March 2010 - openSUSE Commits - openSUSE Mailing Lists

commit parrot for openSUSE:Factory
by root＠Hilbert.suse.de 19 Mar '10

19 Mar '10

Hello community, here is the log from the commit of package parrot for openSUSE:Factory checked in at Fri Mar 19 16:34:53 CET 2010. -------- --- parrot/parrot.changes 2010-02-19 12:44:05.000000000 +0100 +++ parrot/parrot.changes 2010-03-19 16:28:17.000000000 +0100 @@ -1,0 +2,8 @@ +Wed Mar 17 14:17:45 CET 2010 - mls(a)suse.de + +- update to parrot-2.2.0 + * Most internal allocations now use the GC + * RNG non-randomness fixes + * Elimination of much dead code + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- parrot-2.1.1.tar.bz2 New: ---- parrot-2.2.0.tar.bz2 parrot.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ parrot.spec ++++++ --- /var/tmp/diff_new_pack.GBYfMd/_old 2010-03-19 16:34:11.000000000 +0100 +++ /var/tmp/diff_new_pack.GBYfMd/_new 2010-03-19 16:34:11.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package parrot (Version 2.1.1) +# spec file for package parrot (Version 2.2.0) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -18,14 +18,15 @@ Name: parrot -Version: 2.1.1 +Version: 2.2.0 Release: 1 -%define pversion 2_1_1 +%define pversion 2_2_0 Summary: Parrot Virtual Machine License: Artistic 2.0 Group: Development/Libraries Url: http://www.parrot.org/ Source0: parrot-%{version}.tar.bz2 +Patch0: parrot.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: readline-devel BuildRequires: ncurses-devel @@ -46,6 +47,7 @@ %package -n libparrot%pversion + Summary: Parrot Virtual Machine Library License: Artistic 2.0 Group: Development/Libraries @@ -83,6 +85,7 @@ %prep %setup -q +%patch0 %{__perl} -pi -e 's,"lib/,"%{_lib}/, if (/CONST_STRING\(interp,/)' \ src/library.c %{__perl} -pi -e "s,'/usr/lib','%{_libdir}',;s,runtime/lib/,runtime/%{_lib}/," \ ++++++ parrot-2.1.1.tar.bz2 -> parrot-2.2.0.tar.bz2 ++++++ ++++ 99494 lines of diff (skipped) ++++++ parrot.diff ++++++ --- ./src/packfile.c.orig 2010-03-16 05:15:34.000000000 +0000 +++ ./src/packfile.c 2010-03-17 13:44:10.000000000 +0000 @@ -4442,8 +4442,7 @@ PackFile_Annotations_add_group(PARROT_IN /* Allocate extra space for the group in the groups array. */ if (self->groups) - self->groups = - self->groups = mem_gc_realloc_n_typed_zeroed(interp, self->groups, + self->groups = mem_gc_realloc_n_typed_zeroed(interp, self->groups, 1 + self->num_groups, self->num_groups, PackFile_Annotations_Group *); else self->groups = mem_gc_allocate_n_typed(interp, --- ./src/pmc.c.orig 2010-03-16 05:15:34.000000000 +0000 +++ ./src/pmc.c 2010-03-17 13:32:50.000000000 +0000 @@ -584,7 +584,7 @@ Parrot_pmc_new_init_int(PARROT_INTERP, I if (!PMC_IS_NULL(classobj) && PObj_is_class_TEST(classobj)) { PMC *initial = Parrot_pmc_new(interp, Parrot_get_ctx_HLL_type(interp, enum_class_Integer)); VTABLE_set_integer_native(interp, initial, init); - VTABLE_instantiate(interp, classobj, initial); + return VTABLE_instantiate(interp, classobj, initial); } else { PMC * const pmc = get_new_pmc_header(interp, base_type, 0); --- ./tools/dev/pbc_to_exe.pir.orig 2010-03-17 14:04:34.000000000 +0000 +++ ./tools/dev/pbc_to_exe.pir 2010-03-17 14:05:34.000000000 +0000 @@ -510,10 +510,11 @@ END_OF_FUNCTION .param int install :optional $P0 = '_config'() - .local string cc, ccflags, cc_o_out, osname, build_dir, slash + .local string cc, ccflags, optimize, cc_o_out, osname, build_dir, slash .local string installed, includepath, versiondir cc = $P0['cc'] ccflags = $P0['ccflags'] + optimize = $P0['optimize'] cc_o_out = $P0['cc_o_out'] osname = $P0['osname'] build_dir = $P0['build_dir'] @@ -547,6 +548,8 @@ END_OF_FUNCTION compile .= pathquote compile .= ' ' compile .= ccflags + compile .= ' ' + compile .= optimize compile .= ' -c ' compile .= cfile ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit SuSEfirewall2 for openSUSE:Factory
by root＠Hilbert.suse.de 19 Mar '10

19 Mar '10

Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at Fri Mar 19 15:22:18 CET 2010. -------- --- SuSEfirewall2/SuSEfirewall2.changes 2010-02-16 14:53:55.000000000 +0100 +++ SuSEfirewall2/SuSEfirewall2.changes 2010-03-19 15:15:57.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Mar 19 13:34:10 UTC 2010 - lnussel(a)suse.de + +- add entry about drbd to FAQ +- update docu +- implement FW_BOOT_FULL_INIT + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- SuSEfirewall2-3.6.231.tar.bz2 New: ---- SuSEfirewall2-3.6.238.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.8kBY2T/_old 2010-03-19 15:21:49.000000000 +0100 +++ /var/tmp/diff_new_pack.8kBY2T/_new 2010-03-19 15:21:49.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package SuSEfirewall2 (Version 3.6.231) +# spec file for package SuSEfirewall2 (Version 3.6.238) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -20,7 +20,7 @@ Name: SuSEfirewall2 -Version: 3.6.231 +Version: 3.6.238 Release: 1 License: GPLv2+ Group: Productivity/Networking/Security ++++++ SuSEfirewall2-3.6.231.tar.bz2 -> SuSEfirewall2-3.6.238.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.231/SuSEfirewall2.sysconfig new/SuSEfirewall2-3.6.238/SuSEfirewall2.sysconfig --- old/SuSEfirewall2-3.6.231/SuSEfirewall2.sysconfig 2010-02-16 16:18:45.000000000 +0100 +++ new/SuSEfirewall2-3.6.238/SuSEfirewall2.sysconfig 2010-03-19 15:14:46.000000000 +0100 @@ -586,8 +586,6 @@ ## Type: string # -# 13a.) -# # same as FW_FORWARD but packages are rejected instead of accepted # # Requires: FW_ROUTE @@ -596,8 +594,6 @@ ## Type: string # -# 13b.) -# # same as FW_FORWARD but packages are dropped instead of accepted # # Requires: FW_ROUTE @@ -1010,7 +1006,6 @@ ## Type: yesno ## Default: yes # -# 28a.) # Reject outgoing IPv6 Packets? # # Set to yes to avoid timeouts because of dropped IPv6 Packets. This Option @@ -1189,3 +1184,15 @@ # Defaults to "yes" if not set # FW_LO_NOTRACK= + +## Type: yesno +## Default: no +# +# Specifies whether /etc/init.d/SuSEfirewall2_init should install the +# full rule set already. Default is to just install minimum rules +# that block incoming traffic. Set to "yes" if you user services +# such as drbd that require open ports during boot already. +# +# Defaults to "no" if not set +# +FW_BOOT_FULL_INIT="" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.231/SuSEfirewall2_init new/SuSEfirewall2-3.6.238/SuSEfirewall2_init --- old/SuSEfirewall2-3.6.231/SuSEfirewall2_init 2010-02-16 16:18:45.000000000 +0100 +++ new/SuSEfirewall2-3.6.238/SuSEfirewall2_init 2010-03-19 15:14:46.000000000 +0100 @@ -25,6 +25,11 @@ test -x $SUSEFWALL || exit 5 test -r /etc/sysconfig/SuSEfirewall2 || exit 6 +startmode=close +if (. /etc/sysconfig/SuSEfirewall2; test "$FW_BOOT_FULL_INIT" = yes); then + startmode=start +fi >/dev/null 2>&1 + . /etc/rc.status rc_reset @@ -35,7 +40,7 @@ if test -x /usr/sbin/iptables; then echo -n '(phase 1 of 2) ' /bin/rm -rf /var/run/SuSEfirewall2 - $SUSEFWALL --bootlock -q close + $SUSEFWALL --bootlock -q $startmode else echo -n "${extd}iptables not available (yet)${norm}" rc_failed 5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.231/doc/FAQ.SuSEfirewall2.html new/SuSEfirewall2-3.6.238/doc/FAQ.SuSEfirewall2.html --- old/SuSEfirewall2-3.6.231/doc/FAQ.SuSEfirewall2.html 2010-02-16 16:18:45.000000000 +0100 +++ new/SuSEfirewall2-3.6.238/doc/FAQ.SuSEfirewall2.html 2010-03-19 15:14:46.000000000 +0100 @@ -1,88 +1,30 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>SuSEfirewall2 FAQ</title><link rel="stylesheet" href="susebooks.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="SuSEfirewall2 FAQ"><div class="titlepage"><div><div><h2 class="title"><a id="id311997"></a>SuSEfirewall2 FAQ</h2></div></div><hr /></div><div class="qandaset" title="Frequently Asked Questions"><a id="id312008"></a><dl><dt>1. <a href="#id312011"> - How do I allow access to my application XYZ on my firewall? - </a></dt><dt>2. <a href="#id274901"> - How can I reduce the generated rule set as much as possible? - </a></dt><dt>3. <a href="#id274280"> - How can I be sure that the firewall rules are active when I connect - to the internet? - </a></dt><dt>4. <a href="#id274340"> - How many interfaces are supported for each zone (EXT/DMZ/INT)? - </a></dt><dt>5. <a href="#id274358"> +<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>SuSEfirewall2 FAQ</title><link rel="stylesheet" href="susebooks.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="SuSEfirewall2 FAQ"><div class="titlepage"><div><div><h2 class="title"><a id="id301529"></a>SuSEfirewall2 FAQ</h2></div></div><hr /></div><div class="qandaset" title="Frequently Asked Questions"><a id="id301543"></a><dl><dt>1. <a href="#id301545"> Why is communication between two interfaces in the same zone not working? - </a></dt><dt>6. <a href="#id274386"> - I have set a web server in my DMZ. How do I configure SuSEfirewall2 to let - people on the internet access my pages? - </a></dt><dt>7. <a href="#id293638"> - What if my Server has a private IP address, how do I enable external access then? - </a></dt><dt>8. <a href="#id293686">Some service does not work when the firewall is enabled. How do I find out what's wrong? - </a></dt><dt>9. <a href="#id273985"> + </a></dt><dt>2. <a href="#id265830">Some service does not work when the firewall is enabled. How do I find out what's wrong? + </a></dt><dt>3. <a href="#id297412"> Some web site that offers port scanning claims my system is not protected properly as it still responds to ICMP echo requests (ping) - </a></dt><dt>10. <a href="#id274007"> + </a></dt><dt>4. <a href="#id304338"> Can't the evil guys detect whether my host is online if it responds to ICMP echo requests? - </a></dt><dt>11. <a href="#id274028"> + </a></dt><dt>5. <a href="#id305185"> SuSEfirewall2 drops most packets but it doesn't fully hide the presence of my machine. Isn't that a security hole? - </a></dt><dt>12. <a href="#id274048"> + </a></dt><dt>6. <a href="#id292467"> The ipsec0 interface I had with kernel 2.4 is gone. How do I assign IPsec traffic to a different zone now? - </a></dt><dt>13. <a href="#id274099"> + </a></dt><dt>7. <a href="#id300867"> Why is SuSEfirewall2 so slow? / Can't you just use iptables-restore? - </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%" /><col /><tbody><tr class="question" title="1."><td align="left" valign="top"><a id="id312011"></a><a id="id312013"></a><p><b>1.</b></p></td><td align="left" valign="top"><p> - How do I allow access to my application XYZ on my firewall? - </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> - - Usually you need an entry in <code class="varname">FW_SERVICES_EXT_TCP</code> - or <code class="varname">FW_SERVICES_EXT_UDP</code>. The most common problem is - to determine which port the application uses. Let's say you are - running an apache web server and want to allow access to it. Execute - <span class="command"><strong>netstat -tunlp</strong></span> and look for httpd. You will - see a line like this: - - </p><div class="informalexample"><pre class="screen">tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4497/httpd</pre></div><p> - - The number 80 is the port you are looking for. In this example put it - into <code class="varname">FW_SERVICES_EXT_TCP</code> and execute - <span class="command"><strong>SuSEfirewall2</strong></span> again. - - </p></td></tr><tr class="question" title="2."><td align="left" valign="top"><a id="id274901"></a><a id="id274904"></a><p><b>2.</b></p></td><td align="left" valign="top"><p> - How can I reduce the generated rule set as much as possible? - </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> - Set <code class="varname">FW_PROTECT_FROM_INTERNAL</code> to <code class="literal">"no"</code> - </p></li><li class="listitem"><p> - Disable Logging - </p></li><li class="listitem"><p> - Set all <code class="varname">FW_ALLOW_*</code> and - <code class="varname">FW_SERVICE_*</code> to no - </p></li><li class="listitem"><p> - Do not use routing or masquerading - </p></li><li class="listitem"><p> - Only enable routing/services you really need and make the statements - as general as possible to reduce the number of definitions. - Then you will have got much less rules, but also a lesser security. - Better spend 50$ on a faster processor and more ram instead of - using an old 486 as firewall. - </p></li></ul></div></td></tr><tr class="question" title="3."><td align="left" valign="top"><a id="id274280"></a><a id="id274283"></a><p><b>3.</b></p></td><td align="left" valign="top"><p> - How can I be sure that the firewall rules are active when I connect - to the internet? - </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> - - Make sure that the <code class="literal">SuSEfirewall2</code> boot scripts are - enabled and that <code class="filename">/etc/sysconfig/network/config</code> - contains <code class="literal">FIREWALL=yes</code>. Also check that the - <code class="filename">/etc/sysconfig/network/ifcfg-*</code> files don't - contain <code class="literal">FIREWALL="no"</code>. You can check whether - packet filtering rules are actually installed with the command - <span class="command"><strong>SuSEfirewall2 status</strong></span> - - </p></td></tr><tr class="question" title="4."><td align="left" valign="top"><a id="id274340"></a><a id="id274342"></a><p><b>4.</b></p></td><td align="left" valign="top"><p> - How many interfaces are supported for each zone (EXT/DMZ/INT)? - </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> - Any number you want - </p></td></tr><tr class="question" title="5."><td align="left" valign="top"><a id="id274358"></a><a id="id274361"></a><p><b>5.</b></p></td><td align="left" valign="top"><p> + </a></dt><dt>8. <a href="#id283911"> + Enabling drbd blocks the boot process. How to get around that? + </a></dt><dt>9. <a href="#id265332"> + My wireless LAN network interface is configured for the + external zone. Sometimes I need to connect to trusted + networks that offer e.g. printing or file sharing. How can + I solve that without opening ports in the external zone? + </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%" /><col /><tbody><tr class="question" title="1."><td align="left" valign="top"><a id="id301545"></a><a id="id301547"></a><p><b>1.</b></p></td><td align="left" valign="top"><p> Why is communication between two interfaces in the same zone not working? </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> @@ -93,32 +35,7 @@ traffic with <code class="varname">FW_FORWARD</code>. Keep in mind that this affects all interfaces in all zones. - </p></td></tr><tr class="question" title="6."><td align="left" valign="top"><a id="id274386"></a><a id="id293606"></a><p><b>6.</b></p></td><td align="left" valign="top"><p> - I have set a web server in my DMZ. How do I configure SuSEfirewall2 to let - people on the internet access my pages? - </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> - - Lets say your web server has got an official - IP address of 1.1.1.1 which you received from your ISP. You would - just configure <code class="varname">FW_FORWARD_TCP</code> like this: - </p><div class="informalexample"><pre class="programlisting">FW_FORWARD="0/0,1.1.1.1,tcp,80"</pre></div><p> - - </p></td></tr><tr class="question" title="7."><td align="left" valign="top"><a id="id293638"></a><a id="id293641"></a><p><b>7.</b></p></td><td align="left" valign="top"><p> - What if my Server has a private IP address, how do I enable external access then? - </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> - - You can use reverse masquerading. For this you need to set - <code class="varname">FW_ROUTE</code> and <code class="varname">FW_MASQUERADE</code> to - <code class="literal">"yes"</code>, and additionally - <code class="varname">FW_FORWARD_MASQ</code> for the web servers private IP - (lets say it is 10.0.0.1): - - </p><div class="informalexample"><pre class="programlisting"> -FW_ROUTE="yes" -FW_MASQUERADE="yes" -FW_FORWARD_MASQ="0/0,10.0.0.1,tcp,80"</pre></div><p> - - </p></td></tr><tr class="question" title="8."><td align="left" valign="top"><a id="id293686"></a><a id="id293689"></a><p><b>8.</b></p></td><td align="left" valign="top"><p>Some service does not work when the firewall is enabled. How do I find out what's wrong? + </p></td></tr><tr class="question" title="2."><td align="left" valign="top"><a id="id265830"></a><a id="id265832"></a><p><b>2.</b></p></td><td align="left" valign="top"><p>Some service does not work when the firewall is enabled. How do I find out what's wrong? </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> Enable logging of all dropped packets and disable the log limit in @@ -146,7 +63,7 @@ If everything works again don't forget to set the log options back to normal to not fill up you log files. - </p></td></tr><tr class="question" title="9."><td align="left" valign="top"><a id="id273985"></a><a id="id273988"></a><p><b>9.</b></p></td><td align="left" valign="top"><p> + </p></td></tr><tr class="question" title="3."><td align="left" valign="top"><a id="id297412"></a><a id="id291503"></a><p><b>3.</b></p></td><td align="left" valign="top"><p> Some web site that offers port scanning claims my system is not protected properly as it still responds to ICMP echo requests (ping) </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> @@ -155,20 +72,20 @@ seriously impact the ability to track down network problems. It is therefore not considered nice behaviour for an internet citizen to drop pings. - </p></td></tr><tr class="question" title="10."><td align="left" valign="top"><a id="id274007"></a><a id="id274010"></a><p><b>10.</b></p></td><td align="left" valign="top"><p> + </p></td></tr><tr class="question" title="4."><td align="left" valign="top"><a id="id304338"></a><a id="id292572"></a><p><b>4.</b></p></td><td align="left" valign="top"><p> Can't the evil guys detect whether my host is online if it responds to ICMP echo requests? </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> Yes but they can detect that anyways. The router at your provider behaves different depending on whether someone is dialed in or not. - </p></td></tr><tr class="question" title="11."><td align="left" valign="top"><a id="id274028"></a><a id="id274030"></a><p><b>11.</b></p></td><td align="left" valign="top"><p> + </p></td></tr><tr class="question" title="5."><td align="left" valign="top"><a id="id305185"></a><a id="id302781"></a><p><b>5.</b></p></td><td align="left" valign="top"><p> SuSEfirewall2 drops most packets but it doesn't fully hide the presence of my machine. Isn't that a security hole? </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> You machine is never fully invisible, see previous question. The purpose of dropping packets is not to hide your machine but to slow down port scans. - </p></td></tr><tr class="question" title="12."><td align="left" valign="top"><a id="id274048"></a><a id="id274051"></a><p><b>12.</b></p></td><td align="left" valign="top"><p> + </p></td></tr><tr class="question" title="6."><td align="left" valign="top"><a id="id292467"></a><a id="id293084"></a><p><b>6.</b></p></td><td align="left" valign="top"><p> The <code class="literal">ipsec0</code> interface I had with kernel 2.4 is gone. How do I assign IPsec traffic to a different zone now? </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> @@ -184,21 +101,89 @@ FW_SERVICES_EXT_UDP="isakmp" FW_PROTECT_FROM_INT="no"</pre></div><p> - </p></td></tr><tr class="question" title="13."><td align="left" valign="top"><a id="id274099"></a><a id="id274102"></a><p><b>13.</b></p></td><td align="left" valign="top"><p> + </p></td></tr><tr class="question" title="7."><td align="left" valign="top"><a id="id300867"></a><a id="id292485"></a><p><b>7.</b></p></td><td align="left" valign="top"><p> Why is SuSEfirewall2 so slow? / Can't you just use iptables-restore? </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> <code class="literal">SuSEfirewall2</code> is implemented in bourne shell which is not exactly the fastest thing on earth especially if it has that much work to do as <code class="literal">SuSEfirewall2</code>. Administrators still prefer bourne shell scripts - because of readability <span class="emphasis"><em>*cough*</em></span>. To be able to - use <span class="command"><strong>iptables-restore</strong></span> - <code class="literal">SuSEfirewall2</code> would need a lot more logic than - what is be possible with bourne shell as it would need to sort and - reorder the rules for example. Furthermore interfaces are not static. - They can arbitrarily appear and disapper with different names so a - generic solution can't just dump the rules with - <span class="command"><strong>iptables-store</strong></span> and re-apply them with - <span class="command"><strong>iptables-restore</strong></span>. + because of readability <span class="emphasis"><em>*cough*</em></span>. + </p><p> + <code class="literal">SuSEfirewall2</code> already uses a method + similar to <code class="literal">iptables-restore</code> to apply + as much filter rules as possible at once. + <code class="literal">SuSEfirewall2</code> doesn't use + <code class="literal">iptables-restore</code> natively to be able to + easily fall back to individual <code class="literal">iptables</code> + calls in case of error. + </p></td></tr><tr class="question" title="8."><td align="left" valign="top"><a id="id283911"></a><a id="id283913"></a><p><b>8.</b></p></td><td align="left" valign="top"><p> + Enabling drbd blocks the boot process. How to get around that? + </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> + + During boot process all incoming traffic is blocked + unconditionally. The very last boot script then sets up + the configured firewall rules. The problem is that drbd + blocks the boot process while waiting for incoming + connection from other nodes. Therefore configuring the + drbd port in <code class="literal">SuSEfirewall2</code> has no + effect. + + </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> + SLES10 + </p><p> + Add a manual iptables call to + <code class="literal">/etc/init.d/boot.local</code>: + </p><div class="informalexample"><pre class="programlisting">iptables -A INPUT -p tcp --dport 7788 -j ACCEPT</pre></div><p> + + </p></li><li class="listitem"><p> + SLES11, openSUSE <= 11.2 + </p><p> + On SLES11 SuSEfirewall2_init is called after + boot.local, therefore the method for SLES10 + doesn't work anymore. It's possible to modify the + dependencies of the SuSEfirewall2_setup script to run + before drbd though: + </p><div class="itemizedlist"><ul class="itemizedlist" type="circle"><li class="listitem"><p> + Create the directory + <code class="filename">/etc/insserv/overrides</code> + </p></li><li class="listitem"><p> + Create a new file + <code class="filename">/etc/insserv/overrides/SuSEfirewall2_setup</code> + </p></li><li class="listitem"><p> + Copy the the LSB header (the part between and + including the lines "<code class="literal">### BEGIN INIT + INFO</code>" and "<code class="literal">### END INIT + INFO</code>") from + <code class="filename">/etc/init.d/SuSEfirewall2_setup</code> + to + <code class="filename">/etc/insserv/overrides/SuSEfirewall2_setup</code> + </p></li><li class="listitem"><p> + Replace <code class="literal">$ALL</code> with + <code class="literal">$null</code> and add the following + line: + </p><div class="informalexample"><pre class="programlisting"># X-Start-Before: drbd</pre></div><p> + + </p></li><li class="listitem"><p> + run <span class="command"><strong>/sbin/insserv</strong></span> + </p></li></ul></div><p> + + </p></li><li class="listitem"><p> + openSUSE >= 11.3 + </p><p> + Configure the open ports for <code class="literal">drbd</code> and set + </p><div class="informalexample"><pre class="programlisting">FW_BOOT_FULL_INIT="yes"</pre></div><p> + + </p></li></ul></div></td></tr><tr class="question" title="9."><td align="left" valign="top"><a id="id265332"></a><a id="id265334"></a><p><b>9.</b></p></td><td align="left" valign="top"><p> + My wireless LAN network interface is configured for the + external zone. Sometimes I need to connect to trusted + networks that offer e.g. printing or file sharing. How can + I solve that without opening ports in the external zone? + </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> + + The <a class="ulink" href="http://lizards.opensuse.org/2009/08/28/firewall-zone-switcher-updated/" target="_top">Firewall + Zone Switcher applet</a> allows desktop users to + switch zones with only few mouse clicks. It's included in + openSUSE since version 11.2. </p></td></tr></tbody></table></div></div></body></html> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.231/doc/FAQ.SuSEfirewall2.txt new/SuSEfirewall2-3.6.238/doc/FAQ.SuSEfirewall2.txt --- old/SuSEfirewall2-3.6.231/doc/FAQ.SuSEfirewall2.txt 2010-02-16 16:18:45.000000000 +0100 +++ new/SuSEfirewall2-3.6.238/doc/FAQ.SuSEfirewall2.txt 2010-03-19 15:14:46.000000000 +0100 @@ -2,158 +2,144 @@ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -1. How do I allow access to my application XYZ on my firewall? -2. How can I reduce the generated rule set as much as possible? -3. How can I be sure that the firewall rules are active when I connect to the - internet? -4. How many interfaces are supported for each zone (EXT/DMZ/INT)? -5. Why is communication between two interfaces in the same zone not working? -6. I have set a web server in my DMZ. How do I configure SuSEfirewall2 to let - people on the internet access my pages? -7. What if my Server has a private IP address, how do I enable external access - then? -8. Some service does not work when the firewall is enabled. How do I find out +1. Why is communication between two interfaces in the same zone not working? +2. Some service does not work when the firewall is enabled. How do I find out what's wrong? -9. Some web site that offers port scanning claims my system is not protected +3. Some web site that offers port scanning claims my system is not protected properly as it still responds to ICMP echo requests (ping) -10. Can't the evil guys detect whether my host is online if it responds to ICMP +4. Can't the evil guys detect whether my host is online if it responds to ICMP echo requests? -11. SuSEfirewall2 drops most packets but it doesn't fully hide the presence of +5. SuSEfirewall2 drops most packets but it doesn't fully hide the presence of my machine. Isn't that a security hole? -12. The ipsec0 interface I had with kernel 2.4 is gone. How do I assign IPsec +6. The ipsec0 interface I had with kernel 2.4 is gone. How do I assign IPsec traffic to a different zone now? -13. Why is SuSEfirewall2 so slow? / Can't you just use iptables-restore? +7. Why is SuSEfirewall2 so slow? / Can't you just use iptables-restore? +8. Enabling drbd blocks the boot process. How to get around that? +9. My wireless LAN network interface is configured for the external zone. + Sometimes I need to connect to trusted networks that offer e.g. printing or + file sharing. How can I solve that without opening ports in the external + zone? -1. How do I allow access to my application XYZ on my firewall? +1. Why is communication between two interfaces in the same zone not working? - Usually you need an entry in FW_SERVICES_EXT_TCP or FW_SERVICES_EXT_UDP. The - most common problem is to determine which port the application uses. Let's say - you are running an apache web server and want to allow access to it. Execute - netstat -tunlp and look for httpd. You will see a line like this: + For security reasons, no network may communicate to another until configured + otherwise. Even if both are "trusted" internal networks. You can allow full + traffic with FW_ALLOW_CLASS_ROUTING or specifying all allowed traffic with + FW_FORWARD. Keep in mind that this affects all interfaces in all zones. - tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4497/httpd +2. Some service does not work when the firewall is enabled. How do I find out + what's wrong? - The number 80 is the port you are looking for. In this example put it into - FW_SERVICES_EXT_TCP and execute SuSEfirewall2 again. + Enable logging of all dropped packets and disable the log limit in /etc/ + sysconfig/SuSEfirewall2: -2. How can I reduce the generated rule set as much as possible? + FW_LOG_DROP_CRIT="yes" + FW_LOG_DROP_ALL="yes" + FW_LOG_LIMIT="no" - ● Set FW_PROTECT_FROM_INTERNAL to "no" + Run SuSEfirewall2 again. /var/log/messages will now quickly fill up with log + messages about dropped packets when you try to use the not working service. + Those messages tell you the protocol and port you need to open. - ● Disable Logging + You may also run SuSEfirewall2 in test mode: SuSEfirewall2 test. Then try to + connect to the service in a way which failed before. It will work because + SuSEfirewall2 does not actually filter any packets this time. However, it + will still log all packets it normally would have dropped. - ● Set all FW_ALLOW_* and FW_SERVICE_* to no + If everything works again don't forget to set the log options back to normal + to not fill up you log files. - ● Do not use routing or masquerading +3. Some web site that offers port scanning claims my system is not protected + properly as it still responds to ICMP echo requests (ping) - ● Only enable routing/services you really need and make the statements as - general as possible to reduce the number of definitions. Then you will have - got much less rules, but also a lesser security. Better spend 50$ on a - faster processor and more ram instead of using an old 486 as firewall. + ICMP echo requests are harmless however they are a fundametal means to + determine whether hosts are still reachable. Blocking them would seriously + impact the ability to track down network problems. It is therefore not + considered nice behaviour for an internet citizen to drop pings. -3. How can I be sure that the firewall rules are active when I connect to the - internet? +4. Can't the evil guys detect whether my host is online if it responds to ICMP + echo requests? - Make sure that the SuSEfirewall2 boot scripts are enabled and that /etc/ - sysconfig/network/config contains FIREWALL=yes. Also check that the /etc/ - sysconfig/network/ifcfg-* files don't contain FIREWALL="no". You can check - whether packet filtering rules are actually installed with the command - SuSEfirewall2 status + Yes but they can detect that anyways. The router at your provider behaves + different depending on whether someone is dialed in or not. -4. How many interfaces are supported for each zone (EXT/DMZ/INT)? +5. SuSEfirewall2 drops most packets but it doesn't fully hide the presence of + my machine. Isn't that a security hole? - Any number you want + You machine is never fully invisible, see previous question. The purpose of + dropping packets is not to hide your machine but to slow down port scans. -5. Why is communication between two interfaces in the same zone not working? +6. The ipsec0 interface I had with kernel 2.4 is gone. How do I assign IPsec + traffic to a different zone now? - For security reasons, no network may communicate to another until configured - otherwise. Even if both are "trusted" internal networks. You can allow full - traffic with FW_ALLOW_CLASS_ROUTING or specifying all allowed traffic with - FW_FORWARD. Keep in mind that this affects all interfaces in all zones. + Set the variable FW_IPSEC_TRUST to the zone you would have put the ipsec0 + into before. For example if your IPsec tunnel is set up on the external + interface but you want to grant the decrypted traffic access to all your + services as if it was in the internal zone: -6. I have set a web server in my DMZ. How do I configure SuSEfirewall2 to let - people on the internet access my pages? + FW_IPSEC_TRUST="int" + FW_SERVICES_EXT_IP="esp" + FW_SERVICES_EXT_UDP="isakmp" + FW_PROTECT_FROM_INT="no" - Lets say your web server has got an official IP address of 1.1.1.1 which you - received from your ISP. You would just configure FW_FORWARD_TCP like this: +7. Why is SuSEfirewall2 so slow? / Can't you just use iptables-restore? - FW_FORWARD="0/0,1.1.1.1,tcp,80" + SuSEfirewall2 is implemented in bourne shell which is not exactly the + fastest thing on earth especially if it has that much work to do as + SuSEfirewall2. Administrators still prefer bourne shell scripts because of + readability *cough*. -7. What if my Server has a private IP address, how do I enable external access - then? + SuSEfirewall2 already uses a method similar to iptables-restore to apply as + much filter rules as possible at once. SuSEfirewall2 doesn't use + iptables-restore natively to be able to easily fall back to individual + iptables calls in case of error. - You can use reverse masquerading. For this you need to set FW_ROUTE and - FW_MASQUERADE to "yes", and additionally FW_FORWARD_MASQ for the web servers - private IP (lets say it is 10.0.0.1): +8. Enabling drbd blocks the boot process. How to get around that? - FW_ROUTE="yes" - FW_MASQUERADE="yes" - FW_FORWARD_MASQ="0/0,10.0.0.1,tcp,80" + During boot process all incoming traffic is blocked unconditionally. The + very last boot script then sets up the configured firewall rules. The + problem is that drbd blocks the boot process while waiting for incoming + connection from other nodes. Therefore configuring the drbd port in + SuSEfirewall2 has no effect. -8. Some service does not work when the firewall is enabled. How do I find out - what's wrong? + ● SLES10 - Enable logging of all dropped packets and disable the log limit in /etc/ - sysconfig/SuSEfirewall2: + Add a manual iptables call to /etc/init.d/boot.local: - FW_LOG_DROP_CRIT="yes" - FW_LOG_DROP_ALL="yes" - FW_LOG_LIMIT="no" - - Run SuSEfirewall2 again. /var/log/messages will now quickly fill up with log - messages about dropped packets when you try to use the not working service. - Those messages tell you the protocol and port you need to open. - - You may also run SuSEfirewall2 in test mode: SuSEfirewall2 test. Then try to - connect to the service in a way which failed before. It will work because - SuSEfirewall2 does not actually filter any packets this time. However, it will - still log all packets it normally would have dropped. + iptables -A INPUT -p tcp --dport 7788 -j ACCEPT - If everything works again don't forget to set the log options back to normal to - not fill up you log files. + ● SLES11, openSUSE <= 11.2 -9. Some web site that offers port scanning claims my system is not protected - properly as it still responds to ICMP echo requests (ping) + On SLES11 SuSEfirewall2_init is called after boot.local, therefore the + method for SLES10 doesn't work anymore. It's possible to modify the + dependencies of the SuSEfirewall2_setup script to run before drbd + though: - ICMP echo requests are harmless however they are a fundametal means to - determine whether hosts are still reachable. Blocking them would seriously - impact the ability to track down network problems. It is therefore not - considered nice behaviour for an internet citizen to drop pings. + ○ Create the directory /etc/insserv/overrides -10. Can't the evil guys detect whether my host is online if it responds to ICMP - echo requests? + ○ Create a new file /etc/insserv/overrides/SuSEfirewall2_setup - Yes but they can detect that anyways. The router at your provider behaves - different depending on whether someone is dialed in or not. + ○ Copy the the LSB header (the part between and including the lines "# + ## BEGIN INIT INFO" and "### END INIT INFO") from /etc/init.d/ + SuSEfirewall2_setup to /etc/insserv/overrides/SuSEfirewall2_setup -11. SuSEfirewall2 drops most packets but it doesn't fully hide the presence of my - machine. Isn't that a security hole? + ○ Replace $ALL with $null and add the following line: - You machine is never fully invisible, see previous question. The purpose of - dropping packets is not to hide your machine but to slow down port scans. + # X-Start-Before: drbd -12. The ipsec0 interface I had with kernel 2.4 is gone. How do I assign IPsec - traffic to a different zone now? + ○ run /sbin/insserv + + ● openSUSE >= 11.3 + + Configure the open ports for drbd and set + + FW_BOOT_FULL_INIT="yes" + +9. My wireless LAN network interface is configured for the external zone. + Sometimes I need to connect to trusted networks that offer e.g. printing or + file sharing. How can I solve that without opening ports in the external + zone? - Set the variable FW_IPSEC_TRUST to the zone you would have put the ipsec0 into - before. For example if your IPsec tunnel is set up on the external interface - but you want to grant the decrypted traffic access to all your services as if - it was in the internal zone: - - FW_IPSEC_TRUST="int" - FW_SERVICES_EXT_IP="esp" - FW_SERVICES_EXT_UDP="isakmp" - FW_PROTECT_FROM_INT="no" - -13. Why is SuSEfirewall2 so slow? / Can't you just use iptables-restore? - - SuSEfirewall2 is implemented in bourne shell which is not exactly the fastest - thing on earth especially if it has that much work to do as SuSEfirewall2. - Administrators still prefer bourne shell scripts because of readability *cough* - . To be able to use iptables-restore SuSEfirewall2 would need a lot more logic - than what is be possible with bourne shell as it would need to sort and reorder - the rules for example. Furthermore interfaces are not static. They can - arbitrarily appear and disapper with different names so a generic solution - can't just dump the rules with iptables-store and re-apply them with - iptables-restore. + The Firewall Zone Switcher applet allows desktop users to switch zones with + only few mouse clicks. It's included in openSUSE since version 11.2. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.231/doc/FAQ.SuSEfirewall2.xml new/SuSEfirewall2-3.6.238/doc/FAQ.SuSEfirewall2.xml --- old/SuSEfirewall2-3.6.231/doc/FAQ.SuSEfirewall2.xml 2010-02-16 16:18:45.000000000 +0100 +++ new/SuSEfirewall2-3.6.238/doc/FAQ.SuSEfirewall2.xml 2010-03-19 15:14:46.000000000 +0100 @@ -7,114 +7,6 @@ <title>SuSEfirewall2 FAQ</title> </articleinfo> <qandaset> - <qandaentry> - - <question> - <para> - How do I allow access to my application XYZ on my firewall? - </para> - </question> - - <answer> - - <para> - - Usually you need an entry in <varname>FW_SERVICES_EXT_TCP</varname> - or <varname>FW_SERVICES_EXT_UDP</varname>. The most common problem is - to determine which port the application uses. Let's say you are - running an apache web server and want to allow access to it. Execute - <command>netstat -tunlp</command> and look for httpd. You will - see a line like this: - - <informalexample> - <screen>tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4497/httpd</screen> - </informalexample> - - The number 80 is the port you are looking for. In this example put it - into <varname>FW_SERVICES_EXT_TCP</varname> and execute - <command>SuSEfirewall2</command> again. - - </para> - - </answer> - </qandaentry> - - <qandaentry> - <question> - <para> - How can I reduce the generated rule set as much as possible? - </para> - </question> - <answer> - <itemizedlist> - <listitem> - <para> - Set <varname>FW_PROTECT_FROM_INTERNAL</varname> to <literal>"no"</literal> - </para> - </listitem> - <listitem> - <para> - Disable Logging - </para> - </listitem> - <listitem> - <para> - Set all <varname>FW_ALLOW_*</varname> and - <varname>FW_SERVICE_*</varname> to no - </para> - </listitem> - <listitem> - <para> - Do not use routing or masquerading - </para> - </listitem> - <listitem> - <para> - Only enable routing/services you really need and make the statements - as general as possible to reduce the number of definitions. - Then you will have got much less rules, but also a lesser security. - Better spend 50$ on a faster processor and more ram instead of - using an old 486 as firewall. - </para> - </listitem> - </itemizedlist> - </answer> - </qandaentry> - - <qandaentry> - <question> - <para> - How can I be sure that the firewall rules are active when I connect - to the internet? - </para> - </question> - <answer> - <para> - - Make sure that the <literal>SuSEfirewall2</literal> boot scripts are - enabled and that <filename>/etc/sysconfig/network/config</filename> - contains <literal>FIREWALL=yes</literal>. Also check that the - <filename>/etc/sysconfig/network/ifcfg-*</filename> files don't - contain <literal>FIREWALL="no"</literal>. You can check whether - packet filtering rules are actually installed with the command - <command>SuSEfirewall2 status</command> - - </para> - </answer> - </qandaentry> - - <qandaentry> - <question> - <para> - How many interfaces are supported for each zone (EXT/DMZ/INT)? - </para> - </question> - <answer> - <para> - Any number you want - </para> - </answer> - </qandaentry> <qandaentry> @@ -141,62 +33,6 @@ </qandaentry> <qandaentry> - <question> - <para> - I have set a web server in my DMZ. How do I configure SuSEfirewall2 to let - people on the internet access my pages? - </para> - </question> - - <answer> - - <para> - - Lets say your web server has got an official - IP address of 1.1.1.1 which you received from your ISP. You would - just configure <varname>FW_FORWARD_TCP</varname> like this: - <informalexample> - <programlisting>FW_FORWARD="0/0,1.1.1.1,tcp,80"</programlisting> - </informalexample> - - </para> - - </answer> - - </qandaentry> - - <qandaentry> - - <question> - <para> - What if my Server has a private IP address, how do I enable external access then? - </para> - </question> - - <answer> - - <para> - - You can use reverse masquerading. For this you need to set - <varname>FW_ROUTE</varname> and <varname>FW_MASQUERADE</varname> to - <literal>"yes"</literal>, and additionally - <varname>FW_FORWARD_MASQ</varname> for the web servers private IP - (lets say it is 10.0.0.1): - - <informalexample> - <programlisting> -FW_ROUTE="yes" -FW_MASQUERADE="yes" -FW_FORWARD_MASQ="0/0,10.0.0.1,tcp,80"</programlisting> - </informalexample> - - </para> - - </answer> - - </qandaentry> - - <qandaentry> <question> <para>Some service does not work when the firewall is enabled. How do I find out what's wrong? @@ -345,15 +181,161 @@ <literal>SuSEfirewall2</literal> is implemented in bourne shell which is not exactly the fastest thing on earth especially if it has that much work to do as <literal>SuSEfirewall2</literal>. Administrators still prefer bourne shell scripts - because of readability <emphasis>*cough*</emphasis>. To be able to - use <command>iptables-restore</command> - <literal>SuSEfirewall2</literal> would need a lot more logic than - what is be possible with bourne shell as it would need to sort and - reorder the rules for example. Furthermore interfaces are not static. - They can arbitrarily appear and disapper with different names so a - generic solution can't just dump the rules with - <command>iptables-store</command> and re-apply them with - <command>iptables-restore</command>. + because of readability <emphasis>*cough*</emphasis>. + </para> + + <para> + <literal>SuSEfirewall2</literal> already uses a method + similar to <literal>iptables-restore</literal> to apply + as much filter rules as possible at once. + <literal>SuSEfirewall2</literal> doesn't use + <literal>iptables-restore</literal> natively to be able to + easily fall back to individual <literal>iptables</literal> + calls in case of error. + </para> + + </answer> + + </qandaentry> + + <qandaentry> + + <question> + <para> + Enabling drbd blocks the boot process. How to get around that? + </para> + </question> + + <answer> + + <para> + + During boot process all incoming traffic is blocked + unconditionally. The very last boot script then sets up + the configured firewall rules. The problem is that drbd + blocks the boot process while waiting for incoming + connection from other nodes. Therefore configuring the + drbd port in <literal>SuSEfirewall2</literal> has no + effect. + + </para> + + <itemizedlist> + + <listitem> + <para> + SLES10 + </para> + <para> + Add a manual iptables call to + <literal>/etc/init.d/boot.local</literal>: + <informalexample> + <programlisting>iptables -A INPUT -p tcp --dport 7788 -j ACCEPT</programlisting> + </informalexample> + + </para> + </listitem> + + <listitem> + <para> + SLES11, openSUSE <= 11.2 + </para> + <para> + On SLES11 SuSEfirewall2_init is called after + boot.local, therefore the method for SLES10 + doesn't work anymore. It's possible to modify the + dependencies of the SuSEfirewall2_setup script to run + before drbd though: + <itemizedlist> + + <listitem> + <para> + Create the directory + <filename>/etc/insserv/overrides</filename> + </para> + </listitem> + + <listitem> + <para> + Create a new file + <filename>/etc/insserv/overrides/SuSEfirewall2_setup</filename> + </para> + </listitem> + + <listitem> + <para> + Copy the the LSB header (the part between and + including the lines "<literal>### BEGIN INIT + INFO</literal>" and "<literal>### END INIT + INFO</literal>") from + <filename>/etc/init.d/SuSEfirewall2_setup</filename> + to + <filename>/etc/insserv/overrides/SuSEfirewall2_setup</filename> + </para> + </listitem> + + <listitem> + <para> + Replace <literal>$ALL</literal> with + <literal>$null</literal> and add the following + line: + <informalexample> + <programlisting># X-Start-Before: drbd</programlisting> + </informalexample> + + </para> + </listitem> + + <listitem> + <para> + run <command>/sbin/insserv</command> + </para> + </listitem> + + </itemizedlist> + + </para> + </listitem> + + <listitem> + <para> + openSUSE >= 11.3 + </para> + <para> + Configure the open ports for <literal>drbd</literal> and set + <informalexample> + <programlisting>FW_BOOT_FULL_INIT="yes"</programlisting> + </informalexample> + + </para> + </listitem> + + </itemizedlist> + + </answer> + + </qandaentry> + + <qandaentry> + + <question> + <para> + My wireless LAN network interface is configured for the + external zone. Sometimes I need to connect to trusted + networks that offer e.g. printing or file sharing. How can + I solve that without opening ports in the external zone? + </para> + </question> + + <answer> + + <para> + + The <ulink + url="http://lizards.opensuse.org/2009/08/28/firewall-zone-switcher-updated/">Firewall + Zone Switcher applet</ulink> allows desktop users to + switch zones with only few mouse clicks. It's included in + openSUSE since version 11.2. </para> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.231/doc/README.SuSEfirewall2.html new/SuSEfirewall2-3.6.238/doc/README.SuSEfirewall2.html --- old/SuSEfirewall2-3.6.231/doc/README.SuSEfirewall2.html 2010-02-16 16:18:45.000000000 +0100 +++ new/SuSEfirewall2-3.6.238/doc/README.SuSEfirewall2.html 2010-03-19 15:14:46.000000000 +0100 @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>SuSEfirewall2</title><link rel="stylesheet" href="susebooks.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="SuSEfirewall2"><div class="titlepage"><div><div><h2 class="title"><a id="id311990"></a>SuSEfirewall2</h2></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="#id312001">1. Introduction</a></span></dt><dt><span class="section"><a href="#id274021">2. Quickstart</a></span></dt><dd><dl><dt><span class="section"><a href="#id274027">2.1. YaST2 firewall module</a></span></dt><dt><span class="section"><a href="#id274840">2.2. Manual configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#id274901">3. Some words about security</a></span></dt><dt><span class="section"><a href="#id293680">4. Reporting bugs</a></span></dt><dt><span class="section"><a href="#id293705">5. Links</a></span></dt><dt><span class="section"><a href="#id293732">6. Author</a></span></dt></dl></div><div class="section" title="1. Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id312001"></a>1. Introduction</h2></div></div></div><p> +<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>SuSEfirewall2</title><link rel="stylesheet" href="susebooks.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="SuSEfirewall2"><div class="titlepage"><div><div><h2 class="title"><a id="id301523"></a>SuSEfirewall2</h2></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="#id301537">1. Introduction</a></span></dt><dt><span class="section"><a href="#id265879">2. Quickstart</a></span></dt><dd><dl><dt><span class="section"><a href="#id265884">2.1. YaST2 firewall module</a></span></dt><dt><span class="section"><a href="#id265896">2.2. Manual configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#id283926">3. Some words about security</a></span></dt><dt><span class="section"><a href="#id265245">4. Source Code</a></span></dt><dt><span class="section"><a href="#id265261">5. Reporting bugs</a></span></dt><dt><span class="section"><a href="#id265283">6. Links</a></span></dt><dt><span class="section"><a href="#id265307">7. Author</a></span></dt></dl></div><div class="section" title="1. Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id301537"></a>1. Introduction</h2></div></div></div><p> <code class="literal">SuSEfirewall2</code> is a shell script wrapper for the Linux firewall setup tool (<code class="literal">iptables</code>). It's controlled by a @@ -10,16 +10,17 @@ Main features of SuSEfirewall2: - </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>sets up secure filter rules by default</p></li><li class="listitem"><p>easy to configure</p></li><li class="listitem"><p>requires only a small configuration effort</p></li><li class="listitem"><p>zone based setup. Interfaces are grouped into zones</p></li><li class="listitem"><p>supports an arbitrary number of zones</p></li><li class="listitem"><p>supports forwarding, masquerading, port redirection</p></li><li class="listitem"><p>supports RPC services with dynamically assigned ports</p></li><li class="listitem"><p>allows special treatment of IPsec packets</p></li><li class="listitem"><p>IPv6 support</p></li><li class="listitem"><p>allows insertion of custom rules through hooks</p></li></ul></div><p> + </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>sets up secure filter rules by default</p></li><li class="listitem"><p>easy to configure</p></li><li class="listitem"><p>requires only a small configuration effort</p></li><li class="listitem"><p>zone based setup. Interfaces are grouped into zones</p></li><li class="listitem"><p>supports an arbitrary number of zones</p></li><li class="listitem"><p>supports forwarding, masquerading, port redirection</p></li><li class="listitem"><p>supports RPC services with dynamically assigned ports</p></li><li class="listitem"><p>allows special treatment of IPsec packets</p></li><li class="listitem"><p>IPv6 support</p></li><li class="listitem"><p>allows insertion of custom rules through hooks</p></li><li class="listitem"><p>graphical <a class="ulink" href="http://lizards.opensuse.org/2009/08/28/firewall-zone-switcher-updated/" target="_top">zone + switcher applet</a> for desktop use</p></li></ul></div><p> - </p></div><div class="section" title="2. Quickstart"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id274021"></a>2. Quickstart</h2></div></div></div><div class="section" title="2.1. YaST2 firewall module"><div class="titlepage"><div><div><h3 class="title"><a id="id274027"></a>2.1. YaST2 firewall module</h3></div></div></div><p> + </p></div><div class="section" title="2. Quickstart"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id265879"></a>2. Quickstart</h2></div></div></div><div class="section" title="2.1. YaST2 firewall module"><div class="titlepage"><div><div><h3 class="title"><a id="id265884"></a>2.1. YaST2 firewall module</h3></div></div></div><p> The YaST2 firewall module is the recommended tool for configuring SuSEfirewall2. It offers the most common features with a nice user interface and help texts. It also takes care of proper activation of the init scripts. - </p></div><div class="section" title="2.2. Manual configuration"><div class="titlepage"><div><div><h3 class="title"><a id="id274840"></a>2.2. Manual configuration</h3></div></div></div><p> + </p></div><div class="section" title="2.2. Manual configuration"><div class="titlepage"><div><div><h3 class="title"><a id="id265896"></a>2.2. Manual configuration</h3></div></div></div><p> Enable the SuSEfirewall2 boot scripts: @@ -37,7 +38,7 @@ <code class="filename">EXAMPLES</code> file in <code class="filename">/usr/share/doc/packages/SuSEfirewall2</code> - </p></div></div><div class="section" title="3. Some words about security"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id274901"></a>3. Some words about security</h2></div></div></div><p> + </p></div></div><div class="section" title="3. Some words about security"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id283926"></a>3. Some words about security</h2></div></div></div><p> SuSEfirewall2 is a frontend for iptables which sets up kernel packet filters, nothing more and nothing less. This means that you are not @@ -76,17 +77,22 @@ Check your log files regularly for unusual entries. </p></li></ul></div><p> - </p></div><div class="section" title="4. Reporting bugs"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id293680"></a>4. Reporting bugs</h2></div></div></div><p> + </p></div><div class="section" title="4. Source Code"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id265245"></a>4. Source Code</h2></div></div></div><p> + + Source code is available at + <a class="ulink" href="http://gitorious.org/opensuse/susefirewall2" target="_top">Gitorious</a> + + </p></div><div class="section" title="5. Reporting bugs"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id265261"></a>5. Reporting bugs</h2></div></div></div><p> Report any problems via <a class="ulink" href="https://bugzilla.novell.com/" target="_top">Bugzilla</a>. For discussion about SuSEfirewall2 join the <a class="ulink" href="http://en.opensuse.org/Communicate/Mailinglists" target="_top">opensuse-security</a> mailinglist. - </p></div><div class="section" title="5. Links"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id293705"></a>5. Links</h2></div></div></div><p> + </p></div><div class="section" title="6. Links"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id265283"></a>6. Links</h2></div></div></div><p> <a class="ulink" href="EXAMPLES.html" target="_top">Examples</a> </p><p> <a class="ulink" href="FAQ.html" target="_top">Frequently Asked Questions</a> - </p></div><div class="section" title="6. Author"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id293732"></a>6. Author</h2></div></div></div><p> + </p></div><div class="section" title="7. Author"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id265307"></a>7. Author</h2></div></div></div><p> SuSEfirewall2 was originally created by <span class="author"><span class="firstname">Marc</span> <span class="surname">Heuse</span></span>. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.231/doc/README.SuSEfirewall2.txt new/SuSEfirewall2-3.6.238/doc/README.SuSEfirewall2.txt --- old/SuSEfirewall2-3.6.231/doc/README.SuSEfirewall2.txt 2010-02-16 16:18:45.000000000 +0100 +++ new/SuSEfirewall2-3.6.238/doc/README.SuSEfirewall2.txt 2010-03-19 15:14:46.000000000 +0100 @@ -11,9 +11,10 @@ 2.2. Manual configuration 3. Some words about security -4. Reporting bugs -5. Links -6. Author +4. Source Code +5. Reporting bugs +6. Links +7. Author 1. Introduction @@ -42,6 +43,8 @@ ● allows insertion of custom rules through hooks + ● graphical zone switcher applet for desktop use + 2. Quickstart 2.1. YaST2 firewall module @@ -98,18 +101,22 @@ ● Check your log files regularly for unusual entries. -4. Reporting bugs +4. Source Code + +Source code is available at Gitorious + +5. Reporting bugs Report any problems via Bugzilla. For discussion about SuSEfirewall2 join the opensuse-security mailinglist. -5. Links +6. Links Examples Frequently Asked Questions -6. Author +7. Author SuSEfirewall2 was originally created by Marc Heuse. Most of it got rewritten and enhanced by it's current maintainer Ludwig Nussel diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.231/doc/README.SuSEfirewall2.xml new/SuSEfirewall2-3.6.238/doc/README.SuSEfirewall2.xml --- old/SuSEfirewall2-3.6.231/doc/README.SuSEfirewall2.xml 2010-02-16 16:18:45.000000000 +0100 +++ new/SuSEfirewall2-3.6.238/doc/README.SuSEfirewall2.xml 2010-03-19 15:14:46.000000000 +0100 @@ -37,6 +37,9 @@ <listitem><para>allows special treatment of IPsec packets</para></listitem> <listitem><para>IPv6 support</para></listitem> <listitem><para>allows insertion of custom rules through hooks</para></listitem> + <listitem><para>graphical <ulink + url="http://lizards.opensuse.org/2009/08/28/firewall-zone-switcher-updated/">zone + switcher applet</ulink> for desktop use</para></listitem> </itemizedlist> </para> @@ -179,6 +182,17 @@ </section> <section> + <title>Source Code</title> + + <para> + + Source code is available at + <ulink url="http://gitorious.org/opensuse/susefirewall2">Gitorious</ulink> + + </para> + </section> + + <section> <title>Reporting bugs</title> <para> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.231/mkchanges new/SuSEfirewall2-3.6.238/mkchanges --- old/SuSEfirewall2-3.6.231/mkchanges 1970-01-01 01:00:00.000000000 +0100 +++ new/SuSEfirewall2-3.6.238/mkchanges 2010-03-19 15:14:46.000000000 +0100 @@ -0,0 +1,7 @@ +#!/bin/sh +# create log suitable for c&p into rpm changes file +if [ -z "$1" ]; then + set -- remotes/origin/master..master +fi +# no idea why it always prints those commit lines +git rev-list --pretty=format:"- %s" "$@" |grep -v ^commit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.231/publish_web new/SuSEfirewall2-3.6.238/publish_web --- old/SuSEfirewall2-3.6.231/publish_web 1970-01-01 01:00:00.000000000 +0100 +++ new/SuSEfirewall2-3.6.238/publish_web 2010-03-19 15:14:46.000000000 +0100 @@ -0,0 +1,9 @@ +#!/bin/bash +web=~/public_html/SuSEfirewall2 +for i in doc/*SuSEfirewall2.html; do + dest=${i/.SuSEfirewall2/} + dest=${dest##*/} + echo $dest + install -m 644 $i $web/$dest +done +install -m 644 doc/susebooks.css $web ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit xfce4-dev-tools for openSUSE:Factory
by root＠Hilbert.suse.de 19 Mar '10

19 Mar '10

Hello community, here is the log from the commit of package xfce4-dev-tools for openSUSE:Factory checked in at Fri Mar 19 15:21:06 CET 2010. -------- --- xfce4-dev-tools/xfce4-dev-tools.changes 2009-02-27 13:54:18.000000000 +0100 +++ xfce4-dev-tools/xfce4-dev-tools.changes 2010-03-19 13:48:49.000000000 +0100 @@ -1,0 +2,32 @@ +Wed Nov 11 15:43:58 CET 2009 - prusnak(a)suse.cz + +- updated to 4.7.2 + - changes from 4.7.0 + - Do @REVISION@ and @LINGUAS@ substitutions in xdt-autogen instead of + requiring people to put it in their autogen.sh files. + - Also support the newer IT_PROG_INTLTOOL macro + - Added --version and -V options to display the xdt-autogen version + - Added ability for autogen.sh scripts to set an environment + variable XDT_AUTOGEN_REQUIRED_VERSION to depend on a particular version + of xdt-autogen. + - Add a bunch more compiler warnings for --enable-debug, and a new macro + XDT_SUPPORTED_FLAGS() that tests whether the compiler supports particular + option flags. + - changes from 4.7.1 + - Also support the newer AC_CONFIG_HEADERS macro. + - Add XDT_FEATURE_VISIBILITY to check for and enable symbol visibility + support (only useful for building libraries). + - Add XDT_FEATURE_LINKER_OPTS that checks for and enables useful linker + optimizations if supported. This currently only checks for + --as-needed and -O1, but more may be added in the future. + - Beef up XDT_FEATURE_DEBUG: + * Add new 'minimum' debug level, which is now the default and behaves + similarly to the old 'no' default. + * Debug level 'no' disables many glib/gobject-related checks and + asserts (this is not really recommended). + * Debug level 'full' disables code optimization. + * The macro now takes an argument to specify the default debug level. + - changes from 4.7.2 + - Brown bag: fix typo that breaks XDT_FEATURE_LINKER_OPTS + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- xfce4-dev-tools-4.6.0.tar.bz2 New: ---- xfce4-dev-tools-4.7.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xfce4-dev-tools.spec ++++++ --- /var/tmp/diff_new_pack.NbnQhU/_old 2010-03-19 15:20:00.000000000 +0100 +++ /var/tmp/diff_new_pack.NbnQhU/_new 2010-03-19 15:20:00.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package xfce4-dev-tools (Version 4.6.0) +# spec file for package xfce4-dev-tools (Version 4.7.2) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,9 +20,9 @@ Name: xfce4-dev-tools Summary: The Xfce development tools -Version: 4.6.0 +Version: 4.7.2 Release: 1 -License: GPL v2 or later +License: GPLv2+ Url: http://foo-projects.org/~benny/projects/xfce4-dev-tools/ Source: %{name}-%{version}.tar.bz2 Group: System/GUI/XFCE ++++++ xfce4-dev-tools-4.6.0.tar.bz2 -> xfce4-dev-tools-4.7.2.tar.bz2 ++++++ ++++ 4966 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit trang for openSUSE:Factory
by root＠Hilbert.suse.de 19 Mar '10

19 Mar '10

Hello community, here is the log from the commit of package trang for openSUSE:Factory checked in at Fri Mar 19 15:19:33 CET 2010. -------- --- trang/trang.changes 2009-03-16 10:55:20.000000000 +0100 +++ trang/trang.changes 2010-03-19 13:45:07.000000000 +0100 @@ -1,0 +2,9 @@ +Mon Mar 15 16:46:49 CET 2010 - prusnak(a)suse.cz + +- updated to 20091111 + * add -C option to specify the catalog + * fix schematron test suite schema + * provide a resolver that implements OASIS XML catalogs + * take advantage of Java 5 features + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- trang-20081028.zip New: ---- trang-20091111.zip ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trang.spec ++++++ --- /var/tmp/diff_new_pack.gAPji6/_old 2010-03-19 15:19:23.000000000 +0100 +++ /var/tmp/diff_new_pack.gAPji6/_new 2010-03-19 15:19:23.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package trang (Version 20081028) +# spec file for package trang (Version 20091111) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,13 +21,13 @@ Name: trang BuildRequires: unzip Summary: Schema Converter Based on RELAX NG -Version: 20081028 -Release: 2 +Version: 20091111 +Release: 1 Url: http://code.google.com/p/jing-trang/ -Source: %{name}-%{version}.zip +Source: http://jing-trang.googlecode.com/files/%{name}-%{version}.zip Source1: %{name} Source2: %{name}-doc.tar.bz2 -License: BSD 3-Clause +License: BSD3c Group: Productivity/Publishing/XML BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: jre jing @@ -38,11 +38,8 @@ following languages are supported: * RELAX NG (XML syntax) - * RELAX NG compact syntax - * XML 1.0 DTDs - * W3C XML Schema W3C XML Schema is not supported for input. @@ -53,16 +50,15 @@ schema will be preserved as much as possible (including definitions, spreading over files, annotations, and comments). - - %prep %setup -q -a 2 %build %install -install -D -m 0755 %{S:1} $RPM_BUILD_ROOT%{_bindir}/trang -install -D -m 0644 trang.jar $RPM_BUILD_ROOT%{_javadir}/trang.jar +install -D -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_bindir}/trang +install -D -m 0644 trang.jar $RPM_BUILD_ROOT%{_javadir}/trang-%{version}.jar +ln -s trang-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/trang.jar install -D -m 0644 doc/trang.1 $RPM_BUILD_ROOT%{_mandir}/man1/trang.1 %clean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit mux for openSUSE:Factory
by root＠Hilbert.suse.de 19 Mar '10

19 Mar '10

Hello community, here is the log from the commit of package mux for openSUSE:Factory checked in at Fri Mar 19 15:18:28 CET 2010. -------- New Changes file: --- /dev/null 2009-09-30 08:50:26.000000000 +0200 +++ mux/mux.changes 2010-03-19 14:07:38.000000000 +0100 @@ -0,0 +1,51 @@ +------------------------------------------------------------------- +Fri Mar 19 13:08:56 UTC 2010 - awafaa(a)opensuse.org + +- Fix spec to comply with shared library policy +- Remove mux-rpmlintrc + +------------------------------------------------------------------- +Fri Mar 19 10:00:49 UTC 2010 - awafaa(a)opensuse.org + +- Update description for -devel package + +------------------------------------------------------------------- +Wed Mar 17 16:52:33 UTC 2010 - awafaa(a)opensuse.org + +- Replace rpmlintrc with mux-rpmlintrc to pass autobuild checks + +------------------------------------------------------------------- +Wed Mar 17 11:54:26 UTC 2010 - awafaa(a)opensuse.org + +- Update the Summary & Description + +------------------------------------------------------------------- +Thu Jul 9 00:00:00 CET 2009 - glin(a)novell.com + +- Update to commit 1732d243ec0f85c641472cb907faa567eddb71db + +------------------------------------------------------------------- +Fri Jun 12 00:00:00 CET 2009 - michael.meeks(a)novell.com + +- Update to commit 72460e890dbb15edbf7dc193116be0dcf9794a8b + +------------------------------------------------------------------- +Wed May 20 01:56:38 CEST 2009 - vuntz(a)novell.com + +- Use configure macro to get the right options. + +------------------------------------------------------------------- +Mon May 18 00:00:00 CET 2009 - sbrabec(a)suse.cz + +- Remove .la file (from Devel:Moblin:Test:Snapshot). + +------------------------------------------------------------------- +Mon May 18 00:00:00 CET 2009 - michael.meeks(a)novell.com + +- Update to commit f2f566844f33c5437ee237554431176f58ad4a7d + +------------------------------------------------------------------- +Mon May 11 00:00:00 CET 2009 - michael.meeks(a)novell.com + +- Update to commit 3a54017f28999e3978e8b7cbbd022207caa5e065 + calling whatdependson for head-i586 New: ---- mux-0.320090709.tar.bz2 mux.changes mux.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mux.spec ++++++ # # spec file for package mux (Version 0.320090709) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: mux Summary: Gtk+ Widgets Group: Development/Libraries Version: 0.320090709 Release: 1 License: GPLv2+ Url: http://www.moblin.org Source0: %{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gnome-common gtk2-devel intltool %description Mux is a set of Gtk+ widgets for the Moblin UX %package -n libmux-0_3-0 License: GPLv2+ Summary: Mux foo Group: Development/Libraries %description -n libmux-0_3-0 Mux is a set of Gtk+ widgets for the Moblin UX %package devel License: GPLv2+ Summary: Gtk+ Widgets Group: Development/Libraries Requires: libmux-0_3-0 = %{version}-%{release} Requires: pkgconfig Requires: gtk2-devel %description devel Mux is a set of Gtk+ widgets for the Moblin UX. Development files. %prep %setup -q -n %{name}-%{version} %build ./autogen.sh %configure --disable-static make %{?_smp_mflags} %install %makeinstall rm %{buildroot}%{_libdir}/libmux*.la %find_lang mux || echo -n >> mux.lang %clean rm -rf %{buildroot} %post -n libmux-0_3-0 -p /sbin/ldconfig %postun -n libmux-0_3-0 -p /sbin/ldconfig %files -n libmux-0_3-0 %defattr(-,root,root,-) %doc COPYING %{_libdir}/libmux*.so.* %files devel %defattr(-,root,root,-) %dir %{_includedir}/mux %{_includedir}/mux/* %{_libdir}/libmux*.so %{_libdir}/pkgconfig/*.pc %changelog ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit mojito for openSUSE:Factory
by root＠Hilbert.suse.de 19 Mar '10

19 Mar '10

Hello community, here is the log from the commit of package mojito for openSUSE:Factory checked in at Fri Mar 19 15:17:02 CET 2010. -------- New Changes file: --- /dev/null 2009-09-30 08:50:26.000000000 +0200 +++ mojito/mojito.changes 2010-03-17 11:42:52.000000000 +0100 @@ -0,0 +1,258 @@ +------------------------------------------------------------------- +Wed Mar 17 10:41:14 UTC 2010 - pascal.bleser(a)opensuse.org + +- fixed build: + + only apply the NetworkManager 0.8 patch on > 11.2 + + must always quote %{buildroot} in the spec file +- tidyied up the spec file by using a more explicit %files section, + to avoid unnoticed major changes +- use %soname macros to ease future maintenance +- added rpmlintrc file to suppress false positives + +------------------------------------------------------------------- +Mon Mar 15 20:27:34 UTC 2010 - dimstar(a)opensuse.org + +- Add mojito-nm08.spec to fix build with NetworkManager 0.8. + +------------------------------------------------------------------- +Thu Feb 4 12:01:36 UTC 2010 - abockover(a)novell.com + +- BuildRequire librest-devel instead of rest-devel +- Break the %configure line into multiple lines for readability + +------------------------------------------------------------------- +Thu Jan 28 04:07:01 UTC 2010 - glin(a)novell.com + +- Add mojito-update-translations.patch to update translations from + upstream +- Drop obsolete add-translations-to-po.patch + +------------------------------------------------------------------- +Thu Jan 7 03:19:41 UTC 2010 - glin(a)novell.com + +- Add mojito-suse-moblin-fix.patch + + Merge facebook-support.diff and mojito-myspace-fix.patch and + maintain the patches in lcp@github + + Implement the dbus method: CredentialsUpdated() and + credentials_updated() for facebook, myspace, and flickr to fix + bnc#545303. + + Revert the unnecessary service online workaround for myspace and + facebook. + +- Remove obsolete mojito-quicker-refresh.patch + +------------------------------------------------------------------- +Thu Dec 24 08:37:16 UTC 2009 - glin(a)novell.com + +- Add twitter key to enable twitter support. + +------------------------------------------------------------------- +Thu Dec 17 07:44:49 UTC 2009 - glin(a)novell.com + +- Add mojito-myspace-fix.patch + + Merge myspace-UTC-date.patch, myspace-update-status.patch, and + myspace-xml-parse.patch + + Make the service online while requesting avatar + +- Amend facebook-support.diff + + Check uid to avoid unnecessary queries. + + Make the service online while requesting avatar + +------------------------------------------------------------------- +Tue Dec 15 03:23:01 UTC 2009 - glin(a)novell.com + +- Amend facebook-support.diff + + Fix mojito crashes after logging in facebook (bnc#561557) + + Remove all sync calls to prevent any blocking + + Fetch userinfo after getting user id + +------------------------------------------------------------------- +Wed Nov 25 10:14:36 UTC 2009 - glin(a)novell.com + +- Add Digg API key to enable Digg plugin. + +------------------------------------------------------------------- +Tue Nov 24 09:40:45 UTC 2009 - glin(a)novell.com + +- Update to version 0.21.6: + + The correct version for moblin 2.1 + + Adapt non-blocking async functions to fetch data + + Add readiness for items +- Rebase facebook-support.diff +- Remove obsolete mojito-restart-session.patch and + myspace-facebook-offline-notify.diff which already upstream. +- Remove twitter-glib dependency + +------------------------------------------------------------------- +Mon Nov 9 06:06:16 UTC 2009 - glin(a)novell.com + +- Rebase facebook-support.diff, myspace-xml-parse.patch, and + myspace-update-status.patch + +------------------------------------------------------------------- +Fri Nov 6 07:54:55 UTC 2009 - glin(a)novell.com + +- Update to 0.21.4 +- Disable facebook-support.diff, myspace-xml-parse.patch + myspace-update-status.patch, myspace-facebook-offline-notify.diff, + mojito-restart-session.patch, add-translations-to-po.patch + +------------------------------------------------------------------- +Tue Sep 29 06:22:43 CEST 2009 - machen(a)novell.com + +- Add more translations to po folder. + +------------------------------------------------------------------- +Mon Sep 14 01:48:01 UTC 2009 - glin(a)novell.com + +- Respin facebook-support.diff to change the copyright owner. + +------------------------------------------------------------------- +Fri Sep 4 10:53:31 UTC 2009 - glin(a)novell.com + +- Add mojito-restart-session.patch to start/stop soup session + according to the online status. (For facebook and MySpace.) + +------------------------------------------------------------------- +Thu Sep 3 10:36:12 UTC 2009 - glin(a)novell.com + +- Respin facebook-support.diff + + fix bnc#536435 + + Ignore empty status content from facebook. +- Add mojito-quicker-refresh.patch for quicker refresh rate. + (from 5 minutes to 1 minute) + +------------------------------------------------------------------- +Fri Aug 28 07:22:33 UTC 2009 - glin(a)novell.com + +- Respin myspace-facebook-offline-notify.diff to avoid a potential + memory leakage. + +------------------------------------------------------------------- +Fri Aug 14 10:40:28 UTC 2009 - glin(a)novell.com + +- Add myspace-facebook-offline-notify.diff to clean user id while + offline. +- Respin facebook-support.diff to get rid of an unused variable. + +------------------------------------------------------------------- +Wed Aug 12 08:09:38 UTC 2009 - glin(a)novell.com + +- Rspin facebook-support.diff to query friends' status. + +------------------------------------------------------------------- +Tue Aug 11 10:49:36 UTC 2009 - glin(a)novell.com + +- Rspin facebook-support.diff to check the extended permission + before updating status. + +------------------------------------------------------------------- +Mon Aug 10 10:46:40 UTC 2009 - glin(a)novell.com + +- Respin facebook-support.diff to fetch avatar during refreshing. + +------------------------------------------------------------------- +Sat Aug 08 00:00:00 CET 2009 - glin(a)novell.com + +- Respin facebook-support.diff to enable status fetching in + the status tab. + +------------------------------------------------------------------- +Fri Aug 07 00:00:00 CET 2009 - glin(a)novell.com + +- Update to commit dccb53bca6e02a70f6b17a62c8be7456ae653077 + +------------------------------------------------------------------- +Mon Aug 03 00:00:00 CET 2009 - glin(a)novell.com + +- Add myspace-UTC-date.patch to correct date format and + adjust time (A bug of MySpace). +- Add myspace-update-status.patch to make status update work. +- Remove a debug message in myspace-xml-parse.patch. + +------------------------------------------------------------------- +Thu Jul 9 16:55:49 EDT 2009 - jpr(a)novell.com + +- Remove mojito-nm.patch, it is upstream + +------------------------------------------------------------------- +Thu Jul 9 16:55:49 EDT 2009 - jpr(a)novell.com + +- Update to commit 3685259a5c68f2d372aeb1d8795d76238ab0b8d4 + +------------------------------------------------------------------- +Thu Jul 9 16:55:49 EDT 2009 - jpr(a)novell.com + +- Update to commit 1227fa9fe12a58bfa8091281e1791d0d4e7dfa86 + +------------------------------------------------------------------- +Fri Jun 12 00:00:00 CET 2009 - michael.meeks(a)novell.com + +- Update to commit 3f497123566b4348c609b1f94a4168e21a9af2c2 + +------------------------------------------------------------------- +Mon Jun 01 00:00:00 CET 2009 - michael.meeks(a)novell.com + +- Use NetworkManager's connection library not some broken + manual dbus fluff. ++++ 61 more lines (skipped) ++++ between /dev/null ++++ and mojito/mojito.changes calling whatdependson for head-i586 New: ---- mojito-0.21.6.tar.bz2 mojito-nm08.patch mojito-rpmlintrc mojito-suse-moblin-fix.patch mojito-update-translations.patch mojito.changes mojito.spec myspace-callback.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mojito.spec ++++++ # # spec file for package mojito (Version 0.21.6) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: mojito Summary: Social Data Aggregator Group: User Interface/Desktops Version: 0.21.6 Release: 1 %define soname 0 %define soname_client 1 License: LGPLv2.1 Url: http://www.moblin.org Source0: %{name}-%{version}.tar.bz2 Source99: mojito-rpmlintrc Patch1: mojito-suse-moblin-fix.patch Patch2: myspace-callback.patch # PATCH-FIX-UPSTREAM mojito-update-translations.patch glin(a)novell.com - update translations from upstream Patch3: mojito-update-translations.patch # PATCH-FIX-UPSTREAM mojito-nm08.patch dimstar(a)opensuse.org -- Fix build against NM 0.8 Patch4: mojito-nm08.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: librest-devel >= 0.6 BuildRequires: gconf2-devel glib2-devel gtk2-devel libsoup-devel BuildRequires: NetworkManager-devel dbus-1-glib-devel gnome-common gnome-keyring-devel intltool %description A social data aggregator %package devel License: LGPLv2.1 Summary: Social Data Aggregator Group: Development/Libraries Requires: %{name} = %{version}-%{release} Requires: pkgconfig %description devel A social data aggregator %prep %setup -q -n %{name}-%{version} %patch1 -p1 %patch2 -p1 %patch3 -p1 %if 0%{?suse_version} > 1120 %patch4 -p1 %endif %build NOCONFIGURE=true ./autogen.sh %configure \ --disable-static \ --enable-gtk-doc \ --with-gnome \ --with-online=networkmanager \ --enable-twitter-key=gM1sqW1PNPT8D6btREXqg:ug64VunWKzccHoL36hZ2pyVOhYIJME9aC08LGJxEfhM \ --enable-digg-key=http://www.novell.com \ --enable-lastfm-key=798981a532cd413a9c8e8e12fdc8cb42 \ --enable-flickr-key=ebd8908fa2e430e2aca625bf7970e32c:c0b7c468efa567d5 \ --enable-myspace-key=1133fd44018842f3ad87e5964371d496:06237f30b4f9498a92a3ec2a9b558302 \ --enable-facebook-key=d012235b3034109003451109a1926eee:8295687798780ea54da020546dcba0d3 %__make %{?_smp_mflags} V=1 %install %__make install DESTDIR="%{buildroot}" # remove unsupported/invalid locales: %__rm -rf "%{buildroot}%{_datadir}/locale"/ast %find_lang mojito %__rm "%{buildroot}%{_libdir}"/*.la "%{buildroot}%{_libdir}/mojito/services"/*.la %clean %__rm -rf "%{buildroot}" %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %post devel -p /sbin/ldconfig %postun devel -p /sbin/ldconfig %files -f mojito.lang %defattr(-,root,root,-) %doc COPYING AUTHORS NEWS README TODO %{_libdir}/libmojito.so.%{soname} %{_libdir}/libmojito.so.%{soname}.* %{_libdir}/libmojito-client.so.%{soname_client} %{_libdir}/libmojito-client.so.%{soname_client}.* %{_libdir}/libmojito-keyfob.so.%{soname} %{_libdir}/libmojito-keyfob.so.%{soname}.* %{_libdir}/libmojito-keystore.so.%{soname} %{_libdir}/libmojito-keystore.so.%{soname}.* %dir %{_libdir}/mojito %dir %{_libdir}/mojito/services %{_libdir}/mojito/services/libdigg.so %{_libdir}/mojito/services/libfacebook.so %{_libdir}/mojito/services/libflickr.so %{_libdir}/mojito/services/liblastfm.so %{_libdir}/mojito/services/libmyspace.so %{_libdir}/mojito/services/libtwitter.so %{_libexecdir}/mojito-core %{_datadir}/dbus-1/services/mojito.service %dir %{_datadir}/mojito %dir %{_datadir}/mojito/services %{_datadir}/mojito/services/*.keys %{_datadir}/mojito/services/*.png %files devel %defattr(-,root,root,-) %{_libdir}/libmojito*.so %dir %{_includedir}/mojito %{_includedir}/mojito/* %{_libdir}/pkgconfig/mojito-client.pc %{_libdir}/pkgconfig/mojito-keystore.pc %{_libdir}/pkgconfig/mojito-module.pc %changelog ++++++ mojito-nm08.patch ++++++ Index: mojito-0.21.6/configure.ac =================================================================== --- mojito-0.21.6.orig/configure.ac +++ mojito-0.21.6/configure.ac @@ -70,7 +70,7 @@ AS_IF( [test "$with_online" = networkmanager], [ AC_MSG_RESULT([Network Manager]) - PKG_CHECK_MODULES(NM, libnm_glib >= 0.7) + PKG_CHECK_MODULES(NM, libnm-glib >= 0.7) AC_DEFINE([WITH_ONLINE_NM], 1, [NM online detection]) ], ++++++ mojito-rpmlintrc ++++++ addFilter("W: shlib-policy-missing-suffix.*") addFilter("W: description-shorter-than-summary.*") ++++++ mojito-suse-moblin-fix.patch ++++++ ++++ 1297 lines (skipped) ++++++ mojito-update-translations.patch ++++++ ++++ 2798 lines (skipped) ++++++ myspace-callback.patch ++++++ Index: mojito-0.1920090723/services/myspace/myspace.keys.in =================================================================== --- mojito-0.1920090723.orig/services/myspace/myspace.keys.in +++ mojito-0.1920090723/services/myspace/myspace.keys.in @@ -9,4 +9,4 @@ BaseURL=http://api.myspace.com/ RequestTokenFunction=request_token AuthoriseFunction=authorize AccessTokenFunction=access_token -Callback=http://www.intel.com/ +Callback=http://www.novell.com/home/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit lxdm for openSUSE:Factory
by root＠Hilbert.suse.de 19 Mar '10

19 Mar '10

Hello community, here is the log from the commit of package lxdm for openSUSE:Factory checked in at Fri Mar 19 15:14:03 CET 2010. -------- --- lxdm/lxdm.changes 2010-03-01 13:33:13.000000000 +0100 +++ lxdm/lxdm.changes 2010-03-18 08:31:22.000000000 +0100 @@ -1,0 +2,27 @@ +Thu Mar 18 07:33:12 UTC 2010 - andrea(a)opensuse.org + +- fixed missin exec bit to lxdm scripts + +------------------------------------------------------------------- +Wed Mar 17 19:55:19 UTC 2010 - andrea(a)opensuse.org + +- added lxdm-common.patch to fix bnc#586555 + +------------------------------------------------------------------- +Wed Mar 17 08:02:49 UTC 2010 - andrea(a)opensuse.org + +- restored lxdm-stderr_stdout_log.patch, it wasn't really fixed + +------------------------------------------------------------------- +Sat Mar 13 10:35:10 UTC 2010 - andrea(a)opensuse.org + +- add PreShutdown and PreRebot support + +------------------------------------------------------------------- +Fri Mar 12 17:46:04 UTC 2010 - andrea(a)opensuse.org + +- new git version 2010 03 12 +- add PostLogin,PreLogin,LoginReady,PostLogout steps support +- removed lxdm-stderr_stdout_log.patch, fixed upstream + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- lxdm-common.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxdm.spec ++++++ --- /var/tmp/diff_new_pack.l1YneW/_old 2010-03-19 15:13:04.000000000 +0100 +++ /var/tmp/diff_new_pack.l1YneW/_new 2010-03-19 15:13:04.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package lxdm (Version 0.2.0+git20100225) +# spec file for package lxdm (Version 0.2.0+git20100317) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -20,7 +20,7 @@ Name: lxdm Summary: LXDE Display Manager -Version: 0.2.0+git20100225 +Version: 0.2.0+git20100317 Release: 1 License: GPLv2 and LGPLv2 Group: System/X11/Displaymanagers @@ -34,6 +34,8 @@ # this patch allow lxdm to read system settings from /etc/sysconfig Patch3: %{name}-use-sysconfig.patch Patch4: %{name}-stderr_stdout_log.patch +# FIX BUG BNC#586555 +Patch5: %{name}-common.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf automake gcc gcc-c++ gettext-tools make BuildRequires: ConsoleKit-devel gettext-runtime gtk2-devel intltool @@ -54,6 +56,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 %__cp %{SOURCE1} . %build @@ -64,9 +67,14 @@ %install %makeinstall %__mkdir_p %buildroot/%_bindir -%__rm %buildroot/%_sbindir/lxdm +%__rm %buildroot/%_sbindir/%name %__rm -rf %buildroot/%_datadir/locale/frp -ln -sf %_sbindir/lxdm-binary %buildroot%_bindir/lxdm +ln -sf %_sbindir/%{name}-binary %buildroot%_bindir/%{name} +%__cp data/LoginReady data/PostLogout data/PreLogin %buildroot/%{_sysconfdir}/%{name}/ +chmod +x %buildroot/%{_sysconfdir}/%{name}/PreLogin +chmod +x %buildroot/%{_sysconfdir}/%{name}/PostLogout +chmod +x %buildroot/%{_sysconfdir}/%{name}/LoginReady + %fdupes %buildroot%{_datadir} %find_lang %{name} %__mkdir_p %buildroot/%{_localstatedir}/run @@ -79,15 +87,22 @@ %files -f %{name}.lang %defattr (-,root,root,-) %doc AUTHORS README COPYING README.SUSE -%dir %{_datadir}/lxdm/ -%{_datadir}/lxdm/* -%dir %{_sysconfdir}/lxdm/ -%{_bindir}/lxdm -%{_sbindir}/lxdm-binary -%{_libexecdir}/lxdm-greeter-gtk -%config(noreplace) %{_sysconfdir}/lxdm/Xsession -%config(noreplace) %{_sysconfdir}/lxdm/lxdm.conf -%config(noreplace) %{_sysconfdir}/pam.d/lxdm +%dir %{_datadir}/%{name}/ +%{_datadir}/%{name}/* +%dir %{_sysconfdir}/%{name}/ +%{_bindir}/%{name} +%{_sbindir}/%{name}-binary +%{_libexecdir}/%{name}-greeter-gtk +%config(noreplace) %{_sysconfdir}/%{name}/Xsession +#%config(noreplace) %{_sysconfdir}/%{name}/PreReboot +#%config(noreplace) %{_sysconfdir}/%{name}/PreShutdown +%config(noreplace) %{_sysconfdir}/%{name}/PreLogin +#%config(noreplace) %{_sysconfdir}/%{name}/PostLogin +%config(noreplace) %{_sysconfdir}/%{name}/PostLogout +%config(noreplace) %{_sysconfdir}/%{name}/LoginReady + +%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf +%config(noreplace) %{_sysconfdir}/pam.d/%{name} %ghost %{_localstatedir}/run/%{name}.pid %changelog ++++++ lxdm-common.patch ++++++ --- data/LoginReady +++ data/LoginReady 2010-03-17 10:16:06.540126607 +0000 @@ -0,0 +1,2 @@ +#!/bin/sh +test -x /etc/X11/xdm/Xsetup && exec /etc/X11/xdm/Xsetup --- data/PostLogout +++ data/PostLogout 2010-03-17 10:13:08.541090500 +0000 @@ -0,0 +1,2 @@ +#!/bin/sh +test -x /etc/X11/xdm/Xreset && exec /etc/X11/xdm/Xreset --- data/PreLogin +++ data/PreLogin 2010-03-17 10:11:41.272626486 +0000 @@ -0,0 +1,2 @@ +#!/bin/sh +test -x /etc/X11/xdm/Xstartup && exec /etc/X11/xdm/Xstartup --- data/Xsession +++ data/Xsession 2010-03-17 10:29:35.988626463 +0000 @@ -1,43 +1,26 @@ #!/bin/bash -# use bash for "exec -l", howto run login shell by /bin/sh ? +failsafe="xterm -ls -T Failsafe -geometry 80x24+0+0" +trap "exec $failsafe" EXIT SIGHUP SIGINT SIGPIPE SIGTERM SIGIO +shopt -s execfail -if [ $# -eq 1 -a -n "$1" ]; then - LXSESSION=$1 -else # default session - LXSESSION=/usr/bin/startlxde -fi +LXSESSION=/usr/bin/startlxde +test $# -eq 1 -a -n "$1" && LXSESSION=$1 + +export WINDOWMANAGER=$LXSESSION +test -x /etc/X11/xdm/Xsession && exec /etc/X11/xdm/Xsession +test -x /etc/X11/xinit/xinitrc && exec -l $SHELL -c /etc/X11/xinit/xinitrc -if [ -x /etc/X11/xinit/xinitrc-common ]; then -# fedora - . /etc/X11/xinit/xinitrc-common - if ! [ -z "$XDG_SESSION_COOKIE" ]; then - CK_XINIT_SESSION= - elif [ -x /usr/bin/ck-launch-session -a -z "$CK_XINIT_SESSION" ]; then - CK_XINIT_SESSION="/usr/bin/ck-launch-session" - fi - exec -l $SHELL -c "$CK_XINIT_SESSION \"$LXSESSION\"" -elif [ -x /etc/X11/xinit/Xsession ]; then -# fedora - exec /etc/X11/xinit/Xsession $LXSESSION -elif [ -x /etc/X11/Xsession ]; then -# mandriva, debian, ubuntu - exec /etc/X11/Xsession $LXSESSION -elif [ -x /etc/X11/xinit/xinitrc ]; then -#suse - export WINDOWMANAGER=$LXSESSION - exec -l $SHELL -c /etc/X11/xinit/xinitrc -else # unknown, user should custom /etc/lxdm/xinitrc self - if [ -x /etc/lxdm/xinitrc ]; then - . /etc/lxdm/xinitrc - fi - if ! [ -z "$XDG_SESSION_COOKIE" ]; then - CK_XINIT_SESSION= - elif [ -x /usr/bin/ck-launch-session ]; then - CK_XINIT_SESSION="/usr/bin/ck-launch-session" - fi - exec -l $SHELL -c "$CK_XINIT_SESSION \"$LXSESSION\"" +test -s /etc/lxdm/xinitrc && . /etc/lxdm/xinitrc + +if ! test -z "$XDG_SESSION_COOKIE" ; then + CK_XINIT_SESSION= +elif test -x /usr/bin/ck-launch-session ; then + CK_XINIT_SESSION="/usr/bin/ck-launch-session" fi +exec -l $SHELL -c "$CK_XINIT_SESSION \"$LXSESSION\"" +# failsafe +exit 1 ++++++ lxdm-stderr_stdout_log.patch ++++++ --- /var/tmp/diff_new_pack.l1YneW/_old 2010-03-19 15:13:04.000000000 +0100 +++ /var/tmp/diff_new_pack.l1YneW/_new 2010-03-19 15:13:04.000000000 +0100 @@ -1,7 +1,7 @@ diff -uNr old-lxdm//src/lxdm.c lxdm/src/lxdm.c ---- old-lxdm//src/lxdm.c 2010-03-01 13:24:09.427252931 +0100 -+++ lxdm/src/lxdm.c 2010-03-01 13:24:29.443281609 +0100 -@@ -224,16 +224,30 @@ +--- old-lxdm//src/lxdm.c 2010-03-17 08:59:21.625505719 +0100 ++++ lxdm/src/lxdm.c 2010-03-17 08:59:30.214257893 +0100 +@@ -222,16 +222,30 @@ exit(0); } @@ -32,7 +32,7 @@ } GSList *do_scan_xsessions(void) -@@ -615,6 +629,7 @@ +@@ -624,6 +638,7 @@ if( !getenv("DISPLAY") ) putenv("DISPLAY=:0"); @@ -40,7 +40,7 @@ create_server_auth(); arg = g_key_file_get_string(config, "server", "arg", 0); -@@ -1098,6 +1113,7 @@ +@@ -1079,6 +1094,7 @@ set_signal(); lxdm_get_tty(); ++++++ lxdm-use-sysconfig.patch ++++++ --- /var/tmp/diff_new_pack.l1YneW/_old 2010-03-19 15:13:04.000000000 +0100 +++ /var/tmp/diff_new_pack.l1YneW/_new 2010-03-19 15:13:04.000000000 +0100 @@ -1,6 +1,6 @@ diff -uNr old-lxdm//data/lxdm.conf.in lxdm/data/lxdm.conf.in ---- old-lxdm//data/lxdm.conf.in 2010-03-01 13:21:12.020281337 +0100 -+++ lxdm/data/lxdm.conf.in 2010-03-01 13:21:25.961002559 +0100 +--- old-lxdm//data/lxdm.conf.in 2010-03-17 08:58:48.493536524 +0100 ++++ lxdm/data/lxdm.conf.in 2010-03-17 08:59:01.436507715 +0100 @@ -1,6 +1,4 @@ [base] -# autologin=dgod @@ -10,7 +10,7 @@ diff -uNr old-lxdm//src/gdm/gdm-sysconfig.c lxdm/src/gdm/gdm-sysconfig.c --- old-lxdm//src/gdm/gdm-sysconfig.c 1970-01-01 01:00:00.000000000 +0100 -+++ lxdm/src/gdm/gdm-sysconfig.c 2010-03-01 13:21:25.962002547 +0100 ++++ lxdm/src/gdm/gdm-sysconfig.c 2010-03-17 08:59:01.438507761 +0100 @@ -0,0 +1,439 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- + * @@ -453,7 +453,7 @@ +} diff -uNr old-lxdm//src/gdm/gdm-sysconfig.h lxdm/src/gdm/gdm-sysconfig.h --- old-lxdm//src/gdm/gdm-sysconfig.h 1970-01-01 01:00:00.000000000 +0100 -+++ lxdm/src/gdm/gdm-sysconfig.h 2010-03-01 13:21:25.963002395 +0100 ++++ lxdm/src/gdm/gdm-sysconfig.h 2010-03-17 08:59:01.439508446 +0100 @@ -0,0 +1,41 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- + * @@ -497,9 +497,9 @@ + +#endif /* __GDM_SYSCONFIG_H */ diff -uNr old-lxdm//src/lxdm.c lxdm/src/lxdm.c ---- old-lxdm//src/lxdm.c 2010-03-01 13:21:12.018281640 +0100 -+++ lxdm/src/lxdm.c 2010-03-01 13:21:25.965002231 +0100 -@@ -71,6 +71,14 @@ +--- old-lxdm//src/lxdm.c 2010-03-17 08:58:48.491537596 +0100 ++++ lxdm/src/lxdm.c 2010-03-17 08:59:01.441537406 +0100 +@@ -69,6 +69,14 @@ #include "lxdm.h" @@ -514,7 +514,7 @@ GKeyFile *config; static pid_t server; static guint server_watch; -@@ -788,7 +796,7 @@ +@@ -800,7 +808,7 @@ char *name=NULL,*exec=NULL; if(!session || !session[0]) { @@ -523,7 +523,7 @@ if(!name && getenv("PREFERRED")) name = g_strdup(getenv("PREFERRED")); if(!session && getenv("DESKTOP")) -@@ -826,7 +834,7 @@ +@@ -838,7 +846,7 @@ if(!strcmp(name,"LXDE")) exec = g_strdup("startlxde"); else if( !strcmp(name, "GNOME") ) @@ -532,25 +532,7 @@ else if( !strcmp(name, "KDE") ) exec = g_strdup("startkde"); else if( !strcmp(name, "XFCE") ) -@@ -916,7 +924,7 @@ - - #if 0 - if( !session || !session[0] ) /* this means use default session */ -- session = g_key_file_get_string(config, "base", "session", 0); -+ session = gdm_sysconfig_load_value(SYSCONFIG_SESSION_FILE, SYSCONFIG_SESSION_KEY); - if( !session && getenv("PREFERRED") ) - session = g_strdup( getenv("PREFERRED") ); - if( !session && getenv("DESKTOP") ) -@@ -925,7 +933,7 @@ - if( !strcmp(p, "LXDE") ) - session = g_find_program_in_path("startlxde"); - else if( !strcmp(p, "GNOME") ) -- session = g_find_program_in_path("gnome-session"); -+ session = g_find_program_in_path("gnome"); - else if( !strcmp(p, "KDE") ) - session = g_find_program_in_path("startkde"); - else if( !strcmp(p, "XFCE") ) -@@ -979,7 +987,7 @@ +@@ -960,7 +968,7 @@ struct passwd *pw; char *user; @@ -560,8 +542,8 @@ return 0; if( AUTH_SUCCESS != lxdm_auth_user(user, 0, &pw) ) diff -uNr old-lxdm//src/Makefile.am lxdm/src/Makefile.am ---- old-lxdm//src/Makefile.am 2010-03-01 13:21:12.018281640 +0100 -+++ lxdm/src/Makefile.am 2010-03-01 13:21:25.966002428 +0100 +--- old-lxdm//src/Makefile.am 2010-03-17 08:58:48.491537596 +0100 ++++ lxdm/src/Makefile.am 2010-03-17 08:59:01.442537045 +0100 @@ -21,6 +21,7 @@ lxdm_binary_SOURCES = \ lxdm.c lxdm.h \ ++++++ lxdm.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxdm/INSTALL new/lxdm/INSTALL --- old/lxdm/INSTALL 2010-02-13 19:05:36.000000000 +0100 +++ new/lxdm/INSTALL 2010-03-12 18:37:49.000000000 +0100 @@ -1,10 +1,26 @@ -1 modify data/Xsession.am as your distribution - -2 compile and install +1 compile and install ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/libexec make make install -here libexecdir should change as you system path. +libexecdir should change as you system path. +sysconfdir must be /etc + + +2 custom + +modify data/Xsession.in as your distribution + +/etc/lxdm/PreLogin +before login, have root's context + +/etc/lxdm/PostLogin +login, before Xsession, user's context + +/etc/lxdm/PostLogout +when session logout done and ui ready + +/etc/lxdm/LoginReady +lxdm start done, called after ui ready diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxdm/TODO new/lxdm/TODO --- old/lxdm/TODO 2010-02-13 19:05:36.000000000 +0100 +++ new/lxdm/TODO 2010-03-17 08:50:55.000000000 +0100 @@ -2,4 +2,4 @@ 1. user list in greeter ui 2. lxdm-config tool to custom the lxdm - +3. remove xauth dependency and let login to desktop faster. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxdm/configure.ac new/lxdm/configure.ac --- old/lxdm/configure.ac 2010-02-25 14:53:37.000000000 +0100 +++ new/lxdm/configure.ac 2010-03-12 18:37:49.000000000 +0100 @@ -14,7 +14,6 @@ AM_PROG_CC_C_O # Checks for libraries. -AC_CHECK_LIB([Xmu], [XmuClientWindow]) AC_CHECK_LIB([crypt], [crypt]) AC_CHECK_LIB([pam], [pam_open_session]) AC_CHECK_LIB([ck-connector],[ck_connector_open_session]) @@ -69,7 +68,7 @@ po/Makefile.in pam/Makefile data/Makefile - data/lxdm.conf + data/lxdm.conf ]) AC_CONFIG_FILES([data/lxdm], [chmod +x data/lxdm]) AC_OUTPUT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxdm/lxdm.spec.in new/lxdm/lxdm.spec.in --- old/lxdm/lxdm.spec.in 2010-02-13 19:05:36.000000000 +0100 +++ new/lxdm/lxdm.spec.in 2010-03-14 12:23:50.000000000 +0100 @@ -14,7 +14,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release} -BuildRequires: gtk2-devel libXmu-devel pam-devel intltool +BuildRequires: gtk2-devel pam-devel intltool %description Light weight X11 display manager @@ -28,10 +28,6 @@ %configure -# a make macro should be used here -# even a "job based" make if possible -# %__make %{?jobs:-j%{jobs}} - %__make %install @@ -50,7 +46,6 @@ %postun -# exactly as "%find_lang" macro %files -f %{name}.lang %defattr (-,root,root,-) %doc AUTHORS NEWS README COPYING INSTALL ChangeLog diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxdm/po/bg.po new/lxdm/po/bg.po --- old/lxdm/po/bg.po 2010-02-13 19:05:36.000000000 +0100 +++ new/lxdm/po/bg.po 2010-03-15 22:50:58.000000000 +0100 @@ -3,51 +3,55 @@ # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # -#, fuzzy msgid "" msgstr "" -"Project-Id-Version: PACKAGE VERSION\n" +"Project-Id-Version: lxdm\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2010-01-12 01:46+0100\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" -"Language-Team: LANGUAGE <LL(a)li.org>\n" +"PO-Revision-Date: 2010-03-12 18:51+0200\n" +"Last-Translator: Радослав Иванов <rec_ku(a)hotmail.com>\n" +"Language-Team: " "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../data/lxdm.glade.h:1 msgid "Desktop:" -msgstr "" +msgstr "Работен плот:" #: ../data/lxdm.glade.h:2 msgid "Keyboard Layout:" -msgstr "" +msgstr "Клавиатурна подредба:" #: ../data/lxdm.glade.h:3 msgid "Language:" -msgstr "" +msgstr "Език:" -#: ../data/lxdm.glade.h:4 ../src/greeter.c:116 ../src/greeter.c:165 +#: ../data/lxdm.glade.h:4 +#: ../src/greeter.c:116 +#: ../src/greeter.c:165 msgid "User:" -msgstr "" +msgstr "Потребител:" #: ../src/gdm/gdm-languages.c:609 msgid "Unspecified" -msgstr "" +msgstr "Незададен" #: ../src/greeter.c:87 msgid "Password:" -msgstr "" +msgstr "Парола:" #: ../src/greeter.c:211 msgid "Default" -msgstr "" +msgstr "По подразбиране" #: ../src/greeter.c:260 msgid "_Reboot" -msgstr "" +msgstr "_Рестартирай" #: ../src/greeter.c:264 msgid "_Shutdown" -msgstr "" +msgstr "_Изключи" + + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxdm/po/fo.po new/lxdm/po/fo.po --- old/lxdm/po/fo.po 1970-01-01 01:00:00.000000000 +0100 +++ new/lxdm/po/fo.po 2010-03-15 08:24:35.000000000 +0100 @@ -0,0 +1,53 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-01-24 21:50+0800\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL(a)li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: ../data/lxdm.glade.h:1 +msgid "Desktop:" +msgstr "" + +#: ../data/lxdm.glade.h:2 +msgid "Keyboard Layout:" +msgstr "" + +#: ../data/lxdm.glade.h:3 +msgid "Language:" +msgstr "" + +#: ../data/lxdm.glade.h:4 ../src/greeter.c:132 ../src/greeter.c:181 +msgid "User:" +msgstr "" + +#: ../src/gdm/gdm-languages.c:609 +msgid "Unspecified" +msgstr "" + +#: ../src/greeter.c:103 +msgid "Password:" +msgstr "" + +#: ../src/greeter.c:232 +msgid "Default" +msgstr "" + +#: ../src/greeter.c:285 +msgid "_Reboot" +msgstr "" + +#: ../src/greeter.c:289 +msgid "_Shutdown" +msgstr "" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxdm/po/gl.po new/lxdm/po/gl.po --- old/lxdm/po/gl.po 2010-02-13 19:05:36.000000000 +0100 +++ new/lxdm/po/gl.po 2010-03-15 08:24:35.000000000 +0100 @@ -3,51 +3,53 @@ # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # -#, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2010-01-12 01:46+0100\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"PO-Revision-Date: 2010-03-09 10:22+0200\n" +"Last-Translator: Indalecio <ifreiria(a)gmail.com>\n" "Language-Team: LANGUAGE <LL(a)li.org>\n" +"Language: gl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Pootle 2.0.1\n" #: ../data/lxdm.glade.h:1 msgid "Desktop:" -msgstr "" +msgstr "Escritorio:" #: ../data/lxdm.glade.h:2 msgid "Keyboard Layout:" -msgstr "" +msgstr "Disposición de teclado:" #: ../data/lxdm.glade.h:3 msgid "Language:" -msgstr "" +msgstr "Idioma:" #: ../data/lxdm.glade.h:4 ../src/greeter.c:116 ../src/greeter.c:165 msgid "User:" -msgstr "" +msgstr "Usuario:" #: ../src/gdm/gdm-languages.c:609 msgid "Unspecified" -msgstr "" +msgstr "Sen especificar" #: ../src/greeter.c:87 msgid "Password:" -msgstr "" +msgstr "Contrasinal:" #: ../src/greeter.c:211 msgid "Default" -msgstr "" +msgstr "Predefinido" #: ../src/greeter.c:260 msgid "_Reboot" -msgstr "" +msgstr "_Reiniciar" #: ../src/greeter.c:264 msgid "_Shutdown" -msgstr "" +msgstr "_Apagar" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxdm/po/sl.po new/lxdm/po/sl.po --- old/lxdm/po/sl.po 2010-02-13 19:05:36.000000000 +0100 +++ new/lxdm/po/sl.po 2010-03-15 08:24:35.000000000 +0100 @@ -3,51 +3,54 @@ # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # -#, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2010-01-12 01:46+0100\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"PO-Revision-Date: 2010-02-17 15:23+0200\n" +"Last-Translator: Matej <paxmanpwnz(a)gmail.com>\n" "Language-Team: LANGUAGE <LL(a)li.org>\n" +"Language: sl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || " +"n%100==4 ? 2 : 3);\n" +"X-Generator: Pootle 2.0.1\n" #: ../data/lxdm.glade.h:1 msgid "Desktop:" -msgstr "" +msgstr "Namizje:" #: ../data/lxdm.glade.h:2 msgid "Keyboard Layout:" -msgstr "" +msgstr "Razpored tipk:" #: ../data/lxdm.glade.h:3 msgid "Language:" -msgstr "" +msgstr "Jezik:" #: ../data/lxdm.glade.h:4 ../src/greeter.c:116 ../src/greeter.c:165 msgid "User:" -msgstr "" +msgstr "Uporabnik:" #: ../src/gdm/gdm-languages.c:609 msgid "Unspecified" -msgstr "" +msgstr "Nedoločeno" #: ../src/greeter.c:87 msgid "Password:" -msgstr "" +msgstr "Geslo:" #: ../src/greeter.c:211 msgid "Default" -msgstr "" +msgstr "Privzeto" #: ../src/greeter.c:260 msgid "_Reboot" -msgstr "" +msgstr "_Ponovni zagon" #: ../src/greeter.c:264 msgid "_Shutdown" -msgstr "" +msgstr "_Izklop" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxdm/src/greeter.c new/lxdm/src/greeter.c --- old/lxdm/src/greeter.c 2010-02-13 19:05:36.000000000 +0100 +++ new/lxdm/src/greeter.c 2010-03-12 18:37:49.000000000 +0100 @@ -571,7 +571,6 @@ void set_root_background(void) { - char *p; GdkWindow *root = gdk_get_default_root_window(); /* set background */ @@ -655,6 +654,7 @@ /* use line buffered stdout for inter-process-communcation of * single-line-commands */ setvbuf(stdout, NULL, _IOLBF, 0 ); + gtk_main(); if( config_changed ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxdm/src/lxdm.c new/lxdm/src/lxdm.c --- old/lxdm/src/lxdm.c 2010-02-25 14:53:37.000000000 +0100 +++ new/lxdm/src/lxdm.c 2010-03-17 08:50:55.000000000 +0100 @@ -57,9 +57,7 @@ #include <execinfo.h> -#if HAVE_LIBXMU -#include <X11/Xmu/WinUtil.h> -#endif +#include <utmp.h> #if HAVE_LIBPAM #include <security/pam_appl.h> @@ -469,11 +467,22 @@ void switch_user(struct passwd *pw, char *run, char **env) { + int fd; + + g_spawn_command_line_sync ("/etc/lxdm/PreLogin",NULL,NULL,NULL,NULL); + if( !pw || initgroups(pw->pw_name, pw->pw_gid) || setgid(pw->pw_gid) || setuid(pw->pw_uid) || setsid() == -1 ) exit(EXIT_FAILURE); chdir(pw->pw_dir); + fd=open(".xsession-errors",O_WRONLY|O_CREAT|O_TRUNC,S_IRUSR|S_IWUSR); + if(fd!=-1) + { + dup2(fd,STDERR_FILENO); + close(fd); + } create_client_auth(pw->pw_dir); + g_spawn_command_line_async ("/etc/lxdm/PostLogin",NULL); execle("/etc/lxdm/Xsession", "/etc/lxdm/Xsession", run, NULL, env); exit(EXIT_FAILURE); } @@ -692,13 +701,12 @@ my_xid = 0; } -void stop_clients(int top) +static void stop_clients(void) { Window dummy, parent; Window *children; unsigned int nchildren; unsigned int i; - XWindowAttributes attr; Display *Dpy = gdk_x11_get_default_xdisplay(); Window Root = gdk_x11_get_default_root_xwindow(); @@ -707,43 +715,43 @@ nchildren = 0; XQueryTree(Dpy, Root, &dummy, &parent, &children, &nchildren); - if( !top ) - { - for( i = 0; i < nchildren; i++ ) - { - if( XGetWindowAttributes(Dpy, children[i], &attr) && (attr.map_state == IsViewable) ) -#if HAVE_LIBXMU - children[i] = XmuClientWindow(Dpy, children[i]); -#else - children[i] = children[i]; -#endif - else - children[i] = 0; - } - } for( i = 0; i < nchildren; i++ ) if( children[i] && !is_my_id(children[i]) ) XKillClient(Dpy, children[i]); + //printf("kill %d\n",i); XFree( (char *)children ); XSync(Dpy, 0); XSetErrorHandler(NULL); } -static void on_session_stop(GPid pid, gint status, gpointer data) +static int get_run_level(void) { - int code = WEXITSTATUS(status); + int res=0; + struct utmp *ut,tmp; + setutent(); + tmp.ut_type=RUN_LVL; + ut=getutid(&tmp); + if(!ut) return 0; + res=ut->ut_pid & 0xff; + endutent(); + //log_print("runlevel %c\n",res); + return res; +} + +static void on_session_stop(GPid pid, gint status, gpointer data) +{ killpg(pid, SIGHUP); stop_pid(pid); child = -1; + int level; if( server > 0 ) { /* FIXME just work around lxde bug of focus can't set */ - //stop_clients(0); - stop_clients(1); + stop_clients(); free_my_xid(); } #if HAVE_LIBPAM @@ -758,13 +766,17 @@ unsetenv("XDG_SESSION_COOKIE"); } #endif - if( code == 0 ) - /* xterm will quit use this, but we shul not quit here */ - /* so wait someone to kill me may better */ - //lxdm_quit_self(); - sleep(2); - + level=get_run_level(); + if(level=='0' || level=='6') + { + if(level=='0') + g_spawn_command_line_sync("/etc/lxdm/PreShutdown",0,0,0,0); + else + g_spawn_command_line_sync("/etc/lxdm/PreReboot",0,0,0,0); + lxdm_quit_self(0); + } ui_prepare(); + g_spawn_command_line_async("/etc/lxdm/PostLogout",NULL); } static void replace_env(char** env, const char* name, const char* new_val) @@ -895,10 +907,10 @@ /* override $PATH if needed */ path = g_key_file_get_string(config, "base", "path", 0); - if( G_UNLIKELY(path) && path[0] ) - replace_env(env, "PATH=", path); - else - replace_env(env, "PATH=","/usr/local/bin:/bin:/usr/bin"); + if( G_UNLIKELY(path) && path[0] ) /* if PATH is specified in config file */ + replace_env(env, "PATH=", path); /* override current $PATH with config value */ + else /* don't use the global env, they are bad for user */ + replace_env(env, "PATH=", "/usr/local/bin:/bin:/usr/bin"); /* set proper default */ g_free(path); /* optionally override $LANG, $LC_MESSAGES, and $LANGUAGE */ if( lang && lang[0] ) @@ -906,42 +918,9 @@ replace_env(env, "LANG=", lang); replace_env(env, "LC_MESSAGES=", lang); replace_env(env, "LANGUAGE=", lang); - } - -#if HAVE_LIBPAM -#if 0 - append_pam_environ(env); -#endif -#endif - -#if 0 - if( !session || !session[0] ) /* this means use default session */ - session = g_key_file_get_string(config, "base", "session", 0); - if( !session && getenv("PREFERRED") ) - session = g_strdup( getenv("PREFERRED") ); - if( !session && getenv("DESKTOP") ) - { - char *p = getenv("DESKTOP"); - if( !strcmp(p, "LXDE") ) - session = g_find_program_in_path("startlxde"); - else if( !strcmp(p, "GNOME") ) - session = g_find_program_in_path("gnome-session"); - else if( !strcmp(p, "KDE") ) - session = g_find_program_in_path("startkde"); - else if( !strcmp(p, "XFCE") ) - session = g_strdup("startxfce4"); - else - session = g_strdup(p); - } - if( !session ) - session = g_strdup(""); - - switch_user(pw, session, env); -#else - switch_user(pw, session_exec, env); -#endif - reason = 4; - exit(EXIT_FAILURE); + } + switch_user(pw, session_exec, env); + lxdm_quit_self(4); } g_free(session_name); g_free(session_exec); @@ -953,7 +932,8 @@ char *cmd; cmd = g_key_file_get_string(config, "cmd", "reboot", 0); if( !cmd ) cmd = g_strdup("reboot"); - system(cmd); + g_spawn_command_line_sync("/etc/lxdm/PreReboot",0,0,0,0); + g_spawn_command_line_async(cmd,0); g_free(cmd); lxdm_quit_self(0); } @@ -963,8 +943,9 @@ char *cmd; cmd = g_key_file_get_string(config, "cmd", "shutdown", 0); if( !cmd ) cmd = g_strdup("shutdown -h now"); + g_spawn_command_line_sync("/etc/lxdm/PreReboot",0,0,0,0); reason = 1; - system(cmd); + g_spawn_command_line_async(cmd,0); g_free(cmd); lxdm_quit_self(0); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lxdm/src/ui.c new/lxdm/src/ui.c --- old/lxdm/src/ui.c 2010-02-19 21:41:48.000000000 +0100 +++ new/lxdm/src/ui.c 2010-03-12 18:37:49.000000000 +0100 @@ -372,13 +372,6 @@ static void greeter_setup(gpointer user) { - struct passwd *pw; - if( AUTH_SUCCESS == lxdm_auth_user("lxdm", NULL, &pw) ) - { - initgroups(pw->pw_name, pw->pw_gid); - setgid(pw->pw_gid); - setuid(pw->pw_uid); - } } static gchar *greeter_param(char *str, char *name) @@ -470,6 +463,8 @@ dpy = gdk_x11_get_default_xdisplay(); root = gdk_get_default_root_window(); + XSetInputFocus(dpy,GDK_WINDOW_XWINDOW(root),RevertToNone,CurrentTime); + /* if session is running */ if( lxdm_cur_session() > 0 ) return; @@ -590,7 +585,8 @@ /* draw the first time */ gdk_window_show(win); - gdk_window_focus(win, 0); + //gdk_window_focus(win, GDK_CURRENT_TIME); + XSetInputFocus(dpy,GDK_WINDOW_XWINDOW(win),RevertToNone,CurrentTime); } void ui_add_cursor(void) @@ -605,10 +601,11 @@ int ui_main(void) { GMainLoop *loop = g_main_loop_new(NULL, 0); - ui_add_cursor(); ui_prepare(); + ui_add_cursor(); if(greeter == -1) /* if greeter is not used */ gdk_event_handler_set(ui_event_cb, 0, 0); + g_spawn_command_line_async("/etc/lxdm/LoginReady",NULL); g_main_loop_run(loop); return 0; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit jing for openSUSE:Factory
by root＠Hilbert.suse.de 19 Mar '10

19 Mar '10

Hello community, here is the log from the commit of package jing for openSUSE:Factory checked in at Fri Mar 19 15:12:51 CET 2010. -------- --- jing/jing.changes 2009-03-18 15:14:32.000000000 +0100 +++ jing/jing.changes 2010-03-19 13:45:15.000000000 +0100 @@ -1,0 +2,9 @@ +Mon Mar 15 16:46:41 CET 2010 - prusnak(a)suse.cz + +- updated to 20091111 + * add -C option to specify the catalog + * fix schematron test suite schema + * provide a resolver that implements OASIS XML catalogs + * take advantage of Java 5 features + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- jing-20081028.zip New: ---- jing-20091111.zip ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jing.spec ++++++ --- /var/tmp/diff_new_pack.LDJofl/_old 2010-03-19 15:08:05.000000000 +0100 +++ /var/tmp/diff_new_pack.LDJofl/_new 2010-03-19 15:08:05.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package jing (Version 20081028) +# spec file for package jing (Version 20091111) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,13 +21,13 @@ Name: jing BuildRequires: unzip Summary: Validator for RELAX NG in Java -Version: 20081028 -Release: 2 +Version: 20091111 +Release: 1 Url: http://code.google.com/p/jing-trang/ -Source: %{name}-%{version}.zip +Source: http://jing-trang.googlecode.com/files/%{name}-%{version}.zip Source1: jing Source2: %{name}-doc.tar.bz2 -License: BSD 3-Clause +License: BSD3c Group: Productivity/Publishing/XML BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: jre @@ -38,44 +38,37 @@ RELAX NG schema language and implements the following features: * RELAX NG 1.0 Specification - * RELAX NG Compact Syntax - * Parts of RELAX NG DTD Compatibility (checking of ID/IDREF/IDREFS) It also comes with experimental support for schema languages other than RELAX NG: * W3C XML Schema (based on Xerces-J) - * Schematron - * Name Space Routing Language - - -Authors: --------- - James Clark <jjc(a)jclark.com> - %prep -%setup -q -a 2 +%setup -q +mkdir man ; cd man +tar xfj %{SOURCE2} %build %install -install -D -m 644 bin/jing.jar $RPM_BUILD_ROOT%{_javadir}/jing.jar -install -d $RPM_BUILD_ROOT%{_datadir}/jing +install -D -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_bindir}/jing +install -D -m 644 bin/jing.jar $RPM_BUILD_ROOT%{_javadir}/jing-%{version}.jar +ln -s jing-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/jing.jar +mkdir -p $RPM_BUILD_ROOT%{_datadir}/jing cp -a lib/* $RPM_BUILD_ROOT%{_datadir}/jing -install -D -m 755 %{S:1} $RPM_BUILD_ROOT%{_bindir}/jing -install -D -m 0644 doc/jing.1 $RPM_BUILD_ROOT%{_mandir}/man1/jing.1 +install -D -m 0644 man/doc/jing.1 $RPM_BUILD_ROOT%{_mandir}/man1/jing.1 %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) -%doc readme.html doc sample +%doc readme.html doc/ sample %{_bindir}/jing %{_javadir}/* %dir %{_datadir}/jing ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit jana for openSUSE:Factory
by root＠Hilbert.suse.de 19 Mar '10

19 Mar '10

Hello community, here is the log from the commit of package jana for openSUSE:Factory checked in at Fri Mar 19 15:07:51 CET 2010. -------- New Changes file: --- /dev/null 2009-09-30 08:50:26.000000000 +0200 +++ jana/jana.changes 2009-11-11 12:04:56.000000000 +0100 @@ -0,0 +1,35 @@ +------------------------------------------------------------------- +Wed Nov 11 11:03:16 UTC 2009 - glin(a)novell.com + +- Update to commit commit 9bce985d6fee470b014f5efd23c50efcd2cf5bdb + +------------------------------------------------------------------- +Thu Mar 19 00:00:00 CET 2009 - damien.lespiau(a)intel.com + +- Update to revision 747 + +------------------------------------------------------------------- +Thu Mar 19 00:00:00 CET 2009 - damien.lespiau(a)intel.com + +- Update to revision 744 + +------------------------------------------------------------------- +Wed Mar 11 00:00:00 CET 2009 - damien.lespiau(a)intel.com + +- Update to revision 740 +- fix memory corruption caused by the US/Eastern-like time zone + +------------------------------------------------------------------- +Wed Mar 11 00:00:00 CET 2009 - damien.lespiau(a)intel.com + +- Update to revision 738 + +------------------------------------------------------------------- +Tue Feb 24 00:00:00 CET 2009 - damien.lespiau(a)intel.com + +- Update the snapshot to latest SVN head (revision 735) +- Update the build target in Makefile +- fixed 4 rpmlint errors/warnings + * Fri 05 Dec 2008 Joshua Lock <josh(a)linux.intel.com> - 20081205-1 +- Package a tarball of SVN trunk + calling whatdependson for head-i586 New: ---- jana-20091006.tar.bz2 jana.changes jana.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jana.spec ++++++ # # spec file for package jana (Version 20091006) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: jana Summary: An interface library for time-related PIM Group: Development/Libraries/Other Version: 20091006 Release: 1 License: GPLv2 Url: http://a-pseudo.url/sources/jana-20090319.tar.bz2 Source0: http://a-pseudo.url/sources/%{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: dbus-1-devel evolution-data-server-devel gconf2-devel libsoup-devel libxml2-devel BuildRequires: gtk2-devel BuildRequires: gnome-common BuildRequires: gtk-doc BuildRequires: intltool Requires: gtk2 Requires: evolution-data-server Requires: gconf2 %description An interface library for time-related personal information management related data. %package doc License: GPLv2 Summary: An interface library for time-related PIM Group: Development/Libraries/Other %description doc An interface library for time-related personal information management related data. %package devel License: GPLv2 Summary: An interface library for time-related PIM Group: Development/Libraries/Other Requires: %{name} = %{version}-%{release} Requires: pkgconfig Requires: %{name} >= %{version} %description devel An interface library for time-related personal information management related data. %prep %setup -q -n %{name}-%{version} %build #./autogen.sh --prefix=$BuildRoot/usr --enable-gtk-doc --disable-static ./autogen.sh %configure --enable-gtk-doc --disable-static make %{?_smp_mflags} %install rm -rf %{buildroot} %makeinstall %find_lang jana || echo -n >> jana.lang mkdir -p %{buildroot}/%{_datadir}/doc/%{name}-%{version} for f in `ls %{buildroot}/%{_datadir}/doc/`; do if [ -f %{buildroot}/%{_datadir}/doc/$f ]; then mv %{buildroot}/%{_datadir}/doc/$f %{buildroot}/%{_datadir}/doc/%{name}-%{version} fi done %clean rm -rf %{buildroot} %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %post devel -p /sbin/ldconfig %postun devel -p /sbin/ldconfig %files -f jana.lang %defattr(-,root,root,-) %doc COPYING %{_libdir}/libjana.so.0 %{_libdir}/libjana.so.0.* %{_libdir}/libjana-*.so.0 %{_libdir}/libjana-*.so.0.* %files doc %defattr(-,root,root,-) #%{_datadir}/doc/* %{_datadir}/gtk-doc/* %doc AUTHORS ChangeLog MAINTAINERS README %files devel %defattr(-,root,root,-) %dir %{_datadir}/jana %{_datadir}/jana/landwater.vmf #%{_datadir}/gtk-doc/* %{_includedir}/* %{_libdir}/libjana.so %{_libdir}/libjana.la %{_libdir}/libjana-*.so %{_libdir}/libjana-*.la %{_libdir}/pkgconfig/libjana.pc %{_libdir}/pkgconfig/libjana-ecal.pc %{_libdir}/pkgconfig/libjana-gtk.pc %changelog ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit cifs-utils for openSUSE:Factory
by root＠Hilbert.suse.de 19 Mar '10

19 Mar '10

Hello community, here is the log from the commit of package cifs-utils for openSUSE:Factory checked in at Fri Mar 19 11:57:29 CET 2010. -------- New Changes file: --- /dev/null 2009-09-30 08:50:26.000000000 +0200 +++ /mounts/work_src_done/STABLE/cifs-utils/cifs-utils.changes 2010-03-19 11:36:33.000000000 +0100 @@ -0,0 +1,5864 @@ +------------------------------------------------------------------- +Sun Mar 14 15:32:49 UTC 2010 - lmuelle(a)suse.de + +- Update to cif-utils 4.0. +- Create cifs-utils package which is independent from Samba. + +------------------------------------------------------------------- +Mon Mar 8 21:03:25 UTC 2010 - lmuelle(a)suse.de + +- Update to 3.5.1. + + Fix security flaw on Linux platforms if built with libcap support allowing + file system access even when permissions should have denied it; + CVE-2010-0728; (bso#7222). + +------------------------------------------------------------------- +Mon Mar 8 09:12:07 UTC 2010 - rhafer(a)novell.com + +- Fixed libldb.so link in libldb-devel. + +------------------------------------------------------------------- +Fri Mar 5 15:47:25 UTC 2010 - hhetter(a)novell.com + +- Fix argc handling in net_share, making the command "net share" + work again; (bso#7203); (bnc#584253). + +------------------------------------------------------------------- +Mon Mar 1 16:22:52 CET 2010 - lmuelle(a)suse.de + +- Update to 3.5.0. + + Fix duplicate sam and unix accounts; (bso#7145). + + Keep the the correct negotiate_flags on the cli->dc structure; (bso#7160). + + Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send; (bso#7166). + + Fix 'net ads dns' usage calls; (bso#7181). + + Fix uninitialized variable in wkssvc_enumerateusers; (bso#7182). + +------------------------------------------------------------------- +Wed Feb 24 14:55:27 CET 2010 - lmuelle(a)suse.de + +- Update to 3.4.6. + + Change parameter "wide links" to default to "no"; it's also incompatible + with "unix extensions"; (bso#7104); (bnc#577868). + + Fix printing with 64 bit clients (bso#6888). + + Fix core dump on 64 bit Linux (bso#7063). + + Fix failing of smbd to respond to a read or a write caused by Linux + asynchronous IO (aio) (bso#7067). + + Fix string buffer overflow causing heap corruption in smbd (bso#7096). + + + Fix bogus ip address in SWAT; (bso#5885). + + Fix vfs_full_audit; (bso#6557). + + Use the first "uid" value; (bso#6157). + + Fix large paged search with DirX LDAP servers; (bso#6981). + + Fix crash bug in 'cifs.upcall'; (bso#6868). + + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047). + + Fix DFS on AIX (maybe others); (bso#7052). + + Fix pdb_search crash as non-root user; (bso#7068). + + Fix unlocking of accounts from ldap; (bso#7072). + + Fix vfs_expand_msdfs; (bso#7081). + + Fix results of 'smbclient -L' with a large browse list; (bso#7098). + + Normalize "Changing password for" msg IDs and STRs; (bso#7102). + + Fix malformed require_membership_of_sid; (bso#7106). + + Fix reading of large browselist; (bso#7122). + + "mangling method = hash" can crash storing a name containing a '.'; + (bso#7154). + + Valgrind Conditional jump or move depends on uninitialised value(s) error + when "mangling method = hash"; (bso#7155). + + Fix listing of printjobs in Windows 7; (bso#7130). + + Spoolss getprinterdriver2 level 101 marshalling is bad; (bso#7136). + + + Make idmap cache persistent for "ldapsam:trusted". + + Also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() not + only the persistent idmap cache. + + Shortcut uid_to_sid when "ldapsam:trusted = yes". + + Make pdb_copy_sam_account also copy the group sid. + + Shortcut gid_to_sid when "ldapsam:trusted = yes". + + Speed up pdb_get_group_sid(). + + Try to build the full unix_pw structure with ldapsam:trusted support. + + Optimize ldapsam_alias_memberships() and cache ldap searches. + +------------------------------------------------------------------- +Fri Feb 19 16:27:03 CET 2010 - lmuelle(a)suse.de + +- Update to 3.5.0rc3. + + Change parameter "wide links" to default to "no"; it's also incompatible + with "unix extensions"; (bso#7104); (bnc#577868). + + + Fix vfs_full_audit; (bso#6557). + + Fix crash bug in 'cifs.upcall'; (bso#6868). + + Fix duplicate initializer in the rmdir module; (bso#6876). + + Fix printing with 64 bit clients; (bso#6888). + + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047). + + Fix core dump on Ubuntu 8.04 64 bit; (bso#7063). + + Fix failing of smbd to respond to a read or a write caused by Linux + asynchronous IO (aio); (bso#7067). + + Fix 'smbget' error status; (bso#7069). + + Fix build of 'smbfilter'; (bso#7071). + + Fix unlocking of accounts from ldap; (bso#7072). + + Cliconnect gets realm wrong with trusted domains; (bso#7079). + + Fix vfs_expand_msdfs; (bso#7081). + + Fix storing of create time on directories in an EA in new create time + code; (bso#7084). + + Fix an early release of the global lock that can cause data corruption in + libtdb; (bso#7085). + + Fix string buffer overflow causing heap corruption in smbd; (bso#7096). + + Fix results of 'smbclient -L' with a large browse list; (bso#7098). + + Normalize "Changing password for" msg IDs and STRs; (bso#7102). + + Fix malformed require_membership_of_sid; (bso#7106). + + Add pdb_ldap performance fixes; (bso#7116). + + Change ldap filter to what really was intended; (bso#7116). + + Add new "nmbd bind explicit broadcast" parameter; (bso#7118). + + Fix nmbd problems with socket address; (bso#7118). + + Support large browselist; (bso#7119). + + Fix reading of large browselist; (bso#7122). + + Fix listing of printjobs in Windows 7; (bso#7130). + + Owner of file not available with Kerberos; (bso#7139). + + Fix IPv4/IPv6 problems; (bso#7140). + + Fix get_acl_blob in the acl_tdb VFS module; (bso#7148). + + "mangling method = hash" can crash storing a name containing a '.'; + (bso#7154). + + Valgrind Conditional jump or move depends on uninitialised value(s) error + when "mangling method = hash"; (bso#7155). + + + Fix some wrong newlines in de translation strings. + +------------------------------------------------------------------- +Tue Feb 9 22:10:44 UTC 2010 - lmuelle(a)suse.de + +- Take extra care that a mount point of mount.cifs isn't changed during mount + and don't allow it to be run as setuid root program; CVE-2010-0787; + (bso#6853); (bnc#550002). + +------------------------------------------------------------------- +Tue Feb 9 17:10:55 UTC 2010 - lmuelle(a)suse.de + +- Check in mount.cifs for invalid characters in device name and mountpoint; + CVE-2010-0547; (brc#562156); (bnc#577925). + +------------------------------------------------------------------- +Tue Feb 9 05:00:08 CET 2010 - boyang(a)suse.de + +- Don't invalidate cache for uninitialized domains; (bnc#538923). + +------------------------------------------------------------------- +Tue Feb 9 04:59:09 CET 2010 - boyang(a)suse.de + +- Signals are processed twice in child; (bnc#538923). + +------------------------------------------------------------------- +Mon Feb 8 18:51:27 CET 2010 - jmcdonough(a)suse.de + +- Allow forced pw change even with min pw age; (bnc#561894). + +------------------------------------------------------------------- +Mon Feb 8 11:44:54 UTC 2010 - lmuelle(a)suse.de + +- Change parameter "wide links" to default to "no"; it's also incompatible + with "unix extensions"; (bso#7104); (bnc#577868). + +------------------------------------------------------------------- +Sun Feb 7 08:35:14 CET 2010 - boyang(a)suse.de + +- Fix enumerate domain local groups for primary domain; (bnc#573813). + +------------------------------------------------------------------- +Sun Feb 7 07:48:06 CET 2010 - boyang(a)suse.de + +- Fix malformed require_membership_of_sid; (bnc#525123); (bso#7106). + +------------------------------------------------------------------- +Fri Feb 5 17:12:24 UTC 2010 - lmuelle(a)suse.de + +- Normalize "Changing password for" msg IDs and STRs; (bnc#499233). + +------------------------------------------------------------------- +Thu Feb 4 16:58:53 UTC 2010 - rhafer(a)novell.com + +- Build libtevent and libldb and put them into separate subpackages. + +------------------------------------------------------------------- +Tue Jan 26 17:12:50 CET 2010 - lmuelle(a)suse.de + +- Update to 3.5.0rc2. + + The Using Samba HTML book has been removed. + + 'net', 'smbclient' and libsmbclient can use logon credentials cached by + Winbind; (bso#7062). + + New vfs_scannedonly module has been added; (bso#7028). + + + Check password history before increasing "badPasswordCount"; (bso#4347). + + Fix changing of ACLs on writable file with "dos filemode=yes"; (bso#5202). + + Restore Samba 3.0.x behavior and use the first "uid" value in pdb_ldap; + (bso#6157). + + Fix deletion of an object whose parent folder does not have delete rights + fails even if the delete right is set on the object in vfs_acl_xattr and + vfs_acl_tdb; (bso#6876). + + Fix large paged search with DirX LDAP servers; (bso#6981). + + Fix a segfault in winbindd_dual_ccache_ntlm_auth(); (bso#7027). + + Disable sanity check in NetShareEnum for better compatibility with + Windows; (bso#7029). ++++ 5667 more lines (skipped) ++++ between /dev/null ++++ and /mounts/work_src_done/STABLE/cifs-utils/cifs-utils.changes calling whatdependson for head-i586 New: ---- cifs.init cifs-utils-4.0.tar.bz2 cifs-utils.changes cifs-utils.spec mkinitrd_scripts_boot-cifs.sh mkinitrd_scripts_setup-cifs.sh ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cifs-utils.spec ++++++ # # spec file for package cifs-utils (Version 4.0) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem Name: cifs-utils Version: 4.0 Release: 1 License: GPLv3+ Group: System/Filesystems Url: http://www.samba.org/linux-cifs/cifs-utils/ Source: %{name}-%{version}.tar.bz2 Source1: cifs.init Source2: mkinitrd_scripts_boot-cifs.sh Source3: mkinitrd_scripts_setup-cifs.sh %if 0%{?suse_version} PreReq: insserv %{?fillup_prereq} mkinitrd %else PreReq: /sbin/chkconfig %endif %define initdir %{_sysconfdir}/init.d AutoReqProv: on Provides: cifs-mount Obsoletes: cifs-mount BuildRequires: krb5-devel libtalloc-devel %if 0%{?suse_version} > 1110 BuildRequires: fdupes %endif Requires: keyutils BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The cifs-utils package consist of utilities for doing and managing mounts of the Linux CIFS filesystem. %prep %setup -q %build %{?suse_update_config:%{suse_update_config -f}} autoreconf --force --install export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" %{configure} %{__make} %{?_smp_mflags} %install mkdir -p \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/init.d %{__make} install \ DESTDIR=${RPM_BUILD_ROOT} %if 0%{?suse_version} mkdir -p ${RPM_BUILD_ROOT}/lib/mkinitrd/scripts/ %{__install} -m 0755 ${RPM_SOURCE_DIR}/mkinitrd_scripts_boot-cifs.sh ${RPM_BUILD_ROOT}/lib/mkinitrd/scripts/boot-cifs.sh %{__install} -m 0755 ${RPM_SOURCE_DIR}/mkinitrd_scripts_setup-cifs.sh ${RPM_BUILD_ROOT}/lib/mkinitrd/scripts/setup-cifs.sh %endif # Hardlink duplicate files %if 0%{?suse_version} > 1110 %fdupes ${RPM_BUILD_ROOT} %endif %preun %if 0%{?suse_version} %{stop_on_removal cifs} %else if [ $1 = 0 ] ; then test -x /sbin/chkconfig && /sbin/chkconfig --del cifs fi %endif exit 0 %post [ -x /sbin/mkinitrd_setup ] && mkinitrd_setup exit 0 %postun %if 0%{?suse_version} %{restart_on_update cifs} %{insserv_cleanup} %else if [ "$1" -ge "1" ]; then %{initdir}/cifs restart >/dev/null fi %endif exit 0 %files %defattr(-,root,root) /sbin/mount.cifs #/sbin/umount.cifs %doc %{_mandir}/man8/mount.cifs.8.* #%doc %{_mandir}/man8/umount.cifs.8.* %{_sbindir}/cifs.upcall %doc %{_mandir}/man8/cifs.upcall.8.* %if 0%{?suse_version} > 1100 %dir /lib/mkinitrd %dir /lib/mkinitrd/scripts /lib/mkinitrd/scripts/setup-cifs.sh /lib/mkinitrd/scripts/boot-cifs.sh %endif %changelog ++++++ cifs.init ++++++ #! /bin/sh # Copyright (c) 1999-2009 SuSE Linux AG, Nuernberg, Germany. # All rights reserved. # # Author: Thomas Fehr, 1999-2001 # Lars Mueller <lmuelle(a)suse.de>, 2002-2009 # Bjoern Jacke <bjacke(a)SerNet.de> 2004 # # /etc/init.d/cifs # and its symbolic link # /usr/sbin/rccifs # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # ### BEGIN INIT INFO # Provides: cifs # Required-Start: $network $syslog # Should-Start: nmb # Required-Stop: $network $syslog # Should-Stop: nmb # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: Import remote SMB/ CIFS (MS Windows) file systems # Description: Import remote SMB/ CIFS (MS Windows) file systems ### END INIT INFO # To access SMB/ CIFS servers beyond the network broadcast domain it may be # necessary to also activate the nmb service. Also see section 'cifs and nmb # service' in /usr/share/doc/packages/samba/README.SUSE . /etc/rc.status rc_reset LC_ALL=en_US CIFSTAB="/etc/samba/cifstab" SMB_CONF="/etc/samba/smb.conf" CIFS_STATE_FILE="/var/lock/subsys/cifs" SLEEP=1 TIMEOUT=10 grep -q " cifs " /proc/mounts test $? -eq 0 && cifs_used=yes || cifs_used=no case "$1" in start) grep -q '^[[:space:]]*[^#].*[[:space:]]cifs[[:space:]]' /etc/fstab rc=$? if [ ! -f ${CIFSTAB} -a ${rc} -ne 0 ]; then echo -n >&2 "No ${CIFSTAB} found and no type cifs active in /etc/fstab. " rc_status -s exit 6 fi echo -n "Mount CIFS File Systems " service_used="no" if [ ${rc} -eq 0 ]; then service_used="yes" timer=${TIMEOUT} JOBS="none" printdot="" while [ "${JOBS}" ] && [ ${timer} -gt 0 ]; do if [ -z "${printdot}" ]; then echo echo -n "from /etc/fstab " mount -at cifs >/dev/null & PID=$! fi test -e /proc/$PID || JOBS="" if [ "${JOBS}" ]; then timer=$[${timer}-1] echo -n "." sleep ${SLEEP} printdot="yes" fi done test "${printdot}" && echo -n " " if [ "${JOBS}" -a ${timer} -eq 0 ]; then echo -n >&2 " Error: timeout while mount. " rc_failed fi rc_status -v fi timer=-1 test -e ${CIFSTAB} && \ while read service mountpoint vfstype options; do case "${service}" in ""|\#*|\;*) continue ;; esac # Set default vfstype which is also a hack for old # cifstab formated files without a vfstype set. if [ "${vfstype}" != "cifs" -a -z "${options}" ]; then options="${vfstype}" vfstype="cifs" fi # If no options are set use an empty password. if [ -z "${options}" ]; then options="password=" fi if [ ${timer} -eq -1 ]; then echo -en "from ${CIFSTAB} \n" timer=0 fi # Remove /s at the end of a mount point. mountpoint=$( echo "$mountpoint"|sed "s/\/*$//") if grep -q "[[:space:]]$mountpoint[[:space:]]" /proc/mounts; then echo -n "$mountpoint: mount point already in use. " rc_status -s continue fi service_used="yes" echo -n "${service} on ${mountpoint} type ${vfstype} " rc_reset timer=${TIMEOUT} JOBS="none" printdot="" while [ "${JOBS}" ] && [ ${timer} -gt 0 ]; do if [ -z "${printdot}" ]; then mount -t "${vfstype}" -o ${options} "${service}" "${mountpoint}" >/dev/null & PID=$! fi test -e /proc/$PID || JOBS="" if [ "${JOBS}" ]; then timer=$[${timer}-1] echo -n "." sleep ${SLEEP} printdot="yes" fi done test "${printdot}" && echo -n " " if [ "${JOBS}" -a ${timer} -eq 0 ]; then echo -n >&2 " Error: timeout while mount. " rc_failed fi rc_status -v done < ${CIFSTAB} test "${service_used}" = "no" && rc_status -u touch ${CIFS_STATE_FILE} ;; stop) echo -n "Umount CIFS File Systems " if [ "${cifs_used}" = "yes" ]; then # # Unmount in background due to possible long timeouts # timer=${TIMEOUT} JOBS="none" printdot="" while [ "${JOBS}" ] && [ ${timer} -gt 0 ]; do if [ -z "${printdot}" ]; then umount -at cifs & PID=$! fi test -e /proc/$PID || JOBS="" if [ "${JOBS}" ]; then timer=$[${timer}-1] echo -n "." sleep ${SLEEP} printdot="yes" fi done test "${printdot}" && echo -n " " if [ "${JOBS}" -a ${timer} -eq 0 ]; then echo -n >&2 " Error: timeout while umount. " rc_failed fi fi rc_status -v ;; try-restart|condrestart) if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset fi rc_status ;; force-reload|restart) $0 stop $0 start rc_status ;; reload) echo -n "Reload mounted CIFS File Systems " rc_failed 3 rc_status -v ;; status) echo -n "Checking for mounted CIFS File Systems " if [ "${cifs_used}" = "yes" ]; then mount -t cifs | while read service on mountpoint type vfstype rest; do echo echo -n "${service} on ${mountpoint} type ${vfstype} " done else rc_failed 3 fi rc_status -v ;; probe) test ${CIFSTAB} -nt ${CIFS_STATE_FILE} -o \ ${SMB_CONF} -nt ${CIFS_STATE_FILE} && echo restart ;; *) echo "Usage: $0 {start|stop|status|force-reload|reload|restart|reload|probe}" exit 1 ;; esac rc_exit ++++++ mkinitrd_scripts_boot-cifs.sh ++++++ #!/bin/bash #%stage: block #%modules: cifs #%programs: /sbin/mount.cifs #%if: "$rootfstype" = "cifs" # ##### CIFS support ## ## This is where CIFS gets mounted. ## ## Command line parameters ## ----------------------- ## ## root=cifs://[user:pass@]<server>/<folder> the cifs root path ## cifsuser=<username> (only used if not defined in root=) ## cifspass=<password> (only used if not defined in root=) ## if [ "$rootfstype" = "cifs" ]; then # load the cifs module before using it load_modules if [ "${rootdev%%://*}" = "cifs" ]; then # URL parsing rootdev=${rootdev##cifs://} username=${rootdev%@*} password=${username#*:} if [ "$password" ]; then cifspass=$password username=${username%:*} fi cifsuser=$username if [ "$username" ]; then rootdev="${rootdev#*@}" fi rootdev="//$rootdev" fi rootfsmod= if [ ! "$cifsuser" -o ! "$cifspass" ]; then echo "For CIFS support you need to specify a username and password either in the cifsuser and cifspass commandline parameters or in the root= CIFS URL." fi if [ "$rootflags" ] ; then rootflags="${rootflags},user=$cifsuser" else rootflags="user=$cifsuser" fi rootflags="$rootflags,pass=$cifspass" else dont_load_modules fi ++++++ mkinitrd_scripts_setup-cifs.sh ++++++ #!/bin/bash # #%stage: device # if [ "$rootfstype" = "cifs" ]; then interface=default save_var rootfstype fi ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0