openSUSE Commits
Threads by month
- ----- 2024 -----
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
May 2014
- 1 participants
- 1539 discussions
Hello community,
here is the log from the commit of package subversion for openSUSE:12.3:Update checked in at 2014-05-26 13:41:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/subversion (Old)
and /work/SRC/openSUSE:12.3:Update/.subversion.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "subversion"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _link ++++++
--- /var/tmp/diff_new_pack.6QbFNm/_old 2014-05-26 13:41:57.000000000 +0200
+++ /var/tmp/diff_new_pack.6QbFNm/_new 2014-05-26 13:41:57.000000000 +0200
@@ -1 +1 @@
-<link package='subversion.2584' cicount='copy' />
+<link package='subversion.2825' cicount='copy' />
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package subversion.2825 for openSUSE:12.3:Update checked in at 2014-05-26 13:41:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/subversion.2825 (Old)
and /work/SRC/openSUSE:12.3:Update/.subversion.2825.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "subversion.2825"
Changes:
--------
New Changes file:
--- /dev/null 2014-05-19 01:51:27.372033255 +0200
+++ /work/SRC/openSUSE:12.3:Update/.subversion.2825.new/subversion.changes 2014-05-26 13:41:55.000000000 +0200
@@ -0,0 +1,3138 @@
+-------------------------------------------------------------------
+Tue May 13 19:13:21 UTC 2014 - andreas.stieger(a)gmx.de
+
+- Apache Subversion 1.7.17 [bnc#877560]
+- Client-side bugfixes:
+ * log: use proper peg revision over DAV
+ * move: fix errors when moving files between an external and the
+ parent working copy
+ * copy: fix 'svn copy URL WC' on relocated working copies
+- Server-side bugfixes:
+ * mod_dav_svn: blacklist building with broken versions of httpd;
+ 2.2.25, 2.4.5 and 2.4.6
+ * mod_dav_svn: detect out of dateness correctly during commit
+- Developer-visible changes:
+ * fix libmagic detection with custom LDFLAGS
+ * fix a missing null byte when handling old pre-1.4 deltas
+ * support building with Serf 1.3.x
+- Bindings:
+ * javahl: fix crash from resolve callback throwing an exception
+
+-------------------------------------------------------------------
+Wed Feb 26 18:31:07 UTC 2014 - andreas.stieger(a)gmx.de
+
+- Apache Subversion 1.7.16 [bnc#862459]
+ This release addresses one security issue:
+ CVE-2014-0032: mod_dav_svn DoS vulnerability with SVNListParentPath.
+ Affects servers with mod_dav_svn when configured on the root path
+ of the server and SVNListParentPath is on.
+- Client-side bugfixes:
+ * copy: fix some scenarios that broke the working copy
+ * diff: fix regressions due to fixes in 1.7.14
+- Server-side bugfixes:
+ * mod_dav_svn: prevent crashes with SVNListParentPath on
+ (CVE-2014-0032)
+ * reduce memory usage during checkout and export
+ Developer-visible changes:
+ * fix failure in checkout_tests.py
+ * support compiling against Cyrus sasl 2.1.25
+ * support compiling against neon 0.30.x
+- modified patches:
+ * subversion-no-build-date.patch for context changes
+- 1.7.15 was not released
+- only require and build with junit when building with java and
+ running regression tests
+
+-------------------------------------------------------------------
+Tue Nov 26 18:23:33 UTC 2013 - andreas.stieger(a)gmx.de
+
+- update to 1.7.14 [bnc#850747], addressing two security issues:
+ * CVE-2013-4505: mod_dontdothat does not restrict requests from
+ serf clients.
+ * CVE-2013-4558: mod_dav_svn assertion triggered by
+ autoversioning commits.
+ - Client- and server-side bugfixes:
+ * fix assertion on urls of the form 'file://./'
+ - Client-side bugfixes:
+ * upgrade: fix an assertion when used with pre-1.3 wcs
+ * fix externals that point at redirected locations
+ * diff: fix incorrect calculation of changes in some cases
+ * diff: fix errors with added/deleted targets
+ - Server-side bugfixes:
+ * mod_dav_svn: Prevent crashes with some 3rd party modules
+ * fix OOM on concurrent requests at threaded server start
+ * fsfs: limit commit time of files with deep change histories
+ * mod_dav_svn: canonicalize paths properly
+ - Other tool improvements and bugfixes:
+ * mod_dontdothat: Fix the uri parser
+- Developer-visible changes:
+ * javahl: canonicalize path for streamFileContent method
+- require python-sqlite when running regression tests
+
+-------------------------------------------------------------------
+Fri Aug 30 15:55:05 UTC 2013 - andreas.stieger(a)gmx.de
+
+- update to 1.7.13 [bnc#836245]
+- User-visible changes:
+ - General
+ * merge: fix bogus mergeinfo with conflicting file merges
+ * diff: fix duplicated path component in '--summarize' output
+ * ra_serf: ignore case when checking certificate common names
+ - Server-side bugfixes:
+ * svnserve: fix creation of pid files CVE-2013-4277
+ * mod_dav_svn: better status codes for commit failures
+ * mod_dav_svn: do not map requests to filesystem
+- Developer-visible changes:
+ - General:
+ * don't use uninitialized variable to produce an error code
+ - Bindings:
+ * swig-pl: fix SVN::Client not honoring config file settings
+ * swig-pl & swig-py: disable unusable svn_fs_set_warning_func
+
+-------------------------------------------------------------------
+Wed Jul 24 17:43:22 UTC 2013 - andreas.stieger(a)gmx.de
+
+- update to 1.7.11 [bnc#830031] CVE-2013-4131
+ * translation updates for Simplified Chinese
+ * mod_dav_svn: fix incorrect path canonicalization
+ * javahl bindings: fix bug in error constructing code
+
+-------------------------------------------------------------------
+Fri May 31 20:44:34 UTC 2013 - andreas.stieger(a)gmx.de
+
+- update to 1.7.10 [bnc#821505]
+ CVE-2013-1968 CVE-2013-2088 CVE-2013-2112
+ - Client-side bugfixes:
+ * fix 'svn revert' "no such table: revert_list" spurious error
+ * fix 'svn diff' doesn't show some locally added files
+ * fix changelist filtering when --changelist values aren't UTF8
+ * fix 'svn diff --git' shows wrong copyfrom
+ * fix 'svn diff -x-w' shows wrong changes
+ * fix 'svn blame' sometimes shows every line as modified
+ * fix regression in 'svn status -u' output for externals
+ * fix file permissions change on commit of file with keywords
+ * improve some fatal error messages
+ * fix externals not removed when working copy is made shallow
+ - Server-side bugfixes:
+ * fix repository corruption due to newline in filename
+ * fix svnserve exiting when a client connection is aborted
+ * fix svnserve memory use after clear
+ * fix repository corruption on power/disk failure on Windows
+ - Developer visible changes:
+ * make get-deps.sh compatible with Solaris /bin/sh
+ * fix infinite recursion bug in get-deps.sh
+ * fix uninitialised output parameter of svn_fs_commit_txn()
+ - Bindings:
+ * fix JavaHL thread-safety bug
+
+-------------------------------------------------------------------
+Sun Apr 7 20:50:38 UTC 2013 - andreas.stieger(a)gmx.de
+
+- update to 1.7.9 [bnc#813913], addressing remotely triggerable
+ vulnerabilities in mod_dav_svn which may result in denial of service:
+ + CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
+ + CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
+ + CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs
+ + CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs
+ + CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT
+- further changes:
+ + Client-side bugfixes:
+ * improved error messages about svn:date and svn:author props.
+ * fix local_relpath assertion
+ * fix memory leak in `svn log` over svn://
+ * fix incorrect authz failure when using neon http library
+ * fix segfault when using kwallet
+ + Server-side bugfixes:
+ * svnserve will log the replayed rev not the low-water rev.
+ * mod_dav_svn will omit some property values for activity urls
+ * fix an assertion in mod_dav_svn when acting as a proxy on /
+ * improve memory usage when committing properties in mod_dav_svn
+ * fix svnrdump to load dump files with non-LF line endings
+ * fix assertion when rep-cache is inaccessible
+ * improved logic in mod_dav_svn's implementation of lock.
+ * avoid executing unnecessary code in log with limit
+- Developer-visible changes:
+ + General:
+ * fix an assertion in dav_svn_get_repos_path() on Windows
+ * fix get-deps.sh to correctly download zlib
+ * doxygen docs will now ignore prefixes when producing the index
+ * fix get-deps.sh on freebsd
+ + Bindings:
+ * javahl status api now respects the ignoreExternals boolean
+- refresh subversion-no-build-date.patch for upstream source changes
+
+-------------------------------------------------------------------
+Mon Dec 17 00:00:00 UTC 2012 - andreas.stieger(a)gmx.de
+
+- update to 1.7.8 [bnc#794676]
+ + Client- and server-side bugfixes:
+ * Fix typos in pt_BR, es and zh_TW translations
+ + Client-side bugfixes:
+ * add missing attributes to "svn log -v --xml" output
+ * fix svn patch ignoring hunks after no trailing newline
+ * fix hang with ra_serf during error processing
+ * ignore file externals with mergeinfo when merging
+ * fix SEGV with "svnmucc cp rev arg" during argv processing
+ * fix conflict handling on symlinks
+ + Server-side bugfixes:
+ * properly detect threading availability
+ * fix "svnadmin load --bypass-prop-validation"
+ * fix parsing of [groupsfoo] sections in authz file
+ * add Vary: header to GET responses to improve cacheability
+ * fix fs_fs to cleanup after failed rep transmission
+ * fix mod_dav_svn to complain about revisions > HEAD
+ + Developer-visible changes:
+ * fix incorrect status returned by 1.6 API
+ * fix compilation with g++ 4.7
+- drop subversion-1.7.5-libsvn_auth_kwallet-r1345740.patch
+ as it was merged upstream
+- update annotation of subversion-1.7.4-ruby-1.9-RbConfig.patch
+- remove excess logging from optional regression tests to reduce
+ spurious build failures in OBS due to size of log
+- remove commands trailing "make check" which masked build failures
+- add subversion-1.7.8-TestHarness_run_py_test_exit_code.patch
+ to ensure "make check" fails when certain Python tests fail
+
+-------------------------------------------------------------------
+Sat Dec 8 12:11:19 UTC 2012 - andreas.stieger(a)gmx.de
++++ 2941 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.3:Update/.subversion.2825.new/subversion.changes
New:
----
contrib-1187941.tar.bz2
sqlite-autoconf-3070603.tar.bz2
subversion-1.7.17.tar.bz2
subversion-1.7.4-ruby-1.9-RbConfig.patch
subversion-1.7.8-TestHarness_run_py_test_exit_code.patch
subversion-neon-systemproxy.patch
subversion-no-build-date.patch
subversion-swig-perl-install_vendor.patch
subversion-tests-httpd-users
subversion-tests-httpd.conf.tmpl
subversion.README.SuSE
subversion.changes
subversion.conf
subversion.libtool-pie-flags.patch
subversion.libtool-verbose.patch
subversion.perl.LD_RUN_PATH.patch
subversion.rcsvnserve
subversion.rpmlintrc
subversion.spec
subversion.svndiff.sh
subversion.svngrep.sh
subversion.sysconfig.svnserve
subversion.sysconfig.svnserve.remoteaccess
subversion.xinetd.svnserve
svnmerge.py
swig-1.3.36.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ subversion.spec ++++++
++++ 889 lines (skipped)
++++++ subversion-1.7.4-ruby-1.9-RbConfig.patch ++++++
From: Andreas Stieger <andreas.stieger(a)gmx.de>
Date: Sat, 12 May 2012 00:20:35 +0100
Subject: [PATCH] fix Ruby 1.9 deprecation warning for Config, use RbConfig
References: http://mail-archives.apache.org/mod_mbox/subversion-dev/201205.mbox/%3C4FAD… https://mail-archives.apache.org/mod_mbox/subversion-commits/201205.mbox/%3…
Upstream: merged
Fixes warning/error in ruby 1.9 "Use RbConfig instead of obsolete and deprecated Config"
$ svn log -r1337514 -v https://svn.apache.org/repos/asf/subversion/trunk/
------------------------------------------------------------------------
r1337514 | astieger | 2012-05-12 12:19:00 +0100 (Sat, 12 May 2012) | 9 lines
Changed paths:
M /subversion/trunk/build/ac-macros/swig.m4
M /subversion/trunk/configure.ac
fix Ruby 1.9 deprecation warning for Config, use RbConfig
* configure.ac
replace Config with RbConfig
* build/ac-macros/swig.m4
replace Config with RbConfig
Approved by: gstein
---
build/ac-macros/swig.m4 | 2 +-
configure.ac | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
Index: subversion-1.7.8/build/ac-macros/swig.m4
===================================================================
--- subversion-1.7.8.orig/build/ac-macros/swig.m4 2011-06-22 15:45:03.000000000 +0100
+++ subversion-1.7.8/build/ac-macros/swig.m4 2012-12-11 13:00:18.000000000 +0000
@@ -187,7 +187,7 @@ AC_DEFUN(SVN_FIND_SWIG,
for var_name in arch archdir CC LDSHARED DLEXT LIBS LIBRUBYARG \
rubyhdrdir sitedir sitelibdir sitearchdir libdir
do
- rbconfig_tmp=`$rbconfig "print Config::CONFIG@<:@'$var_name'@:>@"`
+ rbconfig_tmp=`$rbconfig "print RbConfig::CONFIG@<:@'$var_name'@:>@"`
eval "rbconfig_$var_name=\"$rbconfig_tmp\""
done
Index: subversion-1.7.8/configure.ac
===================================================================
--- subversion-1.7.8.orig/configure.ac 2012-10-02 18:18:00.000000000 +0100
+++ subversion-1.7.8/configure.ac 2012-12-11 13:00:18.000000000 +0000
@@ -1117,12 +1117,12 @@ if test "$RUBY" != "none"; then
AC_PATH_PROGS(RDOC, rdoc rdoc1.8 rdoc18, none)
fi
AC_CACHE_CHECK([for Ruby major version], [svn_cv_ruby_major],[
- svn_cv_ruby_major="`$RUBY -rrbconfig -e 'print Config::CONFIG.fetch(%q(MAJOR))'`"
+ svn_cv_ruby_major="`$RUBY -rrbconfig -e 'print RbConfig::CONFIG.fetch(%q(MAJOR))'`"
])
RUBY_MAJOR="$svn_cv_ruby_major"
AC_CACHE_CHECK([for Ruby minor version], [svn_cv_ruby_minor],[
- svn_cv_ruby_minor="`$RUBY -rrbconfig -e 'print Config::CONFIG.fetch(%q(MINOR))'`"
+ svn_cv_ruby_minor="`$RUBY -rrbconfig -e 'print RbConfig::CONFIG.fetch(%q(MINOR))'`"
])
RUBY_MINOR="$svn_cv_ruby_minor"
++++++ subversion-1.7.8-TestHarness_run_py_test_exit_code.patch ++++++
Date: Wed, 12 Dec 2012 20:01:11 +0000
From: Andreas Stieger <andreas.stieger(a)gmx.de>
Subject: [PATCH] Prevent false negative results of "make check" in Python
References: http://svn.apache.org/viewvc/subversion/trunk/build/run_tests.py?r1=1420904…
Upstream: merged
Patch changes the test harness to prevent some false negatives when
running the test suite. Specifically, if a python test initialisation
returns in such a way that the test runner doesn't know how to handle
the result, change to code to return a non-zero exit code like and,
subsequently, have "make check" fail correctly. Reproducible by using
Python < 2.5 or missing sqlite3 Python bindings, exit triggered by
subversion/tests/cmdline/svntest/__init__.py
In the openSUSE obs, affects SLE 11 only, when building with unit tests.
svn diff -c1420944 https://svn.apache.org/repos/asf/subversion/trunk
---
build/run_tests.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: subversion-1.7.8/build/run_tests.py
===================================================================
--- subversion-1.7.8.orig/build/run_tests.py 2012-09-29 05:02:11.000000000 +0100
+++ subversion-1.7.8/build/run_tests.py 2012-12-12 20:48:29.000000000 +0000
@@ -378,7 +378,7 @@ class TestHarness:
('.py', 'U', imp.PY_SOURCE))
except:
print('Don\'t know what to do about ' + progbase)
- raise
+ sys.exit(1)
import svntest.main
++++++ subversion-neon-systemproxy.patch ++++++
Index: subversion/libsvn_ra_neon/session.c
===================================================================
--- subversion/libsvn_ra_neon/session.c.orig 2011-12-21 17:36:12.000000000 +0000
+++ subversion/libsvn_ra_neon/session.c 2011-12-21 17:36:17.000000000 +0000
@@ -910,6 +910,17 @@ svn_ra_neon__open(svn_ra_session_t *sess
}
#endif
}
+#ifdef SVN_NEON_0_29
+ else
+ {
+ /* If we do not have any proxy specified for this host and
+ we're running a new enough neon implementation, we use
+ neon's session proxy autodetection (via libproxy). */
+ ne_session_system_proxy(sess, 0);
+ ne_session_system_proxy(sess2, 0);
+ }
+#endif
+
if (!timeout)
timeout = DEFAULT_HTTP_TIMEOUT;
Index: build/ac-macros/neon.m4
===================================================================
--- build/ac-macros/neon.m4.orig 2011-12-21 17:36:12.000000000 +0000
+++ build/ac-macros/neon.m4 2011-12-21 17:38:02.000000000 +0000
@@ -100,6 +100,11 @@ AC_DEFUN(SVN_NEON_CONFIG,
[Define to 1 if you have Neon 0.28 or later.])
fi
+ if test -n ["`echo "$NEON_VERSION" | $EGREP '^0\.(29|3[0-9])\.'`"] ; then
+ AC_DEFINE_UNQUOTED([SVN_NEON_0_29], [1],
+ [Define to 1 if you have Neon 0.29 or later.])
+ fi
+
for svn_allowed_neon in $NEON_ALLOWED_LIST; do
if test -n "`echo "$NEON_VERSION" | grep "^$svn_allowed_neon"`" ||
test "$svn_allowed_neon" = "any"; then
++++++ subversion-no-build-date.patch ++++++
From: Andreas Stieger <andreas.stieger(a)gmx.de>
Date: 2013-04-07 21:09:15 +0100
Subject: remove build date and time from binary
Upstream: never
Prevent unneccessary rebuilds by removing date and time macros.
---
subversion/libsvn_subr/opt.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
Index: subversion-1.7.16/subversion/libsvn_subr/opt.c
===================================================================
--- subversion-1.7.16.orig/subversion/libsvn_subr/opt.c 2014-02-19 19:00:23.000000000 +0000
+++ subversion-1.7.16/subversion/libsvn_subr/opt.c 2014-02-19 19:00:37.000000000 +0000
@@ -1084,9 +1084,8 @@ svn_opt__print_version_info(const char *
if (quiet)
return svn_cmdline_printf(pool, "%s\n", SVN_VER_NUMBER);
- SVN_ERR(svn_cmdline_printf(pool, _("%s, version %s\n"
- " compiled %s, %s\n\n"), pgm_name,
- SVN_VERSION, __DATE__, __TIME__));
+ SVN_ERR(svn_cmdline_printf(pool, _("%s, version %s\n\n"), pgm_name,
+ SVN_VERSION));
SVN_ERR(svn_cmdline_fputs(
_("Copyright (C) 2014 The Apache Software Foundation.\n"
"This software consists of contributions made by many "
++++++ subversion-swig-perl-install_vendor.patch ++++++
Makefile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: Makefile.in
===================================================================
--- Makefile.in.orig 2011-12-21 17:32:20.000000000 +0000
+++ Makefile.in 2011-12-21 17:32:27.000000000 +0000
@@ -756,7 +756,7 @@ check-swig-pl: swig-pl swig-pl-lib
cd $(SWIG_PL_DIR)/native; $(MAKE) test
install-swig-pl: swig-pl install-swig-pl-lib
- cd $(SWIG_PL_DIR)/native; $(MAKE) install
+ cd $(SWIG_PL_DIR)/native; $(MAKE) install_vendor
EXTRACLEAN_SWIG_PL=rm -f $(SWIG_PL_SRC_DIR)/native/svn_*.c \
$(SWIG_PL_SRC_DIR)/native/core.c
++++++ subversion-tests-httpd-users ++++++
jrandom:xCGl35kV9oWCY
jconstant:xCGl35kV9oWCY
++++++ subversion-tests-httpd.conf.tmpl ++++++
Listen 127.0.0.1:REPLACE_PORT
ServerName tests.example.com
ErrorLog ./error_log
PidFile ./httpd.pid
LoadModule auth_basic_module REPLACE_APACHE_LIBEXECDIR/mod_auth_basic.so
LoadModule authn_file_module REPLACE_APACHE_LIBEXECDIR/mod_authn_file.so
LoadModule alias_module REPLACE_APACHE_LIBEXECDIR/mod_alias.so
LoadModule dav_module REPLACE_APACHE_LIBEXECDIR/mod_dav.so
LoadModule dav_svn_module REPLACE_BUILDROOTREPLACE_APACHE_LIBEXECDIR/mod_dav_svn.so
LoadModule authz_svn_module REPLACE_BUILDROOTREPLACE_APACHE_LIBEXECDIR/mod_authz_svn.so
<Location /svn-test-work/repositories>
DAV svn
SVNParentPath REPLACE_BUILDDIR/subversion/tests/cmdline/svn-test-work/repositories
AuthzSVNAccessFile REPLACE_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile REPLACE_BUILDDIR/users
Require valid-user
</Location>
<Location /svn-test-work/local_tmp/repos>
DAV svn
SVNPath REPLACE_BUILDDIR/subversion/tests/cmdline/svn-test-work/local_tmp/repos
AuthzSVNAccessFile REPLACE_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile REPLACE_BUILDDIR/users
Require valid-user
</Location>
RedirectMatch permanent ^/svn-test-work/repositories/REDIRECT-PERM-(.*)$ /svn-test-work/repositories/$1
RedirectMatch ^/svn-test-work/repositories/REDIRECT-TEMP-(.*)$ /svn-test-work/repositories/$1
++++++ subversion.README.SuSE ++++++
Topics:
1. backup and restore your repository data
2. create svn user/group for svnserve
3. mini-howto for 2 projects
4. quickstart for mod_dontdothat
================================================================================
1. backup and restore your repository data
subversion repositories use either the Berkeley Database system libraries,
or the FSFS database format which comes with the subversion package.
Since the BDB system libraries often introduce a new incompatible format during
version upgrade, a backup/restore of all the subversion repositories must be
performed _BEFORE_ doing such a system upgrade.
'svnadmin dump' will write the repository to stdout in a 'dumpfile' format.
This dumpfile can be loaded later with 'svnadmin load'.
2. create svn user/group for svnserve
subversion repositories can be served either via http, or via the svnserve
daemon and a special network protocol. svnserve should not run as root user.
The startup script rcsvnserve expects a user/group named 'svn', configureable
via /etc/sysconfig/svnserve.
But this user/group must be created before first use:
groupadd svn
useradd -d /srv/svn -s /bin/false -g svn svn
3. mini-howto for 2 projects
To run a subversion server, you need to configure apache2 to load two apache2
modules: mod_dav and mod_dav_svn. (mod_dav is needed by mod_dav_svn, it is
installed together with apache2.)
This is done by adding the dav and dav_svn modules to the apache2 configuration
(a2enmod dav; a2enmod dav_svn), and restarting the server.
A default/example configuration of the dav_svn module can be found in
/etc/apache2/conf.d/subversion.conf. With more recent apache
packages, this configuration is *not* loaded automatically by
the apache server, since many people configure virtual hosts
and it is unlikely that the repositories shall be available
from any virtual host. To load the configuration for a certain
virtual host, add
Include /etc/apache2/conf.d/subversion.conf
or
Include /path/to/your_subversion_configuration
in the respective virtual host configuration. This *may* be done in the default
virtual host (/etc/apache2/default-server.conf).
Minihowto:
The plan:
host 2 source projects with subversion
both must have anonymous read access
both must have limited write access for a few users
they are accessed only via HTTP, not (!) locally
they will be reachable via:
http://hostname/repos/project1
http://hostname/repos/project2
Both will have the official version of the source tree and our modified
version for the distribution. Projects in question are:
project1
project2
The realisation:
find a machine to host the projects. Keep backup (and restore!) in mind
when hunting for hardware.
install needed packages
(you might check for update packages on
ftp://ftp.suse.com/pub/projects/apache/ )
rpm -Uvh \
apache2 \
apache2-doc \
apache2-prefork \
libapr1 \
libapr-util1 \
neon \
subversion \
subversion-doc \
subversion-server
# Update /etc/sysconfig/apache2 by
# adding 'dav dav_svn' to $APACHE_MODULES:
a2enmod dav
a2enmod dav_svn
create a few directories:
mkdir -p /srv/svn/repos
mkdir -p /srv/svn/user_access
mkdir -p /srv/svn/html
Add the http repository data to /etc/apache2/conf.d/subversion.conf:
#------------------------------------------------------------------------
#
# project related HTML files
#
<IfModule mod_alias.c>
Alias /repos "/srv/svn/html"
</IfModule>
<Directory /srv/svn/html>
Options +Indexes +Multiviews -FollowSymLinks
IndexOptions FancyIndexing \
ScanHTMLTitles \
NameWidth=* \
DescriptionWidth=* \
SuppressLastModified \
SuppressSize
order allow,deny
allow from all
</Directory>
# project repository files for project1
<Location /repos/project1>
DAV svn
SVNPath /srv/svn/repos/project1
# Limit write access to certain people
AuthType Basic
AuthName "Authorization for project1 required"
AuthUserFile /srv/svn/user_access/project1_passwdfile
AuthGroupFile /srv/svn/user_access/project1_groupfile
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require group project1_committers
</LimitExcept>
# Limit read access to certain people
<Limit GET PROPFIND OPTIONS REPORT>
Require group project1_committers
Require group project1_readers
</Limit>
</Location>
# project repository files for project2
<Location /repos/project2>
DAV svn
SVNPath /srv/svn/repos/project2
# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName "Authorization for project2 required"
AuthUserFile /srv/svn/user_access/project2_passwdfile
Require valid-user
</LimitExcept>
</Location>
#------------------------------------------------------------------------
create the repositories itself:
cd /srv/svn/repos
svnadmin create project1
chown -R wwwrun:www project1/{dav,db,locks}
svnadmin create project2
chown -R wwwrun:www project2/{dav,db,locks}
The webserver must be (re)started:
rcapache2 restart
Now create the user access files:
project1 is a restricted project.
read access requires a password
write access is limited to a few users
touch /srv/svn/user_access/project1_passwdfile
chown root:www /srv/svn/user_access/project1_passwdfile
chmod 640 /srv/svn/user_access/project1_passwdfile
htpasswd2 /srv/svn/user_access/project1_passwdfile olaf
htpasswd2 /srv/svn/user_access/project1_passwdfile olh
this is the group file for project1:
/srv/svn/user_access/project1_groupfile
content:
project1_committers: olh
project1_readers: olaf olh
project2 is world readable, but only a few can commit to the sources.
touch /srv/svn/user_access/project2_passwdfile
chown root:www /srv/svn/user_access/project2_passwdfile
chmod 640 /srv/svn/user_access/project2_passwdfile
htpasswd2 /srv/svn/user_access/project2_passwdfile olaf
You should be able to connect to the server:
http://host/repos/project2
http://host/repos/project1
Now import the data, e.g.
svn import /path/to/project2-tree http://host/repos/project2
4. quickstart for mod_dontdothat
The apache module mod_dontdothat can be used to prevent users from causing high
load on the server, e.g. checking out the root of the tree or the tags or
branches directories.
Make sure mod_dontdothat is loaded:
$ a2enmod dontdothat
Add configuration for the module, e.g.
<Location />
DAV svn
SVNParentPath /srv/svn/repositories/
SVNListParentPath on
# [...other configuration...]
<IfModule mod_dontdothat.c>
DontDoThatConfigFile /srv/svn/mod_dontdothat.config
DontDoThatDisallowReplay off
</IfModule>
</Location>
Restart apache to make the change effective.
A fairly standard file /srv/svn/mod_dontdothat.config may contain:
[recursive-actions]
/*/trunk = allow
/ = deny
/* = deny
/*/tags = deny
/*/branches = deny
/*/* = deny
/*/*/tags = deny
/*/*/branches = deny
This allows checking out of /trunk and each branch, but disallows checking out
all branches or the complete repository at once.
++++++ subversion.conf ++++++
# Example configuration for a subversion repository
# see /usr/share/doc/packages/subversion for the full documentation
#
<IfModule mod_dav_svn.c>
##
## project related HTML files
##
#<IfModule mod_alias.c>
#Alias /repos /srv/svn/html
#</IfModule>
#<Directory /srv/svn/html>
# Options +Indexes +Multiviews -FollowSymLinks
# IndexOptions FancyIndexing \
# ScanHTMLTitles \
# NameWidth=* \
# DescriptionWidth=* \
# SuppressLastModified \
# SuppressSize
#
# order allow,deny
# allow from all
#</Directory>
#<Location /repos/myproject1>
# DAV svn
# SVNPath /srv/svn/repos/myproject1
# # Limit write permission to list of valid users.
# <LimitExcept GET PROPFIND OPTIONS REPORT>
# # Require SSL connection for password protection.
# # SSLRequireSSL
#
# AuthType Basic
# AuthName "Authorization Realm"
# AuthUserFile /srv/svn/user_access/myproject1_passwdfile
# Require valid-user
# </LimitExcept>
#</Location>
##
## Hosting svn at "/"
##
#<VirtualHost *>
# ServerName svn.example.com
# ErrorLog /var/log/apache2/svn.example.com-error_log
# TransferLog /var/log/apache2/svn.example.com-access_log
# #
# # Do not set DocumentRoot. It is not needed here and just causes trouble.
# #
# # Map the error documents back to their defaults.
# # Otherwise mod_dav_svn tries to find a "error" repository.
# #
# ErrorDocument 400 default
# ErrorDocument 401 default
# ErrorDocument 403 default
# ErrorDocument 404 default
# ErrorDocument 405 default
# ErrorDocument 408 default
# ErrorDocument 410 default
# ErrorDocument 411 default
# ErrorDocument 412 default
# ErrorDocument 413 default
# ErrorDocument 414 default
# ErrorDocument 415 default
# ErrorDocument 500 default
# ErrorDocument 501 default
# ErrorDocument 502 default
# ErrorDocument 503 default
# #
# <Location />
# DAV svn
# SVNParentPath /srv/svn/repositories/
# SVNListParentPath on
# AuthType Basic
# AuthName "subversion repository"
# AuthBasicProvider file
# AuthUserFile /srv/svn/auth/svn.example.org.htpasswd
# SetOutputFilter DEFLATE
# <LimitExcept GET PROPFIND OPTIONS REPORT>
# Require valid-user
# </LimitExcept>
# #
# # Optional configuration for mod_dontdothat
# # prevent users from causing high load on the server, e.g. checking out
# # the root of the tree or the tags or branches directories
# #
# #<IfModule mod_dontdothat.c>
# # DontDoThatConfigFile /srv/svn/mod_dontdothat.config
# # DontDoThatDisallowReplay off
# #</IfModule>
# </Location>
#</VirtualHost>
</IfModule>
++++++ subversion.libtool-pie-flags.patch ++++++
Index: Makefile.in
===================================================================
--- Makefile.in.orig 2011-12-21 17:32:27.000000000 +0000
+++ Makefile.in 2011-12-21 17:32:31.000000000 +0000
@@ -231,8 +231,8 @@ libsvn_subr_LDFLAGS = @libsvn_subr_LDFLA
libsvn_wc_LDFLAGS = @libsvn_wc_LDFLAGS@
# Compilation of SWIG-generated C source code
-COMPILE_PY_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_PY_COMPILE) $(LT_CFLAGS) $(CPPFLAGS) $(SWIG_PY_INCLUDES) -prefer-pic -c -o $@
-COMPILE_RB_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_RB_COMPILE) $(LT_CFLAGS) $(CPPFLAGS) $(SWIG_RB_INCLUDES) -prefer-pic -c -o $@
+COMPILE_PY_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_PY_COMPILE) $(LT_CFLAGS) $(CPPFLAGS) $(SWIG_PY_INCLUDES) -fpie -fPIE -prefer-pic -c -o $@
+COMPILE_RB_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_RB_COMPILE) $(LT_CFLAGS) $(CPPFLAGS) $(SWIG_RB_INCLUDES) -fpie -fPIE -prefer-pic -c -o $@
# these commands link the wrapper objects into an extension library/module
LINK_PY_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=link $(SWIG_PY_LINK) $(SWIG_LDFLAGS) -rpath $(swig_pydir) -avoid-version -module
++++++ subversion.libtool-verbose.patch ++++++
Index: Makefile.in
===================================================================
--- Makefile.in.orig 2011-07-16 12:50:53.000000000 +0100
+++ Makefile.in 2011-12-21 17:32:20.000000000 +0000
@@ -112,8 +112,8 @@ EXEEXT = @EXEEXT@
SHELL = @SHELL@
LIBTOOL = @SVN_LIBTOOL@
-LTFLAGS = --tag=CC --silent
-LTCXXFLAGS = --tag=CXX --silent
+LTFLAGS = --tag=CC
+LTCXXFLAGS = --tag=CXX
LT_CFLAGS = @LT_CFLAGS@
LT_LDFLAGS = @LT_LDFLAGS@
LT_SO_VERSION = @SVN_LT_SOVERSION@
++++++ subversion.perl.LD_RUN_PATH.patch ++++++
clear LD_RUN_PATH, it will end up as RPATH in ELF binaries
ERROR: RPATH "/usr/src/packages/BUILD/subversion-1.5.x/subversion/libsvn_subr/.libs" on /var/tmp/subversion-1.5.0-build/usr/lib/perl5/vendor_perl/5.10.0/ppc-linux-thread-multi-64int/auto/SVN/_Wc/_Wc.so is not allowed
---
Makefile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: Makefile.in
===================================================================
--- Makefile.in.orig 2011-12-21 17:32:31.000000000 +0000
+++ Makefile.in 2011-12-21 17:32:35.000000000 +0000
@@ -736,7 +736,7 @@ $(SWIG_PL_DIR)/native/Makefile.PL: $(SWI
./config.status subversion/bindings/swig/perl/native/Makefile.PL
$(SWIG_PL_DIR)/native/Makefile: $(SWIG_PL_DIR)/native/Makefile.PL
- cd $(SWIG_PL_DIR)/native; $(PERL) Makefile.PL
+ cd $(SWIG_PL_DIR)/native; $(PERL) Makefile.PL ; for i in `grep -wl ^LD_RUN_PATH Makefile Makefile.[^P]*` ; do sed -i 's@^LD_RUN_PATH.*@LD_RUN_PATH=@' $$i ; done
# There is a "readlink -f" command on some systems for the same purpose,
# but it's not as portable (e.g. Mac OS X doesn't have it). These should
++++++ subversion.rcsvnserve ++++++
#! /bin/sh
# Copyright (c) 1995-2011 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# /etc/init.d/svnserve
# and its symbolic link
# /usr/sbin/rcsvnserve
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
#
# Note: This script uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux (UL) based Linux distributions. If you want to base your
# script on this template and ensure that it works on non UL based LSB
# compliant Linux distributions, you either have to provide the rc.status
# functions from UL or change the script to work without them.
### BEGIN INIT INFO
# Provides: svnserve
# Required-Start:
# Should-Start: $time ypbind sendmail $syslog $remote_fs
# Required-Stop: $syslog $remote_fs
# Should-Stop: $time ypbind sendmail
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: svnserve
# Description: readonly access to a subversion repository
### END INIT INFO
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.2.0/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.
# Check for missing binaries (stale symlinks should not happen)
SVNSERVE_BIN=/usr/bin/svnserve
test -x $SVNSERVE_BIN || exit 5
# Check for existence of needed config file and read it
SVNSERVE_CONFIG=/etc/sysconfig/svnserve
test -r $SVNSERVE_CONFIG || exit 6
. $SVNSERVE_CONFIG
# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
# rc_splash arg sets the boot splash screen to arg (if active)
. /etc/rc.status
# Reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - user had insufficient privileges
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.
case "$1" in
start)
echo -n "Starting svnserve "
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
UID_ENT="$(/usr/bin/getent passwd $SVNSERVE_USERID)"
GID_ENT="$(/usr/bin/getent group $SVNSERVE_GROUPID)"
if test -z "$SVNSERVE_USERID" -o -z "$UID_ENT"
then
echo
echo "User $SVNSERVE_USERID does not exist."
echo "Please check $SVNSERVE_CONFIG before starting this service."
rc_failed
elif test -z "$SVNSERVE_GROUPID" -o -z "$GID_ENT"
then
echo
echo "Group $SVNSERVE_GROUPID does not exist."
echo "Please check $SVNSERVE_CONFIG before starting this service."
rc_failed
else
startproc -u "$SVNSERVE_USERID" -g "$SVNSERVE_GROUPID" -e $SVNSERVE_BIN $SVNSERVE_OPTIONS
fi
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down svnserve "
## Stop daemon with killproc(8) and if this fails
## killproc sets the return value according to LSB.
killproc -TERM $SVNSERVE_BIN
# Remember status and be verbose
rc_status -v
;;
try-restart)
## Do a restart only if the service was active before.
## Note: try-restart is not (yet) part of LSB (as of 1.2)
$0 status >/dev/null && $0 restart
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
echo -n "Reload service svnserve "
$0 stop && $0 start
#rc_status
;;
status)
echo -n "Checking for service svnserve "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
checkproc $SVNSERVE_BIN
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
rc_status -v
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload}"
exit 1
;;
esac
rc_exit
++++++ subversion.rpmlintrc ++++++
# libsvn_subr calls exit as part of the default malfunction handler.
# That's OK. Library users are expected to override the default handler.
addFilter("subversion.*shared-lib-calls-exit.*libsvn_subr-1.so.*")
++++++ subversion.svndiff.sh ++++++
#!/bin/bash
# stupid svn has no 'svn diff -v -R $bignum' to grab all info for a single patch
export TZ=UTC
export LANG=C
export LC_ALL=C
shopt -s extglob
case "$1" in
r+([0-9]))
rev=${1#?}
shift
;;
+([0-9]))
rev=$1
shift
;;
esac
if test -z "$rev"
then
echo "Usage: $0 <svnrepo revision number>"
exit 1
fi
revprev=$(($rev - 1 ))
svn log -v -r $rev "$@"
svn diff -r $revprev:$rev "$@"
++++++ subversion.svngrep.sh ++++++
#!/bin/sh
find \( -path '*/.pc' -o -path '*/.svn' -o -path '*/.git' -o -path '*/.hg' \) -prune -o -type f -print0 | xargs -0 grep "$@"
++++++ subversion.sysconfig.svnserve ++++++
## Path: Network/Subversion/svnserve
## Description: Basic configuration for svnserve
## Type: string
## Default "-d -R -r /srv/svn/repos"
#
# Default options for the svnserve process.
# The -R option enforces read-only access, i.e. write operations to the
# repository (such as commits) will not be allowed.
# Authentication should be configured before allowing write access.
# See http://svnbook.red-bean.com/en/1.5/svn.serverconfig.svnserve.html#svn.serve…
#
SVNSERVE_OPTIONS="-d -R -r /srv/svn/repos"
## Type: string
## Default "svn"
#
# svnserve should run as unprivileged user.
# The userid/groupid svn is not created during package install.
# Run 'groupadd svn; useradd -d /srv/svn -s /bin/false -g svn svn' to create the userid/groupid.
#
SVNSERVE_USERID="svn"
## Type: string
## Default "svn"
#
# svnserve should run as unprivileged user.
# The userid/groupid svn is not created during package install.
# Run 'groupadd svn; useradd -d /srv/svn -s /bin/false -g svn svn' to create the userid/groupid.
#
SVNSERVE_GROUPID="svn"
++++++ subversion.sysconfig.svnserve.remoteaccess ++++++
## Name: svnserve
## Description: Open ports for svnserve
TCP="svn"
++++++ subversion.xinetd.svnserve ++++++
# default: off
# description: readonly access to a subversion repository
service svn
{
disable = yes
socket_type = stream
protocol = tcp
wait = no
user = svn
group = svn
groups = yes
server = /usr/bin/svnserve
server_args = --read-only --root=/srv/svn/repos --inetd
}
++++++ svnmerge.py ++++++
++++ 2370 lines (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2014-05-26 10:28:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libxml2 (Old)
and /work/SRC/openSUSE:Factory/.libxml2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2013-08-04 16:55:48.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2014-05-26 10:28:13.000000000 +0200
@@ -1,0 +2,8 @@
+Fri May 23 15:01:54 UTC 2014 - vcizek(a)suse.com
+
+- fix for CVE-2014-0191 (bnc#876652)
+ * libxml2: external parameter entity loaded when entity
+ substitution is disabled
+ * added libxml2-CVE-2014-0191.patch
+
+-------------------------------------------------------------------
New:
----
libxml2-CVE-2014-0191.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libxml2.spec ++++++
--- /var/tmp/diff_new_pack.QXKXtu/_old 2014-05-26 10:28:15.000000000 +0200
+++ /var/tmp/diff_new_pack.QXKXtu/_new 2014-05-26 10:28:15.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libxml2
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,6 +29,7 @@
Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz
Source2: baselibs.conf
Patch0: fix-perl.diff
+Patch1: libxml2-CVE-2014-0191.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: pkg-config
BuildRequires: readline-devel
@@ -123,6 +124,7 @@
%prep
%setup -q
%patch0
+%patch1 -p1
%build
%configure --disable-static \
++++++ python-libxml2.spec ++++++
--- /var/tmp/diff_new_pack.QXKXtu/_old 2014-05-26 10:28:15.000000000 +0200
+++ /var/tmp/diff_new_pack.QXKXtu/_new 2014-05-26 10:28:15.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package python-libxml2
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
++++++ libxml2-CVE-2014-0191.patch ++++++
>From 9cd1c3cfbd32655d60572c0a413e017260c854df Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard(a)redhat.com>
Date: Tue, 22 Apr 2014 15:30:56 +0800
Subject: Do not fetch external parameter entities
Unless explicitely asked for when validating or replacing entities
with their value. Problem pointed out by Daniel Berrange <berrange(a)redhat.com>
>From 7c3c663e4f844aaecbb0cfc29567fe2ee9506fc4 Mon Sep 17 00:00:00 2001
From: Alexandre Rostovtsev <tetromino(a)gentoo.org>
Date: Fri, 16 May 2014 22:46:00 -0400
Subject: [PATCH] xmllint: a posteriori validation needs to load exernal
entities
For https://bugzilla.gnome.org/show_bug.cgi?id=730290
Index: libxml2-2.9.1/parser.c
===================================================================
--- libxml2-2.9.1.orig/parser.c 2013-04-16 15:39:18.000000000 +0200
+++ libxml2-2.9.1/parser.c 2014-05-23 11:26:43.344897186 +0200
@@ -2595,6 +2595,20 @@ xmlParserHandlePEReference(xmlParserCtxt
xmlCharEncoding enc;
/*
+ * Note: external parsed entities will not be loaded, it is
+ * not required for a non-validating parser, unless the
+ * option of validating, or substituting entities were
+ * given. Doing so is far more secure as the parser will
+ * only process data coming from the document entity by
+ * default.
+ */
+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
+ ((ctxt->options & XML_PARSE_NOENT) == 0) &&
+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
+ (ctxt->validate == 0))
+ return;
+
+ /*
* handle the extra spaces added before and after
* c.f. http://www.w3.org/TR/REC-xml#as-PE
* this is done independently.
Index: libxml2-2.9.1/xmllint.c
===================================================================
--- libxml2-2.9.1.orig/xmllint.c 2013-03-27 04:31:47.000000000 +0100
+++ libxml2-2.9.1/xmllint.c 2014-05-23 11:26:43.344897186 +0200
@@ -3505,7 +3505,12 @@ main(int argc, char **argv) {
xmlLoadExtDtdDefaultValue |= XML_COMPLETE_ATTRS;
if (noent != 0) xmlSubstituteEntitiesDefault(1);
#ifdef LIBXML_VALID_ENABLED
- if (valid != 0) xmlDoValidityCheckingDefaultValue = 1;
+ /* If we will validate only a posteriori, ensure that entities get loaded,
+ * but suppress validation messages during initial parsing */
+ if (postvalid != 0 && valid == 0)
+ options |= XML_PARSE_DTDVALID | XML_PARSE_NOERROR | XML_PARSE_NOWARNING;
+ else if (valid != 0)
+ xmlDoValidityCheckingDefaultValue = 1;
#endif /* LIBXML_VALID_ENABLED */
if ((htmlout) && (!nowrap)) {
xmlGenericError(xmlGenericErrorContext,
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package dd_rescue for openSUSE:Factory checked in at 2014-05-26 10:28:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dd_rescue (Old)
and /work/SRC/openSUSE:Factory/.dd_rescue.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dd_rescue"
Changes:
--------
--- /work/SRC/openSUSE:Factory/dd_rescue/dd_rescue.changes 2014-03-16 08:04:54.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.dd_rescue.new/dd_rescue.changes 2014-05-26 10:28:12.000000000 +0200
@@ -1,0 +2,47 @@
+Fri May 23 11:25:20 CEST 2014 - kurt(a)garloff.de
+
+- Update to dd_rescue-1.44:
+ * MD5 plugin has been renamed to hash, reflecting that it supports
+ sha1, sha256, sha224, sha512, sha384 now as well.
+
+-------------------------------------------------------------------
+Fri May 23 09:56:10 CEST 2014 - kurt(a)garloff.de
+
+- dd_rescue-1.43-1.43.1.diff: Delete (integrated upstream)
+- dd_rescue-fix_insn_probe.diff: Delete (integrated upstsream)
+
+-------------------------------------------------------------------
+Wed May 21 10:44:18 CEST 2014 - kurt(a)garloff.de
+
+- dd_rescue-1.43-1.43.1.diff: Document 256kiB limit of lzop in
+ man page, output warning in ddr_lzo and respect limit in test
+ suite.
+
+-------------------------------------------------------------------
+Tue May 20 09:29:40 CEST 2014 - kurt(a)garloff.de
+
+- Update to 1.43-final: Make make check succeed without lzop.
+
+-------------------------------------------------------------------
+Mon May 19 21:03:04 CEST 2014 - kurt(a)garloff.de
+
+- Update to 1.43-pre:
+ * Fix bug in extend, which previously would disallow to append
+ more data than existed before.
+ * Some minor improvements on messages and manpage.
+ * ARMv8 (AArch64) optimized find_nonzero for fast zero-block
+ detection.
+ * Significant rework of plugin interface, leading also to some
+ refactoring of option parsing and passing.
+ * Refactoring of MD5 plugin, improving tolerance against holes
+ e.g. at the end of a file. Better test coverage. Consistent
+ message prefix. output option to produce md5sum check files.
+ * Add libddr_lzo plugin, allowing transparent de/compression
+ of the data. Supports sparse files, appending, ... and a variety
+ of algorithms and has a number of ways to handle somewhat
+ damaged files. With the lzo1x_ algorithms, it's compatible with
+ lzop. Comes with a good number of tests and an own fuzzer to
+ test robustness of the decompressor. Shipped with an own man
+ page and is packaged into the dd_rescue-lzo sub package.
+
+-------------------------------------------------------------------
Old:
----
dd_rescue-1.42.tar.gz
dd_rescue-fix_insn_probe.diff
New:
----
dd_rescue-1.44.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dd_rescue.spec ++++++
--- /var/tmp/diff_new_pack.VbbSTs/_old 2014-05-26 10:28:13.000000000 +0200
+++ /var/tmp/diff_new_pack.VbbSTs/_new 2014-05-26 10:28:13.000000000 +0200
@@ -17,21 +17,22 @@
Name: dd_rescue
-Version: 1.42
+Version: 1.44
Release: 0
Summary: Data Copying in the Presence of I/O Errors
License: GPL-2.0 or GPL-3.0
Group: System/Base
Url: http://www.garloff.de/kurt/linux/ddrescue/
Source0: http://garloff.de/kurt/linux/ddrescue/%{name}-%{version}.tar.gz
-Patch0: dd_rescue-fix_insn_probe.diff
BuildRequires: autoconf
BuildRequires: libattr-devel
+BuildRequires: lzo-devel
%if 0%{?suse_version} >= 1200
BuildRequires: libfallocate-devel
+BuildRequires: lzop
%endif
Requires: bc
-Recommends: dd_rhelp libfallocate0
+Recommends: dd_rhelp libfallocate0 dd_rescue-lzo
# ddrescue was last used in openSUSE 11.4 (version 1.14_0.0.6)
Provides: ddrescue = %{version}
Obsoletes: ddrescue < %{version}
@@ -45,11 +46,42 @@
dd_rescue has many other goodies; optimization by using large blocks
as long as no errors are in sight and falling back to small ones; reverse
direction copy; splice in-kernel zerocopy; O_DIRECT support; preallocation
-with fallocate(); random number writing etc.
+with fallocate().
+
+dd_rescue also provides data protection features by overwriting files
+or disks with fast random numbers, optionally multiple times.
+
+dd_rescue supports plugins; currently an MD5 and an lzo plugin exist.
+
+%package lzo
+Summary: LZO plugin for dd_rescue
+Group: System/Base
+Requires: dd_rescue = %{version}
+
+%description lzo
+This plugin allows you do de/compress files during recovery copying
+with dd_rescue using the lzo family of algorithms. lzo algorithms
+are very fast to decompress and most algorithms are very fast to
+compress as well -- at the expense of somewhat worse compression than
+zlib's deflate.
+
+The plugin does offer a variety of options to handle corrupted .lzo
+files with some grace; it does skip over bad blocks (if the block
+headers are still intact) by default, but does offer an option (nodiscard)
+to allow to attempt decompression on faulty input, hoping to produce
+some usable bytes. It can also search for valid block headers after
+synchronization has been lost due to a corrupt one.
+
+The plugin also handles sparse files (files with holes) and supports
+appending to .lzo files, so it fits neatly into dd_rescue.
+
+Some fuzz testing has been applied to the plugin's decompression routines,
+though more will have to be done to feel confident about feeding untrusted
+data to the decompressor; the plugin is still young and might expose bugs.
%prep
%setup -q -n dd_rescue
-%patch0 -p0
+./autogen.sh
# Remove build time references so build-compare can do its work
FAKE_BUILDTIME=$(LC_ALL=C date -u -r %{_sourcedir}/%{name}.changes '+%%H:%%M')
@@ -59,10 +91,10 @@
%build
flags="%{optflags}"
-make RPM_OPT_FLAGS="$flags" LIBDIR=%{_libdir} %{?_smp_mflags}
+make RPM_OPT_FLAGS="$flags" LIBDIR=%{_libdir} LIB=%{_lib} %{?_smp_mflags}
%install
-make install DESTDIR=%{buildroot} INSTALLDIR=%{buildroot}/%{_bindir} LIBDIR=%{_libdir} \
+make install DESTDIR=%{buildroot} INSTALLDIR=%{buildroot}/%{_bindir} LIB=%{_lib} LIBDIR=%{_libdir} \
INSTASROOT= INSTALLFLAGS=
#UsrMerge
@@ -80,7 +112,13 @@
#UsrMerge
/bin/dd_rescue
#EndUsrMerge
+%{_libdir}/libddr_hash.so
%{_libdir}/libddr_MD5.so
%doc %{_mandir}/man1/dd_rescue.1%{ext_man}
+%files lzo
+%defattr(-,root,root,-)
+%{_libdir}/libddr_lzo.so
+%doc %{_mandir}/man1/ddr_lzo.1%{ext_man}
+
%changelog
++++++ dd_rescue-1.42.tar.gz -> dd_rescue-1.44.tar.gz ++++++
++++ 9724 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package yast2-vm for openSUSE:Factory checked in at 2014-05-26 10:28:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-vm (Old)
and /work/SRC/openSUSE:Factory/.yast2-vm.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-vm"
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-vm/yast2-vm.changes 2014-05-23 15:00:22.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.yast2-vm.new/yast2-vm.changes 2014-05-26 10:28:11.000000000 +0200
@@ -1,0 +2,6 @@
+Fri May 23 10:01:44 MDT 2014 - carnold(a)suse.com
+
+- bnc#879463 - Yast2 VM: network bridge is not created
+- 3.1.11
+
+-------------------------------------------------------------------
Old:
----
yast2-vm-3.1.10.tar.bz2
New:
----
yast2-vm-3.1.11.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-vm.spec ++++++
--- /var/tmp/diff_new_pack.uhANKX/_old 2014-05-26 10:28:12.000000000 +0200
+++ /var/tmp/diff_new_pack.uhANKX/_new 2014-05-26 10:28:12.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-vm
-Version: 3.1.10
+Version: 3.1.11
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ yast2-vm-3.1.10.tar.bz2 -> yast2-vm-3.1.11.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-vm-3.1.10/package/yast2-vm.changes new/yast2-vm-3.1.11/package/yast2-vm.changes
--- old/yast2-vm-3.1.10/package/yast2-vm.changes 2014-05-22 14:07:44.000000000 +0200
+++ new/yast2-vm-3.1.11/package/yast2-vm.changes 2014-05-23 18:07:43.000000000 +0200
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Fri May 23 10:01:44 MDT 2014 - carnold(a)suse.com
+
+- bnc#879463 - Yast2 VM: network bridge is not created
+- 3.1.11
+
+-------------------------------------------------------------------
Thu May 22 11:36:51 UTC 2014 - jreidinger(a)suse.com
- Fix passed kernel flavor (bnc#878909)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-vm-3.1.10/package/yast2-vm.spec new/yast2-vm-3.1.11/package/yast2-vm.spec
--- old/yast2-vm-3.1.10/package/yast2-vm.spec 2014-05-22 14:07:44.000000000 +0200
+++ new/yast2-vm-3.1.11/package/yast2-vm.spec 2014-05-23 18:07:43.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-vm
-Version: 3.1.10
+Version: 3.1.11
Release: 0
Group: System/YaST
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-vm-3.1.10/src/modules/VM_XEN.rb new/yast2-vm-3.1.11/src/modules/VM_XEN.rb
--- old/yast2-vm-3.1.10/src/modules/VM_XEN.rb 2014-05-22 14:07:44.000000000 +0200
+++ new/yast2-vm-3.1.11/src/modules/VM_XEN.rb 2014-05-23 18:07:43.000000000 +0200
@@ -45,6 +45,7 @@
Yast.import "Wizard"
Yast.import "Label"
Yast.import "Bootloader"
+ Yast.import "Lan"
@net_path = "/sys/class/net/"
@@ -489,10 +490,9 @@
:focus_yes
)
Builtins.y2milestone("Configuring default bridge for Xen or KVM...")
- WFM.call("lan_proposal", ["MakeProposal"])
- UI.OpenDialog(VBox())
- WFM.call("lan_proposal", ["Write"])
- UI.CloseDialog
+ Lan.Read(:cache)
+ Lan.ProposeVirtualized
+ Lan.Write
end
end
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package yast2-network for openSUSE:Factory checked in at 2014-05-26 10:28:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-network (Old)
and /work/SRC/openSUSE:Factory/.yast2-network.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-network"
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-network/yast2-network.changes 2014-05-22 20:38:41.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.yast2-network.new/yast2-network.changes 2014-05-26 10:28:09.000000000 +0200
@@ -1,0 +2,7 @@
+Fri May 23 16:51:27 CEST 2014 - locilka(a)suse.com
+
+- Fixed service name for remote administration (display-manager)
+ including code Rubyfication (bnc#878910)
+- 3.1.58
+
+-------------------------------------------------------------------
Old:
----
yast2-network-3.1.57.tar.bz2
New:
----
yast2-network-3.1.58.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-network.spec ++++++
--- /var/tmp/diff_new_pack.mf3Myb/_old 2014-05-26 10:28:10.000000000 +0200
+++ /var/tmp/diff_new_pack.mf3Myb/_new 2014-05-26 10:28:10.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-network
-Version: 3.1.57
+Version: 3.1.58
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ yast2-network-3.1.57.tar.bz2 -> yast2-network-3.1.58.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-3.1.57/package/yast2-network.changes new/yast2-network-3.1.58/package/yast2-network.changes
--- old/yast2-network-3.1.57/package/yast2-network.changes 2014-05-16 16:08:47.000000000 +0200
+++ new/yast2-network-3.1.58/package/yast2-network.changes 2014-05-23 17:38:49.000000000 +0200
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Fri May 23 16:51:27 CEST 2014 - locilka(a)suse.com
+
+- Fixed service name for remote administration (display-manager)
+ including code Rubyfication (bnc#878910)
+- 3.1.58
+
+-------------------------------------------------------------------
Fri May 16 13:59:51 UTC 2014 - mfilka(a)suse.com
- bnc#877690
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-3.1.57/package/yast2-network.spec new/yast2-network-3.1.58/package/yast2-network.spec
--- old/yast2-network-3.1.57/package/yast2-network.spec 2014-05-16 16:08:47.000000000 +0200
+++ new/yast2-network-3.1.58/package/yast2-network.spec 2014-05-23 17:38:49.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-network
-Version: 3.1.57
+Version: 3.1.58
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-3.1.57/src/include/network/remote/dialogs.rb new/yast2-network-3.1.58/src/include/network/remote/dialogs.rb
--- old/yast2-network-3.1.57/src/include/network/remote/dialogs.rb 2014-05-16 16:08:47.000000000 +0200
+++ new/yast2-network-3.1.58/src/include/network/remote/dialogs.rb 2014-05-23 17:38:49.000000000 +0200
@@ -41,8 +41,7 @@
end
def DialogDone(event)
- event = deep_copy(event)
- action = Convert.to_symbol(event)
+ action = event.to_sym
return true if action == :next || action == :back
return true if action == :abort || action == :cancel
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-3.1.57/src/modules/Remote.rb new/yast2-network-3.1.58/src/modules/Remote.rb
--- old/yast2-network-3.1.57/src/modules/Remote.rb 2014-05-16 16:08:47.000000000 +0200
+++ new/yast2-network-3.1.58/src/modules/Remote.rb 2014-05-23 17:38:49.000000000 +0200
@@ -32,6 +32,13 @@
module Yast
class RemoteClass < Module
+ include Yast::Logger
+
+ XDM_SERVICE_NAME = "display-manager"
+ XINETD_SERVICE = "xinetd"
+
+ PKG_CONTAINING_FW_SERVICES = "xorg-x11-Xvnc"
+
def main
Yast.import "UI"
textdomain "network"
@@ -45,6 +52,7 @@
Yast.import "Linuxrc"
Yast.import "String"
Yast.import "FileUtils"
+ Yast.import "Message"
Yast.include self, "network/routines.rb"
@@ -99,11 +107,8 @@
@already_proposed = true
# Bugzilla #135605 - enabling Remote Administration when installing using VNC
- if Linuxrc.vnc
- @allow_administration = true
- else
- @allow_administration = false
- end
+ @allow_administration = Linuxrc.vnc
+
Builtins.y2milestone(
"Remote Administration was proposed as: %1",
@allow_administration ? "enabled" : "disabled"
@@ -151,7 +156,7 @@
# - is case insensitive to option names.
# - option can be prefixed by 0 or up to 2 dashes
# - option and value can be separated by space or =
- new_server_args = Builtins.tolower(server_args)
+ new_server_args = server_args.downcase
new_server_args = String.CutRegexMatch(new_server_args, pattern, true)
@@ -187,7 +192,7 @@
# if sec_type is valid. Unchanged server_args otherwise.
def SetSecurityType(server_args, sec_type)
# validate sec_type
- return server_args if !Builtins.contains(@SEC_TYPES, sec_type)
+ return server_args if !(a)SEC_TYPES.include?(sec_type)
SetServerArgsOpt(server_args, @SEC_OPT_SECURITYTYPE, sec_type)
end
@@ -195,7 +200,7 @@
# Read the current status
# @return true on success
def Read
- xdm = Service.Enabled("xdm")
+ xdm = Service.Enabled(XDM_SERVICE_NAME)
dm_ra = Convert.to_string(
SCR.Read(path(".sysconfig.displaymanager.DISPLAYMANAGER_REMOTE_ACCESS"))
) == "yes"
@@ -203,7 +208,7 @@
SCR.Read(path(".sysconfig.displaymanager.DISPLAYMANAGER"))
)
- xinetd = Service.Enabled("xinetd")
+ xinetd = Service.Enabled(XINETD_SERVICE)
# are the proper services enabled in xinetd?
xinetd_conf = Convert.convert(
SCR.Read(path(".etc.xinetd_conf.services")),
@@ -218,30 +223,28 @@
Ops.get_boolean(vnc_conf, [0, "enabled"], false) &&
Ops.get_boolean(vnc_conf, [1, "enabled"], false)
- Builtins.y2milestone("XDM: %1, DM_R_A: %2", xdm, dm_ra)
- Builtins.y2milestone("xinetd: %1, VNC: %2", xinetd, vnc)
+ log.info "#{XDM_SERVICE_NAME}: #{xdm}, DM_R_A: #{dm_ra}"
+ log.info "xinetd: #{xinetd}, VNC: #{vnc}"
+
@allow_administration = xdm && dm_ra && xinetd && vnc
- current_progress = Progress.set(false)
- SuSEFirewall.Read
- Progress.set(current_progress)
+ # Package containing SuSEfirewall2 services has to be installed before
+ # reading SuSEFirewall, otherwise exception is thrown by firewall
+ if Package.Install(PKG_CONTAINING_FW_SERVICES)
+ current_progress = Progress.set(false)
+ SuSEFirewall.Read
+ Progress.set(current_progress)
+ else
+ Report.Error(
+ _("Package %{package} is not installed\nfirewall settings will be disabled.") % {
+ :package => PKG_CONTAINING_FW_SERVICES
+ }
+ )
+ end
true
end
- # Function creates automatic X configuration by calling sax2
- # see bugs #135605, #157342
- def CreateSaxAutomaticConfiguration
- command = "TERM=dumb /usr/sbin/sax2 -r -a | /usr/bin/grep -v '\\r$'"
- Builtins.y2milestone("Creating automatic Xconfiguration: %1", command)
- Builtins.y2milestone(
- "SaX2 returned: %1",
- SCR.Execute(path(".target.bash_output"), command)
- )
-
- nil
- end
-
def WriteXinetd
# Enable/disable vnc1 and vnchttpd1 in xinetd.d/vnc
# If the port is changed, change also the help in remote/dialogs.ycp
@@ -269,7 +272,7 @@
ServerArgsRemoveOpt(server_args, @SEC_OPT_SECURITYTYPE, true)
)
end
- Builtins.y2milestone("Updated xinet cfg: %1", m)
+ log.info "Updated xinet cfg: #{m}"
deep_copy(m)
end
@@ -290,11 +293,10 @@
if Mode.normal
# Progress stage 3
- steps = Builtins.add(steps, _("Restart the services"))
+ steps << _("Restart the services")
end
caption = _("Saving Remote Administration Configuration")
- sl = 0 #100; //for testing
Progress.New(caption, " ", Builtins.size(steps), steps, [], "")
@@ -302,42 +304,38 @@
current_progress = Progress.set(false)
SuSEFirewall.Write
Progress.set(current_progress)
- Builtins.sleep(sl)
ProgressNextStage(_("Configuring display manager..."))
if @allow_administration
# Install required packages
- packages = ["xinetd", "xorg-x11", "xorg-x11-Xvnc"]
+ packages = ["xinetd", "xorg-x11", PKG_CONTAINING_FW_SERVICES]
#At least one windowmanager must be installed (#427044)
#If none is, there, use icewm as fallback
#Package::Installed uses rpm -q --whatprovides
- if !Package.Installed("windowmanager")
- packages = Builtins.add(packages, "icewm")
- end
+ packages << "icewm" unless Package.Installed("windowmanager")
if !Package.InstallAll(packages)
- Builtins.y2error("Installing of required packages failed")
+ log.error "Installing of required packages failed"
return false
end
# Enable xinetd
- if !Service.Enable("xinetd")
- Builtins.y2error("Enabling of xinetd failed")
+ if !Service.Enable(XINETD_SERVICE)
+ Report.Error(
+ _("Enabling service %{service} has failed") % { :service => XINETD_SERVICE }
+ )
return false
end
# Enable XDM
- if !Service.Enable("xdm")
- Builtins.y2error("Enabling of xdm failed")
+ if !Service.Enable(XDM_SERVICE_NAME)
+ Report.Error(
+ _("Enabling service %{service} has failed") % { :service => XDM_SERVICE_NAME }
+ )
return false
end
-
- # Bugzilla #135605 - creating xorg.conf based on the sax2 automatic configuration
- # It is a special case when the installation runs in VNC
- # - Xconfiguration in the hardware proposal is disabled
- CreateSaxAutomaticConfiguration() if Mode.installation && Linuxrc.vnc
end
# Set DISPLAYMANAGER_REMOTE_ACCESS in sysconfig/displaymanager
@@ -356,51 +354,32 @@
#Do this only if package xinetd is installed (#256385)
return false if have_xinetd && !WriteXinetd()
- Builtins.sleep(sl)
if Mode.normal
- dm_was_running = Service.Status("xdm") == 0
-
ProgressNextStage(_("Restarting the service..."))
+
if @allow_administration
SCR.Write(path(".etc.inittab.id"), "5:initdefault:")
SCR.Write(path(".etc.inittab"), nil)
#if allow_administration is set to true, xinetd must be already installed
- Service.Restart("xinetd")
- if !dm_was_running
- ##41611: with Service::Start, yast hangs :-(
- SCR.Execute(
- path(".target.bash_background"),
- "/etc/init.d/xdm start"
- )
- end
+ Report.Error(Message.CannotRestartService(XINETD_SERVICE)) unless Service.Restart(XINETD_SERVICE)
+ Report.Error(Message.CannotRestartService(XDM_SERVICE_NAME)) unless Service.Restart(XDM_SERVICE_NAME)
else
if have_xinetd
# xinetd may be needed for other services so we never turn it
# off. It will exit anyway if no services are configured.
# If it is running, restart it.
- Service.RunInitScript("xinetd", "try-restart")
+ Service.Restart(XINETD_SERVICE) if Service.active?(XINETD_SERVICE)
end
end
- #do not call 'rcxdm reload' for gdm - use SuSEconfig
- if dm_was_running && @default_dm != "gdm"
- Service.RunInitScript("xdm", "reload")
- # import "Report";
- # Report::Message (sformat (
- # // message popup
- # // %1 is a system command
- # // Note: it is a DISPLAY manager, not a WINDOW manager
- # _("For the settings to take effect, the display manager
- # must be restarted. Because this terminates all X Window System
- # sessions, do it manually from the console with
- # \"%1\".
- # Note that restarting the X server alone is not enough."),
- # "rcxdm restart"));
+ # do not call '$service reload' for gdm - use SuSEconfig
+ # TODO: confirm that it's still needed
+ if @default_dm != "gdm"
+ Service.Reload(XDM_SERVICE_NAME)
end
- Builtins.sleep(sl)
Progress.NextStage
end
@@ -410,13 +389,8 @@
# Create summary
# @return summary text
def Summary
- if @allow_administration
- # Label in proposal text
- return _("Remote administration is enabled.")
- else
- # Label in proposal text
- return _("Remote administration is disabled.")
- end
+ # description in proposal
+ @allow_administration ? _("Remote administration is enabled.") : _("Remote administration is disabled.")
end
publish :variable => :SEC_NONE, :type => "const string"
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package telepathy-mission-control for openSUSE:Factory checked in at 2014-05-26 10:28:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/telepathy-mission-control (Old)
and /work/SRC/openSUSE:Factory/.telepathy-mission-control.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "telepathy-mission-control"
Changes:
--------
--- /work/SRC/openSUSE:Factory/telepathy-mission-control/telepathy-mission-control.changes 2014-03-04 20:59:35.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.telepathy-mission-control.new/telepathy-mission-control.changes 2014-05-26 10:28:08.000000000 +0200
@@ -1,0 +2,6 @@
+Thu Apr 3 00:07:17 UTC 2014 - mgorse(a)suse.com
+
+- Add 0001-mc-tool-fix-setting-automatic-presence.patch: fix crash
+ setting auto-presence (fdo#74187).
+
+-------------------------------------------------------------------
New:
----
0001-mc-tool-fix-setting-automatic-presence.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ telepathy-mission-control.spec ++++++
--- /var/tmp/diff_new_pack.ar9JXD/_old 2014-05-26 10:28:09.000000000 +0200
+++ /var/tmp/diff_new_pack.ar9JXD/_new 2014-05-26 10:28:09.000000000 +0200
@@ -27,6 +27,8 @@
Source: http://telepathy.freedesktop.org/releases/telepathy-mission-control/%{name}…
# PATCH-NEEDS-REBASE lockdown-protocols.patch fdo21699 vuntz(a)novell.com -- Sent upstream for discussion, it will need a rewrite for MC5 WAS: PATCH-FEATURE-UPSTREAM
Patch1: lockdown-protocols.patch
+# PATCH-FIX-UPSTREAM 0001-mc-tool-fix-setting-automatic-presence.patch fdo#74187 mgorse(a)suse.com -- fix crash setting auto-presence.
+Patch2: 0001-mc-tool-fix-setting-automatic-presence.patch
BuildRequires: dbus-1-glib-devel >= 0.73
BuildRequires: fdupes
BuildRequires: libxslt-devel
@@ -76,6 +78,7 @@
%setup -q
# NEEDS REBASE
# %patch1 -p0
+%patch2 -p1
%build
%configure --disable-static --with-pic
++++++ 0001-mc-tool-fix-setting-automatic-presence.patch ++++++
>From a4bcc16f16f72d7a2b8fe74e715183b7b6985427 Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie(a)collabora.co.uk>
Date: Tue, 28 Jan 2014 16:28:16 +0000
Subject: [PATCH] mc-tool: fix setting automatic presence
We were using the wrong finish-function.
Reviewed-by: Guillaume Desmottes <guillaume.desmottes(a)collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=74187
---
util/mc-tool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/mc-tool.c b/util/mc-tool.c
index 59a1a91..3c238d8 100644
--- a/util/mc-tool.c
+++ b/util/mc-tool.c
@@ -1051,7 +1051,7 @@ command_auto_presence (TpAccount *account)
command.presence.status,
command.presence.message,
callback_for_async,
- tp_account_request_presence_finish);
+ tp_account_set_automatic_presence_finish);
return TRUE;
}
--
1.8.4
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package xdm for openSUSE:Factory checked in at 2014-05-26 10:28:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xdm (Old)
and /work/SRC/openSUSE:Factory/.xdm.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xdm"
Changes:
--------
--- /work/SRC/openSUSE:Factory/xdm/xdm.changes 2014-05-22 20:38:34.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.xdm.new/xdm.changes 2014-05-26 10:28:07.000000000 +0200
@@ -1,0 +2,5 @@
+Fri May 23 13:01:21 UTC 2014 - jsegitz(a)novell.com
+
+- added necessary macros for systemd files
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xdm.spec ++++++
--- /var/tmp/diff_new_pack.sZyWIC/_old 2014-05-26 10:28:07.000000000 +0200
+++ /var/tmp/diff_new_pack.sZyWIC/_new 2014-05-26 10:28:07.000000000 +0200
@@ -170,6 +170,11 @@
%endif
%{fillup_only -n displaymanager}
+%pre
+%if !0%{?suse_version} < 1320
+ %service_add_pre display-manager.service
+%endif
+
%postun
%if 0%{?suse_version} < 1320
%{insserv_cleanup}
@@ -177,6 +182,11 @@
%service_del_postun display-manager.service
%endif
+%preun
+%if !0%{?suse_version} < 1320
+ %service_del_preun display-manager.service
+%endif
+
%files
%defattr(-,root,root)
%doc AUTHORS ChangeLog COPYING README
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package yast2-users for openSUSE:Factory checked in at 2014-05-26 10:28:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-users (Old)
and /work/SRC/openSUSE:Factory/.yast2-users.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-users"
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-users/yast2-users.changes 2014-05-17 22:01:29.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.yast2-users.new/yast2-users.changes 2014-05-26 10:28:05.000000000 +0200
@@ -1,0 +2,7 @@
+Fri May 23 14:57:15 CEST 2014 - schubi(a)suse.de
+
+- Generating user section in autoinst.xml file
+ (bnc#877985)
+- 3.1.25
+
+-------------------------------------------------------------------
Old:
----
yast2-users-3.1.24.tar.bz2
New:
----
yast2-users-3.1.25.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-users.spec ++++++
--- /var/tmp/diff_new_pack.uPrnBu/_old 2014-05-26 10:28:06.000000000 +0200
+++ /var/tmp/diff_new_pack.uPrnBu/_new 2014-05-26 10:28:06.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-users
-Version: 3.1.24
+Version: 3.1.25
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ yast2-users-3.1.24.tar.bz2 -> yast2-users-3.1.25.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-users-3.1.24/package/yast2-users.changes new/yast2-users-3.1.25/package/yast2-users.changes
--- old/yast2-users-3.1.24/package/yast2-users.changes 2014-05-13 15:03:46.000000000 +0200
+++ new/yast2-users-3.1.25/package/yast2-users.changes 2014-05-23 15:03:45.000000000 +0200
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Fri May 23 14:57:15 CEST 2014 - schubi(a)suse.de
+
+- Generating user section in autoinst.xml file
+ (bnc#877985)
+- 3.1.25
+
+-------------------------------------------------------------------
Tue May 13 13:32:22 CEST 2014 - jsuchome(a)suse.cz
- added Test Keyboard Layout field into current root password dialog
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-users-3.1.24/package/yast2-users.spec new/yast2-users-3.1.25/package/yast2-users.spec
--- old/yast2-users-3.1.24/package/yast2-users.spec 2014-05-13 15:03:46.000000000 +0200
+++ new/yast2-users-3.1.25/package/yast2-users.spec 2014-05-23 15:03:45.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-users
-Version: 3.1.24
+Version: 3.1.25
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-users-3.1.24/src/clients/users_auto.rb new/yast2-users-3.1.25/src/clients/users_auto.rb
--- old/yast2-users-3.1.24/src/clients/users_auto.rb 2014-05-13 15:03:46.000000000 +0200
+++ new/yast2-users-3.1.25/src/clients/users_auto.rb 2014-05-23 15:03:45.000000000 +0200
@@ -43,6 +43,7 @@
textdomain "users"
Yast.import "Mode"
Yast.import "Users"
+ Yast.import "UsersSimple"
Yast.import "Wizard"
Yast.include self, "users/wizards.rb"
@@ -104,7 +105,22 @@
@ret = AutoSequence(@start_dialog)
Wizard.CloseDialog
elsif @func == "Export"
+ if Stage.initial
+ # Importing all users/groups from the UI if we are
+ # in the installation workflow
+ Users.SetExportAll(true)
+ setup_all_users
+ end
+
@ret = Users.Export
+
+ if Stage.initial
+ #Setting root password in the return value. We are in the inst_sys.
+ #The root password has not been written but is only available in
+ #UserSimple model. We have to set it manually.
+ root = @ret["users"].find { |u| u["uid"] == "0" }
+ root["user_password"] = Users.CryptPassword(UsersSimple.GetRootPassword, "system") if root
+ end
Users.SetExportAll(false)
elsif @func == "Read"
Yast.import "Progress"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-users-3.1.24/src/clients/users_finish.rb new/yast2-users-3.1.25/src/clients/users_finish.rb
--- old/yast2-users-3.1.24/src/clients/users_finish.rb 2014-05-13 15:03:46.000000000 +0200
+++ new/yast2-users-3.1.25/src/clients/users_finish.rb 2014-05-23 15:03:45.000000000 +0200
@@ -68,31 +68,13 @@
[:installation, :live_installation, :autoinst]
}
elsif @func == "Write"
- # disable UI (progress)
- Users.SetGUI(false)
+ # Creating all users and their environment
# write the root password
UsersSimple.Write
- @users = UsersSimple.GetUsers
-
- if !(a)users.empty?
- Users.Read
- Users.ResetCurrentUser
- Builtins.y2milestone("There are #{(a)users.size} users to import")
-
- create_users(@users)
-
- if UsersSimple.AutologinUsed
- Autologin.user = UsersSimple.GetAutologinUser
- Autologin.Use(true)
- end
-
- root_alias = UsersSimple.GetRootAlias
- Users.AddRootAlias(root_alias) unless root_alias.empty?
-
- Users.Write
- end
+ other_users = setup_all_users
+ Users.Write if other_users
else
Builtins.y2error("unknown function: %1", @func)
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-users-3.1.24/src/include/users/routines.rb new/yast2-users-3.1.25/src/include/users/routines.rb
--- old/yast2-users-3.1.24/src/include/users/routines.rb 2014-05-13 15:03:46.000000000 +0200
+++ new/yast2-users-3.1.25/src/include/users/routines.rb 2014-05-23 15:03:45.000000000 +0200
@@ -137,4 +137,39 @@
end
end
end
+
+ # setup ALL users (included root user, autologin, root aliases,...)
+ # Return: true if there has been added a user
+ def setup_all_users
+ ret = false
+
+ # disable UI (progress)
+ old_gui = Users.GetGUI
+ Users.SetGUI(false)
+
+ users = UsersSimple.GetUsers
+
+ if !users.empty?
+ Users.Read
+ Users.ResetCurrentUser
+ Builtins.y2milestone("There are #{users.size} users to import")
+
+ create_users(users)
+
+ #resetting Autologin settings
+ Autologin.Disable
+
+ if UsersSimple.AutologinUsed
+ Autologin.user = UsersSimple.GetAutologinUser
+ Autologin.Use(true)
+ end
+
+ root_alias = UsersSimple.GetRootAlias
+ Users.AddRootAlias(root_alias) unless root_alias.empty?
+ ret = true
+ end
+ Users.SetGUI(old_gui)
+ ret
+ end
+
end
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package iprutils for openSUSE:Factory checked in at 2014-05-26 10:28:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/iprutils (Old)
and /work/SRC/openSUSE:Factory/.iprutils.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "iprutils"
Changes:
--------
--- /work/SRC/openSUSE:Factory/iprutils/iprutils.changes 2014-05-16 07:29:52.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.iprutils.new/iprutils.changes 2014-05-26 10:28:04.000000000 +0200
@@ -1,0 +2,5 @@
+Wed May 14 12:53:07 UTC 2014 - meissner(a)suse.com
+
+- also add the %pre snippets for service addition.
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ iprutils.spec ++++++
--- /var/tmp/diff_new_pack.zPKHCD/_old 2014-05-26 10:28:05.000000000 +0200
+++ /var/tmp/diff_new_pack.zPKHCD/_new 2014-05-26 10:28:05.000000000 +0200
@@ -71,6 +71,10 @@
echo %{_sbindir}
%ifarch ppc ppc64
+%pre
+%service_add_pre iprdump.service
+%service_add_pre iprinit.service
+%service_add_pre iprupdate.service
%post
%service_add_post iprdump.service
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0