November 2008 - openSUSE Commits - openSUSE Mailing Lists

commit bzip2
by root＠Hilbert.suse.de 01 Nov '08

01 Nov '08

Hello community, here is the log from the commit of package bzip2 checked in at Sat Nov 1 23:15:31 CET 2008. -------- --- bzip2/bzip2.changes 2008-08-01 02:53:24.000000000 +0200 +++ /mounts/work_src_done/STABLE/bzip2/bzip2.changes 2008-10-30 15:31:59.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Oct 30 12:34:56 CET 2008 - olh(a)suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- calling whatdependson for head-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bzip2.spec ++++++ --- /var/tmp/diff_new_pack.Y16334/_old 2008-11-01 23:15:20.000000000 +0100 +++ /var/tmp/diff_new_pack.Y16334/_new 2008-11-01 23:15:20.000000000 +0100 @@ -2,9 +2,16 @@ # spec file for package bzip2 (Version 1.0.5) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -13,12 +20,20 @@ Name: bzip2 Version: 1.0.5 -Release: 20 +Release: 33 Provides: bzip Obsoletes: bzip # The following is a kludge to get updating bzip2 to after the split work PreReq: libbz2-1 AutoReqProv: on +# bug437293 +%ifarch ppc64 +Obsoletes: bzip2-64bit +%endif +%ifarch %ix86 ppc +Obsoletes: bzip2-32bit +%endif +# Group: Productivity/Archiving/Compression License: BSD 3-Clause Url: http://www.bzip.org/ @@ -164,6 +179,8 @@ %{_libdir}/libbz2.so %changelog +* Thu Oct 30 2008 olh(a)suse.de +- obsolete old -XXbit packages (bnc#437293) * Fri Aug 01 2008 jw(a)suse.de - added missing header to bznew [bnc#413261] * Wed May 14 2008 coolo(a)suse.de @@ -249,7 +266,7 @@ - re-added /usr/include/bzlib.h * Thu Mar 08 2001 bk(a)suse.de - Replaced the -malign options with -mcpu=pentiumpro -* Wed Mar 07 2001 bk(a)suse.de +* Tue Mar 06 2001 bk(a)suse.de - add version info to libbz2 link to fix the library version number - if i386, add -malign-loops=2 -malign-jumps=2 -malign-functions=2 * Thu Nov 30 2000 aj(a)suse.de ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit post-build-checks
by root＠Hilbert.suse.de 01 Nov '08

01 Nov '08

Hello community, here is the log from the commit of package post-build-checks checked in at Sat Nov 1 23:14:51 CET 2008. -------- --- post-build-checks/post-build-checks.changes 2008-10-23 11:51:39.000000000 +0200 +++ /mounts/work_src_done/STABLE/post-build-checks/post-build-checks.changes 2008-10-28 09:57:12.000000000 +0100 @@ -1,0 +2,11 @@ +Tue Oct 28 09:57:02 CET 2008 - lnussel(a)suse.de + +- remove suid check. replaced by rpmlint script + +------------------------------------------------------------------- +Mon Oct 27 23:57:31 CET 2008 - meissner(a)suse.de + +- added warning checks for: array subscript over/underflow, + void return not expected warnings. bnc#240922,bnc#439283 + +------------------------------------------------------------------- calling whatdependson for head-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ post-build-checks.spec ++++++ --- /var/tmp/diff_new_pack.ws5667/_old 2008-11-01 23:14:41.000000000 +0100 +++ /var/tmp/diff_new_pack.ws5667/_new 2008-11-01 23:14:41.000000000 +0100 @@ -24,7 +24,7 @@ AutoReqProv: on Summary: post checks for build after rpms have been created Version: 1.0 -Release: 51 +Release: 53 PreReq: aaa_base permissions sed Source0: %{name}-%{version}.tar.bz2 BuildArch: noarch @@ -79,6 +79,11 @@ /usr/lib/build %changelog +* Tue Oct 28 2008 lnussel(a)suse.de +- remove suid check. replaced by rpmlint script +* Tue Oct 28 2008 meissner(a)suse.de +- added warning checks for: array subscript over/underflow, + void return not expected warnings. bnc#240922,bnc#439283 * Thu Oct 23 2008 lnussel(a)suse.de - suid check: tetex -> texlive * Wed Oct 22 2008 lnussel(a)suse.de ++++++ post-build-checks-1.0.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/post-build-checks-1.0/checks/07-check-suid new/post-build-checks-1.0/checks/07-check-suid --- old/post-build-checks-1.0/checks/07-check-suid 2008-10-23 11:50:37.000000000 +0200 +++ new/post-build-checks-1.0/checks/07-check-suid 1970-01-01 01:00:00.000000000 +0100 @@ -1,167 +0,0 @@ -#!/usr/bin/perl -w - -BEGIN { - my $broot = $ENV{'BUILD_ROOT'}; - push @INC, "$broot/usr/lib/build/checks-data"; -} - -use strict; -use RPMQ; - -### BEGIN CONFIG ## - -my %permissions_d_whitelist = map { '/etc/permissions.d/'.$_ => 1 } qw/ -lprng -lprng.paranoid -mail-server -mail-server.paranoid -postfix -postfix.paranoid -sendmail -sendmail.paranoid -squid -texlive -texlive.paranoid -/; - -### END CONFIG ## - -my $ret = 0; -my $needsecteam = 0; - -my $root = $ENV{'BUILD_ROOT'} || die "must set \$BUILD_ROOT"; - -print "... checking for /etc/permissions* violations\n"; - -my %perms; - -my %files = map { s/.*\///; s/\..*//; '/etc/permissions.d/'.$_ => 1 } glob($root.'/etc/permissions.d/*'); -my @files = keys %files; -undef %files; - -unshift @files, qw(/etc/permissions); - -sub readpermfile($) -{ - my $f = shift; - open(FH, '<', $f) or die "$f: $!"; - while(<FH>) { - chomp; - s/#.*//; - next if(/^$/); - - my ($file, $owner, $mode, $garbage) = split(/\s+/); - - $owner =~ s/\./:/; - - $perms{$file}{'owner'} = $owner; - $perms{$file}{'mode'} = oct($mode)&07777; - } - close(FH) -} - -for my $i (@files) -{ - my $f = $root.$i; - readpermfile($f) if (-e $f); - $f .= '.secure'; - readpermfile($f) if(-e $f); -} - -for my $rpm (glob($root."/usr/src/packages/RPMS/*/*")) { - my (@errors, @warnings); - my %r = RPMQ::rpmq_many($rpm, qw/FILENAMES FILEMODES FILEUSERNAME FILEGROUPNAME/); - - my $i = 0; - for my $file (@{$r{'FILENAMES'}}) { - - my $mode = $r{'FILEMODES'}->[$i]; - my $owner = $r{'FILEUSERNAME'}->[$i].':'.$r{'FILEGROUPNAME'}->[$i]; - ++$i; - -# S_IFSOCK 014 socket -# S_IFLNK 012 symbolic link -# S_IFREG 010 regular file -# S_IFBLK 006 block device -# S_IFDIR 004 directory -# S_IFCHR 002 character device -# S_IFIFO 001 FIFO - my $type = ($mode>>12)&017; - - $mode &= 07777; - if(exists($perms{$file}) || ($type == 04 && exists($perms{$file.'/'}))) { - if($type == 012) { - push @warnings, "permissions handling for symlink $file is useless\n"; - next; - } - my ($m, $o); - if($type == 04) { - if(exists($perms{$file})) { - # legacy permissions files may still contain directories - # without slash appended. - push @warnings, "$file is a directory, please append a slash to the filename\n"; - $m = $perms{$file}{'mode'}; - $o = $perms{$file}{'owner'}; - } else { - $m = $perms{$file.'/'}{'mode'}; - $o = $perms{$file.'/'}{'owner'}; - } - } else { - $m = $perms{$file}{'mode'}; - $o = $perms{$file}{'owner'}; - } - - if ($mode != $m) { - push @errors, sprintf("\%s has mode \%o but should be \%o\n", $file, $mode, $m); - } - - if ($owner ne $o) { - push @errors, "$file belongs to $owner but should be $o\n"; - } - } elsif($type != 012) { - if(exists($perms{$file.'/'})) { - push @errors, "$file is a file but listed as directory\n"; - } - - if($mode&06000) { - if($type != 04) { - push @errors, sprintf "\%s is packaged with setuid/setgid bits (\%o)\n", $file, $mode; - $needsecteam = 1; - } else { - push @warnings, sprintf "\%s is packaged with setuid/setgid bits (\%o)\n", $file, $mode; - } - } - - if($mode&02) { - push @errors, sprintf "\%s is packaged with world writable permissions (\%o)\n", $file, $mode; - $needsecteam = 1; - } - } - - if($file =~ /^\/etc\/permissions\.d\// && !exists($permissions_d_whitelist{$file})) { - push @errors, "unauthorized permissions file: $file\n"; - $needsecteam = 1; - } - } - close(FH); - - if(@warnings || @errors) { - $rpm =~ s/.*\/(.*?\/.*?)/$1/; - print ' '.$rpm.":\n"; - } - for my $w (@warnings) { - print ' WARNING: '.$w; - } - for my $e (@errors) { - print ' ERROR: '.$e; - } -} - -if($needsecteam) { - print "\nPlease contact the SUSE Security Team <security\(a)suse.de>\n"; - $ret = 1; -} - -exit $ret; - -# vim: sw=4 diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/post-build-checks-1.0/checks-data/check_gcc_output new/post-build-checks-1.0/checks-data/check_gcc_output --- old/post-build-checks-1.0/checks-data/check_gcc_output 2008-10-14 15:27:32.000000000 +0200 +++ new/post-build-checks-1.0/checks-data/check_gcc_output 2008-10-27 23:52:44.000000000 +0100 @@ -32,6 +32,8 @@ "warning:.*implicit .*'(recv|recvfrom|read|pread|pread64|readlink|getwd|getcwd|fgets|fgets_unlock|strncat|strcat|memmove|memcpy|mempcpy|strpcpy|strcpy|strncpy|printf|sprintf|snprintf|vprintf|vsprintf|vsnprintf|fprintf|vfprintf|gets|memset|bzero|bcopy|strlen|strcmp|wcscpy|wcpcpy|wcsncpy|wcpncpy|wcscat|swprintf|vswprintf|fgetws|wcsrtombs|mbsrtowcs|wcrtomb|wcsnrtombs|ptsname|realpath|wctomb|mbstowcs|ttyname_r|getlogin_r|getgroups|confstr|gethostname|getdomainname|)'" => "implicit-fortify-decl", 'warning:.*memset used with constant zero length parameter' => "memset-with-zero-length", 'warning:.*comparison with string literal' => "stringcompare", + "warning:.*'return' with no value, in function returning non-void" => "voidreturn", + 'warning:.*array subscript is (below|above) array bounds' => "arraysubscript" ); my %warn_desc = ( @@ -66,6 +68,12 @@ " - Implicit *read* functions need #include <unistd.h>.\n" . " - Implicit *recv* functions need #include <sys/socket.h>.\n", "no-rpm-opt-flags" => "File is compiled without RPM_OPT_FLAGS", + + "voidreturn" => "A function uses a 'return;' statement, but has actually a value\n" . + "to return, like an integer ('return 42;') or similar.\n", + "arraysubscript" => "A function overflows or underflows an array access. This could be a real error,\n" . + "but occasionaly this condition is also misdetected due to loop unrolling or strange pointer\n" . + "handling. So this is warning only, please review.\n" ); my %warn_severity = ( @@ -86,6 +94,8 @@ "bufferoverflowstrncat" => 'E', "stringcompare" => 'E', "uninitialized-variable" => 'W', + "voidreturn" => "W", + "arraysubscript" => "W", ); #---------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit glibc
by root＠Hilbert.suse.de 01 Nov '08

01 Nov '08

Hello community, here is the log from the commit of package glibc checked in at Sat Nov 1 23:14:37 CET 2008. -------- --- glibc/glibc.changes 2008-10-23 22:20:44.000000000 +0200 +++ /mounts/work_src_done/STABLE/glibc/glibc.changes 2008-10-31 19:51:32.000000000 +0100 @@ -1,0 +2,15 @@ +Fri Oct 31 19:51:08 CET 2008 - matz(a)suse.de + +- Fix atomics on s390/s390x, leading to failures in pthread mutexes. + +------------------------------------------------------------------- +Tue Oct 28 18:08:32 CET 2008 - schwab(a)suse.de + +- Restore alignment patch. + +------------------------------------------------------------------- +Tue Oct 28 09:45:22 CET 2008 - olh(a)suse.de + +- symlink power5/power5+ to power4 on ppc32 + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- glibc-fix-s390-atomics.diff res_send.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ glibc.spec ++++++ --- /var/tmp/diff_new_pack.HC2506/_old 2008-11-01 23:14:15.000000000 +0100 +++ /var/tmp/diff_new_pack.HC2506/_new 2008-11-01 23:14:15.000000000 +0100 @@ -37,7 +37,12 @@ %define powerpc_optimize_base_cpu_power4 1 %define powerpc_optimize_cpu_power4 0 %endif +%ifarch ppc +%define powerpc_optimize_cpu_power5 1 +%else %define powerpc_optimize_cpu_power5 0 +%endif +%define powerpc_optimize_cpu_power5_compile 0 %define powerpc_optimize_cpu_power6 1 %define powerpc_optimize_cpu_power7 0 %define powerpc_optimize_cpu_cell 1 @@ -64,7 +69,7 @@ Provides: rtld(GNU_HASH) AutoReqProv: on Version: 2.8.90 -Release: 16 +Release: 17 %define snapshot_date 2008101314 Url: http://www.gnu.org/software/libc/libc.html PreReq: filesystem @@ -126,6 +131,8 @@ Patch62: glibc-getgroups-fortify.diff Patch63: missing-include-build-fix.diff Patch64: glibc-no-unwind-tables.diff +Patch65: res_send.diff +Patch66: glibc-fix-s390-atomics.diff %description The GNU C Library provides the most important standard libraries used @@ -325,6 +332,8 @@ %patch62 -p1 %patch63 %patch64 +%patch65 +%patch66 # # Inconsistency detected by ld.so: dl-close.c: 719: _dl_close: Assertion `map->l_init_called' failed! # @@ -447,8 +456,10 @@ power4 \ %endif %if %{powerpc_optimize_cpu_power5} +%if %{powerpc_optimize_cpu_power5_compile} power5 \ %endif +%endif %if %{powerpc_optimize_cpu_power6} power6 \ %endif @@ -538,8 +549,10 @@ power4 \ %endif %if %{powerpc_optimize_cpu_power5} +%if %{powerpc_optimize_cpu_power5_compile} power5 \ %endif +%endif %if %{powerpc_optimize_cpu_power6} power6 \ %endif @@ -576,6 +589,8 @@ %if %{powerpc_optimize_cpu_power5} # power5+ is compatible with power5 (adds only a few floating point instructions) # doing a symlink doesnt work, ldconfig follows them and accepts only the first real dir +# symlink to power4 directory, which is built only on ppc32 +%if %{powerpc_optimize_cpu_power5_compile} if test -d $RPM_BUILD_ROOT/%{_lib}/power5 then mkdir -p $RPM_BUILD_ROOT/%{_lib}/power5+ @@ -586,6 +601,22 @@ done $my_ldconfig -n $RPM_BUILD_ROOT/%{_lib}/power5+/ fi +%else +if test -d $RPM_BUILD_ROOT/%{_lib}/power4 +then + mkdir -p $RPM_BUILD_ROOT/%{_lib}/power5 + mkdir -p $RPM_BUILD_ROOT/%{_lib}/power5+ + for i in $RPM_BUILD_ROOT/%{_lib}/power4/*.so ; do + b=`basename $i` + ln -vs ../power4/$b \ + $RPM_BUILD_ROOT/%{_lib}/power5/$b + ln -vs ../power4/$b \ + $RPM_BUILD_ROOT/%{_lib}/power5+/$b + done + $my_ldconfig -n $RPM_BUILD_ROOT/%{_lib}/power5/ + $my_ldconfig -n $RPM_BUILD_ROOT/%{_lib}/power5+/ +fi +%endif %endif %if %{powerpc_optimize_cpu_power6} # power6 is compatible with power6x @@ -1068,7 +1099,13 @@ %{_libdir}/libdl_p.a %changelog -* Fri Oct 24 2008 ro(a)suse.de +* Fri Oct 31 2008 matz(a)suse.de +- Fix atomics on s390/s390x, leading to failures in pthread mutexes. +* Tue Oct 28 2008 schwab(a)suse.de +- Restore alignment patch. +* Tue Oct 28 2008 olh(a)suse.de +- symlink power5/power5+ to power4 on ppc32 +* Thu Oct 23 2008 ro(a)suse.de - only do obsoletes for XXbit packages on ppc, not on x86 * Thu Oct 23 2008 matz(a)suse.de - Deactivate unwind tables for initfini.c. @@ -1203,7 +1240,7 @@ * Fri Aug 31 2007 aj(a)suse.de - Add /usr/share/locale-bundle/ as fallback directory for usage with bundle-lang packages (see bug #302270). -* Wed Aug 22 2007 pbaudis(a)suse.cz +* Tue Aug 21 2007 pbaudis(a)suse.cz - Reintroduce errorneously omitted AMD64 optimizations (and fix them to compile again) * Thu Aug 16 2007 aj(a)suse.de @@ -1272,7 +1309,7 @@ * Thu Nov 16 2006 pbaudis(a)suse.cz - Disable power6 optimization for 10.2, not all pieces are there [#219962] -* Thu Oct 26 2006 pbaudis(a)suse.cz +* Wed Oct 25 2006 pbaudis(a)suse.cz - Change ld.so madvise() call to posix_fadvise() - Fix mallopt(M_MXFAST,0) behaviour [#198760] - Update the powerpc cpu-tuned environment to v0.04 [#215117] @@ -1290,7 +1327,7 @@ - Fix 2.4.90-nscd patch wrt. new gcc * Mon Oct 02 2006 aj(a)suse.de - Fix warnings in testsuite (patch from CVS). -* Sat Sep 30 2006 pbaudis(a)suse.cz +* Fri Sep 29 2006 pbaudis(a)suse.cz - Update to 2.5 CVS - official release (only minimal changes in CVS since the last update) - Fix a thinko in the -Bdirect patch @@ -1318,7 +1355,7 @@ - Update to current CVS * Thu Sep 21 2006 pbaudis(a)suse.cz - Fix cut'n'paste error in a last-minute change -* Thu Sep 21 2006 pbaudis(a)suse.cz +* Wed Sep 20 2006 pbaudis(a)suse.cz - Update to current CVS - Fix powerpc-cpu tarball extension - Move crypt-blowfish to a patch so that quilt works on the tree @@ -1372,7 +1409,7 @@ - S390 fix for startupcode. Part of it was not PIC. * Fri Apr 07 2006 kukuk(a)suse.de - Don't hardcode syscall numbers at our own -* Wed Apr 05 2006 schwab(a)suse.de +* Tue Apr 04 2006 schwab(a)suse.de - Fix readlink declaration. * Mon Apr 03 2006 kukuk(a)suse.de - Update from CVS: @@ -1407,7 +1444,7 @@ - Update to current CVS (nptl/ia64 fix) * Thu Mar 09 2006 kukuk(a)suse.de - Fix linux/input.h for userspace inclusion -* Thu Mar 09 2006 kukuk(a)suse.de +* Wed Mar 08 2006 kukuk(a)suse.de - Update kernel headers to 2.6.16-rc5 * Mon Mar 06 2006 kukuk(a)suse.de - Update to 2.4 CVS @@ -1473,11 +1510,11 @@ - Readd <fmtmsg.h>, <ucontext.h>, <sys/ucontext.h>. * Sun Jan 15 2006 schwab(a)suse.de - Readd <alloca.h>. -* Sun Jan 15 2006 kukuk(a)suse.de +* Sat Jan 14 2006 kukuk(a)suse.de - Update to current CVS (long double support) * Fri Jan 13 2006 aj(a)suse.de - Fix x86-64 w_exp to not use extra plt. -* Fri Jan 13 2006 kukuk(a)suse.de +* Thu Jan 12 2006 kukuk(a)suse.de - Fix asm-s390/setup.h for userspace inclusion - nsswitch.conf: Add nis to netgroup and automount entry - Fix sys/procfs.h for ppc64 @@ -1659,7 +1696,7 @@ - Update to current CVS snapshot * Wed Apr 06 2005 schwab(a)suse.de - Cleanup neededforbuild. -* Wed Apr 06 2005 aj(a)suse.de +* Tue Apr 05 2005 aj(a)suse.de - Add gettext-devel to neededforbuild. * Tue Apr 05 2005 aj(a)suse.de - Do not build on xen machines. @@ -1738,7 +1775,7 @@ - Merge kernel-headers.remove-SO_BSDCOMPAT.diff with kernel-headers.SuSE.diff - Revert nscd paths on old SuSE Linux distributions -* Thu Dec 30 2004 kukuk(a)suse.de +* Wed Dec 29 2004 kukuk(a)suse.de - Update to glibc 2.3.90 CVS branch - Remove alarm-round.patch (merged upstream) * Thu Dec 09 2004 kukuk(a)suse.de @@ -2307,7 +2344,7 @@ - Update to nptl 0.39 - Add URL tag - asm-i386/byteorder.h: fix asm vs. __asm__ -* Thu May 15 2003 schwab(a)suse.de +* Wed May 14 2003 schwab(a)suse.de - Fix missing syscall numbers on ia64. * Wed May 14 2003 kukuk(a)suse.de - More kernel headers fixes for i386, ia64, ppc and s390 @@ -2408,7 +2445,7 @@ * Mon Feb 03 2003 meissner(a)suse.de - Merged a unistd.h gcc3.3 compliance patch from Franz Sirl for ppc and ppc64 kernel headers. -* Sat Feb 01 2003 schwab(a)suse.de +* Fri Jan 31 2003 schwab(a)suse.de - Fix building on s390[x]. * Fri Jan 31 2003 kukuk(a)suse.de - Update to current glibc cvs @@ -2421,7 +2458,7 @@ * Thu Jan 23 2003 schwab(a)suse.de - Fix use of DT_FINI_ARRAY. - Temporarily disable tst-aio7 test on ia64. -* Wed Jan 15 2003 schwab(a)suse.de +* Tue Jan 14 2003 schwab(a)suse.de - Fix ia64 for non-tls build. * Tue Jan 14 2003 aj(a)suse.de - Package libpthread_nonshared.a. @@ -2449,7 +2486,7 @@ dont run configure in subshell, it can fail and rpm cant catch it * Fri Dec 13 2002 schwab(a)suse.de - Add more ia64 syscalls. -* Sat Dec 07 2002 olh(a)suse.de +* Fri Dec 06 2002 olh(a)suse.de - build also the locals parallel do not fail with parallel calculation on lowmem systems * Tue Dec 03 2002 aj(a)suse.de @@ -2737,7 +2774,7 @@ * Thu Feb 07 2002 kukuk(a)suse.de - Add fix for glob (glob should not call globfree) - Add fix for innetgr -* Thu Feb 07 2002 kukuk(a)suse.de +* Wed Feb 06 2002 kukuk(a)suse.de - Use correct BuildRoot * Wed Feb 06 2002 kukuk(a)suse.de - Update hu.po @@ -2782,7 +2819,7 @@ - Clear pointer if asprintf fails - pthread_key_delete should not contact thread manager before it is created. -* Wed Dec 12 2001 kukuk(a)suse.de +* Tue Dec 11 2001 kukuk(a)suse.de - Fix prelink patch * Tue Dec 11 2001 kukuk(a)suse.de - Add fixes for LSB.os test suite (ftw, grantpt and ftok) @@ -2815,7 +2852,7 @@ - Update kernel-headers to 2.4.14 * Thu Nov 01 2001 kukuk(a)suse.de - Use again old rules to generate html files -* Mon Oct 22 2001 schwab(a)suse.de +* Sun Oct 21 2001 schwab(a)suse.de - Fix inttypes.h for C++. * Fri Oct 19 2001 aj(a)suse.de - Fix typo in inttypes.h that presents compilation by non-GCC compilers. @@ -3021,7 +3058,7 @@ * Mon Nov 20 2000 schwab(a)suse.de - Remove use of getpagesize syscall on ia64. - Follow DT_INIT/DT_FINI change in compiler. -* Mon Nov 20 2000 kukuk(a)suse.de +* Sun Nov 19 2000 kukuk(a)suse.de - Minor specfile fixes * Thu Nov 16 2000 kukuk(a)suse.de - Add lot of more bug fixes @@ -3110,7 +3147,7 @@ - Update ia64 patch * Fri May 26 2000 kukuk(a)suse.de - Fix (f)truncate64 and xdr_uint8_t -* Thu May 25 2000 kukuk(a)suse.de +* Wed May 24 2000 kukuk(a)suse.de - Fix ldconfig.8 manual page * Thu May 18 2000 bk(a)suse.de - added s390 dlopen fix @@ -3122,7 +3159,7 @@ - Update ia64 patches. * Fri May 12 2000 kukuk(a)suse.de - Don't apply LFS patch -* Wed May 10 2000 kukuk(a)suse.de +* Tue May 09 2000 kukuk(a)suse.de - Add LFS patches * Mon May 08 2000 kukuk(a)suse.de - Add lot of bug fixes from CVS @@ -3230,7 +3267,7 @@ - Add linuxthreads/signals.c fix from Andreas Schwab - Remove dangling symlink (Bug #544) - Add more bug fixes -* Sat Oct 09 1999 kukuk(a)suse.de +* Fri Oct 08 1999 kukuk(a)suse.de - Add timezone update * Fri Oct 08 1999 kukuk(a)suse.de - Add NIS+ shadow parser fix ++++++ glibc-fix-s390-atomics.diff ++++++ Index: sysdeps/s390/bits/atomic.h =================================================================== --- sysdeps/s390/bits/atomic.h.orig +++ sysdeps/s390/bits/atomic.h @@ -56,7 +56,7 @@ typedef uintmax_t uatomic_max_t; __typeof (*mem) __archold = (oldval); \ __asm __volatile ("cs %0,%2,%1" \ : "+d" (__archold), "=Q" (*__archmem) \ - : "d" (newval), "m" (*__archmem) : "cc" ); \ + : "d" (newval), "m" (*__archmem) : "cc", "memory" ); \ __archold; }) #ifdef __s390x__ @@ -65,7 +65,7 @@ typedef uintmax_t uatomic_max_t; __typeof (*mem) __archold = (oldval); \ __asm __volatile ("csg %0,%2,%1" \ : "+d" (__archold), "=Q" (*__archmem) \ - : "d" ((long) (newval)), "m" (*__archmem) : "cc" ); \ + : "d" ((long) (newval)), "m" (*__archmem) : "cc", "memory" ); \ __archold; }) #else /* For 31 bit we do not really need 64-bit compare-and-exchange. We can ++++++ res_send.diff ++++++ --- resolv/res_send.c +++ resolv/res_send.c @@ -784,7 +784,7 @@ send_vc(res_state statp, #else int aligned_resplen = ((resplen + __alignof__ (HEADER) - 1) - & (__alignof__ (HEADER) - 1)); + & ~(__alignof__ (HEADER) - 1)); *anssizp2 = orig_anssizp - aligned_resplen; *ansp2 = *ansp + aligned_resplen; #endif @@ -1058,8 +1058,16 @@ send_dg(res_state statp, /* No buffer allocated for the first reply. We can try to use the rest of the user-provided buffer. */ +#ifdef _STRING_ARCH_unaligned *anssizp2 = orig_anssizp - resplen; *ansp2 = *ansp + resplen; +#else + int aligned_resplen + = ((resplen + __alignof__ (HEADER) - 1) + & ~(__alignof__ (HEADER) - 1)); + *anssizp2 = orig_anssizp - aligned_resplen; + *ansp2 = *ansp + aligned_resplen; +#endif } else { /* The first reply did not fit into the user-provided buffer. Maybe the second ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit rpmlint-Factory
by root＠Hilbert.suse.de 01 Nov '08

01 Nov '08

Hello community, here is the log from the commit of package rpmlint-Factory checked in at Sat Nov 1 23:14:32 CET 2008. -------- --- rpmlint-Factory/rpmlint-Factory.changes 2008-06-28 12:48:36.000000000 +0200 +++ /mounts/work_src_done/STABLE/rpmlint-Factory/rpmlint-Factory.changes 2008-10-28 15:15:32.000000000 +0100 @@ -1,0 +2,5 @@ +Tue Oct 28 15:15:24 CET 2008 - lnussel(a)suse.de + +- make permissions violations fatal + +------------------------------------------------------------------- calling whatdependson for head-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rpmlint-Factory.spec ++++++ --- /var/tmp/diff_new_pack.iW2976/_old 2008-11-01 23:14:17.000000000 +0100 +++ /var/tmp/diff_new_pack.iW2976/_new 2008-11-01 23:14:17.000000000 +0100 @@ -2,9 +2,16 @@ # spec file for package rpmlint-Factory (Version 1.0) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -15,7 +22,7 @@ Requires: rpmlint-mini Summary: Rpm correctness checker - Factory configuration Version: 1.0 -Release: 18 +Release: 43 Url: http://rpmlint.zarb.org/ License: GPL v2 or later Group: System/Packages @@ -52,6 +59,8 @@ /etc/rpmlint/factory.config %changelog +* Tue Oct 28 2008 lnussel(a)suse.de +- make permissions violations fatal * Sat Jun 28 2008 dmueller(a)suse.de - remove badness for defattr again - check is unrepairable broken * Sat Jun 28 2008 dmueller(a)suse.de ++++++ config ++++++ --- /var/tmp/diff_new_pack.iW2976/_old 2008-11-01 23:14:17.000000000 +0100 +++ /var/tmp/diff_new_pack.iW2976/_new 2008-11-01 23:14:17.000000000 +0100 @@ -65,3 +65,9 @@ setBadness('libtool-wrapper-in-package', 10000) setBadness('invalid-filepath-dependency', 10000) setBadness('suse-policy-kmp-missing-supplements', 10000) + +setBadness('polkit-unauthorized-file', 10000) +setBadness('polkit-unauthorized-privilege', 10000) +setBadness('permissions-unauthorized-file', 10000) +setBadness('permissions-setuid-bit', 10000) +setBadness('permissions-world-writable', 10000) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit rpmlint
by root＠Hilbert.suse.de 01 Nov '08

01 Nov '08

Hello community, here is the log from the commit of package rpmlint checked in at Sat Nov 1 23:14:08 CET 2008. -------- --- rpmlint/rpmlint.changes 2008-09-04 02:43:43.000000000 +0200 +++ /mounts/work_src_done/STABLE/rpmlint/rpmlint.changes 2008-10-28 10:00:29.000000000 +0100 @@ -1,0 +2,5 @@ +Tue Oct 28 10:00:09 CET 2008 - lnussel(a)suse.de + +- add check for /etc/permissions violations + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- CheckSUIDPermissions.py ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rpmlint.spec ++++++ --- /var/tmp/diff_new_pack.d32349/_old 2008-11-01 23:13:55.000000000 +0100 +++ /var/tmp/diff_new_pack.d32349/_new 2008-11-01 23:13:55.000000000 +0100 @@ -22,7 +22,7 @@ BuildRequires: rpm-python Summary: Rpm correctness checker Version: 0.83 -Release: 40 +Release: 42 Source0: %{name}-%{version}.tar.bz2 Source1: config Source1001: config.in @@ -38,6 +38,7 @@ Source11: BrandingPolicyCheck.py Source12: CheckKDE4Deps.py Source13: KMPPolicyCheck.py +Source14: CheckSUIDPermissions.py Source100: syntax-validator.py Url: http://rpmlint.zarb.org/ License: GPL v2 or later @@ -190,6 +191,7 @@ cp -p %{SOURCE11} . cp -p %{SOURCE12} . cp -p %{SOURCE13} . +cp -p %{SOURCE14} . %build make @@ -216,6 +218,8 @@ /usr/share/man/man1/rpmlint.1.gz %changelog +* Tue Oct 28 2008 lnussel(a)suse.de +- add check for /etc/permissions violations * Wed Sep 03 2008 dmueller(a)suse.de - add description for useless-explicit-requires (bnc#405887) * Thu Aug 21 2008 dmueller(a)suse.de @@ -250,7 +254,7 @@ - add a warning for self-conflicts * Thu Jun 05 2008 dmueller(a)suse.de - fix naming policy check for lib64 based archs (bnc#392524) -* Wed May 14 2008 dmueller(a)suse.de +* Tue May 13 2008 dmueller(a)suse.de - fix typo in kde4 deps check * Mon May 05 2008 dmueller(a)suse.de - fix typo in branding policy check @@ -467,7 +471,7 @@ - make the buildroot check work - make the buildroot check factor 10-15 faster - fix the pkgconfig check -* Sat Jun 09 2007 dmueller(a)suse.de +* Fri Jun 08 2007 dmueller(a)suse.de - fix warning-hide hack (#279865) - description update * Fri Jun 08 2007 dmueller(a)suse.de ++++++ CheckSUIDPermissions.py ++++++ # vim:sw=4:et ############################################################################# # File : CheckSUIDPermissions.py # Package : rpmlint # Author : Ludwig Nussel # Purpose : Check for /etc/permissions violations ############################################################################# from Filter import * import AbstractCheck import re import os import string _permissions_d_whitelist = ( "lprng", "lprng.paranoid", "mail-server", "mail-server.paranoid", "postfix", "postfix.paranoid", "sendmail", "sendmail.paranoid", "squid", "texlive", "texlive.paranoid", ) class SUIDCheck(AbstractCheck.AbstractCheck): def __init__(self): AbstractCheck.AbstractCheck.__init__(self, "CheckSUIDPermissions") self.perms = {} files = [ "/etc/permissions", "/etc/permissions.secure" ] for file in files: if os.path.exists(file): self._parsefile(file) def _parsefile(self,file): for line in open(file): line = line.split('#')[0].split('\n')[0] if len(line): line = re.split(r'\s+', line) fn = line[0] owner = line[1].replace('.', ':') mode = line[2] self.perms[fn] = { "owner" : owner, "mode" : int(mode,8)&07777} def check(self, pkg): global _permissions_d_whitelist if pkg.isSource(): return files = pkg.files() permfiles = {} # first pass, find and parse permissions.d files for f in files: if f in pkg.ghostFiles(): continue if f.startswith("/etc/permissions.d/"): bn = f[19:] if not bn in _permissions_d_whitelist: printError(pkg, "permissions-unauthorized-file", f) bn = bn.split('.')[0] if not bn in permfiles: permfiles[bn] = 1 for f in permfiles: f = pkg.dirName() + "/etc/permissions.d/" + f if os.path.exists(f+".secure"): self._parsefile(f + ".secure") else: self._parsefile(f) # second pass, find permissions violations for f in files: if f in pkg.ghostFiles(): continue enreg = files[f] mode = enreg[0] owner = enreg[1]+':'+enreg[2] links = enreg[3] size = enreg[4] md5 = enreg[5] rdev = enreg[7] # S_IFSOCK 014 socket # S_IFLNK 012 symbolic link # S_IFREG 010 regular file # S_IFBLK 006 block device # S_IFDIR 004 directory # S_IFCHR 002 character device # S_IFIFO 001 FIFO type = (mode>>12)&017; mode &= 07777 if f in self.perms or (type == 04 and f+"/" in self.perms): if type == 012: printWarning(pkg, "permissions-symlink", f) continue m = 0 o = "invalid" if type == 04: if f in self.perms: printWarning(pkg, 'dir-without-slash', f) else: f += '/' m = self.perms[f]['mode'] o = self.perms[f]['owner'] if mode != m: printError(pkg, 'permissions-incorrect', '%(file)s has mode 0%(mode)o but should be 0%(m)o' % \ { 'file':f, 'mode':mode, 'm':m }) if owner != o: printError(pkg, 'permissions-incorrect-owner', '%(file)s belongs to %(owner)s but should be %(o)s' % \ { 'file':f, 'owner':owner, 'o':o }) elif type != 012: if f+'/' in self.perms: printWarning(pkg, 'permissions-file-as-dir', f+' is a file but listed as directory') if mode&06000: msg = '%(file)s is packaged with setuid/setgid bits (0%(mode)o)' % { 'file':f, 'mode':mode } if type != 04: printError(pkg, 'permissions-setuid-bit', msg) else: printWarning(pkg, 'permissions-setuid-bit', msg) if mode&02: printError(pkg, 'permissions-world-writable', \ '%(file)s is packaged with world writable permissions (0%(mode)o)' % \ { 'file':f, 'mode':mode }) check=SUIDCheck() if Config.info: addDetails( 'permissions-unauthorized-file', """Please remove the unauthorized files or contact security(a)suse.de for review.""", 'permissions-symlink', """permissions handling for symlinks is useless. Please contact security(a)suse.de to remove the entry.""", 'permissions-dir-without-slash', """the entry in the permissions file refers to a directory. Please contact security(a)suse.de to append a slash to the entry in order to avoid security problems.""", 'permissions-file-as-dir', """the entry in the permissions file refers to a directory but the package actually contains a file. Please contact security(a)suse.de to remove the slash.""", 'permissions-incorrect', """please use the %attr macro to set the correct permissions.""", 'permissions-incorrect-owner', """please use the %attr macro to set the correct ownership.""", 'permissions-setuid-bit', """Please remove the setuid/setgid bits or contact security(a)suse.de for review.""", 'permissions-world-writable', """Please remove the world writable permissions or contact security(a)suse.de for review.""" ) ++++++ config ++++++ --- /var/tmp/diff_new_pack.d32349/_old 2008-11-01 23:13:55.000000000 +0100 +++ /var/tmp/diff_new_pack.d32349/_new 2008-11-01 23:13:55.000000000 +0100 @@ -25,6 +25,7 @@ addCheck("CheckIconSizes") #addCheck("CheckStaticLibraries") addCheck("BrandingPolicyCheck") +addCheck("CheckSUIDPermissions") addCheck("CheckKDE4Deps") addCheck("KMPPolicyCheck") ++++++ config.in ++++++ --- /var/tmp/diff_new_pack.d32349/_old 2008-11-01 23:13:55.000000000 +0100 +++ /var/tmp/diff_new_pack.d32349/_new 2008-11-01 23:13:55.000000000 +0100 @@ -25,6 +25,7 @@ addCheck("CheckIconSizes") #addCheck("CheckStaticLibraries") addCheck("BrandingPolicyCheck") +addCheck("CheckSUIDPermissions") # stuff autobuild takes care about addFilter(".*invalid-version.*") ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0