September 2014 - openSUSE Commits - openSUSE Mailing Lists

commit pumpa for openSUSE:Factory
by root＠hilbert.suse.de 03 Sep '14

03 Sep '14

Hello community, here is the log from the commit of package pumpa for openSUSE:Factory checked in at 2014-09-03 18:23:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pumpa (Old) and /work/SRC/openSUSE:Factory/.pumpa.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "pumpa" Changes: -------- --- /work/SRC/openSUSE:Factory/pumpa/pumpa.changes 2014-06-10 14:38:49.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pumpa.new/pumpa.changes 2014-09-03 20:48:59.000000000 +0200 @@ -1,0 +2,15 @@ +Mon Aug 25 17:05:31 UTC 2014 - sor.alexei(a)meowr.ru + +- Update to 0.9 + * Support for editing posts and comments (in HTML only) + * Better display of deleted posts + * Be better about showing comments in temporal order + * Complete @-tagging with display name instead of nick name + * More aggressive about reloading inbox to better get missing replies + * Fixed UTF-8 bug introduced in v0.8.4 + * Fixed bug where image upload consistently fails after an aborted upload + * Fixed download manager memory leaks + * Fixed bug where copy by Ctrl-C didn't work in text widgets + * Various minor bug fixes + +------------------------------------------------------------------- Old: ---- pumpa-0.8.4.tar.gz New: ---- pumpa-0.9.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pumpa.spec ++++++ --- /var/tmp/diff_new_pack.wrwuM6/_old 2014-09-03 20:49:00.000000000 +0200 +++ /var/tmp/diff_new_pack.wrwuM6/_new 2014-09-03 20:49:00.000000000 +0200 @@ -17,17 +17,18 @@ Name: pumpa -Version: 0.8.4 +Version: 0.9 Release: 0 Summary: A simple pump.io client written in C++/Qt License: GPL-3.0+ Group: System/GUI -Url: http://saz.im/software/pumpa.html +Url: https://pumpa.branchable.com/ Source: %{name}-%{version}.tar.gz BuildRequires: aspell-devel BuildRequires: fdupes BuildRequires: gcc-c++ +BuildRequires: libtidy-0_99-0-devel BuildRequires: pkg-config BuildRequires: update-desktop-files BuildRequires: pkgconfig(Qt5Core) @@ -47,21 +48,20 @@ %build %{_libqt5_bindir}/qmake -makefile %{name}.pro \ QMAKE_CFLAGS="%{optflags}" \ - QMAKE_CXXFLAGS="%{optflags}" + QMAKE_CXXFLAGS="%{optflags}" \ + PREFIX=%{_prefix} make %{?_smp_mflags} %install -make install +make INSTALL_ROOT=%{buildroot} install mkdir -p %{buildroot}%{_datadir}/%{name}/images/ %{buildroot}%{_datadir}/%{name}/translations/ -install -Dm 0644 images/%{name}.png %{buildroot}/%{_datadir}/icons/hicolor/32x32/apps/%{name}.png -install -Dm 0755 %{name} %{buildroot}%{_bindir}/%{name} -install -Dm 0644 %{name}.desktop %{buildroot}%{_datadir}/applications/%{name}.desktop +install -m 0644 %{name}.desktop %{buildroot}%{_datadir}/applications/%{name}.desktop install -m 0644 images/* %{buildroot}%{_datadir}/%{name}/images/ install -m 0644 translations/*.qm %{buildroot}%{_datadir}/%{name}/translations/ %suse_update_desktop_file -G "pump.io client" -r %{name} Network InstantMessaging -fdupes %{buildroot} +fdupes -s %{buildroot} %find_lang %{name} --with-qt %files ++++++ pumpa-0.8.4.tar.gz -> pumpa-0.9.tar.gz ++++++ ++++ 10059 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit proftpd for openSUSE:Factory
by root＠hilbert.suse.de 03 Sep '14

03 Sep '14

Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2014-09-03 18:23:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "proftpd" Changes: -------- --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2014-03-26 16:41:45.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2014-09-03 20:48:29.000000000 +0200 @@ -1,0 +2,25 @@ +Mon Sep 1 22:04:02 UTC 2014 - andreas.stieger(a)gmx.de + +- ProFTPD 1.3.5 + * Added support for SHA-256, SHA-512 password hashes to the ftpasswd tool + * New Modules + mod_geoip, mod_log_forensic, mod_rlimit, mod_snmp, mod_dnsbl + * mod_sftp now supports ECC, ECDSA, ECDH + * Improved FIPS support in mod_sftp. + * mod_sftp module now honors the MaxStoreFileSize directive. + * Many new and changed configuration directives +- update proftpd-no_BuildDate.patch + +------------------------------------------------------------------- +Mon Sep 1 19:00:57 UTC 2014 - andreas.stieger(a)gmx.de + +- proftpd 1.3.4e: + Multiple other backported fix from the 1.3.5 branch. + See http://www.proftpd.org/docs/NEWS-1.3.4e +- The fix for the mod_sftp/mod_sftp_pam memory allocation + (CVE-2013-4359) contained in this release was previously patched + into the package. +- adjust proftpd-no_BuildDate.patch for context changes +- remove proftpd-sftp-kbdint-max-responses-bug3973.patch, upstream + +------------------------------------------------------------------- Old: ---- proftpd-1.3.4d.tar.gz proftpd-1.3.4d.tar.gz.asc proftpd-sftp-kbdint-max-responses-bug3973.patch New: ---- proftpd-1.3.5.tar.gz proftpd-1.3.5.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ proftpd.spec ++++++ --- /var/tmp/diff_new_pack.by2cy6/_old 2014-09-03 20:48:32.000000000 +0200 +++ /var/tmp/diff_new_pack.by2cy6/_new 2014-09-03 20:48:32.000000000 +0200 @@ -22,7 +22,7 @@ Group: Productivity/Networking/Ftp/Servers # Please save your time and do not update to "rc" versions. # We only accept updates for "STABLE" Versions -Version: 1.3.4d +Version: 1.3.5 Release: 0 Url: http://www.proftpd.org/ Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz @@ -42,14 +42,13 @@ Patch103: %{name}-strip.patch #PATCH-FIX-openSUSE: file-contains-date-and-time Patch104: %{name}-no_BuildDate.patch -# PATCH-FIX-upstream: sftp-kbdint-max-responses-bug3973 -Patch105: %{name}-sftp-kbdint-max-responses-bug3973.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gpg-offline BuildRequires: krb5-devel BuildRequires: libacl-devel BuildRequires: libattr-devel #BuildRequires: libmemcached-devel +BuildRequires: libGeoIP-devel BuildRequires: mysql-devel BuildRequires: ncurses-devel BuildRequires: openldap2-devel @@ -142,8 +141,7 @@ %patch101 %patch102 %patch103 -%patch104 -%patch105 +%patch104 -p1 %build rm contrib/mod_wrap.c @@ -260,7 +258,7 @@ %files -f %{name}.lang %endif %defattr(-,root,root,-) -%doc COPYING CREDITS ChangeLog INSTALL NEWS README* RELEASE_NOTES +%doc COPYING CREDITS ChangeLog NEWS README* RELEASE_NOTES %doc contrib/README.* #%doc contrib/xferstats.holger-preiss* #%doc contrib/ftpasswd contrib/ftpquota @@ -270,6 +268,7 @@ %config(noreplace) %attr(0644,root,ftp) %{_sysconfdir}/%{name}/auth/passwd %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf +%{_sysconfdir}/%{name}/PROFTPD-MIB.txt %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/pam.d/%{name} %config(noreplace) %{_sysconfdir}/xinetd.d/%{name} ++++++ proftpd-1.3.4d.tar.gz -> proftpd-1.3.5.tar.gz ++++++ /work/SRC/openSUSE:Factory/proftpd/proftpd-1.3.4d.tar.gz /work/SRC/openSUSE:Factory/.proftpd.new/proftpd-1.3.5.tar.gz differ: char 5, line 1 ++++++ proftpd-no_BuildDate.patch ++++++ --- /var/tmp/diff_new_pack.by2cy6/_old 2014-09-03 20:48:32.000000000 +0200 +++ /var/tmp/diff_new_pack.by2cy6/_new 2014-09-03 20:48:32.000000000 +0200 @@ -1,38 +1,14 @@ -Index: src/main.c +--- + Makefile.in | 14 ++++++-------- + contrib/mod_snmp/db.c | 2 +- + include/version.h | 2 -- + src/main.c | 6 ++---- + 4 files changed, 9 insertions(+), 15 deletions(-) + +Index: proftpd-1.3.5/Makefile.in =================================================================== ---- src/main.c.orig -+++ src/main.c -@@ -2703,8 +2703,8 @@ static void standalone_main(void) { - - init_bindings(); - -- pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s (built %s) standalone mode STARTUP", -- PROFTPD_VERSION_TEXT " " PR_STATUS, BUILD_STAMP); -+ pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s standalone mode STARTUP", -+ PROFTPD_VERSION_TEXT " " PR_STATUS); - - pr_pidfile_write(); - daemon_loop(); -@@ -2759,7 +2759,6 @@ static void show_settings(void) { - printf("%s", " Platform: " PR_PLATFORM " [unknown]\n"); - #endif /* !HAVE_UNAME */ - -- printf("%s", " Built: " BUILD_STAMP "\n"); - printf("%s", " Built With:\n configure " PR_BUILD_OPTS "\n\n"); - - printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n"); -@@ -3271,7 +3270,6 @@ int main(int argc, char *argv[], char ** - - printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n"); - printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION); -- printf(" Built: %s\n\n", BUILD_STAMP); - - modules_list(PR_MODULES_LIST_FL_SHOW_VERSION); - exit(0); -Index: Makefile.in -=================================================================== ---- Makefile.in.orig -+++ Makefile.in +--- proftpd-1.3.5.orig/Makefile.in 2012-10-02 18:10:23.000000000 +0100 ++++ proftpd-1.3.5/Makefile.in 2014-09-01 20:12:57.000000000 +0100 @@ -24,28 +24,26 @@ BUILD_BIN=proftpd$(EXEEXT) ftpcount$(EXE all: $(BUILD_BIN) @@ -68,13 +44,57 @@ @dirs="$(DIRS)"; \ for dir in $$dirs; do \ if [ -d "$$dir" ]; then cd $$dir/ && $(MAKE); fi; \ -Index: include/version.h +Index: proftpd-1.3.5/contrib/mod_snmp/db.c +=================================================================== +--- proftpd-1.3.5.orig/contrib/mod_snmp/db.c 2014-01-27 17:32:16.000000000 +0000 ++++ proftpd-1.3.5/contrib/mod_snmp/db.c 2014-09-01 23:08:18.000000000 +0100 +@@ -1122,7 +1122,7 @@ int snmp_db_get_value(pool *p, unsigned + return 0; + + case SNMP_DB_DAEMON_F_VERSION: +- *str_value = "ProFTPD Version " PROFTPD_VERSION_TEXT " (built at " BUILD_STAMP ")"; ++ *str_value = "ProFTPD Version " PROFTPD_VERSION_TEXT; + *str_valuelen = strlen(*str_value); + + pr_trace_msg(trace_channel, 19, +Index: proftpd-1.3.5/include/version.h =================================================================== ---- include/version.h.orig -+++ include/version.h +--- proftpd-1.3.5.orig/include/version.h 2014-05-15 16:53:13.000000000 +0100 ++++ proftpd-1.3.5/include/version.h 2014-09-01 20:12:57.000000000 +0100 @@ -1,5 +1,3 @@ -#include "buildstamp.h" - /* Application version (in various forms) */ - #define PROFTPD_VERSION_NUMBER 0x0001030408 - #define PROFTPD_VERSION_TEXT "1.3.4d" + #define PROFTPD_VERSION_NUMBER 0x0001030505 + #define PROFTPD_VERSION_TEXT "1.3.5" +Index: proftpd-1.3.5/src/main.c +=================================================================== +--- proftpd-1.3.5.orig/src/main.c 2014-01-25 16:34:09.000000000 +0000 ++++ proftpd-1.3.5/src/main.c 2014-09-01 20:12:57.000000000 +0100 +@@ -2382,8 +2382,8 @@ static void standalone_main(void) { + + init_bindings(); + +- pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s (built %s) standalone mode STARTUP", +- PROFTPD_VERSION_TEXT " " PR_STATUS, BUILD_STAMP); ++ pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s standalone mode STARTUP", ++ PROFTPD_VERSION_TEXT " " PR_STATUS); + + pr_pidfile_write(); + daemon_loop(); +@@ -2438,7 +2438,6 @@ static void show_settings(void) { + printf("%s", " Platform: " PR_PLATFORM " [unknown]\n"); + #endif /* !HAVE_UNAME */ + +- printf("%s", " Built: " BUILD_STAMP "\n"); + printf("%s", " Built With:\n configure " PR_BUILD_OPTS "\n\n"); + + printf("%s", " CFLAGS: " PR_BUILD_CFLAGS "\n"); +@@ -2956,7 +2955,6 @@ int main(int argc, char *argv[], char ** + + printf("ProFTPD Version: %s", PROFTPD_VERSION_TEXT " " PR_STATUS "\n"); + printf(" Scoreboard Version: %08x\n", PR_SCOREBOARD_VERSION); +- printf(" Built: %s\n\n", BUILD_STAMP); + + modules_list(PR_MODULES_LIST_FL_SHOW_VERSION); + exit(0); -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit phpMyAdmin for openSUSE:Factory
by root＠hilbert.suse.de 03 Sep '14

03 Sep '14

Hello community, here is the log from the commit of package phpMyAdmin for openSUSE:Factory checked in at 2014-09-03 18:22:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/phpMyAdmin (Old) and /work/SRC/openSUSE:Factory/.phpMyAdmin.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "phpMyAdmin" Changes: -------- --- /work/SRC/openSUSE:Factory/phpMyAdmin/phpMyAdmin.changes 2014-08-20 17:52:06.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.phpMyAdmin.new/phpMyAdmin.changes 2014-09-03 20:46:27.000000000 +0200 @@ -1,0 +2,27 @@ +Sun Aug 31 21:52:38 UTC 2014 - ecsos(a)schirra.net + +- update to 4.2.8 (2014-08-31) + - sf#4516 Odd export behavior + - sf#4519 Uncaught TypeError: Cannot read property 'success' + of null + - sf#4520 sql.js: cannot read property + - sf#4521 Initially allowed chart types do not match selected + data + - sf#4518 Export to SQL: CREATE TABLE option AUTO_INCREMENT + ignored + - sf#4522 Duplicate column names while assigning index + - sf#4487 Export of partitioned table does not import + - fix bug server_privileges.js: cannot read property + - sf#4527 Importing ODS files with column names having trailing + spaces fails + - sf#4413 Navigation Error in Nav Tree for Search Results Past + the First Page + - fix bug functions.js: Cannot read property 'replace' of undefined + +------------------------------------------------------------------- +Fri Aug 29 14:58:31 UTC 2014 - chris(a)computersalat.de + +- fix for bnc#894107 + * fix post/postun for systemd + +------------------------------------------------------------------- Old: ---- phpMyAdmin-4.2.7.1-all-languages.tar.bz2 New: ---- phpMyAdmin-4.2.8-all-languages.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ phpMyAdmin.spec ++++++ --- /var/tmp/diff_new_pack.Ik5Pxh/_old 2014-09-03 20:46:30.000000000 +0200 +++ /var/tmp/diff_new_pack.Ik5Pxh/_new 2014-09-03 20:46:30.000000000 +0200 @@ -31,10 +31,14 @@ %define ap_grp nogroup %endif +%if 0%{?suse_version} >= 1210 +%define has_systemd 1 +%endif + Summary: Administration of MySQL over the web License: GPL-2.0+ Group: Productivity/Networking/Web/Frontends -Version: 4.2.7.1 +Version: 4.2.8 Release: 0 Url: http://www.phpMyAdmin.net Source0: http://sourceforge.net/projects/phpmyadmin/files/%{name}-%{version}-all-lan… @@ -151,10 +155,18 @@ # set PmaAbsoluteUri ### generate blowfish secret %{__sed} -i -e "s,@FQDN@,$(cat /etc/HOSTNAME)," \ -e "s/\\\$cfg\['blowfish_secret'\] = ''/\$cfg['blowfish_secret'] = '`pwgen -s -1 46`'/" %{pma_config} +%if 0%{?has_systemd} +%service_add_post apache2.service +%else %restart_on_update apache2 +%endif %postun +%if 0%{?has_systemd} +%service_del_postun apache2.service +%else %restart_on_update apache2 +%endif %clean %{__rm} -rf $RPM_BUILD_ROOT ++++++ phpMyAdmin-4.2.7.1-all-languages.tar.bz2 -> phpMyAdmin-4.2.8-all-languages.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/phpMyAdmin/phpMyAdmin-4.2.7.1-all-languages.tar.bz2 /work/SRC/openSUSE:Factory/.phpMyAdmin.new/phpMyAdmin-4.2.8-all-languages.tar.bz2 differ: char 11, line 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit p11-kit for openSUSE:Factory
by root＠hilbert.suse.de 03 Sep '14

03 Sep '14

Hello community, here is the log from the commit of package p11-kit for openSUSE:Factory checked in at 2014-09-03 18:21:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/p11-kit (Old) and /work/SRC/openSUSE:Factory/.p11-kit.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "p11-kit" Changes: -------- --- /work/SRC/openSUSE:Factory/p11-kit/p11-kit.changes 2014-05-27 07:09:37.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.p11-kit.new/p11-kit.changes 2014-09-03 20:29:40.000000000 +0200 @@ -1,0 +2,17 @@ +Fri Aug 29 06:47:50 UTC 2014 - lnussel(a)suse.de + +- new version 0.20.3 + * Fix problems reinitializing managed modules after fork + * Fix bad bookeeping when fail initializing one of the modules + * Fix case where module would be unloaded while in use [#74919] + * Remove assertions when module used before initialized [#74919] + * Fix handling of mmap failure and mapping empty files [#74773] + * Stable p11_kit_be_quiet() and p11_kit_be_loud() functions + * Require automake 1.12 or later + * Build fixes for Windows [#76594 #74149] +- apply patches to avoid errors from certificates with invalid public key + (fdo#82328, bnc#890908, + trust-Dont-use-invalid-public-keys-for-looking-up-.patch, + trust-Print-label-of-certificate-when-complaining-.patch) + +------------------------------------------------------------------- Old: ---- p11-kit-0.20.2.tar.gz p11-kit-0.20.2.tar.gz.sig New: ---- p11-kit-0.20.3.tar.gz p11-kit-0.20.3.tar.gz.sig p11-kit.keyring trust-Dont-use-invalid-public-keys-for-looking-up-.patch trust-Print-label-of-certificate-when-complaining-.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ p11-kit.spec ++++++ --- /var/tmp/diff_new_pack.tUs1UI/_old 2014-09-03 20:29:42.000000000 +0200 +++ /var/tmp/diff_new_pack.tUs1UI/_new 2014-09-03 20:29:42.000000000 +0200 @@ -22,7 +22,7 @@ %define trustdir_static %{pkidir_static}/trust Name: p11-kit -Version: 0.20.2 +Version: 0.20.3 Release: 0 Summary: Library to work with PKCS#11 modules License: BSD-3-Clause @@ -30,10 +30,17 @@ Url: http://p11-glue.freedesktop.org/p11-kit.html Source0: http://p11-glue.freedesktop.org/releases/%{name}-%{version}.tar.gz Source1: http://p11-glue.freedesktop.org/releases/%{name}-%{version}.tar.gz.sig +Source98: p11-kit.keyring Source99: baselibs.conf # patch proposed upstream. If it gets rejected, need to implement # this in ca-certificates. Patch0: 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff +# PATCH-FIX-OPENSUSE +# trust-Print-label-of-certificate-when-complaining-.patch bnc#890908 lnussel(a)suse.de +Patch1: trust-Print-label-of-certificate-when-complaining-.patch +# PATCH-FIX-OPENSUSE +# trust-Dont-use-invalid-public-keys-for-looking-up-.patch bnc#890908 lnussel(a)suse.de +Patch2: trust-Dont-use-invalid-public-keys-for-looking-up-.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -93,6 +100,8 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 +%patch2 -p1 %build # just because of patch0 ++++++ p11-kit-0.20.2.tar.gz -> p11-kit-0.20.3.tar.gz ++++++ ++++ 66676 lines of diff (skipped) ++++++ trust-Dont-use-invalid-public-keys-for-looking-up-.patch ++++++ From 244e885d3e9aae7f7b286f1115a220eb16fa0530 Mon Sep 17 00:00:00 2001 From: Stef Walter <stefw(a)redhat.com> Date: Fri, 8 Aug 2014 08:47:54 +0200 Subject: [PATCH] trust: Don't use invalid public keys for looking up stapled extensions https://bugs.freedesktop.org/show_bug.cgi?id=82328 --- trust/builder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/trust/builder.c b/trust/builder.c index f7ea86a..fd7a662 100644 --- a/trust/builder.c +++ b/trust/builder.c @@ -125,7 +125,7 @@ lookup_extension (p11_builder *builder, { CKA_INVALID }, }; - if (public_key == NULL) + if (public_key == NULL || public_key->type == CKA_INVALID) public_key = p11_attrs_find_valid (cert, CKA_X_PUBLIC_KEY_INFO); /* Look for a stapled certificate extension */ -- 1.9.3++++++ trust-Print-label-of-certificate-when-complaining-.patch ++++++ From 70228770eb96e7121e12632a85e603727ed42431 Mon Sep 17 00:00:00 2001 From: Stef Walter <stefw(a)redhat.com> Date: Fri, 8 Aug 2014 08:47:23 +0200 Subject: [PATCH] trust: Print label of certificate when complaining about basic constraints https://bugs.freedesktop.org/show_bug.cgi?id=82328 --- trust/builder.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/trust/builder.c b/trust/builder.c index 18c09ad..f7ea86a 100644 --- a/trust/builder.c +++ b/trust/builder.c @@ -551,6 +551,7 @@ calc_certificate_category (p11_builder *builder, CK_ATTRIBUTE *public_key, CK_ULONG *category) { + CK_ATTRIBUTE *label; unsigned char *ext; size_t ext_len; bool is_ca = 0; @@ -570,7 +571,10 @@ calc_certificate_category (p11_builder *builder, ret = p11_x509_parse_basic_constraints (builder->asn1_defs, ext, ext_len, &is_ca); free (ext); if (!ret) { - p11_message ("invalid basic constraints certificate extension"); + label = p11_attrs_find_valid (cert, CKA_LABEL); + p11_message ("%.*s: invalid basic constraints certificate extension", + label ? (int)label->ulValueLen : 7, + label ? (char *)label->pValue : "unknown"); return false; } -- 1.9.3-- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit openCryptoki for openSUSE:Factory
by root＠hilbert.suse.de 03 Sep '14

03 Sep '14

Hello community, here is the log from the commit of package openCryptoki for openSUSE:Factory checked in at 2014-09-03 18:23:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openCryptoki (Old) and /work/SRC/openSUSE:Factory/.openCryptoki.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openCryptoki" Changes: -------- --- /work/SRC/openSUSE:Factory/openCryptoki/openCryptoki.changes 2014-02-11 11:59:57.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openCryptoki.new/openCryptoki.changes 2014-09-03 20:28:23.000000000 +0200 @@ -1,0 +2,81 @@ +Fri Aug 15 02:14:21 UTC 2014 - sfalken(a)opensuse.org + +- Specfile Cleanup, Added directory macros in appropriate places + +------------------------------------------------------------------- +Thu Jun 26 06:55:03 UTC 2014 - jjolly(a)suse.com + +- Several package changes as per bnc#880217 + - Added openCryptoki-tmp.conf for lock directory management + - Added 'lite' token support + - Changed from init.d daemon to systemd service + - Updated macros in %pre %post %preun and %postun sections + - Added missing icsf and ep11tok directories to %files section + ocki-3.1_01_ep11_makefile.patch + ocki-3.1_02_ep11_m_init.patch + +- Patches added: + ocki-3.1-fix-libica-link.patch + ocki-3.1_03_ock_obj_mgr.patch + ocki-3.1_04_ep11_opaque2blob_error_handl.patch + ocki-3.1_05_ep11_readme_update.patch + ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch + ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch + ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch + ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch + ocki-3.1_06_0005-Small-reworks.patch + ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch + ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch + +------------------------------------------------------------------- +Thu Jun 5 13:28:29 UTC 2014 - jjolly(a)suse.com + +- Moved libpkcs11_icsf 32-bit out of s390-specific files + +------------------------------------------------------------------- +Thu Jun 5 13:00:31 UTC 2014 - jjolly(a)suse.com + +- Made ep11tok.conf and pkcsep11_migrate specific to s390/s390x +- Added libpkcs11_ep11.so and libpkcs11_icsf.so to 32-bit s390/s390x + +------------------------------------------------------------------- +Thu Jun 5 05:06:34 UTC 2014 - jjolly(a)suse.com + +- EP11 token available in the opencryptoki V3.1 package (bnc#879303) + - Specfile changed to include ep11tok.conf + - Specfile changed to include pkcsep11_migrate and pkcsicsf tools + - Specfile changed to BuildRequires openldap2-devel + - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch + - print_mechanism() ignored bad returncodes from the called + function token_specific_get_mechanism_list() + - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch + - Fix failure when confname is not given, use default + ep11tok.conf instead + - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch + - Removed check for ep11 lib at configure + - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch + - Move stdint.h before zcrypt.h to resolve dependencies + - ocki-3.1_06_0005-Small-reworks.patch + - testcase fixes and file permission changes + - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch + - Fix for s390 31-bit build error + - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch + - zcrypt library included in build by default + +------------------------------------------------------------------- +Fri Mar 7 19:03:59 UTC 2014 - jjolly(a)suse.com + +- Patches applied (bnc#865549) + - Fixed Makefile to complement common code dependencies + - switched to official m_init() function based on library change + - checking the global token object count + - catch the return code from object_mgr_find_in_map1 + - some README updates about usage and restrictions + +------------------------------------------------------------------- +Wed Mar 5 17:58:21 CET 2014 - ro(a)suse.de + +- fix build on x86 (add CCA and TPM to filelist) +- fix libica detection on s390/s390x to get ICA module built + +------------------------------------------------------------------- New: ---- ocki-3.1-fix-libica-link.patch ocki-3.1_01_ep11_makefile.patch ocki-3.1_02_ep11_m_init.patch ocki-3.1_03_ock_obj_mgr.patch ocki-3.1_04_ep11_opaque2blob_error_handl.patch ocki-3.1_05_ep11_readme_update.patch ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch ocki-3.1_06_0005-Small-reworks.patch ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch openCryptoki-tmp.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openCryptoki.spec ++++++ --- /var/tmp/diff_new_pack.bK1HWX/_old 2014-09-03 20:28:24.000000000 +0200 +++ /var/tmp/diff_new_pack.bK1HWX/_new 2014-09-03 20:28:24.000000000 +0200 @@ -25,15 +25,28 @@ %define pkcs11_group_id 64 %define oc_cvs_tag opencryptoki +%if 0%{?suse_version} > 1220 +%define uses_systemd 1 +%else +%define uses_systemd 0 +%endif + Name: openCryptoki BuildRequires: bison BuildRequires: flex BuildRequires: gcc-c++ -BuildRequires: libica +%ifarch s390 s390x +BuildRequires: libica-2_3_0-devel +%endif BuildRequires: libtool +BuildRequires: openldap2-devel BuildRequires: openssl-devel BuildRequires: pwdutils BuildRequires: trousers-devel +%if %{uses_systemd} +BuildRequires: pkgconfig(systemd) +%{?systemd_requires} +%endif Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware License: IPL-1.0 Group: Productivity/Security @@ -44,9 +57,23 @@ Source: %{oc_cvs_tag}-v%{version}.tar.bz2 Source1: openCryptoki.pkcsslotd Source2: openCryptoki-TFAQ.html +Source3: openCryptoki-tmp.conf Patch1: ocki-3.1-remove-make-install-chgrp-chmod.patch Patch2: ocki-3.1-fix-init_d-path.patch Patch3: ocki-3.1-fix-implicit-decl.patch +Patch4: ocki-3.1-fix-libica-link.patch +Patch5: ocki-3.1_01_ep11_makefile.patch +Patch6: ocki-3.1_02_ep11_m_init.patch +Patch7: ocki-3.1_03_ock_obj_mgr.patch +Patch8: ocki-3.1_04_ep11_opaque2blob_error_handl.patch +Patch9: ocki-3.1_05_ep11_readme_update.patch +Patch10: ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch +Patch11: ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch +Patch12: ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch +Patch13: ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch +Patch14: ocki-3.1_06_0005-Small-reworks.patch +Patch15: ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch +Patch16: ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch Url: http://oss.software.ibm.com/developerworks/opensource/opencryptoki BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed %insserv_prereq @@ -127,27 +154,57 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 cp %{SOURCE2} . %build autoreconf --force --install -CFLAGS="$RPM_OPT_FLAGS -D__USE_BSD" ./configure --prefix=/usr --libdir=%{_libdir} --enable-tpmtok --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} -make +CFLAGS="$RPM_OPT_FLAGS -D__USE_BSD" ./configure \ + --prefix=/usr \ + --libdir=%{_libdir} \ + --enable-tpmtok \ +%if %{uses_systemd} + --with-systemd=/usr/lib/systemd/system \ +%endif + --sysconfdir=%{_sysconfdir} \ + --localstatedir=%{_localstatedir} +%__make %install -make install DESTDIR=$RPM_BUILD_ROOT INSROOT=$RPM_BUILD_ROOT +%make_install DESTDIR=$RPM_BUILD_ROOT INSROOT=$RPM_BUILD_ROOT install -d $RPM_BUILD_ROOT/usr/include install -d $RPM_BUILD_ROOT/var/lib/opencryptoki install -d $RPM_BUILD_ROOT/etc/init.d install -d $RPM_BUILD_ROOT/usr/sbin +%if %{uses_systemd} +install -d $RPM_BUILD_ROOT/usr/lib/tmpfiles.d +install -m 644 %{S:3} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/openCryptoki-tmp.conf +ln -s /usr/sbin/service $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd +%else install -m 544 %{S:1} $RPM_BUILD_ROOT/etc/init.d/pkcsslotd ln -sfv ../../etc/init.d/pkcsslotd $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd +%endif rm -rf $RPM_BUILD_ROOT/tmp # Remove all development files rm -f $RPM_BUILD_ROOT${_libdir}/opencryptoki/libopencryptoki.la rm -f $RPM_BUILD_ROOT/%_libdir/opencryptoki/methods %pre +%if %{uses_systemd} +%{service_add_pre pkcsslotd.service} +%endif # autobuild:/work/cd/lib/misc/group # openCryptoki pkcs11:x:64: /usr/sbin/groupadd -g %pkcs11_group_id -r pkcs11 2>/dev/null || true @@ -162,7 +219,11 @@ '),pkcs11 root %preun +%if %{uses_systemd} +%{service_del_preun pkcsslotd.service} +%else %{stop_on_removal pkcsslotd} +%endif %post # Symlink from /var/lib/opencryptoki to /etc/pkcs11 @@ -174,14 +235,22 @@ fi fi /sbin/ldconfig +%if %{uses_systemd} +%{service_add_post pkcsslotd.service} +%else %{fillup_and_insserv -f pkcsslotd} +%endif %postun if [ -L %{_sysconfdir}/pkcs11 ] ; then rm %{_sysconfdir}/pkcs11 fi +%if %{uses_systemd} +%{service_del_postun pkcsslotd.service} +%else %{restart_on_update pkcsslotd} %{insserv_cleanup} +%endif %ifarch %openCryptoki_32bit_arch @@ -194,13 +263,14 @@ cd %{_libdir}/opencryptoki && ln -sf ./libopencryptoki.so PKCS11_API.so ln -sf %{_sbindir} %{_libdir}/opencryptoki/methods rm -rf %{_libdir}/pkcs11/stdll -if [ -d %{_libdir}/pkcs11 ] ; then - cd %{_libdir}/pkcs11 - ln -sf ../opencryptoki/stdll stdll - cd stdll - [ -f libpkcs11_ica.so ] && ln -sf ./libpkcs11_ica.so PKCS11_ICA.so || true - [ -f libpkcs11_sw.so ] && ln -sf ./libpkcs11_sw.so PKCS11_SW.so || true -fi +test -d /usr/lib/pkcs11 || mkdir -p /usr/lib/pkcs11 +cd /usr/lib/pkcs11 +ln -sf ../opencryptoki/stdll stdll +cd stdll +[ -f libpkcs11_cca.so ] && ln -sf ./libpkcs11_cca.so PKCS11_CCA.so || true +[ -f libpkcs11_tpm.so ] && ln -sf ./libpkcs11_tpm.so PKCS11_TPM.so || true +[ -f libpkcs11_ica.so ] && ln -sf ./libpkcs11_ica.so PKCS11_ICA.so || true +[ -f libpkcs11_sw.so ] && ln -sf ./libpkcs11_sw.so PKCS11_SW.so || true /sbin/ldconfig %endif %ifarch %openCryptoki_64bit_arch @@ -216,13 +286,27 @@ %defattr(-,root,root) %doc openCryptoki-TFAQ.html # configuration directory -%dir /etc/opencryptoki -%config /etc/opencryptoki/opencryptoki.conf -/etc/init.d/pkcsslotd -/usr/sbin/rcpkcsslotd +%dir %{_sysconfdir}/opencryptoki +%config %{_sysconfdir}/opencryptoki/opencryptoki.conf +%ifarch s390 s390x +%config %{_sysconfdir}/opencryptoki/ep11tok.conf +%{_sbindir}/pkcsep11_migrate +%endif +%if %{uses_systemd} +%{_prefix}/lib/systemd/system/pkcsslotd.service +%{_prefix}/lib/tmpfiles.d/openCryptoki-tmp.conf +%else +%{_sysconfdir}/init.d/pkcsslotd +%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki +%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/ccatok +%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/swtok +%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/tpm +%endif +%{_sbindir}/rcpkcsslotd # utilities -/usr/sbin/pkcsslotd -/usr/sbin/pkcsconf +%{_sbindir}/pkcsslotd +%{_sbindir}/pkcsconf +%{_sbindir}/pkcsicsf %dir %{_libdir}/opencryptoki %dir %{_libdir}/opencryptoki/stdll # State and lock directories @@ -232,10 +316,13 @@ %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/swtok %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/swtok/TOK_OBJ %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/tpm -%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki -%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/ccatok -%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/swtok -%ghost %dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/tpm +%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/icsf +%ifarch s390 s390x +%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite +%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite/TOK_OBJ +%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok +%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok/TOK_OBJ +%endif %{_mandir}/man*/* %files devel @@ -254,16 +341,19 @@ %{_libdir}/opencryptoki/libopencryptoki.so %ghost %{_libdir}/opencryptoki/PKCS11_API.so %{_libdir}/opencryptoki/*.0 -%ifnarch s390 s390x %{_libdir}/opencryptoki/stdll/libpkcs11_cca.so -%{_libdir}/opencryptoki/stdll/libpkcs11_sw.so -%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.so %ghost %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so -%ghost %{_libdir}/opencryptoki/stdll/PKCS11_SW.so +%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.so %ghost %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so -%else +%{_libdir}/opencryptoki/stdll/libpkcs11_sw.so +%ghost %{_libdir}/opencryptoki/stdll/PKCS11_SW.so +%{_libdir}/opencryptoki/stdll/libpkcs11_icsf.so +%ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so +%ifarch s390 s390x %{_libdir}/opencryptoki/stdll/libpkcs11_ica.so %ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so +%{_libdir}/opencryptoki/stdll/libpkcs11_ep11.so +%ghost %{_libdir}/opencryptoki/stdll/PKCS11_EP11.so %endif %{_libdir}/opencryptoki/stdll/*.0 %dir %{_libdir}/pkcs11 ++++++ ocki-3.1-fix-libica-link.patch ++++++ --- opencryptoki/configure.in +++ opencryptoki/configure.in @@ -328,7 +328,7 @@ old_cflags="$CFLAGS" old_libs="$LIBS" CFLAGS="$CFLAGS $LIBICA_CFLAGS" - LIBS="$LIBS $LIBICA_LIBS" + LIBS="$LIBS $LIBICA_LIBS -lrt -lcrypto -lpthread" AC_CHECK_HEADER([ica_api.h], [], [ if test "x$with_libica" != "xcheck"; then AC_MSG_ERROR([Build with Libica requested but Libica headers couldn't be found]) ++++++ ocki-3.1-remove-make-install-chgrp-chmod.patch ++++++ --- /var/tmp/diff_new_pack.bK1HWX/_old 2014-09-03 20:28:24.000000000 +0200 +++ /var/tmp/diff_new_pack.bK1HWX/_new 2014-09-03 20:28:24.000000000 +0200 @@ -1,6 +1,76 @@ ---- opencryptoki.orig/usr/lib/pkcs11/soft_stdll/Makefile.am 2014-01-27 15:01:58.000000000 -0700 -+++ opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am 2014-01-31 08:15:21.781145000 -0700 -@@ -54,13 +54,7 @@ install-data-hook: +--- opencryptoki/usr/Makefile.am ++++ opencryptoki/usr/Makefile.am +@@ -6,5 +6,3 @@ + + install-data-hook: + $(MKDIR_P) $(DESTDIR)$(lockdir) +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir) +- $(CHMOD) 0770 $(DESTDIR)$(lockdir) +--- opencryptoki/usr/lib/pkcs11/cca_stdll/Makefile.am ++++ opencryptoki/usr/lib/pkcs11/cca_stdll/Makefile.am +@@ -66,13 +66,7 @@ + cd $(DESTDIR)/$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_cca.so PKCS11_CCA.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok +- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ +- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok + $(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok +- $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok + + uninstall-hook: + if test -d $(DESTDIR)/$(libdir)/opencryptoki/stdll; then \ +--- opencryptoki/usr/lib/pkcs11/ep11_stdll/Makefile.am ++++ opencryptoki/usr/lib/pkcs11/ep11_stdll/Makefile.am +@@ -54,13 +54,7 @@ + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_ep11.so PKCS11_EP11.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok +- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ +- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok + $(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ep11tok +- $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok + + uninstall-hook: + if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \ +--- opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am ++++ opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am +@@ -62,13 +62,7 @@ + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_ica.so PKCS11_ICA.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite +- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ +- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite + $(MKDIR_P) $(DESTDIR)$(lockdir)/lite +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/lite +- $(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite + + uninstall-hook: + if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \ +--- opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am ++++ opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am +@@ -76,11 +76,7 @@ + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_icsf.so PKCS11_ICSF.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf +- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(MKDIR_P) $(DESTDIR)$(lockdir)/icsf +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf +- $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf + + uninstall-hook: + if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \ +--- opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am ++++ opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am +@@ -54,13 +54,7 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -sf libpkcs11_sw.so PKCS11_SW.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ @@ -28,27 +98,3 @@ uninstall-hook: if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \ ---- opencryptoki.orig/usr/lib/pkcs11/cca_stdll/Makefile.am 2014-01-27 15:01:58.000000000 -0700 -+++ opencryptoki/usr/lib/pkcs11/cca_stdll/Makefile.am 2014-01-31 08:30:51.030956000 -0700 -@@ -66,13 +66,7 @@ install-data-hook: - cd $(DESTDIR)/$(libdir)/opencryptoki/stdll && \ - ln -sf libpkcs11_cca.so PKCS11_CCA.so - $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ -- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ -- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok -- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ -- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok - $(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok -- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok -- $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok - - uninstall-hook: - if test -d $(DESTDIR)/$(libdir)/opencryptoki/stdll; then \ ---- opencryptoki.orig/usr/Makefile.am 2014-01-27 15:01:58.000000000 -0700 -+++ opencryptoki/usr/Makefile.am 2014-01-31 08:33:02.949361000 -0700 -@@ -6,5 +6,3 @@ SUBDIRS = lib $(DAEMONDIRS) - - install-data-hook: - $(MKDIR_P) $(DESTDIR)$(lockdir) -- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir) -- $(CHMOD) 0770 $(DESTDIR)$(lockdir) ++++++ ocki-3.1_01_ep11_makefile.patch ++++++ commit f558043c9c7aa2ada4dd9d7548c2c713aea24753 Author: Ingo Tuchscherer <ingo.tuchscherer(a)linux.vnet.ibm.com> Date: Fri Feb 7 15:03:48 2014 -0600 ep11: Fixed Makefile to complement common code dependencies This will fix the side effect that the ep11 token could not plugged into slot 0, because of unresolved symbols. Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer(a)linux.vnet.ibm.com> diff --git a/usr/lib/pkcs11/ep11_stdll/Makefile.am b/usr/lib/pkcs11/ep11_stdll/Makefile.am index fd940ec..d587fd2 100644 --- a/usr/lib/pkcs11/ep11_stdll/Makefile.am +++ b/usr/lib/pkcs11/ep11_stdll/Makefile.am @@ -28,10 +28,15 @@ opencryptoki_stdll_libpkcs11_ep11_la_SOURCES = ../common/asn1.c \ ../common/loadsave.c \ ../common/key.c \ ../common/key_mgr.c \ - ../common/mech_md5.c \ + ../common/mech_des.c \ + ../common/mech_des3.c \ + ../common/mech_aes.c \ + ../common/mech_md5.c \ ../common/mech_md2.c \ ../common/mech_rng.c \ + ../common/mech_rsa.c \ ../common/mech_sha.c \ + ../common/mech_ssl3.c \ ../common/new_host.c \ ../common/obj_mgr.c \ ../common/object.c \ @@ -44,8 +49,8 @@ opencryptoki_stdll_libpkcs11_ep11_la_SOURCES = ../common/asn1.c \ ../common/log.c \ ../common/mech_list.c \ ../common/shared_memory.c \ - ../common/attributes.c \ - ../common/sw_crypt.c \ + ../common/attributes.c \ + ../common/sw_crypt.c \ ep11_specific.c noinst_HEADERS = ep11.h ++++++ ocki-3.1_02_ep11_m_init.patch ++++++ commit d564279d2c2913021ca325507d1ce3af3aff078a Author: Ingo Tuchscherer <ingo.tuchscherer(a)linux.vnet.ibm.com> Date: Fri Feb 7 15:08:27 2014 -0600 ep11: switched to official m_init() function based on library change Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer(a)linux.vnet.ibm.com> diff --git a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c index a9a72e4..1a43ccb 100644 --- a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c +++ b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c @@ -1281,7 +1281,7 @@ CK_RV token_specific_init(char *Correlator, CK_SLOT_ID SlotNumber, char *conf_na /* for real HW on Z-series, this would open the * device driver file /dev/zcrypt. */ - if (m_add_backend(NULL,0) < 0) { + if (m_init() < 0) { EP11TOK_ELOG(1,"open of the zcrypt device driver failed"); return CKR_DEVICE_ERROR; } ++++++ ocki-3.1_03_ock_obj_mgr.patch ++++++ commit 099a3a110a733ef3a91c41a88dcd45f15af8a6cd Author: Joy Latten <jmlatten(a)linux.vnet.ibm.com> Date: Wed Feb 12 12:06:53 2014 -0600 Scenario: processA creates private token key object and before he can use it, processB gets it, uses it, and deletes it. Because opencryptoki was not checking the global token object count, process B segfaulted when count was zero, thinking there were objects in shared memory to search. Also, it was not checking return code of object_mgr_check_shm() in object_mgr_find_in_map1 to see if anything was found in shm. And lastly, return correct error code. Signed-off-by: Joy Latten <jmlatten(a)linux.vnet.ibm.com> diff --git a/usr/lib/pkcs11/common/obj_mgr.c b/usr/lib/pkcs11/common/obj_mgr.c index 92c11c2..8d42d9e 100755 --- a/usr/lib/pkcs11/common/obj_mgr.c +++ b/usr/lib/pkcs11/common/obj_mgr.c @@ -1340,13 +1340,28 @@ object_mgr_find_in_map1( CK_OBJECT_HANDLE handle, goto done; } -// SAB XXX Fix me.. need to make it more efficient than just looking for the object to be changed -// set a global flag that contains the ref count to all objects.. if the shm ref count changes, then we update the object -// if not - - XProcLock(); - object_mgr_check_shm( obj ); - XProcUnLock(); + /* SAB XXX Fix me.. need to make it more efficient than just looking + * for the object to be changed. set a global flag that contains the + * ref count to all objects.. if the shm ref count changes, then we + * update the object. if not + */ + + /* Note: Each C_Initialize call loads up the public token objects + * and build corresponding tree(s). The same for private token objects + * upon successful C_Login. Since token objects can be shared, it is + * possible another process or session has deleted a token object. + * Accounting is done in shm, so check shm to see if object still exists. + */ + if (!object_is_session_object(obj)) { + XProcLock(); + rc = object_mgr_check_shm( obj ); + XProcUnLock(); + + if (rc != CKR_OK) { + OCK_LOG_ERR(ERR_FUNCTION_FAILED); + goto done; + } + } *ptr = obj; done: @@ -2101,8 +2116,8 @@ object_mgr_del_from_shm( OBJECT *obj ) 0, global_shm->num_priv_tok_obj-1, obj, &index ); if (rc != CKR_OK){ - OCK_LOG_ERR(ERR_FUNCTION_FAILED); - return CKR_FUNCTION_FAILED; + OCK_LOG_ERR(ERR_OBJMGR_SEARCH); + return rc; } // Since the number of objects starts at 1 and index starts at zero, we // decrement before we get count. This eliminates the need to perform @@ -2139,8 +2154,8 @@ object_mgr_del_from_shm( OBJECT *obj ) 0, global_shm->num_publ_tok_obj-1, obj, &index ); if (rc != CKR_OK){ - OCK_LOG_ERR(ERR_FUNCTION_FAILED); - return CKR_FUNCTION_FAILED; + OCK_LOG_ERR(ERR_OBJMGR_SEARCH); + return rc; } global_shm->num_publ_tok_obj--; @@ -2189,25 +2204,36 @@ object_mgr_check_shm( OBJECT *obj ) // the calling routine is responsible for locking the global_shm mutex // + /* first check the object count. If it is 0, then just return. */ priv = object_is_private( obj ); if (priv) { + + if (global_shm->num_priv_tok_obj == 0) { + OCK_LOG_ERR(ERR_OBJECT_HANDLE_INVALID); + return CKR_OBJECT_HANDLE_INVALID; + } rc = object_mgr_search_shm_for_obj( global_shm->priv_tok_objs, 0, global_shm->num_priv_tok_obj-1, obj, &index ); if (rc != CKR_OK){ - OCK_LOG_ERR(ERR_FUNCTION_FAILED); - return CKR_FUNCTION_FAILED; + OCK_LOG_ERR(ERR_OBJMGR_SEARCH); + return rc; } entry = &global_shm->priv_tok_objs[index]; } else { + + if (global_shm->num_publ_tok_obj == 0) { + OCK_LOG_ERR(ERR_OBJECT_HANDLE_INVALID); + return CKR_OBJECT_HANDLE_INVALID; + } rc = object_mgr_search_shm_for_obj( global_shm->publ_tok_objs, 0, global_shm->num_publ_tok_obj-1, obj, &index ); if (rc != CKR_OK){ - OCK_LOG_ERR(ERR_FUNCTION_FAILED); - return CKR_FUNCTION_FAILED; + OCK_LOG_ERR(ERR_OBJMGR_SEARCH); + return rc; } entry = &global_shm->publ_tok_objs[index]; } @@ -2256,8 +2282,8 @@ object_mgr_search_shm_for_obj( TOK_OBJ_ENTRY * obj_list, } } } - OCK_LOG_ERR(ERR_FUNCTION_FAILED); - return CKR_FUNCTION_FAILED; + OCK_LOG_ERR(ERR_OBJECT_HANDLE_INVALID); + return CKR_OBJECT_HANDLE_INVALID; } ++++++ ocki-3.1_04_ep11_opaque2blob_error_handl.patch ++++++ commit 9d445b0294b588a834797e4f8c3d6ea3c1b3da2b Author: Joy Latten <jmlatten(a)linux.vnet.ibm.com> Date: Wed Feb 12 12:09:14 2014 -0600 ep11's h_opaque_2_blob needs to catch the return code from object_mgr_find_in_map1 and return it. Signed-off-by: Joy Latten <jmlatten(a)linux.vnet.ibm.com> diff --git a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c index 1a43ccb..90d3df1 100644 --- a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c +++ b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c @@ -1814,12 +1814,12 @@ CK_RV token_specific_derive_key(SESSION *session, CK_MECHANISM_PTR mech, memset(&secret_op, 0, sizeof(secret_op)); secret_op.blob_size = blobsize; - if (h_opaque_2_blob(hBaseKey, &blob, &blob_len) != CKR_OK) { + rc = h_opaque_2_blob(hBaseKey, &blob, &blob_len); + if (rc != CKR_OK) { EP11TOK_ELOG(1,"FAIL hBaseKey=0x%lx",hBaseKey); - return CKR_CANCEL; + return rc; } - /* Get the keytype to use when creating the key object */ rc = ep11_get_keytype(attrs, attrs_len, mech, &ktype, &class); if (rc != CKR_OK) { @@ -2732,36 +2732,19 @@ CK_RV token_specific_generate_key_pair(SESSION * sess, private_key_obj->name, public_key_obj, private_key_obj); } - /* Keys should be fully constructed, - * assign object handles and store keys. - */ - rc = object_mgr_create_final(sess, public_key_obj, phPublicKey); - if (rc != CKR_OK) { - OCK_LOG_ERR(ERR_OBJMGR_CREATE_FINAL); - goto error; - } - - rc = object_mgr_create_final(sess, private_key_obj, phPrivateKey); - if (rc != CKR_OK) { - OCK_LOG_ERR(ERR_OBJMGR_CREATE_FINAL); - object_mgr_destroy_object(sess, *phPublicKey); - public_key_obj = NULL; - goto error; - } - /* copy CKA_CLASS, CKA_KEY_TYPE to private template */ if (template_attribute_find(public_key_obj->template, CKA_CLASS, &attr)) { rc = build_attribute(attr->type, attr->pValue, attr->ulValueLen, &n_attr); if (rc != CKR_OK) { EP11TOK_ELOG(1,"build_attribute failed with rc=0x%lx",rc); - return rc; + goto error; } rc = template_update_attribute(private_key_obj->template, n_attr); if (rc != CKR_OK) { EP11TOK_ELOG(1,"template_update_attribute failed with rc=0x%lx",rc); - return rc; + goto error; } } @@ -2770,17 +2753,34 @@ CK_RV token_specific_generate_key_pair(SESSION * sess, attr->ulValueLen, &n_attr); if (rc != CKR_OK) { EP11TOK_ELOG(1,"build_attribute failed with rc=0x%lx",rc); - return rc; + goto error; } rc = template_update_attribute(private_key_obj->template, n_attr); if (rc != CKR_OK) { EP11TOK_ELOG(1,"template_update_attribute failed with rc=0x%lx",rc); - return rc; + goto error; } } + /* Keys should be fully constructed, + * assign object handles and store keys. + */ + rc = object_mgr_create_final(sess, public_key_obj, phPublicKey); + if (rc != CKR_OK) { + OCK_LOG_ERR(ERR_OBJMGR_CREATE_FINAL); + goto error; + } + + rc = object_mgr_create_final(sess, private_key_obj, phPrivateKey); + if (rc != CKR_OK) { + OCK_LOG_ERR(ERR_OBJMGR_CREATE_FINAL); + object_mgr_destroy_object(sess, *phPublicKey); + public_key_obj = NULL; + goto error; + } return rc; + error: if (public_key_obj) object_free(public_key_obj); if (private_key_obj) object_free(private_key_obj); @@ -2801,11 +2801,13 @@ static CK_RV h_opaque_2_blob(CK_OBJECT_HANDLE handle, OBJECT *key_obj; CK_ATTRIBUTE *attr = NULL; ep11_opaque *op; + CK_RV rc; /* find the key obj by the key handle */ - if (object_mgr_find_in_map1(handle,&key_obj) != CKR_OK) { + rc = object_mgr_find_in_map1(handle,&key_obj); + if (rc != CKR_OK) { EP11TOK_ELOG(1,"key 0x%lx not mapped", handle); - return CKR_FUNCTION_FAILED; + return rc; } /* blob already exists */ @@ -2844,30 +2846,31 @@ CK_RV token_specific_sign_init(SESSION *session, CK_MECHANISM *mech, return CKR_HOST_MEMORY; } - if (h_opaque_2_blob(key,&privkey_blob,&blob_len) == CKR_OK) { - rc = m_SignInit(ep11_sign_state, &ep11_sign_state_l, - mech, privkey_blob, blob_len, ep11tok_target) ; + rc = h_opaque_2_blob(key, &privkey_blob, &blob_len); + if (rc != CKR_OK) { + EP11TOK_ELOG(1,"no blob rc=0x%lx",rc); + return rc; + } - /* SIGN_VERIFY_CONTEX holds all needed for continuing, - * also by another adapter (stateless requests) - */ - ctx->key = key; - ctx->multi = FALSE; - ctx->active = TRUE; - ctx->context = ep11_sign_state; - ctx->context_len = ep11_sign_state_l; + rc = m_SignInit(ep11_sign_state, &ep11_sign_state_l, + mech, privkey_blob, blob_len, ep11tok_target) ; - if (rc != CKR_OK) { - EP11TOK_ELOG(1,"rc=0x%lx blob_len=0x%x key=0x%lx mech=0x%lx", rc, blob_len, key, mech->mechanism); - } else { - EP11TOK_LOG(2,"rc=0x%lx blob_len=0x%x key=0x%lx mech=0x%lx", rc, blob_len, key, mech->mechanism); - } + /* SIGN_VERIFY_CONTEX holds all needed for continuing, + * also by another adapter (stateless requests) + */ + ctx->key = key; + ctx->multi = FALSE; + ctx->active = TRUE; + ctx->context = ep11_sign_state; + ctx->context_len = ep11_sign_state_l; - return rc; + if (rc != CKR_OK) { + EP11TOK_ELOG(1,"rc=0x%lx blob_len=0x%x key=0x%lx mech=0x%lx", rc, blob_len, key, mech->mechanism); } else { - EP11TOK_ELOG(1,"no blob rc=0x%lx",rc); - return CKR_FUNCTION_FAILED; + EP11TOK_LOG(2,"rc=0x%lx blob_len=0x%x key=0x%lx mech=0x%lx", rc, blob_len, key, mech->mechanism); } + + return rc; } @@ -2946,27 +2949,26 @@ CK_RV token_specific_verify_init(SESSION *session, CK_MECHANISM *mech, return CKR_HOST_MEMORY; } - if (h_opaque_2_blob(key,&spki,&spki_len) == CKR_OK) { - rc = m_VerifyInit(ep11_sign_state, &ep11_sign_state_l, mech, - spki, spki_len, ep11tok_target); - - ctx->key = key; - ctx->multi = FALSE; - ctx->active = TRUE; - ctx->context = ep11_sign_state; - ctx->context_len = ep11_sign_state_l; - - if (rc != CKR_OK) { - EP11TOK_ELOG(1,"rc=0x%lx spki_len=0x%x key=0x%lx ep11_sing_state_l=0x%x mech=0x%lx", rc, spki_len, key, ep11_sign_state_l, mech->mechanism); - } else { - EP11TOK_LOG(2,"rc=0x%lx spki_len=0x%x key=0x%lx ep11_sing_state_l=0x%x mech=0x%lx", rc, spki_len, key, ep11_sign_state_l, mech->mechanism); - } - + rc = h_opaque_2_blob(key, &spki, &spki_len); + if (rc != CKR_OK) { + EP11TOK_ELOG(1,"no blob rc=0x%lx",rc); return rc; + } + + rc = m_VerifyInit(ep11_sign_state, &ep11_sign_state_l, mech, + spki, spki_len, ep11tok_target); + ctx->key = key; + ctx->multi = FALSE; + ctx->active = TRUE; + ctx->context = ep11_sign_state; + ctx->context_len = ep11_sign_state_l; + if (rc != CKR_OK) { + EP11TOK_ELOG(1,"rc=0x%lx spki_len=0x%x key=0x%lx ep11_sing_state_l=0x%x mech=0x%lx", rc, spki_len, key, ep11_sign_state_l, mech->mechanism); } else { - EP11TOK_ELOG(1,"no blob rc=0x%lx",rc); - return CKR_FUNCTION_FAILED; + EP11TOK_LOG(2,"rc=0x%lx spki_len=0x%x key=0x%lx ep11_sing_state_l=0x%x mech=0x%lx", rc, spki_len, key, ep11_sign_state_l, mech->mechanism); } + + return rc; } @@ -3169,11 +3171,12 @@ static CK_RV ep11_ende_crypt_init(SESSION *session, CK_MECHANISM_PTR mech, return CKR_HOST_MEMORY; } - if (h_opaque_2_blob(key, &blob, &blob_len) != CKR_OK) { + rc = h_opaque_2_blob(key, &blob, &blob_len); + if (rc != CKR_OK) { EP11TOK_ELOG(1,"no blob rc=0x%lx",rc); - return CKR_FUNCTION_FAILED; + return rc; } - + if (op == DECRYPT) { rc = m_DecryptInit(ep11_state, &ep11_state_l, mech, blob, blob_len, ep11tok_target); ++++++ ocki-3.1_05_ep11_readme_update.patch ++++++ commit 6589fae1561d1d050b743d3ff5e0b846616664a0 Author: Ingo Tuchscherer <ingo.tuchscherer(a)linux.vnet.ibm.com> Date: Wed Feb 12 15:56:46 2014 -0600 EP11: some README updates about usage and restrictions. Signed-off-by: Joy Latten <jmlatten(a)linux.vnet.ibm.com> diff --git a/doc/README.ep11_stdll b/doc/README.ep11_stdll index dedb76c..e972391 100644 --- a/doc/README.ep11_stdll +++ b/doc/README.ep11_stdll @@ -3,8 +3,8 @@ EP11 Token The EP11 token is a token that uses the IBM Crypto Express adapters (starting with Crypto Express 4S adapters) configured with Enterprise -PKCS#11 (EP11) firmware. By convention, Crypto Express n adapters with -that firmware load are also called CEXnP adapters for n >= 4. +PKCS#11 (EP11) firmware. By convention, Crypto Express n adapters with that +firmware load are also called CEXnP adapters for n >= 4. The EP11 token is only supported on the System z architecture and requires a Crypto Express adapter with EP11 firmware load, a zcrypt/ap device driver @@ -17,14 +17,13 @@ Configuration ------------- To use the EP11 token a slot entry must be defined in the general opencryptoki -configuration file that sets the stdll attribute to libpkcs11_epp.so. +configuration file that sets the stdll attribute to libpkcs11_ep11.so. A EP11 token specific configuration file must be set up to define the target -adapters and target adapter domains. The name of the configuration file must -be defined in the global openCryptoki configuration opencryptoki.conf file -as part of the token specification using the confname attribute. - -E.g. the entry, +adapters and target adapter domains. The name of the configuration file must be +defined in the global openCryptoki configuration opencryptoki.conf file as part +of the token specification using the confname attribute. +E.g. the entry slot 4 { @@ -35,39 +34,39 @@ confname = ep11tok.conf defines the name of the configuration file of the EP11 token to be ep11tok.conf. Per default this file is searched in the directory where openCryptoki searches its global configuration file. This default path can -be overwritten using the OCK_EP11_TOKEN_DIR environment variable. - -EP11 token configuration files defines a list of adapter/domain pairs to -which the EP11 token sends its cryptographic requests. This list can be -specified as a white list starting with a line containing the key word -APQN_WHITELIST followed by one or more lines containing each 2 white space -separted positive integers followed by a line with the key word END. -In each of these lines the first integer denotes the adapter number -and the second integer denotes the domain id. Alternatively the keyword -APQN_ANY can be used to define that all adapter/domain pairs with EP11 -firmware load that are available to the system shall be used as target -adapters. An adapter number corresponds to the numerical part xx of an -adapter id of the form cardxx as displayed by the lszcrypt tool or in -the sys file system (e.g. in /sys/bus/ap/devices). -Currently Linux on z only supports a single domain. That domain number -can be displayed with lszcrypt -b (see the value of ap_domain) or -alternatively as contents of /sys/bus/ap/ap_domain. +be overriden using the OCK_EP11_TOKEN_DIR environment variable. + +EP11 token configuration files defines a list of adapter/domain pairs to which +the EP11 token sends its cryptographic requests. This list can be specified as +a white list starting with a line containing the key word APQN_WHITELIST +followed by one or more lines containing each two integers (in the range +of 0 - 255) separated by a white space. The white list is ended with a line +containing the key word END. In each of lines of the white list the first +integer denotes the adapter number and the second integer denotes the domain +id. Alternatively the keyword APQN_ANY can be used to define that all +adapter/domain pairs with EP11 firmware load that are available to the system +shall be used as target adapters. An adapter number corresponds to the +numerical part xx of an adapter id of the form cardxx as displayed by the +lszcrypt tool or in the sys file system (e.g. in /sys/bus/ap/devices). +Currently Linux on z only supports a single domain. That domain number can be +displayed with lszcrypt -b (see the value of ap_domain) or alternatively as +contents of /sys/bus/ap/ap_domain. In addition to the target adapter a log level can be defined in the EP11 -configuration file using a line consisting of the key word LOGLEVEL -followed by an integer between 0 and 9. +configuration file using a line consisting of the key word LOGLEVEL followed +by an integer between 0 and 9. Logging ------- If a log level greater than 0 is defined in the environment variable -OCK_EP11_TOKEN_LOGLEVEL or using the LOGLEVEL entry in the EP11 -configuration file then log entries are written to a log file -/var/log/ock_ep11_token.<pid>.log where <pid> is the process id of the -process using the EP11 token. +OCK_EP11_TOKEN_LOGLEVEL or using the LOGLEVEL entry in the EP11 configuration +file then log entries are written to a log file +/var/log/ock_ep11_token.<pid>.log where <pid> is the process id of the process +using the EP11 token. -Note, that the handling of EP11 logs is subject to change in future -releases of opencryptoki. +Note, that the handling of EP11 logs is subject to change in future releases +of opencryptoki. Crypto Express Adapter EP11 Master Key Management ------------------------------------------------- @@ -77,28 +76,27 @@ object repository (in the TOK_OBJ directory within the EP11 token directory) become invalid. The key migration tool pkcsep11_migrate can be used to perform the migration -of the current EP11 master keys to new master keys. Therefore the -following steps must be performed: - -1) on the Trusted Key Entry console (TKE): submit and commit -new master keys on the EP11 adapter(s) -2) on Linux: stop all processes using openCryptoki with the EP11 token -3) on Linux: back up the token object repository of the EP11 token -4) on Linux: migrate keys of object repository of EP11 token with -migration tool. If a failure occurs restore the backed up token -repository and retry step 4 -5) on the TKE: activate new master keys on the EP11 adapter(s) -6) on Linux: restart applications using openCryptoki with the EP11 token +of the current EP11 master keys to new master keys. Therefore the following +steps must be performed: +1) On the Trusted Key Entry console (TKE): Submit and commit new master +keys on the EP11 adapter(s). +2) On Linux: Stop all processes using openCryptoki with the EP11 token. +3) On Linux: Back up the token object repository of the EP11 token. +4) On Linux: Migrate keys of object repository of EP11 token with +migration tool. If a failure occurs restore the backed up token repository +and retry step 4. +5) On the TKE: Activate new master keys on the EP11 adapter(s). +6) On Linux: Restart applications using openCryptoki with the EP11 token. Token specifics --------------- -The EP11 token only supports secure keys (i.e. key wrapped by a master key -of the Crypto Express adapter). Therefore all keys must have the attribute -CKA_SENISTIVE set to CK_TRUE. Since the PKCS#11 standard does not define -a (token specific) default for secure keys the attribute must be explicitly -provided whenever a secret key is generated, unwrapped or created with -C_CreateObject. In addition all keys used with the EP11 token are extractable +The EP11 token only supports secure keys (i.e. key wrapped by a master key of +the Crypto Express adapter). Therefore all keys must have the attribute +CKA_SENISTIVE set to CK_TRUE. Since the PKCS#11 standard does not define a +(token specific) default for secure keys the attribute must be explicitly +provided whenever a secret key is generated, unwrapped or build with +C_CreateObject. In addition all keys used with the EP11 token are extractable. i.e. they must have the attribute CKA_EXTRACTABLE set to CK_TRUE. When creating keys the default values of the attributes CKA_ENCRYPT, @@ -108,18 +106,21 @@ Note, no EP11 mechanism supports the Sign/Recover or Verify/Recover functions. All RSA key must have a public exponent (CKA_PUBLIC_EXPONENT) greater than or equal to 17. -See the mechanism list and mechanism info (pkcsconf -m) for supported -mechanisms together with supported functions and key sizes. -Note the supported mechanism list is currently fixed and matches the -most stringent setting of the Crypto Express adapter. +The CryptoExpress EP11 coprocessor restricts RSA keys (primes and moduli) +according to ANSI X9.31. Therefore in the EP11 token the lengths of the +RSA primes (p or q) must be a multiple of 128 bits and the length of the +modulus (CKA_MODULUS_BITS) must be a multiple of 256. -Temporary Restrictions & Circumventions ---------------------------------------- +The mechanisms CKM_DES3_CBC and CKM_AES_CBC can only wrap keys which have +a length that is a multiple of the block size of DES3 or AES respectively. -Wrapping 192 bit AES keys with the mechanism CKM_AES_CBC is not supported, use -CKM_AES_CBC_PAD instead. +See the mechanism list and mechanism info (pkcsconf -m) for supported +mechanisms together with supported functions and key sizes. Note the +supported mechanism list is currently fix and matches the most stringent +setting of the Crypto Express adapter. -Importing RAS private keys with C_Unwrap is not supported for key sizes that -are not a multiple of AES blocksize. No circumvention possible. +Note, the EP11 coprocessor adapter can be configured to restrict the +cryptographic capababilities in order for the adapter to comply with specific +security requirements and regulations. Such restrictions on the adapter impact +the capabilitiy of the EP11 token. -CKM_SHA512_HMAC is not supported. No circumvention possible. ++++++ ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch ++++++ >From 68a30e9bf0e494057a889e06623dd0d8ab95acf7 Mon Sep 17 00:00:00 2001 From: Harald Freudenberger <freude(a)linux.vnet.ibm.com> Date: Wed, 2 Apr 2014 12:03:53 -0500 Subject: [PATCH 1/6] print_mechanism() ignored bad returncodes from the called function token_specific_get_mechanism_list(). So the token init was just running fine but mechanism list kept empty (eg. because of wrong adapter configuration). Fixed this and adjusted some of the related log messages. Signed-off-by: Harald Freudenberger <freude(a)linux.vnet.ibm.com> --- usr/lib/pkcs11/ep11_stdll/ep11_specific.c | 32 +++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c index 90d3df1..4e3703b 100644 --- a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c +++ b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c @@ -1140,17 +1140,27 @@ static CK_RV print_mechanism(void) CK_ULONG count = 0; int i; CK_MECHANISM_INFO m_info; + CK_RV rc; - /* only informational */ - (void) token_specific_get_mechanism_list(list, &count); + /* first call is just to fetch the count value */ + rc = token_specific_get_mechanism_list(list, &count); + if (rc != CKR_OK) { + EP11TOK_ELOG(1,"can't fetch mechanism list."); + return rc; + } list = (CK_MECHANISM_TYPE_PTR)malloc(sizeof(CK_MECHANISM_TYPE) * count); if (!list) { EP11TOK_ELOG(1,"Memory allocation failed."); return CKR_HOST_MEMORY; } - /* only informational */ - (void) token_specific_get_mechanism_list(list, &count); + /* now really fill the list */ + rc = token_specific_get_mechanism_list(list, &count); + if (rc != CKR_OK) { + EP11TOK_ELOG(1,"can't fetch mechanism list!"); + free(list); + return rc; + } EP11TOK_LOG(2,"EP11 token mechanism list, %lu entries:", count); for (i = 0; i < count; i++) { @@ -1170,6 +1180,7 @@ static CK_RV print_mechanism(void) EP11TOK_LOG(2," %s {%lu,%lu%s}", ep11_get_ckm(list[i]), m_info.ulMinKeySize, m_info.ulMaxKeySize, strflags); } + free(list); return CKR_OK; } @@ -1295,7 +1306,11 @@ CK_RV token_specific_init(char *Correlator, CK_SLOT_ID SlotNumber, char *conf_na } /* print mechanismlist to log file */ - (void)print_mechanism(); + rc = print_mechanism(); + if (rc != CKR_OK) { + EP11TOK_ELOG(1,"failure on fetching mechanism list rc=0x%lx, maybe wrong config ?", rc); + return CKR_GENERAL_ERROR; + } /* create an AES key needed for importing keys * (encrypt by wrap_key and m_UnwrapKey by wrap key) @@ -3528,7 +3543,7 @@ CK_RV token_specific_get_mechanism_list(CK_MECHANISM_TYPE_PTR pMechanismList, rc = m_GetMechanismList(0, pMechanismList, pulCount, ep11tok_target); if (rc != CKR_OK) { - EP11TOK_ELOG(1,"bad rc #1 rc=0x%lx", rc); + EP11TOK_ELOG(1,"bad rc=0x%lx from m_GetMechanismList()", rc); return rc; } @@ -3543,7 +3558,7 @@ CK_RV token_specific_get_mechanism_list(CK_MECHANISM_TYPE_PTR pMechanismList, } rc = m_GetMechanismList(0, mlist, &counter, ep11tok_target); if (rc != CKR_OK) { - EP11TOK_ELOG(1,"bad rc #2 rc=0x%lx", rc); + EP11TOK_ELOG(1,"bad rc=0x%lx from m_GetMechanismList()", rc); free(mlist); return rc; } @@ -3573,7 +3588,7 @@ CK_RV token_specific_get_mechanism_list(CK_MECHANISM_TYPE_PTR pMechanismList, */ rc = m_GetMechanismList(0,mlist,&counter,ep11tok_target); if (rc != CKR_OK) { - EP11TOK_ELOG(1,"bad rc #3 rc=0x%lx", rc); + EP11TOK_ELOG(1,"bad rc=0x%lx from m_GetMechanismList()", rc); return rc; } @@ -3743,6 +3758,7 @@ static int read_adapter_config_file(const char* conf_name) if (!conf_name) { /* no conf_name was given, should not happen */ + EP11TOK_ELOG(1,"no conf_name argument found"); return APQN_FILE_INV_1; } -- 1.7.12.4 ++++++ ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch ++++++ >From 401de8a8b5131c8dea1eade85c00e248198dc916 Mon Sep 17 00:00:00 2001 From: Harald Freudenberger <freude(a)linux.vnet.ibm.com> Date: Wed, 2 Apr 2014 12:05:12 -0500 Subject: [PATCH 2/6] Fix failure when confname is not given, use default ep11tok.conf instead. Slight rework on the way how the ep11 token config file is found: If env has no OCK_EP11_TOKEN_DIR if confname is not null, try to use it if this fails, try ock default config dir + confname if this fails, try ock default config dir + ep11tok.conf if OCK_EP11_TOKEN_DIR given then if confname is not null, try OCK_EP11_TOKEN_DIR + confname if this fails, try OCK_EP11_TOKEN_DIR + ep11tok.conf if still unsuccessful then token init will fail. Signed-off-by: Harald Freudenberger <freude(a)linux.vnet.ibm.com> --- usr/lib/pkcs11/ep11_stdll/ep11_specific.c | 85 +++++++++++++++++++------------ 1 file changed, 52 insertions(+), 33 deletions(-) diff --git a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c index 4e3703b..0eea8c9 100644 --- a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c +++ b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c @@ -993,6 +993,7 @@ static const char* ep11_get_ckm(CK_ULONG mechanism) static CK_RV h_opaque_2_blob(CK_OBJECT_HANDLE handle, CK_BYTE **blob, size_t *blob_len); +#define EP11_DEFAULT_CFG_FILE "ep11tok.conf" #define EP11_CFG_FILE_SIZE 4096 /* error rc for reading the adapter config file */ @@ -1271,6 +1272,13 @@ CK_RV token_specific_init(char *Correlator, CK_SLOT_ID SlotNumber, char *conf_na } } EP11TOK_LOG(1,"init running"); + + /* read ep11 specific config file with user specified adapter/domain pairs, loglevel, ... */ + rc = read_adapter_config_file(conf_name); + if (rc != CKR_OK) { + EP11TOK_ELOG(1,"ep11 config file error rc=0x%lx", rc); + return CKR_GENERAL_ERROR; + } /* wrap key name */ memset(wrap_key_name, 0, sizeof(wrap_key_name)); @@ -1297,14 +1305,7 @@ CK_RV token_specific_init(char *Correlator, CK_SLOT_ID SlotNumber, char *conf_na return CKR_DEVICE_ERROR; } #endif - - /* user specified adapter/domain pairs the token is supposed to use */ - rc = read_adapter_config_file(conf_name); - if (rc != CKR_OK) { - EP11TOK_ELOG(1,"adapter config file error rc=0x%lx", rc); - return CKR_GENERAL_ERROR; - } - + /* print mechanismlist to log file */ rc = print_mechanism(); if (rc != CKR_OK) { @@ -3753,40 +3754,57 @@ static int read_adapter_config_file(const char* conf_name) if (ep11_initialized) { return 0; } - + memset(fname,0,PATH_MAX); - - if (!conf_name) { - /* no conf_name was given, should not happen */ - EP11TOK_ELOG(1,"no conf_name argument found"); - return APQN_FILE_INV_1; - } /* via envrionment variable it is possible to overwrite the - * config file given in the opencryptoki.conf. Then we use - * $OCK_EP11_TOKEN_DIR/ock_ep11_token.conf. + * directory where the ep11 token config file is searched. */ if (conf_dir) { - snprintf(fname, sizeof(fname), "%s/%s", conf_dir, conf_name); - ap_fp = fopen(fname,"r"); - } - - /* if there was no environment variable or fopen failed, use the - * default given from opencryptoki.conf via conf_name argument. - */ - if (!ap_fp) { - snprintf(fname, sizeof(fname), "%s/%s", OCK_CONFDIR, conf_name); - ap_fp = fopen(fname,"r"); + if (conf_name && strlen(conf_name) > 0) { + /* extract filename part from conf_name */ + for (i=strlen(conf_name)-1; i >= 0 && conf_name[i] != '/'; i--); + if (i < strlen(conf_name)-1) { + snprintf(fname, sizeof(fname), "%s/%s", conf_dir, conf_name+i+1); + fname[sizeof(fname)-1] = '\0'; + ap_fp = fopen(fname,"r"); + EP11TOK_LOG(2,"fopen('%s') failed with errno %d", fname, errno); + } + } + if (!ap_fp) { + snprintf(fname, sizeof(fname), "%s/%s", conf_dir, EP11_DEFAULT_CFG_FILE); + fname[sizeof(fname)-1] = '\0'; + ap_fp = fopen(fname,"r"); + EP11TOK_LOG(2,"fopen('%s') failed with errno %d", fname, errno); + } + } else { + if (conf_name && strlen(conf_name) > 0) { + strncpy(fname, conf_name, sizeof(fname)); + fname[sizeof(fname)-1] = '\0'; + ap_fp = fopen(fname,"r"); + if (!ap_fp) { + EP11TOK_LOG(2,"fopen('%s') failed with errno %d", fname, errno); + snprintf(fname, sizeof(fname), "%s/%s", OCK_CONFDIR, conf_name); + fname[sizeof(fname)-1] = '\0'; + ap_fp = fopen(fname,"r"); + if (!ap_fp) EP11TOK_LOG(2,"fopen('%s') failed with errno %d", fname, errno); + } + } else { + snprintf(fname, sizeof(fname), "%s/%s", OCK_CONFDIR, EP11_DEFAULT_CFG_FILE); + fname[sizeof(fname)-1] = '\0'; + ap_fp = fopen(fname,"r"); + if (!ap_fp) EP11TOK_LOG(2,"fopen('%s') failed with errno %d", fname, errno); + } } - + /* now we should really have an open ep11 token config file */ if (!ap_fp) { EP11TOK_ELOG(1,"no valid EP 11 config file found"); return APQN_FILE_INV_2; } - + EP11TOK_LOG(2,"EP 11 token config file is '%s'", fname); - + /* read config file line by line, * ignore empty and # and copy rest into file buf */ @@ -3811,13 +3829,13 @@ static int read_adapter_config_file(const char* conf_name) } ep11_targets.length = 0; - + for (i=0,j=0,str=filebuf; rc == 0; str=NULL) { /* strtok tokenizes the string, * delimiters are newline and whitespace. */ token = strtok(str, "\n\t "); - + if (i == 0) { /* expecting APQN_WHITELIST or APQN_BLACKLIST * or APQN_ANY or LOGLEVEL or eof. @@ -3906,7 +3924,8 @@ static int read_adapter_config_file(const char* conf_name) /* do some checks: */ if (rc == 0) { if ( !(whitemode || blackmode || anymode)) { - EP11TOK_ELOG(1,"At least one APQN mode needs to be present in configfile: APQN_WHITEMODE or APQN_BLACKMODE or APQN_ANY"); + EP11TOK_ELOG(1,"At least one APQN mode needs to be present in configfile:" + " APQN_WHITEMODE or APQN_BLACKMODE or APQN_ANY"); rc = APQN_FILE_NO_APQN_MODE; } else if (whitemode || blackmode) { /* at least one APQN needs to be defined */ -- 1.7.12.4 ++++++ ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch ++++++ >From 2bca1b392214241f84065d7709681c029b43b444 Mon Sep 17 00:00:00 2001 From: Harald Freudenberger <freude(a)linux.vnet.ibm.com> Date: Mon, 14 Apr 2014 11:48:56 -0500 Subject: [PATCH 3/6] Configure was checking for the ep11 lib and the m_init() function. As this library will be dynamically loaded at run time and there is no dependency at build time (but build will break if ep11 lib is not available) removed this check. Signed-off-by: Harald Freudenberger <freude(a)linux.vnet.ibm.com> --- configure.in | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/configure.in b/configure.in index ac41e84..1a1601c 100644 --- a/configure.in +++ b/configure.in @@ -372,14 +372,9 @@ if test "x$with_zcrypt" != "xno"; then ]) if test "x$with_zcrypt" != "xno"; then - AC_CHECK_LIB([ep11], [m_init], - [with_zcrypt=yes], [ - if test "x$with_zcrypt" != "xcheck"; then - AC_MSG_ERROR([Build with zcrypt requested but zcrypt libraries couldn't be found]) - fi - with_zcrypt=no - ]) + with_zcrypt=no fi + if test "x$with_zcrypt" = "xno"; then CFLAGS="$old_cflags" LIBS="$old_libs" -- 1.7.12.4 ++++++ ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch ++++++ >From 11e808223faa9c334858e38acacf277079264beb Mon Sep 17 00:00:00 2001 From: Harald Freudenberger <freude(a)linux.vnet.ibm.com> Date: Mon, 14 Apr 2014 12:02:48 -0500 Subject: [PATCH 4/6] The asm/zcrypt.h header file uses some std int types and so the stdint.h include statement should occur before the zcrypt header file. Signed-off-by: Harald Freudenberger <freude(a)linux.vnet.ibm.com> --- usr/lib/pkcs11/ep11_stdll/ep11_specific.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c index 0eea8c9..373be5b 100644 --- a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c +++ b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c @@ -296,6 +296,7 @@ #include <string.h> #include <stdlib.h> #include <unistd.h> +#include <stdint.h> #include "pkcs11types.h" #include "defs.h" @@ -314,7 +315,6 @@ #include <lber.h> #include <asm/zcrypt.h> #include <syslog.h> -#include <stdint.h> #include <dlfcn.h> #include <lber.h> -- 1.7.12.4 ++++++ ocki-3.1_06_0005-Small-reworks.patch ++++++ >From b0fc36e0e1fd549164a2502213163ce23d2f0138 Mon Sep 17 00:00:00 2001 From: Harald Freudenberger <freude(a)linux.vnet.ibm.com> Date: Mon, 14 Apr 2014 13:13:11 -0500 Subject: [PATCH 5/6] Small reworks: - Some of the ock testcase c files are tracked by git as 755. Fixed, c code files should appear 644 now. - pkcs11 misc_func test improved to show not just the mechanism number but also the (preprocessor defined) mechanism name. - misc speed test rsa encrypt receive buffer increased so the "buffer size too small" is fixed now. - misc speed test rsa uses now an exponent value of 17 (0x01,0x00,0x01) instead of 3 (0x03). Some tokens (eg. ep11) do not allow such low exponents and reject RSA key generation. Signed-off-by: Harald Freudenberger <freude(a)linux.vnet.ibm.com> Signed-off-by: Joy Latten <jmlatten(a)linux.vnet.ibm.com> --- testcases/misc_tests/speed.c | 14 ++++++++------ testcases/pkcs11/misc_func.c | 3 ++- 2 files changed, 10 insertions(+), 7 deletions(-) mode change 100755 => 100644 testcases/crypto/aes_func.c mode change 100755 => 100644 testcases/crypto/des3_func.c mode change 100755 => 100644 testcases/crypto/des_func.c mode change 100755 => 100644 testcases/crypto/digest_func.c mode change 100755 => 100644 testcases/crypto/dsa_func.c mode change 100755 => 100644 testcases/crypto/rsa_func.c mode change 100755 => 100644 testcases/crypto/ssl3_func.c mode change 100755 => 100644 testcases/pkcs11/misc_func.c mode change 100755 => 100644 testcases/pkcs11/sess_mgmt.c mode change 100755 => 100644 testcases/pkcs11/sess_perf.c diff --git a/testcases/crypto/aes_func.c b/testcases/crypto/aes_func.c old mode 100755 new mode 100644 diff --git a/testcases/crypto/des3_func.c b/testcases/crypto/des3_func.c old mode 100755 new mode 100644 diff --git a/testcases/crypto/des_func.c b/testcases/crypto/des_func.c old mode 100755 new mode 100644 diff --git a/testcases/crypto/digest_func.c b/testcases/crypto/digest_func.c old mode 100755 new mode 100644 diff --git a/testcases/crypto/dsa_func.c b/testcases/crypto/dsa_func.c old mode 100755 new mode 100644 diff --git a/testcases/crypto/rsa_func.c b/testcases/crypto/rsa_func.c old mode 100755 new mode 100644 diff --git a/testcases/crypto/ssl3_func.c b/testcases/crypto/ssl3_func.c old mode 100755 new mode 100644 diff --git a/testcases/misc_tests/speed.c b/testcases/misc_tests/speed.c index 102ba72..5df3169 100755 --- a/testcases/misc_tests/speed.c +++ b/testcases/misc_tests/speed.c @@ -60,6 +60,7 @@ long speed_process_time(SYSTEMTIME t1, SYSTEMTIME t2) int do_RSA_PKCS_EncryptDecrypt( void ) { CK_BYTE data1[100]; + CK_BYTE data2[200]; CK_BYTE signature[256]; CK_SLOT_ID slot_id; CK_SESSION_HANDLE session; @@ -69,14 +70,14 @@ int do_RSA_PKCS_EncryptDecrypt( void ) CK_BYTE user_pin[PKCS11_MAX_PIN_LEN]; CK_ULONG user_pin_len; CK_ULONG i; - CK_ULONG len1, sig_len; + CK_ULONG len1, len2, sig_len; CK_RV rc; SYSTEMTIME t1, t2; CK_ULONG diff, min_time, max_time, avg_time; CK_ULONG bits = 1024; - CK_BYTE pub_exp[] = { 0x3 }; + CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 }; CK_ATTRIBUTE pub_tmpl[] = { @@ -190,7 +191,8 @@ int do_RSA_PKCS_EncryptDecrypt( void ) return FALSE; } - rc = funcs->C_Decrypt( session, signature,sig_len,data1, &len1 ); + len2 = sizeof(data2); + rc = funcs->C_Decrypt( session, signature, sig_len, data2, &len2 ); if (rc != CKR_OK) { show_error(" C_Decrypt #1", rc ); return FALSE; @@ -259,7 +261,7 @@ int do_RSA_KeyGen_2048( void ) { SYSTEMTIME t1, t2; CK_ULONG bits = 2048; - CK_BYTE pub_exp[] = { 0x3 }; + CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 }; CK_ATTRIBUTE pub_tmpl[] = { @@ -368,7 +370,7 @@ int do_RSA_KeyGen_1024( void ) { SYSTEMTIME t1, t2; CK_ULONG bits = 1024; - CK_BYTE pub_exp[] = { 0x3 }; + CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 }; CK_ATTRIBUTE pub_tmpl[] = { @@ -468,7 +470,7 @@ int do_RSA_PKCS_SignVerify_1024( void ) CK_ULONG diff, min_time, max_time, avg_time; CK_ULONG bits = 1024; - CK_BYTE pub_exp[] = { 0x3 }; + CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 }; CK_ATTRIBUTE pub_tmpl[] = { diff --git a/testcases/pkcs11/misc_func.c b/testcases/pkcs11/misc_func.c old mode 100755 new mode 100644 index 8103649..d6619fd --- a/testcases/pkcs11/misc_func.c +++ b/testcases/pkcs11/misc_func.c @@ -602,7 +602,8 @@ CK_RV do_GetMechanismInfo( void ) return rc; } - printf(" Mechanism #%ld\n", mech_list[i] ); + printf(" Mechanism #%ld %s\n", mech_list[i], + p11_get_ckm(mech_list[i]) ); printf(" ulMinKeySize: %ld\n", info.ulMinKeySize ); printf(" ulMaxKeySize: %ld\n", info.ulMaxKeySize ); printf(" flags: %p\n", (void *)info.flags ); diff --git a/testcases/pkcs11/sess_mgmt.c b/testcases/pkcs11/sess_mgmt.c old mode 100755 new mode 100644 diff --git a/testcases/pkcs11/sess_perf.c b/testcases/pkcs11/sess_perf.c old mode 100755 new mode 100644 -- 1.7.12.4 ++++++ ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch ++++++ >From 10f4766cd6782f3d15e42a985cdf909fe4c7762e Mon Sep 17 00:00:00 2001 From: Harald Freudenberger <freude(a)linux.vnet.ibm.com> Date: Tue, 15 Apr 2014 13:16:33 -0500 Subject: [PATCH 6/6] The 31 bit build on s390 showed an build error at initialization of an static long long variable which gets an address assigned. Fixed and tested on 31 and 64 bit. Signed-off-by: Harald Freudenberger <freude(a)linux.vnet.ibm.com> --- usr/lib/pkcs11/ep11_stdll/ep11_specific.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c index 373be5b..5aa890b 100644 --- a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c +++ b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c @@ -407,9 +407,9 @@ static ep11_target_t ep11_targets; /* defined in the makefile, ep11 library can run standalone (without HW card), crypto algorithms are implemented in software then (no secure key) */ #ifdef EP11_STANDALONE -unsigned long long ep11tok_target = 0x0000000100000008ull; +static unsigned long long ep11tok_target = 0x0000000100000008ull; #else -unsigned long long ep11tok_target = (unsigned long long) &ep11_targets; +static void* ep11tok_target = (void*) &ep11_targets; #endif /* */ -- 1.7.12.4 ++++++ ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch ++++++ >From 5b8d304e050467e4acfd02dcefdcebad0e61c472 Mon Sep 17 00:00:00 2001 From: Harald Freudenberger <freude(a)linux.vnet.ibm.com> Date: Wed, 30 Apr 2014 11:42:29 -0500 Subject: [PATCH] ep11 is not building because not setting with_zcrypt correctly. Signed-off-by: Harald Freudenberger <freude(a)linux.vnet.ibm.com> --- configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.in b/configure.in index 1a1601c..66bb329 100644 --- a/configure.in +++ b/configure.in @@ -372,7 +372,7 @@ if test "x$with_zcrypt" != "xno"; then ]) if test "x$with_zcrypt" != "xno"; then - with_zcrypt=no + with_zcrypt=yes fi if test "x$with_zcrypt" = "xno"; then -- 1.7.12.4 ++++++ openCryptoki-tmp.conf ++++++ # Lock directories needed by openCryptoki D /var/lock/opencryptoki/swtok 0770 root pkcs11 D /var/lock/opencryptoki/lite 0770 root pkcs11 D /var/lock/opencryptoki/tpm 0770 root pkcs11 D /var/lock/opencryptoki/ccatok 0770 root pkcs11 D /var/lock/opencryptoki/icsf 0770 root pkcs11 D /var/lock/opencryptoki/ep11tok 0770 root pkcs11 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit multipath-tools for openSUSE:Factory
by root＠hilbert.suse.de 03 Sep '14

03 Sep '14

Hello community, here is the log from the commit of package multipath-tools for openSUSE:Factory checked in at 2014-09-03 18:21:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/multipath-tools (Old) and /work/SRC/openSUSE:Factory/.multipath-tools.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "multipath-tools" Changes: -------- --- /work/SRC/openSUSE:Factory/multipath-tools/multipath-tools.changes 2014-08-28 10:01:52.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.multipath-tools.new/multipath-tools.changes 2014-09-03 20:26:04.000000000 +0200 @@ -1,0 +2,5 @@ +Fri Aug 29 12:00:49 CEST 2014 - hare(a)suse.de + +- Fixup segfault during uev_path_add() (bnc#892214) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ multipath-tools-0.5.0-sles12.diff.bz2 ++++++ --- /var/tmp/diff_new_pack.NgUjfO/_old 2014-09-03 20:26:05.000000000 +0200 +++ /var/tmp/diff_new_pack.NgUjfO/_new 2014-09-03 20:26:05.000000000 +0200 @@ -5754,7 +5754,7 @@ int cli_list_daemon (void * v, char ** reply, int * len, void * data); int cli_list_maps (void * v, char ** reply, int * len, void * data); diff --git a/multipathd/main.c b/multipathd/main.c -index af93f32..872ea66 100644 +index af93f32..8edb8a0 100644 --- a/multipathd/main.c +++ b/multipathd/main.c @@ -88,10 +88,11 @@ struct mpath_event_param @@ -5855,7 +5855,9 @@ ret = pathinfo(pp, conf->hwtable, DI_ALL | DI_BLACKLIST); - if (ret == 2) { -+ if (ret == PATHINFO_SKIPPED) { ++ if (!ret) ++ ret = ev_add_path(pp, vecs); ++ else if (ret == PATHINFO_SKIPPED) { + condlog(3, "%s: remove blacklisted path", + uev->kernel); i = find_slot(vecs->pathvec, (void *)pp); @@ -5885,8 +5887,6 @@ - return 1; } - pp->checkint = conf->checkint; -+ if (!ret) -+ ret = ev_add_path(pp, vecs); } + lock_cleanup_pop(vecs->lock); + if (pp) @@ -7098,10 +7098,15 @@ +fi diff --git a/rpm/multipath-tools.changes b/rpm/multipath-tools.changes new file mode 100644 -index 0000000..ffb3cbb +index 0000000..7cf5c94 --- /dev/null +++ b/rpm/multipath-tools.changes -@@ -0,0 +1,1284 @@ +@@ -0,0 +1,1289 @@ ++------------------------------------------------------------------- ++Fri Aug 29 12:00:49 CEST 2014 - hare(a)suse.de ++ ++- Fixup segfault during uev_path_add() (bnc#892214) ++ +------------------------------------------------------------------- +Thu Aug 21 12:16:53 CEST 2014 - hare(a)suse.de + -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit mtr for openSUSE:Factory
by root＠hilbert.suse.de 03 Sep '14

03 Sep '14

Hello community, here is the log from the commit of package mtr for openSUSE:Factory checked in at 2014-09-03 18:23:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mtr (Old) and /work/SRC/openSUSE:Factory/.mtr.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "mtr" Changes: -------- --- /work/SRC/openSUSE:Factory/mtr/mtr.changes 2014-07-29 16:48:57.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mtr.new/mtr.changes 2014-09-03 20:26:00.000000000 +0200 @@ -1,0 +2,12 @@ +Tue Sep 2 15:12:28 UTC 2014 - kstreitova(a)novell.com + +- cleaned up by spec-cleaner +- xmtr moved from bin to sbin and use capabilities. Fixes bnc#878729 +- version bump to 0.85_p20140126: + * snapshot taken from Gentoo + * this works with gtk properly +- refreshed patches: + * mtr-0.75-manxmtr.patch + * mtr-0.82-capabilities.patch + +------------------------------------------------------------------- Old: ---- mtr-0.85.tar.gz mtr.gif New: ---- mtr-0.85_p20140126.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mtr.spec ++++++ --- /var/tmp/diff_new_pack.kzDxOv/_old 2014-09-03 20:26:02.000000000 +0200 +++ /var/tmp/diff_new_pack.kzDxOv/_new 2014-09-03 20:26:02.000000000 +0200 @@ -17,30 +17,28 @@ Name: mtr +Version: 0.85_p20140126 +Release: 0 Summary: Ping and Traceroute Network Diagnostic Tool License: GPL-2.0 Group: Productivity/Networking/Diagnostic -Version: 0.85 -Release: 0 Url: http://www.BitWizard.nl/mtr - -#DL-URL: ftp://ftp.bitwizard.nl/mtr/ -Source: ftp://ftp.bitwizard.nl/mtr/%name-%version.tar.gz +#Source: ftp://ftp.bitwizard.nl/mtr/%{name}-%{version}.tar.gz +Source: http://dev.gentoo.org/~jer/%{name}-%{version}.tar.bz2 Source1: xmtr.desktop Patch1: mtr-0.75-manmtr.patch Patch2: mtr-0.75-manxmtr.patch Patch3: mtr-0.75-nonvoid.patch Patch4: mtr-0.75-sec_snprintf.patch Patch5: mtr-0.82-capabilities.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: automake BuildRequires: gtk2-devel BuildRequires: libcap-devel BuildRequires: ncurses-devel BuildRequires: update-desktop-files BuildRequires: xorg-x11-devel -Icon: mtr.gif -PreReq: permissions +Requires(post): permissions +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Mtr is a network diagnostic tool that combines Ping and Traceroute into @@ -53,24 +51,13 @@ %package gtk Summary: Ping and Traceroute Network Diagnostic Tool Group: Productivity/Networking/Diagnostic +Requires: xdg-utils %description gtk Mtr is a network diagnostic tool which combines Ping and Traceroute into one program. This package contains mtr with a GTK interface. You'll find the text mode version in the mtr package. -%define _xorg7libs %_lib -%define _xorg7libs32 lib -%define _xorg7bin bin -%define _xorg7mandir %_mandir -%define _xorg7pixmaps include -%define _xorg7libshare share -%define _xorg7xkb /usr/share/X11/xkb -%define _xorg7termcap /usr/lib/X11/etc -%define _xorg7include /usr/include/xorg -%define _xorg7fonts /usr/share/fonts -%define _xorg7prefix /usr - %prep %setup -q cp mtr.8 xmtr.8 @@ -81,66 +68,58 @@ %patch5 -p1 %build -aclocal -I /usr/share/aclocal -autoconf -automake --foreign -a -# -# GTK version -CFLAGS="$RPM_OPT_FLAGS" ./configure \ - --enable-gtk2 \ - --prefix=%{_xorg7prefix} -make && mv mtr xmtr -make distclean +autoreconf -vi + +export CFLAGS="%{optflags} -fpie -fPIE" +export LDFLAGS="-pie -Wl,-z,relro,-z,now" + +%configure \ + --enable-ipv6 \ + --with-gtk \ + --disable-gtktest +make %{?_smp_mflags} +mv mtr xmtr +make distclean %{?_smp_mflags} # # console version -export CFLAGS="$RPM_OPT_FLAGS -fpie -fPIE" -export LDFLAGS="-pie -Wl,-z,relro,-z,now" -./configure \ - --prefix=/usr \ - --mandir=%{_mandir} \ +%configure \ + --enable-ipv6 \ --without-gtk -make %{?jobs:-j%jobs} +make %{?_smp_mflags} %install -mkdir -p $RPM_BUILD_ROOT/usr/sbin -mkdir -p $RPM_BUILD_ROOT/usr/%{_xorg7bin} -mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8 -make DESTDIR=$RPM_BUILD_ROOT install -install -m 4755 xmtr $RPM_BUILD_ROOT/usr/%{_xorg7bin} -install -m 644 xmtr.8 $RPM_BUILD_ROOT/%{_mandir}/man8 -install -d -m 755 $RPM_BUILD_ROOT/usr/%{_xorg7pixmaps}/X11/pixmaps/ -install -m 644 img/mtr_icon.xpm $RPM_BUILD_ROOT/usr/%{_xorg7pixmaps}/X11/pixmaps/xmtr_icon.xpm -install -d -m 755 $RPM_BUILD_ROOT/usr/share/pixmaps/ -install -m 644 img/mtr_icon.xpm $RPM_BUILD_ROOT/usr/share/pixmaps/xmtr_icon.xpm +mkdir -p %{buildroot}%{_sbindir} +mkdir -p %{buildroot}/%{_mandir}/man8 +make DESTDIR=%{buildroot} install %{?_smp_mflags} +install -m 4755 xmtr %{buildroot}%{_sbindir} +install -m 644 xmtr.8 %{buildroot}/%{_mandir}/man8 +install -d -m 755 %{buildroot}%{_includedir}/X11/pixmaps/ +install -m 644 img/mtr_icon.xpm %{buildroot}%{_includedir}/X11/pixmaps/xmtr_icon.xpm +install -d -m 755 %{buildroot}%{_datadir}/pixmaps/ +install -m 644 img/mtr_icon.xpm %{buildroot}%{_datadir}/pixmaps/xmtr_icon.xpm %suse_update_desktop_file -i xmtr Network Monitor %files %defattr(-,root,root) %doc AUTHORS COPYING FORMATS NEWS README SECURITY TODO %doc %{_mandir}/man8/mtr.8* -%if 0%{?suse_version} <= 1130 -%verify(not mode) %attr(755,root,dialout) /usr/sbin/mtr -%else -%verify(not mode caps) %attr(750,root,dialout) /usr/sbin/mtr -%endif +%verify(not mode caps) %attr(750,root,dialout) %{_sbindir}/mtr %files gtk %defattr(-,root,root) %doc AUTHORS COPYING FORMATS NEWS README SECURITY TODO %doc %{_mandir}/man8/xmtr.8* -%attr(755,root,root) /usr/%{_xorg7bin}/xmtr -/usr/%{_xorg7pixmaps}/X11/pixmaps -/usr/share/applications/* -/usr/share/pixmaps/* +%verify(not mode caps) %attr(750,root,dialout) %{_sbindir}/xmtr +%{_includedir}/X11/pixmaps +%{_datadir}/applications/* +%{_datadir}/pixmaps/* %post -%if 0%{?suse_version} <= 1130 -%run_permissions -%else -%set_permissions /usr/sbin/mtr -%endif +%set_permissions %{_sbindir}/mtr +%set_permissions %{_sbindir}/xmtr %verifyscript -%verify_permissions -e /usr/sbin/mtr +%verify_permissions -e %{_sbindir}/mtr +%verify_permissions -e %{_sbindir}/xmtr %changelog ++++++ mtr-0.75-manxmtr.patch ++++++ --- /var/tmp/diff_new_pack.kzDxOv/_old 2014-09-03 20:26:02.000000000 +0200 +++ /var/tmp/diff_new_pack.kzDxOv/_new 2014-09-03 20:26:02.000000000 +0200 @@ -1,11 +1,9 @@ ---- - xmtr.8 | 34 +++++++++++++++++----------------- - 1 file changed, 17 insertions(+), 17 deletions(-) - -Index: mtr-0.85/xmtr.8 -=================================================================== ---- mtr-0.85.orig/xmtr.8 -+++ mtr-0.85/xmtr.8 +Common subdirectories: mtr-0.85_p20140126.old/autom4te.cache and mtr-0.85_p20140126/autom4te.cache +Common subdirectories: mtr-0.85_p20140126.old/.git and mtr-0.85_p20140126/.git +Common subdirectories: mtr-0.85_p20140126.old/img and mtr-0.85_p20140126/img +diff -u mtr-0.85_p20140126.old/xmtr.8 mtr-0.85_p20140126/xmtr.8 +--- mtr-0.85_p20140126.old/xmtr.8 2014-09-02 17:04:06.150994889 +0200 ++++ mtr-0.85_p20140126/xmtr.8 2014-09-02 17:03:26.838590899 +0200 @@ -2,11 +2,11 @@ @@ -18,9 +16,9 @@ -.B mtr +.B xmtr [\c - .B \-hvrctglspeniuTP46\c + .B \-BfhvrctglxspQemniuTP46\c ] -@@ -69,7 +69,7 @@ mtr \- a network diagnostic tool +@@ -87,7 +87,7 @@ .SH DESCRIPTION @@ -29,7 +27,7 @@ combines the functionality of the .B traceroute and -@@ -78,9 +78,9 @@ programs in a single network diagnostic +@@ -96,9 +96,9 @@ .PP As @@ -40,8 +38,8 @@ +.B xmtr runs on and .BR HOSTNAME . - by sending packets with purposely low TTLs. It continues to send -@@ -111,7 +111,7 @@ Print the summary of command line argume + by sending packets with purposely low TTLs. It continues to send +@@ -129,7 +129,7 @@ .TP .B \-\-version .br @@ -50,7 +48,7 @@ .TP .B \-r -@@ -119,11 +119,11 @@ Print the installed version of mtr. +@@ -137,11 +137,11 @@ .B \-\-report .br This option puts @@ -64,7 +62,7 @@ will run for the number of cycles specified by the .B \-c option, and then print statistics and exit. -@@ -131,9 +131,9 @@ option, and then print statistics and ex +@@ -149,9 +149,9 @@ \c This mode is useful for generating statistics about network quality. Note that each running instance of @@ -76,7 +74,7 @@ to measure the quality of your network may result in decreased network performance. -@@ -176,7 +176,7 @@ packet size upto that number. +@@ -194,7 +194,7 @@ .B \-\-curses .br Use this option to force @@ -85,7 +83,16 @@ to use the curses based terminal interface (if available). -@@ -196,7 +196,7 @@ that are encoded in the response packets +@@ -204,7 +204,7 @@ + .B \-\-mpls + .br + Use this option to tell +-.B mtr ++.B xmtr + to display information from ICMP extensions for MPLS (RFC 4950) + that are encoded in the response packets. + +@@ -214,7 +214,7 @@ .B \-\-no-dns .br Use this option to force @@ -94,7 +101,7 @@ to display numeric IP numbers and not try to resolve the host names. -@@ -248,10 +248,10 @@ Example: +@@ -266,10 +266,10 @@ .B \-\-gtk .br Use this option to force @@ -107,7 +114,7 @@ was built for this to work. See the GTK+ web page at .B http://www.gtk.org/ for more information about GTK+. -@@ -262,7 +262,7 @@ for more information about GTK+. +@@ -280,7 +280,7 @@ .B \-\-split .br Use this option to set @@ -116,16 +123,7 @@ to spit out a format that is suitable for a split-user interface. .TP -@@ -271,7 +271,7 @@ to spit out a format that is suitable fo - .B \-\-raw - .br - Use this option to tell --.B mtr -+.B xmtr - to use the raw output format. This format is better suited for - archival of the measurement results. It could be parsed to - be presented into any of the other display methods. -@@ -337,7 +337,7 @@ Use IPv6 only. +@@ -398,7 +398,7 @@ Some modern routers give a lower priority to ICMP ECHO packets than to other network traffic. Consequently, the reliability of these routers reported by ++++++ mtr-0.82-capabilities.patch ++++++ --- /var/tmp/diff_new_pack.kzDxOv/_old 2014-09-03 20:26:02.000000000 +0200 +++ /var/tmp/diff_new_pack.kzDxOv/_new 2014-09-03 20:26:02.000000000 +0200 @@ -1,13 +1,8 @@ ---- - configure.ac | 4 ++++ - mtr.c | 15 +++++++++++++++ - 2 files changed, 19 insertions(+) - -Index: mtr-0.85/configure.ac -=================================================================== ---- mtr-0.85.orig/configure.ac -+++ mtr-0.85/configure.ac -@@ -26,6 +26,10 @@ AC_CHECK_HEADERS(socket.h sys/socket.h s +Common subdirectories: mtr-0.85_p20140126.old/autom4te.cache and mtr-0.85_p20140126/autom4te.cache +diff -u mtr-0.85_p20140126.old/configure.ac mtr-0.85_p20140126/configure.ac +--- mtr-0.85_p20140126.old/configure.ac 2014-09-02 16:58:46.951616922 +0200 ++++ mtr-0.85_p20140126/configure.ac 2014-09-02 17:06:50.288651060 +0200 +@@ -26,6 +26,10 @@ AC_CHECK_LIB(termcap, tgetent) AC_CHECK_LIB(tinfo, tgetent) @@ -18,12 +13,13 @@ AC_CHECK_FUNC(initscr, , AC_CHECK_LIB(ncurses, initscr, , AC_CHECK_LIB(curses, initscr, , -Index: mtr-0.85/mtr.c -=================================================================== ---- mtr-0.85.orig/mtr.c -+++ mtr-0.85/mtr.c +Common subdirectories: mtr-0.85_p20140126.old/.git and mtr-0.85_p20140126/.git +Common subdirectories: mtr-0.85_p20140126.old/img and mtr-0.85_p20140126/img +diff -u mtr-0.85_p20140126.old/mtr.c mtr-0.85_p20140126/mtr.c +--- mtr-0.85_p20140126.old/mtr.c 2014-09-02 16:58:46.951616922 +0200 ++++ mtr-0.85_p20140126/mtr.c 2014-09-02 17:06:50.288651060 +0200 @@ -46,6 +46,9 @@ - #endif + #include "asn.h" #include "version.h" +#ifdef HAVE_CAPABILITIES @@ -32,7 +28,7 @@ #ifdef ENABLE_IPV6 #define DEFAULT_AF AF_UNSPEC -@@ -524,6 +527,18 @@ int main(int argc, char **argv) +@@ -530,6 +533,18 @@ exit( EXIT_FAILURE ); } ++++++ xmtr.desktop ++++++ --- /var/tmp/diff_new_pack.kzDxOv/_old 2014-09-03 20:26:02.000000000 +0200 +++ /var/tmp/diff_new_pack.kzDxOv/_new 2014-09-03 20:26:02.000000000 +0200 @@ -1,6 +1,6 @@ [Desktop Entry] Type=Application -Exec=xmtr +Exec=/usr/bin/xdg-su -c /usr/sbin/xmtr Icon=xmtr_icon Name=Xmtr GenericName=Network Diagnostic Tool -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit mozc for openSUSE:Factory
by root＠hilbert.suse.de 03 Sep '14

03 Sep '14

Hello community, here is the log from the commit of package mozc for openSUSE:Factory checked in at 2014-09-03 18:22:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozc (Old) and /work/SRC/openSUSE:Factory/.mozc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "mozc" Changes: -------- --- /work/SRC/openSUSE:Factory/mozc/mozc.changes 2014-06-24 15:16:31.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mozc.new/mozc.changes 2014-09-03 20:25:39.000000000 +0200 @@ -1,0 +2,18 @@ +Sun Aug 31 04:28:41 UTC 2014 - ftake(a)geeko.jp + +- Upstream update to 1.15.1868.102 + * Fix 'Set input mode to X' commands do not work + during "Direct Input" mode +- Upstream update to 1.15.1856.102 + * Several internal changes and changes for other platforms +- Upstream update to 1.15.1834.102 + * Use Ninja for building +- Upstream update to 1.15.1814.102 + * Fix wring key mapping for Numpad-End in mozc.el + * Fix dropping candidats unexpectedly + * Fix preceding text is not correctly extracted by ibus-mozc + * Fix undo-commit (MS IME keybind) is not functional in ibus-mozc +- Update fcitx-mozc +- Update gyp to r1957 + +------------------------------------------------------------------- Old: ---- fcitx-mozc.tar.bz2 gyp-r1829.tar.bz2 mozc-1.15.1785.102.tar.bz2 New: ---- fcitx-mozc-20140713.tar.bz2 gyp-r1957.tar.xz japanese_usage_dictionary-r10.tar.xz mozc-1.15.1868.102.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozc.spec ++++++ --- /var/tmp/diff_new_pack.BBo1Uv/_old 2014-09-03 20:25:41.000000000 +0200 +++ /var/tmp/diff_new_pack.BBo1Uv/_new 2014-09-03 20:25:41.000000000 +0200 @@ -30,34 +30,46 @@ %define zinnia_model_path %{_datadir}/zinnia/model/tomoe/handwriting-ja.model Name: mozc -Version: 1.15.1785.102 +Version: 1.15.1868.102 Release: 0 Summary: Mozc - Japanese Input Method for Chromium OS, Mac and Linux License: BSD-3-Clause and SUSE-Public-Domain Group: System/I18n/Japanese Url: http://code.google.com/p/mozc -Source0: %{name}-%{version}.tar.bz2 +# svn export http://mozc.googlecode.com/svn/trunk/src/@r318 mozc +Source0: %{name}-%{version}.tar.xz Source1: README.SUSE + # gyp is not included from 1.11.1522.102 # License: BSD-3-Clause -# svn export http://gyp.googlecode.com/svn/trunk/@r1829 gyp -Source3: gyp-r1829.tar.bz2 +# svn export http://gyp.googlecode.com/svn/trunk/@r1957 gyp +Source3: gyp-r1957.tar.xz +# Source4: ibus-setup-mozc-jp.desktop.in +# +# svn export http://japanese-usage-dictionary.googlecode.com/svn/trunk/@r10 +# japanese-usage-dictionary +# License: BSD-2-Clause +Source5: japanese_usage_dictionary-r10.tar.xz +# # jigyosyo.zip and ken_all.zip are zip-code--address data provided by # Japan Post Co., Ltd. # License: SUSE-Public-Domain Source10: jigyosyo.zip Source11: ken_all.zip +# %if %{with_fcitx} # add fcitx as mozc module # License: BSD-3-Clause -Source20: fcitx-mozc.tar.bz2 +Source20: fcitx-mozc-20140713.tar.bz2 Source21: fcitx-mozc-icons.tar.gz %endif + # PATCH-FEATURE-OPENSUSE ftake(a)geeko.jp Patch3: ibus-provide-layout-variations.patch +BuildRequires: ninja >= 1.4 BuildRequires: pkgconfig BuildRequires: protobuf-devel BuildRequires: python @@ -130,9 +142,12 @@ cp %{SOURCE1} . -# extract gyp +# install third_party files pushd third_party +# gyp tar xvf %{SOURCE3} +# japanese_usage_dictionary +tar xvf %{SOURCE5} popd # extract fcitx-mozc @@ -142,6 +157,7 @@ popd %endif +# fix installation path sed -e 's|@libdir@|%{_libdir}|g' %{SOURCE4} > ibus-setup-mozc-jp.desktop # prepare zip code dictionary @@ -162,7 +178,6 @@ export GYP_DEFINES='ibus_mozc_path=%{ibus_mozc_path} ibus_mozc_icon_path=%{ibus_mozc_icon_path} use_libprotobuf=1 document_dir=%{document_dir} zinnia_model_file=%{zinnia_model_path} release_extra_cflags="'$flags'"' python build_mozc.py gyp --server_dir=%{_libdir}/mozc -python build_mozc.py build_tools -c %{target} %{?_smp_mflags} python build_mozc.py build -c %{target} %{?_smp_mflags} \ unix/ibus/ibus.gyp:ibus_mozc \ %if %{with_fcitx} @@ -180,9 +195,8 @@ install -m755 -d %{buildroot}%{_libdir}/ibus-mozc install -m755 %{output_dir}/ibus_mozc %{buildroot}%{_libdir}/ibus-mozc/ibus-engine-mozc install -m755 -d %{buildroot}%{_datadir}/ibus/component -install -m644 %{output_dir}/obj/gen/unix/ibus/mozc.xml %{buildroot}%{_datadir}/ibus/component/mozc.xml +install -m644 %{output_dir}/gen/unix/ibus/mozc.xml %{buildroot}%{_datadir}/ibus/component/mozc.xml install -m755 -d %{buildroot}%{_datadir}/ibus-mozc -#{__install} -m755 -d %{buildroot}%{_datadir}/ibus-mozc/setup install -m644 data/images/unix/ime_product_icon_opensource-32.png %{buildroot}%{_datadir}/ibus-mozc/product_icon.png install -m644 data/images/unix/ui-tool.png %{buildroot}%{_datadir}/ibus-mozc/tool.png install -m644 data/images/unix/ui-properties.png %{buildroot}%{_datadir}/ibus-mozc/properties.png @@ -196,19 +210,19 @@ install -m755 -d %{buildroot}%{_datadir}/applications install -m644 ibus-setup-mozc-jp.desktop %{buildroot}%{_datadir}/applications/ibus-setup-mozc-jp.desktop -%suse_update_desktop_file ibus-setup-mozc-jp System Utility settings +%suse_update_desktop_file ibus-setup-mozc-jp System X-SuSE-Core-System # for provide-layout-variations patch ln -s ibus-setup-mozc-jp.desktop %{buildroot}%{_datadir}/applications/ibus-setup-mozc-jp-jp.desktop -%suse_update_desktop_file ibus-setup-mozc-jp-jp System Utility settings +%suse_update_desktop_file ibus-setup-mozc-jp-jp System X-SuSE-Core-System ln -s ibus-setup-mozc-jp.desktop %{buildroot}%{_datadir}/applications/ibus-setup-mozc-us.desktop -%suse_update_desktop_file ibus-setup-mozc-us System Utility settings +%suse_update_desktop_file ibus-setup-mozc-us System X-SuSE-Core-System ln -s ibus-setup-mozc-jp.desktop %{buildroot}%{_datadir}/applications/ibus-setup-mozc-dv.desktop -%suse_update_desktop_file ibus-setup-mozc-dv System Utility settings +%suse_update_desktop_file ibus-setup-mozc-dv System X-SuSE-Core-System %if %{with_fcitx} # Install Fcitx module -for mofile in out_linux/Release/obj/gen/unix/fcitx/po/*.mo +for mofile in out_linux/Release/gen/unix/fcitx/po/*.mo do filename=`basename $mofile` lang=${filename/.mo/} -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit lxappearance for openSUSE:Factory
by root＠hilbert.suse.de 03 Sep '14

03 Sep '14

Hello community, here is the log from the commit of package lxappearance for openSUSE:Factory checked in at 2014-09-03 18:22:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lxappearance (Old) and /work/SRC/openSUSE:Factory/.lxappearance.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "lxappearance" Changes: -------- --- /work/SRC/openSUSE:Factory/lxappearance/lxappearance.changes 2014-01-23 15:49:14.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.lxappearance.new/lxappearance.changes 2014-09-03 20:22:50.000000000 +0200 @@ -2 +2,6 @@ -Thu Jan 9 20:22:36 UTC 2014 - jcsl(a)eresmas.com +Wed Aug 27 09:59:26 UTC 2014 - trcs(a)gmx.com + +- applied spec-cleaner + +------------------------------------------------------------------- +Thu Jan 9 20:22:36 UTC 2014 - trcs(a)gmx.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxappearance.spec ++++++ --- /var/tmp/diff_new_pack.sH02vC/_old 2014-09-03 20:22:52.000000000 +0200 +++ /var/tmp/diff_new_pack.sH02vC/_new 2014-09-03 20:22:52.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package lxappearance # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,16 +17,17 @@ Name: lxappearance +Version: 0.5.5 +Release: 0 Summary: It's a desktop-independent theme switcher for GTK+ License: GPL-2.0 Group: System/GUI/LXDE -Version: 0.5.5 -Release: 0 Url: http://www.lxde.org/ -Source0: %name-%version.tar.xz -BuildRoot: %{_tmppath}/%{name}-%{version}-build +Source0: %{name}-%{version}.tar.xz BuildRequires: autoconf BuildRequires: automake +BuildRequires: dbus-1-devel +BuildRequires: dbus-1-glib-devel BuildRequires: docbook-utils BuildRequires: docbook-xsl-stylesheets BuildRequires: fdupes @@ -43,10 +44,9 @@ BuildRequires: perl-XML-Parser BuildRequires: pkg-config BuildRequires: update-desktop-files -BuildRequires: dbus-1-devel -BuildRequires: dbus-1-glib-devel -Recommends: %name-lang -Recommends: %name-obconf +Recommends: %{name}-lang +Recommends: %{name}-obconf +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description LXAppearance is part of LXDE project. @@ -55,12 +55,13 @@ %package devel Summary: Lxappearance development files Group: Development/Libraries/C and C++ -Requires: %name = %version +Requires: %{name} = %{version} %description devel Development files to build lxappearance plugins %lang_package + %prep %setup -q @@ -69,47 +70,42 @@ --enable-dbus \ --disable-static \ --sysconfdir=/etc -%__make %{?jobs:-j%{jobs}} V=1 +make %{?_smp_mflags} V=1 %install -%makeinstall +make DESTDIR=%{buildroot} install %{?_smp_mflags} # own the pugins dir so that we don't need it # for each plugin we will install later -mkdir -p %buildroot/%_libdir/lxappearance/plugins -%suse_update_desktop_file %name +mkdir -p %{buildroot}/%{_libdir}/lxappearance/plugins +%suse_update_desktop_file %{name} %fdupes -s %{buildroot} -%find_lang %name - -%clean -rm -fr %buildroot - -%if 0%{?suse_version} >= 1140 +%find_lang %{name} %post %desktop_database_post %postun %desktop_database_postun -%endif %files %defattr(-,root,root) -%_bindir/%name -%_datadir/applications/%name.desktop -%dir %_datadir/%name -%dir %_datadir/%name/ui -%_datadir/%name/ui/lxappearance.ui -%_datadir/%name/ui/about.ui -%_mandir/man1/%name.1.gz -%dir %_libdir/lxappearance -%dir %_libdir/lxappearance/plugins +%{_bindir}/%{name} +%{_datadir}/applications/%{name}.desktop +%dir %{_datadir}/%{name} +%dir %{_datadir}/%{name}/ui +%{_datadir}/%{name}/ui/lxappearance.ui +%{_datadir}/%{name}/ui/about.ui +%{_mandir}/man1/%{name}.1.gz +%dir %{_libdir}/lxappearance +%dir %{_libdir}/lxappearance/plugins %files devel %defattr(-,root,root) -%dir %_includedir/%name -%_includedir/%name/%name.h -%_libdir/pkgconfig/%name.pc +%dir %{_includedir}/%{name} +%{_includedir}/%{name}/%{name}.h +%{_libdir}/pkgconfig/%{name}.pc -%files lang -f %name.lang +%files lang -f %{name}.lang +%defattr(-,root,root) %changelog -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit libvirt for openSUSE:Factory
by root＠hilbert.suse.de 03 Sep '14

03 Sep '14

Hello community, here is the log from the commit of package libvirt for openSUSE:Factory checked in at 2014-09-03 18:23:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvirt (Old) and /work/SRC/openSUSE:Factory/.libvirt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libvirt" Changes: -------- --- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes 2014-08-25 11:04:58.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libvirt.new/libvirt.changes 2014-09-03 20:20:41.000000000 +0200 @@ -1,0 +2,23 @@ +Tue Sep 2 09:17:06 MDT 2014 - jfehlig(a)suse.com + +- Update to libvirt 1.2.8 + - virDomainBlockCopy with XML destination, typed params + - Introduce API for retrieving bulk domain stats + - Introduce virDomainOpenGraphicsFD API + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + +------------------------------------------------------------------- +Mon Sep 1 14:48:26 UTC 2014 - cbosdonnat(a)suse.com + +- bnc#893999: remove mount rules from libvirt-lxc apparmor + abstraction file as those aren't handled by our kernel. + apparmor-no-mount.patch + +------------------------------------------------------------------- +Fri Aug 29 16:12:28 UTC 2014 - mlatimer(a)suse.com + +- bnc#894232 - Update apparmor profile to allow raw packets + install-apparmor-profiles.patch + +------------------------------------------------------------------- Old: ---- libvirt-1.2.7.tar.bz2 New: ---- apparmor-no-mount.patch libvirt-1.2.8.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -235,7 +235,7 @@ Name: libvirt Url: http://libvirt.org/ -Version: 1.2.7 +Version: 1.2.8 Release: 0 Summary: Library providing a simple virtualization API License: LGPL-2.1+ @@ -307,6 +307,7 @@ BuildRequires: libxml2-devel BuildRequires: libxslt BuildRequires: ncurses-devel +BuildRequires: perl BuildRequires: python BuildRequires: python-xml BuildRequires: readline-devel @@ -447,6 +448,7 @@ Patch208: disable-virCgroupGetPercpuStats-test.patch %if %{with_apparmor} Patch250: install-apparmor-profiles.patch +Patch251: apparmor-no-mount.patch %endif %if %{with_netcontrol} Patch300: libvirt-suse-netcontrol.patch @@ -961,6 +963,7 @@ %patch208 -p1 %if %{with_apparmor} %patch250 -p1 +%patch251 -p1 %endif %if %{with_netcontrol} %patch300 -p1 @@ -1356,7 +1359,7 @@ %post daemon /sbin/ldconfig %if %{with_systemd} -%service_add_post libvirtd.service +%service_add_post libvirtd.service libvirtd.socket %service_add_post virtlockd.service virtlockd.socket %endif %{fillup_only -n libvirtd} @@ -1364,7 +1367,7 @@ %preun daemon %if %{with_systemd} -%service_del_preun libvirtd.service +%service_del_preun libvirtd.service libvirtd.socket %service_del_preun virtlockd.service virtlockd.socket %else %stop_on_removal libvirtd @@ -1436,6 +1439,7 @@ %{_localstatedir}/adm/fillup-templates/sysconfig.virtlockd %if %{with_systemd} %{_unitdir}/libvirtd.service +%{_unitdir}/libvirtd.socket %{_unitdir}/virtlockd.service %{_unitdir}/virtlockd.socket %else @@ -1684,6 +1688,8 @@ %files daemon-driver-vbox %defattr(-, root, root) %{_libdir}/%{name}/connection-driver/libvirt_driver_vbox.so +%{_libdir}/%{name}/connection-driver/libvirt_driver_vbox_network.so +%{_libdir}/%{name}/connection-driver/libvirt_driver_vbox_storage.so %endif %endif # with_driver_modules ++++++ apparmor-no-mount.patch ++++++ Index: libvirt-1.2.8/examples/apparmor/libvirt-lxc =================================================================== --- libvirt-1.2.8.orig/examples/apparmor/libvirt-lxc +++ libvirt-1.2.8/examples/apparmor/libvirt-lxc @@ -2,39 +2,15 @@ #include <abstractions/base> - umount, - - # ignore DENIED message on / remount - deny mount options=(ro, remount) -> /, - - # allow tmpfs mounts everywhere - mount fstype=tmpfs, - - # allow mqueue mounts everywhere - mount fstype=mqueue, - - # allow fuse mounts everywhere - mount fstype=fuse.*, - - # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted - mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/, + # deny writes in /proc/sys/fs deny @{PROC}/sys/fs/** wklx, - # allow efivars to be mounted, writing to it will be blocked though - mount fstype=efivarfs -> /sys/firmware/efi/efivars/, - # block some other dangerous paths deny @{PROC}/sysrq-trigger rwklx, deny @{PROC}/mem rwklx, deny @{PROC}/kmem rwklx, - # deny writes in /sys except for /sys/fs/cgroup, also allow - # fusectl, securityfs and debugfs to be mounted there (read-only) - mount fstype=fusectl -> /sys/fs/fuse/connections/, - mount fstype=securityfs -> /sys/kernel/security/, - mount fstype=debugfs -> /sys/kernel/debug/, - mount fstype=proc -> /proc/, - mount fstype=sysfs -> /sys/, + # deny writes in /sys deny /sys/firmware/efi/efivars/** rwklx, deny /sys/kernel/security/** rwklx, ++++++ blockcopy-check-dst-identical-device.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -11,11 +11,11 @@ src/qemu/qemu_driver.c | 7 +++++++ 1 file changed, 7 insertions(+) -Index: libvirt-1.2.7/src/qemu/qemu_driver.c +Index: libvirt-1.2.8/src/qemu/qemu_driver.c =================================================================== ---- libvirt-1.2.7.orig/src/qemu/qemu_driver.c -+++ libvirt-1.2.7/src/qemu/qemu_driver.c -@@ -15330,6 +15330,13 @@ qemuDomainBlockCopy(virDomainObjPtr vm, +--- libvirt-1.2.8.orig/src/qemu/qemu_driver.c ++++ libvirt-1.2.8/src/qemu/qemu_driver.c +@@ -15357,6 +15357,13 @@ qemuDomainBlockCopy(virDomainObjPtr vm, } /* Prepare the destination file. */ ++++++ disable-virCgroupGetPercpuStats-test.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -1,7 +1,7 @@ -Index: libvirt-1.2.7/tests/vircgrouptest.c +Index: libvirt-1.2.8/tests/vircgrouptest.c =================================================================== ---- libvirt-1.2.7.orig/tests/vircgrouptest.c -+++ libvirt-1.2.7/tests/vircgrouptest.c +--- libvirt-1.2.8.orig/tests/vircgrouptest.c ++++ libvirt-1.2.8/tests/vircgrouptest.c @@ -33,7 +33,6 @@ # include "virlog.h" # include "virfile.h" ++++++ fix-pci-attach-xen-driver.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -8,10 +8,10 @@ This patch changes the xend driver to always call 'device_configure' for PCI devices to be consistent with the usage in the xen tools. -Index: libvirt-1.2.7/src/xen/xend_internal.c +Index: libvirt-1.2.8/src/xen/xend_internal.c =================================================================== ---- libvirt-1.2.7.orig/src/xen/xend_internal.c -+++ libvirt-1.2.7/src/xen/xend_internal.c +--- libvirt-1.2.8.orig/src/xen/xend_internal.c ++++ libvirt-1.2.8/src/xen/xend_internal.c @@ -2221,6 +2221,7 @@ xenDaemonAttachDeviceFlags(virConnectPtr virBuffer buf = VIR_BUFFER_INITIALIZER; char class[8], ref[80]; ++++++ install-apparmor-profiles.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -1,7 +1,7 @@ -Index: libvirt-1.2.7/examples/apparmor/Makefile.am +Index: libvirt-1.2.8/examples/apparmor/Makefile.am =================================================================== ---- libvirt-1.2.7.orig/examples/apparmor/Makefile.am -+++ libvirt-1.2.7/examples/apparmor/Makefile.am +--- libvirt-1.2.8.orig/examples/apparmor/Makefile.am ++++ libvirt-1.2.8/examples/apparmor/Makefile.am @@ -19,10 +19,22 @@ EXTRA_DIST= \ TEMPLATE.lxc \ libvirt-qemu \ @@ -27,10 +27,10 @@ apparmordir = $(sysconfdir)/apparmor.d/ apparmor_DATA = \ usr.lib.libvirt.virt-aa-helper \ -Index: libvirt-1.2.7/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in +Index: libvirt-1.2.8/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in =================================================================== --- /dev/null -+++ libvirt-1.2.7/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in ++++ libvirt-1.2.8/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in @@ -0,0 +1,48 @@ +# Last Modified: Mon Apr 5 15:10:27 2010 +#include <tunables/global> @@ -80,11 +80,11 @@ + /**.[iI][sS][oO] r, + /**/disk{,.*} r, +} -Index: libvirt-1.2.7/examples/apparmor/usr.sbin.libvirtd.in +Index: libvirt-1.2.8/examples/apparmor/usr.sbin.libvirtd.in =================================================================== --- /dev/null -+++ libvirt-1.2.7/examples/apparmor/usr.sbin.libvirtd.in -@@ -0,0 +1,67 @@ ++++ libvirt-1.2.8/examples/apparmor/usr.sbin.libvirtd.in +@@ -0,0 +1,68 @@ +# Last Modified: Mon Apr 5 15:03:58 2010 +#include <tunables/global> +@{LIBVIRT}="libvirt" @@ -120,6 +120,7 @@ + network inet6 stream, + network inet6 dgram, + network packet dgram, ++ network packet raw, + + # Very lenient profile for libvirtd since we want to first focus on confining + # the guests. Guests will have a very restricted profile. @@ -152,9 +153,9 @@ + change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + +} -Index: libvirt-1.2.7/examples/apparmor/usr.lib.libvirt.virt-aa-helper +Index: libvirt-1.2.8/examples/apparmor/usr.lib.libvirt.virt-aa-helper =================================================================== ---- libvirt-1.2.7.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +--- libvirt-1.2.8.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ /dev/null @@ -1,48 +0,0 @@ -# Last Modified: Mon Apr 5 15:10:27 2010 @@ -205,9 +206,9 @@ - /**.[iI][sS][oO] r, - /**/disk{,.*} r, -} -Index: libvirt-1.2.7/examples/apparmor/usr.sbin.libvirtd +Index: libvirt-1.2.8/examples/apparmor/usr.sbin.libvirtd =================================================================== ---- libvirt-1.2.7.orig/examples/apparmor/usr.sbin.libvirtd +--- libvirt-1.2.8.orig/examples/apparmor/usr.sbin.libvirtd +++ /dev/null @@ -1,63 +0,0 @@ -# Last Modified: Mon Apr 5 15:03:58 2010 ++++++ libvirt-1.2.7.tar.bz2 -> libvirt-1.2.8.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/libvirt/libvirt-1.2.7.tar.bz2 /work/SRC/openSUSE:Factory/.libvirt.new/libvirt-1.2.8.tar.bz2 differ: char 11, line 1 ++++++ libvirt-guests-init-script.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -1,9 +1,9 @@ Adjust libvirt-guests init files to conform to SUSE standards -Index: libvirt-1.2.7/tools/libvirt-guests.init.in +Index: libvirt-1.2.8/tools/libvirt-guests.init.in =================================================================== ---- libvirt-1.2.7.orig/tools/libvirt-guests.init.in -+++ libvirt-1.2.7/tools/libvirt-guests.init.in +--- libvirt-1.2.8.orig/tools/libvirt-guests.init.in ++++ libvirt-1.2.8/tools/libvirt-guests.init.in @@ -3,15 +3,15 @@ # the following is the LSB init header # @@ -28,10 +28,10 @@ ### END INIT INFO # the following is chkconfig init header -Index: libvirt-1.2.7/tools/libvirt-guests.sh.in +Index: libvirt-1.2.8/tools/libvirt-guests.sh.in =================================================================== ---- libvirt-1.2.7.orig/tools/libvirt-guests.sh.in -+++ libvirt-1.2.7/tools/libvirt-guests.sh.in +--- libvirt-1.2.8.orig/tools/libvirt-guests.sh.in ++++ libvirt-1.2.8/tools/libvirt-guests.sh.in @@ -16,14 +16,13 @@ # License along with this library. If not, see # <http://www.gnu.org/licenses/>. @@ -189,10 +189,10 @@ esac -exit $RETVAL +rc_exit -Index: libvirt-1.2.7/tools/libvirt-guests.sysconf +Index: libvirt-1.2.8/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-1.2.7.orig/tools/libvirt-guests.sysconf -+++ libvirt-1.2.7/tools/libvirt-guests.sysconf +--- libvirt-1.2.8.orig/tools/libvirt-guests.sysconf ++++ libvirt-1.2.8/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + ++++++ libvirt-power8-models.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -1,6 +1,8 @@ ---- a/src/cpu/cpu_map.xml 2014/08/19 16:05:34 1.1 -+++ b/src/cpu/cpu_map.xml 2014/08/19 16:06:53 -@@ -614,5 +614,15 @@ +Index: libvirt-1.2.8/src/cpu/cpu_map.xml +=================================================================== +--- libvirt-1.2.8.orig/src/cpu/cpu_map.xml ++++ libvirt-1.2.8/src/cpu/cpu_map.xml +@@ -627,5 +627,15 @@ <pvr value='0x004b0100'/> </model> ++++++ libvirt-ppc64le-support.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -1,6 +1,8 @@ ---- a/src/conf/domain_conf.c -+++ b/src/conf/domain_conf.c -@@ -9515,7 +9515,8 @@ +Index: libvirt-1.2.8/src/conf/domain_conf.c +=================================================================== +--- libvirt-1.2.8.orig/src/conf/domain_conf.c ++++ libvirt-1.2.8/src/conf/domain_conf.c +@@ -9690,7 +9690,8 @@ virDomainVideoDefaultType(const virDomai (STREQ(def->os.type, "xen") || STREQ(def->os.type, "linux"))) return VIR_DOMAIN_VIDEO_TYPE_XEN; @@ -10,8 +12,10 @@ return VIR_DOMAIN_VIDEO_TYPE_VGA; else return VIR_DOMAIN_VIDEO_TYPE_CIRRUS; ---- a/src/cpu/cpu_powerpc.c -+++ b/src/cpu/cpu_powerpc.c +Index: libvirt-1.2.8/src/cpu/cpu_powerpc.c +=================================================================== +--- libvirt-1.2.8.orig/src/cpu/cpu_powerpc.c ++++ libvirt-1.2.8/src/cpu/cpu_powerpc.c @@ -38,7 +38,7 @@ VIR_LOG_INIT("cpu.cpu_powerpc"); @@ -21,9 +25,11 @@ struct ppc_vendor { char *name; ---- a/src/qemu/qemu_capabilities.c -+++ b/src/qemu/qemu_capabilities.c -@@ -624,7 +624,8 @@ +Index: libvirt-1.2.8/src/qemu/qemu_capabilities.c +=================================================================== +--- libvirt-1.2.8.orig/src/qemu/qemu_capabilities.c ++++ libvirt-1.2.8/src/qemu/qemu_capabilities.c +@@ -631,7 +631,8 @@ virQEMUCapsProbeCPUModels(virQEMUCapsPtr if (qemuCaps->arch == VIR_ARCH_I686 || qemuCaps->arch == VIR_ARCH_X86_64) parse = virQEMUCapsParseX86Models; @@ -33,7 +39,7 @@ parse = virQEMUCapsParsePPCModels; else { VIR_DEBUG("don't know how to parse %s CPU models", -@@ -1984,7 +1985,8 @@ +@@ -1996,7 +1997,8 @@ bool virQEMUCapsHasPCIMultiBus(virQEMUCa return true; if (def->os.arch == VIR_ARCH_PPC || @@ -43,7 +49,7 @@ /* * Usage of pci.0 naming: * -@@ -3551,7 +3553,9 @@ +@@ -3567,7 +3569,9 @@ virQEMUCapsSupportsChardev(virDomainDefP !virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE)) return false; @@ -54,9 +60,11 @@ /* only pseries need -device spapr-vty with -chardev */ return (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL && chr->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO); ---- a/src/qemu/qemu_command.c -+++ b/src/qemu/qemu_command.c -@@ -722,7 +722,8 @@ +Index: libvirt-1.2.8/src/qemu/qemu_command.c +=================================================================== +--- libvirt-1.2.8.orig/src/qemu/qemu_command.c ++++ libvirt-1.2.8/src/qemu/qemu_command.c +@@ -703,7 +703,8 @@ qemuSetSCSIControllerModel(virDomainDefP return -1; } } else { @@ -66,7 +74,7 @@ STREQ(def->os.machine, "pseries")) { *model = VIR_DOMAIN_CONTROLLER_MODEL_SCSI_IBMVSCSI; } else if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SCSI_LSI)) { -@@ -1269,7 +1270,8 @@ +@@ -1250,7 +1251,8 @@ int qemuDomainAssignSpaprVIOAddresses(vi for (i = 0; i < def->nserials; i++) { if (def->serials[i]->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL && @@ -76,7 +84,7 @@ STREQ(def->os.machine, "pseries")) def->serials[i]->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO; if (qemuAssignSpaprVIOAddress(def, &def->serials[i]->info, -@@ -1278,7 +1280,8 @@ +@@ -1259,7 +1261,8 @@ int qemuDomainAssignSpaprVIOAddresses(vi } if (def->nvram) { @@ -86,7 +94,7 @@ STREQ(def->os.machine, "pseries")) def->nvram->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO; if (qemuAssignSpaprVIOAddress(def, &def->nvram->info, -@@ -4097,7 +4100,8 @@ +@@ -4147,7 +4150,8 @@ qemuBuildUSBControllerDevStr(virDomainDe model = def->model; if (model == -1) { @@ -96,7 +104,7 @@ model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI; else model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PIIX3_UHCI; -@@ -8066,7 +8070,8 @@ +@@ -8176,7 +8180,8 @@ qemuBuildCommandLine(virConnectPtr conn, !qemuDomainMachineIsQ35(def) && (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PIIX3_USB_UHCI) || (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PCI_OHCI) && @@ -106,7 +114,7 @@ if (usblegacy) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Multiple legacy USB controllers are " -@@ -9256,7 +9261,8 @@ +@@ -9366,7 +9371,8 @@ qemuBuildCommandLine(virConnectPtr conn, } if (def->nvram) { @@ -116,7 +124,7 @@ STREQ(def->os.machine, "pseries")) { if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_NVRAM)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", -@@ -9368,7 +9374,8 @@ +@@ -9478,7 +9484,8 @@ qemuBuildSerialChrDeviceStr(char **devic { virBuffer cmd = VIR_BUFFER_INITIALIZER; @@ -126,7 +134,7 @@ if (serial->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL && serial->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO) { virBufferAsprintf(&cmd, "spapr-vty,chardev=char%s", -@@ -9791,7 +9798,8 @@ +@@ -9900,7 +9907,8 @@ qemuParseCommandLineDisk(virDomainXMLOpt if (VIR_ALLOC(def->src) < 0) goto error; @@ -136,7 +144,7 @@ dom->os.machine && STREQ(dom->os.machine, "pseries"))) def->bus = VIR_DOMAIN_DISK_BUS_SCSI; else -@@ -9883,7 +9891,8 @@ +@@ -9992,7 +10000,8 @@ qemuParseCommandLineDisk(virDomainXMLOpt } else if (STREQ(keywords[i], "if")) { if (STREQ(values[i], "ide")) { def->bus = VIR_DOMAIN_DISK_BUS_IDE; @@ -146,7 +154,7 @@ dom->os.machine && STREQ(dom->os.machine, "pseries"))) { virReportError(VIR_ERR_INTERNAL_ERROR, _("pseries systems do not support ide devices '%s'"), val); -@@ -11121,7 +11130,8 @@ +@@ -11233,7 +11242,8 @@ qemuParseCommandLine(virCapsPtr qemuCaps disk->src->type = VIR_STORAGE_TYPE_FILE; if (STREQ(arg, "-cdrom")) { disk->device = VIR_DOMAIN_DISK_DEVICE_CDROM; @@ -156,7 +164,7 @@ def->os.machine && STREQ(def->os.machine, "pseries"))) disk->bus = VIR_DOMAIN_DISK_BUS_SCSI; if (VIR_STRDUP(disk->dst, "hdc") < 0) -@@ -11137,7 +11147,8 @@ +@@ -11249,7 +11259,8 @@ qemuParseCommandLine(virCapsPtr qemuCaps disk->bus = VIR_DOMAIN_DISK_BUS_IDE; else disk->bus = VIR_DOMAIN_DISK_BUS_SCSI; @@ -166,9 +174,11 @@ def->os.machine && STREQ(def->os.machine, "pseries"))) disk->bus = VIR_DOMAIN_DISK_BUS_SCSI; } ---- a/src/qemu/qemu_domain.c -+++ b/src/qemu/qemu_domain.c -@@ -754,6 +754,7 @@ +Index: libvirt-1.2.8/src/qemu/qemu_domain.c +=================================================================== +--- libvirt-1.2.8.orig/src/qemu/qemu_domain.c ++++ libvirt-1.2.8/src/qemu/qemu_domain.c +@@ -754,6 +754,7 @@ qemuDomainDefPostParse(virDomainDefPtr d break; case VIR_ARCH_PPC64: ++++++ libvirt-suse-netcontrol.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -1,7 +1,7 @@ -Index: libvirt-1.2.7/configure.ac +Index: libvirt-1.2.8/configure.ac =================================================================== ---- libvirt-1.2.7.orig/configure.ac -+++ libvirt-1.2.7/configure.ac +--- libvirt-1.2.8.orig/configure.ac ++++ libvirt-1.2.8/configure.ac @@ -237,6 +237,7 @@ LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_GLUSTER LIBVIRT_CHECK_HAL @@ -10,7 +10,7 @@ LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_OPENWSMAN LIBVIRT_CHECK_PCIACCESS -@@ -2409,11 +2410,12 @@ if test "$with_libvirtd" = "no" ; then +@@ -2454,11 +2455,12 @@ if test "$with_libvirtd" = "no" ; then with_interface=no fi @@ -26,7 +26,7 @@ esac if test "$with_interface" = "yes" ; then -@@ -2834,6 +2836,7 @@ LIBVIRT_RESULT_FUSE +@@ -2880,6 +2882,7 @@ LIBVIRT_RESULT_FUSE LIBVIRT_RESULT_GLUSTER LIBVIRT_RESULT_HAL LIBVIRT_RESULT_NETCF @@ -34,11 +34,11 @@ LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_OPENWSMAN LIBVIRT_RESULT_PCIACCESS -Index: libvirt-1.2.7/src/Makefile.am +Index: libvirt-1.2.8/src/Makefile.am =================================================================== ---- libvirt-1.2.7.orig/src/Makefile.am -+++ libvirt-1.2.7/src/Makefile.am -@@ -820,6 +820,10 @@ if WITH_NETCF +--- libvirt-1.2.8.orig/src/Makefile.am ++++ libvirt-1.2.8/src/Makefile.am +@@ -823,6 +823,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif WITH_NETCF @@ -49,7 +49,7 @@ if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c -@@ -1416,10 +1420,15 @@ if WITH_NETCF +@@ -1458,10 +1462,15 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) else ! WITH_NETCF @@ -65,10 +65,10 @@ endif ! WITH_NETCF if WITH_DRIVER_MODULES libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la -Index: libvirt-1.2.7/tools/virsh.c +Index: libvirt-1.2.8/tools/virsh.c =================================================================== ---- libvirt-1.2.7.orig/tools/virsh.c -+++ libvirt-1.2.7/tools/virsh.c +--- libvirt-1.2.8.orig/tools/virsh.c ++++ libvirt-1.2.8/tools/virsh.c @@ -3320,6 +3320,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) @@ -78,10 +78,10 @@ # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-1.2.7/src/interface/interface_backend_netcf.c +Index: libvirt-1.2.8/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-1.2.7.orig/src/interface/interface_backend_netcf.c -+++ libvirt-1.2.7/src/interface/interface_backend_netcf.c +--- libvirt-1.2.8.orig/src/interface/interface_backend_netcf.c ++++ libvirt-1.2.8/src/interface/interface_backend_netcf.c @@ -23,7 +23,12 @@ #include <config.h> @@ -165,10 +165,10 @@ return 0; } -Index: libvirt-1.2.7/src/interface/interface_driver.c +Index: libvirt-1.2.8/src/interface/interface_driver.c =================================================================== ---- libvirt-1.2.7.orig/src/interface/interface_driver.c -+++ libvirt-1.2.7/src/interface/interface_driver.c +--- libvirt-1.2.8.orig/src/interface/interface_driver.c ++++ libvirt-1.2.8/src/interface/interface_driver.c @@ -30,8 +30,15 @@ interfaceRegister(void) if (netcfIfaceRegister() == 0) return 0; @@ -186,10 +186,10 @@ if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-1.2.7/m4/virt-netcontrol.m4 +Index: libvirt-1.2.8/m4/virt-netcontrol.m4 =================================================================== --- /dev/null -+++ libvirt-1.2.7/m4/virt-netcontrol.m4 ++++ libvirt-1.2.8/m4/virt-netcontrol.m4 @@ -0,0 +1,35 @@ +dnl The libnetcontrol library +dnl ++++++ libvirtd-defaults.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -1,7 +1,7 @@ -Index: libvirt-1.2.7/daemon/libvirtd.conf +Index: libvirt-1.2.8/daemon/libvirtd.conf =================================================================== ---- libvirt-1.2.7.orig/daemon/libvirtd.conf -+++ libvirt-1.2.7/daemon/libvirtd.conf +--- libvirt-1.2.8.orig/daemon/libvirtd.conf ++++ libvirt-1.2.8/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -13,10 +13,10 @@ # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to -Index: libvirt-1.2.7/daemon/libvirtd-config.c +Index: libvirt-1.2.8/daemon/libvirtd-config.c =================================================================== ---- libvirt-1.2.7.orig/daemon/libvirtd-config.c -+++ libvirt-1.2.7/daemon/libvirtd-config.c +--- libvirt-1.2.8.orig/daemon/libvirtd-config.c ++++ libvirt-1.2.8/daemon/libvirtd-config.c @@ -229,7 +229,7 @@ daemonConfigNew(bool privileged ATTRIBUT if (VIR_ALLOC(data) < 0) return NULL; @@ -26,10 +26,10 @@ data->listen_tcp = 0; if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || -Index: libvirt-1.2.7/daemon/test_libvirtd.aug.in +Index: libvirt-1.2.8/daemon/test_libvirtd.aug.in =================================================================== ---- libvirt-1.2.7.orig/daemon/test_libvirtd.aug.in -+++ libvirt-1.2.7/daemon/test_libvirtd.aug.in +--- libvirt-1.2.8.orig/daemon/test_libvirtd.aug.in ++++ libvirt-1.2.8/daemon/test_libvirtd.aug.in @@ -2,7 +2,7 @@ module Test_libvirtd = ::CONFIG:: ++++++ libvirtd-init-script.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -1,9 +1,9 @@ Adjust libvirtd sysconfig file to conform to SUSE standards -Index: libvirt-1.2.7/daemon/libvirtd.sysconf +Index: libvirt-1.2.8/daemon/libvirtd.sysconf =================================================================== ---- libvirt-1.2.7.orig/daemon/libvirtd.sysconf -+++ libvirt-1.2.7/daemon/libvirtd.sysconf +--- libvirt-1.2.8.orig/daemon/libvirtd.sysconf ++++ libvirt-1.2.8/daemon/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + ++++++ support-managed-pci-xen-driver.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -8,10 +8,68 @@ src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 15 deletions(-) -Index: libvirt-1.2.7/src/xenxs/xen_sxpr.c +Index: libvirt-1.2.8/src/xenconfig/xen_common.c =================================================================== ---- libvirt-1.2.7.orig/src/xenxs/xen_sxpr.c -+++ libvirt-1.2.7/src/xenxs/xen_sxpr.c +--- libvirt-1.2.8.orig/src/xenconfig/xen_common.c ++++ libvirt-1.2.8/src/xenconfig/xen_common.c +@@ -401,6 +401,8 @@ xenParsePCI(virConfPtr conf, virDomainDe + { + virConfValuePtr list = virConfGetValue(conf, "pci"); + virDomainHostdevDefPtr hostdev = NULL; ++ char *opt; ++ int managed = 0; + + if (list && list->type == VIR_CONF_LIST) { + list = list->list; +@@ -422,6 +424,11 @@ xenParsePCI(virConfPtr conf, virDomainDe + /* pci=['0000:00:1b.0','0000:00:13.0'] */ + if (!(key = list->str)) + goto skippci; ++ ++ opt = strchr(key, ','); ++ if (opt) ++ opt++; ++ + if (!(nextkey = strchr(key, ':'))) + goto skippci; + if (virStrncpy(domain, key, (nextkey - key), sizeof(domain)) == NULL) { +@@ -465,10 +472,31 @@ xenParsePCI(virConfPtr conf, virDomainDe + goto skippci; + if (virStrToLong_i(func, NULL, 16, &funcID) < 0) + goto skippci; ++ ++ if (opt) { ++ char opt_managed[2]; ++ char *data; ++ ++ opt_managed[0] = '\0'; ++ data = strchr(opt, '='); ++ data++; ++ ++ if (STRPREFIX(opt, "managed=")) { ++ if (virStrncpy(opt_managed, data, 1, sizeof(opt_managed)) == NULL) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, ++ _("managed option %s too big for destination"), ++ data); ++ goto skippci; ++ } ++ } ++ if (virStrToLong_i(opt_managed, NULL, 10, &managed) < 0) ++ goto skippci; ++ } ++ + if (!(hostdev = virDomainHostdevDefAlloc())) + return -1; + +- hostdev->managed = false; ++ hostdev->managed = managed ? true : false; + hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; + hostdev->source.subsys.u.pci.addr.domain = domainID; + hostdev->source.subsys.u.pci.addr.bus = busID; +Index: libvirt-1.2.8/src/xenconfig/xen_sxpr.c +=================================================================== +--- libvirt-1.2.8.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-1.2.8/src/xenconfig/xen_sxpr.c @@ -997,6 +997,7 @@ xenParseSxprPCI(virDomainDefPtr def, int busID; int slotID; @@ -78,60 +136,3 @@ xenFormatSxprPCI(def->hostdevs[i], buf); } } -Index: libvirt-1.2.7/src/xenxs/xen_xm.c -=================================================================== ---- libvirt-1.2.7.orig/src/xenxs/xen_xm.c -+++ libvirt-1.2.7/src/xenxs/xen_xm.c -@@ -815,6 +815,8 @@ xenParseXM(virConfPtr conf, int xendConf - int busID; - int slotID; - int funcID; -+ char *opt; -+ int managed = 0; - - domain[0] = bus[0] = slot[0] = func[0] = '\0'; - -@@ -824,6 +826,11 @@ xenParseXM(virConfPtr conf, int xendConf - /* pci=['0000:00:1b.0','0000:00:13.0'] */ - if (!(key = list->str)) - goto skippci; -+ -+ opt = strchr(key, ','); -+ if (opt) -+ opt++; -+ - if (!(nextkey = strchr(key, ':'))) - goto skippci; - -@@ -872,10 +879,30 @@ xenParseXM(virConfPtr conf, int xendConf - if (virStrToLong_i(func, NULL, 16, &funcID) < 0) - goto skippci; - -+ if (opt) { -+ char opt_managed[2]; -+ char *data; -+ -+ opt_managed[0] = '\0'; -+ data = strchr(opt, '='); -+ data++; -+ -+ if (STRPREFIX(opt, "managed=")) { -+ if (virStrncpy(opt_managed, data, 1, sizeof(opt_managed)) == NULL) { -+ virReportError(VIR_ERR_INTERNAL_ERROR, -+ _("managed option %s too big for destination"), -+ data); -+ goto skippci; -+ } -+ } -+ if (virStrToLong_i(opt_managed, NULL, 10, &managed) < 0) -+ goto skippci; -+ } -+ - if (!(hostdev = virDomainHostdevDefAlloc())) - goto cleanup; - -- hostdev->managed = false; -+ hostdev->managed = managed ? true : false; - hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; - hostdev->source.subsys.u.pci.addr.domain = domainID; - hostdev->source.subsys.u.pci.addr.bus = busID; ++++++ suse-qemu-conf.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -1,7 +1,7 @@ -Index: libvirt-1.2.7/src/qemu/qemu.conf +Index: libvirt-1.2.8/src/qemu/qemu.conf =================================================================== ---- libvirt-1.2.7.orig/src/qemu/qemu.conf -+++ libvirt-1.2.7/src/qemu/qemu.conf +--- libvirt-1.2.8.orig/src/qemu/qemu.conf ++++ libvirt-1.2.8/src/qemu/qemu.conf @@ -200,7 +200,16 @@ # a special value; security_driver can be set to that value in # isolation, but it cannot appear in a list of drivers. ++++++ systemd-service-xen.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -1,8 +1,8 @@ -Index: libvirt-1.2.7/daemon/libvirtd.service.in +Index: libvirt-1.2.8/daemon/libvirtd.service.in =================================================================== ---- libvirt-1.2.7.orig/daemon/libvirtd.service.in -+++ libvirt-1.2.7/daemon/libvirtd.service.in -@@ -10,6 +10,8 @@ After=network.target +--- libvirt-1.2.8.orig/daemon/libvirtd.service.in ++++ libvirt-1.2.8/daemon/libvirtd.service.in +@@ -5,6 +5,8 @@ After=network.target After=dbus.service After=iscsid.service After=apparmor.service ++++++ virtlockd-init-script.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -1,9 +1,9 @@ Adjust virtlockd init files to conform to SUSE standards -Index: libvirt-1.2.7/src/locking/virtlockd.sysconf +Index: libvirt-1.2.8/src/locking/virtlockd.sysconf =================================================================== ---- libvirt-1.2.7.orig/src/locking/virtlockd.sysconf -+++ libvirt-1.2.7/src/locking/virtlockd.sysconf +--- libvirt-1.2.8.orig/src/locking/virtlockd.sysconf ++++ libvirt-1.2.8/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + @@ -12,10 +12,10 @@ # # Pass extra arguments to virtlockd #VIRTLOCKD_ARGS= -Index: libvirt-1.2.7/src/locking/virtlockd.init.in +Index: libvirt-1.2.8/src/locking/virtlockd.init.in =================================================================== ---- libvirt-1.2.7.orig/src/locking/virtlockd.init.in -+++ libvirt-1.2.7/src/locking/virtlockd.init.in +--- libvirt-1.2.8.orig/src/locking/virtlockd.init.in ++++ libvirt-1.2.8/src/locking/virtlockd.init.in @@ -4,12 +4,14 @@ # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-ge… # ++++++ xen-name-for-devid.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -14,10 +14,10 @@ is inactive. We obviously can't search xenstore when the domain is inactive. -Index: libvirt-1.2.7/src/xen/xend_internal.c +Index: libvirt-1.2.8/src/xen/xend_internal.c =================================================================== ---- libvirt-1.2.7.orig/src/xen/xend_internal.c -+++ libvirt-1.2.7/src/xen/xend_internal.c +--- libvirt-1.2.8.orig/src/xen/xend_internal.c ++++ libvirt-1.2.8/src/xen/xend_internal.c @@ -72,7 +72,7 @@ VIR_LOG_INIT("xen.xend_internal"); #define XEND_RCV_BUF_MAX_LEN (256 * 1024) ++++++ xen-pv-cdrom.patch ++++++ --- /var/tmp/diff_new_pack.ACLMOm/_old 2014-09-03 20:20:43.000000000 +0200 +++ /var/tmp/diff_new_pack.ACLMOm/_new 2014-09-03 20:20:43.000000000 +0200 @@ -1,7 +1,7 @@ -Index: libvirt-1.2.7/src/xenxs/xen_sxpr.c +Index: libvirt-1.2.8/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-1.2.7.orig/src/xenxs/xen_sxpr.c -+++ libvirt-1.2.7/src/xenxs/xen_sxpr.c +--- libvirt-1.2.8.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-1.2.8/src/xenconfig/xen_sxpr.c @@ -332,7 +332,7 @@ xenParseSxprChar(const char *value, static int xenParseSxprDisks(virDomainDefPtr def, -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0