July 2014 - openSUSE Commits - openSUSE Mailing Lists

commit ImageMagick for openSUSE:13.1:Update
by root＠hilbert.suse.de 30 Jul '14

30 Jul '14

Hello community, here is the log from the commit of package ImageMagick for openSUSE:13.1:Update checked in at 2014-07-30 10:09:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/ImageMagick (Old) and /work/SRC/openSUSE:13.1:Update/.ImageMagick.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ImageMagick" Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.YEOJ9z/_old 2014-07-30 10:09:17.000000000 +0200 +++ /var/tmp/diff_new_pack.YEOJ9z/_new 2014-07-30 10:09:17.000000000 +0200 @@ -1 +1 @@ -<link package='ImageMagick.2626' cicount='copy' /> +<link package='ImageMagick.2916' cicount='copy' /> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit patchinfo.2917 for openSUSE:12.3:Update
by root＠hilbert.suse.de 30 Jul '14

30 Jul '14

Hello community, here is the log from the commit of package patchinfo.2917 for openSUSE:12.3:Update checked in at 2014-07-30 10:09:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/patchinfo.2917 (Old) and /work/SRC/openSUSE:12.3:Update/.patchinfo.2917.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.2917" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo> <issue id="857195" tracker="bnc">VUL-0: CVE-2013-5211: ntp: DoS in monlist feature in ntpd</issue> <issue id="CVE-2013-5211" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>rmax</packager> <description> The NTP time service could be used for remote denial of service amplification attacks. This issue can be fixed by the administrator as we described in our security advisory SUSE-SA:2014:001 http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.html and on http://support.novell.com/security/cve/CVE-2013-5211.html This update now also replaces the default ntp.conf template to fix this problem. Please note that if you have touched or modified ntp.conf yourself, it will not be automatically fixed, you need to merge the changes manually as described. </description> <summary>ntp: adjust default config against distributed denial of service attack</summary> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit ntp.2917 for openSUSE:13.1:Update
by root＠hilbert.suse.de 30 Jul '14

30 Jul '14

Hello community, here is the log from the commit of package ntp.2917 for openSUSE:13.1:Update checked in at 2014-07-30 10:09:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/ntp.2917 (Old) and /work/SRC/openSUSE:13.1:Update/.ntp.2917.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ntp.2917" Changes: -------- New Changes file: --- /dev/null 2014-07-24 01:57:42.080040256 +0200 +++ /work/SRC/openSUSE:13.1:Update/.ntp.2917.new/ntp.changes 2014-07-30 10:09:07.000000000 +0200 @@ -0,0 +1,1481 @@ +------------------------------------------------------------------- +Mon Jul 21 07:03:26 UTC 2014 - max(a)suse.com + +- CVE-2013-5211, bnc#857195: restrict query, configuration, + modification access from world by default. Avoids that ntp can + be used as a DDoS amplifier. + +------------------------------------------------------------------- +Tue Oct 22 14:49:25 UTC 2013 - varkoly(a)suse.com + +- bnc#838458 ntp start script does not update /var/lib/ntp/etc/localtime file if /etc/localtime is symlink + +------------------------------------------------------------------- +Mon Aug 19 22:58:44 UTC 2013 - crrodriguez(a)opensuse.org + +- Build with -DOPENSSL_LOAD_CONF , ntp must respect and use + the system's openssl configuration. + +------------------------------------------------------------------- +Sat Mar 9 13:34:16 UTC 2013 - seife+obs(a)b1-systems.com + +- fix build with automake-1.13 + +------------------------------------------------------------------- +Thu Feb 28 07:52:03 UTC 2013 - varkoly(a)suse.com + +- bnc#797351 - ntpd "listen-on" directive support is missing/broken; + unable to restrict/secure listening IPs + +------------------------------------------------------------------- +Tue Feb 26 14:58:38 UTC 2013 - varkoly(a)suse.com + +- bnc#793012 - NTP default to 'sync time on startup' conflicts with NetworkManager + +------------------------------------------------------------------- +Fri Feb 22 09:19:08 CET 2013 - mhrusecky(a)suse.cz + +- disable Undisciplined Local Clock in default conf file (bnc#784760) + +------------------------------------------------------------------- +Fri Jan 18 14:18:09 UTC 2013 - bwiedemann(a)suse.com + +- Speedup ntpq (bnc#782060) + +ntp-4.2.6p2-ntpq-speedup-782060.patch + +------------------------------------------------------------------- +Thu Jan 17 17:37:35 UTC 2013 - varkoly(a)suse.com + +- bnc#450196 - ext3 - recovering journal on / on first boot on new kernel/fresh system updates +- bnc#774553 - ntp initscript: hwclock: With --noadjfile, you must specify either --utc or --localtime + +------------------------------------------------------------------- +Fri Dec 14 10:14:41 UTC 2012 - lnussel(a)suse.de + +- logrotate is not strictly required for operation of ntp so change + it to Suggested. That way the minimal installation doesn't draw in + cron and postfix. + +------------------------------------------------------------------- +Thu Aug 2 13:17:57 UTC 2012 - rmilasan(a)suse.com + +- Created the correct link to /run/ntp + +------------------------------------------------------------------- +Thu Jul 19 04:47:46 UTC 2012 - crrodriguez(a)opensuse.org + +- Openssl wanted but not properly detected, fixed. + +------------------------------------------------------------------- +Wed Jul 4 13:51:57 UTC 2012 - cfarrell(a)suse.com + +- license update: (MIT and BSD-3-Clause and BSD-4-Clause) and GPL-2.0 + Properly categorise licenses and sync with Fedora declaration + +------------------------------------------------------------------- +Mon Apr 23 11:02:06 UTC 2012 - varkoly(a)suse.com + +- bnc#758253 - L3: ntp fails if host has more than 1024 IP-addresses + ntp#1180 - ntpd won't start with more than 1000 interfaces + +------------------------------------------------------------------- +Mon Jan 9 18:45:15 UTC 2012 - lmuelle(a)suse.com + +- Remove superfluous remove of acconfig.h while build. +- BuildRequire autoconf to avoid implicit dependency for post-11.4 systems. +- Remove call to suse_update_config macro for post-11.4 systems. + +------------------------------------------------------------------- +Mon Jan 9 18:38:10 UTC 2012 - lmuelle(a)suse.com + +- BuildRequire fdupes for post-10.1 systems. +- Do not call autoreconf for pre-10.2 systems. + +------------------------------------------------------------------- +Mon Jan 9 18:11:27 UTC 2012 - lmuelle(a)suse.de + +- Update to version 4.2.6p5. + - ntpd + * Updated "nic" and "interface" IPv6 address handling to prevent + mismatches with localhost [::1] and wildcard [::] which resulted from + using the address/prefix format (e.g. fe80::/64) + * Fix orphan mode stratum incorrectly counting to infinity + * Orphan parent selection metric updated to includes missing ntohl() + * Non-printable stratum 16 refid no longer sent to ntp + * Duplicate ephemeral associations suppressed for broadcastclient and + multicastclient without broadcastdelay + * Exclude undetermined sys_refid from use in loopback TEST12 + * Exclude MODE_SERVER responses from KoD rate limiting + * Include root delay in clock_update() sys_rootdisp calculations + * get_systime() updated to exclude sys_residual offset (which only + affected bits "below" sys_tick, the precision threshold) + * sys.peer jitter weighting corrected in sys_jitter calculation + - ntpq + * -n option extended to include the billboard "server" column + * IPv6 addresses in the local column truncated to prevent overruns +- Update to version 4.2.6p4. + - Build system + * Fix checking for struct rtattr + * Upgrade required version of autogen and libopts for building + from our source code repository + - ntpd + * Back-ported several fixes for Coverity warnings from ntp-dev + * Fix a rare boundary condition in UNLINK_EXPR_SLIST() + * Allow "logconfig =allall" configuration directive + * Bind tentative IPv6 addresses on Linux + * Correct WWVB/Spectracom driver to timestamp CR instead of LF + * Improved tally bit handling to prevent incorrect ntpq peer status reports + * Exclude the Undisciplined Local Clock and ACTS drivers from the initial + candidate list unless they are designated a "prefer peer" + * Prevent the consideration of Undisciplined Local Clock or ACTS drivers for + selection during the 'tos orphanwait' period· + * Prefer an Orphan Mode Parent over the Undisciplined Local Clock or ACTS + drivers + * Improved support of the Parse Refclock trusttime flag in Meinberg mode + * Back-port utility routines from ntp-dev: mprintf(), emalloc_zero() + * Code cleanup in libntpq + - ntpdc + * Fix timerstats reporting + - ntpdate + * Reduce time required to set clock + * Allow a timeout greater than 2 seconds + - sntp + * Backward incompatible command-line option change: + -l/--filelog changed -l/--logfile (to be consistent with ntpd) + - Documentation + * Update html2man. Fix some tags in the .html files + * Distribute ntp-wait.html + +------------------------------------------------------------------- +Mon Jan 9 17:35:16 UTC 2012 - lmuelle(a)suse.de + +- Remove superfluously used NTPD_PID_NOPREFIX from init script. +- Refresh patches to apply with no offset. + +------------------------------------------------------------------- +Thu Nov 24 14:56:45 UTC 2011 - varkoly(a)suse.com + +- bnc#730374 - Hardware Clock does not get synchronized + +------------------------------------------------------------------- +Wed Nov 23 09:29:50 UTC 2011 - coolo(a)suse.com + +- add libtool as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Oct 27 08:52:39 UTC 2011 - varkoly(a)suse.com + +- bnc#656509 - don't use --bind on /var/lib/ntp/proc + +------------------------------------------------------------------- +Fri Aug 26 08:11:33 UTC 2011 - varkoly(a)suse.com + +- bnc#699724 - ntpdate was replaced with a dud script + +------------------------------------------------------------------- +Wed Jun 1 09:07:48 UTC 2011 - varkoly(a)suse.de + +- The default timeout for sntp is to long. This can stop booting +- bnc#689070 - ntp post install script always removes /etc/sysconfig/ntp +- bnc#688529 - (ntp) ntpq and ntpdc command history broken +- bnc#695598 - "Started sntp" in /var/log/messages + +------------------------------------------------------------------- +Sun May 1 23:15:01 CEST 2011 - hpj(a)urpla.net + +- fix "rcntp ntptimeset" + * never try to syncronize with local clocks (127.127.*), which led to + sntp blocking until timeout elapsed (and probably blocking boot + sequence for ~5 min per device..) +- fix DOS line breaks in some doc files + +------------------------------------------------------------------- +Tue Apr 26 06:56:05 UTC 2011 - varkoly(a)novell.com + +- fix/improve init script + * related to bugzilla 688132 + * "rcntp ntptimeset" could not parse servers from ntp.conf when IP proto ++++ 1284 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.ntp.2917.new/ntp.changes New: ---- MOD_NANO.diff NTP-FAQ-3.4.tar.bz2 README.SUSE bnc#506908.diff bnc#574885.diff conf.logrotate.ntp conf.ntp.conf conf.ntp.init conf.ntp.reg conf.sysconfig.ntp conf.sysconfig.syslog-ntp ntp-4.2.6p2-ntpq-speedup-782060.patch ntp-4.2.6p2-seed_file.patch ntp-4.2.6p5.tar.bz2 ntp-4.2.7-rh-manpages.tar.gz ntp-code-cleanup.patch ntp-segfault_on_invalid_device.patch ntp-strcat.patch ntp-wait ntp.1.gz ntp.changes ntp.firewall ntp.spec ntp.xml ntpd-maxmonmen.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ntp.spec ++++++ # # spec file for package ntp # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: ntp %if 0%{?suse_version} > 1010 BuildRequires: autoconf BuildRequires: fdupes %endif BuildRequires: libcap-devel BuildRequires: libtool BuildRequires: openssl-devel BuildRequires: readline-devel # to allow the postinst script to succeed BuildRequires: pwdutils %define ntpfaqversion 3.4 Url: http://www.ntp.org/ Version: 4.2.6p5 Release: 0 Summary: Network Time Protocol daemon (version 4) License: (MIT and BSD-3-Clause and BSD-4-Clause) and GPL-2.0 Group: Productivity/Networking/Other # main source Source0: http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-%{version}.tar.bz2 # configuration Source1: conf.logrotate.ntp Source2: conf.ntp.conf Source3: conf.ntp.init Source4: conf.sysconfig.ntp Source5: conf.sysconfig.syslog-ntp Source6: conf.ntp.reg Source7: %name.firewall # documentation Source10: NTP-FAQ-%{ntpfaqversion}.tar.bz2 Source11: ntp.1.gz Source12: README.SUSE Source13: ntp-4.2.7-rh-manpages.tar.gz Source14: ntp.xml Source16: ntp-wait Patch1: ntp-segfault_on_invalid_device.patch Patch4: ntpd-maxmonmen.patch Patch10: ntp-strcat.patch Patch11: ntp-4.2.6p2-seed_file.patch Patch13: ntp-code-cleanup.patch Patch15: bnc#506908.diff Patch16: MOD_NANO.diff Patch18: bnc#574885.diff Patch19: ntp-4.2.6p2-ntpq-speedup-782060.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: ntp-daemon Provides: xntp <= 4.2.4p6 Provides: xntp3 Obsoletes: xntp <= 4.2.4p5 Obsoletes: xntp3 Conflicts: openntpd PreReq: pwdutils %insserv_prereq %fillup_prereq /usr/bin/diff /usr/bin/grep /sbin/chkconfig Suggests: logrotate Requires: timezone %description The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio, satellite receiver, or modem. Ntpd is an operating system daemon that sets and maintains the system time-of-day synchronized with Internet standard time servers. Authors: -------- Mark Andrews <marka(a)syd.dms.csiro.au> Viraj Bais <vbais(a)mailman1.intel.com> Clayton Kirkwood <kirkwood(a)striderfm.intel.com> Karl Berry <karl(a)owl.HQ.ileaf.com> Piete Brooks <Piete.Brooks(a)cl.cam.ac.uk> Steve Clift <clift(a)ml.csiro.au> Casey Crellin <casey(a)csc.co.za> Torsten Duwe <duwe(a)immd4.informatik.uni-erlangen.de> John A. Dundas III <dundas(a)salt.jpl.nasa.gov> Dennis Ferguson <dennis(a)mrbill.canet.ca> Glenn Hollinger <glenn(a)herald.usask.ca> Mike Iglesias <iglesias(a)uci.edu> Jim Jagielski <jim(a)jagubox.gsfc.nasa.gov> Jeff Johnson <jbj(a)chatham.usdesign.com> William L. Jones <jones(a)hermes.chpc.utexas.edu> Dave Katz <dkatz(a)cisco.com> Craig Leres <leres(a)ee.lbl.gov> George Lindholm <lindholm(a)ucs.ubc.ca> Louis A. Mamakos <louie(a)ni.umd.edu> Derek Mulcahy <derek(a)toybox.demon.co.uk> Damon Hart-Davis <d(a)hd.org> Lars H. Mathiesen <thorinn(a)diku.dk> David L. Mills <mills(a)udel.edu> Wolfgang Moeller <moeller(a)gwdgv1.dnet.gwdg.de> Jeffrey Mogul <mogul(a)pa.dec.com> Tom Moore <tmoore(a)fievel.daytonoh.ncr.com> Rainer Pruy <Rainer.Pruy(a)informatik.uni-erlangen.de> Dirce Richards <dirce(a)zk3.dec.com> Nick Sayer <mrapple(a)quack.kfu.com> Frank Kardel <Frank.Kardel(a)informatik.uni-erlangen.de> Ray Schnitzler <schnitz(a)unipress.com> Michael Shields <shields(a)tembel.org> Jeff Steinman <jss(a)pebbles.jpl.nasa.gov> Harlan Stenn <harlan(a)pfcs.com> Kenneth Stone <ken(a)sdd.hp.com> Ajit Thyagarajan <ajit(a)ee.udel.edu> Tomoaki TSURUOKA <tsuruoka(a)nc.fukuoka-u.ac.jp> Paul A Vixie <vixie(a)vix.com> Ulrich Windl <Ulrich.Windl(a)rz.uni-regensburg.de> %package doc Provides: ntpdoc Provides: xntp-doc = 4.2.4 Provides: xntpdoc Obsoletes: ntpdoc Obsoletes: xntp-doc <= 4.2.4 Obsoletes: xntpdoc Summary: Additional Package Documentation for ntp Group: Documentation/Other %description doc The complete set of documentation for building and configuring an NTP server or client. The documentation is in the form of HTML files suitable for browsing and contains links to additional documentation at various web sites. What about NTP? Understanding and using the Network Time Protocol (A first try on a non-technical Mini-HOWTO and FAQ on NTP). Edited by Ulrich Windl and David Dalton. Authors: -------- Mark Andrews <marka(a)syd.dms.csiro.au> Viraj Bais <vbais(a)mailman1.intel.com> Clayton Kirkwood <kirkwood(a)striderfm.intel.com> Karl Berry <karl(a)owl.HQ.ileaf.com> Piete Brooks <Piete.Brooks(a)cl.cam.ac.uk> Steve Clift <clift(a)ml.csiro.au> Casey Crellin <casey(a)csc.co.za> Torsten Duwe <duwe(a)immd4.informatik.uni-erlangen.de> John A. Dundas III <dundas(a)salt.jpl.nasa.gov> Dennis Ferguson <dennis(a)mrbill.canet.ca> Glenn Hollinger <glenn(a)herald.usask.ca> Mike Iglesias <iglesias(a)uci.edu> Jim Jagielski <jim(a)jagubox.gsfc.nasa.gov> Jeff Johnson <jbj(a)chatham.usdesign.com> William L. Jones <jones(a)hermes.chpc.utexas.edu> Dave Katz <dkatz(a)cisco.com> Craig Leres <leres(a)ee.lbl.gov> George Lindholm <lindholm(a)ucs.ubc.ca> Louis A. Mamakos <louie(a)ni.umd.edu> Derek Mulcahy <derek(a)toybox.demon.co.uk> Damon Hart-Davis <d(a)hd.org> Lars H. Mathiesen <thorinn(a)diku.dk> David L. Mills <mills(a)udel.edu> Wolfgang Moeller <moeller(a)gwdgv1.dnet.gwdg.de> Jeffrey Mogul <mogul(a)pa.dec.com> Tom Moore <tmoore(a)fievel.daytonoh.ncr.com> Rainer Pruy <Rainer.Pruy(a)informatik.uni-erlangen.de> Dirce Richards <dirce(a)zk3.dec.com> Nick Sayer <mrapple(a)quack.kfu.com> Frank Kardel <Frank.Kardel(a)informatik.uni-erlangen.de> Ray Schnitzler <schnitz(a)unipress.com> Michael Shields <shields(a)tembel.org> Jeff Steinman <jss(a)pebbles.jpl.nasa.gov> Harlan Stenn <harlan(a)pfcs.com> Kenneth Stone <ken(a)sdd.hp.com> Ajit Thyagarajan <ajit(a)ee.udel.edu> Tomoaki TSURUOKA <tsuruoka(a)nc.fukuoka-u.ac.jp> Paul A Vixie <vixie(a)vix.com> Ulrich Windl <Ulrich.Windl(a)rz.uni-regensburg.de> %prep %setup -q -n ntp-%{version} # unpack ntp-faq tar -x -C html -j -f %{S:10} %patch1 %patch4 -p1 # copy README.SUSE cp %{S:12} . tar xzf %{S:13} %patch10 -p1 %patch11 %patch13 %patch15 %patch16 %patch18 %patch19 # fix DOS line breaks sed -i 's/\r//g' html/scripts/{footer.txt,style.css} # new automake 1.13 has removed old macro sed -i 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' configure.ac %build %if 0%{?suse_version} && 0%{?suse_version} < 1141 %{?suse_update_config} %endif %if 0%{?suse_version} > 1010 autoreconf -fi %endif export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -W -DOPENSSL_LOAD_CONF -Wall -Wstrict-prototypes -Wpointer-arith -Wno-unused-parameter -fno-strict-aliasing -fstack-protector" %ifarch alpha s390x export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0" %endif %ifarch ia64 RPM_OPT_FLAGS="$RPM_OPT_FLAGS -ffast-math" %endif CFLAGS="$RPM_OPT_FLAGS -fPIE" LDFLAGS="-pie" ./configure \ --with-binsubdir=bin \ --bindir=%{_sbindir} \ --mandir=%{_mandir} \ --infodir=%{_infodir} \ --enable-parse-clocks \ --enable-all-clocks \ --enable-linuxcaps \ --enable-ipv6 \ --with-sntp \ --enable-ntp-signd \ --disable-listen-read-drop \ --with-lineeditlibs=readline \ --with-crypto=openssl \ --with-openssl-libdir=%{_libdir} \ --with-openssl-incdir=%{_includedir} make %{?_smp_mflags} %install %makeinstall # Change permissions chmod 644 html/pic/neoclock4x.gif %if 0%{?suse_version} > 1010 %fdupes -s html %endif # # default configuration # %__install -d %{buildroot}/var/lib/ntp/{drift,etc,var/{lib,run/ntp},dev} %__install -d %{buildroot}/var/run ln -s ../.. %{buildroot}/var/lib/ntp/var/lib/ntp ln -s ../lib/ntp/var/run/ntp %{buildroot}/var/run %__install -m 644 -D %{S:1} %{buildroot}/etc/logrotate.d/ntp %__install -m 600 -D %{S:2} %{buildroot}/etc/ntp.conf %__install -m 600 -D %{S:2} %{buildroot}/var/lib/ntp/etc/ntp.conf.iburst # # boot scripts # %__install -D %{S:3} %{buildroot}/etc/init.d/ntp %__install -d %{buildroot}/usr/sbin ln -s ../../etc/init.d/ntp %{buildroot}/usr/sbin/rcntp # # fillup sysconfig.ntp # %__install -m 644 -D %{S:4} %{buildroot}/var/adm/fillup-templates/sysconfig.ntp %__install -m 644 -D %{S:5} %{buildroot}/var/adm/fillup-templates/sysconfig.syslog-ntp # # install SLP reg file # %__install -m 644 -D %{S:6} %{buildroot}/etc/slp.reg.d/ntp.reg # # man pages # %__install -d %{buildroot}/%{_mandir}/{man5,man8} %__install -m 644 man/man5/* %{buildroot}/%{_mandir}/man5 %__install -m 644 man/man8/* %{buildroot}/%{_mandir}/man8 # # firewall # %__install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ %__install -m 644 %{S:7} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} # # Logfile # %__install -d %{buildroot}/var/log/ touch %{buildroot}/var/log/ntp # # service xml # install -d %{buildroot}/usr/share/omc/svcinfo.d/ install -m 644 %{S:14} %{buildroot}/usr/share/omc/svcinfo.d/ install -m 755 %{S:16} %{buildroot}/usr/sbin/ %clean %__rm -rf %{buildroot} %pre /usr/sbin/groupadd -r ntp 2> /dev/null || : /usr/sbin/useradd -r -o -g ntp -u 74 -s /bin/false -c "NTP daemon" -d /var/lib/ntp ntp 2> /dev/null || : /usr/sbin/usermod -g ntp ntp 2>/dev/null || : test -L /var/run/ntp || rm -rf /var/run/ntp && : %preun %stop_on_removal ntp # no update? Then remove these files that aren't owned by the package if [ ${FIRST_ARG:-0} -eq 0 ]; then test -e /var/lib/ntp/drift/ntp.drift && rm -f /var/lib/ntp/drift/ntp.drift rm -f /var/lib/ntp/etc/* 2>/dev/null test -e /var/log/ntp && rm -f /var/log/ntp fi %post # Create ntp.keys file if [ ! -f /etc/ntp.keys ]; then tmp=$(dd if=/dev/urandom count=1 2>/dev/null | md5sum) tmp=${tmp:0:7} > /etc/ntp.keys echo "1 M $tmp" > /etc/ntp.keys chown root:ntp /etc/ntp.keys chmod 0640 /etc/ntp.keys fi # Are we in update mode? if [ -f /etc/sysconfig/ntp ]; then grep -q '^keys /etc/ntp.keys' /etc/ntp.conf || { echo "# # Authentication stuff # keys /etc/ntp.keys # path for keys file trustedkey 1 # define trusted keys requestkey 1 # key (7) for accessing server variables # controlkey 15 # key (6) for accessing server variables " >> /etc/ntp.conf } fi # update from previous permissions if [ -f /etc/ntp.conf ]; then chown root:ntp /etc/ntp.conf fi if [ -f /etc/ntp.keys ]; then chown root:ntp /etc/ntp.keys fi if [ -f /var/lib/ntp/etc/ntp.conf.iburst ]; then chown --from=ntp:root root:ntp /var/lib/ntp/etc/ntp.conf.iburst fi if /sbin/chkconfig -c ntpd 3 ; then %{insserv_force_if_yast ntp} fi %{fillup_only -n ntp } %{fillup_only -n syslog } if [ ! -f /var/log/ntp ]; then touch /var/log/ntp chmod 644 /var/log/ntp fi %postun %restart_on_update ntp %{insserv_cleanup} %files %defattr(-,root,root) %doc COPYRIGHT ChangeLog NEWS README* TODO WHERE-TO-START conf %attr(0640,root,ntp) %config(noreplace) %{_sysconfdir}/ntp.conf %dir %{_sysconfdir}/slp.reg.d %{_sysconfdir}/init.d/ntp %config(noreplace) %{_sysconfdir}/slp.reg.d/ntp.reg %config %{_sysconfdir}/logrotate.d/ntp %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ntp %{_sbindir}/* /var/lib/ntp %attr(0640,root,ntp) %config(noreplace) /var/lib/ntp/etc/ntp.conf.iburst %attr(0755,ntp,ntp) %dir /var/lib/ntp/drift %{_mandir}/man1/* %{_mandir}/man5/* %{_mandir}/man8/* /var/adm/fillup-templates/* %attr(0755,ntp,root) /var/lib/ntp/var/run/ntp %ghost /var/run/ntp %ghost %config(noreplace) /var/log/ntp /usr/share/omc/svcinfo.d/ntp.xml %files doc %defattr(-,root,root) %doc html/* %changelog ++++++ MOD_NANO.diff ++++++ Index: include/ntp_syscall.h =================================================================== --- include/ntp_syscall.h.orig +++ include/ntp_syscall.h @@ -14,6 +14,14 @@ # include <sys/timex.h> #endif +#if defined(ADJ_NANO) && !defined(MOD_NANO) +#define MOD_NANO ADJ_NANO +#endif + +#if defined(ADJ_TAI) && !defined(MOD_TAI) +#define MOD_TAI ADJ_TAI +#endif + #ifndef NTP_SYSCALLS_LIBC #ifdef NTP_SYSCALLS_STD # define ntp_adjtime(t) syscall(SYS_ntp_adjtime, (t)) ++++++ README.SUSE ++++++ ################################################################### - More documentation is available in the package `ntp-doc': ntp-doc contains a complete set of documentation on building and configuring a NTP server or client. The documentation is in the form of HTML files suitable for browsing and contains links to additional documentation at various web sites. If a browser is unavailable, an ordinary text editor may also be used to view it. ################################################################### ++++++ bnc#506908.diff ++++++ Index: scripts/ntptrace.in =================================================================== --- scripts/ntptrace.in.orig +++ scripts/ntptrace.in @@ -6,7 +6,7 @@ use Socket; use Getopt::Std; use vars qw($opt_n $opt_m); -$ntpq = "ntpq"; +$ntpq = "/usr/sbin/ntpq"; $Getopt::Std::STANDARD_HELP_VERSION=1; getopts('nm:'); ++++++ bnc#574885.diff ++++++ Index: lib/isc/unix/interfaceiter.c =================================================================== --- lib/isc/unix/interfaceiter.c.orig +++ lib/isc/unix/interfaceiter.c @@ -147,7 +147,7 @@ get_addr(unsigned int family, isc_netadd #ifdef __linux #define ISC_IF_INET6_SZ \ - sizeof("00000000000000000000000000000001 01 80 10 80 XXXXXXloXXXXXXXX\n") + sizeof("00000000000000000000000000000001 00001 80 10 80 XXXXXXloXXXXXXXX\n") static isc_result_t linux_if_inet6_next(isc_interfaceiter_t *); static isc_result_t linux_if_inet6_current(isc_interfaceiter_t *); static void linux_if_inet6_first(isc_interfaceiter_t *iter); ++++++ conf.logrotate.ntp ++++++ /var/log/ntp { compress dateext maxage 365 rotate 99 size=+2048k notifempty missingok copytruncate postrotate chmod 644 /var/log/ntp endscript } ++++++ conf.ntp.conf ++++++ ################################################################################ ## /etc/ntp.conf ## ## Sample NTP configuration file. ## See package 'ntp-doc' for documentation, Mini-HOWTO and FAQ. ## Copyright (c) 1998 S.u.S.E. GmbH Fuerth, Germany. ## ## Author: Michael Andres, <ma(a)suse.de> ## Michael Skibbe, <mskibbe(a)suse.de> ## ################################################################################ ## ## Radio and modem clocks by convention have addresses in the ## form 127.127.t.u, where t is the clock type and u is a unit ## number in the range 0-3. ## ## Most of these clocks require support in the form of a ## serial port or special bus peripheral. The particular ## device is normally specified by adding a soft link ## /dev/device-u to the particular hardware device involved, ## where u correspond to the unit number above. ## ## Generic DCF77 clock on serial port (Conrad DCF77) ## Address: 127.127.8.u ## Serial Port: /dev/refclock-u ## ## (create soft link /dev/refclock-0 to the particular ttyS?) ## # server 127.127.8.0 mode 5 prefer ## ## Undisciplined Local Clock. This is a fake driver intended for backup ## and when no outside source of synchronized time is available. ## # server 127.127.1.0 # local clock (LCL) # fudge 127.127.1.0 stratum 10 # LCL is unsynchronized ## ## Add external Servers using ## # rcntp addserver <yourserver> ## # Access control configuration; see /usr/share/doc/packages/ntp/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated. #restrict 192.168.123.0 mask 255.255.255.0 notrust ## ## Miscellaneous stuff ## driftfile /var/lib/ntp/drift/ntp.drift # path for drift file logfile /var/log/ntp # alternate log file # logconfig =syncstatus + sysevents # logconfig =all # statsdir /tmp/ # directory for statistics files # filegen peerstats file peerstats type day enable # filegen loopstats file loopstats type day enable # filegen clockstats file clockstats type day enable # # Authentication stuff # keys /etc/ntp.keys # path for keys file trustedkey 1 # define trusted keys requestkey 1 # key (7) for accessing server variables # controlkey 15 # key (6) for accessing server variables ++++++ conf.ntp.init ++++++ #! /bin/sh # Copyright (c) 1995-2003 SuSE Linux AG, Nuernberg, Germany. # All rights reserved. # # Author: Michael Andres # Author: Michael Skibbe # Author: Andreas Schneider # # /etc/init.d/ntp # and its symbolic link # /usr/sbin/rcntp # ### BEGIN INIT INFO # Provides: ntp ntpd xntpd # Required-Start: $network $remote_fs $syslog $named # Required-Stop: $network $remote_fs $syslog # Should-Start: network-remotefs # Should-Stop: network-remotefs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: Network time protocol daemon (ntpd) # Description: Start network time protocol daemon (NTPD). ### END INIT INFO # First reset status of this service . /etc/rc.status rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - insufficient privilege # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # set default options NTP_CONF="/etc/ntp.conf" if [ ! -f ${NTP_CONF} ]; then echo -n "Time server configuration file, ${NTP_CONF} does not exist." # Tell the user this has skipped rc_status -s exit 6 fi NTPD_BIN="/usr/sbin/ntpd" if [ ! -x ${NTPD_BIN} ]; then echo -n "Time server, ${NTPD_BIN} not installed!" rc_status -s exit 5 fi NTPD_OPTIONS="-g -u ntp:ntp" NTPD_RUN_CHROOTED="yes" NTPDC_BIN="/usr/sbin/ntpdc" NTP_KEYS=$(awk '/^keys/ { print $2 }' $NTP_CONF) NTP_KEYID=$(awk '/^requestkey[[:blank:]]/ { print $2 }' $NTP_CONF) NTP_PASSWD=$(test -n "$NTP_KEYS" -a -n "$NTP_KEYID" -a -r "$NTP_KEYS" && awk '$0 ~ key { print $3 }' key="^[[:blank:]]*$NTP_KEYID[[:blank:]]" $NTP_KEYS) if [ -n "$NTP_KEYS" ]; then if test -z "$NTP_KEYID"; then echo -n "NTP key id not defined" rc_status -s exit 5 fi if test -z "$NTP_PASSWD"; then echo -n "No password for requestkey set" exit 1 fi fi # Override defaults, if we have the sysconfig file test -f /etc/sysconfig/ntp && . /etc/sysconfig/ntp function update_cmos() { return 0; } # Now see if we have to fix the CMOS clock if [ "$NTPD_FORCE_SYNC_ON_STARTUP" = yes -a "$1" = ntptimeset ] ; then test -f /etc/sysconfig/clock && . /etc/sysconfig/clock if test -r /proc/xen/capabilities ; then read -t1 caps < /proc/xen/capabilities test "$caps" = "${caps%control_d*}" && NTPD_FORCE_SYNC_HWCLOCK_ON_STARTUP=no fi case "$(uname -i)" in s390*) NTPD_FORCE_SYNC_HWCLOCK_ON_STARTUP=no esac if [ "$NTPD_FORCE_SYNC_HWCLOCK_ON_STARTUP" = yes ] ; then function update_cmos() { if test -e /dev/rtc ; then /sbin/hwclock --systohc $HWCLOCK return $? fi if test -z "$(/sbin/modprobe -l rtc_cmos)" ; then /sbin/hwclock --systohc $HWCLOCK return $? fi local temprules=/dev/.udev/rules.d local uevseqnum=/sys/kernel/uevent_seqnum local rule=$temprules/95-rtc-cmos.rules local -i start=0 end=0 /bin/mkdir -m 0755 -p $temprules echo ACTION==\"add\", KERNEL==\"rtc0\", RUN=\"/sbin/hwclock --systohc $HWCLOCK --rtc=\$env{DEVNAME}\" > $rule test -e $uevseqnum && read -t 1 start < $uevseqnum if /sbin/modprobe -q rtc_cmos ; then test -e $uevseqnum && read -t 1 end < $uevseqnum if test $start -lt $end ; then /sbin/udevadm settle --quiet --seq-start=$start --seq-end=$end else /sbin/udevadm settle --quiet fi else rm -f $rule /sbin/hwclock --systohc $HWCLOCK fi } fi fi # set Default CHROOT path if not set but wanted test "${NTPD_RUN_CHROOTED}" = "yes" && \ CHROOT_PREFIX="/var/lib/ntp" || \ CHROOT_PREFIX="" # set default PID variables NTPD_PID="${CHROOT_PREFIX}/var/run/ntp/ntpd.pid" # Create if /var/run is on tmpfs test -e /var/run/ntp || ln -s /var/lib/ntp/var/run/ntp /var/run function ntpd_is_running() { $0 status >/dev/null } function parse_symlink() { if [ -c "$NTP_PARSE_DEVICE" ]; then if [ -n "$NTP_PARSE_LINK" ]; then ln -sf $NTP_PARSE_DEVICE $NTP_PARSE_LINK fi fi } function prepare_chroot() { for configfile in /etc/{localtime,ntp.keys} $NTP_CONF $NTPD_CHROOT_FILES; do test -d ${CHROOT_PREFIX}${configfile%/*} || mkdir -p ${CHROOT_PREFIX}${configfile%/*} if [ -r ${configfile} ] then cp -aL ${configfile} ${CHROOT_PREFIX}${configfile%/*} else echo echo "Warning: ${configfile} not found or not readable" fi done mkdir -p ${CHROOT_PREFIX}/var/log mkdir -p ${CHROOT_PREFIX}/proc mount -t proc none -o ro,nosuid,nodev "${CHROOT_PREFIX}/proc" 2>/dev/null NTPD_OPTIONS="${NTPD_OPTIONS} -i ${CHROOT_PREFIX}" } function runtime_configuration() { for f in /var/run/ntp/servers*; do if [ -r ${f} ]; then . ${f} ntp_server="${ntp_server} ${RUNTIME_SERVERS}" fi done if [ -n "${ntp_server}" ]; then for s in ${ntp_server}; do add_runtime_server ${s} done fi } function add_runtime_server() { /usr/sbin/sntp -s $@ NTPC_CMD="keyid $NTP_KEYID\npasswd $NTP_PASSWD\naddserver $@\n" NTPDC_LOG=$(echo -e "${NTPC_CMD}quit" | $NTPDC_BIN) logger -t $0 "runtime configuration: $NTPDC_LOG" } function reloaddevices { NTPC_CMD="keyid $NTP_KEYID\npasswd $NTP_PASSWD\nifreload\n" NTPDC_LOG=$(echo -e "${NTPC_CMD}quit" | $NTPDC_BIN) logger -t $0 "runtime configuration: $NTPDC_LOG" } function get_ntpd_ip_proto() { local -a OPTS read -ra OPTS <<< "$NTPD_OPTIONS" for i in "${OPTS[@]}"; do if [ "$i" = "-4" ] || [ "$i" = "-6" ]; then # first occurrence wins safely because ntpd couldn't handle more anyway echo "$i" return fi done echo "" return } case "$1" in start) if [ "$NTPD_FORCE_SYNC_ON_STARTUP" = "yes" ]; then # get the initial date from the timeservers configured in ntp.conf ntpd_is_running || $0 ntptimeset fi echo -n "Starting network time protocol daemon (NTPD)" # do we need a refclock symlink? parse_symlink # do we run chrooted? test "${NTPD_RUN_CHROOTED}" = "yes" && prepare_chroot startproc $NTPD_BIN -p ${NTPD_PID#${CHROOT_PREFIX}} $NTPD_OPTIONS -c $NTP_CONF if [ -n "${NTP_KEYS}" ]; then runtime_configuration fi rc_status -v ;; stop) echo -n "Shutting down network time protocol daemon (NTPD)" killproc -p ${NTPD_PID} -TERM $NTPD_BIN rc_status -v test -n "${CHROOT_PREFIX}" && umount ${CHROOT_PREFIX}/proc 2>/dev/null rm -f ${NTPD_PID} 2>/dev/null ;; try-restart) $0 status if test $? = 0; then $0 restart $2 else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) $0 stop $0 start $2 rc_status ;; try-restart-iburst) $0 status if test $? = 0; then $0 stop $0 start iburst else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; addserver) if [ -z "${NTP_KEYS}" ]; then echo "Runtime configuration disabled, no key file specified." exit 1 fi if test $# -lt 2; then echo "No servers to add specified" exit 1 fi shift $0 status 2>&1 >/dev/null if test $? = 0; then add_runtime_server "$@" fi ;; force-reload) # Does not support signalling to reload $0 try-restart rc_status ;; ntptimeset) NTPD_PROTO="$( get_ntpd_ip_proto )" for i in $(gawk '/^server/ { if( $2 !~ "^127.127." ) print $2","$3 }' $NTP_CONF) do IFS=',' read -ra SERVER <<< "$i" if [ ${SERVER[0]} = "-4" ] || [ ${SERVER[0]} = "-6" ] then if [ -z "${NTPD_PROTO}" ] || [ "${NTPD_PROTO}" = "${SERVER[0]}" ] then SNTP_OPT="${SERVER[0]} ${SERVER[1]}" else # ignore servers with conflicting proto continue fi else # here the usual case with empty NTPD_PROTO (default/yast config) SNTP_OPT="$NTPD_PROTO ${SERVER[0]}" fi sntp -t 2 -l /dev/null -s $SNTP_OPT 2> /dev/null && { SYNCHRONISED=$SNTP_OPT; break; }; done if [ "$SYNCHRONISED" ] then echo "Time synchronized with $SYNCHRONISED" update_cmos else echo "Time could not be synchronized" fi ;; reload) echo -n "Reload network time protocol daemon (NTPD)" # Does not support signalling to reload rc_failed 3 rc_status -v ;; status) checkproc -p ${NTPD_PID} $NTPD_BIN if test $? -eq 0; then ntpq -p echo "" fi echo -n "Checking for network time protocol daemon (NTPD): " checkproc -p ${NTPD_PID} $NTPD_BIN rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|try-restart-iburst|force-reload|reload|addserver|ntptimeset}" exit 1 ;; esac rc_exit ++++++ conf.ntp.reg ++++++ ############################################################################# # # OpenSLP registration file # # register NTP daemon # ############################################################################# service:ntp://$HOSTNAME:123,en,65535 watch-port-udp=123 description=Network Time Protocol [ntp] ++++++ conf.sysconfig.ntp ++++++ ## Path: Network/NTP ## Description: Network Time Protocol (NTP) server settings ## Type: string ## Default: "-g -u ntp:ntp" # # Additional arguments when starting ntpd. The most # important ones would be # -u user[:group] to make ntpd run as a user (group) other than root. # NTPD_OPTIONS="-g -u ntp:ntp" ## Type: yesno ## Default: yes ## ServiceRestart: ntp # # Shall the time server ntpd run in the chroot jail /var/lib/ntp? # # Each time you start ntpd with the init script, /etc/ntp.conf will be # copied to /var/lib/ntp/etc/. # # The pid file will be in /var/lib/ntp/var/run/ntpd.pid. # NTPD_RUN_CHROOTED="yes" ## Type: string ## Default: "" ## ServiceRestart: ntp # # If the time server ntpd runs in the chroot jail these files will be # copied to /var/lib/ntp/ besides the default of /etc/{localtime,ntp.conf} # NTPD_CHROOT_FILES="" ## Type: string(/dev/refclock-0,/dev/refclock-1,/dev/refclock-2,/dev/refclock-3) ## Default: "" ## ServiceRestart: ntp # # Parse driver symlink # For more information see the ntp documentation in the package ntp-doc # /usr/share/doc/packages/ntp-doc/drivers/driver8.html # NTP_PARSE_LINK="" ## Type: string(/dev/ttyS0,/dev/ttyS1,/dev/ttyUSB0,/dev/ttyUSB1,/dev/ttyUSB2) ## Default: "" ## ServiceRestart: ntp # # Parse driver device # # For more information see the ntp documentation in the package ntp-doc # /usr/share/doc/packages/ntp-doc/drivers/driver8.html # # NOTE: Adjust /etc/apparmor.d/tunables/ntpd accordingly # NTP_PARSE_DEVICE="" ## Type: boolean ## Default: "yes" # # Force time synchronization befor start ntpd # NTPD_FORCE_SYNC_ON_STARTUP="no" ## Type: boolean ## Default: "no" # # Force time synchronization of hwclock befor start ntpd. # This works only if NTPD_FORCE_SYNC_ON_STARTUP is set # to yes. # NTPD_FORCE_SYNC_HWCLOCK_ON_STARTUP="yes" ++++++ conf.sysconfig.syslog-ntp ++++++ ## Type: string ## Default: "/var/lib/ntp/dev/log" ## ServiceRestart: syslog ## Config: syslog-ng # # The filename mentioned here will be added with the "-a ..." option as # additional socket via SYSLOGD_PARAMS when syslogd is started. # # This additional socket is needed in case that syslogd is restarted. Otherwise # a chrooted 'ntpd' won't be able to continue logging. # SYSLOGD_ADDITIONAL_SOCKET_NTP="/var/lib/ntp/dev/log" ++++++ ntp-4.2.6p2-ntpq-speedup-782060.patch ++++++ From: Bernhard M. Wiedemann <bwiedemann suse de> do not ask for ntp service in all protocols which is very slow (bnc#782060) --- libntp/decodenetnum.c.orig 2012-11-12 15:12:02.000000000 +0100 +++ libntp/decodenetnum.c 2012-11-12 15:13:18.000000000 +0100 @@ -70,7 +70,7 @@ } ZERO(hints); hints.ai_flags = Z_AI_NUMERICHOST; - err = getaddrinfo(cp, "ntp", &hints, &ai); + err = getaddrinfo(cp, NULL, &hints, &ai); if (err != 0) return 0; NTP_INSIST(ai->ai_addrlen <= sizeof(*netnum)); ++++++ ntp-4.2.6p2-seed_file.patch ++++++ Index: ntpd/ntp_crypto.c =================================================================== --- ntpd/ntp_crypto.c.orig +++ ntpd/ntp_crypto.c @@ -3698,10 +3698,12 @@ crypto_setup(void) randfile = rand_file; if ((bytes = RAND_load_file(randfile, -1)) == 0) { + RAND_write_file(rand_file); msyslog(LOG_ERR, - "crypto_setup: random seed file %s missing", + "crypto_setup: random seed file %s missing - created one\n", randfile); - exit (-1); + crypto_setup(); + return ( 0 ); } get_systime(&seed); RAND_seed(&seed, sizeof(l_fp)); ++++++ ntp-code-cleanup.patch ++++++ Index: parseutil/dcfd.c =================================================================== --- parseutil/dcfd.c.orig +++ parseutil/dcfd.c @@ -587,7 +587,7 @@ cvt_rawdcf( /* * invalid character (no consecutive bit sequence) */ - dprintf(("parse: cvt_rawdcf: character check for 0x%x@%d FAILED\n", *s, s - buffer)); + dprintf(("parse: cvt_rawdcf: character check for 0x%x@%ld FAILED\n", *s, s - buffer)); *s = (unsigned char)~0; rtc = CVT_FAIL|CVT_BADFMT; } ++++++ ntp-segfault_on_invalid_device.patch ++++++ Index: ntpd/refclock_parse.c =================================================================== --- ntpd/refclock_parse.c.orig +++ ntpd/refclock_parse.c @@ -3409,6 +3409,10 @@ parse_control( struct parseunit *parse = (struct parseunit *)peer->procptr->unitptr; parsectl_t tmpctl; + /* If opening the clock device failed, unitptr is NULL */ + if (!parse) + return; + static char outstatus[400]; /* status output buffer */ if (out) ++++++ ntp-strcat.patch ++++++ Index: ntp-4.2.6p5/ntpd/refclock_parse.c =================================================================== --- ntp-4.2.6p5.orig/ntpd/refclock_parse.c +++ ntp-4.2.6p5/ntpd/refclock_parse.c @@ -3668,7 +3668,7 @@ parse_process( NLOG(NLOG_CLOCKINFO) /* conditional if clause for conditional syslog */ msyslog(LOG_WARNING, "PARSE receiver #%d: conversion status \"%s\"", - CLK_UNIT(parse->peer), parsestatus(parsetime->parse_status, buffer, sizeof(buffer))); + CLK_UNIT(parse->peer), parsestatus(parsetime->parse_status, buffer, sizeof(buffer) - strlen(buffer) - 1)); if ((parsetime->parse_status & CVT_MASK) == CVT_FAIL) { ++++++ ntp-wait ++++++ #! /usr/bin/perl -w die "perl5 needed\n" unless ($] > 5); use Getopt::Std; $opt_h = 0; # Print help message $opt_f = 0; # 'Hard' failure if 'state' is unknown $opt_n = 1000; # How many tries before we give up? (10 min+) $opt_s = 6; # Seconds to sleep between tries (6s = 10/min) $opt_v = 0; # Be verbose? getopts('hfn:s:v'); $cmd = 'ntpq -c "rv 0 state"'; $| = 1; # Autoflush output. if( $opt_h ) { print "\nUsage: ntp-wait [ options ]\n\n". " -h Print this message\n". " -f 'Hard' failure if 'state' is unknown\n". " -n How many tries before we give up? Default 1000 (ca 10 min)\n". " -s Seconds to sleep between tries. Default 6.\n". " -v Be verbose\n\n"; exit 0; } print "Waiting for ntpd to synchronize... " if ($opt_v); for ($i = 0; $i < $opt_n; ++$i) { open(Q, $cmd." 2>&1 |") || die "Can't start ntpq: $!"; while(<Q>) { if (/^state=4/) { print "\bOK!\n" if ($opt_v); exit 0; } if (/request variable was unknown/) { print "\bCan't tell!\nPerhaps you are running an old version of ntpd.\n" if ($opt_v); exit $opt_f; } if (/Connection refused/) { print "\bntpd is not running!\n" if ($opt_v); exit 1; } } close(Q); print "\b".substr("*+:.", $i % 4, 1) if ($opt_v); sleep($opt_s); } print "\bNo!\nntpd did not synchronize.\n" if ($opt_v); exit 1; ++++++ ntp.firewall ++++++ ## Name: xntp Server ## Description: Opens ports for xntp. # space separated list of allowed TCP ports TCP="" # space separated list of allowed UDP ports UDP="ntp" # space separated list of allowed RPC services RPC="" # space separated list of allowed IP protocols IP="" # space separated list of allowed UDP broadcast ports BROADCAST="" ++++++ ntpd-maxmonmen.patch ++++++ Index: ntp-4.2.6p3/ntpd/ntp_monitor.c =================================================================== --- ntp-4.2.6p3.orig/ntpd/ntp_monitor.c +++ ntp-4.2.6p3/ntpd/ntp_monitor.c @@ -45,7 +45,7 @@ * ... I don't believe the above is true anymore ... jdg */ #ifndef MAXMONMEM -#define MAXMONMEM 600 /* we allocate up to 600 structures */ +#define MAXMONMEM 520 /* we allocate up to 520 structures */ #endif #ifndef MONMEMINC #define MONMEMINC 40 /* allocate them 40 at a time */ -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit php5 for openSUSE:13.1:Update
by root＠hilbert.suse.de 30 Jul '14

30 Jul '14

Hello community, here is the log from the commit of package php5 for openSUSE:13.1:Update checked in at 2014-07-30 10:08:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/php5 (Old) and /work/SRC/openSUSE:13.1:Update/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "php5" Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.3UrX4J/_old 2014-07-30 10:09:00.000000000 +0200 +++ /var/tmp/diff_new_pack.3UrX4J/_new 2014-07-30 10:09:00.000000000 +0200 @@ -1 +1 @@ -<link package='php5.2898' cicount='copy' /> +<link package='php5.2913' cicount='copy' /> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit php5 for openSUSE:12.3:Update
by root＠hilbert.suse.de 30 Jul '14

30 Jul '14

Hello community, here is the log from the commit of package php5 for openSUSE:12.3:Update checked in at 2014-07-30 10:08:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/php5 (Old) and /work/SRC/openSUSE:12.3:Update/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "php5" Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.fiCujk/_old 2014-07-30 10:08:58.000000000 +0200 +++ /var/tmp/diff_new_pack.fiCujk/_new 2014-07-30 10:08:58.000000000 +0200 @@ -1 +1 @@ -<link package='php5.2898' cicount='copy' /> +<link package='php5.2913' cicount='copy' /> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit php5.2913 for openSUSE:12.3:Update
by root＠hilbert.suse.de 30 Jul '14

30 Jul '14

Hello community, here is the log from the commit of package php5.2913 for openSUSE:12.3:Update checked in at 2014-07-30 10:08:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/php5.2913 (Old) and /work/SRC/openSUSE:12.3:Update/.php5.2913.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "php5.2913" Changes: -------- New Changes file: --- /dev/null 2014-07-24 01:57:42.080040256 +0200 +++ /work/SRC/openSUSE:12.3:Update/.php5.2913.new/php5.changes 2014-07-30 10:08:57.000000000 +0200 @@ -0,0 +1,2728 @@ +------------------------------------------------------------------- +Thu Jul 17 14:32:29 UTC 2014 - pgajdos(a)suse.com + +- security update: + * php-CVE-2014-4670.patch [bnc#886059] + * php-CVE-2014-4698.patch [bnc#886060] + * php-CVE-2014-4721.patch [bnc#885961] + +------------------------------------------------------------------- +Tue Jul 1 07:15:31 UTC 2014 - pgajdos(a)suse.com + +- security update [bnc#884986], [bnc#884987], [bnc#884989], + [bnc#884990], [bnc#884991], [bnc#884992] +- added patches: + * php-5.3.17-CVE-2014-0207.patch + * php-5.3.17-CVE-2014-3478.patch + * php-5.3.17-CVE-2014-3479.patch + * php-5.3.17-CVE-2014-3480.patch + * php-5.3.17-CVE-2014-3487.patch + * php-5.3.17-CVE-2014-3515.patch + +------------------------------------------------------------------- +Tue Jun 17 15:00:13 UTC 2014 - pgajdos(a)suse.com + +- security update + * php-5.3.17-CVE-2014-4049.patch [bnc#882992] + +------------------------------------------------------------------- +Tue Jun 3 08:38:03 UTC 2014 - pgajdos(a)suse.com + +- security update + * CVE-2014-0237 [bnc#880905] + * CVE-2014-0238 [bnc#880904] + +------------------------------------------------------------------- +Fri May 9 07:45:19 UTC 2014 - pgajdos(a)suse.com + +- security update + * CVE-2014-2497.patch [bnc#868624] + * CVE-2014-0185.patch [bnc#875826] + +------------------------------------------------------------------- +Fri Dec 13 10:34:36 UTC 2013 - pgajdos(a)suse.com + +- security update + * CVE-2013-6420.patch [bnc#854880] + * CVE-2013-6712.patch [bnc#853045] + * CVE-2013-4248.patch [bnc#837746] + +------------------------------------------------------------------- +Thu Jul 4 09:45:33 UTC 2013 - pgajdos(a)suse.com + +- security update: + * CVE-2013-4635.patch [bnc#828020] + * CVE-2013-1635.patch [bnc#807707] + * CVE-2013-1643.patch [bnc#807707] + * CVE-2013-4113.patch [bnc#829207] + +------------------------------------------------------------------- +Thu Oct 18 10:18:41 UTC 2012 - pgajdos(a)suse.com + +- fix CVE-2011-4153 CVE-2011-4153 [bnc#741859] + +------------------------------------------------------------------- +Tue Oct 16 12:37:36 UTC 2012 - coolo(a)suse.com + +- add explicit buildrequire on libbz2-devel + (having to patch old .changes file to avoid "double entry") + +------------------------------------------------------------------- +Thu Oct 11 09:16:27 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.17: + * Fixed bug (segfault while build with zts and GOTO vm-kind) + * Fixed bug #62844 (parse_url() does not recognize // + * etc. see NEWS for details + +------------------------------------------------------------------- +Mon Aug 27 14:47:48 UTC 2012 - pgajdos(a)suse.com + +- use FilesMatch with 'SetHandler' rather than 'AddHandler' + [bnc#775852] + +------------------------------------------------------------------- +Mon Aug 27 14:44:27 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.16: + * fixes over 20 bugs, see NEWS for more details + +------------------------------------------------------------------- +Wed Jul 25 12:48:08 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.15: + * fixes over 30 bugs and includes a fix for a security related + overflow issue in the stream implementation (CVE-2012-2688) + [bnc#772582] and open_basedir bypass, CVE-2012-3365 [bnc#772580] + +------------------------------------------------------------------- +Mon Jun 18 17:08:57 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.14: + * bug-fix release, see NEWS for details + +------------------------------------------------------------------- +Fri May 25 15:10:26 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.13: various security fixes, + CVE-2012-1823, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336 + * removed php-5.3.10-pcre_fullinfo.patch + * refreshed php-5.3.2-aconf26x.patch + +------------------------------------------------------------------- +Thu Mar 8 19:40:22 UTC 2012 - coolo(a)suse.com + +- fix license to spdx.org format + +------------------------------------------------------------------- +Tue Feb 28 09:08:30 UTC 2012 - pgajdos(a)suse.com + +- fixed build with new pcre (php bug 60986) + +------------------------------------------------------------------- +Sat Feb 4 16:35:07 UTC 2012 - crrodriguez(a)opensuse.org + +- Build with -fpie + +------------------------------------------------------------------- +Thu Feb 2 21:31:00 UTC 2012 - crrodriguez(a)opensuse.org + +- PHP 5.3.10, fixes CVE-2012-0830. + +------------------------------------------------------------------- +Sat Jan 28 18:52:35 UTC 2012 - crrodriguez(a)opensuse.org + +- remove unapplied patches + +------------------------------------------------------------------- +Wed Jan 18 15:17:02 UTC 2012 - pgajdos(a)suse.com + +- buildrequire libjpeg-devel + +------------------------------------------------------------------- +Tue Jan 17 08:35:44 UTC 2012 - pgajdos(a)suse.com + +- remove apache module conflict with apache2-worker [bnc#728671] +- amended README.SUSE instead + +------------------------------------------------------------------- +Wed Jan 11 01:46:14 UTC 2012 - crrodriguez(a)opensuse.org + +- Update to version 5.3.9 + * Drop already applied patches + * This update only contain minor bug fixes, it is a stop over + php 5.4.0 that should be out very soon. + +------------------------------------------------------------------- +Mon Jan 2 16:52:43 UTC 2012 - pgajdos(a)suse.com + +- security update: + * CVE-2011-4885 [bnc#738221] -- added max_input_vars directive + to prevent attacks based on hash collisions + +------------------------------------------------------------------- +Wed Dec 21 10:40:03 UTC 2011 - coolo(a)suse.com + +- add autoconf as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Tue Dec 20 12:06:57 UTC 2011 - pgajdos(a)suse.com + +- apache module conflicts with apache2-worker [bnc#728671] + +------------------------------------------------------------------- +Fri Dec 16 13:31:56 UTC 2011 - pgajdos(a)suse.com + +- security update: + * CVE-2011-4566 [bnc#733590] + * CVE-2011-1466 [bnc#736169] + +------------------------------------------------------------------- +Tue Dec 6 12:24:39 UTC 2011 - coolo(a)suse.com + +- fix license - there is no 3.1 version of php license + +------------------------------------------------------------------- +Tue Nov 29 15:32:57 UTC 2011 - pgajdos(a)suse.com + +- build php against system's libcrypt, which drops + extended DES support + * crypt-tests.patch + * no-reentrant-crypt.patch + +------------------------------------------------------------------- +Mon Nov 7 13:36:25 UTC 2011 - pgajdos(a)suse.com + +- security update: + CVE-2011-3379 [bnc#728350] ++++ 2531 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.php5.2913.new/php5.changes New: ---- README.SUSE-pear README.macros install-pear-nozlib.phar macros.php php-5.2.9-BNC-457056.patch php-5.3.0-bnc513080.patch php-5.3.1-systzdata-v7.patch php-5.3.17-CVE-2013-1635.patch php-5.3.17-CVE-2013-1643.patch php-5.3.17-CVE-2013-4113.patch php-5.3.17-CVE-2013-4248.patch php-5.3.17-CVE-2013-4635.patch php-5.3.17-CVE-2013-6420.patch php-5.3.17-CVE-2013-6712.patch php-5.3.17-CVE-2014-0185.patch php-5.3.17-CVE-2014-0207.patch php-5.3.17-CVE-2014-0237.patch php-5.3.17-CVE-2014-0238.patch php-5.3.17-CVE-2014-2497.patch php-5.3.17-CVE-2014-3478.patch php-5.3.17-CVE-2014-3479.patch php-5.3.17-CVE-2014-3480.patch php-5.3.17-CVE-2014-3487.patch php-5.3.17-CVE-2014-3515.patch php-5.3.17-CVE-2014-4049.patch php-5.3.17.tar.bz2 php-5.3.2-aconf26x.patch php-5.3.2-ini.patch php-5.3.2-no-build-date.patch php-5.3.4-format-string-issues.patch php-5.3.4-pts.patch php-5.3.6-gcc_builtins.patch php-5.3.6-ini-date.timezone.patch php-5.3.8-CVE-2011-4153.patch php-5.3.8-crypt-tests.patch php-5.3.8-no-reentrant-crypt.patch php-CVE-2014-4670.patch php-CVE-2014-4698.patch php-CVE-2014-4721.patch php-cloexec.patch php-fpm.init php-suse-addons.tar.bz2 php5-apache_sapi_install.patch php5-missing-extdeps.patch php5-openssl.patch php5-php-config.patch php5-phpize.patch php5.changes php5.spec suhosin-0.9.33.tgz suhosin-patch-5.3.3-0.9.10.patch.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ ++++ 2015 lines (skipped) ++++++ README.SUSE-pear ++++++ Package php5-pear does not include Pear DB support ================================================== Php5-pear package comes without Pear DB database support, which was obsoleted by MDB2. If you need Pear DB, please install it with: #pear install --onlyreqdeps DB This is the case of Squirrelmail which requires Pear DB support. More information can be found at bugzilla.novell.com, bug #178982. ++++++ README.macros ++++++ README for php-macros Author: Christian Wittmer <chris(a)computersalat.de> %php_gen_filelist generates an rpmlint happy filelist of your installed files In most cases you only need to check the %doc part sometimes there is a "Changes" or "ChangeLog",.... Requirements for %php_gen_filelist You have to define following parts inside your spec file Example: Name: php5-pear-Date %define pear_name Date %define pear_sname date BuildRequires: php-macros Provides: php-pear-%{pear_name} pear-%{pear_name} # Fix for renaming (package convention) Provides: php5-pear-%{pear_sname} = %{version} Provides: php-pear-%{pear_sname} = %{version} Provides: pear-%{pear_sname} = %{version} Obsoletes: php5-pear-%{pear_sname} < %{version} Obsoletes: php-pear-%{pear_sname} < %{version} Obsoletes: pear-%{pear_sname} < %{version} %install %{__mv} package*.xml %{pear_name}-%{version} cd %{pear_name}-%{version} PHP_PEAR_PHP_BIN="$(which php) -d memory_limit=50m" %{__pear} -v \ -d doc_dir=/doc \ -d bin_dir=%{_bindir} \ -d data_dir=%{peardir}/data \ install --offline --nodeps -R "$RPM_BUILD_ROOT" package.xml %{__install} -D -m 0644 package.xml $RPM_BUILD_ROOT%{php_pearxmldir}/%{pear_name}.xml %{__rm} -rf $RPM_BUILD_ROOT/{doc,tmp} %{__rm} -rf "$RPM_BUILD_ROOT"/%{peardir}/.{filemap,lock,registry,channels,depdb,depdblock} %php_gen_filelist %post # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 if [ "$1" = "1" ]; then %{__pear} install --nodeps --soft --force --register-only %{php_pearxmldir}/%{pear_name}.xml fi if [ "$1" = "2" ]; then %{__pear} upgrade --offline --register-only %{php_pearxmldir}/%{pear_name}.xml fi %postun # on `rpm -e` PARAM is 0 if [ "$1" = "0" ]; then %{__pear} uninstall --nodeps --ignore-errors --register-only pear.php.net/%{pear_name} fi %clean %{__rm} -rf %{buildroot} %files -f %{name}.files %defattr(-,root,root) %doc Changes README %changelog ############################################################################# And here an Example of the generated filelist: /usr/share/php5/PEAR/Date.php %dir /usr/share/php5/PEAR/Date /usr/share/php5/PEAR/Date/Calc.php /usr/share/php5/PEAR/Date/Human.php /usr/share/php5/PEAR/Date/Span.php /usr/share/php5/PEAR/Date/TimeZone.php %dir /usr/share/php5/PEAR/test %dir /usr/share/php5/PEAR/test/Date %dir /usr/share/php5/PEAR/test/Date/tests /usr/share/php5/PEAR/test/Date/tests/test_date_methods_span.php /usr/share/php5/PEAR/test/Date/tests/testunit_date_span.php /usr/share/php5/PEAR/test/Date/tests/test_calc.php /usr/share/php5/PEAR/test/Date/tests/calc.php /usr/share/php5/PEAR/test/Date/tests/testunit_date.php /usr/share/php5/PEAR/test/Date/tests/testunit.php %dir /usr/share/php5/PEAR/test/Date/tests/bugs /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-1.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-2.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-3.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-4.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-674.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-9213.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-9414.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-8912.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-967.phpt /var/lib/pear/Date.xml ++++++ macros.php ++++++ # macros.php file # macros for module building. handle with care. # # Interface versions exposed by PHP: # %php_core_api @PHP_APIVER@ %php_zend_api @PHP_ZENDVER@ # Useful php macros (from Christian Wittmer <chris(a)computersalat.de>) # %__php /usr/bin/php %__phpize /usr/bin/phpize %__php_config /usr/bin/php-config %php_version %(%{__php_config} --version) # %__pear /usr/bin/pear %php_peardir %(%{__pear} config-get php_dir) %php_pearxmldir /var/lib/pear # macro: php_pear_gen_filelist # do the rpmlint happy filelist generation # with %dir in front of directories %php_pear_gen_filelist(n)\ FILES=%{name}.files\ # fgen_dir func\ # IN: dir\ fgen_dir(){\ %{__cat} >> $FILES << EOF\ %dir ${1}\ EOF\ }\ # fgen_file func\ # IN: file\ fgen_file(){\ %{__cat} >> $FILES << EOF\ ${1}\ EOF\ }\ # check for files in %{php_peardir}\ RES=`find ${RPM_BUILD_ROOT}%{php_peardir} -maxdepth 1 -type f`\ if [ -n "$RES" ]; then\ for file in $RES; do\ fgen_file "%{php_peardir}/$(basename ${file})"\ done\ fi\ \ # get all dirs into array\ base_dir="${RPM_BUILD_ROOT}%{php_peardir}/"\ for dir in `find ${base_dir} -type d | sort`; do\ if [ "$dir" = "${base_dir}" ]; then\ continue\ else\ el=`echo $dir | %{__awk} -F"${base_dir}" '{print $2}'`\ all_dir=(${all_dir[@]} $el)\ fi\ done\ \ # build filelist\ for i in ${all_dir[@]}; do\ if [ -d ${base_dir}/${i} ]; then\ RES=`find "${base_dir}/${i}" -maxdepth 1 -type f`\ if [ -n "$RES" ]; then\ fgen_dir "%{php_peardir}/${i}"\ for file in $RES; do\ fgen_file "%{php_peardir}/${i}/$(basename ${file})"\ done\ else\ fgen_dir "%{php_peardir}/${i}"\ fi\ fi\ done\ # add xml file\ fgen_file "%php_pearxmldir/%{pear_name}.xml"\ # ++++++ php-5.2.9-BNC-457056.patch ++++++ Index: ext/xml/compat.c =================================================================== --- ext/xml/compat.c.orig 2009-01-12 15:30:21.000000000 +0100 +++ ext/xml/compat.c 2009-03-14 18:32:40.000000000 +0100 @@ -482,9 +482,7 @@ XML_ParserCreate_MM(const XML_Char *enco parser->parser->charset = XML_CHAR_ENCODING_NONE; #endif -#if LIBXML_VERSION >= 20703 xmlCtxtUseOptions(parser->parser, XML_PARSE_OLDSAX); -#endif parser->parser->replaceEntities = 1; parser->parser->wellFormed = 0; ++++++ php-5.3.0-bnc513080.patch ++++++ Index: ext/exif/exif.c =================================================================== --- ext/exif/exif.c.orig 2010-01-03 10:23:27.000000000 +0100 +++ ext/exif/exif.c 2010-08-03 06:31:20.024482000 +0200 @@ -66,7 +66,7 @@ #include "ext/standard/php_image.h" #include "ext/standard/info.h" -#if defined(PHP_WIN32) || (HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)) +#if defined(PHP_WIN32) || (HAVE_MBSTRING) #define EXIF_USE_MBSTRING 1 #else #define EXIF_USE_MBSTRING 0 ++++++ php-5.3.1-systzdata-v7.patch ++++++ ++++ 619 lines (skipped) ++++++ php-5.3.17-CVE-2013-1635.patch ++++++ X-Git-Url: http://git.php.net/?p=php-src.git;a=blobdiff_plain;f=ext%2Fsoap%2Fsoap.c;h=… Index: ext/soap/soap.c =================================================================== --- ext/soap/soap.c +++ ext/soap/soap.c @@ -594,10 +594,40 @@ ZEND_INI_MH(OnUpdateCacheMode) return SUCCESS; } +static PHP_INI_MH(OnUpdateCacheDir) +{ + /* Only do the open_basedir check at runtime */ + if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) { + char *p; + + if (memchr(new_value, '\0', new_value_length) != NULL) { + return FAILURE; + } + + /* we do not use zend_memrchr() since path can contain ; itself */ + if ((p = strchr(new_value, ';'))) { + char *p2; + p++; + if ((p2 = strchr(p, ';'))) { + p = p2 + 1; + } + } else { + p = new_value; + } + + if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) { + return FAILURE; + } + } + + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} + PHP_INI_BEGIN() STD_PHP_INI_ENTRY("soap.wsdl_cache_enabled", "1", PHP_INI_ALL, OnUpdateCacheEnabled, cache_enabled, zend_soap_globals, soap_globals) -STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateString, +STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateCacheDir, cache_dir, zend_soap_globals, soap_globals) STD_PHP_INI_ENTRY("soap.wsdl_cache_ttl", "86400", PHP_INI_ALL, OnUpdateLong, cache_ttl, zend_soap_globals, soap_globals) ++++++ php-5.3.17-CVE-2013-1643.patch ++++++ Index: ext/libxml/libxml.c =================================================================== --- ext/libxml/libxml.c +++ ext/libxml/libxml.c @@ -261,6 +261,7 @@ static PHP_GINIT_FUNCTION(libxml) libxml_globals->stream_context = NULL; libxml_globals->error_buffer.c = NULL; libxml_globals->error_list = NULL; + libxml_globals->entity_loader_disabled = 0; } /* Channel libxml file io layer through the PHP streams subsystem. @@ -348,16 +349,15 @@ static int php_libxml_streams_IO_close(v } static xmlParserInputBufferPtr -php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc) -{ - return NULL; -} - -static xmlParserInputBufferPtr php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc) { xmlParserInputBufferPtr ret; void *context = NULL; + TSRMLS_FETCH(); + + if (LIBXML(entity_loader_disabled)) { + return NULL; + } if (URI == NULL) return(NULL); @@ -834,28 +834,25 @@ static PHP_FUNCTION(libxml_clear_errors) } /* }}} */ +PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC) +{ + zend_bool old = LIBXML(entity_loader_disabled); + + LIBXML(entity_loader_disabled) = disable; + return old; +} + /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) Disable/Enable ability to load external entities */ static PHP_FUNCTION(libxml_disable_entity_loader) { zend_bool disable = 1; - xmlParserInputBufferCreateFilenameFunc old; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) { return; } - if (disable == 0) { - old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename); - } else { - old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload); - } - - if (old == php_libxml_input_buffer_noload) { - RETURN_TRUE; - } - - RETURN_FALSE; + RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC)); } /* }}} */ Index: ext/libxml/php_libxml.h =================================================================== --- ext/libxml/php_libxml.h +++ ext/libxml/php_libxml.h @@ -43,6 +43,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml) zval *stream_context; smart_str error_buffer; zend_llist *error_list; + zend_bool entity_loader_disabled; ZEND_END_MODULE_GLOBALS(libxml) typedef struct _libxml_doc_props { @@ -93,6 +94,7 @@ PHP_LIBXML_API void php_libxml_ctx_error PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s); PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC); PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC); +PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC); /* Init/shutdown functions*/ PHP_LIBXML_API void php_libxml_initialize(void); Index: ext/soap/php_xml.c =================================================================== --- ext/soap/php_xml.c +++ ext/soap/php_xml.c @@ -20,6 +20,7 @@ /* $Id$ */ #include "php_soap.h" +#include "ext/libxml/php_libxml.h" #include "libxml/parser.h" #include "libxml/parserInternals.h" @@ -91,13 +92,17 @@ xmlDocPtr soap_xmlParseFile(const char * ctxt = xmlCreateFileParserCtxt(filename); PG(allow_url_fopen) = old_allow_url_fopen; if (ctxt) { + zend_bool old; + ctxt->keepBlanks = 0; ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; ctxt->sax->comment = soap_Comment; ctxt->sax->warning = NULL; ctxt->sax->error = NULL; /*ctxt->sax->fatalError = NULL;*/ + old = php_libxml_disable_entity_loader(1 TSRMLS_CC); xmlParseDocument(ctxt); + php_libxml_disable_entity_loader(old TSRMLS_CC); if (ctxt->wellFormed) { ret = ctxt->myDoc; if (ret->URL == NULL && ctxt->directory != NULL) { @@ -128,11 +133,15 @@ xmlDocPtr soap_xmlParseMemory(const void xmlParserCtxtPtr ctxt = NULL; xmlDocPtr ret; + TSRMLS_FETCH(); + /* xmlInitParser(); */ ctxt = xmlCreateMemoryParserCtxt(buf, buf_size); if (ctxt) { + zend_bool old; + ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; ctxt->sax->comment = soap_Comment; ctxt->sax->warning = NULL; @@ -141,7 +150,9 @@ xmlDocPtr soap_xmlParseMemory(const void #if LIBXML_VERSION >= 20703 ctxt->options |= XML_PARSE_HUGE; #endif + old = php_libxml_disable_entity_loader(1 TSRMLS_CC); xmlParseDocument(ctxt); + php_libxml_disable_entity_loader(old TSRMLS_CC); if (ctxt->wellFormed) { ret = ctxt->myDoc; if (ret->URL == NULL && ctxt->directory != NULL) { ++++++ php-5.3.17-CVE-2013-4113.patch ++++++ http://git.php.net/?p=php-src.git;a=commit;h=7d163e8a0880ae8af2dd869071393e… --- ext/xml/xml.c +++ ext/xml/xml.c @@ -427,7 +427,7 @@ static void xml_parser_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC) } if (parser->ltags) { int inx; - for (inx = 0; inx < parser->level; inx++) + for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++) efree(parser->ltags[ inx ]); efree(parser->ltags); } @@ -905,45 +905,50 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch } if (parser->data) { - zval *tag, *atr; - int atcnt = 0; + if (parser->level <= XML_MAXLEVEL) { + zval *tag, *atr; + int atcnt = 0; - MAKE_STD_ZVAL(tag); - MAKE_STD_ZVAL(atr); + MAKE_STD_ZVAL(tag); + MAKE_STD_ZVAL(atr); - array_init(tag); - array_init(atr); + array_init(tag); + array_init(atr); - _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); + _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); - add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ - add_assoc_string(tag,"type","open",1); - add_assoc_long(tag,"level",parser->level); + add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ + add_assoc_string(tag,"type","open",1); + add_assoc_long(tag,"level",parser->level); - parser->ltags[parser->level-1] = estrdup(tag_name); - parser->lastwasopen = 1; + parser->ltags[parser->level-1] = estrdup(tag_name); + parser->lastwasopen = 1; - attributes = (const XML_Char **) attrs; + attributes = (const XML_Char **) attrs; - while (attributes && *attributes) { - att = _xml_decode_tag(parser, attributes[0]); - val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); - - add_assoc_stringl(atr,att,val,val_len,0); + while (attributes && *attributes) { + att = _xml_decode_tag(parser, attributes[0]); + val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); - atcnt++; - attributes += 2; + add_assoc_stringl(atr,att,val,val_len,0); - efree(att); - } + atcnt++; + attributes += 2; - if (atcnt) { - zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); - } else { - zval_ptr_dtor(&atr); - } + efree(att); + } + + if (atcnt) { + zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); + } else { + zval_ptr_dtor(&atr); + } - zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); + zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); + } else if (parser->level == (XML_MAXLEVEL + 1)) { + TSRMLS_FETCH(); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); + } } efree(tag_name); @@ -995,7 +1000,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) efree(tag_name); - if (parser->ltags) { + if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) { efree(parser->ltags[parser->level-1]); } @@ -1079,18 +1084,23 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) } } - MAKE_STD_ZVAL(tag); - - array_init(tag); - - _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); + if (parser->level <= XML_MAXLEVEL) { + MAKE_STD_ZVAL(tag); - add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); - add_assoc_string(tag,"value",decoded_value,0); - add_assoc_string(tag,"type","cdata",1); - add_assoc_long(tag,"level",parser->level); + array_init(tag); - zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); + _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); + + add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); + add_assoc_string(tag,"value",decoded_value,0); + add_assoc_string(tag,"type","cdata",1); + add_assoc_long(tag,"level",parser->level); + + zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); + } else if (parser->level == (XML_MAXLEVEL + 1)) { + TSRMLS_FETCH(); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); + } } } else { efree(decoded_value); ++++++ php-5.3.17-CVE-2013-4248.patch ++++++ http://git.php.net/?p=php-src.git;a=commitdiff;h=dcea4ec698dcae39b7bba6f6aa… http://git.php.net/?p=php-src.git;a=commitdiff;h=c1c49d6e3983c9ce0b43ffe7bf… Index: ext/openssl/openssl.c =================================================================== --- ext/openssl/openssl.c.orig 2013-12-13 10:20:13.246036355 +0100 +++ ext/openssl/openssl.c 2013-12-13 10:20:57.912572160 +0100 @@ -1343,6 +1343,74 @@ } /* }}} */ +/* Special handling of subjectAltName, see CVE-2013-4073 + * Christian Heimes + */ + +static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) +{ + GENERAL_NAMES *names; + const X509V3_EXT_METHOD *method = NULL; + long i, length, num; + const unsigned char *p; + + method = X509V3_EXT_get(extension); + if (method == NULL) { + return -1; + } + + p = extension->value->data; + length = extension->value->length; + if (method->it) { + names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, + ASN1_ITEM_ptr(method->it))); + } else { + names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); + } + if (names == NULL) { + return -1; + } + + num = sk_GENERAL_NAME_num(names); + for (i = 0; i < num; i++) { + GENERAL_NAME *name; + ASN1_STRING *as; + name = sk_GENERAL_NAME_value(names, i); + switch (name->type) { + case GEN_EMAIL: + BIO_puts(bio, "email:"); + as = name->d.rfc822Name; + BIO_write(bio, ASN1_STRING_data(as), + ASN1_STRING_length(as)); + break; + case GEN_DNS: + BIO_puts(bio, "DNS:"); + as = name->d.dNSName; + BIO_write(bio, ASN1_STRING_data(as), + ASN1_STRING_length(as)); + break; + case GEN_URI: + BIO_puts(bio, "URI:"); + as = name->d.uniformResourceIdentifier; + BIO_write(bio, ASN1_STRING_data(as), + ASN1_STRING_length(as)); + break; + default: + /* use builtin print for GEN_OTHERNAME, GEN_X400, + * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID + */ + GENERAL_NAME_print(bio, name); + } + /* trailing ', ' except for last element */ + if (i < (num - 1)) { + BIO_puts(bio, ", "); + } + } + sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); + + return 0; +} + /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) Returns an array of the fields/values of the CERT */ PHP_FUNCTION(openssl_x509_parse) @@ -1439,15 +1507,30 @@ for (i = 0; i < X509_get_ext_count(cert); i++) { + int nid; extension = X509_get_ext(cert, i); - if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { + nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); + if (nid != NID_undef) { extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); } else { OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); extname = buf; } bio_out = BIO_new(BIO_s_mem()); - if (X509V3_EXT_print(bio_out, extension, 0, 0)) { + if (nid == NID_subject_alt_name) { + if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { + BIO_get_mem_ptr(bio_out, &bio_buf); + add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); + } else { + zval_dtor(return_value); + if (certresource == -1 && cert) { + X509_free(cert); + } + BIO_free(bio_out); + RETURN_FALSE; + } + } + else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { BIO_get_mem_ptr(bio_out, &bio_buf); add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); } else { ++++++ php-5.3.17-CVE-2013-4635.patch ++++++ http://git.php.net/?p=php-src.git;a=commit;h=4828f7343b3f31d914f4d4a5545865… http://git.php.net/?p=php-src.git;a=commit;h=fc2a9d6e47ae23adb28122539b56df… diff --git a/ext/calendar/jewish.c b/ext/calendar/jewish.c index f4dc7c3..1e7a06c 100644 --- ext/calendar/jewish.c +++ ext/calendar/jewish.c @@ -272,6 +272,7 @@ #define HALAKIM_PER_METONIC_CYCLE (HALAKIM_PER_LUNAR_CYCLE * (12 * 19 + 7)) #define JEWISH_SDN_OFFSET 347997 +#define JEWISH_SDN_MAX 324542846L /* 12/13/887605, greater value raises interger overflow */ #define NEW_MOON_OF_CREATION 31524 #define SUNDAY 0 @@ -519,7 +520,7 @@ void SdnToJewish( int tishri1After; int yearLength; - if (sdn <= JEWISH_SDN_OFFSET) { + if (sdn <= JEWISH_SDN_OFFSET || sdn > JEWISH_SDN_MAX) { *pYear = 0; *pMonth = 0; *pDay = 0; ++++++ php-5.3.17-CVE-2013-6420.patch ++++++ https://bugzilla.redhat.com/attachment.cgi?id=831933&action=diff&context=pa… --- ext/openssl/openssl.c 2013-11-28 13:03:15.000000000 +0100 +++ ext/openssl/openssl.c 2013-11-28 12:57:36.000000000 +0100 @@ -688,18 +688,28 @@ char * thestr; long gmadjust = 0; - if (timestr->length < 13) { + if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp"); + return (time_t)-1; + } + + if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp"); + return (time_t)-1; + } + + if (ASN1_STRING_length(timestr) < 13) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data); return (time_t)-1; } - strbuf = estrdup((char *)timestr->data); + strbuf = estrdup((char *)ASN1_STRING_data(timestr)); memset(&thetime, 0, sizeof(thetime)); /* we work backwards so that we can use atoi more easily */ - thestr = strbuf + timestr->length - 3; + thestr = strbuf + ASN1_STRING_length(timestr) - 3; thetime.tm_sec = atoi(thestr); *thestr = '\0'; ++++++ php-5.3.17-CVE-2013-6712.patch ++++++ From: Remi Collet <remi(a)php.net> Date: Wed, 27 Nov 2013 10:13:16 +0000 (+0100) Subject: Fixed bug #66060 (Heap buffer over-read in DateInterval) X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=12fe4e90be7bfa2… Fixed bug #66060 (Heap buffer over-read in DateInterval) --- --- ext/date/lib/parse_iso_intervals.re +++ ext/date/lib/parse_iso_intervals.re @@ -383,7 +383,7 @@ isoweek = year4 "-"? "W" weekofyear; break; } ptr++; - } while (*ptr); + } while (!s->errors->error_count && *ptr); s->have_period = 1; TIMELIB_DEINIT; return TIMELIB_PERIOD; ++++++ php-5.3.17-CVE-2014-0185.patch ++++++ >From 1875b4648f138df77abcb513149a3340ade69a4c Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev <stas(a)php.net> Date: Tue, 15 Apr 2014 10:43:24 -0700 Subject: [PATCH] Fix bug #67060: use default mode of 660 --- sapi/fpm/fpm/fpm_unix.c | 2 +- sapi/fpm/php-fpm.conf.in | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) --- sapi/fpm/fpm/fpm_unix.c +++ sapi/fpm/fpm/fpm_unix.c @@ -35,7 +35,7 @@ int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */ /* uninitialized */ wp->socket_uid = -1; wp->socket_gid = -1; - wp->socket_mode = 0666; + wp->socket_mode = 0660; if (!c) { return 0; --- sapi/fpm/php-fpm.conf.in +++ sapi/fpm/php-fpm.conf.in @@ -166,10 +166,10 @@ listen = 127.0.0.1:9000 ; permissions must be set in order to allow connections from a web server. Many ; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user -; mode is set to 0666 +; mode is set to 0660 ;listen.owner = @php_fpm_user@ ;listen.group = @php_fpm_group@ -;listen.mode = 0666 +;listen.mode = 0660 ; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -- 1.8.4 ++++++ php-5.3.17-CVE-2014-0207.patch ++++++ From: Remi Collet <remi(a)php.net> Date: Tue, 3 Jun 2014 09:05:00 +0000 (+0200) Subject: Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check X-Git-Tag: php-5.4.30RC1~33 X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=4fcb9a9d1b1063a… Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check Upstream fix https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac9039… Only revelant part applied --- diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c index 4712e84..16649f1 100644 --- ext/fileinfo/libmagic/cdf.c +++ ext/fileinfo/libmagic/cdf.c @@ -365,10 +365,10 @@ cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs, size_t ss = CDF_SHORT_SEC_SIZE(h); size_t pos = CDF_SHORT_SEC_POS(h, id); assert(ss == len); - if (pos > CDF_SEC_SIZE(h) * sst->sst_len) { + if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) { DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" SIZE_T_FORMAT "u\n", - pos, CDF_SEC_SIZE(h) * sst->sst_len)); + pos + len, CDF_SEC_SIZE(h) * sst->sst_len)); return -1; } (void)memcpy(((char *)buf) + offs, ++++++ php-5.3.17-CVE-2014-0237.patch ++++++ http://git.php.net/?p=php-src.git;a=commit;h=68ce2d0ea6da79b12a365e375e1c2c… --- ext/fileinfo/libmagic/cdf.c +++ ext/fileinfo/libmagic/cdf.c @@ -942,7 +942,7 @@ int cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h, cdf_summary_info_header_t *ssi, cdf_property_info_t **info, size_t *count) { - size_t i, maxcount; + size_t maxcount; const cdf_summary_info_header_t *si = CAST(const cdf_summary_info_header_t *, sst->sst_tab); const cdf_section_declaration_t *sd = @@ -957,21 +957,13 @@ cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h, ssi->si_os = CDF_TOLE2(si->si_os); ssi->si_class = si->si_class; cdf_swap_class(&ssi->si_class); - ssi->si_count = CDF_TOLE2(si->si_count); + ssi->si_count = CDF_TOLE4(si->si_count); *count = 0; maxcount = 0; *info = NULL; - for (i = 0; i < CDF_TOLE4(si->si_count); i++) { - if (i >= CDF_LOOP_LIMIT) { - DPRINTF(("Unpack summary info loop limit")); - errno = EFTYPE; - return -1; - } - if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), - info, count, &maxcount) == -1) { + if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), info, + count, &maxcount) == -1) return -1; - } - } return 0; } ++++++ php-5.3.17-CVE-2014-0238.patch ++++++ http://git.php.net/?p=php-src.git;a=commit;h=22736b7c56d678f142d5dd21f4996e… --- ext/fileinfo/libmagic/cdf.c +++ ext/fileinfo/libmagic/cdf.c @@ -823,6 +823,10 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); if (inp[i].pi_type & CDF_VECTOR) { nelements = CDF_GETUINT32(q, 1); + if (nelements == 0) { + DPRINTF(("CDF_VECTOR with nelements == 0\n")); + goto out; + } o = 2; } else { nelements = 1; @@ -897,7 +901,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, } DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", nelements)); - for (j = 0; j < nelements; j++, i++) { + for (j = 0; j < nelements && i < sh.sh_properties; + j++, i++) + { uint32_t l = CDF_GETUINT32(q, o); inp[i].pi_str.s_len = l; inp[i].pi_str.s_buf = (const char *) ++++++ php-5.3.17-CVE-2014-2497.patch ++++++ Description: Patch to fix PHP bug 66901. Author: Andres Mejia <mejiaa(a)amazon.com> Forwarded: no Index: ext/gd/libgd/gdxpm.c =================================================================== --- ext/gd/libgd/gdxpm.c.orig 2014-02-05 11:00:36.000000000 +0100 +++ ext/gd/libgd/gdxpm.c 2014-04-04 14:06:15.991206709 +0200 @@ -39,6 +39,14 @@ number = image.ncolors; colors = (int *) safe_emalloc(number, sizeof(int), 0); for (i = 0; i < number; i++) { + if (!image.colorTable[i].c_color) + { + /* unsupported color key or color key not defined */ + gdImageDestroy(im); + gdFree(colors); + im = 0; + goto done; + } switch (strlen (image.colorTable[i].c_color)) { case 4: buf[1] = '\0'; ++++++ php-5.3.17-CVE-2014-3478.patch ++++++ X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Ffileinfo%2F… diff --git a/ext/fileinfo/libmagic/softmagic.c b/ext/fileinfo/libmagic/softmagic.c index 21fea6b..01e4977 100644 --- ext/fileinfo/libmagic/softmagic.c +++ ext/fileinfo/libmagic/softmagic.c @@ -881,10 +881,18 @@ mconvert(struct magic_set *ms, struct magic *m, int flip) return 1; } case FILE_PSTRING: { - char *ptr1 = p->s, *ptr2 = ptr1 + file_pstring_length_size(m); + size_t sz = file_pstring_length_size(m); + char *ptr1 = p->s, *ptr2 = ptr1 + sz; size_t len = file_pstring_get_length(m, ptr1); - if (len >= sizeof(p->s)) - len = sizeof(p->s) - 1; + if (len >= sizeof(p->s)) { + /* + * The size of the pascal string length (sz) + * is 1, 2, or 4. We need at least 1 byte for NUL + * termination, but we've already truncated the + * string by p->s, so we need to deduct sz. + */ + len = sizeof(p->s) - sz; + } while (len--) *ptr1++ = *ptr2++; *ptr1 = '\0'; ++++++ php-5.3.17-CVE-2014-3479.patch ++++++ X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Ffileinfo%2F… Index: ext/fileinfo/libmagic/cdf.c =================================================================== --- ext/fileinfo/libmagic/cdf.c.orig 2014-06-30 17:42:12.365215599 +0200 +++ ext/fileinfo/libmagic/cdf.c 2014-06-30 17:44:16.469213240 +0200 @@ -277,13 +277,15 @@ { const char *b = (const char *)sst->sst_tab; const char *e = ((const char *)p) + tail; + size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ? + CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h); (void)&line; - if (e >= b && (size_t)(e - b) < CDF_SEC_SIZE(h) * sst->sst_len) + if (e >= b && (size_t)(e - b) < ss * sst->sst_len) return 0; DPRINTF(("%d: offset begin %p end %p %" SIZE_T_FORMAT "u" " >= %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %" SIZE_T_FORMAT "u]\n", line, b, e, (size_t)(e - b), - CDF_SEC_SIZE(h) * sst->sst_len, CDF_SEC_SIZE(h), sst->sst_len)); + ss * sst->sst_len, ss, sst->sst_len)); errno = EFTYPE; return -1; } ++++++ php-5.3.17-CVE-2014-3480.patch ++++++ X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Ffileinfo%2F… diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c index c9a5d50..ee467a6 100644 --- ext/fileinfo/libmagic/cdf.c +++ ext/fileinfo/libmagic/cdf.c @@ -470,7 +470,8 @@ size_t cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size) { size_t i, j; - cdf_secid_t maxsector = (cdf_secid_t)(sat->sat_len * size); + cdf_secid_t maxsector = (cdf_secid_t)((sat->sat_len * size) + / sizeof(maxsector)); DPRINTF(("Chain:")); for (j = i = 0; sid >= 0; i++, j++) { @@ -480,8 +481,8 @@ cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size) errno = EFTYPE; return (size_t)-1; } - if (sid > maxsector) { - DPRINTF(("Sector %d > %d\n", sid, maxsector)); + if (sid >= maxsector) { + DPRINTF(("Sector %d >= %d\n", sid, maxsector)); errno = EFTYPE; return (size_t)-1; } ++++++ php-5.3.17-CVE-2014-3487.patch ++++++ X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Ffileinfo%2F… diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c index ee467a6..429f3b9 100644 --- ext/fileinfo/libmagic/cdf.c +++ ext/fileinfo/libmagic/cdf.c @@ -812,7 +812,11 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) goto out; for (i = 0; i < sh.sh_properties; i++) { - size_t ofs = CDF_GETUINT32(p, (i << 1) + 1); + size_t ofs, tail = (i << 1) + 1; + if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t), + __LINE__) == -1) + goto out; + ofs = CDF_GETUINT32(p, tail); q = (const uint8_t *)(const void *) ((const char *)(const void *)p + ofs - 2 * sizeof(uint32_t)); ++++++ php-5.3.17-CVE-2014-3515.patch ++++++ From: Stanislav Malyshev <stas(a)php.net> Date: Sun, 22 Jun 2014 02:46:16 +0000 (-0700) Subject: Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion X-Git-Tag: php-5.4.30~6 X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=88223c5245e9b47… Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion --- Index: ext/spl/spl_array.c =================================================================== --- ext/spl/spl_array.c.orig 2014-06-30 17:45:07.373212272 +0200 +++ ext/spl/spl_array.c 2014-06-30 17:49:00.493207840 +0200 @@ -1806,7 +1806,7 @@ ++p; ALLOC_INIT_ZVAL(pmembers); - if (!php_var_unserialize(&pmembers, &p, s + buf_len, var_hash_p TSRMLS_CC)) { + if (!php_var_unserialize(&pmembers, &p, s + buf_len, var_hash_p TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; } Index: ext/spl/spl_observer.c =================================================================== --- ext/spl/spl_observer.c.orig 2014-06-30 17:44:43.821212720 +0200 +++ ext/spl/spl_observer.c 2014-06-30 17:45:07.373212272 +0200 @@ -801,7 +801,7 @@ ++p; ALLOC_INIT_ZVAL(pmembers); - if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC)) { + if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; } ++++++ php-5.3.17-CVE-2014-4049.patch ++++++ >From 4f73394fdd95d3165b4391e1b0dedd57fced8c3b Mon Sep 17 00:00:00 2001 From: Sara Golemon <pollita(a)php.net> Date: Tue, 10 Jun 2014 11:18:02 -0700 Subject: [PATCH] Fix potential segfault in dns_get_record() If the remote sends us a packet with a malformed TXT record, we could end up trying to over-consume the packet and wander off into overruns. --- ext/standard/dns.c | 4 ++++ 1 file changed, 4 insertions(+) --- ext/standard/dns.c +++ ext/standard/dns.c @@ -517,6 +517,10 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int while (ll < dlen) { n = cp[ll]; + if ((ll + n) >= dlen) { + // Invalid chunk length, truncate + n = dlen - (ll + 1); + } memcpy(tp + ll , cp + ll + 1, n); add_next_index_stringl(entries, cp + ll + 1, n, 1); ll = ll + n + 1; -- 1.9.3 ++++++ php-5.3.2-aconf26x.patch ++++++ Index: scripts/phpize.m4 =================================================================== --- scripts/phpize.m4.orig +++ scripts/phpize.m4 @@ -1,6 +1,6 @@ dnl This file becomes configure.in for self-contained extensions. -divert(1) +divert(1001) AC_PREREQ(2.13) AC_INIT(config.m4) @@ -23,7 +23,8 @@ test -z "$CFLAGS" && auto_cflags=1 abs_srcdir=`(cd $srcdir && pwd)` abs_builddir=`pwd` -AC_PROG_CC([cc gcc]) +AC_PROG_CC_STDC +AC_USE_SYSTEM_EXTENSIONS PHP_DETECT_ICC PHP_DETECT_SUNCC AC_PROG_CC_C_O Index: ext/standard/config.m4 =================================================================== --- ext/standard/config.m4.orig +++ ext/standard/config.m4 @@ -1,6 +1,6 @@ dnl $Id$ -*- autoconf -*- -divert(3)dnl +divert(1003)dnl dnl dnl Check if flush should be called explicitly after buffered io @@ -342,7 +342,7 @@ dnl AC_CHECK_FUNCS(getcwd getwd asinh acosh atanh log1p hypot glob strfmon nice fpclass isinf isnan mempcpy strpncpy) AC_FUNC_FNMATCH -divert(5)dnl +divert(1005)dnl dnl dnl Check if there is a support means of creating a new process Index: configure.in =================================================================== --- configure.in.orig +++ configure.in @@ -1,7 +1,7 @@ ## $Id$ -*- autoconf -*- dnl ## Process this file with autoconf to produce a configure script. -divert(1) +divert(1001) dnl ## Diversion 1 is the autoconf + automake setup phase. We also dnl ## set the PHP version, deal with platform-specific compile @@ -125,12 +125,12 @@ rm -f libs/* dnl Checks for programs. dnl ------------------------------------------------------------------------- -AC_PROG_CC([cc gcc]) +AC_USE_SYSTEM_EXTENSIONS PHP_DETECT_ICC PHP_DETECT_SUNCC AC_PROG_CC_C_O dnl Change to AC_PROG_CC_STDC when we start requiring a post-2.13 autoconf -dnl AC_PROG_CC_STDC +AC_PROG_CC_STDC AC_PROG_CPP AC_AIX AC_PROG_LN_S @@ -290,7 +290,7 @@ sinclude(TSRM/threads.m4) sinclude(TSRM/tsrm.m4) -divert(2) +divert(1002) dnl ## Diversion 2 is where we set PHP-specific options and come up dnl ## with reasonable default values for them. We check for pthreads here @@ -329,7 +329,7 @@ if test "$enable_maintainer_zts" = "yes" PTHREADS_FLAGS fi -divert(3) +divert(1003) dnl ## In diversion 3 we check for compile-time options to the PHP dnl ## core and how to deal with different system dependencies. @@ -683,7 +683,7 @@ if test "x$php_crypt_r" = "x1"; then PHP_CRYPT_R_STYLE fi -divert(4) +divert(1004) dnl ## In diversion 4 we check user-configurable general settings. @@ -924,7 +924,7 @@ else AC_MSG_RESULT([using system default]) fi -divert(5) +divert(1005) dnl ## In diversion 5 we check which extensions should be compiled. dnl ## All of these are normally in the extension directories. @@ -1351,7 +1351,8 @@ AC_PROVIDE_IFELSE([PHP_REQUIRE_CXX], [], undefine([AC_PROG_CXXCPP]) AC_DEFUN([AC_PROG_CXXCPP], [php_prog_cxxcpp=disabled]) ]) -AC_PROG_LIBTOOL +LT_INIT([disable-static pic-only dlopen]) +#AC_PROG_LIBTOOL if test "$enable_debug" != "yes"; then PHP_SET_LIBTOOL_VARIABLE([--silent]) Index: build/buildcheck.sh =================================================================== --- build/buildcheck.sh.orig +++ build/buildcheck.sh @@ -51,7 +51,7 @@ if test "$1" = "2" -a "$2" -gt "59"; the echo " On Debian/Ubuntu both autoconf2.13 and autoconf2.59 packages exist." echo " Install autoconf2.13 and set the PHP_AUTOCONF env var to " echo " autoconf2.13 and try again." - exit 1 +# exit 1 else echo "buildconf: autoconf version $ac_version (ok)" fi ++++++ php-5.3.2-ini.patch ++++++ Index: php.ini-production =================================================================== --- php.ini-production.orig 2010-06-24 02:15:12.000000000 +0200 +++ php.ini-production 2010-08-03 06:31:20.319461000 +0200 @@ -781,7 +781,7 @@ default_mimetype = "text/html" ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" +include_path = ".:/usr/share/php5:/usr/share/php5/PEAR" ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" @@ -1189,7 +1189,7 @@ mysql.allow_local_infile = On ; Allow or prevent persistent links. ; http://php.net/mysql.allow-persistent -mysql.allow_persistent = On +mysql.allow_persistent = Off ; If mysqlnd is used: Number of cache slots for the internal result set cache ; http://php.net/mysql.cache_size @@ -1252,7 +1252,7 @@ mysqli.max_persistent = -1 ; Allow or prevent persistent links. ; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On +mysqli.allow_persistent = Off ; Maximum number of links. -1 means no limit. ; http://php.net/mysqli.max-links @@ -1474,7 +1474,7 @@ session.save_handler = files ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. ; http://php.net/session.save-path -;session.save_path = "/tmp" +session.save_path = "/var/lib/php5" ; Whether to use cookies. ; http://php.net/session.use-cookies @@ -1590,14 +1590,14 @@ session.referer_check = ; How many bytes to read from the file. ; http://php.net/session.entropy-length -session.entropy_length = 0 +session.entropy_length = 32 ; Specified here to create the session id. ; http://php.net/session.entropy-file ; On systems that don't have /dev/urandom /dev/arandom can be used ; On windows, setting the entropy_length setting will activate the ; Windows random source (using the CryptoAPI) -;session.entropy_file = /dev/urandom +session.entropy_file = /dev/urandom ; Set to {nocache,private,public,} to determine HTTP caching aspects ; or leave this empty to avoid sending anti-caching headers. @@ -1628,7 +1628,7 @@ session.use_trans_sid = 0 ; the hash extension. A list of available hashes is returned by the hash_algos() ; function. ; http://php.net/session.hash-function -session.hash_function = 0 +session.hash_function = sha256 ; Define how many bits are stored in each character when converting ; the binary hash data to something readable. ++++++ php-5.3.2-no-build-date.patch ++++++ --- ext/standard/info.c.orig +++ ext/standard/info.c @@ -697,7 +697,7 @@ PHPAPI void php_print_info(int flag TSRM php_info_print_box_end(); php_info_print_table_start(); php_info_print_table_row(2, "System", php_uname ); - php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__ ); + /* php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__ ); */ #ifdef COMPILER php_info_print_table_row(2, "Compiler", COMPILER); #endif @@ -705,7 +705,7 @@ PHPAPI void php_print_info(int flag TSRM php_info_print_table_row(2, "Architecture", ARCHITECTURE); #endif #ifdef CONFIGURE_COMMAND - php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); + /* php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); */ #endif if (sapi_module.pretty_name) { --- sapi/fpm/fpm/fpm_main.c.orig +++ sapi/fpm/fpm/fpm_main.c @@ -1700,7 +1700,7 @@ int main(int argc, char *argv[]) #if ZEND_DEBUG php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version()); #endif php_request_shutdown((void *) 0); fcgi_shutdown(); --- configure.in.orig +++ configure.in @@ -1192,8 +1192,8 @@ fi EXTRA_LDFLAGS="$EXTRA_LDFLAGS $PHP_LDFLAGS" EXTRA_LDFLAGS_PROGRAM="$EXTRA_LDFLAGS_PROGRAM $PHP_LDFLAGS" - -PHP_BUILD_DATE=`date '+%Y-%m-%d'` +#totally fake, not used anywhere in userspace +PHP_BUILD_DATE="1970-01-01" AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date]) case $host_alias in @@ -1204,7 +1204,8 @@ case $host_alias in AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[hardcode for each of the cross compiler host]) ;; *) - PHP_UNAME=`uname -a | xargs` +dnl Totally fake, it wasnt and will never be reliable anyway. + PHP_UNAME="Linux suse 2.6.36 #1 SMP 2011-02-21 10:34:10 +0100 x86_64 x86_64 x86_64 GNU/Linux" AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output]) PHP_OS=`uname | xargs` AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output]) ++++++ php-5.3.4-format-string-issues.patch ++++++ --- main/snprintf.h.orig +++ main/snprintf.h @@ -83,7 +83,7 @@ PHPAPI int ap_php_vslprintf(char *buf, s PHPAPI int ap_php_snprintf(char *, size_t, const char *, ...); PHPAPI int ap_php_vsnprintf(char *, size_t, const char *, va_list ap); PHPAPI int ap_php_vasprintf(char **buf, const char *format, va_list ap); -PHPAPI int ap_php_asprintf(char **buf, const char *format, ...); +PHPAPI int ap_php_asprintf(char **buf, const char *format, ...) PHP_ATTRIBUTE_FORMAT(printf, 2, 3); PHPAPI int php_sprintf (char* s, const char* format, ...) PHP_ATTRIBUTE_FORMAT(printf, 2, 3); PHPAPI char * php_gcvt(double value, int ndigit, char dec_point, char exponent, char *buf); PHPAPI char * php_conv_fp(register char format, register double num, --- main/main.c.orig +++ main/main.c @@ -898,7 +898,7 @@ PHPAPI void php_html_puts(const char *st /* {{{ php_error_cb extended error handling function */ -static void php_error_cb(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args) +static PHP_ATTRIBUTE_FORMAT(printf, 4, 0) void php_error_cb(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args) { char *buffer; int buffer_len, display; --- Zend/zend.h.orig +++ Zend/zend.h @@ -146,6 +146,14 @@ char *alloca (); # define ZEND_ATTRIBUTE_MALLOC #endif +#if ZEND_GCC_VERSION >= 4003 +#define ZEND_ATTR_ALLOC_SIZE(x) __attribute__((__alloc_size__(x))) +#define ZEND_ATTR_ALLOC_SIZE2(x,y) __attribute__((__alloc_size__(x,y))) +#else +#define ZEND_ATTR_ALLOC_SIZE(x) +#define ZEND_ATTR_ALLOC_SIZE2(x,y) +#endif + #if ZEND_GCC_VERSION >= 2007 # define ZEND_ATTRIBUTE_FORMAT(type, idx, first) __attribute__ ((format(type, idx, first))) #else --- Zend/zend_alloc.h.orig +++ Zend/zend_alloc.h @@ -54,14 +54,14 @@ BEGIN_EXTERN_C() ZEND_API char *zend_strndup(const char *s, unsigned int length) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTRIBUTE_MALLOC; +ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE(1); +ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); +ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_safe_erealloc(void *ptr, size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_safe_realloc(void *ptr, size_t nmemb, size_t size, size_t offset); +ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); +ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTR_ALLOC_SIZE(2); +ZEND_API void *_safe_erealloc(void *ptr, size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTR_ALLOC_SIZE2(2,3); +ZEND_API void *_safe_realloc(void *ptr, size_t nmemb, size_t size, size_t offset) ZEND_ATTR_ALLOC_SIZE2(2,3); ZEND_API char *_estrdup(const char *s ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; ZEND_API char *_estrndup(const char *s, unsigned int length ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; ZEND_API size_t _zend_mem_block_size(void *ptr TSRMLS_DC ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); @@ -90,7 +90,7 @@ ZEND_API size_t _zend_mem_block_size(voi #define estrndup_rel(s, length) _estrndup((s), (length) ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_CC) #define zend_mem_block_size_rel(ptr) _zend_mem_block_size((ptr) TSRMLS_CC ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_CC) -inline static void * __zend_malloc(size_t len) +inline static ZEND_ATTR_ALLOC_SIZE(1) void * __zend_malloc(size_t len) { void *tmp = malloc(len); if (tmp) { @@ -100,14 +100,14 @@ inline static void * __zend_malloc(size_ exit(1); } -inline static void * __zend_calloc(size_t nmemb, size_t len) +inline static ZEND_ATTR_ALLOC_SIZE2(1,2) void * __zend_calloc(size_t nmemb, size_t len) { void *tmp = _safe_malloc(nmemb, len, 0); memset(tmp, 0, nmemb * len); return tmp; } -inline static void * __zend_realloc(void *p, size_t len) +inline static ZEND_ATTR_ALLOC_SIZE(2) void * __zend_realloc(void *p, size_t len) { p = realloc(p, len); if (p) { --- sapi/cli/php_cli.c.orig +++ sapi/cli/php_cli.c @@ -826,8 +826,8 @@ int main(int argc, char *argv[]) } request_started = 1; - php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2012 The PHP Group\n%s", - PHP_VERSION, sapi_module.name, __DATE__, __TIME__, + php_printf("PHP %s (%s) %s\nCopyright (c) 1997-2012 The PHP Group\n%s", + PHP_VERSION, sapi_module.name, #if ZEND_DEBUG && defined(HAVE_GCOV) "(DEBUG GCOV)", #elif ZEND_DEBUG --- sapi/cgi/cgi_main.c.orig +++ sapi/cgi/cgi_main.c @@ -1935,7 +1935,7 @@ consult the installation file that came #if ZEND_DEBUG php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version()); #endif php_request_shutdown((void *) 0); fcgi_shutdown(); ++++++ php-5.3.4-pts.patch ++++++ --- ext/standard/proc_open.c.orig +++ ext/standard/proc_open.c @@ -62,7 +62,7 @@ * */ #ifdef PHP_CAN_SUPPORT_PROC_OPEN -#if 0 && HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H +#if HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H # include <sys/ioctl.h> # include <termios.h> # define PHP_CAN_DO_PTS 1 ++++++ php-5.3.6-gcc_builtins.patch ++++++ --- Zend/zend_alloc.c.orig +++ Zend/zend_alloc.c @@ -36,7 +36,7 @@ # include <wincrypt.h> # include <process.h> #endif - +#include <x86intrin.h> #ifndef ZEND_MM_HEAP_PROTECTION # define ZEND_MM_HEAP_PROTECTION ZEND_DEBUG #endif @@ -665,10 +665,7 @@ static inline unsigned int zend_mm_high_ __asm__("bsrl %1,%0\n\t" : "=r" (n) : "rm" (_size)); return n; #elif defined(__GNUC__) && defined(__x86_64__) - unsigned long n; - - __asm__("bsrq %1,%0\n\t" : "=r" (n) : "rm" (_size)); - return (unsigned int)n; + return __bsrq(_size); #elif defined(_MSC_VER) && defined(_M_IX86) __asm { bsr eax, _size @@ -691,10 +688,7 @@ static inline unsigned int zend_mm_low_b __asm__("bsfl %1,%0\n\t" : "=r" (n) : "rm" (_size)); return n; #elif defined(__GNUC__) && defined(__x86_64__) - unsigned long n; - - __asm__("bsfq %1,%0\n\t" : "=r" (n) : "rm" (_size)); - return (unsigned int)n; + return __bsfq(_size); #elif defined(_MSC_VER) && defined(_M_IX86) __asm { bsf eax, _size ++++++ php-5.3.6-ini-date.timezone.patch ++++++ Index: php.ini-production =================================================================== --- php.ini-production.orig +++ php.ini-production @@ -993,7 +993,7 @@ default_socket_timeout = 60 [Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone -;date.timezone = +date.timezone = 'UTC' ; http://php.net/date.default-latitude ;date.default_latitude = 31.7667 ++++++ php-5.3.8-CVE-2011-4153.patch ++++++ http://svn.php.net/viewvc?view=revision&revision=319442 http://svn.php.net/viewvc?view=revision&revision=319453 #-0- Zend/zend_builtin_functions.c #-1- ext/soap/php_sdl.c #-2- ext/standard/syslog.c #-3- N/A for 5.3.8 #-4- N/A #-5- N/A #-6- ext/session/mod_files.c ext/standard/file.c Index: Zend/zend_builtin_functions.c =================================================================== --- Zend/zend_builtin_functions.c.orig +++ Zend/zend_builtin_functions.c @@ -683,6 +683,9 @@ repeat: } c.flags = case_sensitive; /* non persistent */ c.name = zend_strndup(name, name_len); + if(c.name == NULL) { + RETURN_FALSE; + } c.name_len = name_len+1; c.module_number = PHP_USER_CONSTANT; if (zend_register_constant(&c TSRMLS_CC) == SUCCESS) { Index: ext/standard/syslog.c =================================================================== --- ext/standard/syslog.c.orig +++ ext/standard/syslog.c @@ -234,6 +234,9 @@ PHP_FUNCTION(openlog) free(BG(syslog_device)); } BG(syslog_device) = zend_strndup(ident, ident_len); + if(BG(syslog_device) == NULL) { + RETURN_FALSE; + } openlog(BG(syslog_device), option, facility); RETURN_TRUE; } Index: ext/soap/php_sdl.c =================================================================== --- ext/soap/php_sdl.c.orig +++ ext/soap/php_sdl.c @@ -147,6 +147,10 @@ encodePtr get_encoder(sdlPtr sdl, const memcpy(new_enc, enc, sizeof(encode)); if (sdl->is_persistent) { new_enc->details.ns = zend_strndup(ns, ns_len); + if (new_enc->details.ns == NULL) { + efree(nscat); + return NULL; + } new_enc->details.type_str = strdup(new_enc->details.type_str); } else { new_enc->details.ns = estrndup(ns, ns_len); Index: ext/standard/file.c =================================================================== --- ext/standard/file.c.orig +++ ext/standard/file.c @@ -2612,10 +2612,15 @@ PHP_FUNCTION(fnmatch) Returns directory path used for temporary files */ PHP_FUNCTION(sys_get_temp_dir) { + char *tmp_dir; if (zend_parse_parameters_none() == FAILURE) { return; } - RETURN_STRING((char *)php_get_temporary_directory(), 1); + tmp_dir = (char *)php_get_temporary_directory(); + if (tmp_dir == NULL) { + return; + } + RETURN_STRING(tmp_dir, 1); } /* }}} */ Index: ext/session/mod_files.c =================================================================== --- ext/session/mod_files.c.orig +++ ext/session/mod_files.c @@ -273,6 +273,9 @@ PS_OPEN_FUNC(files) if (*save_path == '\0') { /* if save path is an empty string, determine the temporary dir */ save_path = php_get_temporary_directory(); + if (save_path == NULL) { + return FAILURE; + } if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { return FAILURE; ++++++ php-5.3.8-crypt-tests.patch ++++++ Index: ext/standard/config.m4 =================================================================== --- ext/standard/config.m4.orig +++ ext/standard/config.m4 @@ -60,7 +60,14 @@ if test "$ac_cv_func_crypt" = "no"; then AC_DEFINE(HAVE_CRYPT, 1, [ ]) ]) fi - + +if test "$ac_cv_func_crypt" = "no"; then + AC_CHECK_LIB(crypt, crypt_r, [ + LIBS="-lcrypt $LIBS -lcrypt" + AC_DEFINE(HAVE_CRYPT_R, 1, [ ]) + ]) +fi + AC_CACHE_CHECK(for standard DES crypt, ac_cv_crypt_des,[ AC_TRY_RUN([ #if HAVE_UNISTD_H @@ -172,7 +179,7 @@ main() { ac_cv_crypt_blowfish=no ])]) -AC_CACHE_CHECK(for SHA512 crypt, ac_cv_crypt_SHA512,[ +AC_CACHE_CHECK(for SHA512 crypt, ac_cv_crypt_sha512,[ AC_TRY_RUN([ #if HAVE_UNISTD_H #include <unistd.h> @@ -184,24 +191,22 @@ AC_TRY_RUN([ main() { #if HAVE_CRYPT - char salt[30], answer[80]; + char salt[120]; - salt[0]='$'; salt[1]='6'; salt[2]='$'; salt[3]='$'; salt[4]='b'; salt[5]='a'; salt[6]='r'; salt[7]='\0'; - strcpy(answer, salt); - strcpy(&answer[29],"$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu."); - exit (strcmp((char *)crypt("foo",salt),answer)); + strcpy(salt, "\$6\$rounds=5000\$usesomesillystri\$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21"); + exit (strcmp((char *)crypt("rasmuslerdorf",salt),salt)); #else exit(0); #endif }],[ - ac_cv_crypt_SHA512=yes + ac_cv_crypt_sha512=yes ],[ - ac_cv_crypt_SHA512=no + ac_cv_crypt_sha512=no ],[ - ac_cv_crypt_SHA512=no + ac_cv_crypt_sha512=no ])]) -AC_CACHE_CHECK(for SHA256 crypt, ac_cv_crypt_SHA256,[ +AC_CACHE_CHECK(for SHA256 crypt, ac_cv_crypt_sha256,[ AC_TRY_RUN([ #if HAVE_UNISTD_H #include <unistd.h> @@ -213,28 +218,31 @@ AC_TRY_RUN([ main() { #if HAVE_CRYPT - char salt[30], answer[80]; - salt[0]='$'; salt[1]='5'; salt[2]='$'; salt[3]='$'; salt[4]='s'; salt[5]='a'; salt[6]='l'; salt[7]='t'; salt[8]='s'; salt[9]='t'; salt[10]='r'; salt[11]='i'; salt[12]='n'; salt[13]='g'; salt[14]='\0'; - strcat(salt,""); - strcpy(answer, salt); - strcpy(&answer[29], "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"); - exit (strcmp((char *)crypt("foo",salt),answer)); + char salt[80]; + strcpy(salt, "\$5\$rounds=5000\$usesomesillystri\$KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6"); + exit (strcmp((char *)crypt("rasmuslerdorf",salt),salt)); #else exit(0); #endif }],[ - ac_cv_crypt_SHA256=yes + ac_cv_crypt_sha256=yes ],[ - ac_cv_crypt_SHA256=no + ac_cv_crypt_sha256=no ],[ - ac_cv_crypt_SHA256=no + ac_cv_crypt_sha256=no ])]) dnl -dnl If one of them is missing, use our own implementation, portable code is then possible +dnl If one of them or crypt_r() is missing, use our own implementation, portable code is then possible dnl -if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "x$php_crypt_r" = "x0"; then +if test "$ac_cv_crypt_des" = "no" || + /* test "$ac_cv_crypt_ext_des" = "no" ||*/ + test "$ac_cv_crypt_md5" = "no" || + test "$ac_cv_crypt_blowfish" = "no" || + test "$ac_cv_crypt_sha512" = "no" || + test "$ac_cv_crypt_sha256" = "no" || + test "$ac_cv_lib_crypt_crypt_r" = "no"; then dnl dnl Check for __alignof__ support in the compiler ++++++ php-5.3.8-no-reentrant-crypt.patch ++++++ Index: ext/standard/crypt.c =================================================================== --- ext/standard/crypt.c +++ ext/standard/crypt.c @@ -302,6 +302,8 @@ PHP_FUNCTION(crypt) RETURN_STRING(crypt_res, 1); } } +# else + RETURN_STRING(crypt(str, salt), 1); # endif #endif } ++++++ php-CVE-2014-4670.patch ++++++ X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fspl%2Fspl_d… --- ext/spl/spl_dllist.c +++ ext/spl/spl_dllist.c @@ -43,12 +43,10 @@ PHPAPI zend_class_entry *spl_ce_SplStack; #define SPL_LLIST_DELREF(elem) if(!--(elem)->rc) { \ efree(elem); \ - elem = NULL; \ } #define SPL_LLIST_CHECK_DELREF(elem) if((elem) && !--(elem)->rc) { \ efree(elem); \ - elem = NULL; \ } #define SPL_LLIST_ADDREF(elem) (elem)->rc++ @@ -916,6 +914,11 @@ SPL_METHOD(SplDoublyLinkedList, offsetUnset) llist->dtor(element TSRMLS_CC); } + if (intern->traverse_pointer == element) { + SPL_LLIST_DELREF(element); + intern->traverse_pointer = NULL; + } + zval_ptr_dtor((zval **)&element->data); element->data = NULL; ++++++ php-CVE-2014-4698.patch ++++++ X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fspl%2Fspl_a… Index: ext/spl/spl_array.c =================================================================== --- ext/spl/spl_array.c.orig 2014-07-17 15:57:13.633410017 +0200 +++ ext/spl/spl_array.c 2014-07-17 15:57:13.649410017 +0200 @@ -1753,8 +1753,15 @@ { const unsigned char *p, *s; zval *pmembers, *pflags = NULL; + HashTable *aht; long flags; + aht = spl_array_get_hash_table(intern, 0 TSRMLS_CC); + if (aht->nApplyCount > 0) { + zend_error(E_WARNING, "Modification of ArrayObject during sorting is prohibited"); + return; + } + /* storage */ s = p = buf; ++++++ php-CVE-2014-4721.patch ++++++ https://bugs.php.net/patch-display.php?bug_id=67498&patch=bug67948-patch&re… Index: ext/standard/info.c =================================================================== --- ext/standard/info.c.orig 2014-07-17 14:31:18.229508033 +0200 +++ ext/standard/info.c 2014-07-17 14:31:18.373508031 +0200 @@ -972,16 +972,16 @@ php_info_print_table_start(); php_info_print_table_header(2, "Variable", "Value"); - if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data)); } php_print_gpcse_array("_REQUEST", sizeof("_REQUEST")-1 TSRMLS_CC); ++++++ php-cloexec.patch ++++++ Index: ext/standard/exec.c =================================================================== --- ext/standard/exec.c.orig 2010-03-12 11:28:59.000000000 +0100 +++ ext/standard/exec.c 2010-08-03 06:31:21.692327000 +0200 @@ -107,8 +107,12 @@ PHPAPI int php_exec(int type, char *cmd, #ifdef PHP_WIN32 fp = VCWD_POPEN(cmd_p, "rb"); #else +#if defined(__linux__) && __GLIBC_PREREQ(2, 9) + fp = VCWD_POPEN(cmd_p, "re"); +#else fp = VCWD_POPEN(cmd_p, "r"); #endif +#endif if (!fp) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to fork [%s]", cmd); goto err; Index: ext/standard/file.c =================================================================== --- ext/standard/file.c.orig 2010-05-02 22:11:22.000000000 +0200 +++ ext/standard/file.c 2010-08-03 06:31:21.701320000 +0200 @@ -957,6 +957,13 @@ PHP_FUNCTION(popen) } } #endif +#if defined(__linux__) && __GLIBC_PREREQ(2, 9) + char *e = memchr(posix_mode, 'e', mode_len); + if (e) { + memmove(e, e + 1, mode_len - (e - posix_mode)); + } +#endif + if (PG(safe_mode)){ b = strchr(command, ' '); if (!b) { Index: ext/standard/mail.c =================================================================== --- ext/standard/mail.c.orig 2010-07-19 15:38:53.000000000 +0200 +++ ext/standard/mail.c 2010-08-03 06:31:21.709286000 +0200 @@ -294,8 +294,12 @@ PHPAPI int php_mail(char *to, char *subj * (e.g. the shell can't be executed) we explicitely set it to 0 to be * sure we don't catch any older errno value. */ errno = 0; +#if defined(__linux__) && __GLIBC_PREREQ(2, 9) + sendmail = popen(sendmail_cmd, "we"); +#else sendmail = popen(sendmail_cmd, "w"); #endif +#endif if (extra_cmd != NULL) { efree (sendmail_cmd); } ++++++ php-fpm.init ++++++ #!/bin/sh # # Template SUSE system startup script for example service/daemon php-fpm # Copyright (C) 1995--2005 Kurt Garloff, SUSE / Novell Inc. # # This library is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or (at # your option) any later version. # # This library is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, # USA. # # /etc/init.d/php-fpm # and its symbolic link # /(usr/)sbin/rcphp-fpm # # Template system startup script for some example service/daemon php-fpm # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # # Note: This template uses functions rc_XXX defined in /etc/rc.status on # UnitedLinux/SUSE/Novell based Linux distributions. If you want to base your # script on this template and ensure that it works on non UL based LSB # compliant Linux distributions, you either have to provide the rc.status # functions from UL or change the script to work without them. # See skeleton.compat for a template that works with other distros as well. # ### BEGIN INIT INFO # Provides: php-fpm # Required-Start: $remote_fs $network # Should-Start: nginx lighttpd httpd # Required-Stop: $network $remote_fs # Should-Stop: nginx lighttpd httpd # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: php-fpm daemon # Description: Start php-fpm to # continued on second line by '#<TAB>' # should contain enough info for the runlevel editor # to give admin some idea what this service does and # what it's needed for ... # (The Short-Description should already be a good hint.) ### END INIT INFO # # Any extensions to the keywords given above should be preceeded by # X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB. # # Notes on Required-Start/Should-Start: # * There are two different issues that are solved by Required-Start # and Should-Start # (a) Hard dependencies: This is used by the runlevel editor to determine # which services absolutely need to be started to make the start of # this service make sense. Example: nfsserver should have # Required-Start: $portmap # Also, required services are started before the dependent ones. # The runlevel editor will warn about such missing hard dependencies # and suggest enabling. During system startup, you may expect an error, # if the dependency is not fulfilled. # (b) Specifying the init script ordering, not real (hard) dependencies. # This is needed by insserv to determine which service should be # started first (and at a later stage what services can be started # in parallel). The tag Should-Start: is used for this. # It tells, that if a service is available, it should be started # before. If not, never mind. # * When specifying hard dependencies or ordering requirements, you can # use names of services (contents of their Provides: section) # or pseudo names starting with a $. The following ones are available # according to LSB (1.1): # $local_fs all local file systems are mounted # (most services should need this!) # $remote_fs all remote file systems are mounted # (note that /usr may be remote, so # many services should Require this!) # $syslog system logging facility up # $network low level networking (eth card, ...) # $named hostname resolution available # $netdaemons all network daemons are running # The $netdaemons pseudo service has been removed in LSB 1.2. # For now, we still offer it for backward compatibility. # These are new (LSB 1.2): # $time the system time has been set correctly # $portmap SunRPC portmapping service available # UnitedLinux extensions: # $ALL indicates that a script should be inserted # at the end # * The services specified in the stop tags # (Required-Stop/Should-Stop) # specify which services need to be still running when this service # is shut down. Often the entries there are just copies or a subset # from the respective start tag. # * Should-Start/Stop are now part of LSB as of 2.0, # formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop. # insserv does support both variants. # * X-UnitedLinux-Default-Enabled: yes/no is used at installation time # (%fillup_and_insserv macro in %post of many RPMs) to specify whether # a startup script should default to be enabled after installation. # It's not used by insserv. # # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: # http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html # A registry has been set up to manage the init script namespace. # http://www.lanana.org/ # Please use the names already registered or register one or use a # vendor prefix. # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance PHPFPM_BIN=/usr/sbin/php-fpm test -x $PHPFPM_BIN || { echo "$PHPFPM_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } FPM_CONFIG="--fpm-config /etc/php5/fpm/php-fpm.conf" # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting php-fpm" ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. /sbin/startproc $PHPFPM_BIN $FPM_CONFIG # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down php-fpm " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. /sbin/killproc -QUIT $PHPFPM_BIN # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart the service if it ## is running. echo -n "Reload service php-fpm" ## if it supports it: /sbin/killproc -USR2 $PHPFPM_BIN rc_status -v ## Otherwise: #$0 try-restart #rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) # If it supports signaling: echo -n "Reload service php-fpm " /sbin/killproc -USR2 $PHPFPM_BIN rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service php-fpm " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. /sbin/checkproc $PHPFPM_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" exit 1 ;; esac rc_exit ++++++ php5-apache_sapi_install.patch ++++++ # Do not attempt to modify apache configuration on module install ================================================================================ --- sapi/apache2handler/config.m4 | 9 --------- 1 file changed, 9 deletions(-) Index: sapi/apache2handler/config.m4 =================================================================== --- sapi/apache2handler/config.m4.orig 2008-03-11 23:47:39.000000000 +0100 +++ sapi/apache2handler/config.m4 2010-08-03 06:31:18.512616000 +0200 @@ -68,18 +68,9 @@ if test "$PHP_APXS2" != "no"; then fi APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` - if test -z `$APXS -q SYSCONFDIR`; then INSTALL_IT="\$(mkinstalldirs) '$APXS_LIBEXECDIR' && \ $APXS -S LIBEXECDIR='$APXS_LIBEXECDIR' \ -i -n php5" - else - APXS_SYSCONFDIR='$(INSTALL_ROOT)'`$APXS -q SYSCONFDIR` - INSTALL_IT="\$(mkinstalldirs) '$APXS_LIBEXECDIR' && \ - \$(mkinstalldirs) '$APXS_SYSCONFDIR' && \ - $APXS -S LIBEXECDIR='$APXS_LIBEXECDIR' \ - -S SYSCONFDIR='$APXS_SYSCONFDIR' \ - -i -a -n php5" - fi case $host_alias in *aix*) ++++++ php5-missing-extdeps.patch ++++++ --- ext/soap/soap.c.orig +++ ext/soap/soap.c @@ -439,7 +439,7 @@ unsigned char arginfo_soapclient___soapc # define arginfo_soapserver_setobject NULL # define arginfo_soapserver_addfunction NULL # define arginfo_soapserver_getfunctions NULL -# defina arginfo_soapserver_handle NULL +# define arginfo_soapserver_handle NULL # define arginfo_soapserver_fault NULL # define arginfo_soapserver_addsoapheader NULL @@ -516,10 +516,18 @@ static const zend_function_entry soap_he PHP_FE_END }; -zend_module_entry soap_module_entry = { -#ifdef STANDARD_MODULE_HEADER - STANDARD_MODULE_HEADER, +/* {{{ soap dependencies */ +static const zend_module_dep soap_module_deps[] = { + ZEND_MOD_REQUIRED("standard") +#if HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION) + ZEND_MOD_REQUIRED("session") #endif + {NULL, NULL, NULL} +}; + +zend_module_entry soap_module_entry = { + STANDARD_MODULE_HEADER_EX, NULL, + soap_module_deps, "soap", soap_functions, PHP_MINIT(soap), --- ext/wddx/wddx.c.orig +++ ext/wddx/wddx.c @@ -154,10 +154,21 @@ ZEND_GET_MODULE(wddx) #endif /* COMPILE_DL_WDDX */ /* }}} */ +/* {{{ wddx dependencies */ +static const zend_module_dep wddx_module_deps[] = { + ZEND_MOD_REQUIRED("standard") + ZEND_MOD_REQUIRED("xml") + ZEND_MOD_REQUIRED("date") +#if HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION) + ZEND_MOD_REQUIRED("session") +#endif + {NULL, NULL, NULL} +}; /* {{{ wddx_module_entry */ zend_module_entry wddx_module_entry = { - STANDARD_MODULE_HEADER, + STANDARD_MODULE_HEADER_EX, NULL, + wddx_module_deps, "wddx", wddx_functions, PHP_MINIT(wddx), --- ext/filter/filter.c.orig +++ ext/filter/filter.c @@ -132,12 +132,17 @@ static const zend_function_entry filter_ }; /* }}} */ +/* {{{ filter dependencies */ +static const zend_module_dep filter_module_deps[] = { + ZEND_MOD_REQUIRED("standard") + ZEND_MOD_REQUIRED("pcre") + {NULL, NULL, NULL} +}; /* {{{ filter_module_entry */ zend_module_entry filter_module_entry = { -#if ZEND_MODULE_API_NO >= 20010901 - STANDARD_MODULE_HEADER, -#endif + STANDARD_MODULE_HEADER_EX, NULL, + filter_module_deps, "filter", filter_functions, PHP_MINIT(filter), --- ext/mbstring/mbstring.c.orig +++ ext/mbstring/mbstring.c @@ -561,9 +561,19 @@ const zend_function_entry mbstring_funct }; /* }}} */ +/* {{{ mbstring dependencies */ +static const zend_module_dep mbstring_module_deps[] = { + ZEND_MOD_REQUIRED("standard") +#if (HAVE_PCRE || HAVE_BUNDLED_PCRE) && !HAVE_ONIG + ZEND_MOD_REQUIRED("pcre") +#endif + {NULL, NULL, NULL} +}; + /* {{{ zend_module_entry mbstring_module_entry */ zend_module_entry mbstring_module_entry = { - STANDARD_MODULE_HEADER, + STANDARD_MODULE_HEADER_EX, NULL, + mbstring_module_deps, "mbstring", mbstring_functions, PHP_MINIT(mbstring), ++++++ php5-openssl.patch ++++++ --- ext/openssl/openssl.c.orig +++ ext/openssl/openssl.c @@ -47,6 +47,7 @@ #include <openssl/rand.h> #include <openssl/ssl.h> #include <openssl/pkcs12.h> +#include <openssl/engine.h> /* Common */ #include <time.h> @@ -979,10 +980,16 @@ PHP_MINIT_FUNCTION(openssl) le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number); le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number); + OPENSSL_config(NULL); SSL_library_init(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); +/* Load all bundled ENGINEs into memory and make them visible */ + ENGINE_load_builtin_engines(); + /* Register all of them for every algorithm they collectively implement */ + ENGINE_register_all_complete(); + ERR_load_ERR_strings(); ERR_load_crypto_strings(); --- ext/openssl/xp_ssl.c.orig +++ ext/openssl/xp_ssl.c @@ -376,7 +376,9 @@ static inline int php_openssl_setup_cryp php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create an SSL context"); return -1; } - +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(sslsock->ctx, SSL_MODE_RELEASE_BUFFERS); +#endif SSL_CTX_set_options(sslsock->ctx, SSL_OP_ALL); #if OPENSSL_VERSION_NUMBER >= 0x0090806fL ++++++ php5-php-config.patch ++++++ --- scripts/php-config.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: scripts/php-config.in =================================================================== --- scripts/php-config.in.orig 2007-08-24 13:44:10.000000000 +0200 +++ scripts/php-config.in 2010-08-03 06:31:18.786529000 +0200 @@ -5,7 +5,7 @@ prefix="@prefix@" exec_prefix="@exec_prefix@" version="@PHP_VERSION@" vernum="@PHP_VERSION_ID@" -include_dir="@includedir@/php" +include_dir="@includedir@/php5" includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib" ldflags="@PHP_LDFLAGS@" libs="@EXTRA_LIBS@" ++++++ php5-phpize.patch ++++++ --- scripts/Makefile.frag | 4 ++-- scripts/phpize.in | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) Index: scripts/Makefile.frag =================================================================== --- scripts/Makefile.frag.orig 2010-07-13 19:24:13.000000000 +0200 +++ scripts/Makefile.frag 2010-08-03 06:31:18.109614000 +0200 @@ -3,8 +3,8 @@ # Build environment install # -phpincludedir = $(includedir)/php -phpbuilddir = $(libdir)/build +phpincludedir = $(includedir)/php5 +phpbuilddir = $(datadir)/build BUILD_FILES = \ scripts/phpize.m4 \ Index: scripts/phpize.in =================================================================== --- scripts/phpize.in.orig 2009-06-24 09:42:33.000000000 +0200 +++ scripts/phpize.in 2010-08-03 06:31:18.115618000 +0200 @@ -3,8 +3,8 @@ # Variable declaration prefix='@prefix@' exec_prefix="`eval echo @exec_prefix@`" -phpdir="`eval echo @libdir@`/build" -includedir="`eval echo @includedir@`/php" +phpdir="`eval echo @datadir@`/build" +includedir="`eval echo @includedir@`/php5" builddir="`pwd`" SED="@SED@" ++++++ suhosin-patch-5.3.3-0.9.10.patch.gz ++++++ ++++ 5803 lines (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit log4c for openSUSE:Factory
by root＠hilbert.suse.de 30 Jul '14

30 Jul '14

Hello community, here is the log from the commit of package log4c for openSUSE:Factory checked in at 2014-07-30 07:34:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/log4c (Old) and /work/SRC/openSUSE:Factory/.log4c.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "log4c" Changes: -------- --- /work/SRC/openSUSE:Factory/log4c/log4c.changes 2013-10-14 22:04:14.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.log4c.new/log4c.changes 2014-07-30 07:35:04.000000000 +0200 @@ -1,0 +2,6 @@ +Tue Jul 29 11:57:42 UTC 2014 - ctrippe(a)opensuse.org + +- add BuildRequires: tex(wasysym.sty) + BuildRequires: tex(wasy7.tfm) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ log4c.spec ++++++ --- /var/tmp/diff_new_pack.zCQ1fd/_old 2014-07-30 07:35:05.000000000 +0200 +++ /var/tmp/diff_new_pack.zCQ1fd/_new 2014-07-30 07:35:05.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package log4c # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -51,6 +51,8 @@ BuildRequires: tex(natbib.sty) BuildRequires: tex(sectsty.sty) BuildRequires: tex(tocloft.sty) +BuildRequires: tex(wasy7.tfm) +BuildRequires: tex(wasysym.sty) BuildRequires: tex(xtab.sty) %endif -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit yast2-packager for openSUSE:Factory
by root＠hilbert.suse.de 30 Jul '14

30 Jul '14

Hello community, here is the log from the commit of package yast2-packager for openSUSE:Factory checked in at 2014-07-30 07:34:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-packager (Old) and /work/SRC/openSUSE:Factory/.yast2-packager.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2-packager" Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-packager/yast2-packager.changes 2014-07-28 06:31:21.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-packager.new/yast2-packager.changes 2014-07-30 07:35:03.000000000 +0200 @@ -1,0 +2,20 @@ +Tue Jul 29 15:52:43 UTC 2014 - lslezak(a)suse.cz + +- ag_zypp_repos - do not try parsing directory entries in + /etc/zypp/repos.d/, that leads to invalid values (bnc#867911) +- 3.1.35 + +------------------------------------------------------------------- +Tue Jul 29 13:22:35 UTC 2014 - jreidinger(a)suse.com + +- remove slide show display time recalculation to improve slide + show user experience (bnc#885973) +- 3.1.34 + +------------------------------------------------------------------- +Mon Jul 28 13:10:51 UTC 2014 - ancor(a)suse.com + +- fixed reading of /proc/cmdline containing newline (bnc#887844) +- 3.1.33 + +------------------------------------------------------------------- Old: ---- yast2-packager-3.1.32.tar.bz2 New: ---- yast2-packager-3.1.35.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-packager.spec ++++++ --- /var/tmp/diff_new_pack.EorulZ/_old 2014-07-30 07:35:04.000000000 +0200 +++ /var/tmp/diff_new_pack.EorulZ/_new 2014-07-30 07:35:04.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-packager -Version: 3.1.32 +Version: 3.1.35 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-packager-3.1.32.tar.bz2 -> yast2-packager-3.1.35.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-packager-3.1.32/package/yast2-packager.changes new/yast2-packager-3.1.35/package/yast2-packager.changes --- old/yast2-packager-3.1.32/package/yast2-packager.changes 2014-07-25 16:44:12.000000000 +0200 +++ new/yast2-packager-3.1.35/package/yast2-packager.changes 2014-07-29 18:09:45.000000000 +0200 @@ -1,4 +1,24 @@ ------------------------------------------------------------------- +Tue Jul 29 15:52:43 UTC 2014 - lslezak(a)suse.cz + +- ag_zypp_repos - do not try parsing directory entries in + /etc/zypp/repos.d/, that leads to invalid values (bnc#867911) +- 3.1.35 + +------------------------------------------------------------------- +Tue Jul 29 13:22:35 UTC 2014 - jreidinger(a)suse.com + +- remove slide show display time recalculation to improve slide + show user experience (bnc#885973) +- 3.1.34 + +------------------------------------------------------------------- +Mon Jul 28 13:10:51 UTC 2014 - ancor(a)suse.com + +- fixed reading of /proc/cmdline containing newline (bnc#887844) +- 3.1.33 + +------------------------------------------------------------------- Fri Jul 25 14:35:30 UTC 2014 - ancor(a)suse.com - adjust width of drive selection dialog (bnc#882657) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-packager-3.1.32/package/yast2-packager.spec new/yast2-packager-3.1.35/package/yast2-packager.spec --- old/yast2-packager-3.1.32/package/yast2-packager.spec 2014-07-25 16:44:12.000000000 +0200 +++ new/yast2-packager-3.1.35/package/yast2-packager.spec 2014-07-29 18:09:45.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-packager -Version: 3.1.32 +Version: 3.1.35 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-packager-3.1.32/src/modules/PackageSlideShow.rb new/yast2-packager-3.1.35/src/modules/PackageSlideShow.rb --- old/yast2-packager-3.1.32/src/modules/PackageSlideShow.rb 2014-07-25 16:44:12.000000000 +0200 +++ new/yast2-packager-3.1.35/src/modules/PackageSlideShow.rb 2014-07-29 18:09:45.000000000 +0200 @@ -708,71 +708,6 @@ log.debug "Recalculated remaining time: #{@remaining_times_per_cd_per_src}" end - - # Recalculate slide interval - - if Slides.HaveSlides - slides_remaining = Slides.slides.size - SlideShow.current_slide_no - 1 - - if slides_remaining > 0 - # The remaining time for the rest of the slides depends on the - # remaining time for the current CD only: This is where the - # slide images and texts reside. Normally, only CD1 has slides - # at all, i.e. the slide show must be finished when CD1 is - # done. - # - # In addition to that, take elapsed time for current slide - # into account so all slides get about the same time. - - time_remaining = Ops.subtract( - Ops.add( - Ops.get( - @remaining_times_per_cd_per_src, - [ - Ops.subtract(@current_src_no, 1), - Ops.subtract(@current_cd_no, 1) - ], - 1 - ), - ::Time.now.to_i - ), - SlideShow.slide_start_time - ) - SlideShow.slide_interval = Ops.divide( - time_remaining, - slides_remaining - ) - Builtins.y2debug( - "New slide interval: %1 - slides remaining: %2 - remaining time: %3", - SlideShow.slide_interval, - slides_remaining, - time_remaining - ) - - if Ops.less_than( - SlideShow.slide_interval, - SlideShow.slide_min_interval - ) - SlideShow.slide_interval = SlideShow.slide_min_interval - Builtins.y2debug( - "Resetting slide interval to min slide interval: %1", - SlideShow.slide_interval - ) - end - - if Ops.greater_than( - SlideShow.slide_interval, - SlideShow.slide_max_interval - ) - SlideShow.slide_interval = SlideShow.slide_max_interval - Builtins.y2debug( - "Resetting slide interval to max slide interval: %1", - SlideShow.slide_interval - ) - end - end - end - SlideShow.next_recalc_time = ::Time.now.to_i + SlideShow.recalc_interval true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-packager-3.1.32/src/modules/Packages.rb new/yast2-packager-3.1.35/src/modules/Packages.rb --- old/yast2-packager-3.1.32/src/modules/Packages.rb 2014-07-25 16:44:12.000000000 +0200 +++ new/yast2-packager-3.1.35/src/modules/Packages.rb 2014-07-29 18:09:45.000000000 +0200 @@ -974,7 +974,7 @@ SCR.Read(path(".target.string"), "/proc/cmdline") ) - options = Builtins.splitstring(cmdline, " \t") + options = cmdline.split(/\s/) if Builtins.contains(options, "biosdevname=1") Builtins.y2milestone("Biosdevname explicitly enabled") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-packager-3.1.32/src/servers_non_y2/ag_zypp_repos new/yast2-packager-3.1.35/src/servers_non_y2/ag_zypp_repos --- old/yast2-packager-3.1.32/src/servers_non_y2/ag_zypp_repos 2014-07-25 16:44:12.000000000 +0200 +++ new/yast2-packager-3.1.35/src/servers_non_y2/ag_zypp_repos 2014-07-29 18:09:45.000000000 +0200 @@ -38,6 +38,12 @@ my $this_entry = {}; $file = $dir.'/'.$file; + + if (-d $file) { + y2warning($file." is a directory, skipping"); + next; + } + y2milestone ("Parsing file: ".$file); open (FILE, $file) || do { y2error ("Cannot open file ".$file.": ".$!); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-packager-3.1.32/test/packages_test.rb new/yast2-packager-3.1.35/test/packages_test.rb --- old/yast2-packager-3.1.32/test/packages_test.rb 2014-07-25 16:44:12.000000000 +0200 +++ new/yast2-packager-3.1.35/test/packages_test.rb 2014-07-29 18:09:45.000000000 +0200 @@ -50,6 +50,13 @@ expect(Yast::Packages.kernelCmdLinePackages.include?("biosdevname")).to be_true end + it "returns biosdevname within the list of required packages with new line at the end" do + Yast::SCR.stub(:Read).with( + SCR_STRING_PATH,"/proc/cmdline" + ).and_return("install=cd:// vga=0x314\nbiosdevname=1\n") + expect(Yast::Packages.kernelCmdLinePackages.include?("biosdevname")).to be_true + end + it "does not return biosdevname within the list of required packages" do Yast::SCR.stub(:Read).with( SCR_STRING_PATH,"/proc/cmdline" -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit yast2 for openSUSE:Factory
by root＠hilbert.suse.de 30 Jul '14

30 Jul '14

Hello community, here is the log from the commit of package yast2 for openSUSE:Factory checked in at 2014-07-30 07:34:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2 (Old) and /work/SRC/openSUSE:Factory/.yast2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2" Changes: -------- --- /work/SRC/openSUSE:Factory/yast2/yast2.changes 2014-07-26 12:20:04.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.yast2.new/yast2.changes 2014-07-30 07:35:00.000000000 +0200 @@ -1,0 +2,20 @@ +Tue Jul 29 13:30:04 UTC 2014 - jreidinger(a)suse.com + +- Fix timing of slideshow - now slides goes in cycle and all have + equal time to display which improve user experience (bnc#885973) +- 3.1.90 + +------------------------------------------------------------------- +Tue Jul 29 08:09:27 UTC 2014 - ancor(a)suse.com + +- Fixed .proc.cmdline parsing to support more situations + (bnc#889241) +- 3.1.89 + +------------------------------------------------------------------- +Tue Jul 29 06:46:55 UTC 2014 - jreidinger(a)suse.com + +- fix hidding cd statistics in text only mode (bnc#864507) +- 3.1.88 + +------------------------------------------------------------------- Old: ---- yast2-3.1.87.tar.bz2 New: ---- yast2-3.1.90.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2.spec ++++++ --- /var/tmp/diff_new_pack.YpE5qD/_old 2014-07-30 07:35:01.000000000 +0200 +++ /var/tmp/diff_new_pack.YpE5qD/_new 2014-07-30 07:35:01.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2 -Version: 3.1.87 +Version: 3.1.90 Release: 0 Url: https://github.com/yast/yast-yast2 @@ -100,8 +100,8 @@ Conflicts: yast2-installation < 2.18.5 Conflicts: yast2-update < 2.16.1 -# Modules 'Slides' and 'SlideShow' moved from yast2-packager to yast2 -Conflicts: yast2-packager < 2.17.12 +# Older packager use removed API +Conflicts: yast2-packager < 3.1.34 Conflicts: yast2-mouse < 2.16.0 Conflicts: autoyast2-installation < 2.16.2 # country_long.ycp and country.ycp moved to yast2 ++++++ yast2-3.1.87.tar.bz2 -> yast2-3.1.90.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.87/library/general/test/Makefile.am new/yast2-3.1.90/library/general/test/Makefile.am --- old/yast2-3.1.87/library/general/test/Makefile.am 2014-07-25 18:57:09.000000000 +0200 +++ new/yast2-3.1.90/library/general/test/Makefile.am 2014-07-29 16:02:44.000000000 +0200 @@ -1,9 +1,10 @@ TESTS = \ asciifile_test.rb \ - linuxrc_test.rb \ hooks_test.rb \ + linuxrc_test.rb \ os_release_test.rb \ - popup_test.rb + popup_test.rb \ + agents_test/proc_meminfo_agent_test.rb TEST_EXTENSIONS = .rb RB_LOG_COMPILER = rspec diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.87/library/general/test/agents_test/proc_meminfo_agent_test.rb new/yast2-3.1.90/library/general/test/agents_test/proc_meminfo_agent_test.rb --- old/yast2-3.1.87/library/general/test/agents_test/proc_meminfo_agent_test.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-3.1.90/library/general/test/agents_test/proc_meminfo_agent_test.rb 2014-07-29 16:02:44.000000000 +0200 @@ -0,0 +1,34 @@ +require_relative "../test_helper" +require "yast" + +describe ".proc.meminfo" do + + AGENT_PATH = Yast::Path.new(".proc.meminfo") + before :each do + root = File.join(File.dirname(__FILE__), "test_root") + check_version = false + handle = Yast::WFM.SCROpen("chroot=#{root}:scr", check_version) + Yast::WFM.SCRSetDefault(handle) + end + + after :each do + Yast::WFM.SCRClose(Yast::WFM.SCRGetDefault) + end + + describe ".Read" do + it "read content of /proc/meminfo return hash" do + content = Yast::SCR.Read(AGENT_PATH) + expect(content).to be_a(Hash) + end + + it "returned hash contain memtotal key" do + content = Yast::SCR.Read(AGENT_PATH) + expect(content).to include("memtotal" => 1021032) + end + + it "returned hash contain memfree key" do + content = Yast::SCR.Read(AGENT_PATH) + expect(content).to include("memfree" => 83408) + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.87/library/general/test/agents_test/test_root/proc/meminfo new/yast2-3.1.90/library/general/test/agents_test/test_root/proc/meminfo --- old/yast2-3.1.87/library/general/test/agents_test/test_root/proc/meminfo 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-3.1.90/library/general/test/agents_test/test_root/proc/meminfo 2014-07-29 16:02:44.000000000 +0200 @@ -0,0 +1,42 @@ +MemTotal: 1021032 kB +MemFree: 83408 kB +Buffers: 215132 kB +Cached: 278812 kB +SwapCached: 1280 kB +Active: 353916 kB +Inactive: 395504 kB +Active(anon): 88012 kB +Inactive(anon): 171404 kB +Active(file): 265904 kB +Inactive(file): 224100 kB +Unevictable: 0 kB +Mlocked: 0 kB +SwapTotal: 514072 kB +SwapFree: 471668 kB +Dirty: 28 kB +Writeback: 0 kB +AnonPages: 254412 kB +Mapped: 27508 kB +Shmem: 3940 kB +Slab: 151292 kB +SReclaimable: 127604 kB +SUnreclaim: 23688 kB +KernelStack: 2200 kB +PageTables: 21072 kB +NFS_Unstable: 0 kB +Bounce: 0 kB +WritebackTmp: 0 kB +CommitLimit: 1024588 kB +Committed_AS: 813988 kB +VmallocTotal: 34359738367 kB +VmallocUsed: 3512 kB +VmallocChunk: 34359734775 kB +HardwareCorrupted: 0 kB +AnonHugePages: 22528 kB +HugePages_Total: 0 +HugePages_Free: 0 +HugePages_Rsvd: 0 +HugePages_Surp: 0 +Hugepagesize: 2048 kB +DirectMap4k: 49144 kB +DirectMap2M: 999424 kB diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.87/library/packages/src/modules/SlideShow.rb new/yast2-3.1.90/library/packages/src/modules/SlideShow.rb --- old/yast2-3.1.87/library/packages/src/modules/SlideShow.rb 2014-07-25 18:57:09.000000000 +0200 +++ new/yast2-3.1.90/library/packages/src/modules/SlideShow.rb 2014-07-29 16:02:44.000000000 +0200 @@ -136,9 +136,7 @@ @current_slide_no = 0 @slide_start_time = 0 - @slide_min_interval = 30 # const - minimum seconds between slide changes - @slide_max_interval = 3 * 60 # const - maximum seconds between slide changes - @slide_interval = @slide_min_interval + @slide_interval = 30 # FIXME constant @language = "en" @widgets_created = false @user_switched_to_details = false @@ -464,7 +462,8 @@ # @param [Fixnum] slide_no number of slide to load # def LoadSlide(slide_no) - slide_no = 0 if Ops.greater_than(slide_no, Builtins.size(Slides.slides)) + slide_no = 0 if slide_no >= Slides.slides.size + log.info "load slide #{slide_no}" @current_slide_no = slide_no @@ -481,16 +480,8 @@ # necessary. # def ChangeSlideIfNecessary - if Ops.less_than( - Ops.add(@current_slide_no, 1), - Builtins.size(Slides.slides) - ) && - Ops.greater_than( - Builtins.time, - Ops.add(@slide_start_time, @slide_interval) - ) - Builtins.y2debug("Loading slide #%1", Ops.add(@current_slide_no, 2)) - LoadSlide(Ops.add(@current_slide_no, 1)) + if Builtins.time > (@slide_start_time + @slide_interval) + LoadSlide(@current_slide_no + 1) end nil @@ -611,7 +602,7 @@ # Rebuild the details page. def RebuildDetailsView if UI.WidgetExists(:tabContents) - UI.ChangeWidget(:dumbTab, :CurrentItem, :showDetails) + UI.ChangeWidget(:dumbTab, :CurrentItem, :showDetails) if UI.WidgetExists(:dumbTab) UI.ReplaceWidget(:tabContents, DetailsPageWidgets()) Builtins.y2milestone("Contents set to details") end @@ -716,8 +707,8 @@ ) ) else - # no tabs - contents = DetailsPageWidgets() + # no tabs, but we need to modify hide cd statistics table, so add replace point + contents = ReplacePoint(Id(:tabContents), DetailsPageWidgets()) end Builtins.y2milestone("SlideShow contents: %1", contents) @@ -784,7 +775,7 @@ # Initialize generic data to default values def Reset - @current_slide_no = 0 + @current_slide_no = -1 @slide_start_time = 0 @total_time_elapsed = 0 @start_time = -1 @@ -1058,8 +1049,6 @@ publish :variable => :next_recalc_time, :type => "integer" publish :variable => :current_slide_no, :type => "integer" publish :variable => :slide_start_time, :type => "integer" - publish :variable => :slide_min_interval, :type => "integer" - publish :variable => :slide_max_interval, :type => "integer" publish :variable => :slide_interval, :type => "integer" publish :variable => :language, :type => "string" publish :variable => :widgets_created, :type => "boolean" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.87/library/system/src/scrconf/proc_cmdline.scr new/yast2-3.1.90/library/system/src/scrconf/proc_cmdline.scr --- old/yast2-3.1.87/library/system/src/scrconf/proc_cmdline.scr 2014-07-25 18:57:09.000000000 +0200 +++ new/yast2-3.1.90/library/system/src/scrconf/proc_cmdline.scr 2014-07-29 16:02:44.000000000 +0200 @@ -21,8 +21,8 @@ "#\n", // comment true, // read-only (`List( - `String("^ \n"), - " " + `String("^ \n\t"), + `Separator(" \n\t") )) ) ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.87/library/system/test/data/cmdline-newlines/proc/cmdline new/yast2-3.1.90/library/system/test/data/cmdline-newlines/proc/cmdline --- old/yast2-3.1.87/library/system/test/data/cmdline-newlines/proc/cmdline 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-3.1.90/library/system/test/data/cmdline-newlines/proc/cmdline 2014-07-29 16:02:44.000000000 +0200 @@ -0,0 +1,2 @@ +initrd=initrd splash=silent +install=hd:/// biosdevname=1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.87/library/system/test/data/cmdline-simple/proc/cmdline new/yast2-3.1.90/library/system/test/data/cmdline-simple/proc/cmdline --- old/yast2-3.1.87/library/system/test/data/cmdline-simple/proc/cmdline 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-3.1.90/library/system/test/data/cmdline-simple/proc/cmdline 2014-07-29 16:02:44.000000000 +0200 @@ -0,0 +1 @@ +initrd=initrd splash=silent install=hd:/// biosdevname=1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.87/library/system/test/data/cmdline-twoseparators/proc/cmdline new/yast2-3.1.90/library/system/test/data/cmdline-twoseparators/proc/cmdline --- old/yast2-3.1.87/library/system/test/data/cmdline-twoseparators/proc/cmdline 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-3.1.90/library/system/test/data/cmdline-twoseparators/proc/cmdline 2014-07-29 16:02:44.000000000 +0200 @@ -0,0 +1 @@ +initrd=initrd splash=silent install=hd:/// biosdevname=1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.87/library/system/test/proc_cmdline_test.rb new/yast2-3.1.90/library/system/test/proc_cmdline_test.rb --- old/yast2-3.1.87/library/system/test/proc_cmdline_test.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-3.1.90/library/system/test/proc_cmdline_test.rb 2014-07-29 16:02:44.000000000 +0200 @@ -0,0 +1,41 @@ +#! /usr/bin/rspec + +top_srcdir = File.expand_path("../../../..", __FILE__) +inc_dirs = Dir.glob("#{top_srcdir}/library/*/src") +ENV["Y2DIR"] = inc_dirs.join(":") + +require "yast" + +Yast.import "SCR" + +DEFAULT_DATA_DIR = File.join(File.expand_path(File.dirname(__FILE__)), "data") + +def set_root_path(directory) + root = File.join(DEFAULT_DATA_DIR, directory) + desc = Yast::WFM.SCROpen("chroot=#{root}:scr", false) + Yast::WFM.SCRSetDefault(desc) +end + +describe "SCR" do + describe ".proc.cmdline" do + describe "Read" do + let(:expected_list) { %w(biosdevname=1 initrd=initrd install=hd:/// splash=silent) } + let(:read_list) { Yast::SCR.Read(Yast::Path.new(".proc.cmdline")).sort } + + it "parses correctly simple files" do + set_root_path("cmdline-simple") + expect(read_list).to eq(expected_list) + end + + it "parses correctly files with two separators" do + set_root_path("cmdline-twoseparators") + expect(read_list).to eq(expected_list) + end + + it "parses correctly files with several lines" do + set_root_path("cmdline-newlines") + expect(read_list).to eq(expected_list) + end + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.87/package/yast2.changes new/yast2-3.1.90/package/yast2.changes --- old/yast2-3.1.87/package/yast2.changes 2014-07-25 18:57:09.000000000 +0200 +++ new/yast2-3.1.90/package/yast2.changes 2014-07-29 16:02:44.000000000 +0200 @@ -1,4 +1,24 @@ ------------------------------------------------------------------- +Tue Jul 29 13:30:04 UTC 2014 - jreidinger(a)suse.com + +- Fix timing of slideshow - now slides goes in cycle and all have + equal time to display which improve user experience (bnc#885973) +- 3.1.90 + +------------------------------------------------------------------- +Tue Jul 29 08:09:27 UTC 2014 - ancor(a)suse.com + +- Fixed .proc.cmdline parsing to support more situations + (bnc#889241) +- 3.1.89 + +------------------------------------------------------------------- +Tue Jul 29 06:46:55 UTC 2014 - jreidinger(a)suse.com + +- fix hidding cd statistics in text only mode (bnc#864507) +- 3.1.88 + +------------------------------------------------------------------- Thu Jul 24 12:09:29 CEST 2014 - locilka(a)suse.com - Fixed checking for :active state of a systemd unit - it's :active diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.87/package/yast2.spec new/yast2-3.1.90/package/yast2.spec --- old/yast2-3.1.87/package/yast2.spec 2014-07-25 18:57:09.000000000 +0200 +++ new/yast2-3.1.90/package/yast2.spec 2014-07-29 16:02:44.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2 -Version: 3.1.87 +Version: 3.1.90 Release: 0 URL: https://github.com/yast/yast-yast2 @@ -94,8 +94,8 @@ Conflicts: yast2-installation < 2.18.5 Conflicts: yast2-update < 2.16.1 -# Modules 'Slides' and 'SlideShow' moved from yast2-packager to yast2 -Conflicts: yast2-packager < 2.17.12 +# Older packager use removed API +Conflicts: yast2-packager < 3.1.34 Conflicts: yast2-mouse < 2.16.0 Conflicts: autoyast2-installation < 2.16.2 # country_long.ycp and country.ycp moved to yast2 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit yast2-theme for openSUSE:Factory
by root＠hilbert.suse.de 30 Jul '14

30 Jul '14

Hello community, here is the log from the commit of package yast2-theme for openSUSE:Factory checked in at 2014-07-30 07:34:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-theme (Old) and /work/SRC/openSUSE:Factory/.yast2-theme.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2-theme" Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-theme/yast2-theme-SLE.changes 2014-07-24 06:57:28.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-theme.new/yast2-theme-SLE.changes 2014-07-30 07:34:59.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Jul 28 02:19:01 UTC 2014 - nwang(a)suse.com + +- BNC#888070. Add icons of yast2 iplb and yast2 geo-cluster. +- 3.1.23 + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/yast2-theme/yast2-theme.changes 2014-05-10 07:49:04.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-theme.new/yast2-theme.changes 2014-07-30 07:34:59.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Jul 28 02:17:18 UTC 2014 - nwang(a)suse.com + +- BNC#888070. Add icons of yast2 iplb and yast2 geo-cluster. +- 3.1.23 + +------------------------------------------------------------------- Old: ---- yast2-theme-3.1.22.tar.bz2 New: ---- yast2-theme-3.1.23.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-theme-SLE.spec ++++++ --- /var/tmp/diff_new_pack.IYJXDD/_old 2014-07-30 07:35:00.000000000 +0200 +++ /var/tmp/diff_new_pack.IYJXDD/_new 2014-07-30 07:35:00.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-theme-SLE -Version: 3.1.22 +Version: 3.1.23 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build yast2-theme.spec: same change ++++++ yast2-theme-3.1.22.tar.bz2 -> yast2-theme-3.1.23.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/yast2-theme/yast2-theme-3.1.22.tar.bz2 /work/SRC/openSUSE:Factory/.yast2-theme.new/yast2-theme-3.1.23.tar.bz2 differ: char 11, line 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0