August 2008 - openSUSE Commits - openSUSE Mailing Lists

commit proguard
by root＠Hilbert.suse.de 29 Aug '08

29 Aug '08

Hello community, here is the log from the commit of package proguard checked in at Sat Aug 30 01:30:03 CEST 2008. -------- --- proguard/proguard.changes 2008-08-11 15:59:20.000000000 +0200 +++ proguard/proguard.changes 2008-08-29 15:00:31.000000000 +0200 @@ -1,0 +2,5 @@ +Fri Aug 29 15:00:21 CEST 2008 - mvyskocil(a)suse.cz + +- target=1.5 source=1.5 + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ proguard.spec ++++++ --- /var/tmp/diff_new_pack.A29980/_old 2008-08-30 01:28:46.000000000 +0200 +++ /var/tmp/diff_new_pack.A29980/_new 2008-08-30 01:28:46.000000000 +0200 @@ -22,7 +22,7 @@ Summary: Java class file shrinker, optimizer, obfuscator, and preverifier License: GPL v2 only Version: 4.2 -Release: 2 +Release: 9 Url: http://proguard.sourceforge.net/ Group: Development/Languages/Java Source0: %{name}%{version}.tar.bz2 @@ -200,18 +200,18 @@ mkdir dist #proguard.jar mkdir -p build/proguard/classes -javac -sourcepath src -d build/proguard/classes src/proguard/ProGuard.java -javac -sourcepath src -classpath $(build-classpath ant) \ +javac -source 1.5 -target 1.5 -sourcepath src -d build/proguard/classes src/proguard/ProGuard.java +javac -source 1.5 -target 1.5 -sourcepath src -classpath $(build-classpath ant) \ -d build/proguard/classes src/proguard/ant/ProGuardTask.java cp src/proguard/ant/task.properties build/proguard/classes/proguard/ant/ jar -cf dist/%{name}-%{version}.jar -C build/proguard/classes proguard #proguardgui.jar mkdir -p build/proguardgui/classes -javac -sourcepath src -d build/proguardgui/classes src/proguard/gui/ProGuardGUI.java +javac -source 1.5 -target 1.5 -sourcepath src -d build/proguardgui/classes src/proguard/gui/ProGuardGUI.java jar -cf dist/%{name}gui-%{version}.jar -C build/proguardgui/classes proguard #retrace.jar mkdir -p build/retrace/classes -javac -sourcepath src -d build/retrace/classes src/proguard/retrace/ReTrace.java +javac -source 1.5 -target 1.5 -sourcepath src -d build/retrace/classes src/proguard/retrace/ReTrace.java jar -cf dist/retrace-%{version}.jar -C build/retrace/classes proguard #proguard-ant.jar #mkdir -p build/ant/classes @@ -219,7 +219,6 @@ #javadoc mkdir javadoc javadoc -d javadoc -sourcepath src -classpath $(build-classpath ant) -subpackages proguard -#exit 42 %install #jars @@ -266,5 +265,7 @@ #%{_javadir}/%{name}-ant-%{version}.jar %changelog +* Fri Aug 29 2008 mvyskocil(a)suse.cz +- target=1.5 source=1.5 * Mon Aug 11 2008 mvyskocil(a)suse.cz - Initial packaging in SUSE version 4.2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit pptpd
by root＠Hilbert.suse.de 29 Aug '08

29 Aug '08

Hello community, here is the log from the commit of package pptpd checked in at Sat Aug 30 01:28:36 CEST 2008. -------- --- pptpd/pptpd.changes 2008-08-02 01:25:03.000000000 +0200 +++ pptpd/pptpd.changes 2008-08-28 23:25:51.564539000 +0200 @@ -1,0 +2,5 @@ +Thu Aug 28 23:23:26 CEST 2008 - cthiel(a)suse.de + +- fix init script + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pptpd.spec ++++++ --- /var/tmp/diff_new_pack.Y24977/_old 2008-08-30 01:25:17.000000000 +0200 +++ /var/tmp/diff_new_pack.Y24977/_new 2008-08-30 01:25:17.000000000 +0200 @@ -2,9 +2,16 @@ # spec file for package pptpd (Version 1.3.4) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -15,7 +22,7 @@ License: GPL v2 or later Group: Productivity/Networking/PPP Version: 1.3.4 -Release: 85 +Release: 92 Url: http://www.poptop.org/ Summary: PoPToP - PPTP Daemon, Linux as Microsoft VPN Server Source: http://poptop.lineo.com/releases/pptpd-%{version}.tar.bz2 @@ -103,6 +110,8 @@ /etc/init.d/pptpd %changelog +* Fri Aug 29 2008 cthiel(a)suse.de +- fix init script * Sat Aug 02 2008 crrodriguez(a)suse.de - pptpd is useless without ppp [BNC#414103] * Sat Jul 05 2008 crrodriguez(a)suse.de ++++++ rcpptpd ++++++ --- pptpd/rcpptpd 2008-02-21 22:47:59.000000000 +0100 +++ pptpd/rcpptpd 2008-08-28 23:25:43.652188000 +0200 @@ -9,7 +9,7 @@ ### BEGIN INIT INFO # Provides: pptpd # Required-Start: $remote_fs $network -# Required-Stop: +# Required-Stop: $remote_fs $network # Default-Start: 3 5 # Default-Stop: # Description: start pptp daemon ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit postgresql
by root＠Hilbert.suse.de 29 Aug '08

29 Aug '08

Hello community, here is the log from the commit of package postgresql checked in at Sat Aug 30 01:24:41 CEST 2008. -------- --- postgresql/postgresql.changes 2008-05-19 18:32:07.000000000 +0200 +++ postgresql/postgresql.changes 2008-08-28 23:26:27.078114000 +0200 @@ -1,0 +2,5 @@ +Thu Aug 28 23:23:58 CEST 2008 - cthiel(a)suse.de + +- fix init script + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postgresql-pl.spec ++++++ --- /var/tmp/diff_new_pack.k20372/_old 2008-08-30 01:23:03.000000000 +0200 +++ /var/tmp/diff_new_pack.k20372/_new 2008-08-30 01:23:03.000000000 +0200 @@ -2,9 +2,16 @@ # spec file for package postgresql-pl (Version 8.3.1) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -17,7 +24,7 @@ BuildRequires: python-devel tcl-devel Summary: The PL/Tcl, PL/Perl, and PL/Python Procedural Languages for PostgreSQL Version: 8.3.1 -Release: 4 +Release: 6 %define pg_minor_version %(echo %version | cut -f1-2 -d.) License: BSD 3-Clause Group: Productivity/Databases/Servers ++++++ postgresql.spec ++++++ --- /var/tmp/diff_new_pack.k20372/_old 2008-08-30 01:23:03.000000000 +0200 +++ /var/tmp/diff_new_pack.k20372/_new 2008-08-30 01:23:03.000000000 +0200 @@ -2,9 +2,16 @@ # spec file for package postgresql (Version 8.3.1) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -16,7 +23,7 @@ BuildRequires: ncurses-devel Summary: Basic Clients and Utilities for PostgreSQL Version: 8.3.1 -Release: 11 +Release: 35 %define pg_minor_version %(echo %version | cut -f1-2 -d.) License: BSD 3-Clause Group: Productivity/Databases/Tools @@ -292,15 +299,15 @@ %postun libs -p /sbin/ldconfig %post server -%{?fillup_and_insserv:%fillup_and_insserv -s postgresql START_POSTGRES} +%fillup_and_insserv %postun server -%{?restart_on_update:%restart_on_update postgresql} -%{?insserv_cleanup:%insserv_cleanup} +%restart_on_update postgresql +%insserv_cleanup exit 0 %preun server -%{?stop_on_removal:%stop_on_removal postgresql} +%stop_on_removal postgresql exit 0 %pre server @@ -446,6 +453,8 @@ %doc %_mandir/man1/pg_config.1* %changelog +* Fri Aug 29 2008 cthiel(a)suse.de +- fix init script * Mon May 19 2008 schwab(a)suse.de - Fix broken configure check. * Fri May 09 2008 aj(a)suse.de ++++++ postgresql-init ++++++ --- postgresql/postgresql-init 2008-04-18 10:40:28.000000000 +0200 +++ postgresql/postgresql-init 2008-08-28 23:26:12.277458000 +0200 @@ -30,7 +30,7 @@ ### BEGIN INIT INFO # Provides: postgresql # Required-Start: $network $remote_fs -# Required-Stop: +# Required-Stop: $network $remote_fs # Default-Start: 3 5 # Default-Stop: # Description: Start the PostgreSQL master daemon ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit poppler
by root＠Hilbert.suse.de 29 Aug '08

29 Aug '08

Hello community, here is the log from the commit of package poppler checked in at Sat Aug 30 01:22:04 CEST 2008. -------- --- GNOME/poppler/poppler.changes 2008-08-14 17:42:32.000000000 +0200 +++ poppler/poppler.changes 2008-08-29 02:17:23.439817000 +0200 @@ -10,0 +11,5 @@ +Thu Jul 31 13:20:29 CEST 2008 - dmueller(a)suse.de + +- don't do poppler-devel rename for older distros + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ poppler.spec ++++++ --- /var/tmp/diff_new_pack.j18467/_old 2008-08-30 01:21:36.000000000 +0200 +++ /var/tmp/diff_new_pack.j18467/_new 2008-08-30 01:21:36.000000000 +0200 @@ -20,7 +20,7 @@ Name: poppler BuildRequires: gtk-doc gtk2-devel libdrm-devel libjpeg-devel libqt4-devel libxml2-devel qt-devel qt3-devel update-desktop-files zlib-devel Version: 0.8.5 -Release: 1 +Release: 2 # Actual version of poppler-data: %define poppler_data_version 0.2.0 # WARNING: After changing versions please call Re or rpmbuild to auto-update spec file: @@ -289,9 +289,11 @@ Group: Development/Libraries/C and C++ Summary: PDF rendering library Requires: libpoppler3 = %{version} cairo-devel libjpeg-devel libstdc++-devel +%if %suse_version > 1030 # Last appeared in OpenSUSE 10.3: Provides: poppler-devel = %{version} Obsoletes: poppler-devel <= %{version} +%endif %description -n libpoppler-devel Poppler is a fork of the xpdf PDF viewer developed by Derek Noonburg of @@ -596,6 +598,8 @@ * Do not limit CharCodeToUnicodeString to 8 characters * crash, bug and leak fixes * pdftohtml improvements +* Thu Jul 31 2008 dmueller(a)suse.de +- don't do poppler-devel rename for older distros * Wed Jul 02 2008 maw(a)suse.de - Add poppler-pagewidgets-null.patch (bnc#404955 and CVE-2008-2950). ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit PolicyKit-gnome
by root＠Hilbert.suse.de 29 Aug '08

29 Aug '08

Hello community, here is the log from the commit of package PolicyKit-gnome checked in at Sat Aug 30 01:21:26 CEST 2008. -------- --- GNOME/PolicyKit-gnome/PolicyKit-gnome.changes 2008-05-13 19:12:27.000000000 +0200 +++ PolicyKit-gnome/PolicyKit-gnome.changes 2008-08-29 21:06:04.000000000 +0200 @@ -1,0 +2,14 @@ +Fri Aug 29 19:12:18 CEST 2008 - jpr(a)suse.de + +- Update to 0.9.2 +* Avoid libsexy dep; ship with local copies of SexyURLLabel +* Avoid libgnome-vfs dep; use recent GTK+ instead +* Use standard icon names (Matthias Clasen) +* Avoid grabbing the pointer when showing dialog +* Remember state for "remember authorization" check box per action. +* Translations +- Remove policykit-gnome-bnc384159-bgo531609-no-grabs.diff, it was + upstreamed +- Remove PolicyKit-gnome-0.8-fix-i18n.patch. it was upstreamed + +------------------------------------------------------------------- Old: ---- PolicyKit-gnome-0.8-fix-i18n.patch PolicyKit-gnome-0.8.tar.bz2 policykit-gnome-bnc384159-bgo531609-no-grabs.diff New: ---- PolicyKit-gnome-0.9.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ PolicyKit-gnome.spec ++++++ --- /var/tmp/diff_new_pack.v16169/_old 2008-08-30 01:20:47.000000000 +0200 +++ /var/tmp/diff_new_pack.v16169/_new 2008-08-30 01:20:47.000000000 +0200 @@ -1,10 +1,17 @@ # -# spec file for package PolicyKit-gnome (Version MACRO) +# spec file for package PolicyKit-gnome (Version 0.9.2) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -12,27 +19,24 @@ Name: PolicyKit-gnome -%define polkit_version 0.8 +%define polkit_version 0.9 %define gtk2_version 2.12.0 Summary: PolicyKit integration for the GNOME desktop BuildRequires: dbus-1-glib-devel glib2-devel pkg-config -BuildRequires: gnome-common gnome-vfs2-devel gtk2-devel intltool libsexy-devel +BuildRequires: gconf2-devel gnome-common gtk2-devel intltool BuildRequires: gnome-doc-utils-devel gtk-doc BuildRequires: PolicyKit-devel BuildRequires: update-desktop-files Url: http://svn.gnome.org/viewvc/policykit-gnome/trunk/ License: GPL v2 or later; LGPL v2.0 or later Group: System/GUI/GNOME -Version: %{polkit_version} -Release: 4 +Version: 0.9.2 +Release: 1 AutoReqProv: on Source: %{name}-%{version}.tar.bz2 Source1: PolicyKit-gnome-libs-0.8-rpmlintrc BuildRoot: %{_tmppath}/%{name}-%{version}-build -Patch0: PolicyKit-gnome-0.8-fix-i18n.patch Patch1: PolicyKit-gnome-0.8-dont-store-privilege-by-default.diff -# PATCH-FIX-UPSTREAM policykit-gnome-bnc384159-bgo531609-no-grabs.diff bnc384159 bgo531609 federico(a)novell.com - Don't grab the mouse and keyboard in the authentication dialog -Patch2: policykit-gnome-bnc384159-bgo531609-no-grabs.diff %gconf_schemas_prereq %description @@ -48,9 +52,7 @@ %prep %setup -q -%patch0 -p1 %patch1 -p1 -%patch2 -p1 %build autoreconf -f -i @@ -164,8 +166,8 @@ %description demo Policy-gnome-demo provides a sample application that demonstrates the -features of both PolicyKit and PolicyKit-gnome. You normally don't want -to have this package installed. +features of both PolicyKit and PolicyKit-gnome. You normally do not +want to have this package installed. @@ -176,9 +178,20 @@ %files demo %defattr(-,root,root) %{_bindir}/polkit-gnome-example -%{_datadir}/PolicyKit/policy/polkit-gnome-example.policy +%{_datadir}/PolicyKit/policy/org.gnome.policykit.examples.policy %changelog +* Fri Aug 29 2008 jpr(a)suse.de +- Update to 0.9.2 + * Avoid libsexy dep; ship with local copies of SexyURLLabel + * Avoid libgnome-vfs dep; use recent GTK+ instead + * Use standard icon names (Matthias Clasen) + * Avoid grabbing the pointer when showing dialog + * Remember state for "remember authorization" check box per action. + * Translations +- Remove policykit-gnome-bnc384159-bgo531609-no-grabs.diff, it was + upstreamed +- Remove PolicyKit-gnome-0.8-fix-i18n.patch. it was upstreamed * Tue May 13 2008 aj(a)suse.de - Cleanup BuildRequires. * Sat May 10 2008 federico(a)novell.com ++++++ PolicyKit-gnome-0.8.tar.bz2 -> PolicyKit-gnome-0.9.2.tar.bz2 ++++++ ++++ 36211 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit PolicyKit
by root＠Hilbert.suse.de 29 Aug '08

29 Aug '08

Hello community, here is the log from the commit of package PolicyKit checked in at Sat Aug 30 01:18:55 CEST 2008. -------- --- PolicyKit/PolicyKit.changes 2008-08-25 14:33:29.000000000 +0200 +++ PolicyKit/PolicyKit.changes 2008-08-29 19:17:26.985674000 +0200 @@ -1,0 +2,10 @@ +Fri Aug 29 19:26:26 CEST 2008 - jpr(a)suse.de + +- Update to 0.9 +* need to link with libkit.la for some helpers +* build fixes +* always allow uid 0 to ask about authorizations for anyone +* fix up permissions / docs for certain helpers and files/directories +* remove watch on fd when reaching EOF + +------------------------------------------------------------------- PolicyKit-doc.changes: same change Old: ---- PolicyKit-0.8.tar.bz2 New: ---- PolicyKit-0.9.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ PolicyKit-doc.spec ++++++ --- /var/tmp/diff_new_pack.f11449/_old 2008-08-30 01:17:53.000000000 +0200 +++ /var/tmp/diff_new_pack.f11449/_new 2008-08-30 01:17:53.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package PolicyKit-doc (Version 0.8) +# spec file for package PolicyKit-doc (Version 0.9) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -32,8 +32,8 @@ Url: http://www.freedesktop.org/wiki/Software/hal License: X11/MIT Group: Documentation/Other -Version: 0.8 -Release: 50 +Version: 0.9 +Release: 1 AutoReqProv: on Summary: Documentation for PolicyKit BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -206,6 +206,13 @@ %endif %changelog +* Fri Aug 29 2008 jpr(a)suse.de +- Update to 0.9 + * need to link with libkit.la for some helpers + * build fixes + * always allow uid 0 to ask about authorizations for anyone + * fix up permissions / docs for certain helpers and files/directories + * remove watch on fd when reaching EOF * Mon Aug 25 2008 dmueller(a)suse.de - fix installed headers to compile with -pedantic * Wed Aug 20 2008 prusnak(a)suse.cz ++++++ PolicyKit.spec ++++++ --- /var/tmp/diff_new_pack.f11449/_old 2008-08-30 01:17:53.000000000 +0200 +++ /var/tmp/diff_new_pack.f11449/_new 2008-08-30 01:17:53.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package PolicyKit (Version 0.8) +# spec file for package PolicyKit (Version 0.9) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -32,8 +32,8 @@ Url: http://www.freedesktop.org/wiki/Software/hal License: X11/MIT Group: System/Libraries -Version: 0.8 -Release: 37 +Version: 0.9 +Release: 1 AutoReqProv: on Summary: Authorization Toolkit BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -206,6 +206,13 @@ %endif %changelog +* Fri Aug 29 2008 jpr(a)suse.de +- Update to 0.9 + * need to link with libkit.la for some helpers + * build fixes + * always allow uid 0 to ask about authorizations for anyone + * fix up permissions / docs for certain helpers and files/directories + * remove watch on fd when reaching EOF * Mon Aug 25 2008 dmueller(a)suse.de - fix installed headers to compile with -pedantic * Wed Aug 20 2008 prusnak(a)suse.cz ++++++ PolicyKit-0.8.tar.bz2 -> PolicyKit-0.9.tar.bz2 ++++++ ++++ 43059 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit pam-config
by root＠Hilbert.suse.de 29 Aug '08

29 Aug '08

Hello community, here is the log from the commit of package pam-config checked in at Sat Aug 30 01:17:16 CEST 2008. -------- --- pam-config/pam-config.changes 2008-08-22 12:01:10.000000000 +0200 +++ pam-config/pam-config.changes 2008-08-29 12:28:59.059586000 +0200 @@ -1,0 +2,8 @@ +Fri Aug 29 12:21:07 CEST 2008 - mc(a)suse.de + +- Version 0.59 + * skip unix password change for uid > 999 in case of krb5 is used. + * set LANG=C when running checks + * Update translations. + +------------------------------------------------------------------- Old: ---- pam-config-0.58.tar.bz2 New: ---- pam-config-0.59.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam-config.spec ++++++ --- /var/tmp/diff_new_pack.Io8812/_old 2008-08-30 01:16:21.000000000 +0200 +++ /var/tmp/diff_new_pack.Io8812/_new 2008-08-30 01:16:21.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package pam-config (Version 0.58) +# spec file for package pam-config (Version 0.59) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -20,7 +20,7 @@ Name: pam-config Summary: Modify common PAM configuration files -Version: 0.58 +Version: 0.59 Release: 1 License: GPL v2 only AutoReqProv: on @@ -95,6 +95,11 @@ %ghost %config %{_sysconfdir}/pam.d/common-session-pc %changelog +* Fri Aug 29 2008 mc(a)suse.de +- Version 0.59 + * skip unix password change for uid > 999 in case of krb5 is used. + * set LANG=C when running checks + * Update translations. * Fri Aug 22 2008 mc(a)suse.de - Version 0.58 * return correct query result in case of ++++++ pam-config-0.58.tar.bz2 -> pam-config-0.59.tar.bz2 ++++++ ++++ 2626 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit pam
by root＠Hilbert.suse.de 29 Aug '08

29 Aug '08

Hello community, here is the log from the commit of package pam checked in at Sat Aug 30 01:16:11 CEST 2008. -------- --- pam/pam.changes 2008-08-20 14:59:33.000000000 +0200 +++ pam/pam.changes 2008-08-29 15:19:36.000000000 +0200 @@ -1,0 +2,7 @@ +Fri Aug 29 15:17:50 CEST 2008 - kukuk(a)suse.de + +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS + +------------------------------------------------------------------- Old: ---- Linux-PAM-1.0.1-docs.tar.bz2 Linux-PAM-1.0.1.tar.bz2 New: ---- Linux-PAM-1.0.2-SUSE-docs.tar.bz2 Linux-PAM-1.0.2.tar.bz2 Linux-PAM-docu.diff Linux-PAM-docu-generated.diff pam-1.0.0-selinux-env-params.patch pam-1.0.1-namespace-create.patch pam_sepermit.diff pam_tally.diff pam_xauth.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam.spec ++++++ --- /var/tmp/diff_new_pack.gS1027/_old 2008-08-30 01:10:26.000000000 +0200 +++ /var/tmp/diff_new_pack.gS1027/_new 2008-08-30 01:10:26.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 1.0.1) +# spec file for package pam (Version 1.0.2) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -34,12 +34,12 @@ License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on -Version: 1.0.1 -Release: 26 +Version: 1.0.2 +Release: 1 Summary: A Security Tool that Provides Authentication for Applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 -Source1: Linux-PAM-%{version}-docs.tar.bz2 +Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 Source2: securetty Source3: other.pamd Source4: common-auth.pamd @@ -48,6 +48,13 @@ Source7: common-session.pamd Source8: etc.environment BuildRoot: %{_tmppath}/%{name}-%{version}-build +Patch: Linux-PAM-docu.diff +Patch1: pam_tally.diff +Patch2: pam_xauth.diff +Patch3: pam_sepermit.diff +Patch4: pam-1.0.1-namespace-create.patch +Patch5: pam-1.0.0-selinux-env-params.patch +Patch6: Linux-PAM-docu-generated.diff %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -89,6 +96,13 @@ %prep %setup -q -n Linux-PAM-%{version} -b 1 +%patch -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p0 +%patch6 -p1 %build CFLAGS="$RPM_OPT_FLAGS" \ @@ -290,6 +304,10 @@ %{_libdir}/libpam_misc.so %changelog +* Fri Aug 29 2008 kukuk(a)suse.de +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS * Wed Aug 20 2008 prusnak(a)suse.cz - enabled SELinux support [Fate#303662] * Wed Apr 16 2008 kukuk(a)suse.de ++++++ Linux-PAM-1.0.1-docs.tar.bz2 -> Linux-PAM-1.0.2.tar.bz2 ++++++ ++++ 224694 lines of diff (skipped) ++++++ Linux-PAM-docu.diff ++++++ ++++ 1645 lines (skipped) ++++++ Linux-PAM-docu-generated.diff ++++++ ++++ 1884 lines (skipped) ++++++ pam-1.0.0-selinux-env-params.patch ++++++ Index: modules/pam_selinux/pam_selinux.8.xml =================================================================== RCS file: /cvsroot/pam/Linux-PAM/modules/pam_selinux/pam_selinux.8.xml,v retrieving revision 1.2 diff -u -p -r1.2 pam_selinux.8.xml --- modules/pam_selinux/pam_selinux.8.xml 15 Jun 2007 10:17:22 -0000 1.2 +++ modules/pam_selinux/pam_selinux.8.xml 19 May 2008 15:44:08 -0000 @@ -37,6 +37,9 @@ select_context </arg> <arg choice="opt"> + env_params + </arg> + <arg choice="opt"> use_current_range </arg> </cmdsynopsis> @@ -137,12 +140,30 @@ </varlistentry> <varlistentry> <term> + <option>env_params</option> + </term> + <listitem> + <para> + Attempt to obtain a custom security context role from PAM environment. + If MLS is on obtain also sensitivity level. This option and the + select_context option are mutually exclusive. The respective PAM + environment variables are <emphasis>SELINUX_ROLE_REQUESTED</emphasis>, + <emphasis>SELINUX_LEVEL_REQUESTED</emphasis>, and + <emphasis>SELINUX_USE_CURRENT_RANGE</emphasis>. The first two variables + are self describing and the last one if set to 1 makes the PAM module behave as + if the use_current_range was specified on the command line of the module. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> <option>use_current_range</option> </term> <listitem> <para> - Use the sensitivity range of the process for the user context. - This option and the select_context option are mutually exclusive. + Use the sensitivity level of the current process for the user context + instead of the default level. Also supresses asking of the + sensitivity level from the user or obtaining it from PAM environment. </para> </listitem> </varlistentry> Index: modules/pam_selinux/pam_selinux.c =================================================================== RCS file: /cvsroot/pam/Linux-PAM/modules/pam_selinux/pam_selinux.c,v retrieving revision 1.16 diff -u -p -r1.16 pam_selinux.c --- modules/pam_selinux/pam_selinux.c 22 Apr 2008 19:21:37 -0000 1.16 +++ modules/pam_selinux/pam_selinux.c 19 May 2008 15:44:08 -0000 @@ -2,8 +2,9 @@ * A module for Linux-PAM that will set the default security context after login * via PAM. * - * Copyright (c) 2003 Red Hat, Inc. + * Copyright (c) 2003-2008 Red Hat, Inc. * Written by Dan Walsh <dwalsh(a)redhat.com> + * Additional improvements by Tomas Mraz <tmraz(a)redhat.com> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -138,15 +139,22 @@ send_text (pam_handle_t *pamh, const cha */ static int query_response (pam_handle_t *pamh, const char *text, const char *def, - char **responses, int debug) + char **response, int debug) { int rc; if (def) - rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s [%s] ", text, def); + rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s [%s] ", text, def); else - rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s ", text); - if (debug) - pam_syslog(pamh, LOG_NOTICE, "%s %s", text, responses[0]); + rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s ", text); + + if (*response == NULL) { + rc = PAM_CONV_ERR; + } + + if (rc != PAM_SUCCESS) { + pam_syslog(pamh, LOG_WARNING, "No response to query: %s", text); + } else if (debug) + pam_syslog(pamh, LOG_NOTICE, "%s %s", text, *response); return rc; } @@ -157,13 +165,15 @@ manual_context (pam_handle_t *pamh, cons context_t new_context; int mls_enabled = is_selinux_mls_enabled(); char *type=NULL; - char *responses=NULL; + char *response=NULL; while (1) { - query_response(pamh, - _("Would you like to enter a security context? [N] "), NULL, - &responses,debug); - if ((responses[0] == 'y') || (responses[0] == 'Y')) + if (query_response(pamh, + _("Would you like to enter a security context? [N] "), NULL, + &response, debug) != PAM_SUCCESS) + return NULL; + + if ((response[0] == 'y') || (response[0] == 'Y')) { if (mls_enabled) new_context = context_new ("user:role:type:level"); @@ -176,26 +186,29 @@ manual_context (pam_handle_t *pamh, cons if (context_user_set (new_context, user)) goto fail_set; - _pam_drop(responses); + _pam_drop(response); /* Allow the user to enter each field of the context individually */ - query_response(pamh,_("role:"), NULL, &responses,debug); - if (responses[0] != '\0') { - if (context_role_set (new_context, responses)) + if (query_response(pamh, _("role:"), NULL, &response, debug) == PAM_SUCCESS && + response[0] != '\0') { + if (context_role_set (new_context, response)) goto fail_set; - if (get_default_type(responses, &type)) + if (get_default_type(response, &type)) goto fail_set; if (context_type_set (new_context, type)) goto fail_set; } - _pam_drop(responses); + _pam_drop(response); + if (mls_enabled) { - query_response(pamh,_("level:"), NULL, &responses,debug); - if (responses[0] != '\0') { - if (context_range_set (new_context, responses)) + if (query_response(pamh, _("level:"), NULL, &response, debug) == PAM_SUCCESS && + response[0] != '\0') { + if (context_range_set (new_context, response)) goto fail_set; } + _pam_drop(response); } + /* Get the string value of the context and see if it is valid. */ if (!security_check_context(context_str(new_context))) { newcon = strdup(context_str(new_context)); @@ -204,16 +217,17 @@ manual_context (pam_handle_t *pamh, cons } else send_text(pamh,_("Not a valid security context"),debug); - context_free (new_context); + + context_free (new_context); } else { - _pam_drop(responses); + _pam_drop(response); return NULL; } } /* end while */ fail_set: free(type); - _pam_drop(responses); + _pam_drop(response); context_free (new_context); return NULL; } @@ -239,69 +253,91 @@ static int mls_range_allowed(pam_handle_ } static security_context_t -config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) +config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_current_range, int debug) { security_context_t newcon=NULL; context_t new_context; int mls_enabled = is_selinux_mls_enabled(); - char *responses=NULL; + char *response=NULL; char *type=NULL; char resp_val = 0; - pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), puser_context); + pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), defaultcon); while (1) { - query_response(pamh, + if (query_response(pamh, _("Would you like to enter a different role or level?"), "n", - &responses,debug); - - resp_val = responses[0]; - _pam_drop(responses); + &response, debug) == PAM_SUCCESS) { + resp_val = response[0]; + _pam_drop(response); + } else { + resp_val = 'N'; + } if ((resp_val == 'y') || (resp_val == 'Y')) { - new_context = context_new(puser_context); - + if ((new_context = context_new(defaultcon)) == NULL) + goto fail_set; + /* Allow the user to enter role and level individually */ - query_response(pamh,_("role:"), context_role_get(new_context), - &responses, debug); - if (responses[0]) { - if (get_default_type(responses, &type)) { - pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), responses); - _pam_drop(responses); + if (query_response(pamh, _("role:"), context_role_get(new_context), + &response, debug) == PAM_SUCCESS && response[0]) { + if (get_default_type(response, &type)) { + pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), response); + _pam_drop(response); continue; } else { - if (context_role_set(new_context, responses)) + if (context_role_set(new_context, response)) goto fail_set; if (context_type_set (new_context, type)) goto fail_set; } } - _pam_drop(responses); + _pam_drop(response); + if (mls_enabled) { - query_response(pamh,_("level:"), context_range_get(new_context), - &responses, debug); - if (responses[0]) { - if (context_range_set(new_context, responses)) - goto fail_set; + if (use_current_range) { + security_context_t mycon = NULL; + context_t my_context; + + if (getcon(&mycon) != 0) + goto fail_set; + my_context = context_new(mycon); + if (my_context == NULL) { + freecon(mycon); + goto fail_set; + } + freecon(mycon); + if (context_range_set(new_context, context_range_get(my_context))) { + context_free(my_context); + goto fail_set; + } + context_free(my_context); + } else if (query_response(pamh, _("level:"), context_range_get(new_context), + &response, debug) == PAM_SUCCESS && response[0]) { + if (context_range_set(new_context, response)) + goto fail_set; } - _pam_drop(responses); + _pam_drop(response); } + if (debug) pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", context_str(new_context)); /* Get the string value of the context and see if it is valid. */ if (!security_check_context(context_str(new_context))) { newcon = strdup(context_str(new_context)); - context_free (new_context); + if (newcon == NULL) + goto fail_set; + context_free(new_context); /* we have to check that this user is allowed to go into the range they have specified ... role is tied to an seuser, so that'll be checked at setexeccon time */ - if (mls_enabled && !mls_range_allowed(pamh, puser_context, newcon, debug)) { - pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", puser_context, newcon); + if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { + pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); - send_audit_message(pamh, 0, puser_context, newcon); + send_audit_message(pamh, 0, defaultcon, newcon); free(newcon); goto fail_range; @@ -309,26 +345,120 @@ config_context (pam_handle_t *pamh, secu return newcon; } else { - send_audit_message(pamh, 0, puser_context, context_str(new_context)); + send_audit_message(pamh, 0, defaultcon, context_str(new_context)); send_text(pamh,_("Not a valid security context"),debug); } context_free(new_context); /* next time around allocates another */ } else - return strdup(puser_context); + return strdup(defaultcon); } /* end while */ return NULL; fail_set: free(type); - _pam_drop(responses); + _pam_drop(response); context_free (new_context); - send_audit_message(pamh, 0, puser_context, NULL); + send_audit_message(pamh, 0, defaultcon, NULL); fail_range: return NULL; } +static security_context_t +context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_params, int use_current_range, int debug) +{ + security_context_t newcon = NULL; + context_t new_context; + context_t my_context = NULL; + int mls_enabled = is_selinux_mls_enabled(); + const char *env = NULL; + char *type = NULL; + + if ((new_context = context_new(defaultcon)) == NULL) + goto fail_set; + + if (env_params && (env = pam_getenv(pamh, "SELINUX_ROLE_REQUESTED")) != NULL && env[0] != '\0') { + if (debug) + pam_syslog(pamh, LOG_NOTICE, "Requested role: %s", env); + + if (get_default_type(env, &type)) { + pam_syslog(pamh, LOG_NOTICE, "No default type for role %s", env); + goto fail_set; + } else { + if (context_role_set(new_context, env)) + goto fail_set; + if (context_type_set(new_context, type)) + goto fail_set; + } + } + + if (mls_enabled) { + if ((env = pam_getenv(pamh, "SELINUX_USE_CURRENT_RANGE")) != NULL && env[0] == '1') { + if (debug) + pam_syslog(pamh, LOG_NOTICE, "SELINUX_USE_CURRENT_RANGE is set"); + use_current_range = 1; + } + + if (use_current_range) { + security_context_t mycon = NULL; + + if (getcon(&mycon) != 0) + goto fail_set; + my_context = context_new(mycon); + if (my_context == NULL) { + freecon(mycon); + goto fail_set; + } + freecon(mycon); + env = context_range_get(my_context); + } else { + env = pam_getenv(pamh, "SELINUX_LEVEL_REQUESTED"); + } + + if (env != NULL && env[0] != '\0') { + if (debug) + pam_syslog(pamh, LOG_NOTICE, "Requested level: %s", env); + if (context_range_set(new_context, env)) + goto fail_set; + } + } + + newcon = strdup(context_str(new_context)); + if (newcon == NULL) + goto fail_set; + + if (debug) + pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", newcon); + + /* Get the string value of the context and see if it is valid. */ + if (security_check_context(newcon)) { + pam_syslog(pamh, LOG_NOTICE, "Not a valid security context %s", newcon); + send_audit_message(pamh, 0, defaultcon, newcon); + freecon(newcon); + newcon = NULL; + + goto fail_set; + } + + /* we have to check that this user is allowed to go into the + range they have specified ... role is tied to an seuser, so that'll + be checked at setexeccon time */ + if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { + pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); + send_audit_message(pamh, 0, defaultcon, newcon); + freecon(newcon); + newcon = NULL; + } + + fail_set: + free(type); + context_free(my_context); + context_free(new_context); + send_audit_message(pamh, 0, defaultcon, NULL); + return newcon; +} + static void security_restorelabel_tty(const pam_handle_t *pamh, const char *tty, security_context_t context) @@ -439,13 +569,14 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { - int i, debug = 0, ttys=1, has_tty=isatty(0); + int i, debug = 0, ttys=1; int verbose=0, close_session=0; int select_context = 0; int use_current_range = 0; int ret = 0; security_context_t* contextlist = NULL; int num_contexts = 0; + int env_params = 0; const char *username = NULL; const void *tty = NULL; char *seuser=NULL; @@ -472,13 +603,16 @@ pam_sm_open_session(pam_handle_t *pamh, if (strcmp(argv[i], "use_current_range") == 0) { use_current_range = 1; } + if (strcmp(argv[i], "env_params") == 0) { + env_params = 1; + } } if (debug) pam_syslog(pamh, LOG_NOTICE, "Open Session"); - if (select_context && use_current_range) { - pam_syslog(pamh, LOG_ERR, "select_context cannot be used with use_current_range"); + if (select_context && env_params) { + pam_syslog(pamh, LOG_ERR, "select_context cannot be used with env_params"); select_context = 0; } @@ -510,12 +644,17 @@ pam_sm_open_session(pam_handle_t *pamh, freeconary(contextlist); if (default_user_context == NULL) { pam_syslog(pamh, LOG_ERR, "Out of memory"); - return PAM_AUTH_ERR; + return PAM_BUF_ERR; } + user_context = default_user_context; - if (select_context && has_tty) { - user_context = config_context(pamh, default_user_context, debug); - if (user_context == NULL) { + if (select_context) { + user_context = config_context(pamh, default_user_context, use_current_range, debug); + } else if (env_params || use_current_range) { + user_context = context_from_env(pamh, default_user_context, env_params, use_current_range, debug); + } + + if (user_context == NULL) { freecon(default_user_context); pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s", username); @@ -524,11 +663,9 @@ pam_sm_open_session(pam_handle_t *pamh, return PAM_AUTH_ERR; else return PAM_SUCCESS; - } - } + } } else { - if (has_tty) { user_context = manual_context(pamh,seuser,debug); if (user_context == NULL) { pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s", @@ -538,59 +675,6 @@ pam_sm_open_session(pam_handle_t *pamh, else return PAM_SUCCESS; } - } else { - pam_syslog (pamh, LOG_ERR, - "Unable to get valid context for %s, No valid tty", - username); - if (security_getenforce() == 1) - return PAM_AUTH_ERR; - else - return PAM_SUCCESS; - } - } - - if (use_current_range && is_selinux_mls_enabled()) { - security_context_t process_context=NULL; - if (getcon(&process_context) == 0) { - context_t pcon, ucon; - char *process_level=NULL; - security_context_t orig_context; - - if (user_context) - orig_context = user_context; - else - orig_context = default_user_context; - - pcon = context_new(process_context); - freecon(process_context); - process_level = strdup(context_range_get(pcon)); - context_free(pcon); - - if (debug) - pam_syslog (pamh, LOG_DEBUG, "process level=%s", process_level); - - ucon = context_new(orig_context); - - context_range_set(ucon, process_level); - free(process_level); - - if (!mls_range_allowed(pamh, orig_context, context_str(ucon), debug)) { - send_text(pamh, _("Requested MLS level not in permitted range"), debug); - /* even if default_user_context is NULL audit that anyway */ - send_audit_message(pamh, 0, default_user_context, context_str(ucon)); - context_free(ucon); - return PAM_AUTH_ERR; - } - - if (debug) - pam_syslog (pamh, LOG_DEBUG, "adjusted context=%s", context_str(ucon)); - - /* replace the user context with the level adjusted one */ - freecon(user_context); - user_context = strdup(context_str(ucon)); - - context_free(ucon); - } } if (getexeccon(&prev_user_context)<0) { @@ -613,7 +697,7 @@ pam_sm_open_session(pam_handle_t *pamh, } } } - if(ttys && tty ) { + if (ttys && tty) { ttyn=strdup(tty); ttyn_context=security_label_tty(pamh,ttyn,user_context); } ++++++ pam-1.0.1-namespace-create.patch ++++++ ++++ 679 lines (skipped) ++++++ pam_sepermit.diff ++++++ 2008-04-17 Tomas Mraz <t8m(a)centrum.cz> * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Do not try to lock if euid != 0. --- Linux-PAM-1.0/modules/pam_sepermit/pam_sepermit.c 2008-03-31 12:31:50.000000000 +0200 +++ Linux-PAM/modules/pam_sepermit/pam_sepermit.c 2008-04-17 16:29:02.000000000 +0200 @@ -305,7 +305,7 @@ free(line); fclose(f); if (matched) - return exclusive ? sepermit_lock(pamh, user, debug) : 0; + return (geteuid() == 0 && exclusive) ? sepermit_lock(pamh, user, debug) : 0; else return -1; } ++++++ pam_tally.diff ++++++ 2008-07-09 Thorsten Kukuk <kukuk(a)thkukuk.de> * modules/pam_tally/pam_tally.c: Add support for silent and no_log_info options. * modules/pam_tally/pam_tally.8.xml: Document silent and no_log_info options. --- Linux-PAM-1.0/modules/pam_tally/pam_tally.8.xml 2007-10-10 16:10:07.000000000 +0200 +++ Linux-PAM/modules/pam_tally/pam_tally.8.xml 2008-08-20 20:56:28.000000000 +0200 @@ -51,6 +51,12 @@ <arg choice="opt"> audit </arg> + <arg choice="opt"> + silent + </arg> + <arg choice="opt"> + no_log_info + </arg> </cmdsynopsis> <cmdsynopsis id="pam_tally-cmdsynopsis2"> <command>pam_tally</command> @@ -150,6 +156,26 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term> + <option>silent</option> + </term> + <listitem> + <para> + Don't print informative messages. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>no_log_info</option> + </term> + <listitem> + <para> + Don't log informative messages via <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>. + </para> + </listitem> + </varlistentry> </variablelist> </listitem> </varlistentry> --- Linux-PAM-1.0/modules/pam_tally/pam_tally.c 2007-11-20 11:58:11.000000000 +0100 +++ Linux-PAM/modules/pam_tally/pam_tally.c 2008-07-16 10:09:02.000000000 +0200 @@ -97,6 +97,8 @@ #define OPT_NO_LOCK_TIME 020 #define OPT_NO_RESET 040 #define OPT_AUDIT 0100 +#define OPT_SILENT 0200 +#define OPT_NOLOGNOTICE 0400 /*---------------------------------------------------------------------*/ @@ -205,6 +207,12 @@ else if ( ! strcmp ( *argv, "audit") ) { opts->ctrl |= OPT_AUDIT; } + else if ( ! strcmp ( *argv, "silent") ) { + opts->ctrl |= OPT_SILENT; + } + else if ( ! strcmp ( *argv, "no_log_info") ) { + opts->ctrl |= OPT_NOLOGNOTICE; + } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } @@ -524,12 +532,17 @@ { if ( lock_time + oldtime > time(NULL) ) { - pam_syslog(pamh, LOG_NOTICE, - "user %s (%lu) has time limit [%lds left]" - " since last failure.", - user, (unsigned long int) uid, - oldtime+lock_time - -time(NULL)); + if (!(opts->ctrl & OPT_SILENT)) + pam_info (pamh, + _("Account temporary locked (%lds seconds left)"), + oldtime+lock_time-time(NULL)); + + if (!(opts->ctrl & OPT_NOLOGNOTICE)) + pam_syslog (pamh, LOG_NOTICE, + "user %s (%lu) has time limit [%lds left]" + " since last failure.", + user, (unsigned long int) uid, + oldtime+lock_time-time(NULL)); return PAM_AUTH_ERR; } } @@ -545,9 +558,14 @@ ( tally > deny ) && /* tally>deny means exceeded */ ( ((opts->ctrl & OPT_DENY_ROOT) || uid) ) /* even_deny stops uid check */ ) { - pam_syslog(pamh, LOG_NOTICE, - "user %s (%lu) tally "TALLY_FMT", deny "TALLY_FMT, - user, (unsigned long int) uid, tally, deny); + if (!(opts->ctrl & OPT_SILENT)) + pam_info (pamh, _("Accounted locked due to "TALLY_FMT" failed login"), + tally); + + if (!(opts->ctrl & OPT_NOLOGNOTICE)) + pam_syslog(pamh, LOG_NOTICE, + "user %s (%lu) tally "TALLY_FMT", deny "TALLY_FMT, + user, (unsigned long int) uid, tally, deny); return PAM_AUTH_ERR; /* Only unconditional failure */ } } @@ -594,7 +612,7 @@ #ifdef PAM_SM_AUTH PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, +pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { int @@ -612,6 +630,9 @@ if ( rvcheck != PAM_SUCCESS ) RETURN_ERROR( rvcheck ); + if (flags & PAM_SILENT) + opts->ctrl |= OPT_SILENT; + rvcheck = pam_get_uid(pamh, &uid, &user, opts); if ( rvcheck != PAM_SUCCESS ) RETURN_ERROR( rvcheck ); @@ -625,7 +646,7 @@ } PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, +pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { int @@ -643,6 +664,9 @@ if ( rv != PAM_SUCCESS ) RETURN_ERROR( rv ); + if (flags & PAM_SILENT) + opts->ctrl |= OPT_SILENT; + rv = pam_get_uid(pamh, &uid, &user, opts); if ( rv != PAM_SUCCESS ) RETURN_ERROR( rv ); @@ -667,7 +691,7 @@ /* To reset failcount of user on successfull login */ PAM_EXTERN int -pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { int @@ -685,6 +709,9 @@ if ( rv != PAM_SUCCESS ) RETURN_ERROR( rv ); + if (flags & PAM_SILENT) + opts->ctrl |= OPT_SILENT; + rv = pam_get_uid(pamh, &uid, &user, opts); if ( rv != PAM_SUCCESS ) RETURN_ERROR( rv ); ++++++ pam_xauth.diff ++++++ 2008-04-08 Tomas Mraz <t8m(a)centrum.cz> * modules/pam_xauth/pam_xauth.c(run_coprocess): Avoid multiple calls to sysconf() (based on patch by Sami Farin). --- Linux-PAM-1.0/modules/pam_xauth/pam_xauth.c 2007-10-01 11:41:32.000000000 +0200 +++ Linux-PAM/modules/pam_xauth/pam_xauth.c 2008-06-22 09:47:33.000000000 +0200 @@ -118,6 +118,7 @@ size_t j; char *args[10]; const char *tmp; + int maxopened; /* Drop privileges. */ setgid(gid); setgroups(0, NULL); @@ -129,7 +130,8 @@ * descriptors. */ dup2(ipipe[0], STDIN_FILENO); dup2(opipe[1], STDOUT_FILENO); - for (i = 0; i < sysconf(_SC_OPEN_MAX); i++) { + maxopened = (int)sysconf(_SC_OPEN_MAX); + for (i = 0; i < maxopened; i++) { if ((i != STDIN_FILENO) && (i != STDOUT_FILENO)) { close(i); } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit orca
by root＠Hilbert.suse.de 29 Aug '08

29 Aug '08

Hello community, here is the log from the commit of package orca checked in at Sat Aug 30 01:08:49 CEST 2008. -------- --- GNOME/orca/orca.changes 2008-06-23 20:26:41.000000000 +0200 +++ orca/orca.changes 2008-08-26 03:00:40.000000000 +0200 @@ -1,0 +2,26 @@ +Tue Aug 26 20:23:23 CEST 2008 - mboman(a)novell.com + +- Update to version 2.23.90: + + Use DBus only if DBUS_SESSION_BUS_ADDRESS is defined so as to avoid + unexpected launching of a DBus daemon + + Bugs fixed: bgo#536985, bgo#540123, bgo#540187, bgo#546277, bgo#546660, + bgo#547938, bgo#547895, bgo#535178, bgo#527819, bgo#535183, bgo#542833, + bgo#546355, bgo#546895, bgo#547345 + + Updated translations + +------------------------------------------------------------------- +Sat Aug 09 20:23:23 CEST 2008 - captain.magnus(a)opensuse.org + +- Update to version 2.23.6: + + Fix for bug bgo#536985, bgo#542714, bgo#545342, bgo#429390, bgo#544122, + bgo#544197, bgo#544771, bgo#545623, bgo#534431, bgo#545946, bgo#520596, + bgo#525656, bgo#533095, bgo#534022, bgo#536825, bgo#536985, bgo#538058, + bgo#538729, bgo#538773, bgo#540937, bgo#541094, bgo#541437, bgo#542260, + bgo#542262, bgo#542367, bgo#542714, bgo#542719, bgo#543775, bgo#435623, + bgo#538053, bgo#538056, bgo#538064, bgo#538835, bgo#519515, bgo#530783, + bgo#533109, bgo#535023, bgo#536455, bgo#537839, bgo#539075, bgo#540187, + bgo#542324, bgo#542927, bgo#543496, bgo#533042, bgo#536451, bgo#536455, + bgo#540039, bgo#540407, bgo#540833, bgo#541018, bgo#543024 + + Updated translations + +------------------------------------------------------------------- Old: ---- orca-2.23.4.tar.bz2 New: ---- orca-2.23.90.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ orca.spec ++++++ --- /var/tmp/diff_new_pack.O26753/_old 2008-08-30 01:06:11.000000000 +0200 +++ /var/tmp/diff_new_pack.O26753/_new 2008-08-30 01:06:11.000000000 +0200 @@ -1,10 +1,17 @@ # -# spec file for package orca (Version 2.23.4) +# spec file for package orca (Version 2.23.90) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -12,8 +19,8 @@ Name: orca -BuildRequires: at-spi-devel fdupes glib2-devel gnome-common gnome-mag-devel gnome-speech-devel intltool python python-gnome python-gnome-devel python-gtk-devel update-desktop-files -Version: 2.23.4 +BuildRequires: at-spi-devel fdupes glib2-devel gnome-common gnome-mag-devel gnome-python-desktop gnome-speech-devel intltool python python-gnome python-gnome-devel python-gtk-devel update-desktop-files +Version: 2.23.90 Release: 1 Url: http://www.gnome.org/ Group: System/GUI/GNOME @@ -78,6 +85,26 @@ %files lang -f %{name}.lang %changelog +* Tue Aug 26 2008 mboman(a)novell.com +- Update to version 2.23.90: + + Use DBus only if DBUS_SESSION_BUS_ADDRESS is defined so as to avoid + unexpected launching of a DBus daemon + + Bugs fixed: bgo#536985, bgo#540123, bgo#540187, bgo#546277, bgo#546660, + bgo#547938, bgo#547895, bgo#535178, bgo#527819, bgo#535183, bgo#542833, + bgo#546355, bgo#546895, bgo#547345 + + Updated translations +* Sat Aug 09 2008 captain.magnus(a)opensuse.org +- Update to version 2.23.6: + + Fix for bug bgo#536985, bgo#542714, bgo#545342, bgo#429390, bgo#544122, + bgo#544197, bgo#544771, bgo#545623, bgo#534431, bgo#545946, bgo#520596, + bgo#525656, bgo#533095, bgo#534022, bgo#536825, bgo#536985, bgo#538058, + bgo#538729, bgo#538773, bgo#540937, bgo#541094, bgo#541437, bgo#542260, + bgo#542262, bgo#542367, bgo#542714, bgo#542719, bgo#543775, bgo#435623, + bgo#538053, bgo#538056, bgo#538064, bgo#538835, bgo#519515, bgo#530783, + bgo#533109, bgo#535023, bgo#536455, bgo#537839, bgo#539075, bgo#540187, + bgo#542324, bgo#542927, bgo#543496, bgo#533042, bgo#536451, bgo#536455, + bgo#540039, bgo#540407, bgo#540833, bgo#541018, bgo#543024 + + Updated translations * Mon Jun 23 2008 maw(a)suse.de - Update to version 2.23.4: + Bugs fixed: bgo#487585, bgo#397306, bgo#464194, bgo#517532, ++++++ orca-2.23.4.tar.bz2 -> orca-2.23.90.tar.bz2 ++++++ ++++ 181765 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit openldap2
by root＠Hilbert.suse.de 29 Aug '08

29 Aug '08

Hello community, here is the log from the commit of package openldap2 checked in at Sat Aug 30 01:03:31 CEST 2008. -------- --- openldap2/openldap2.changes 2008-08-18 18:10:08.000000000 +0200 +++ openldap2/openldap2.changes 2008-08-28 11:49:30.000000000 +0200 @@ -1,0 +2,8 @@ +Thu Aug 28 11:46:08 CEST 2008 - rhafer(a)suse.de + +- added ldapns.schema , to allow to use pam_ldap's "check_host_attr" + and "check_service_attr" features (bnc#419984) +- backport overlay_register_control fix from HEAD (bnc#420016, + ITS#5649) + +------------------------------------------------------------------- openldap2-client.changes: same change New: ---- slapd-overlay_register_control.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openldap2-client.spec ++++++ --- /var/tmp/diff_new_pack.V15256/_old 2008-08-30 01:02:12.000000000 +0200 +++ /var/tmp/diff_new_pack.V15256/_new 2008-08-30 01:02:12.000000000 +0200 @@ -42,7 +42,7 @@ %endif AutoReqProv: on Version: 2.4.11 -Release: 15 +Release: 19 Source: openldap-%{version}.tar.bz2 Source1: openldap-rc.tgz Source2: addonschema.tar.gz @@ -60,6 +60,7 @@ Patch7: pie-compile.dif Patch8: slapd_getaddrinfo_dupl.dif Patch9: openldap2-add-gnu-source.diff +Patch10: slapd-overlay_register_control.dif Patch100: openldap-2.3.37.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -162,6 +163,7 @@ %endif %patch8 -p1 %patch9 -p1 +%patch10 cp %{SOURCE5} . cd ../openldap-2.3.37 %patch100 @@ -487,6 +489,11 @@ %endif %changelog +* Thu Aug 28 2008 rhafer(a)suse.de +- added ldapns.schema , to allow to use pam_ldap's "check_host_attr" + and "check_service_attr" features (bnc#419984) +- backport overlay_register_control fix from HEAD (bnc#420016, + ITS#5649) * Mon Aug 18 2008 mrueckert(a)suse.de - remove outdated options in the fillup_and_insserv call * Mon Aug 18 2008 rhafer(a)suse.de ++++++ openldap2.spec ++++++ --- /var/tmp/diff_new_pack.V15256/_old 2008-08-30 01:02:12.000000000 +0200 +++ /var/tmp/diff_new_pack.V15256/_new 2008-08-30 01:02:12.000000000 +0200 @@ -42,7 +42,7 @@ %endif AutoReqProv: on Version: 2.4.11 -Release: 14 +Release: 18 Source: openldap-%{version}.tar.bz2 Source1: openldap-rc.tgz Source2: addonschema.tar.gz @@ -60,6 +60,7 @@ Patch7: pie-compile.dif Patch8: slapd_getaddrinfo_dupl.dif Patch9: openldap2-add-gnu-source.diff +Patch10: slapd-overlay_register_control.dif Patch100: openldap-2.3.37.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -165,6 +166,7 @@ %endif %patch8 -p1 %patch9 -p1 +%patch10 cp %{SOURCE5} . cd ../openldap-2.3.37 %patch100 @@ -490,6 +492,11 @@ %endif %changelog +* Thu Aug 28 2008 rhafer(a)suse.de +- added ldapns.schema , to allow to use pam_ldap's "check_host_attr" + and "check_service_attr" features (bnc#419984) +- backport overlay_register_control fix from HEAD (bnc#420016, + ITS#5649) * Mon Aug 18 2008 mrueckert(a)suse.de - remove outdated options in the fillup_and_insserv call * Mon Aug 18 2008 rhafer(a)suse.de ++++++ addonschema.tar.gz ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/ldapns.schema new/ldapns.schema --- old/ldapns.schema 1970-01-01 01:00:00.000000000 +0100 +++ new/ldapns.schema 2008-08-28 11:44:01.000000000 +0200 @@ -0,0 +1,23 @@ +# $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $ + +# LDAP Name Service Additional Schema + +# http://www.iana.org/assignments/gssapi-service-names + +attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' + DESC 'IANA GSS-API authorized service name' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' + DESC 'Auxiliary object class for adding authorizedService attribute' + SUP top + AUXILIARY + MAY authorizedService ) + +objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' + DESC 'Auxiliary object class for adding host attribute' + SUP top + AUXILIARY + MAY host ) + ++++++ slapd-overlay_register_control.dif ++++++ Index: servers/slapd/backover.c =================================================================== RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/backover.c,v retrieving revision 1.87 retrieving revision 1.88 diff -u -r1.87 -r1.88 --- servers/slapd/backover.c 12 Jul 2008 09:53:49 -0000 1.87 +++ servers/slapd/backover.c 9 Aug 2008 08:11:41 -0000 1.88 @@ -1063,7 +1063,7 @@ /* add to all backends... */ LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) { - if ( be == bd ) { + if ( bd == be->bd_self ) { gotit = 1; } @@ -1074,8 +1074,8 @@ } if ( !gotit ) { - be->be_ctrls[ cid ] = 1; - be->be_ctrls[ SLAP_MAX_CIDS ] = 1; + be->bd_self->be_ctrls[ cid ] = 1; + be->bd_self->be_ctrls[ SLAP_MAX_CIDS ] = 1; } return 0; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0