November 2010 - openSUSE Commits - openSUSE Mailing Lists

commit openvpn for openSUSE:Factory
by root＠hilbert.suse.de 18 Nov '10

18 Nov '10

Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at Thu Nov 18 17:04:46 CET 2010. -------- --- openvpn/openvpn.changes 2010-09-08 20:18:45.000000000 +0200 +++ openvpn/openvpn.changes 2010-11-16 10:57:12.000000000 +0100 @@ -1,0 +2,14 @@ +Tue Nov 16 09:45:46 UTC 2010 - mt(a)suse.de + +- Updated to openvpn 2.1.4, providing several bug fixes and + improvements, such as: + * Fix of a problem with special case route targets + * Try to ensure, that the tun/tap interface gets closed on + non-graceful aborts. + * Several AUTH_FAILED reporting fixes causing the connection + to fail without any error indication. + * Enable exponential backoff in reliability layer retransmits. + * Proxy improvements + Please review the ChangeLog file for a complete and exact list. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- openvpn-2.1.1.tar.gz openvpn-2.1.1.tar.gz.asc New: ---- openvpn-2.1.4.tar.gz openvpn-2.1.4.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openvpn.spec ++++++ --- /var/tmp/diff_new_pack.aeiVMp/_old 2010-11-18 17:04:30.000000000 +0100 +++ /var/tmp/diff_new_pack.aeiVMp/_new 2010-11-18 17:04:30.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package openvpn (Version 2.1.1) +# spec file for package openvpn (Version 2.1.4) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -17,7 +17,7 @@ # norootforbuild -%define upstream_version 2.1.1 +%define upstream_version 2.1.4 Name: openvpn Url: http://openvpn.net/ @@ -27,8 +27,8 @@ %if 0%{?suse_version} PreReq: %insserv_prereq %fillup_prereq %endif -Version: 2.1.1 -Release: 7 +Version: 2.1.4 +Release: 1 Summary: Full-featured SSL VPN solution using a TUN/TAP Interface Source: http://openvpn.net/release/openvpn-%{upstream_version}.tar.gz Source1: http://openvpn.net/signatures/openvpn-%{upstream_version}.tar.gz.asc ++++++ openvpn-2.1.1.tar.gz -> openvpn-2.1.4.tar.gz ++++++ ++++ 30704 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit perl-Crypt-Rot13 for openSUSE:Factory
by root＠hilbert.suse.de 18 Nov '10

18 Nov '10

Hello community, here is the log from the commit of package perl-Crypt-Rot13 for openSUSE:Factory checked in at Thu Nov 18 17:04:00 CET 2010. -------- --- perl-Crypt-Rot13/perl-Crypt-Rot13.changes 2010-10-12 23:51:03.000000000 +0200 +++ perl-Crypt-Rot13/perl-Crypt-Rot13.changes 2010-10-19 10:45:43.000000000 +0200 @@ -1,0 +2,5 @@ +Tue Oct 19 08:38:27 UTC 2010 - coolo(a)novell.com + +- add perl as explicit buildrequire + +------------------------------------------------------------------- calling whatdependson for head-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Crypt-Rot13.spec ++++++ --- /var/tmp/diff_new_pack.nuDwqA/_old 2010-11-18 17:03:55.000000000 +0100 +++ /var/tmp/diff_new_pack.nuDwqA/_new 2010-11-18 17:03:55.000000000 +0100 @@ -20,7 +20,7 @@ Name: perl-Crypt-Rot13 Version: 0.6 -Release: 1 +Release: 2 Requires: perl = %{perl_version} AutoReqProv: on Group: Development/Libraries/Perl @@ -29,6 +29,7 @@ Summary: Rot13 (Caesar) encryption for perl Source: Crypt-Rot13-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: perl BuildArch: noarch %description ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit perl-File-Next for openSUSE:Factory
by root＠hilbert.suse.de 18 Nov '10

18 Nov '10

Hello community, here is the log from the commit of package perl-File-Next for openSUSE:Factory checked in at Thu Nov 18 17:03:46 CET 2010. -------- --- perl-File-Next/perl-File-Next.changes 2010-11-11 11:39:52.000000000 +0100 +++ perl-File-Next/perl-File-Next.changes 2010-11-11 23:44:56.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Nov 11 22:43:50 UTC 2010 - chris(a)computersalat.de + +- removed perl-macros + o no perl_gen_filelist + +------------------------------------------------------------------- calling whatdependson for head-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-File-Next.spec ++++++ --- /var/tmp/diff_new_pack.2kR25U/_old 2010-11-18 17:03:29.000000000 +0100 +++ /var/tmp/diff_new_pack.2kR25U/_new 2010-11-18 17:03:29.000000000 +0100 @@ -23,7 +23,7 @@ %define cpan_name File-Next Summary: File::Next Perl module Version: 1.06 -Release: 1 +Release: 2 License: GPL+ or Artistic Group: Development/Libraries/Perl Url: http://search.cpan.org/dist/File-Next/ @@ -31,9 +31,6 @@ Source: %{cpan_name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: perl -%if 0%{?suse_version} < 1120 -BuildRequires: perl-macros -%endif %if %{with pod} BuildRequires: perl(Test::Pod) >= 1.14 BuildRequires: perl(Test::Pod::Coverage) >= 1.14 @@ -62,13 +59,18 @@ %install %perl_make_install %perl_process_packlist -%perl_gen_filelist %clean %{__rm} -rf $RPM_BUILD_ROOT -%files -f %{name}.files +%files %defattr(-,root,root,-) -%doc Changes perlcriticrc README +%doc Changes README +%dir %{perl_vendorlib}/File +%{perl_vendorlib}/File/Next.pm +%dir %{perl_vendorarch}/auto/File +%{perl_vendorarch}/auto/File/Next +%doc %{perl_man3dir}/File::Next.%{perl_man3ext}* +/var/adm/perl-modules/%{name} %changelog ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit permissions for openSUSE:Factory
by root＠hilbert.suse.de 18 Nov '10

18 Nov '10

Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Thu Nov 18 17:03:15 CET 2010. -------- --- permissions/permissions.changes 2010-11-16 17:10:29.000000000 +0100 +++ permissions/permissions.changes 2010-11-18 11:53:03.000000000 +0100 @@ -1,0 +2,11 @@ +Thu Nov 18 10:52:39 UTC 2010 - lnussel(a)suse.de + +- update permissions of lastlog, faillog, wtmp, utmp and btmp + +------------------------------------------------------------------- +Wed Nov 17 11:02:37 UTC 2010 - lnussel(a)suse.de + +- remove permissions handling for /etc/inittab, /etc/inetd.conf and /etc/mtab +- revert previous commit, done in coreutils instead + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- permissions-2010.11.16.1609.tar.bz2 New: ---- permissions-2010.11.18.1151.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ permissions.spec ++++++ --- /var/tmp/diff_new_pack.t1AMYw/_old 2010-11-18 17:02:35.000000000 +0100 +++ /var/tmp/diff_new_pack.t1AMYw/_new 2010-11-18 17:02:35.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package permissions (Version 2010.11.16.1609) +# spec file for package permissions (Version 2010.11.18.1151) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -24,22 +24,19 @@ License: GPLv2+ Group: Productivity/Security AutoReqProv: on -Version: 2010.11.16.1609 +Version: 2010.11.18.1151 Release: 1 Provides: aaa_base:/etc/permissions -Requires: /sbin/SuSEconfig -Requires: %fillup_prereq +PreReq: %fillup_prereq Summary: SUSE Linux Default Permissions Source: permissions-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://gitorious.org/opensuse/permissions %description -This package contains specifications for permissions of specific files, -directories, and devices depending on the local security settings. The -local security setting (easy, secure, or paranoid) can be configured in -/etc/sysconfig/security. - +Permission settings of files and directories depending on the +local security settings. The local security setting (easy, secure, +or paranoid) can be configured in /etc/sysconfig/security. Authors: ++++++ permissions-2010.11.16.1609.tar.bz2 -> permissions-2010.11.18.1151.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2010.11.16.1609/permissions new/permissions-2010.11.18.1151/permissions --- old/permissions-2010.11.16.1609/permissions 2010-11-16 16:09:55.000000000 +0100 +++ new/permissions-2010.11.18.1151/permissions 2010-11-18 11:51:54.000000000 +0100 @@ -92,13 +92,13 @@ /var/run/sudo/ root:root 700 # -# log files that do not grow remarkably +# login tracking # +/var/log/lastlog root:root 644 /var/log/faillog root:root 600 -# This file is not writeable by gid tty so that the information -# therein can be trusted. -/var/log/lastlog root:utmp 644 - +/var/log/wtmp root:utmp 664 +/var/log/btmp root:root 600 +/var/run/utmp root:utmp 664 # # some device files diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2010.11.16.1609/permissions.easy new/permissions-2010.11.18.1151/permissions.easy --- old/permissions-2010.11.16.1609/permissions.easy 2010-11-16 16:09:55.000000000 +0100 +++ new/permissions-2010.11.18.1151/permissions.easy 2010-11-18 11:51:54.000000000 +0100 @@ -31,9 +31,6 @@ # we don't package it /etc/ftpaccess root:root 644 /etc/ftpusers root:root 644 -/etc/inetd.conf root:root 644 -/etc/inittab root:root 644 -/etc/mtab root:root 644 /etc/rmtab root:root 644 /var/lib/nfs/rmtab root:root 644 /etc/syslog.conf root:root 644 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2010.11.16.1609/permissions.paranoid new/permissions-2010.11.18.1151/permissions.paranoid --- old/permissions-2010.11.16.1609/permissions.paranoid 2010-11-16 16:09:55.000000000 +0100 +++ new/permissions-2010.11.18.1151/permissions.paranoid 2010-11-18 11:51:54.000000000 +0100 @@ -45,9 +45,6 @@ /etc/fstab root:root 600 /etc/ftpaccess root:root 600 /etc/ftpusers root:root 600 -/etc/inetd.conf root:root 600 -/etc/inittab root:root 600 -/etc/mtab root:root 600 /etc/rmtab root:root 600 /var/lib/nfs/rmtab root:root 600 /etc/syslog.conf root:root 600 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2010.11.16.1609/permissions.secure new/permissions-2010.11.18.1151/permissions.secure --- old/permissions-2010.11.16.1609/permissions.secure 2010-11-16 16:09:55.000000000 +0100 +++ new/permissions-2010.11.18.1151/permissions.secure 2010-11-18 11:51:54.000000000 +0100 @@ -68,9 +68,6 @@ /etc/fstab root:root 644 /etc/ftpaccess root:root 644 /etc/ftpusers root:root 644 -/etc/inetd.conf root:root 644 -/etc/inittab root:root 644 -/etc/mtab root:root 644 /etc/rmtab root:root 644 /var/lib/nfs/rmtab root:root 644 /etc/syslog.conf root:root 600 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit pidentd for openSUSE:Factory
by root＠hilbert.suse.de 18 Nov '10

18 Nov '10

Hello community, here is the log from the commit of package pidentd for openSUSE:Factory checked in at Thu Nov 18 17:02:22 CET 2010. -------- --- pidentd/pidentd.changes 2009-08-26 14:01:35.000000000 +0200 +++ pidentd/pidentd.changes 2010-04-07 02:56:13.000000000 +0200 @@ -1,0 +2,5 @@ +Wed Apr 7 00:55:57 UTC 2010 - crrodriguez(a)opensuse.org + +- require inet-daemon + +------------------------------------------------------------------- calling whatdependson for head-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pidentd.spec ++++++ --- /var/tmp/diff_new_pack.XAUwcH/_old 2010-11-18 17:02:00.000000000 +0100 +++ /var/tmp/diff_new_pack.XAUwcH/_new 2010-11-18 17:02:00.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package pidentd (Version 3.1a25) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,7 +33,7 @@ Provides: nkitb:/usr/sbin/in.identd AutoReqProv: on Version: 3.1a25 -Release: 320 +Release: 327 Summary: An Implementation of the RFC1413 Identification Server Url: http://sf.www.lysator.liu.se/~pen/pidentd/ Source: %{name}-%{version}.tar.bz2 @@ -49,6 +49,7 @@ Patch7: %{name}-%{version}-send.diff Patch8: %{name}-%{version}-ipv6.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build +Requires: inet-daemon %description This package contains identd, which implements a RFC1413 identification ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit rsyslog for openSUSE:Factory
by root＠hilbert.suse.de 18 Nov '10

18 Nov '10

Hello community, here is the log from the commit of package rsyslog for openSUSE:Factory checked in at Thu Nov 18 17:01:48 CET 2010. -------- --- rsyslog/rsyslog.changes 2010-04-28 19:26:59.000000000 +0200 +++ rsyslog/rsyslog.changes 2010-11-16 09:31:03.000000000 +0100 @@ -1,0 +2,16 @@ +Mon Nov 15 14:59:21 UTC 2010 - chris(a)computersalat.de + +- update to 5.6.0 + This release brings all changes and enhancements of the 5.5.x + series to the v5-stable branch. + - bugfix: a couple of problems that imfile had on some platforms, + namely Ubuntu (not their fault, but occured there) + - bugfix: imfile utilizes 32 bit to track offset. Most importantly, + this problem can not experienced on Fedora 64 bit OS (which has + 64 bit long's!) +- removed obsolete patch + - xconsole-pipe-loop +- rpmlint + - name-repeated-in-summary C Rsyslog + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- rsyslog-5.4.0.tar.bz2 rsyslog.xconsole-pipe-loop.patch New: ---- rsyslog-5.6.0.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rsyslog.spec ++++++ --- /var/tmp/diff_new_pack.iuIYdA/_old 2010-11-18 17:01:31.000000000 +0100 +++ /var/tmp/diff_new_pack.iuIYdA/_new 2010-11-18 17:01:31.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package rsyslog (Version 5.4.0) +# spec file for package rsyslog (Version 5.6.0) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,7 +19,10 @@ Name: rsyslog -%define upstream_version 5.4.0 +Summary: The enhanced syslogd for Linux and Unix +Version: 5.6.0 +Release: 1 +%define upstream_version 5.6.0 # add %define build_with_relp 1 to enable relp on < 11.3, e.g. # via <topadd>%define build_with_relp 1</topadd> in _link file. %define with_relp 0%{?suse_version} >= 1130 || 0%{?build_with_relp:1} @@ -29,11 +32,8 @@ %define _libdir /%_lib %define rsyslog_module_dir_nodeps %{_libdir}/rsyslog/ %define rsyslog_module_dir_withdeps %{_prefix}/%{_lib}/rsyslog/ -Version: 5.4.0 -Release: 2 License: GPLv3+ Group: System/Daemons -Summary: Rsyslog, the enhanced syslogd for Linux and Unix Url: http://www.rsyslog.com/ AutoReqProv: on Provides: syslog @@ -55,7 +55,6 @@ Source2: rsyslog.conf.in Source3: rsyslog.early.conf.in Source4: rsyslog.d.remote.conf.in -Patch1: rsyslog.xconsole-pipe-loop.patch %description Rsyslog is an enhanced multi-threaded syslogd supporting, among others, @@ -245,7 +244,6 @@ %prep %setup -q -n %{name}-%{upstream_version} dos2unix doc/*.html -%patch1 -p1 %build export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -W -Wall" ++++++ rsyslog-5.4.0.tar.bz2 -> rsyslog-5.6.0.tar.bz2 ++++++ ++++ 41570 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit smbtad for openSUSE:Factory
by root＠hilbert.suse.de 18 Nov '10

18 Nov '10

Hello community, here is the log from the commit of package smbtad for openSUSE:Factory checked in at Thu Nov 18 17:01:15 CET 2010. -------- --- smbtad/smbtad.changes 2010-11-11 14:04:00.000000000 +0100 +++ smbtad/smbtad.changes 2010-11-15 23:59:21.000000000 +0100 @@ -1,0 +2,10 @@ +Mon Nov 15 22:52:38 UTC 2010 - hhetter(a)novell.com + +- update to version 1.2: + - bnc#651890, smbtad doesn't speak over a unix domain socket + with the module. + - bnc#652755, the query port is not correctly read in by file + configuration in smbtad. +- the specfile adds an example configuration file for smbtad. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- smbtad-1.1.tar.bz2 New: ---- smbtad-1.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ smbtad.spec ++++++ --- /var/tmp/diff_new_pack.MOzzWY/_old 2010-11-18 17:00:31.000000000 +0100 +++ /var/tmp/diff_new_pack.MOzzWY/_new 2010-11-18 17:00:31.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package smbtad (Version 1.1) +# spec file for package smbtad (Version 1.2) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -25,7 +25,7 @@ BuildRecommends: libiniparser-devel License: GPLv3+ Group: Productivity/Networking/Samba -Version: 1.1 +Version: 1.2 Release: 1 Summary: A collector of smbd share usage data Url: http://github.com/hhetter/smbtad @@ -81,5 +81,6 @@ %{_bindir}/smbtad %{_sbindir}/rcsmbtad %attr(0754,root,root) %config %{INITDIR}/smbtad +%doc dist/smbtad.conf_example %changelog ++++++ smbtad-1.1.tar.bz2 -> smbtad-1.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smbtad-1.1/dist/smbtad.spec new/smbtad-1.2/dist/smbtad.spec --- old/smbtad-1.1/dist/smbtad.spec 2010-11-06 21:28:20.000000000 +0100 +++ new/smbtad-1.2/dist/smbtad.spec 2010-11-15 23:31:52.000000000 +0100 @@ -25,7 +25,7 @@ BuildRecommends: libiniparser-devel License: GPLv3+ Group: Productivity/Networking/Samba -Version: 1.0 +Version: 1.2 Release: 1 Summary: A collector of smbd share usage data Url: http://github.com/hhetter/smbtad @@ -70,7 +70,8 @@ make DESTDIR=%{buildroot} install %endif popd build - +mkdir -p %{buildroot}/usr/sbin +ln -s /etc/init.d/smbtad %{buildroot}/usr/sbin/rcsmbtad %clean %__rm -rf %{buildroot} @@ -80,4 +81,5 @@ %{_bindir}/smbtad %{_sbindir}/rcsmbtad %attr(0754,root,root) %config %{INITDIR}/smbtad +%doc dist/smbtad.conf_example %changelog diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smbtad-1.1/include/configuration.h new/smbtad-1.2/include/configuration.h --- old/smbtad-1.1/include/configuration.h 2010-11-06 21:28:20.000000000 +0100 +++ new/smbtad-1.2/include/configuration.h 2010-11-15 23:31:52.000000000 +0100 @@ -42,7 +42,9 @@ char *config_file; /* daemon mode */ int daemon; - + /* 1 if a unix domain socket is used for the connection to the */ + /* module. */ + int unix_socket; /* run time configuration */ /* integers used to separate the time for the maintenance run */ int mdays,mminutes,mseconds,mhours; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smbtad-1.1/include/version.h new/smbtad-1.2/include/version.h --- old/smbtad-1.1/include/version.h 2010-11-06 21:28:20.000000000 +0100 +++ new/smbtad-1.2/include/version.h 2010-11-15 23:31:52.000000000 +0100 @@ -1,2 +1,2 @@ #define SMBTA_LICENSE "License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>" -#define STAD2_VERSION "1.1" +#define STAD2_VERSION "1.2" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smbtad-1.1/src/configuration.c new/smbtad-1.2/src/configuration.c --- old/smbtad-1.1/src/configuration.c 2010-11-06 21:28:20.000000000 +0100 +++ new/smbtad-1.2/src/configuration.c 2010-11-15 23:31:52.000000000 +0100 @@ -58,7 +58,7 @@ c->daemon = 1; c->config_file = NULL; c->dbg = 0; // debug level - + c->unix_socket = 0; c->dbhandle = NULL; c->keyfile =NULL; c->query_port = 3941; @@ -97,12 +97,14 @@ if ( Mydict == NULL ) return -1; + cc = iniparser_getstring (Mydict, "network:unix_domain_socket",NULL); + if (cc!= NULL) c->unix_socket = 1; cc = iniparser_getstring( Mydict, "network:port_number",NULL); if (cc != NULL) c->port = atoi(cc); cc = iniparser_getstring( Mydict, "network:query_port",NULL); - if (cc != NULL) c->port = atoi(cc); + if (cc != NULL) c->query_port = atoi(cc); cc = iniparser_getstring(Mydict,"database:sqlite_filename",NULL); if ( cc != NULL ) { @@ -176,15 +178,19 @@ { "database",1,NULL,'b'}, { "maintenance-timer",1,NULL,'t'}, { "maintenance-timer-config",1,NULL,'m'}, + { "unix-domain-socket",0,NULL,'u'}, { 0,0,0,0 } }; i = getopt_long( argc, argv, - "d:i:oc:k:q:b:t:m:", long_options, &option_index ); + "d:i:oc:k:q:b:t:m:u", long_options, &option_index ); if ( i == -1 ) break; switch (i) { + case 'u': + c->unix_socket = 1; + break; case 'i': c->port = atoi( optarg ); break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smbtad-1.1/src/help.c new/smbtad-1.2/src/help.c --- old/smbtad-1.1/src/help.c 2010-11-06 21:28:20.000000000 +0100 +++ new/smbtad-1.2/src/help.c 2010-11-15 23:31:52.000000000 +0100 @@ -30,6 +30,10 @@ printf("\n"); printf("-i --inet-port Specifiy the port to be used. \n"); printf(" Default: 3490. \n"); + printf("-u --unix-domain-socket If this parameter is specified, \n"); + printf(" a unix domain socket at \n"); + printf(" /var/tmp/stadsocket will be \n"); + printf(" used. \n"); printf("-d --debug-level Specify the debug level (0-10). \n"); printf(" Default: 0. \n"); printf("-o --interactive Don't run as daemon. \n"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smbtad-1.1/src/network.c new/smbtad-1.2/src/network.c --- old/smbtad-1.1/src/network.c 2010-11-06 21:28:20.000000000 +0100 +++ new/smbtad-1.2/src/network.c 2010-11-15 23:31:52.000000000 +0100 @@ -68,17 +68,30 @@ * Accept an incoming connection * and add it to the list of connections. */ -int network_accept_connection( config_t *c, struct sockaddr_in *remote, int type) +int network_accept_connection( config_t *c, struct sockaddr_in *remote_inet, struct sockaddr_un *remote_unix, int type) { - socklen_t t=sizeof(*remote); + socklen_t t; + if ( c->unix_socket ==1 ) t=sizeof(*remote_unix); + else t=sizeof(*remote_inet); int sr; int sock = 0; if (type == SOCK_TYPE_DATA) sock = c->vfs_socket; if (type == SOCK_TYPE_DB_QUERY) sock = c->query_socket; - if ( (sr = accept( sock, - (struct sockaddr *) remote, &t)) == -1) { - syslog(LOG_DEBUG,"ERROR: accept failed."); - return -1; + /* accepting on a unix socket can only happen with */ + /* SOCK_TYPE_DATA, since the client programs only */ + /* support an internet socket */ + if (c->unix_socket == 1 && type == SOCK_TYPE_DATA) { + if ( (sr = accept( sock, + (struct sockaddr *) remote_unix, &t)) == -1) { + syslog(LOG_DEBUG,"ERROR: accept (unix socket) failed."); + return -1; + } + } else { + if ( (sr = accept( sock, + (struct sockaddr *) remote_inet, &t)) == -1) { + syslog(LOG_DEBUG,"ERROR: accept (inet) failed."); + return -1; + } } connection_list_add(sr, type); return sr; @@ -332,6 +345,30 @@ } /** + * create a unix domain socket + * + */ +int network_create_unix_socket() +{ + /* Create a streaming UNIX Domain Socket */ + int s,len; + struct sockaddr_un local; + if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1){ + syslog(LOG_DAEMON, "ERROR: unix socket creation failed."); + return 1; + } + + local.sun_family= AF_UNIX; + strcpy(local.sun_path,"/var/tmp/stadsocket"); + unlink(local.sun_path); + len=strlen(local.sun_path) + sizeof(local.sun_family); + bind(s,(struct sockaddr *) &local, len); + listen(s,50); + return s; +} + + +/** * Run select() on the server handle, and call * the required functions to handle data. * config_t *c A configuration structure. @@ -340,16 +377,18 @@ { int i; int z=0; - int t; - struct sockaddr_in remote; - t=sizeof(remote); + struct sockaddr_un remote_unix; + struct sockaddr_in remote_inet; fd_set read_fd_set, active_read_fd_set; fd_set write_fd_set, active_write_fd_set; FD_ZERO(&active_read_fd_set ); FD_ZERO(&active_write_fd_set ); + if (c->unix_socket == 0) + c->vfs_socket = network_create_socket( c->port ); + else + c->vfs_socket = network_create_unix_socket(); - c->vfs_socket = network_create_socket( c->port ); c->query_socket = network_create_socket( c->query_port ); connection_list_add( c->vfs_socket, SOCK_TYPE_DATA ); @@ -375,12 +414,14 @@ if ( i == c->vfs_socket) sr = network_accept_connection( c, - &remote, + &remote_inet, + &remote_unix, SOCK_TYPE_DATA); else if ( i == c->query_socket) sr = network_accept_connection( c, - &remote, + &remote_inet, + &remote_unix, SOCK_TYPE_DB_QUERY); else { network_handle_data(i,c); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit sssd for openSUSE:Factory
by root＠hilbert.suse.de 18 Nov '10

18 Nov '10

Hello community, here is the log from the commit of package sssd for openSUSE:Factory checked in at Thu Nov 18 16:58:42 CET 2010. -------- --- sssd/sssd.changes 2010-09-13 14:30:17.000000000 +0200 +++ sssd/sssd.changes 2010-11-16 12:12:18.000000000 +0100 @@ -1,0 +2,18 @@ +Tue Nov 16 11:06:02 UTC 2010 - rhafer(a)novell.com + +- Updated to 1.4.1 + * Add support for netgroups to the LDAP and proxy providers + * Fixes a minor bug with UIDs/GIDs >= 2^31 + * Fixes a segfault in the kerberos provider + * Fixes a segfault in the NSS responder if a data provider crashes + * Correctly use sdap_netgroup_search_base + * the utility libraries libpath_utils1, libpath_utils-devel, + libref_array1 and libref_array-devel moved to their own + separate upstream project (ding-libs) + * Performance improvements made to group processing of RFC2307 + LDAP servers + * Fixed nested group issues with RFC2307bis LDAP servers without + a memberOf plugin + * Manpage reviewed and updated + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- sssd-1.3.1.tar.bz2 New: ---- sssd-1.4.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sssd.spec ++++++ --- /var/tmp/diff_new_pack.cTM36D/_old 2010-11-18 16:56:38.000000000 +0100 +++ /var/tmp/diff_new_pack.cTM36D/_new 2010-11-18 16:56:38.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package sssd (Version 1.3.1) +# spec file for package sssd (Version 1.4.1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -18,8 +18,8 @@ Name: sssd -Version: 1.3.1 -Release: 2 +Version: 1.4.1 +Release: 1 Group: System/Daemons Summary: System Security Services Daemon License: GPLv3+ and LGPLv3+ @@ -28,12 +28,6 @@ Source1: baselibs.conf BuildRoot: %{_tmppath}/%{name}-%{version}-build -%define dhash_version 0.4.0 -%define path_utils_version 0.2.0 -%define collection_version 0.5.0 -%define ini_config_version 0.6.0 -%define refarray_version 0.1.0 - ### Dependencies ### %define servicename sssd %define sssdstatedir %{_localstatedir}/lib/sss @@ -64,6 +58,11 @@ BuildRequires: python-devel BuildRequires: bind-utils BuildRequires: nscd +BuildRequires: libpath_utils-devel +BuildRequires: libdhash-devel +BuildRequires: libini_config-devel +BuildRequires: libcollection-devel +BuildRequires: libref_array-devel %description Provides a set of daemons to manage access to remote directories and @@ -102,117 +101,6 @@ Provide python module to access and manage configuration of the System Security Services Daemon (sssd). -%package -n libdhash1 -Summary: Dynamic hash table -Group: Development/Libraries/C and C++ -Version: %{dhash_version} -Release: 5 -License: LGPLv3+ - -%description -n libdhash1 -A hash table which will dynamically resize to achieve optimal storage & access -time properties - -%package -n libdhash-devel -Summary: Development files for libdhash -Group: Development/Libraries/C and C++ -Version: %{dhash_version} -Release: 5 -Requires: libdhash1 = %{dhash_version} -License: LGPLv3+ - -%description -n libdhash-devel -A hash table which will dynamically resize to achieve optimal storage & access -time properties - -%package -n libcollection2 -Summary: Collection data-type for C -Group: Development/Libraries/C and C++ -Version: %{collection_version} -Release: 2 -License: LGPLv3+ - -%description -n libcollection2 -A data-type to collect data in a heirarchical structure for easy iteration -and serialization - -%package -n libcollection-devel -Summary: Development files for libcollection -Group: Development/Libraries/C and C++ -Version: %{collection_version} -Release: 2 -Requires: libcollection2 = %{collection_version} -License: LGPLv3+ - -%description -n libcollection-devel -A data-type to collect data in a heirarchical structure for easy iteration -and serialization - -%package -n libini_config2 -Summary: INI file parser for C -Group: Development/Libraries/C and C++ -Version: %{ini_config_version} -Release: 2 -License: LGPLv3+ - -%description -n libini_config2 -Library to process config files in INI format into a libcollection data -structure - -%package -n libini_config-devel -Summary: Development files for libini_config -Group: Development/Libraries/C and C++ -Version: %{ini_config_version} -Release: 2 -Requires: libini_config2 = %{ini_config_version} -License: LGPLv3+ - -%description -n libini_config-devel -Library to process config files in INI format into a libcollection data -structure - -%package -n libpath_utils1 -Summary: Filesystem Path Utilities -Group: Development/Libraries/C and C++ -Version: %{path_utils_version} -Release: 2 -License: LGPLv3+ - -%description -n libpath_utils1 -Utility functions to manipulate filesystem pathnames - -%package -n libpath_utils-devel -Summary: Development files for libpath_utils -Group: Development/Libraries/C and C++ -Version: %{path_utils_version} -Release: 2 -Requires: libpath_utils1 = %{path_utils_version} -License: LGPLv3+ - -%description -n libpath_utils-devel -Utility functions to manipulate filesystem pathnames - -%package -n libref_array1 -Summary: A refcounted array for C -Group: Development/Libraries/C and C++ -Version: %{refarray_version} -Release: 2 -License: LGPLv3+ - -%description -n libref_array1 -A dynamically-growing, reference-counted array - -%package -n libref_array-devel -Summary: Development files for libref_array -Group: Development/Libraries/C and C++ -Version: %{refarray_version} -Release: 2 -Requires: libref_array1 = %{refarray_version} -License: LGPLv3+ - -%description -n libref_array-devel -A dynamically-growing, reference-counted array - %prep %setup -q @@ -226,13 +114,13 @@ --with-pipe-path=%{pipepath} \ --with-init-dir=%{_initrddir} \ --enable-nsslibdir=/%{_lib} \ + --enable-pammoddir=/%{_lib}/security \ --enable-cryptp=yes \ --with-ldb-lib-dir=%{_libdir}/ldb \ --with-selinux=no \ + --with-so=suse \ --with-semanage=no - -#make %{?_smp_mflags} -make +make %{?jobs:-j%jobs} %install rm -rf $RPM_BUILD_ROOT @@ -258,14 +146,7 @@ $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \ $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_simple.la \ $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la - -rm $RPM_BUILD_ROOT/%{_libdir}/*.a -%find_lang sss_daemon -#%find_lang sss_client -#cat sss_client.lang >> sss_daemon.lang - -install -d $RPM_BUILD_ROOT/%{_docdir}/dhash -mv $RPM_BUILD_ROOT/%{_datarootdir}/doc/dhash/* $RPM_BUILD_ROOT/%{_docdir}/dhash +%find_lang sssd %clean rm -rf $RPM_BUILD_ROOT @@ -280,27 +161,7 @@ %restart_on_update sssd %insserv_cleanup -%post -n libdhash1 -p /sbin/ldconfig - -%postun -n libdhash1 -p /sbin/ldconfig - -%post -n libcollection2 -p /sbin/ldconfig - -%postun -n libcollection2 -p /sbin/ldconfig - -%post -n libini_config2 -p /sbin/ldconfig - -%postun -n libini_config2 -p /sbin/ldconfig - -%post -n libpath_utils1 -p /sbin/ldconfig - -%postun -n libpath_utils1 -p /sbin/ldconfig - -%post -n libref_array1 -p /sbin/ldconfig - -%postun -n libref_array1 -p /sbin/ldconfig - -%files -f sss_daemon.lang +%files -f sssd.lang %defattr(-,root,root,-) %doc COPYING %{_initrddir}/%{name} @@ -310,7 +171,6 @@ %dir %{_libexecdir}/%{name} %{_libexecdir}/%{name}/sss* %{_libexecdir}/%{name}/*_child -%{_libexecdir}/%{name}/upgrade_config.py %{_libdir}/%{name}/libsss_krb5* %{_libdir}/%{name}/libsss_ldap* %{_libdir}/%{name}/libsss_proxy* @@ -348,6 +208,7 @@ %{_sbindir}/sss_groupdel %{_sbindir}/sss_groupmod %{_sbindir}/sss_groupshow +%attr(0755,root,root) %{_sbindir}/sss_obfuscate %files ipa-provider %defattr(-,root,root,-) @@ -361,55 +222,4 @@ %{python_sitelib}/*.py* %{python_sitelib}/*.egg-info -%files -n libdhash1 -%defattr(-,root,root,-) -%{_libdir}/libdhash.so.* - -%files -n libdhash-devel -%defattr(-,root,root,-) -%{_libdir}/libdhash.so -%{_libdir}/pkgconfig/dhash.pc -%{_prefix}/include/dhash.h -%doc %{_docdir}/dhash - -%files -n libini_config2 -%defattr(-,root,root,-) -%{_libdir}/libini_config.so.* - -%files -n libini_config-devel -%defattr(-,root,root,-) -%{_libdir}/libini_config.so -%{_libdir}/pkgconfig/ini_config.pc -%{_prefix}/include/ini_config.h - -%files -n libcollection2 -%defattr(-,root,root,-) -%{_libdir}/libcollection.so.* - -%files -n libcollection-devel -%defattr(-,root,root,-) -%{_libdir}/libcollection.so -%{_libdir}/pkgconfig/collection.pc -%{_prefix}/include/collection*.h - -%files -n libpath_utils1 -%defattr(-,root,root,-) -%{_libdir}/libpath_utils.so.* - -%files -n libpath_utils-devel -%defattr(-,root,root,-) -%{_libdir}/libpath_utils.so -%{_libdir}/pkgconfig/path_utils.pc -%{_prefix}/include/path_utils*.h - -%files -n libref_array1 -%defattr(-,root,root,-) -%{_libdir}/libref_array.so.* - -%files -n libref_array-devel -%defattr(-,root,root,-) -%{_libdir}/libref_array.so -%{_libdir}/pkgconfig/ref_array.pc -%{_prefix}/include/ref_array*.h - %changelog ++++++ sssd-1.3.1.tar.bz2 -> sssd-1.4.1.tar.bz2 ++++++ ++++ 425156 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit strongswan for openSUSE:Factory
by root＠hilbert.suse.de 18 Nov '10

18 Nov '10

Hello community, here is the log from the commit of package strongswan for openSUSE:Factory checked in at Thu Nov 18 16:56:26 CET 2010. -------- --- strongswan/strongswan.changes 2010-08-02 12:52:54.000000000 +0200 +++ strongswan/strongswan.changes 2010-11-16 13:10:30.000000000 +0100 @@ -1,0 +2,106 @@ +Tue Nov 16 12:01:46 UTC 2010 - mt(a)suse.de + +- Updated to strongSwan 4.5.0 release, changes since 4.4.1 are: + * IMPORTANT: the default keyexchange mode 'ike' is changing with + release 4.5 from 'ikev1' to 'ikev2', thus commemorating the five + year anniversary of the IKEv2 RFC 4306 and its mature successor + RFC 5996. The time has definitively come for IKEv1 to go into + retirement and to cede its place to the much more robust, powerful + and versatile IKEv2 protocol! + * Added new ctr, ccm and gcm plugins providing Counter, Counter + with CBC-MAC and Galois/Counter Modes based on existing CBC + implementations. These new plugins bring support for AES and + Camellia Counter and CCM algorithms and the AES GCM algorithms + for use in IKEv2. + * The new pkcs11 plugin brings full Smartcard support to the IKEv2 + daemon and the pki utility using one or more PKCS#11 libraries. It + currently supports RSA private and public key operations and loads + X.509 certificates from tokens. + * Implemented a general purpose TLS stack based on crypto and + credential primitives of libstrongswan. libtls supports TLS + versions 1.0, 1.1 and 1.2, ECDHE-ECDSA/RSA, DHE-RSA and RSA key + exchange algorithms and RSA/ECDSA based client authentication. + * Based on libtls, the eap-tls plugin brings certificate based EAP + authentication for client and server. It is compatible to Windows + 7 IKEv2 Smartcard authentication and the OpenSSL based FreeRADIUS + EAP-TLS backend. + * Implemented the TNCCS 1.1 Trusted Network Connect protocol using + the libtnc library on the strongSwan client and server side via + the tnccs_11 plugin and optionally connecting to a TNC@FHH-enhanced + FreeRADIUS AAA server. Depending on the resulting TNC Recommendation, + strongSwan clients are granted access to a network behind a + strongSwan gateway (allow), are put into a remediation zone (isolate) + or are blocked (none), respectively. + Any number of Integrity Measurement Collector/Verifier pairs can be + attached via the tnc-imc and tnc-imv charon plugins. + * The IKEv1 daemon pluto now uses the same kernel interfaces as the + IKEv2 daemon charon. As a result of this, pluto now supports xfrm + marks which were introduced in charon with 4.4.1. + * The RADIUS plugin eap-radius now supports multiple RADIUS servers + for redundant setups. Servers are selected by a defined priority, + server load and availability. + * The simple led plugin controls hardware LEDs through the Linux LED + subsystem. It currently shows activity of the IKE daemon and is a + good example how to implement a simple event listener. + * Improved MOBIKE behavior in several corner cases, for instance, + if the initial responder moves to a different address. + * Fixed left-/rightnexthop option, which was broken since 4.4.0. + * Fixed a bug not releasing a virtual IP address to a pool if the + XAUTH identity was different from the IKE identity. + * Fixed the alignment of ModeConfig messages on 4-byte boundaries + in the case where the attributes are not a multiple of 4 bytes + (e.g. Cisco's UNITY_BANNER). + * Fixed the interoperability of the socket_raw and socket_default + charon plugins. + * Added man page for strongswan.conf +- Adopted spec file, removed obsolete error range patch. + +------------------------------------------------------------------- +Tue Aug 10 11:43:38 UTC 2010 - mt(a)suse.de + +- Updated to strongSwan 4.4.1 release, changes since 4.4.0 are: + * Support of xfrm marks in IPsec SAs and IPsec policies introduced + with the Linux 2.6.34 kernel. + For details see the example scenarios ikev2/nat-two-rw-mark, + ikev2/rw-nat-mark-in-out and ikev2/net2net-psk-dscp. + * The PLUTO_MARK_IN and PLUTO_ESP_ENC environment variables can be + used in a user-specific updown script to set marks on inbound ESP + or ESP_IN_UDP packets. + * The openssl plugin now supports X.509 certificate and CRL functions. + * OCSP/CRL checking in IKEv2 has been moved to the revocation plugin, + enabled by default. + Plase update manual load directives in strongswan.conf. + * RFC3779 ipAddrBlock constraint checking has been moved to the + addrblock plugin, disabled by default. Enable it and update manual + load directives in strongswan.conf, if required. + * The pki utility supports CRL generation using the --signcrl command. + * The ipsec pki --self, --issue and --req commands now support output + in PEM format using the --outform pem option. + * The major refactoring of the IKEv1 Mode Config functionality now + allows the transport and handling of any Mode Config attribute. + * The RADIUS proxy plugin eap-radius now supports multiple servers. + Configured servers are chosen randomly, with the option to prefer + a specific server. Non-responding servers are degraded by the + selection process. + * The ipsec pool tool manages arbitrary configuration attributes + stored in an SQL database. ipsec pool --help gives the details. + * The new eap-simaka-sql plugin acts as a backend for EAP-SIM and + EAP-AKA, reading triplets/quintuplets from an SQL database. + * The High Availability plugin now supports a HA enabled in-memory + address pool and Node reintegration without IKE_SA rekeying. The + latter allows clients without IKE_SA rekeying support to keep + connected during reintegration. Additionally, many other issues + have been fixed in the ha plugin. + * Fixed a potential remote code execution vulnerability resulting + from the misuse of snprintf(). The vulnerability is exploitable + by unauthenticated users. +- Removed obsolete snprintf security fix, adopted spec file +- Enabled the eap-sim,eap-sim-file,eap-simaka-sql,eap-simaka-reauth, + eap-simaka-pseudonym,eap-aka-3gpp2,md4,blowfish,addrblock plugins. +- Enabled the mysql, sqlite, load-tester and test-vectors plugins, + that are packaged into separate mysql,sqlite,tests sub packages. +- Disabled sqlite plugin on SLE-10 -- sqlite3 lib is too old there. +- Applied patch by Jiri Bohac fixing error-type range in parsing of + NOTIFY payloads (RFC 4306, section 3.10.1). + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- strongswan-4.4.0-snprintf-fix.diff strongswan-4.4.0.tar.bz2 strongswan-4.4.0.tar.bz2.sig New: ---- strongswan-4.5.0-rpmlintrc strongswan-4.5.0.tar.bz2 strongswan-4.5.0.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ strongswan.spec ++++++ --- /var/tmp/diff_new_pack.2rcY5W/_old 2010-11-18 16:53:13.000000000 +0100 +++ /var/tmp/diff_new_pack.2rcY5W/_new 2010-11-18 16:53:13.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package strongswan (Version 4.4.0) +# spec file for package strongswan (Version 4.5.0) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,11 +19,11 @@ Name: strongswan -%define upstream_version 4.4.0 +%define upstream_version 4.5.0 %define strongswan_docdir %{_docdir}/%{name} %define strongswan_plugins %{_libexecdir}/ipsec/plugins -Version: 4.4.0 -Release: 6 +Version: 4.5.0 +Release: 1 License: GPLv2+ Group: Productivity/Networking/Security Summary: OpenSource IPsec-based VPN Solution @@ -38,7 +38,6 @@ Source3: %{name}-%{version}-rpmlintrc Source4: README.SUSE Patch1: %{name}_modprobe_syslog.patch -Patch2: %{name}-4.4.0-snprintf-fix.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison flex gmp-devel gperf pkg-config BuildRequires: libcap-devel @@ -49,7 +48,9 @@ %if 0%{suse_version} >= 1110 BuildRequires: libuuid-devel BuildRequires: NetworkManager-devel +BuildRequires: sqlite3-devel %endif +BuildRequires: libmysqlclient-devel %description StrongSwan is an OpenSource IPsec-based VPN Solution for Linux @@ -116,6 +117,44 @@ This package provides the strongswan library and plugins. +%package mysql +License: GPLv2+ +Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security +Requires: strongswan-libs0 = %{version} + +%description mysql +StrongSwan is an OpenSource IPsec-based VPN Solution for Linux + +This package provides the strongswan mysql plugin. + +%if 0%{suse_version} >= 1110 + +%package sqlite +License: GPLv2+ +Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security +Requires: strongswan-libs0 = %{version} + +%description sqlite +StrongSwan is an OpenSource IPsec-based VPN Solution for Linux + +This package provides the strongswan sqlite plugin. + +%endif + +%package tests +License: GPLv2+ +Summary: OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security +Requires: strongswan-libs0 = %{version} + +%description tests +StrongSwan is an OpenSource IPsec-based VPN Solution for Linux + +This package provides the strongswan crypto test-vectors plugin +and the load testing plugin for IKEv2 daemon. + %package ikev1 License: GPLv2+ Summary: OpenSource IPsec-based VPN Solution @@ -190,7 +229,6 @@ %prep %setup -q -n %{name}-%{upstream_version} %patch1 -p0 -%patch2 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init @@ -211,24 +249,36 @@ --enable-cisco-quirks \ --enable-openssl \ --enable-agent \ + --enable-md4 \ + --enable-blowfish \ + --enable-eap-sim \ + --enable-eap-sim-file \ + --enable-eap-simaka-sql \ + --enable-eap-simaka-pseudonym \ + --enable-eap-simaka-reauth \ --enable-eap-md5 \ --enable-eap-gtc \ --enable-eap-aka \ --enable-eap-radius \ --enable-eap-identity \ --enable-eap-mschapv2 \ + --enable-eap-aka-3gpp2 \ --enable-ha \ --enable-dhcp \ --enable-farp \ --enable-sql \ --enable-attr-sql \ - --enable-socket-dynamic \ + --enable-addrblock \ %if 0%{suse_version} >= 1110 --enable-gcrypt \ --enable-nm \ + --enable-sqlite \ %endif --enable-ldap \ - --enable-curl + --enable-curl \ + --enable-mysql \ + --enable-load-tester \ + --enable-test-vectors make %{?_smp_mflags:%_smp_mflags} %install @@ -308,6 +358,7 @@ %{_mandir}/man8/ipsec.8* %{_mandir}/man5/ipsec.conf.5* %{_mandir}/man5/ipsec.secrets.5* +%{_mandir}/man5/strongswan.conf.5* %dir %{_libexecdir}/ipsec %{_libexecdir}/ipsec/_updown %{_libexecdir}/ipsec/_updown_espmark @@ -390,20 +441,28 @@ %dir %{_libexecdir}/ipsec/pool %{_libexecdir}/ipsec/libchecksum.so %dir %{strongswan_plugins} +%{strongswan_plugins}/libstrongswan-addrblock.so %{strongswan_plugins}/libstrongswan-aes.so %{strongswan_plugins}/libstrongswan-agent.so %{strongswan_plugins}/libstrongswan-attr.so %{strongswan_plugins}/libstrongswan-attr-sql.so +%{strongswan_plugins}/libstrongswan-blowfish.so %{strongswan_plugins}/libstrongswan-curl.so %{strongswan_plugins}/libstrongswan-des.so %{strongswan_plugins}/libstrongswan-dhcp.so %{strongswan_plugins}/libstrongswan-dnskey.so +%{strongswan_plugins}/libstrongswan-eap-aka-3gpp2.so %{strongswan_plugins}/libstrongswan-eap-aka.so %{strongswan_plugins}/libstrongswan-eap-gtc.so %{strongswan_plugins}/libstrongswan-eap-identity.so %{strongswan_plugins}/libstrongswan-eap-md5.so %{strongswan_plugins}/libstrongswan-eap-mschapv2.so %{strongswan_plugins}/libstrongswan-eap-radius.so +%{strongswan_plugins}/libstrongswan-eap-simaka-pseudonym.so +%{strongswan_plugins}/libstrongswan-eap-simaka-reauth.so +%{strongswan_plugins}/libstrongswan-eap-simaka-sql.so +%{strongswan_plugins}/libstrongswan-eap-sim-file.so +%{strongswan_plugins}/libstrongswan-eap-sim.so %{strongswan_plugins}/libstrongswan-farp.so %{strongswan_plugins}/libstrongswan-fips-prf.so %if 0%{suse_version} >= 1110 @@ -414,6 +473,7 @@ %{strongswan_plugins}/libstrongswan-hmac.so %{strongswan_plugins}/libstrongswan-kernel-netlink.so %{strongswan_plugins}/libstrongswan-ldap.so +%{strongswan_plugins}/libstrongswan-md4.so %{strongswan_plugins}/libstrongswan-md5.so %{strongswan_plugins}/libstrongswan-openssl.so %{strongswan_plugins}/libstrongswan-pem.so @@ -422,13 +482,33 @@ %{strongswan_plugins}/libstrongswan-pubkey.so %{strongswan_plugins}/libstrongswan-random.so %{strongswan_plugins}/libstrongswan-resolve.so +%{strongswan_plugins}/libstrongswan-revocation.so %{strongswan_plugins}/libstrongswan-sha1.so %{strongswan_plugins}/libstrongswan-sha2.so -%{strongswan_plugins}/libstrongswan-socket-dynamic.so -%{strongswan_plugins}/libstrongswan-socket-raw.so +%{strongswan_plugins}/libstrongswan-socket*.so %{strongswan_plugins}/libstrongswan-sql.so %{strongswan_plugins}/libstrongswan-x509.so +%{strongswan_plugins}/libstrongswan-xauth.so %{strongswan_plugins}/libstrongswan-xcbc.so %dir %ghost %{_localstatedir}/run/strongswan +%files mysql +%defattr(-,root,root) +%dir %{strongswan_plugins} +%{strongswan_plugins}/libstrongswan-mysql.so + +%if 0%{suse_version} >= 1110 + +%files sqlite +%defattr(-,root,root) +%dir %{strongswan_plugins} +%{strongswan_plugins}/libstrongswan-sqlite.so +%endif + +%files tests +%defattr(-,root,root) +%dir %{strongswan_plugins} +%{strongswan_plugins}/libstrongswan-load-tester.so +%{strongswan_plugins}/libstrongswan-test-vectors.so + %changelog ++++++ README.SUSE ++++++ --- /var/tmp/diff_new_pack.2rcY5W/_old 2010-11-18 16:53:13.000000000 +0100 +++ /var/tmp/diff_new_pack.2rcY5W/_new 2010-11-18 16:53:13.000000000 +0100 @@ -1,14 +1,30 @@ Dear Customer, -this package does no provide any files any more, but triggers the -installation of both, IKEv1 (pluto) and IKEv2 (charon) daemons and -the traditional starter scripts inclusive of the /etc/init.d/ipsec -init script and /etc/ipsec.conf file. - -There is a new strongswan-nm package with a NetworkManager plugin -to control the charon IKEv2 daemon through D-Bus, designed to work -using the NetworkManager-strongswan graphical user interface. -It does not depend on the traditional starter scripts, but on the -IKEv2 charon daemon and plugins only. +please note, that the strongswan release 4.5 changes the keyexchange mode +to IKEv2 as default -- from strongswan-4.5.0/NEWS: +"[...] +IMPORTANT: the default keyexchange mode 'ike' is changing with release 4.5 +from 'ikev1' to 'ikev2', thus commemorating the five year anniversary of the +IKEv2 RFC 4306 and its mature successor RFC 5996. The time has definitively +come for IKEv1 to go into retirement and to cede its place to the much more +robust, powerful and versatile IKEv2 protocol! +[...]" + +This requires adoption of either the "conn %default" or all other IKEv1 +"conn" sections in the /etc/ipsec.conf to use explicit: + + keyexchange=ikev1 + + +The strongswan package does no provide any files any more, but triggers +the installation of both, IKEv1 (pluto) and IKEv2 (charon) daemons and the +traditional starter scripts inclusive of the /etc/init.d/ipsec init script +and /etc/ipsec.conf file. + +There is a new strongswan-nm package with a NetworkManager plugin to +control the charon IKEv2 daemon through D-Bus, designed to work using the +NetworkManager-strongswan graphical user interface. +It does not depend on the traditional starter scripts, but on the IKEv2 +charon daemon and plugins only. Have a lot of fun... ++++++ strongswan-4.5.0-rpmlintrc ++++++ ### Known warnings: # - traditional name addFilter("strongswan.* incoherent-init-script-name ipsec") # - readme only, triggers full ipsec + ikev1&ikev2 install addFilter("strongswan.* no-binary") ++++++ strongswan-4.4.0.tar.bz2 -> strongswan-4.5.0.tar.bz2 ++++++ ++++ 185214 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit SuSEfirewall2 for openSUSE:Factory
by root＠hilbert.suse.de 18 Nov '10

18 Nov '10

Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at Thu Nov 18 16:51:42 CET 2010. -------- --- SuSEfirewall2/SuSEfirewall2.changes 2010-08-16 09:33:05.000000000 +0200 +++ SuSEfirewall2/SuSEfirewall2.changes 2010-11-16 16:03:20.000000000 +0100 @@ -1,0 +2,8 @@ +Tue Nov 16 15:01:04 UTC 2010 - lnussel(a)suse.de + +- list some known rpc services as Should-Start +- don't filter outgoing packets at all +- fix an example (bnc#641907) +- fix status check in SuSEfirewall2_init (bnc#628751) + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- SuSEfirewall2-3.6.249.tar.bz2 New: ---- SuSEfirewall2-3.6.253.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.K5LiTy/_old 2010-11-18 16:50:44.000000000 +0100 +++ /var/tmp/diff_new_pack.K5LiTy/_new 2010-11-18 16:50:44.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package SuSEfirewall2 (Version 3.6.249) +# spec file for package SuSEfirewall2 (Version 3.6.253) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -20,8 +20,8 @@ Name: SuSEfirewall2 -Version: 3.6.249 -Release: 2 +Version: 3.6.253 +Release: 1 License: GPLv2+ Group: Productivity/Networking/Security Url: http://en.opensuse.org/SuSEfirewall2 ++++++ SuSEfirewall2-3.6.249.tar.bz2 -> SuSEfirewall2-3.6.253.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.249/SuSEfirewall2 new/SuSEfirewall2-3.6.253/SuSEfirewall2 --- old/SuSEfirewall2-3.6.249/SuSEfirewall2 2010-06-29 15:46:24.000000000 +0200 +++ new/SuSEfirewall2-3.6.253/SuSEfirewall2 2010-11-16 16:00:24.000000000 +0100 @@ -1414,8 +1414,6 @@ $iptables -A FORWARD -j "$DROP" # this is an unneeded rule, but looks nice :) fi - $iptables -A OUTPUT -j ACCEPT -m conntrack --ctstate NEW,ESTABLISHED,RELATED - $LDAC $iptables -A OUTPUT ${LOG}"-OUT-ERROR " # we want to let locally generated packets out since our task is not # to protect the world from us, but protect us from the world ;) # policy is ACCEPT $iptables -A OUTPUT -j ACCEPT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.249/SuSEfirewall2.sysconfig new/SuSEfirewall2-3.6.253/SuSEfirewall2.sysconfig --- old/SuSEfirewall2-3.6.249/SuSEfirewall2.sysconfig 2010-06-29 15:46:24.000000000 +0200 +++ new/SuSEfirewall2-3.6.253/SuSEfirewall2.sysconfig 2010-11-16 16:00:24.000000000 +0100 @@ -313,7 +313,7 @@ # FW_SERVICES_$zone_$protocol, ie has precedence over # FW_SERVICES_ACCEPT_* # -# Example: "samba-server nfs-server" +# Example: "samba-server nfs-kernel-server" FW_CONFIGURATIONS_EXT="" ## Type: string diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.249/SuSEfirewall2_init new/SuSEfirewall2-3.6.253/SuSEfirewall2_init --- old/SuSEfirewall2-3.6.249/SuSEfirewall2_init 2010-06-29 15:46:24.000000000 +0200 +++ new/SuSEfirewall2-3.6.253/SuSEfirewall2_init 2010-11-16 16:00:24.000000000 +0100 @@ -63,7 +63,7 @@ ;; status) echo -n "Checking the status of SuSEfirewall2 " - iptables -nL reject_func >/dev/null 2>&1 || rc_failed 3 + { test -e /proc/net/ip_tables_names && iptables -nL reject_func >/dev/null 2>&1; } || rc_failed 3 rc_status -v ;; *) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.249/SuSEfirewall2_setup new/SuSEfirewall2-3.6.253/SuSEfirewall2_setup --- old/SuSEfirewall2-3.6.249/SuSEfirewall2_setup 2010-06-29 15:46:24.000000000 +0200 +++ new/SuSEfirewall2-3.6.253/SuSEfirewall2_setup 2010-11-16 16:00:24.000000000 +0100 @@ -11,7 +11,7 @@ ### BEGIN INIT INFO # Provides: SuSEfirewall2_setup # Required-Start: SuSEfirewall2_init $network $remote_fs -# Should-Start: $ALL +# Should-Start: $ALL network-remotefs ypbind nfs nfsserver rpcbind # Required-Stop: $remote_fs # Should-Stop: $null # Default-Start: 3 4 5 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0