBAUTHS 15 /* max sub authorities in a SID */
- #endif
-Index: source/libads/ldap.c
-===================================================================
---- source/libads/ldap.c (Revision 13309)
-+++ source/libads/ldap.c (Revision 13310)
-@@ -136,6 +136,10 @@
- ads->ldap_port = port;
- ads->ldap_ip = *interpret_addr2(srv);
- free(srv);
-+
-+ /* cache the successful connection */
-+
-+ saf_store( ads->server.workgroup, server );
-
- return True;
- }
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/15904 new/patches/samba.org/15904
--- old/patches/samba.org/15904 2006-05-29 12:39:35.000000000 +0200
+++ new/patches/samba.org/15904 2006-05-30 12:48:03.000000000 +0200
@@ -68,7 +68,7 @@
if ((*cli)->protocol >= PROTOCOL_NT1 && (*cli)->capabilities & CAP_EXTENDED_SECURITY) {
ADS_STATUS ads_status;
-@@ -371,8 +371,6 @@ static NTSTATUS cm_prepare_connection(co
+@@ -367,8 +367,6 @@ static NTSTATUS cm_prepare_connection(co
if (NT_STATUS_IS_OK(result))
result = NT_STATUS_UNSUCCESSFUL;
@@ -77,7 +77,7 @@
goto done;
}
-@@ -386,7 +384,6 @@ static NTSTATUS cm_prepare_connection(co
+@@ -382,7 +380,6 @@ static NTSTATUS cm_prepare_connection(co
}
result = NT_STATUS_OK;
@@ -85,7 +85,7 @@
done:
if (got_mutex) {
-@@ -400,8 +397,12 @@ static NTSTATUS cm_prepare_connection(co
+@@ -396,8 +393,12 @@ static NTSTATUS cm_prepare_connection(co
SAFE_FREE(ipc_domain);
SAFE_FREE(ipc_password);
@@ -99,7 +99,7 @@
}
return result;
-@@ -579,7 +580,7 @@ static BOOL receive_getdc_response(struc
+@@ -575,7 +576,7 @@ static BOOL receive_getdc_response(struc
convert an ip to a name
*******************************************************************/
@@ -108,7 +108,7 @@
const DOM_SID *sid, struct in_addr ip, fstring name )
{
-@@ -590,7 +591,7 @@ static void dcip_to_name( const char *do
+@@ -586,7 +587,7 @@ static void dcip_to_name( const char *do
smb_msleep(100);
for (i=0; i<5; i++) {
if (receive_getdc_response(ip, domainname, name))
@@ -117,7 +117,7 @@
smb_msleep(500);
}
}
-@@ -598,11 +599,7 @@ static void dcip_to_name( const char *do
+@@ -594,11 +595,7 @@ static void dcip_to_name( const char *do
/* try node status request */
if ( name_status_find(domainname, 0x1c, 0x20, ip, name) )
@@ -130,7 +130,7 @@
#ifdef WITH_ADS
/* for active directory servers, try to get the ldap server name.
-@@ -618,22 +615,23 @@ static void dcip_to_name( const char *do
+@@ -614,22 +611,23 @@ static void dcip_to_name( const char *do
if ( !ads_try_connect( ads, inet_ntoa(ip), LDAP_PORT ) ) {
ads_destroy( &ads );
@@ -157,7 +157,7 @@
}
/*******************************************************************
-@@ -703,6 +701,7 @@ static BOOL find_new_dc(TALLOC_CTX *mem_
+@@ -707,6 +705,7 @@ static BOOL find_new_dc(TALLOC_CTX *mem_
int i, fd_index;
@@ -165,50 +165,27 @@
if (!get_dcs(mem_ctx, domain, &dcs, &num_dcs) || (num_dcs == 0))
return False;
-@@ -733,15 +732,22 @@ static BOOL find_new_dc(TALLOC_CTX *mem_
+@@ -740,11 +739,18 @@ static BOOL find_new_dc(TALLOC_CTX *mem_
+ /* if we have no name on the server or just an IP address for
+ the name, now try to get the name */
- *addr = addrs[fd_index];
-
-- /* if we have no name on the server or just an IP address for
-- the name, now try to get the name */
--
- if ( is_ipaddress(dcnames[fd_index]) || *dcnames[fd_index] == '\0' )
- dcip_to_name( domain->name, domain->alt_name, &domain->sid, addr->sin_addr, dcname );
- else
-+ if (*dcnames[fd_index] != '\0' && !is_ipaddress(dcnames[fd_index])) {
-+ /* Ok, we've got a name for the DC */
- fstrcpy(dcname, dcnames[fd_index]);
-+ return True;
-+ }
-
-- return True;
-+ /* Try to figure out the name */
-+ if (dcip_to_name( domain->name, domain->alt_name, &domain->sid,
-+ addr->sin_addr, dcname )) {
-+ return True;
+- fstrcpy(dcname, dcnames[fd_index]);
+-
++ if ( is_ipaddress(dcnames[fd_index]) || *dcnames[fd_index] == '\0' ) {
++ if (!dcip_to_name( domain->name, domain->alt_name, &domain->sid,
++ addr->sin_addr, dcname )) {
++ add_failed_connection_entry(
++ domain->name, dcs[i].name,
++ NT_STATUS_UNSUCCESSFUL);
++ return False;
++ }
++ } else {
++ fstrcpy(dcname, dcnames[fd_index]);
+ }
-+
-+ /* We can not continue without the DC's name */
-+ add_failed_connection_entry(domain->name, dcs[fd_index].name,
-+ NT_STATUS_UNSUCCESSFUL);
-+ goto again;
++
+ return True;
}
- static NTSTATUS cm_open_connection(struct winbindd_domain *domain,
-@@ -767,8 +773,14 @@ static NTSTATUS cm_open_connection(struc
- struct in_addr ip;
-
- ip = *interpret_addr2( saf_servername );
-- dcip_to_name( domain->name, domain->alt_name, &domain->sid, ip, saf_name );
-- fstrcpy( domain->dcname, saf_name );
-+ if (dcip_to_name( domain->name, domain->alt_name,
-+ &domain->sid, ip, saf_name )) {
-+ fstrcpy( domain->dcname, saf_name );
-+ } else {
-+ add_failed_connection_entry(
-+ domain->name, saf_name,
-+ NT_STATUS_UNSUCCESSFUL);
-+ }
- }
- else
- {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/series new/patches/series
--- old/patches/series 2006-05-29 12:40:25.000000000 +0200
+++ new/patches/series 2006-05-30 17:39:51.000000000 +0200
@@ -9,7 +9,6 @@
samba.org/13212 -p0
samba.org/13214 -p0
samba.org/13284 -p0
-samba.org/13310 -p0
samba.org/13639 -p0
samba.org/13642 -p0
samba.org/13644 -p0
@@ -69,7 +68,3 @@
suse/man-pages.diff -p0
suse/samba3-rename_machine.diff -p0
suse/get_printing_ticket.diff -p0
-# needed if we build heimdal as part of the Samba build process
-+heimdal suse/heimdal-0.7.1-light.diff -p0
-+heimdal suse/heimdal-configure-pthread.diff -p0
-+heimdal suse/samba3-exampleheimdal4.diff -p0
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/heimdal-0.7.1-light.diff new/patches/suse/heimdal-0.7.1-light.diff
--- old/patches/suse/heimdal-0.7.1-light.diff 2006-04-23 13:39:14.000000000 +0200
+++ new/patches/suse/heimdal-0.7.1-light.diff 1970-01-01 01:00:00.000000000 +0100
@@ -1,14 +0,0 @@
-Author: Björn JACKE <bj at SerNet dot de>
-Subject: Limit build of heimdal to the required components
-
---- heimdal-0.7.1/Makefile.in 2005-10-14 12:46:55.325879536 +0000
-+++ heimdal-0.7.1/Makefile.in 2005-10-14 12:47:53.383879902 +0000
-@@ -367,7 +367,7 @@
- @KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
- @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
- @KCM_TRUE@kcm_dir = kcm
--SUBDIRS = include lib kuser kdc admin kadmin kpasswd $(kcm_dir) appl doc tools
-+SUBDIRS = include lib tools
- ACLOCAL_AMFLAGS = -I cf
- EXTRA_DIST = Makefile.am.common krb5.conf
- all: all-recursive
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/heimdal-configure-pthread.diff new/patches/suse/heimdal-configure-pthread.diff
--- old/patches/suse/heimdal-configure-pthread.diff 2006-04-23 13:39:14.000000000 +0200
+++ new/patches/suse/heimdal-configure-pthread.diff 1970-01-01 01:00:00.000000000 +0100
@@ -1,19 +0,0 @@
-Author: Lars Mueller <lmuelle at samba dort org>
-Subject: fix pthread libs command line option
-
-We only could patch configure as our autoconf in ul1/ sles8 and 9.0 is too
-old.
-
-Index: heimdal-0.7.1/configure
-===================================================================
---- heimdal-0.7.1.orig/configure
-+++ heimdal-0.7.1/configure
-@@ -22578,7 +22578,7 @@ case "$host" in
- 2.*)
- native_pthread_support=yes
- PTHREADS_CFLAGS=-pthread
-- PTHREADS_LIBS=-pthread
-+ PTHREADS_LIBS=-lpthread
- ;;
- esac
- ;;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/netusershare.diff new/patches/suse/netusershare.diff
--- old/patches/suse/netusershare.diff 2006-05-29 12:54:01.000000000 +0200
+++ new/patches/suse/netusershare.diff 2006-05-30 12:57:09.000000000 +0200
@@ -2966,7 +2966,7 @@
===================================================================
--- source/include/smb.h.orig
+++ source/include/smb.h
-@@ -1783,4 +1783,19 @@ typedef struct uuid_flat {
+@@ -1791,4 +1791,19 @@ typedef struct uuid_flat {
/* map readonly options */
enum mapreadonly_options {MAP_READONLY_NO, MAP_READONLY_YES, MAP_READONLY_PERMISSIONS};
@@ -3008,7 +3008,7 @@
===================================================================
--- source/libsmb/cliconnect.c.orig
+++ source/libsmb/cliconnect.c
-@@ -1394,7 +1394,11 @@ again:
+@@ -1392,7 +1392,11 @@ again:
DEBUG(1,("cli_start_connection: failed to connect to %s (%s)\n",
nmb_namestr(&called), inet_ntoa(ip)));
cli_shutdown(cli);
@@ -3021,7 +3021,7 @@
}
if (retry)
-@@ -1412,7 +1416,7 @@ again:
+@@ -1410,7 +1414,7 @@ again:
make_nmb_name(&called , "*SMBSERVER", 0x20);
goto again;
}
@@ -3030,7 +3030,7 @@
}
cli_setup_signing_state(cli, signing_state);
-@@ -1424,7 +1428,10 @@ again:
+@@ -1422,7 +1426,10 @@ again:
if (!cli_negprot(cli)) {
DEBUG(1,("failed negprot\n"));
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/samba3-exampleheimdal4.diff new/patches/suse/samba3-exampleheimdal4.diff
--- old/patches/suse/samba3-exampleheimdal4.diff 2006-04-23 13:39:14.000000000 +0200
+++ new/patches/suse/samba3-exampleheimdal4.diff 1970-01-01 01:00:00.000000000 +0100
@@ -1,14 +0,0 @@
-Author: Björn JACKE <bj at SerNet dot de>
-Subject: Use the heimdal version we just built
-
---- examples/pdb/Makefile
-+++ examples/pdb/Makefile 2005-01-25 13:30:14
-@@ -8,7 +8,7 @@
- SAMBA_INCL = ../../source/include
- UBIQX_SRC = ../../source/ubiqx
- SMBWR_SRC = ../../source/smbwrapper
--CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g -I/usr/include/heimdal -fPIC
-+CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g -I../../heimdal/include/ -fPIC
- PDB_OBJS = test.la
-
- # Default target
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/samba3-pam_winbind.diff new/patches/suse/samba3-pam_winbind.diff
--- old/patches/suse/samba3-pam_winbind.diff 2006-05-29 12:50:19.000000000 +0200
+++ new/patches/suse/samba3-pam_winbind.diff 2006-06-01 09:44:25.000000000 +0200
@@ -358,7 +358,7 @@
+
#define MAX_HOURS_LEN 32
- #ifndef MAXSUBAUTHS
+ /*
Index: source/lib/pam_errors.c
===================================================================
--- source/lib/pam_errors.c.orig
@@ -2664,7 +2664,22 @@
NSS_STATUS_SUCCESS)
return False;
-@@ -577,6 +581,67 @@ static BOOL wbinfo_lookupname(char *name
+@@ -296,6 +300,14 @@ static BOOL wbinfo_list_domains(void)
+ return True;
+ }
+
++/* List own domain */
++
++static BOOL wbinfo_list_own_domain(void)
++{
++ d_printf("%s\n", get_winbind_domain());
++
++ return True;
++}
+
+ /* show sequence numbers */
+ static BOOL wbinfo_show_sequence(const char *domain)
+@@ -577,6 +589,67 @@ static BOOL wbinfo_lookupname(char *name
/* Authenticate a user with a plaintext password */
@@ -2732,25 +2747,27 @@
static BOOL wbinfo_auth(char *username)
{
struct winbindd_request request;
-@@ -968,7 +1033,8 @@ enum {
+@@ -968,7 +1041,9 @@ enum {
OPT_GETDCNAME,
OPT_USERDOMGROUPS,
OPT_USERSIDS,
- OPT_SEPARATOR
+ OPT_SEPARATOR,
-+ OPT_LIST_ALL_DOMAINS
++ OPT_LIST_ALL_DOMAINS,
++ OPT_LIST_OWN_DOMAIN
};
int main(int argc, char **argv)
-@@ -1000,6 +1066,7 @@ int main(int argc, char **argv)
+@@ -1000,6 +1075,8 @@ int main(int argc, char **argv)
{ "allocate-rid", 'A', POPT_ARG_NONE, 0, 'A', "Get a new RID out of idmap" },
{ "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
+ { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
++ { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
{ "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
-@@ -1016,6 +1083,11 @@ int main(int argc, char **argv)
+@@ -1016,6 +1093,11 @@ int main(int argc, char **argv)
#ifdef WITH_FAKE_KASERVER
{ "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
#endif
@@ -2762,7 +2779,7 @@
{ "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
POPT_COMMON_VERSION
POPT_TABLEEND
-@@ -1133,7 +1205,7 @@ int main(int argc, char **argv)
+@@ -1133,7 +1215,7 @@ int main(int argc, char **argv)
}
break;
case 'm':
@@ -2771,7 +2788,7 @@
d_fprintf(stderr, "Could not list trusted domains\n");
goto done;
}
-@@ -1190,6 +1262,38 @@ int main(int argc, char **argv)
+@@ -1190,6 +1272,38 @@ int main(int argc, char **argv)
goto done;
break;
}
@@ -2810,7 +2827,7 @@
case 'k':
if (!wbinfo_klog(string_arg)) {
d_fprintf(stderr, "Could not klog user\n");
-@@ -1198,7 +1302,7 @@ int main(int argc, char **argv)
+@@ -1198,7 +1312,7 @@ int main(int argc, char **argv)
break;
case 'p':
if (!wbinfo_ping()) {
@@ -2819,7 +2836,7 @@
goto done;
}
break;
-@@ -1223,6 +1327,10 @@ int main(int argc, char **argv)
+@@ -1223,6 +1337,16 @@ int main(int argc, char **argv)
d_printf("%c\n", sep);
break;
}
@@ -2827,6 +2844,12 @@
+ if (!wbinfo_list_domains(True)) {
+ goto done;
+ }
++ break;
++ case OPT_LIST_OWN_DOMAIN:
++ if (!wbinfo_list_own_domain()) {
++ goto done;
++ }
++ break;
/* generic configuration options */
case OPT_DOMAIN_NAME:
break;
@@ -3879,23 +3902,26 @@
===================================================================
--- source/nsswitch/winbindd_cm.c.orig
+++ source/nsswitch/winbindd_cm.c
-@@ -810,6 +810,7 @@ static NTSTATUS cm_open_connection(struc
- add_sockaddr_to_array(mem_ctx, domain->dcaddr.sin_addr, 139, &addrs, &num_addrs);
-
- if (!open_any_socket_out(addrs, num_addrs, 10000, &dummy, &fd)) {
+@@ -785,14 +785,17 @@ static NTSTATUS cm_open_connection(struc
+ addrs[1].sin_port = htons(139);
+ if (!open_any_socket_out(addrs, 2, 10000,
+ &dummy, &fd)) {
+ domain->online = False;
fd = -1;
}
}
-@@ -817,6 +818,7 @@ static NTSTATUS cm_open_connection(struc
- if ((fd == -1)
- && !find_new_dc(mem_ctx, domain, domain->dcname, &domain->dcaddr, &fd))
- {
+
+ if ((fd == -1) &&
+ !find_new_dc(mem_ctx, domain, domain->dcname,
+- &domain->dcaddr, &fd))
++ &domain->dcaddr, &fd)) {
+ domain->online = False;
break;
- }
++ }
+
+ new_conn->cli = NULL;
-@@ -829,6 +831,10 @@ static NTSTATUS cm_open_connection(struc
+@@ -803,6 +806,10 @@ static NTSTATUS cm_open_connection(struc
break;
}
@@ -3906,7 +3932,7 @@
talloc_destroy(mem_ctx);
return result;
}
-@@ -1272,7 +1278,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_
+@@ -1246,7 +1253,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_
/* Fall back to schannel if it's a W2K pre-SP1 box. */
if (!cm_get_schannel_dcinfo(domain, &p_dcinfo)) {
@@ -3915,7 +3941,7 @@
"for domain %s, trying anon\n", conn->cli->domain));
goto anonymous;
}
-@@ -1437,7 +1443,9 @@ NTSTATUS cm_connect_netlogon(struct winb
+@@ -1411,7 +1418,9 @@ NTSTATUS cm_connect_netlogon(struct winb
if (conn->netlogon_pipe == NULL) {
DEBUG(3, ("Could not open schannel'ed NETLOGON pipe. Error "
"was %s\n", nt_errstr(result)));
@@ -5541,7 +5567,7 @@
===================================================================
--- source/nsswitch/winbindd_passdb.c.orig
+++ source/nsswitch/winbindd_passdb.c
-@@ -328,10 +328,35 @@ static NTSTATUS lookup_groupmem(struct w
+@@ -328,7 +328,71 @@ static NTSTATUS lookup_groupmem(struct w
/* find the sequence number for a domain */
static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
{
@@ -5556,12 +5582,12 @@
+
+ *seq = (int) seq_num;
+ /* *seq = 1; */
- return NT_STATUS_OK;
- }
-
++ return NT_STATUS_OK;
++}
++
+static NTSTATUS lockout_policy(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
-+ SAM_UNK_INFO_12 *lockout_policy)
++ SAM_UNK_INFO_12 *policy)
+{
+ /* actually we have that */
+ return NT_STATUS_NOT_IMPLEMENTED;
@@ -5569,16 +5595,52 @@
+
+static NTSTATUS password_policy(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
-+ SAM_UNK_INFO_1 *password_policy)
++ SAM_UNK_INFO_1 *policy)
+{
-+ /* actually we have that */
-+ return NT_STATUS_NOT_IMPLEMENTED;
-+}
++ uint32 min_pass_len,pass_hist,password_properties;
++ time_t u_expire, u_min_age;
++ NTTIME nt_expire, nt_min_age;
++ uint32 account_policy_temp;
+
- /* get a list of trusted domains */
- static NTSTATUS trusted_domains(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
-@@ -391,5 +416,7 @@ struct winbindd_methods passdb_methods =
++ if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) {
++ return NT_STATUS_NO_MEMORY;
++ }
++
++ if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp)) {
++ return NT_STATUS_ACCESS_DENIED;
++ }
++ min_pass_len = account_policy_temp;
++
++ if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp)) {
++ return NT_STATUS_ACCESS_DENIED;
++ }
++ pass_hist = account_policy_temp;
++
++ if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp)) {
++ return NT_STATUS_ACCESS_DENIED;
++ }
++ password_properties = account_policy_temp;
++
++ if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) {
++ return NT_STATUS_ACCESS_DENIED;
++ }
++ u_expire = account_policy_temp;
++
++ if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) {
++ return NT_STATUS_ACCESS_DENIED;
++ }
++ u_min_age = account_policy_temp;
++
++ unix_to_nt_time_abs(&nt_expire, u_expire);
++ unix_to_nt_time_abs(&nt_min_age, u_min_age);
++
++ init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist,
++ password_properties, nt_expire, nt_min_age);
++
+ return NT_STATUS_OK;
+ }
+
+@@ -391,5 +455,7 @@ struct winbindd_methods passdb_methods =
lookup_useraliases,
lookup_groupmem,
sequence_number,
@@ -5755,7 +5817,7 @@
domain->sequence_number = DOM_SEQUENCE_NONE;
domain->last_seq_check = 0;
domain->initialized = False;
-+ domain->online = False;
++ domain->online = is_internal_domain(sid);
if (sid) {
sid_copy(&domain->sid, sid);
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/winbind-offline.diff new/patches/suse/winbind-offline.diff
--- old/patches/suse/winbind-offline.diff 2006-05-29 13:05:24.000000000 +0200
+++ new/patches/suse/winbind-offline.diff 2006-05-30 12:58:03.000000000 +0200
@@ -225,10 +225,10 @@
===================================================================
--- source/nsswitch/winbindd_cm.c.orig
+++ source/nsswitch/winbindd_cm.c
-@@ -818,6 +818,11 @@ static NTSTATUS cm_open_connection(struc
- if ((fd == -1)
- && !find_new_dc(mem_ctx, domain, domain->dcname, &domain->dcaddr, &fd))
- {
+@@ -793,6 +793,11 @@ static NTSTATUS cm_open_connection(struc
+ if ((fd == -1) &&
+ !find_new_dc(mem_ctx, domain, domain->dcname,
+ &domain->dcaddr, &fd)) {
+ /* This is the one place where we will
+ set the global winbindd offline state
+ to true, if a "WINBINDD_OFFLINE" entry
@@ -237,7 +237,7 @@
domain->online = False;
break;
}
-@@ -832,6 +837,10 @@ static NTSTATUS cm_open_connection(struc
+@@ -807,6 +812,10 @@ static NTSTATUS cm_open_connection(struc
}
if (NT_STATUS_IS_OK(result)) {
@@ -248,7 +248,7 @@
domain->online = True;
}
-@@ -839,7 +848,7 @@ static NTSTATUS cm_open_connection(struc
+@@ -814,7 +823,7 @@ static NTSTATUS cm_open_connection(struc
return result;
}
++++++ vendor-files.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vendor-files/config/smb.conf.vendor new/vendor-files/config/smb.conf.vendor
--- old/vendor-files/config/smb.conf.vendor 2006-04-23 13:39:15.000000000 +0200
+++ new/vendor-files/config/smb.conf.vendor 2006-06-01 16:06:00.000000000 +0200
@@ -32,7 +32,7 @@
# performance settings (always test before using!)
; use sendfile = Yes
; large readwrite = Yes
-; socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192
+; socket options = TCP_NODELAY SO_KEEPALIVE
# utmp = Yes
workgroup = TUX-NET
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit-unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit-help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package gnome-themes
checked in at Fri Jun 2 02:08:11 CEST 2006.
--------
--- GNOME/gnome-themes/gnome-themes.changes 2006-03-13 15:42:46.000000000 +0100
+++ gnome-themes/gnome-themes.changes 2006-06-01 21:49:14.000000000 +0200
@@ -1,0 +2,6 @@
+Thu Jun 1 21:47:02 CEST 2006 - dobey(a)suse.de
+
+- Update ximian-artwork to 0.6.2 to fix name/screenshot for gdm
+ Fixes https://bugzilla.novell.com/show_bug.cgi?id=136812
+
+-------------------------------------------------------------------
Old:
----
ximian-artwork-0.6.1.tar.bz2
New:
----
ximian-artwork-0.6.2.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gnome-themes.spec ++++++
--- /var/tmp/diff_new_pack.y9P63F/_old 2006-06-02 02:07:01.000000000 +0200
+++ /var/tmp/diff_new_pack.y9P63F/_new 2006-06-02 02:07:01.000000000 +0200
@@ -16,11 +16,11 @@
Group: System/GUI/GNOME
Autoreqprov: on
Version: 2.12.1
-Release: 23
+Release: 33
Source0: %{name}-%{version}.tar.bz2
# http://librsvg.sourceforge.net/
Source1: spheres-and-crystals-0.7.tar.bz2
-Source2: ximian-artwork-0.6.1.tar.bz2
+Source2: ximian-artwork-0.6.2.tar.bz2
Source6: novell-button.png
URL: http://www.gnome.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -74,7 +74,7 @@
%patch2
cd ../gnome-themes-%{version}/
%patch5 -p1
-cd ../ximian-artwork-0.6.1/
+cd ../ximian-artwork-0.6.2/
%patch6 -p1
%patch8 -p1
%patch14
@@ -103,7 +103,7 @@
--sysconfdir=/etc%{prefix} \
--disable-static
make %{?jobs:-j %jobs}
-cd ../ximian-artwork-0.6.1
+cd ../ximian-artwork-0.6.2
cp /usr/share/automake*/mkinstalldirs .
intltoolize --force
srcdir=$PWD autoreconf --force --install
@@ -120,7 +120,7 @@
cd ../spheres-and-crystals-0.7
make DESTDIR=$RPM_BUILD_ROOT install
#rm $RPM_BUILD_ROOT%{prefix}/%_lib/gtk-2.0/*/engines/*.la
-cd ../ximian-artwork-0.6.1
+cd ../ximian-artwork-0.6.2
make DESTDIR=$RPM_BUILD_ROOT xmmsdir=/usr/share/xmms/Skins/Industrial install
rm $RPM_BUILD_ROOT%{prefix}/%_lib/gtk-2.0/engines/*.la
rm $RPM_BUILD_ROOT%{prefix}/%_lib/gtk/themes/engines/*.la
@@ -170,6 +170,9 @@
/usr/X11R6/lib/X11/icons
%changelog -n gnome-themes
+* Thu Jun 01 2006 - dobey(a)suse.de
+- Update ximian-artwork to 0.6.2 to fix name/screenshot for gdm
+ Fixes https://bugzilla.novell.com/show_bug.cgi?id=136812
* Mon Mar 13 2006 - sbrabec(a)suse.cz
- Removed gtk1 Industrial engine, build as NoArch.
* Mon Feb 27 2006 - dobey(a)suse.de
++++++ ximian-artwork-0.6.1.tar.bz2 -> ximian-artwork-0.6.2.tar.bz2 ++++++
GNOME/gnome-themes/ximian-artwork-0.6.1.tar.bz2 gnome-themes/ximian-artwork-0.6.2.tar.bz2 differ: char 11, line 1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit-unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit-help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package rug
checked in at Fri Jun 2 02:07:57 CEST 2006.
--------
--- rug/rug.changes 2006-05-31 02:50:11.000000000 +0200
+++ rug/rug.changes 2006-06-01 19:22:52.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Jun 1 19:22:13 CEST 2006 - maw(a)suse.de
+
+- New source drop (r29437) which:
+- Gets terminal width correctly; gets it before every progressbar
+ update to handle resizes better (#179854).
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rug.spec ++++++
--- /var/tmp/diff_new_pack.RTmoBQ/_old 2006-06-02 02:06:47.000000000 +0200
+++ /var/tmp/diff_new_pack.RTmoBQ/_new 2006-06-02 02:06:47.000000000 +0200
@@ -14,7 +14,7 @@
BuildRequires: gtkdoc mono-basic mono-data-sqlite mono-devel zmd-devel
URL: http://www.novell.com
Version: 7.1.1.0
-Release: 20
+Release: 21
License: GPL
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Summary: Command Line Client for zmd
@@ -78,6 +78,10 @@
%_mandir/*/*/*.gz
%changelog -n rug
+* Thu Jun 01 2006 - maw(a)suse.de
+- New source drop (r29437) which:
+- Gets terminal width correctly; gets it before every progressbar
+ update to handle resizes better (#179854).
* Wed May 31 2006 - maw(a)suse.de
- New source drop (r29084) which:
- Removes some debug spew that was inadvertently left in a
++++++ rug-7.1.1.0.tar.bz2 ++++++
++++ 12838 lines of diff (skipped)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit-unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit-help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package apparmor-profiles
checked in at Fri Jun 2 02:06:54 CEST 2006.
--------
--- apparmor-profiles/apparmor-profiles.changes 2006-05-08 19:07:23.000000000 +0200
+++ apparmor-profiles/apparmor-profiles.changes 2006-06-01 01:42:06.000000000 +0200
@@ -1,0 +2,13 @@
+Thu Jun 1 00:44:59 CEST 2006 - srarnold(a)suse.de
+
+- Bug 175388 - Profile access allows essentially execute permission when
+ only read access is granted via usage of mmap system call.
+- Bug 172061 - LD_PRELOAD can be exploited to change the execution path
+ across exec transitions
+- Bug 175598 - AppArmor denies postfix chroot
+- Bug 177433 - AppArmor missing profile for postfix/cleanup access to
+ /var/spool/postfix/hold
+- Bug 175626 - /var/lib/ntp/etc/ntp.conf.iburst missing from ntpd profile
+- Remove /usr/sbin/in.identd profile from usr.sbin.identd
+
+-------------------------------------------------------------------
New:
----
apparmor-profiles-50_61_m_P_U.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor-profiles.spec ++++++
--- /var/tmp/diff_new_pack.O7U2bs/_old 2006-06-02 02:05:59.000000000 +0200
+++ /var/tmp/diff_new_pack.O7U2bs/_new 2006-06-02 02:05:59.000000000 +0200
@@ -16,9 +16,10 @@
%endif
Summary: AppArmor profiles that are loaded into the apparmor kernel module
Version: 2.0
-Release: 34
+Release: 35
Group: Productivity/Security
Source0: %{name}-%{version}-50.tar.gz
+Patch0: %{name}-50_61_m_P_U.patch
License: Other License(s), see package, GPL
BuildRoot: %{_tmppath}/%{name}-%{version}-build
URL: http://forge.novell.com/modules/xfmod/project/?apparmor
@@ -48,6 +49,7 @@
%prep
%setup -q
+%patch0
%build
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
@@ -77,6 +79,16 @@
%preun
%changelog -n apparmor-profiles
+* Thu Jun 01 2006 - srarnold(a)suse.de
+- Bug 175388 - Profile access allows essentially execute permission when
+ only read access is granted via usage of mmap system call.
+- Bug 172061 - LD_PRELOAD can be exploited to change the execution path
+ across exec transitions
+- Bug 175598 - AppArmor denies postfix chroot
+- Bug 177433 - AppArmor missing profile for postfix/cleanup access to
+ /var/spool/postfix/hold
+- Bug 175626 - /var/lib/ntp/etc/ntp.conf.iburst missing from ntpd profile
+- Remove /usr/sbin/in.identd profile from usr.sbin.identd
* Mon May 08 2006 - srarnold(a)suse.de
- Bug 168035 - apparmor-profiles: lib.ld-2.2.so takes no care of x86_64
/lib/ld-2.4 -- s390x, ppc, ppc64, too
++++++ apparmor-profiles-50_61_m_P_U.patch ++++++
++++ 2892 lines (skipped)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit-unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit-help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package open-iscsi
checked in at Fri Jun 2 02:06:40 CEST 2006.
--------
--- open-iscsi/open-iscsi.changes 2006-05-31 08:33:49.000000000 +0200
+++ open-iscsi/open-iscsi.changes 2006-06-01 17:10:43.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Jun 1 17:06:24 CEST 2006 - hare(a)suse.de
+
+- Added new startmode 'onboot' for root on iSCSI
+- Added new init script boot.open-iscsi startup
+ iscsid as early as possible (#176804)
+
+-------------------------------------------------------------------
New:
----
boot.open-iscsi
open-iscsi-startmode-onboot.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ open-iscsi.spec ++++++
--- /var/tmp/diff_new_pack.QsVP9b/_old 2006-06-02 02:06:30.000000000 +0200
+++ /var/tmp/diff_new_pack.QsVP9b/_new 2006-06-02 02:06:30.000000000 +0200
@@ -18,13 +18,14 @@
Prereq: %fillup_prereq %insserv_prereq
Autoreqprov: on
Version: 0.5.545
-Release: 11
+Release: 12
Provides: linux-iscsi
Obsoletes: linux-iscsi
%define iscsi_release 545
Summary: Linux* Open-iSCSI Software Initiator
Source: %{name}-0.5-454.tar.gz
Source2: open-iscsi.sysconfig
+Source3: boot.open-iscsi
Source12: iscsi-iname.c
Patch1: %{name}-457.diff
Patch2: %{name}-473.diff
@@ -36,6 +37,7 @@
Patch8: %{name}-581.diff
Patch9: %{name}-595.diff
Patch12: %{name}-start-iscsi-after-xen
+Patch20: %{name}-startmode-onboot.patch
Patch21: %{name}-check-active-sessions-before-delete
Patch22: %{name}-iscsi-iname-Makefile.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -77,6 +79,7 @@
%patch8
%patch9
%patch12 -p1
+%patch20 -p1
%patch21 -p1
%patch22 -p1
cp %{S:12} usr/
@@ -92,6 +95,7 @@
install -D -m 755 usr/iscsi-iname ${RPM_BUILD_ROOT}/sbin/iscsi-iname
install -D -m 644 etc/iscsid.conf ${RPM_BUILD_ROOT}/etc/iscsid.conf
install -D -m 755 etc/initd/initd.suse ${RPM_BUILD_ROOT}/etc/init.d/open-iscsi
+install -D -m 755 %{S:3} ${RPM_BUILD_ROOT}/etc/init.d/boot.open-iscsi
(cd ${RPM_BUILD_ROOT}/sbin; ln -sf /etc/init.d/open-iscsi rcopen-iscsi)
mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates
install -m 755 %{S:2} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.open-iscsi
@@ -105,6 +109,7 @@
%post
%{fillup_and_insserv -n open-iscsi}
+%{fillup_and_insserv -Y boot.open-iscsi}
if [ ! -f /etc/initiatorname.iscsi ]; then
cat << EOF >> /etc/initiatorname.iscsi
## DO NOT EDIT OR REMOVE THIS FILE!
@@ -132,6 +137,7 @@
%defattr(-,root,root)
%attr(0600,root,root) %config(noreplace) /etc/iscsid.conf
%config /etc/init.d/open-iscsi
+%config /etc/init.d/boot.open-iscsi
/sbin/*
/var/adm/fillup-templates/sysconfig.open-iscsi
%dir /var/lib/open-iscsi
@@ -139,6 +145,10 @@
%doc %{_mandir}/man8/*
%changelog -n open-iscsi
+* Thu Jun 01 2006 - hare(a)suse.de
+- Added new startmode 'onboot' for root on iSCSI
+- Added new init script boot.open-iscsi startup
+ iscsid as early as possible (#176804)
* Wed May 31 2006 - hare(a)suse.de
- update to svn r595
- Include local patches
++++++ open-iscsi-startmode-onboot.patch ++++++
diff --git a/etc/initd/initd.suse b/etc/initd/initd.suse
index 8862210..b65f3c1 100644
--- a/etc/initd/initd.suse
+++ b/etc/initd/initd.suse
@@ -56,17 +56,20 @@ iscsi_logout_all_nodes()
# Logout from all active sessions
TARGETS=$($ISCSIADM -m session | sed 's@\[[^:]*:\(.*\)\] .*@\1@g')
for rec in $TARGETS; do
+ STARTUP=`$ISCSIADM -m node -r $rec | grep "node.conn\[0\].startup" | cut -d' ' -f3`
NODE=`$ISCSIADM -m node -r $rec | grep "node.name" | cut -d' ' -f3`
- echo -n "Logging out from $NODE: "
- if $ISCSIADM -m node --record $rec --logout ; then
- rc_status -v
+ if [ $STARTUP != "onboot" ] ; then
+ echo -n "Logging out from $NODE: "
+ if $ISCSIADM -m node --record $rec --logout ; then
+ rc_status -v
+ else
+ RETVAL=$?
+ rc_failed $RETVAL
+ fi
else
- RETVAL=$?
- rc_failed $RETVAL
+ RETVAL=1
fi
done
- # Not sure whether this is still needed
- sleep 1
return ${RETVAL:-0}
}
@@ -85,13 +88,17 @@ iscsi_list_all_nodes()
case "$1" in
start)
[ ! -d /var/lib/iscsi ] && mkdir -p /var/lib/iscsi
- echo -n "Starting iSCSI initiator service: "
- modprobe scsi_transport_iscsi
- modprobe libiscsi
- modprobe iscsi_tcp
- startproc $DAEMON $ARGS
- RETVAL=$?
- rc_status -v
+ if checkproc $DAEMON ; then
+ RETVAL=0
+ else
+ echo -n "Starting iSCSI initiator service: "
+ modprobe scsi_transport_iscsi
+ modprobe libiscsi
+ modprobe iscsi_tcp
+ startproc $DAEMON $ARGS
+ RETVAL=$?
+ rc_status -v
+ fi
if [ "$RETVAL" == "0" ]; then
iscsi_login_all_nodes
fi
diff --git a/kernel/iscsi_tcp.c b/kernel/iscsi_tcp.c
diff --git a/kernel/libiscsi.h b/kernel/libiscsi.h
diff --git a/usr/idbm.c b/usr/idbm.c
index 70c69d1..6271ce2 100644
--- a/usr/idbm.c
+++ b/usr/idbm.c
@@ -687,8 +687,8 @@ idbm_recinfo_node(node_rec_t *r, recinfo
IDBM_SHOW, num);
__recinfo_int("node.tpgt", ri, r, tpgt, IDBM_SHOW, num);
__recinfo_int("node.active_conn", ri, r, active_conn, IDBM_SHOW, num);
- __recinfo_int_o2("node.startup", ri, r, startup,
- IDBM_SHOW, "manual", "automatic", num);
+ __recinfo_int_o3("node.startup", ri, r, startup,
+ IDBM_SHOW, "manual", "automatic", "onboot", num);
__recinfo_int("node.session.initial_cmdsn", ri, r,
session.initial_cmdsn, IDBM_SHOW, num);
__recinfo_int_o2("node.session.auth.authmethod", ri, r,
@@ -742,8 +742,8 @@ idbm_recinfo_node(node_rec_t *r, recinfo
sprintf(key, "node.conn[%d].port", i);
__recinfo_int(key, ri, r, conn[i].port, IDBM_SHOW, num);
sprintf(key, "node.conn[%d].startup", i);
- __recinfo_int_o2(key, ri, r, conn[i].startup, IDBM_SHOW,
- "manual", "automatic", num);
+ __recinfo_int_o3(key, ri, r, conn[i].startup, IDBM_SHOW,
+ "manual", "automatic", "onboot", num);
sprintf(key, "node.conn[%d].tcp.window_size", i);
__recinfo_int(key, ri, r, conn[i].tcp.window_size,
IDBM_SHOW, num);
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit-unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit-help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package nautilus
checked in at Fri Jun 2 02:06:37 CEST 2006.
--------
--- GNOME/nautilus/nautilus.changes 2006-05-23 00:17:42.000000000 +0200
+++ nautilus/nautilus.changes 2006-06-01 21:07:26.000000000 +0200
@@ -1,0 +2,12 @@
+Thu Jun 1 21:07:09 CEST 2006 - federico(a)novell.com
+
+- Added nautilus-172870-support-drives-and-volumes.diff. This fixes
+ https://bugzilla.novell.com/show_bug.cgi?id=172870 by adding proper
+ support for displaying unmounted drives as well as mounted volumes.
+ This also makes floppies work from the desktop.
+- Added nautilus-174766-fix-lazy-positioning.diff to fix
+ https://bugzilla.novell.com/show_bug.cgi?id=174766. This makes
+ volume icons not overlap with other icons in the desktop when
+ volumes get mounted.
+
+-------------------------------------------------------------------
New:
----
nautilus-172870-support-drives-and-volumes.diff
nautilus-174766-fix-lazy-positioning.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nautilus.spec ++++++
--- /var/tmp/diff_new_pack.zZYHmm/_old 2006-06-02 02:06:27.000000000 +0200
+++ /var/tmp/diff_new_pack.zZYHmm/_new 2006-06-02 02:06:27.000000000 +0200
@@ -18,7 +18,7 @@
Group: Productivity/File utilities
Autoreqprov: on
Version: 2.12.2
-Release: 70
+Release: 73
Summary: The GNOME 2.x Desktop File Manager
Source: ftp://ftp.gnome.org/pub/gnome/sources/nautilus/2.11/%{name}-%{version}.tar.…
URL: http://www.gnome.org
@@ -52,6 +52,8 @@
Patch46: nautilus-142860-vfs-drive-for-extensions.diff
Patch47: nautilus-158279-add-location-toggle-button.diff
Patch48: nautilus-i18n.patch
+Patch49: nautilus-172870-support-drives-and-volumes.diff
+Patch50: nautilus-174766-fix-lazy-positioning.diff
PreReq: filesystem gconf2
Requires: gnome2-user-docs
Provides: nautilus2
@@ -111,6 +113,8 @@
%patch46 -p1
%patch47 -p1
%patch48
+%patch49 -p1
+%patch50 -p1
# FIXME: this code updates translation for upstreamed patches.
cd po
intltool-update --pot
@@ -195,6 +199,15 @@
%{prefix}/%_lib/pkgconfig/*.pc
%changelog -n nautilus
+* Thu Jun 01 2006 - federico(a)novell.com
+- Added nautilus-172870-support-drives-and-volumes.diff. This fixes
+ https://bugzilla.novell.com/show_bug.cgi?id=172870 by adding proper
+ support for displaying unmounted drives as well as mounted volumes.
+ This also makes floppies work from the desktop.
+- Added nautilus-174766-fix-lazy-positioning.diff to fix
+ https://bugzilla.novell.com/show_bug.cgi?id=174766. This makes
+ volume icons not overlap with other icons in the desktop when
+ volumes get mounted.
* Tue May 23 2006 - federico(a)novell.com
- Updated nautilus-158158-ignore-foreign-desktop-files.diff to fix
https://bugzilla.novell.com/show_bug.cgi?id=177777. All .desktop
++++++ nautilus-172870-support-drives-and-volumes.diff ++++++
++++ 634 lines (skipped)
++++++ nautilus-174766-fix-lazy-positioning.diff ++++++
2006-05-31 Federico Mena Quintero <federico(a)novell.com>
Fix the use of lazy positioning, and the saving of metadata for
lazily-positioned icons. Fixes
http://bugzilla.novell.com/show_bug.cgi?id=174766.
* libnautilus-private/nautilus-icon-container.c
(icon_set_position): Clear icon->has_lazy_position, since the icon
will be positioned once this function exits.
(finish_adding_new_icons): Do not ignore already-placed lazy
position icons when filling the placement grid! Save the value of
icon->has_lazy_position before calling assign_icon_position().
Since that function may call icon_set_position() (which will clear
the flag), we need to keep the original value of the flag.
(finish_adding_new_icons): Don't clear icon->has_lazy_position
here; let icon_set_position() do it.
(finish_adding_new_icons): Emit the icon_position_changed signal
so that the parent knows that we moved an icon under it. This has
the effect of updating/preserving the position metadata for
has_lazy_position icons.
--- nautilus/libnautilus-private/nautilus-icon-container.c 2006-04-07 15:12:27.000000000 -0500
+++ nautilus/libnautilus-private/nautilus-icon-container.c 2006-05-31 15:30:50.000000000 -0500
@@ -277,6 +277,8 @@ icon_set_position (NautilusIcon *icon,
int x1, y1, x2, y2;
int container_x, container_y, container_width, container_height;
+ icon->has_lazy_position = FALSE;
+
if (icon->x == x && icon->y == y) {
return;
}
@@ -1304,6 +1306,7 @@ placement_grid_mark_icon (PlacementGrid
canvas_position_to_grid_position (grid,
icon_pos,
&grid_pos);
+
placement_grid_mark (grid, grid_pos);
}
@@ -5166,9 +5169,13 @@ finish_adding_new_icons (NautilusIconCon
new_icons = g_list_reverse (new_icons);
no_position_icons = semi_position_icons = NULL;
for (p = new_icons; p != NULL; p = p->next) {
+ gboolean has_lazy_position;
+
icon = p->data;
+ has_lazy_position = icon->has_lazy_position;
+
if (assign_icon_position (container, icon)) {
- if (!container->details->is_reloading && !container->details->auto_layout && icon->has_lazy_position) {
+ if (!container->details->is_reloading && !container->details->auto_layout && has_lazy_position) {
semi_position_icons = g_list_prepend (semi_position_icons, icon);
}
} else {
@@ -5201,6 +5208,7 @@ finish_adding_new_icons (NautilusIconCon
for (p = semi_position_icons; p != NULL; p = p->next) {
NautilusIcon *icon;
int x, y;
+ NautilusIconPosition position;
icon = p->data;
x = icon->x;
@@ -5213,9 +5221,12 @@ finish_adding_new_icons (NautilusIconCon
placement_grid_mark_icon (grid, icon);
- /* ensure that next time we run this code, the formerly semi-positioned
- * icons are treated as being positioned. */
- icon->has_lazy_position = FALSE;
+ position.x = icon->x;
+ position.y = icon->y;
+ position.scale_x = icon->scale_x;
+ position.scale_y = icon->scale_y;
+ g_signal_emit (container, signals[ICON_POSITION_CHANGED], 0,
+ icon->data, &position);
}
placement_grid_free (grid);
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit-unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit-help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package mysql
checked in at Fri Jun 2 02:06:19 CEST 2006.
--------
--- mysql/mysql.changes 2006-05-03 14:03:16.000000000 +0200
+++ mysql/mysql.changes 2006-06-01 14:32:18.000000000 +0200
@@ -1,0 +2,5 @@
+Thu Jun 1 14:32:13 CEST 2006 - mmarek(a)suse.cz
+
+- build as user
+
+-------------------------------------------------------------------
Old:
----
minmem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mysql.spec ++++++
--- /var/tmp/diff_new_pack.gzH83d/_old 2006-06-02 02:06:00.000000000 +0200
+++ /var/tmp/diff_new_pack.gzH83d/_new 2006-06-02 02:06:00.000000000 +0200
@@ -8,6 +8,7 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+# norootforbuild
Name: mysql
BuildRequires: gcc-c++ readline-devel tcpd-devel
@@ -16,7 +17,7 @@
Requires: mysql-client perl-DBD-mysql
Autoreqprov: on
Version: 5.0.18
-Release: 19
+Release: 20
URL: http://www.mysql.com
Summary: A True Multiuser, Multithreaded SQL Database Server
PreReq: /usr/sbin/useradd /usr/sbin/groupadd fileutils %install_info_prereq %fillup_prereq %insserv_prereq
@@ -368,7 +369,6 @@
# var -> ../../../var/...
#ln -s ../../../var/lib/mysql/mysql-test $RPM_BUILD_ROOT/usr/share/mysql-test/var
mkdir $RPM_BUILD_ROOT/usr/share/mysql-test/var
-chown mysql:mysql $RPM_BUILD_ROOT/usr/share/mysql-test/var
%pre
/usr/sbin/groupadd -r mysql >/dev/null 2>/dev/null || :
@@ -526,6 +526,8 @@
%dir %attr(755, mysql, mysql) /usr/share/mysql-test/var
%changelog -n mysql
+* Thu Jun 01 2006 - mmarek(a)suse.cz
+- build as user
* Wed May 03 2006 - mmarek(a)suse.cz
- fix buffer overflow and and reading uninitialized memory using
the COM_TABLE_DUMP protocol command (fix from the 5.0.21 release)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit-unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit-help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package apparmor-docs
checked in at Fri Jun 2 02:05:52 CEST 2006.
--------
--- apparmor-docs/apparmor-docs.changes 2006-05-04 01:59:56.000000000 +0200
+++ apparmor-docs/apparmor-docs.changes 2006-06-01 00:53:56.000000000 +0200
@@ -1,0 +2,8 @@
+Thu Jun 1 00:37:43 CEST 2006 - srarnold(a)suse.de
+
+- Bug 175388 - Profile access allows essentially execute permission when
+ only read access is granted via usage of mmap system call.
+- Bug 172061 - LD_PRELOAD can be exploited to change the execution path
+ across exec transitionS
+
+-------------------------------------------------------------------
New:
----
apparmor-docs-48_61_m_PU.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor-docs.spec ++++++
--- /var/tmp/diff_new_pack.ZoqwB4/_old 2006-06-02 02:05:27.000000000 +0200
+++ /var/tmp/diff_new_pack.ZoqwB4/_new 2006-06-02 02:05:27.000000000 +0200
@@ -16,9 +16,10 @@
%endif
Summary: AppArmor Documentation package
Version: 2.0
-Release: 16
+Release: 17
Group: Documentation/Other
Source0: %{name}-%{version}-48.tar.gz
+Patch0: %{name}-48_61_m_PU.patch
License: Other License(s), see package, Other uncritical OpenSource License
BuildRoot: %{_tmppath}/%{name}-%{version}-build
URL: http://forge.novell.com/modules/xfmod/project/?apparmor
@@ -41,6 +42,7 @@
%prep
%setup -q
+%patch0
%build
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
@@ -64,6 +66,11 @@
%doc immunix.css
%changelog -n apparmor-docs
+* Thu Jun 01 2006 - srarnold(a)suse.de
+- Bug 175388 - Profile access allows essentially execute permission when
+ only read access is granted via usage of mmap system call.
+- Bug 172061 - LD_PRELOAD can be exploited to change the execution path
+ across exec transitionS
* Thu May 04 2006 - srarnold(a)suse.de
- 'l' no longer required for unlink access
- remove obsolete reference to program-chunks/apache-default-uri
++++++ apparmor-docs-48_61_m_PU.patch ++++++
Index: apparmor.d.pod
===================================================================
--- apparmor.d.pod (revision 48)
+++ apparmor.d.pod (working copy)
@@ -73,7 +73,7 @@
B<FILEGLOB> = (non-whitespace characters, must start with '/', B<?*[]{}^> have special meanings; see below. May include I<VARIABLE>.)
-B<ACCESS> = ( 'r' | 'w' | 'l' | 'ix' | 'ux' | 'px' ) I<ACCESS> (not all combinations are allowed; see below.)
+B<ACCESS> = ( 'r' | 'w' | 'l' | 'ix' | 'ux' | 'Ux' | 'px' | 'Px' | 'm' ) [ I<ACCESS> ... ] (not all combinations are allowed; see below.)
B<VARIABLE> = '@{' I<ALPHA> [ I<ALPHANUMERIC> ... ] '}'
@@ -104,12 +104,18 @@
=item B<w> - write
-=item B<px> - discrete profile execute
+=item B<ux> - unconstrained execute
-=item B<ux> - unconstrained execute
+=item B<Ux> - unconstrained execute -- scrub the environment
-=item B<ix> - inherit execute
+=item B<px> - discrete profile execute
+=item B<Px> - discrete profile execute -- scrub the environment
+
+=item B<ix> - inherit execute
+
+=item B<m> - allow PROT_EXEC with mmap(2) calls
+
=item B<l> - link
=back
@@ -118,26 +124,24 @@
=over 4
-=item B<Read mode>
+=item B<r - Read mode>
-Allows the program to have read access to the resource. Read access is
+Allows the program to have read access to the file. Read access is
required for shell scripts and other interpreted content, and determines
if an executing process can core dump or be attached to with ptrace(2).
(ptrace(2) is used by utilities such as strace(1), ltrace(1), and
gdb(1).)
-=item B<Write mode>
+=item B<w - Write mode>
-Allows the program to have write access to the resource. Files must have
+Allows the program to have write access to the file. Files must have
this permission if they are to be unlinked (removed.)
+=item B<ux - Unconstrained execute mode>
-=item B<Unconstrained execute mode>
+Allows the program to execute the program without any AppArmor profile
+being applied to the program.
-Allows the program to execute the resource without any AppArmor profile
-being applied to the executed resource. Requires listing execute mode
-as well. Incompatible with Inherit and Discrete Profile execute entries.
-
This mode is useful when a confined program needs to be able to perform
a privileged operation, such as rebooting the machine. By placing the
privileged section in another executable and granting unconstrained
@@ -145,36 +149,83 @@
imposed on all confined processes. For more information on what is
constrained, see the apparmor(7) man page.
-B<WARNING> this should only be used in very special cases. It enables the
+B<WARNING> 'ux' should only be used in very special cases. It enables the
designated child processes to be run without any AppArmor protection.
-Use at your own risk.
+'ux' does not scrub the environment of variables such as LD_PRELOAD;
+as a result, the calling domain may have an undue amount of influence
+over the callee. Use this mode only if the child absolutely must be
+run unconfined and LD_PRELOAD must be used. Any profile using this mode
+provides negligible security. Use at your own risk.
-=item B<Inherit execute mode>
+Incompatible with 'Ux', 'px', 'Px', 'ix'.
+=item B<Ux - unconstrained execute -- scrub the environment>
+
+'Ux' allows the named program to run in 'ux' mode, but AppArmor
+will invoke the Linux Kernel's B<unsafe_exec> routines to scrub
+the environment, similar to setuid programs. (See ld.so(8) for some
+information on setuid/setgid environment scrubbing.)
+
+B<WARNING> 'Ux' should only be used in very special cases. It enables the
+designated child processes to be run without any AppArmor protection.
+Use this mode only if the child absolutely must be run unconfined. Use
+at your own risk.
+
+Incompatible with 'ux', 'px', 'Px', 'ix'.
+
+=item B<px - Discrete Profile execute mode>
+
+This mode requires that a discrete security profile is defined for a
+program executed and forces an AppArmor domain transition. If there is
+no profile defined then the access will be denied.
+
+B<WARNING> 'px' does not scrub the environment of variables such as
+LD_PRELOAD; as a result, the calling domain may have an undue amount of
+influence over the callee.
+
+Incompatible with 'Ux', 'ux', 'Px', 'ix'.
+
+=item B<Px - Discrete Profile execute mode -- scrub the environment>
+
+'Px' allows the named program to run in 'px' mode, but AppArmor
+will invoke the Linux Kernel's B<unsafe_exec> routines to scrub
+the environment, similar to setuid programs. (See ld.so(8) for some
+information on setuid/setgid environment scrubbing.)
+
+Incompatible with 'Ux', 'ux', 'px', 'ix'.
+
+=item B<ix - Inherit execute mode>
+
Prevent the normal AppArmor domain transition on execve(2) when the
-profiled program executes the resource. Instead, the executed resource
-will inherit the current profile. Incompatible with Unconstrained and
-Discrete Profile execute entries.
+profiled program executes the named program. Instead, the executed resource
+will inherit the current profile.
This mode is useful when a confined program needs to call another
confined program without gaining the permissions of the target's
-profile, or losing the permissions of the current profile.
+profile, or losing the permissions of the current profile. There is no
+version to scrub the environment because 'ix' executions don't change
+privileges.
-=item B<Discrete Profile execute mode>
+Incompatible with 'Ux', 'ux', 'Px', 'px'. Implies 'm'.
-This mode requires that a discrete security profile is defined for
-a resource executed at a AppArmor domain transition. If there is no
-profile defined then the access will be denied. Incompatible with
-Inherit and Unconstrained execute entries.
+=item B<m - Allow executable mapping>
-=item B<Link mode>
+This mode allows a file to be mapped into memory using mmap(2)'s
+PROT_EXEC flag. This flag marks the pages executable; it is used on some
+architectures to provide non-executable data pages, which can complicate
+exploit attempts. AppArmor uses this mode to limit which files a
+well-behaved program (or all programs on architectures that enforce
+non-executable memory access controls) may use as libraries, to limit
+the effect of invalid B<-L> flags given to ld(1) and B<LD_PRELOAD>,
+B<LD_LIBRARY_PATH>, given to ld.so(8).
-Allows the program to be able to create a link with this name.
-When a link is created, the file that is being
-linked to B<MUST> have the same access permissions as the link being
-created (with the exception that the destination does not have to have
-link access.)
+=item B<l - Link mode>
+Allows the program to be able to create a link with this name. When a
+link is created, the file that is being linked to B<MUST> have the same
+access permissions as the link being created (with the exception that
+the destination does not have to have link access.)
+
=back
=head2 Comments
@@ -193,8 +244,9 @@
arbitrary access to IPC, ability to bypass discretionary access controls,
and other operations that are typically reserved for the root user.
-The only operations that cannot be controlled in this manner are mount(2)
-and umount(2), which are always denied to confined processes.
+The only operations that cannot be controlled in this manner are mount(2),
+umount(2), and loading new AppArmor policy into the kernel, which are
+always denied to confined processes.
=head2 Variables
@@ -384,7 +436,7 @@
# a comment about foo's subprofile, bar.
^bar {
/lib/ld-*.so* x,
- /usr/bin/bar x,
+ /usr/bin/bar ix,
/var/spool/* rwl,
}
}
Index: genprof.pod
===================================================================
--- genprof.pod (revision 61)
+++ genprof.pod (working copy)
@@ -54,11 +54,10 @@
- write a mark to the system log
- instruct the user to start the application to
-
be profiled in another window and exercise its functionality
It then presents the user with two options, (S)can system log for entries
-to add to profile and (D)one.
+to add to profile and (F)inish.
If the user selects (S)can or hits return, genprof will parse
the complain mode logs and iterate through generated violations
@@ -70,7 +69,7 @@
(D)one. This cycle can then be repeated as neccesary until all application
functionality has been exercised without generating access violations.
-When the user eventually hits (D)one, genprof will set the main profile,
+When the user eventually hits (F)inish, genprof will set the main profile,
and any other profiles that were generated, into enforce mode and exit.
=head1 BUGS
Index: logprof.pod
===================================================================
--- logprof.pod (revision 61)
+++ logprof.pod (working copy)
@@ -49,7 +49,7 @@
=head1 DESCRIPTION
-B<logprof> is an interactive tool used to review AppArmor's syslog
+B<logprof> is an interactive tool used to review AppArmor's
complain mode output and generate new entries for AppArmor security
profiles.
@@ -64,7 +64,7 @@
=head2 Responding to AppArmor Events
-B<logprof> will generate a list of "suggested profile changes" that
+B<logprof> will generate a list of suggested profile changes that
the user can choose from, or they can create their own, to modifiy the
permission set of the profile so that the generated access violation
will not re-occur.
@@ -118,12 +118,12 @@
=head2 New Process (Execution) Events
-If there are unhandled x accesses generated by the forking of a
+If there are unhandled x accesses generated by the execve(2) of a
new process, logprof will display the parent profile and the target
program that's being executed and prompt the user to select and execute
modifier. These modifiers will allow a choice for the target to: have it's
own profile (px), inherit the parent's profile (ix), run unconstrained
-(ux), or deny access for the target.
+(ux), or deny access for the target. See apparmor.d(5) for details.
If there is a corresponding entry for the target in the qualifiers
section of /etc/logprof.conf, the presented list will contain only the
@@ -142,7 +142,7 @@
=head2 ChangeHat Events
-If unknown changehat events are found, the user is prompted to add a new
+If unknown change_hat(2) events are found, the user is prompted to add a new
hat, if the events should go into the default hat for this profile based
on the corresponding entry in the defaulthat section of logprof.conf,
or if the following events that run under that hat should be denied
@@ -152,7 +152,7 @@
If there are capability accesses, the user is shown each capability
access and asked if the capability should be allowed, denied, or if the
-user wants to quit.
+user wants to quit. See capability(7) for details.
=head1 BUGS
Index: change_hat.pod
===================================================================
--- change_hat.pod (revision 61)
+++ change_hat.pod (working copy)
@@ -76,10 +76,12 @@
=item B<EACCES>
-The I<magic_token> passed in was 0, which is not a valid value for
-the I<magic_token>, or the specified I<subprofile> does not exist in
-this profile.
+I<subprofile> is NULL and I<magic_token> is 0; when I<magic_token> is 0,
+it is impossible to return from the hat.
+If I<subprofile> is not NULL, then I<subprofile> does not exist in the
+loaded profile.
+
=item B<EFAULT>
An internal error occurred.
@@ -178,27 +180,25 @@
apparmor_parser(8):
/tmp/ch {
- #default entries; most required by __canary_death_handler()
/dev/log w ,
/etc/ld.so.cache r ,
/etc/locale/** r ,
/etc/localtime r ,
/usr/share/locale/** r ,
/usr/share/zoneinfo/** r ,
- /usr/lib/locale/** r ,
- /usr/lib/gconv/*.so r ,
- /usr/lib/gconv/gconv-modules* r ,
+ /usr/lib/locale/** mr ,
+ /usr/lib/gconv/*.so mr ,
+ /usr/lib/gconv/gconv-modules* mr ,
#entries specific to this application
- /lib/ld-*.so* rx ,
- /lib/libc*.so* r ,
+ /lib/ld-*.so* mrix ,
+ /lib/libc*.so* mr ,
/etc/passwd r ,
/dev/pts/* rw,
- /tmp/ch r ,
+ /tmp/ch mr ,
+ ^hat {
+ /dev/pts/* rw,
+ }
}
-
- /tmp/ch^hat {
- /dev/pts/* rw,
- }
The output when run:
@@ -212,7 +212,9 @@
=head1 BUGS
None known. If you find any, please report them to bugzilla at
-L<http://bugzilla.novell.com>.
+L<http://bugzilla.novell.com>. Note that change_hat(2) provides no
+memory barriers between different areas of a program; if address space
+separation is required, then separate processes should be used.
=head1 SEE ALSO
Index: apparmor.pod
===================================================================
--- apparmor.pod (revision 61)
+++ apparmor.pod (working copy)
@@ -39,7 +39,6 @@
# /etc/init.d/boot.apparmor start
# /etc/init.d/boot.apparmor stop
# /etc/init.d/boot.apparmor restart
- # /etc/init.d/boot.apparmor kill
AppArmor can operate in two modes: I<enforcement>, and I<complain or learning>:
@@ -56,7 +55,7 @@
I<complain> - Profiles loaded in C<complain> mode will not enforce policy.
Instead, it will report policy violation attempts. This mode is convenient for
developing profiles. To manage complain mode for individual profiles the
-utilities /usr/bin/complain and /usr/bin/enforce can be used.
+utilities aa-complain(8) and aa-enforce(8) can be used.
These utilities take a program name as an argument.
@@ -65,7 +64,7 @@
Profiles are traditionally stored in files in F</etc/apparmor.d/>
under filenames with the convention of replacing the B</> in pathnames
with B<.> (except for the root B</>) so profiles are easier to manage
-(e.g. the F</usr/sbin/sshd> profile would be named F<usr.sbin.sshd>).
+(e.g. the F</usr/sbin/nscd> profile would be named F<usr.sbin.nscd>).
Profiles are applied to a process at exec(3) time (as seen through the
execve(2) system call); an already running process cannot be confined.
@@ -98,16 +97,18 @@
=head1 ERRORS
When a confined process tries to access a file it does not have permission
-to access, the kernel will report a message to klogd, similar to:
+to access, the kernel will report a message through audit, similar to:
- AppArmor: REJECTING x access to /bin/bash (irssi(2667)
- profile /usr/local/bin/irssi active /usr/local/bin/irssi)
- AppArmor: REJECTING r access to /home/sarnold (mozilla-bin(3029)
- profile /usr/lib/mozilla-1.4/mozilla-bin active
- /usr/lib/mozilla-1.4/mozilla-bin)
- AppArmor: REJECTING rw access to /dev/pts/4 (sh(1721)
- profile /usr/bin/crontab active /usr/bin/crontab)
+ audit(1148420912.879:96): REJECTING x access to /bin/uname
+ (sh(6646) profile /tmp/sh active /tmp/sh)
+ audit(1148420912.879:97): REJECTING r access to /bin/uname
+ (sh(6646) profile /tmp/sh active /tmp/sh)
+
+ audit(1148420944.837:98): REJECTING access to capability
+ 'dac_override' (sh(6641) profile /tmp/sh active /tmp/sh)
+
+
The permissions requested by the process are immediately after
REJECTING. The "name" and process id of the running program are reported,
as well as the profile name and any "hat" that may be active. ("Name"
@@ -117,19 +118,22 @@
For confined processes running under a profile that has been loaded in
complain mode, enforcement will not take place and the log messages
-reported to klogd will be of the form:
+reported to audit will be of the form:
- AppArmor: PERMITTING r access to /root/.viminfo (vi(1272)
- profile /bin/vim active /bin/vim)
- AppArmor: PERMITTING w access to /root/.viminfo.tmp (vi(1272)
- profile /bin/vim active /bin/vim)
- AppArmor: PERMITTING wl access to /root/.viminfo (vi(1272)
- profile /bin/vim active /bin/vim)
- AppArmor: PERMITTING rwl access to /root/.viminfo.tmp (vi(1272)
- profile /bin/vim active /bin/vim)
- AppArmor: PERMITTING w access to /root/.viminfo (vi(1272)
- profile /bin/vim active /bin/vim)
+ audit(1146868287.904:237): PERMITTING r access to
+ /etc/apparmor.d/tunables (du(3811) profile /usr/bin/du active
+ /usr/bin/du)
+ audit(1146868287.904:238): PERMITTING r access to /etc/apparmor.d
+ (du(3811) profile /usr/bin/du active /usr/bin/du)
+
+
+If the userland auditd is not running, the kernel will send audit events
+to klogd; klogd will send the messages to syslog, which will log the
+messages with the KERN facility. Thus, REJECTING and PERMITTING messages
+may go to either F</var/log/audit/audit.log> or F</var/log/messages>,
+depending upon local configuration.
+
=head1 FILES
=over 4
@@ -138,16 +142,19 @@
=item F</etc/apparmor.d/>
-=item F</usr/share/vim/current/syntax/apparmor.vim>
-
=item F</lib/apparmor/>
+=item F</var/log/audit/audit.log>
+
+=item F</var/log/messages>
+
=back
=head1 SEE ALSO
apparmor_parser(8), change_hat(2), apparmor.d(5),
-subdomain.conf(5), autodep(1), clean(1), apparmor.vim(5),
+subdomain.conf(5), autodep(1), clean(1),
+auditd(8),
unconfined(8), enforce(1), complain(1), and
L<http://forge.novell.com/modules/xfmod/project/?apparmor>.
Index: apparmor_parser.pod
===================================================================
--- apparmor_parser.pod (revision 61)
+++ apparmor_parser.pod (working copy)
@@ -57,14 +57,14 @@
=item -r, --replace
This flag is required if an AppArmor definition by the same name already
-exists in the kernel, and one wants to replace the definition already
-in the kernel with the definition giving on standard input.
+exists in the kernel; used to replace the definition already
+in the kernel with the definition given on standard input.
=item -R, --remove
This flag is used to remove an AppArmor definition already in the kernel.
Note that it still requires a complete AppArmor definition as described
-in subdomain.d(5) even though the contents of the definition aren't
+in apparmor.d(5) even though the contents of the definition aren't
used.
=item -p, --preprocess
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit-unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit-help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package mkinitrd
checked in at Fri Jun 2 02:05:43 CEST 2006.
--------
--- mkinitrd/mkinitrd.changes 2006-05-22 10:00:40.000000000 +0200
+++ mkinitrd/mkinitrd.changes 2006-06-01 15:24:20.000000000 +0200
@@ -1,0 +2,23 @@
+Thu Jun 1 09:10:10 CEST 2006 - hare(a)suse.de
+
+- Fix script error for root on iSCSI (#178054)
+- Build additional initrds for kdump (#176908)
+- Do not pass xfs quota options on remount (#177096)
+- Fix syntax error in parsing of udev_timeout (#178106)
+- Fix spelling errors (#177918)
+- Enable DHCP mode for root on iSCSI.
+- Include 64bit EVMS modules, too (#179860)
+- Add 64-device-mapper.rules for udev (#175972)
+
+-------------------------------------------------------------------
+Tue May 30 16:27:35 CEST 2006 - hare(a)suse.de
+
+- Overhaul root on multipath (#176818)
+
+-------------------------------------------------------------------
+Mon May 22 17:05:18 CEST 2006 - hare(a)suse.de
+
+- Add dm-mod to domu-modules if required (#177467)
+- Parse 'ro' commandline option (#177599)
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mkinitrd.spec ++++++
--- /var/tmp/diff_new_pack.0GSARv/_old 2006-06-02 02:05:19.000000000 +0200
+++ /var/tmp/diff_new_pack.0GSARv/_new 2006-06-02 02:05:19.000000000 +0200
@@ -18,7 +18,7 @@
# bootsplash required only if creating splash initrd's.
Autoreqprov: on
Version: 1.2
-Release: 109
+Release: 110
Summary: Creates an Initial RAM Disk Image for Preloading Modules
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Source0: mkinitrd
@@ -85,6 +85,20 @@
%doc %{_mandir}/man8/mkinitrd.8.gz
%changelog -n mkinitrd
+* Thu Jun 01 2006 - hare(a)suse.de
+- Fix script error for root on iSCSI (#178054)
+- Build additional initrds for kdump (#176908)
+- Do not pass xfs quota options on remount (#177096)
+- Fix syntax error in parsing of udev_timeout (#178106)
+- Fix spelling errors (#177918)
+- Enable DHCP mode for root on iSCSI.
+- Include 64bit EVMS modules, too (#179860)
+- Add 64-device-mapper.rules for udev (#175972)
+* Tue May 30 2006 - hare(a)suse.de
+- Overhaul root on multipath (#176818)
+* Mon May 22 2006 - hare(a)suse.de
+- Add dm-mod to domu-modules if required (#177467)
+- Parse 'ro' commandline option (#177599)
* Mon May 22 2006 - hare(a)suse.de
- Handle persistent device names correctly if
LVM is activated (#175972)
++++++ ipconfig.sh ++++++
--- mkinitrd/ipconfig.sh 2006-05-19 17:08:53.000000000 +0200
+++ mkinitrd/ipconfig.sh 2006-06-01 15:05:52.000000000 +0200
@@ -36,30 +36,30 @@
shift
if [ "$1" != "_" ] ; then
peer=$1
- shift
fi
+shift
if [ "$1" != "_" ] ; then
gateway=$1
- shift
fi
+shift
if [ "$1" != "_" ] ; then
netmask=$1
- shift
fi
+shift
if [ "$1" != "_" ] ; then
hostname=$1
- shift
fi
+shift
if [ "$1" != "_" ] ; then
dev=$1
- shift
else
dev=eth0
fi
+shift
if [ "$1" != "_" ] ; then
mode=$1
- shift
fi
+shift
if [ "$mode" ] ; then
echo "Ignoring mode $mode, using static configuration"
++++++ mkinitrd ++++++
--- mkinitrd/mkinitrd 2006-05-22 10:00:37.000000000 +0200
+++ mkinitrd/mkinitrd 2006-06-01 15:24:19.000000000 +0200
@@ -23,7 +23,7 @@
# This file is kept in the following CVS repository:
#
# $Source: /suse/yast2/cvsroot/mkinitrd/mkinitrd,v $
-# $Revision: 1.299 $
+# $Revision: 1.310 $
usage() {
cat<<EOF
@@ -93,7 +93,7 @@
ppc|ppc64)
regex='vmlinux'
;;
- *) regex='vmlinuz'
+ *) regex='vmlinu[xz]'
;;
esac
@@ -105,7 +105,7 @@
kernel_images=""
initrd_images=""
for kernel_image in $(ls /boot \
- | sed -ne "\|^$regex\(-[0-9.]\+-[0-9]\+-[a-z0-9]\+$\)\?|p") ; do
+ | sed -ne "\|^$regex\(-[0-9.]\+-[0-9]\+-[a-z0-9]\+$\)|p") ; do
# Note that we cannot check the RPM database here -- this
# script is itself called from within the binary kernel
@@ -294,7 +294,7 @@
# And /sys likewise
mounted_sys=
-if [ ! -e /sys/devices ] ; then
+if [ ! -d /sys/devices ] ; then
mounted_sys=/sys
mount -n -t sysfs none /sys
fi
@@ -885,14 +885,19 @@
local devname=$1
local sysfs_path
- sysfs_path=$(udevinfo -q path -n $rootdev)
- cd /sys$sysfs_path
+ sysfs_path=$(udevinfo -q path -n $rootdev 2> /dev/null)
+ if [ -z "$sysfs_path" ]; then
+ return;
+ fi
+
+ pushd /sys$sysfs_path > /dev/null
if [ ! -d device ] ; then
cd ..
fi
if [ ! -d device ] ; then
# no device link; return
+ popd > /dev/null
return;
fi
@@ -903,7 +908,7 @@
cd -P iscsi_session:session*
echo $(basename $PWD)
fi
-
+ popd > /dev/null
}
get_default_interface() {
@@ -1065,7 +1070,7 @@
# Root is on SCSI, detect all SCSI devices
for dev_dir in /sys/class/scsi_device/*; do
if [ -d "$dev_dir" ] && [ -e "$dev_dir/device" ]; then
- cd $dev_dir;
+ pushd $dev_dir > /dev/null;
cd $(readlink device);
if [ -r ./hba_id ]; then
read fcp_disk_hba < ./hba_id
@@ -1081,6 +1086,7 @@
done
[ "$fcp_disk_hba" ] && s390_zfcp_hbas="$s390_zfcp_hbas $fcp_disk_hba"
fi
+ popd > /dev/null
fi
done
if [ "$s390_zfcp_hbas" ]; then
@@ -1099,7 +1105,7 @@
# Root device is on a dasd device, enable all dasd disks
for dir in /sys/block/dasd*; do
if [ -d "$dir" ] && [ -d ${dir}/device ]; then
- cd $dir
+ pushd $dir > /dev/null
cd $(readlink device)
if [ -r ./discipline ]; then
read type < ./discipline
@@ -1122,6 +1128,7 @@
esac
s390_dasd_disks="$s390_dasd_disks $(basename $PWD):$discipline"
fi
+ popd > /dev/null
fi
done
@@ -1279,10 +1286,6 @@
;;
mpath)
add_module dm-multipath
- add_module dm-round-robin
- add_module dm-emc
- root_mpath=1
- root_dm=1
;;
lvm2)
add_module dm-snapshot
@@ -1320,6 +1323,13 @@
cp_bin $vendor_init_script $vendor_script
fi
+ if has_module dm-multipath ; then
+ add_module dm-round-robin
+ add_module dm-emc
+ root_mpath=1
+ root_dm=1
+ fi
+
if has_module iscsi_tcp ; then
features=(${features[@]} iscsi)
cp_bin /sbin/iscsid $tmp_mnt/sbin/iscsid
@@ -1395,7 +1405,7 @@
echo "udev_root=\"/dev\"" > $tmp_mnt/etc/udev/udev.conf
echo "udev_rules=\"/etc/udev/rules.d\"" >> $tmp_mnt/etc/udev/udev.conf
# copy needed rules
- for rule in 05-udev-early.rules 50-udev-default.rules 60-persistent-storage.rules; do
+ for rule in 05-udev-early.rules 50-udev-default.rules 60-persistent-storage.rules 64-device-mapper.rules; do
if [ -f /etc/udev/rules.d/$rule ]; then
cp /etc/udev/rules.d/$rule $tmp_mnt/etc/udev/rules.d
fi
@@ -1440,6 +1450,7 @@
cp_bin /sbin/kpartx $tmp_mnt/sbin
cp_bin /sbin/dmsetup $tmp_mnt/sbin
cp_bin /sbin/mpath_id $tmp_mnt/sbin
+ cp_bin /sbin/kpartx_id $tmp_mnt/sbin
if [ -f /etc/multipath.conf ] ; then
cp -a /etc/multipath.conf $tmp_mnt/etc
fi
@@ -1463,11 +1474,18 @@
cp_bin /usr/bin/expr $tmp_mnt/bin
mkdir -p $tmp_mnt/mnt
cp -a /etc/evms.conf $tmp_mnt/etc
- mkdir -p $tmp_mnt/lib/evms
- SD=$(ls -A /lib/evms | tail -n 1)
- (cd $tmp_mnt/lib/evms && mkdir -p $SD)
- cp_bin /lib/evms/$SD/* $tmp_mnt/lib/evms/$SD
- rm -f $tmp_mnt/lib/evms/*/*{ext2,jfs,ogfs,reiser,swap,xfs}*so
+ [ -d /lib/evms ] && evms_lib="/lib/evms"
+ [ -d /lib64/evms ] && evms_lib="/lib64/evms"
+
+ if [ "$evms_lib" ] ; then
+ mkdir -p ${tmp_mnt}${evms_lib}
+ SD=$(ls -A $evms_lib | tail -n 1)
+ (cd ${tmp_mnt}${evms_lib} && mkdir -p $SD)
+ cp_bin $evms_lib/$SD/* ${tmp_mnt}${evms_lib}/$SD
+ rm -f ${tmp_mnt}${evms_lib}/*/*{ext2,jfs,ogfs,reiser,swap,xfs}*so
+ else
+ oops 7 "No EVMS modules found"
+ fi
fi
if has_any_module raid0 raid1 raid5 linear multipath; then
@@ -1664,6 +1682,9 @@
| rw)
| read_write=1
| ;;
+ | ro)
+ | read_only=1
+ | ;;
| esac
|done
|
@@ -1679,24 +1700,22 @@
| rootdev_cmdline=1
| ;;
| resume=*)
- | set -- \$(IFS== ; echo \$o)
- | resumedev=\$2
+ | resumedev=\${o#resume=}
| ;;
| journal=*)
- | set -- \$(IFS== ; echo \$o)
- | journaldev=\$2
+ | journaldev=\${o#journal=}
| ;;
| mduuid=*)
- | set -- \$(IFS== ; echo \$o)
- | md_uuid=\$2
+ | md_uuid=\${o#mduuid=}
| ;;
| init=*)
- | set -- \$(IFS== ; echo \$o)
- | init=\$2
+ | init=\${o#init=}
| ;;
| udev_timeout=*)
- | set -- \$(IFS== ; echo $\o)
- | udev_timeout=\$2
+ | udev_timeout=\${o#udev_timeout=}
+ | ;;
+ | rootflags=*)
+ | rootfsflags=\${o#rootflags=}
| ;;
| esac
|done
@@ -1888,7 +1907,7 @@
done
# Filter modules into fs and non-fs (driver) modules.
- # We do this to avoid loading xfs when doing a resule: xfs had
+ # We do this to avoid loading xfs when doing a resume: xfs had
# (or still has) a bug that slows down resume a lot.
# FIXME: get rid of this split crap again.
for module in $resolved_modules; do
@@ -2165,6 +2184,8 @@
| echo \$o > /etc/initiatorname.iscsi ;;
| esac
|done
+ |# Always enable DHCP for iSCSI
+ |dhcp_mode=1
EOF
fi
@@ -2261,6 +2282,7 @@
| iscsi_sid=\$(/sbin/iscsiadm -m node | grep \$iscsitarget | grep \$iscsiserver | sed 's(a)\[\(.*\)\] .*@\1@g')
| else
| iscsi_sid=\$(/sbin/iscsiadm -m node | grep \$iscsitarget | sed 's(a)\[\(.*\)\] .*@\1@g')
+ | fi
| else
| if [ -n "\$iscsiserver" ] ; then
| iscsi_sid=\$(/sbin/iscsiadm -m node | grep \$iscsiserver | sed 's(a)\[\(.*\)\] .*@\1@g')
@@ -2269,7 +2291,7 @@
| if [ -z "\$iscsi_sid" ] ; then
| iscsi_sid=$iscsi_sid
| fi
- |
+ |
| NODE=`/sbin/iscsiadm -m node -r \$iscsi_sid | grep "node.name" | cut -d' ' -f3`
| echo -n "Logging into \$NODE: "
| if /sbin/iscsiadm -m node -r \$iscsi_sid -l ; then
@@ -2452,9 +2474,20 @@
if [ -n "$root_mpath" ] ; then
cat_linuxrc <<-EOF
- |# Rescan for multipath
- |/sbin/multipath -v0
- |/sbin/udevsettle --timeout=\$udev_timeout
+ |# check for IDE parameter in /proc/cmdline
+ |for o in \$(cat /proc/cmdline) ; do
+ | case \$o in
+ | multipath=*)
+ | mpath_status=\${o#multipath=};;
+ | esac
+ |done
+ |if [ "\$mpath_status" != "off" ] ; then
+ | # Rescan for multipath
+ | echo -n "Setup multipath devices: "
+ | /sbin/multipath -v0
+ | /sbin/udevsettle --timeout=\$udev_timeout
+ | echo 'ok.'
+ |fi
EOF
fi
@@ -2721,8 +2754,13 @@
| echo "fsck failed. Mounting root device read-only."
| read_write=
| else
- | echo "fsck succeeded. Mounting root device read-write."
- | read_write=1
+ | if [ "$read_only" ]; then
+ | echo "fsck succeeded. Mounting root device read-only."
+ | read_write=
+ | else
+ | echo "fsck succeeded. Mounting root device read-write."
+ | read_write=1
+ | fi
| fi
|fi
EOF
@@ -2738,6 +2776,7 @@
|echo "Mounting root $rootdev"
|# check external journal
|[ "$rootfstype" = "xfs" -a -n "$journaldev" ] && opt="${opt},logdev=$journaldev"
+ |[ "$rootfstype" = "xfs" -a -n "$rootfsflags" ] && opt="${opt},$rootfsflags"
|[ "$rootfstype" = "reiserfs" -a -n "$journaldev" ] && opt="${opt},jdev=$journaldev"
|[ -n "$rootfstype" ] && opt="${opt} -t $rootfstype"
|if [ -x /bin/nfsmount -a "$rootfstype" = "nfs" ]; then
@@ -2761,14 +2800,30 @@
|fi
|
|if [ -z "$init" ] ; then
- | echo "No init found. Try passing init= optino to the kernel."
+ | echo "No init found. Try passing init= option to the kernel."
| die 1
|fi
|
|# Parse root mount options
|if [ -f /root/etc/fstab ] ; then
| fsoptions=$(cat /root/etc/fstab | while read d m f o r; do if [ "$m" == "/" ] ; then echo $o; fi; done)
- | if [ "$fsoptions" ] && [ "$fsoptions" != "defaults" ] ; then
+ | set -- $(IFS=,; echo $fsoptions)
+ | fsoptions=
+ | while [ "$1" ] ; do
+ | case $1 in
+ | *quota) ;;
+ | defaults) ;;
+ | *)
+ | if [ "$fsoptions" ] ; then
+ | fsoptions="$fsoptions,$1"
+ | else
+ | fsoptions="$1"
+ | fi
+ | ;;
+ | esac
+ | shift
+ | done
+ | if [ "$fsoptions" ] ; then
| mount -o remount,$fsoptions $rootdev /root
| fi
|fi
@@ -3031,6 +3086,7 @@
if [ -n "$root_dm" ] ; then
add_module dm-mod
add_module dm-snapshot
+ domu_modules="$domu_modules dm-mod dm-snapshot"
fi
# check if there is or was more than on raid type active
if [ -f /proc/mdstat -a -z "$root_dir" ] ; then
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit-unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit-help(a)opensuse.org
1
0