January 2016 - openSUSE Commits - openSUSE Mailing Lists

commit python-Pygments for openSUSE:Factory
by root＠hilbert.suse.de 30 Jan '16

30 Jan '16

Hello community, here is the log from the commit of package python-Pygments for openSUSE:Factory checked in at 2016-01-30 11:30:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Pygments (Old) and /work/SRC/openSUSE:Factory/.python-Pygments.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-Pygments" Changes: -------- --- /work/SRC/openSUSE:Factory/python-Pygments/python-Pygments.changes 2015-03-16 06:58:49.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python-Pygments.new/python-Pygments.changes 2016-01-30 11:31:01.000000000 +0100 @@ -1,0 +2,29 @@ +Mon Jan 25 14:47:30 UTC 2016 - michael(a)stroeder.com + +- Update to version 2.1 + - Added styles: + * Lovelace (PR#456) + * Algol and Algol-nu (#1090) + - Added formatters: + * IRC (PR#458) + * True color (24-bit) terminal ANSI sequences (#1142) + (formatter alias: "16m") + - New "filename" option for HTML formatter (PR#527). + - Improved performance of the HTML formatter for long lines (PR#504). + - Updated autopygmentize script (PR#445). + - Fixed style inheritance for non-standard token types in HTML output. + - Added support for async/await to Python 3 lexer. + - Rewrote linenos option for TerminalFormatter (it's better, but slightly + different output than before) (#1147). + - Javascript lexer now supports most of ES6 (#1100). + - Cocoa builtins updated for iOS 8.1 (PR#433). + - Combined BashSessionLexer and ShellSessionLexer, new version should support + the prompt styles of either. + - Added option to pygmentize to show a full traceback on exceptions. + - Fixed incomplete output on Windows and Python 3 (e.g. when using iPython + Notebook) (#1153). + - Allowed more traceback styles in Python console lexer (PR#253). + - Added decorators to TypeScript (PR#509). + - Fix highlighting of certain IRC logs formats (#1076). + +------------------------------------------------------------------- Old: ---- Pygments-2.0.2.tar.gz New: ---- Pygments-2.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Pygments.spec ++++++ --- /var/tmp/diff_new_pack.i3Ax6t/_old 2016-01-30 11:31:02.000000000 +0100 +++ /var/tmp/diff_new_pack.i3Ax6t/_new 2016-01-30 11:31:02.000000000 +0100 @@ -17,7 +17,7 @@ Name: python-Pygments -Version: 2.0.2 +Version: 2.1 Release: 0 Url: http://pygments.org Summary: Pygments is a syntax highlighting package written in Python ++++++ Pygments-2.0.2.tar.gz -> Pygments-2.1.tar.gz ++++++ ++++ 193310 lines of diff (skipped)

1 0

commit libinput for openSUSE:Factory
by root＠hilbert.suse.de 30 Jan '16

30 Jan '16

Hello community, here is the log from the commit of package libinput for openSUSE:Factory checked in at 2016-01-30 11:30:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libinput (Old) and /work/SRC/openSUSE:Factory/.libinput.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libinput" Changes: -------- --- /work/SRC/openSUSE:Factory/libinput/libinput.changes 2015-12-27 01:58:17.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libinput.new/libinput.changes 2016-01-30 11:30:56.000000000 +0100 @@ -1,0 +2,11 @@ +Mon Jan 25 15:38:41 UTC 2016 - zaitor(a)opensuse.org + +- Update to version 1.1.5: + * This release fixes a disable-while-typing issue on the Macbook + Pro and works around some middle-finger tap issues on semi-mt + devices. Unfortunately, due to the inconsistent (and often + garbage) data that semi-mt touchpads send we had to resort to + disabling pinch gestures on those devices to make three-finger + taps reliable. + +------------------------------------------------------------------- Old: ---- libinput-1.1.4.tar.xz libinput-1.1.4.tar.xz.sig New: ---- libinput-1.1.5.tar.xz libinput-1.1.5.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libinput.spec ++++++ --- /var/tmp/diff_new_pack.MM8xCH/_old 2016-01-30 11:30:57.000000000 +0100 +++ /var/tmp/diff_new_pack.MM8xCH/_new 2016-01-30 11:30:57.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libinput # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,8 +18,8 @@ Name: libinput %define lname libinput10 -%define rversion 1.1.4 -Version: 1.1.4 +%define rversion 1.1.5 +Version: 1.1.5 Release: 0 Summary: Input device and event processing library License: MIT ++++++ libinput-1.1.4.tar.xz -> libinput-1.1.5.tar.xz ++++++ ++++ 8130 lines of diff (skipped)

1 0

commit openldap2 for openSUSE:Factory
by root＠hilbert.suse.de 30 Jan '16

30 Jan '16

Hello community, here is the log from the commit of package openldap2 for openSUSE:Factory checked in at 2016-01-30 11:30:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openldap2 (Old) and /work/SRC/openSUSE:Factory/.openldap2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openldap2" Changes: -------- --- /work/SRC/openSUSE:Factory/openldap2/openldap2-client.changes 2015-12-06 07:38:31.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openldap2.new/openldap2-client.changes 2016-01-30 11:30:52.000000000 +0100 @@ -2 +2,42 @@ -Wed Dec 2 12:51:10 UTC 2015 - hguo(a)suse.com +Mon Jan 25 14:10:12 UTC 2016 - hguo(a)suse.com + +- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch + into 0010-Enforce-minimum-DH-size-of-1024.patch + +------------------------------------------------------------------- +Tue Dec 8 11:36:16 UTC 2015 - michael(a)stroeder.com + +- Upgrade to upstream 2.4.43 release with accumulated bug fixes. +- Still build on SLES12 +- Loadable backend and overlay modules are now installed + into arch-specific path %{_libdir}/openldap +- All backends and overlays as modules for smaller memory footprint + on memory constrained systems +- Added extra package for back-sock +- Consequent use of %{_rundir} everywhere +- Rely on upstream ./configure script instead of any other + macro foo +- Dropped linking with libwrap +- Dropped 0004-libldap-use-gethostbyname_r.dif because this + work-around for nss_ldap is obsolete +- New sub-package openldap2-contrib with selected contrib/ overlays +- Replaced addonschema.tar.gz with separate schema sources +- Updated ldapns.schema from recent slapo-nssov source tree +- Added symbolic link to slapd executable in /usr/sbin/ +- Added more complex example configuration file + /etc/openldap/slapd.conf.example +- Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap +- Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap +- Added patch for OpenLDAP ITS#7796 to avoid excessive + "not index" logging: + 0011-openldap-re24-its7796.patch +- Replaced openldap-rc.tgz with single source files +- Added soft dependency (Recommends) to cyrus-sasl +- Added soft dependency (Recommends) to cyrus-sasl-devel + to openldap2-devel +- Added patch for OpenLDAP ITS#8336 (assert in liblmdb): + 0012-openldap-re24-its8336.patch +- Remove obsolete patch 0001-build-adjustments.dif + +------------------------------------------------------------------- +Wed Dec 2 12:50:47 UTC 2015 - hguo(a)suse.com @@ -39 +80 @@ -Thu Oct 1 11:08:59 UTC 2015 - hguo(a)suse.com +Thu Oct 1 11:08:41 UTC 2015 - hguo(a)suse.com --- /work/SRC/openSUSE:Factory/openldap2/openldap2.changes 2015-12-06 07:38:31.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openldap2.new/openldap2.changes 2016-01-30 11:30:52.000000000 +0100 @@ -1,0 +2,41 @@ +Mon Jan 25 14:10:12 UTC 2016 - hguo(a)suse.com + +- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch + into 0010-Enforce-minimum-DH-size-of-1024.patch + +------------------------------------------------------------------- +Tue Dec 8 11:36:16 UTC 2015 - michael(a)stroeder.com + +- Upgrade to upstream 2.4.43 release with accumulated bug fixes. +- Still build on SLES12 +- Loadable backend and overlay modules are now installed + into arch-specific path %{_libdir}/openldap +- All backends and overlays as modules for smaller memory footprint + on memory constrained systems +- Added extra package for back-sock +- Consequent use of %{_rundir} everywhere +- Rely on upstream ./configure script instead of any other + macro foo +- Dropped linking with libwrap +- Dropped 0004-libldap-use-gethostbyname_r.dif because this + work-around for nss_ldap is obsolete +- New sub-package openldap2-contrib with selected contrib/ overlays +- Replaced addonschema.tar.gz with separate schema sources +- Updated ldapns.schema from recent slapo-nssov source tree +- Added symbolic link to slapd executable in /usr/sbin/ +- Added more complex example configuration file + /etc/openldap/slapd.conf.example +- Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap +- Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap +- Added patch for OpenLDAP ITS#7796 to avoid excessive + "not index" logging: + 0011-openldap-re24-its7796.patch +- Replaced openldap-rc.tgz with single source files +- Added soft dependency (Recommends) to cyrus-sasl +- Added soft dependency (Recommends) to cyrus-sasl-devel + to openldap2-devel +- Added patch for OpenLDAP ITS#8336 (assert in liblmdb): + 0012-openldap-re24-its8336.patch +- Remove obsolete patch 0001-build-adjustments.dif + +------------------------------------------------------------------- Old: ---- 0001-build-adjustments.dif 0004-libldap-use-gethostbyname_r.dif 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch 0011-Enforce-minimum-DH-size-of-1024.patch README.dynamic-overlays addonschema.tar.gz openldap-2.4.42.tgz openldap-rc.tgz New: ---- 0010-Enforce-minimum-DH-size-of-1024.patch 0011-openldap-re24-its7796.patch 0012-openldap-re24-its8336.patch README.module-loading SuSEfirewall2.openldap ldapns.schema openldap-2.4.43.tgz rfc2307bis.schema slapd.conf.example slapd.service start sysconfig.openldap yast.schema ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openldap2-client.spec ++++++ --- /var/tmp/diff_new_pack.UGwmDj/_old 2016-01-30 11:30:55.000000000 +0100 +++ /var/tmp/diff_new_pack.UGwmDj/_new 2016-01-30 11:30:55.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package openldap2-client # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,52 +17,59 @@ %define run_test_suite 0 -%define version_main 2.4.42 +%define version_main 2.4.43 -%if ! %{defined _rundir} -%define _rundir %{_localstatedir}/run +%if %{suse_version} >= 1310 && %{suse_version} != 1315 +%define _rundir /run/slapd +%else +%define _rundir /var/run/slapd %endif Name: openldap2-client Summary: The OpenLDAP commandline client tools License: OLDAP-2.8 Group: Productivity/Networking/LDAP/Clients -Version: 2.4.42 +Version: %{version_main} Release: 0 Url: http://www.openldap.org Source: openldap-%{version_main}.tgz -Source1: openldap-rc.tgz -Source2: addonschema.tar.gz Source3: DB_CONFIG Source4: sasl-slapd.conf -Source5: README.dynamic-overlays +Source5: README.module-loading Source6: schema2ldif Source7: baselibs.conf -Patch1: 0001-build-adjustments.dif +Source9: ldapns.schema +Source10: rfc2307bis.schema +Source11: yast.schema +Source12: slapd.conf.example +Source13: start +Source14: slapd.service +Source15: SuSEfirewall2.openldap +Source16: sysconfig.openldap Patch2: 0002-slapd.conf.dif Patch3: 0003-LDAPI-socket-location.dif -Patch4: 0004-libldap-use-gethostbyname_r.dif Patch5: 0005-pie-compile.dif Patch6: 0006-No-Build-date-and-time-in-binaries.dif Patch7: 0007-Recover-on-DB-version-change.dif Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch -Patch10: 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch -Patch11: 0011-Enforce-minimum-DH-size-of-1024.patch +Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch +Patch11: 0011-openldap-re24-its7796.patch +Patch12: 0012-openldap-re24-its8336.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: cyrus-sasl-devel BuildRequires: groff BuildRequires: libopenssl-devel BuildRequires: libtool +Requires: libldap-2_4-2 = %{version_main} +Recommends: cyrus-sasl %if "%{name}" == "openldap2" BuildRequires: db-devel BuildRequires: openslp-devel -BuildRequires: tcpd-devel BuildRequires: unixODBC-devel Conflicts: openldap -Requires: libldap-2_4-2 = %{version_main} PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep -%if 0%{?suse_version} >= 1140 +%if %{suse_version} >= 1310 && %{suse_version} != 1315 # avoid cycle with krb5 BuildRequires: krb5-mini BuildRequires: pkgconfig(systemd) @@ -70,7 +77,6 @@ %endif %else Conflicts: openldap-client -Requires: libldap-2_4-2 = %{version_main} %endif # For /usr/bin/strings Requires(pre): binutils @@ -78,10 +84,10 @@ %if "%{name}" == "openldap2" %description -The Lightweight Directory Access Protocol (LDAP) is used to access -online directory services. It runs directly over TCP and can be used to -access a stand-alone LDAP directory service or to access a directory -service that has an X.500 back-end. +OpenLDAP is a client and server reference implementation of the +Lightweight Directory Access Protocol v3 (LDAPv3). + +The server provides several database backends and overlays. %package -n openldap2-back-perl Summary: OpenLDAP Perl Back-End @@ -93,6 +99,16 @@ The OpenLDAP Perl back-end allows you to execute Perl code specific to different LDAP operations. +%package -n openldap2-back-sock +Summary: OpenLDAP Socket Back-End +Group: Productivity/Networking/LDAP/Servers +Requires: openldap2 = %{version_main} +Provides: openldap2:/usr/share/man/man5/slapd-sock.5.gz + +%description -n openldap2-back-sock +The OpenLDAP socket back-end allows you to handle LDAP requests and +results with an external process listening on a Unix domain socket. + %package -n openldap2-back-meta Summary: OpenLDAP Meta Back-End Group: Productivity/Networking/LDAP/Servers @@ -115,6 +131,25 @@ stored in a Relational (SQL) Database as an LDAP subtree without the need to do any programming. +%package -n openldap2-contrib +Summary: OpenLDAP Contrib Modules +Group: Productivity/Networking/LDAP/Servers +Requires: openldap2 = %{version_main} + +%description -n openldap2-contrib +Various overlays found in contrib/: +allop +allowed Generates attributes indicating access rights +autogroup +cloak +denyop +lastbind writes last bind timestamp to entry +noopsrch handles no-op search control +nops +pw-sha2 generates/validates SHA-2 password hashes +pw-pbkdf2 generates/validates PBKDF2 password hashes +smbk5pwd generates Samba3 password hashes (heimdal krb disabled) + %package -n openldap2-doc Summary: OpenLDAP Documentation Group: Documentation/Other @@ -126,6 +161,7 @@ %description -n openldap2-doc The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts + Authors: -------- The OpenLDAP Project <project(a)openldap.org> @@ -145,6 +181,7 @@ # Conflicts: openldap-devel Requires: libldap-2_4-2 = %{version_main} +Recommends: cyrus-sasl-devel %description -n openldap2-devel This package provides the OpenLDAP libraries, header files, and @@ -171,11 +208,10 @@ %endif %prep -%setup -q -n openldap-%{version_main} -a1 -a2 -%patch1 -p1 +%setup -q -n openldap-%{version_main} %patch2 -p1 %patch3 -p1 -%patch4 -p1 +#%patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 @@ -183,48 +219,66 @@ %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 cp %{SOURCE5} . %build -%{?suse_update_config:%{suse_update_config -f build}} -libtoolize --force -autoreconf -export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS -DSLAP_CONFIG_DELETE" +# %{?suse_update_config:%{suse_update_config -f build}} +#libtoolize --force +#autoreconf +# export CFLAGS="${RPM_OPT_FLAGS} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES" +export CFLAGS="-Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES" export STRIP="" -%configure \ - --localstatedir=%{_rundir}/slapd \ - --libexecdir=/usr/lib/openldap \ - --enable-wrappers \ +./configure \ + --prefix=/usr \ + --sysconfdir=%{_sysconfdir} \ + --libdir=%{_libdir} \ + --libexecdir=%{_libdir} \ + --localstatedir=%{_rundir} \ + --enable-wrappers=no \ --enable-spasswd \ --enable-modules \ --enable-shared \ --enable-dynamic \ - --with-tls \ + --with-tls=openssl \ --with-cyrus-sasl \ --enable-crypt \ --enable-ipv6=yes \ %if "%{name}" == "openldap2" --enable-aci \ - --enable-bdb \ - --enable-hdb \ + --enable-bdb=mod \ + --enable-hdb=mod \ --enable-rewrite \ - --enable-ldap=yes \ + --enable-ldap=mod \ --enable-meta=mod \ - --enable-monitor=yes \ + --enable-monitor=mod \ --enable-perl=mod \ + --enable-sock=mod \ --enable-sql=mod \ - --enable-mdb=yes \ + --enable-mdb=mod \ + --enable-relay=mod \ --enable-slp \ --enable-overlays=mod \ - --enable-syncprov=yes \ - --enable-ppolicy=yes \ + --enable-syncprov=mod \ + --enable-ppolicy=mod \ %else --disable-slapd \ %endif --enable-lmpasswd \ - --with-yielding-select + --with-yielding-select \ + || cat config.log make depend make %{?_smp_mflags} +%if "%{name}" == "openldap2" +# Build selected contrib overlays +for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 +do + make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" +done +# One more level up needed because of passwd/sha2 +# slapo-smbk5pwd only for Samba password hashes +make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB="" +%endif %check %if %run_test_suite @@ -252,50 +306,67 @@ %endif %install -mkdir -p $RPM_BUILD_ROOT/usr/lib/openldap/ -mkdir -p $RPM_BUILD_ROOT/usr/sbin -mkdir -p $RPM_BUILD_ROOT/%{_unitdir} -make STRIP="" DESTDIR=$RPM_BUILD_ROOT install -install -m 755 start $RPM_BUILD_ROOT/usr/lib/openldap/start -install -m 644 slapd.service $RPM_BUILD_ROOT/%{_unitdir} -mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d -mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2 -install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf -install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap -chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so* -chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so* -chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so* -install -m 755 %{SOURCE6} $RPM_BUILD_ROOT/usr/sbin/schema2ldif +mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}/openldap +mkdir -p ${RPM_BUILD_ROOT}/usr/lib/openldap +mkdir -p ${RPM_BUILD_ROOT}/usr/sbin +mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir} +make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install +# Additional symbolic link to slapd executable in /usr/sbin/ +%if "%{name}" == "openldap2" +ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd +%endif +%if "%{name}" == "openldap2" +# Install selected contrib overlays +for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 +do + make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install +done +# slapo-smbk5pwd only for Samba password hashes +make -C contrib/slapd-modules/smbk5pwd STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install +%endif +install -m 755 %{SOURCE13} ${RPM_BUILD_ROOT}/usr/lib/openldap/start +install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}/%{_unitdir} +mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/slapd.d +mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2 +install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2/slapd.conf +install -m 755 -d ${RPM_BUILD_ROOT}/var/lib/ldap +chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so* +chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so* +chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so* +install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif %if "%{name}" == "openldap2" %define DOCDIR %{_defaultdocdir}/%{name} -mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates -install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap -install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema -install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG -install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example -install -d $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/ -install -m 644 SuSEfirewall2.openldap $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/openldap +mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates +install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap +install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema +install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema +install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema +install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap +install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG +install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example +install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/ +install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d` rm -rf doc/guide/release -install -d $RPM_BUILD_ROOT/%{DOCDIR}/adminguide \ - $RPM_BUILD_ROOT/%{DOCDIR}/images \ - $RPM_BUILD_ROOT/%{DOCDIR}/drafts -install -m 644 doc/guide/admin/* $RPM_BUILD_ROOT/%{DOCDIR}/adminguide -install -m 644 doc/guide/images/*.gif $RPM_BUILD_ROOT/%{DOCDIR}/images -install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts +install -d ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide \ + ${RPM_BUILD_ROOT}/%{DOCDIR}/images \ + ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts +install -m 644 doc/guide/admin/* ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide +install -m 644 doc/guide/images/*.gif ${RPM_BUILD_ROOT}/%{DOCDIR}/images +install -m 644 doc/drafts/* ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts install -m 644 ANNOUNCEMENT \ COPYRIGHT \ LICENSE \ README \ CHANGES \ %{SOURCE5} \ - $RPM_BUILD_ROOT/%{DOCDIR} + ${RPM_BUILD_ROOT}/%{DOCDIR} install -m 644 servers/slapd/slapd.ldif \ - $RPM_BUILD_ROOT/%{DOCDIR}/slapd.ldif.default -rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example -rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README -rm -f $RPM_BUILD_ROOT/etc/openldap/slapd.ldif* -rm -f $RPM_BUILD_ROOT%{_rundir}/slapd/openldap-data/DB_CONFIG.example + ${RPM_BUILD_ROOT}/%{DOCDIR}/slapd.ldif.default +rm -f ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example +rm -f ${RPM_BUILD_ROOT}/etc/openldap/schema/README +rm -f ${RPM_BUILD_ROOT}/etc/openldap/slapd.ldif* +rm -f ${RPM_BUILD_ROOT}/%{_rundir}/openldap-data/DB_CONFIG.example mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples # Provide SUSE policy symlink /usr/sbin/rcFOO -> /etc/init.d/FOO # /usr/sbin/service exists only since openSUSE 12.3: @@ -305,16 +376,15 @@ ln -s /sbin/service %{buildroot}%{_sbindir}/rcslapd %endif %endif -rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sock.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5 +rm -f ${RPM_BUILD_ROOT}/%{_libdir}/openldap/*.a +rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-dnssrv.5 +rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-ndb.5 +rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-null.5 +rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-passwd.5 +rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-shell.5 +rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5 # Remove *.la files, libtool does not handle this correct -rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la +rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la #put filelists into files cat >openldap2.filelist <<EOF @@ -328,36 +398,45 @@ %dir /etc/openldap/schema %config /etc/openldap/schema/*.schema %config /etc/openldap/schema/*.ldif -%config(noreplace) %attr(640, root, ldap) /etc/openldap/slapd.conf +%config(noreplace) %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf %config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG %config /var/lib/ldap/DB_CONFIG.example -%attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default +%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default +%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.example %config(noreplace) /etc/sasl2/slapd.conf %dir /usr/lib/openldap -%dir /usr/lib/openldap/modules -/usr/lib/openldap/modules/accesslog* -/usr/lib/openldap/modules/auditlog* -/usr/lib/openldap/modules/collect* -/usr/lib/openldap/modules/constraint* -/usr/lib/openldap/modules/dds* -/usr/lib/openldap/modules/deref* -/usr/lib/openldap/modules/dyngroup* -/usr/lib/openldap/modules/dynlist* -/usr/lib/openldap/modules/memberof* -/usr/lib/openldap/modules/pcache* -/usr/lib/openldap/modules/refint* -/usr/lib/openldap/modules/retcode* -/usr/lib/openldap/modules/rwm* -/usr/lib/openldap/modules/seqmod* -/usr/lib/openldap/modules/sssvlv* -/usr/lib/openldap/modules/translucent* -/usr/lib/openldap/modules/unique* -/usr/lib/openldap/modules/valsort* -/usr/lib/openldap/slapd +%dir /%{_libdir}/openldap +%{_libdir}/openldap/back_bdb* +%{_libdir}/openldap/back_hdb* +%{_libdir}/openldap/back_ldap* +%{_libdir}/openldap/back_mdb* +%{_libdir}/openldap/back_monitor* +%{_libdir}/openldap/back_relay* +%{_libdir}/openldap/accesslog* +%{_libdir}/openldap/auditlog* +%{_libdir}/openldap/collect* +%{_libdir}/openldap/constraint* +%{_libdir}/openldap/dds* +%{_libdir}/openldap/deref* +%{_libdir}/openldap/dyngroup* +%{_libdir}/openldap/dynlist* +%{_libdir}/openldap/memberof* +%{_libdir}/openldap/pcache* +%{_libdir}/openldap/ppolicy* +%{_libdir}/openldap/refint* +%{_libdir}/openldap/retcode* +%{_libdir}/openldap/rwm* +%{_libdir}/openldap/seqmod* +%{_libdir}/openldap/sssvlv* +%{_libdir}/openldap/syncprov* +%{_libdir}/openldap/translucent* +%{_libdir}/openldap/unique* +%{_libdir}/openldap/valsort* +%{_libdir}/slapd /usr/lib/openldap/start -/usr/lib/systemd/system/slapd.service -%dir %attr(0700, ldap, ldap) /var/lib/ldap -%dir %attr(0755, ldap, ldap) %ghost %{_rundir}/slapd +%{_unitdir}/slapd.service +%dir %attr(0750, ldap, ldap) /var/lib/ldap +%ghost %attr(0750, ldap, ldap) %{_rundir} %doc %{_mandir}/man8/sl* %doc %{_mandir}/man5/slapd.* %doc %{_mandir}/man5/slapd-bdb.* @@ -417,20 +496,37 @@ %_libdir/libldap*.a EOF cat > openldap2-back-perl.filelist <<EOF -/usr/lib/openldap/modules/back_perl* +%{_libdir}/openldap/back_perl* %doc %{_mandir}/man5/slapd-perl.* EOF +cat > openldap2-back-sock.filelist <<EOF +%{_libdir}/openldap/back_sock* +%doc %{_mandir}/man5/slapd-sock.* +EOF cat > openldap2-back-meta.filelist <<EOF -/usr/lib/openldap/modules/back_meta* +%{_libdir}/openldap/back_meta* %doc %{_mandir}/man5/slapd-meta.* EOF cat > openldap2-back-sql.filelist <<EOF -/usr/lib/openldap/modules/back_sql* +%{_libdir}/openldap/back_sql* %doc %{_mandir}/man5/slapd-sql.* %doc servers/slapd/back-sql/examples %doc servers/slapd/back-sql/docs/bugs %doc servers/slapd/back-sql/docs/install EOF +cat > openldap2-contrib.filelist <<EOF +%{_libdir}/openldap/allowed.* +%{_libdir}/openldap/allop.* +%{_libdir}/openldap/autogroup.* +%{_libdir}/openldap/lastbind.* +%{_libdir}/openldap/noopsrch.* +%{_libdir}/openldap/nops.* +%{_libdir}/openldap/pw-sha2.* +%{_libdir}/openldap/pw-pbkdf2.* +%{_libdir}/openldap/denyop.* +%{_libdir}/openldap/cloak.* +%{_libdir}/openldap/smbk5pwd.* +EOF cat >openldap2-doc.filelist <<EOF %dir %{DOCDIR} %doc %{DOCDIR}/drafts @@ -442,20 +538,20 @@ cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist \ openldap2-devel-static.filelist | %else -cat openldap2.filelist openldap2-back-perl.filelist \ +cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-sock.filelist \ openldap2-back-meta.filelist openldap2-back-sql.filelist \ - openldap2-doc.filelist compat-libldap.filelist | + openldap2-doc.filelist openldap2-contrib.filelist | %endif grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do - rm -rf $RPM_BUILD_ROOT$name + rm -rf ${RPM_BUILD_ROOT}${name} done %if "%{name}" == "openldap2" %pre /usr/sbin/groupadd -g 70 -o -r ldap || : -/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/bash -c "User for OpenLDAP" -d /var/lib/ldap ldap || : +/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || : if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then - touch /var/run/enable_slapd_service + touch %{_rundir}/enable_slapd_service fi %service_add_pre slapd.service @@ -467,7 +563,7 @@ %{fillup_only -n openldap ldap} %{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER} %service_add_post slapd.service -if [ -f /var/run/enable_slapd_service ]; then +if [ -f %{_rundir}/enable_slapd_service ]; then /usr/bin/systemctl --quiet enable slapd fi @@ -483,6 +579,9 @@ %files -n openldap2-back-perl -f openldap2-back-perl.filelist %defattr(-,root,root) +%files -n openldap2-back-sock -f openldap2-back-sock.filelist +%defattr(-,root,root) + %files -n openldap2-back-meta -f openldap2-back-meta.filelist %defattr(-,root,root) @@ -492,6 +591,9 @@ %files -n openldap2-doc -f openldap2-doc.filelist %defattr(-,root,root) +%files -n openldap2-contrib -f openldap2-contrib.filelist +%defattr(-,root,root) + %else %post -n libldap-2_4-2 -p /sbin/ldconfig ++++++ openldap2.spec ++++++ --- /var/tmp/diff_new_pack.UGwmDj/_old 2016-01-30 11:30:55.000000000 +0100 +++ /var/tmp/diff_new_pack.UGwmDj/_new 2016-01-30 11:30:55.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package openldap2 # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,52 +17,59 @@ %define run_test_suite 0 -%define version_main 2.4.42 +%define version_main 2.4.43 -%if ! %{defined _rundir} -%define _rundir %{_localstatedir}/run +%if %{suse_version} >= 1310 && %{suse_version} != 1315 +%define _rundir /run/slapd +%else +%define _rundir /var/run/slapd %endif Name: openldap2 Summary: The OpenLDAP Server License: OLDAP-2.8 Group: Productivity/Networking/LDAP/Clients -Version: 2.4.42 +Version: %{version_main} Release: 0 Url: http://www.openldap.org Source: openldap-%{version_main}.tgz -Source1: openldap-rc.tgz -Source2: addonschema.tar.gz Source3: DB_CONFIG Source4: sasl-slapd.conf -Source5: README.dynamic-overlays +Source5: README.module-loading Source6: schema2ldif Source7: baselibs.conf -Patch1: 0001-build-adjustments.dif +Source9: ldapns.schema +Source10: rfc2307bis.schema +Source11: yast.schema +Source12: slapd.conf.example +Source13: start +Source14: slapd.service +Source15: SuSEfirewall2.openldap +Source16: sysconfig.openldap Patch2: 0002-slapd.conf.dif Patch3: 0003-LDAPI-socket-location.dif -Patch4: 0004-libldap-use-gethostbyname_r.dif Patch5: 0005-pie-compile.dif Patch6: 0006-No-Build-date-and-time-in-binaries.dif Patch7: 0007-Recover-on-DB-version-change.dif Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch -Patch10: 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch -Patch11: 0011-Enforce-minimum-DH-size-of-1024.patch +Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch +Patch11: 0011-openldap-re24-its7796.patch +Patch12: 0012-openldap-re24-its8336.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: cyrus-sasl-devel BuildRequires: groff BuildRequires: libopenssl-devel BuildRequires: libtool +Requires: libldap-2_4-2 = %{version_main} +Recommends: cyrus-sasl %if "%{name}" == "openldap2" BuildRequires: db-devel BuildRequires: openslp-devel -BuildRequires: tcpd-devel BuildRequires: unixODBC-devel Conflicts: openldap -Requires: libldap-2_4-2 = %{version_main} PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep -%if 0%{?suse_version} >= 1140 +%if %{suse_version} >= 1310 && %{suse_version} != 1315 # avoid cycle with krb5 BuildRequires: krb5-mini BuildRequires: pkgconfig(systemd) @@ -70,7 +77,6 @@ %endif %else Conflicts: openldap-client -Requires: libldap-2_4-2 = %{version_main} %endif # For /usr/bin/strings Requires(pre): binutils @@ -78,10 +84,10 @@ %if "%{name}" == "openldap2" %description -The Lightweight Directory Access Protocol (LDAP) is used to access -online directory services. It runs directly over TCP and can be used to -access a stand-alone LDAP directory service or to access a directory -service that has an X.500 back-end. +OpenLDAP is a client and server reference implementation of the +Lightweight Directory Access Protocol v3 (LDAPv3). + +The server provides several database backends and overlays. %package -n openldap2-back-perl Summary: OpenLDAP Perl Back-End @@ -93,6 +99,16 @@ The OpenLDAP Perl back-end allows you to execute Perl code specific to different LDAP operations. +%package -n openldap2-back-sock +Summary: OpenLDAP Socket Back-End +Group: Productivity/Networking/LDAP/Servers +Requires: openldap2 = %{version_main} +Provides: openldap2:/usr/share/man/man5/slapd-sock.5.gz + +%description -n openldap2-back-sock +The OpenLDAP socket back-end allows you to handle LDAP requests and +results with an external process listening on a Unix domain socket. + %package -n openldap2-back-meta Summary: OpenLDAP Meta Back-End Group: Productivity/Networking/LDAP/Servers @@ -115,6 +131,25 @@ stored in a Relational (SQL) Database as an LDAP subtree without the need to do any programming. +%package -n openldap2-contrib +Summary: OpenLDAP Contrib Modules +Group: Productivity/Networking/LDAP/Servers +Requires: openldap2 = %{version_main} + +%description -n openldap2-contrib +Various overlays found in contrib/: +allop +allowed Generates attributes indicating access rights +autogroup +cloak +denyop +lastbind writes last bind timestamp to entry +noopsrch handles no-op search control +nops +pw-sha2 generates/validates SHA-2 password hashes +pw-pbkdf2 generates/validates PBKDF2 password hashes +smbk5pwd generates Samba3 password hashes (heimdal krb disabled) + %package -n openldap2-doc Summary: OpenLDAP Documentation Group: Documentation/Other @@ -126,6 +161,7 @@ %description -n openldap2-doc The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts + Authors: -------- The OpenLDAP Project <project(a)openldap.org> @@ -145,6 +181,7 @@ # Conflicts: openldap-devel Requires: libldap-2_4-2 = %{version_main} +Recommends: cyrus-sasl-devel %description -n openldap2-devel This package provides the OpenLDAP libraries, header files, and @@ -171,11 +208,10 @@ %endif %prep -%setup -q -n openldap-%{version_main} -a1 -a2 -%patch1 -p1 +%setup -q -n openldap-%{version_main} %patch2 -p1 %patch3 -p1 -%patch4 -p1 +#%patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 @@ -183,49 +219,65 @@ %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 cp %{SOURCE5} . %build -%{?suse_update_config:%{suse_update_config -f build}} -libtoolize --force -autoreconf -export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS -DSLAP_CONFIG_DELETE" +# %{?suse_update_config:%{suse_update_config -f build}} +#libtoolize --force +#autoreconf +# export CFLAGS="${RPM_OPT_FLAGS} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES" +export CFLAGS="-Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES" export STRIP="" -%configure \ - --localstatedir=%{_rundir}/slapd \ - --libexecdir=/usr/lib/openldap \ - --enable-wrappers \ +./configure \ + --prefix=/usr \ + --sysconfdir=%{_sysconfdir} \ + --libdir=%{_libdir} \ + --libexecdir=%{_libdir} \ + --localstatedir=%{_rundir} \ + --enable-wrappers=no \ --enable-spasswd \ --enable-modules \ --enable-shared \ --enable-dynamic \ - --with-tls \ + --with-tls=openssl \ --with-cyrus-sasl \ --enable-crypt \ --enable-ipv6=yes \ %if "%{name}" == "openldap2" --enable-aci \ - --enable-bdb \ - --enable-hdb \ + --enable-bdb=mod \ + --enable-hdb=mod \ --enable-rewrite \ - --enable-ldap=yes \ + --enable-ldap=mod \ --enable-meta=mod \ - --enable-monitor=yes \ + --enable-monitor=mod \ --enable-perl=mod \ + --enable-sock=mod \ --enable-sql=mod \ - --enable-mdb=yes \ + --enable-mdb=mod \ + --enable-relay=mod \ --enable-slp \ --enable-overlays=mod \ - --enable-syncprov=yes \ - --enable-ppolicy=yes \ + --enable-syncprov=mod \ + --enable-ppolicy=mod \ %else --disable-slapd \ %endif --enable-lmpasswd \ - --with-yielding-select + --with-yielding-select \ + || cat config.log make depend make %{?_smp_mflags} %if "%{name}" == "openldap2" +# Build selected contrib overlays +for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 +do + make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" +done +# One more level up needed because of passwd/sha2 +# slapo-smbk5pwd only for Samba password hashes +make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB="" %endif %check @@ -254,50 +306,67 @@ %endif %install -mkdir -p $RPM_BUILD_ROOT/usr/lib/openldap/ -mkdir -p $RPM_BUILD_ROOT/usr/sbin -mkdir -p $RPM_BUILD_ROOT/%{_unitdir} -make STRIP="" DESTDIR=$RPM_BUILD_ROOT install -install -m 755 start $RPM_BUILD_ROOT/usr/lib/openldap/start -install -m 644 slapd.service $RPM_BUILD_ROOT/%{_unitdir} -mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d -mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2 -install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf -install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap -chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so* -chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so* -chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so* -install -m 755 %{SOURCE6} $RPM_BUILD_ROOT/usr/sbin/schema2ldif +mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}/openldap +mkdir -p ${RPM_BUILD_ROOT}/usr/lib/openldap +mkdir -p ${RPM_BUILD_ROOT}/usr/sbin +mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir} +make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install +# Additional symbolic link to slapd executable in /usr/sbin/ +%if "%{name}" == "openldap2" +ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd +%endif +%if "%{name}" == "openldap2" +# Install selected contrib overlays +for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 +do + make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install +done +# slapo-smbk5pwd only for Samba password hashes +make -C contrib/slapd-modules/smbk5pwd STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install +%endif +install -m 755 %{SOURCE13} ${RPM_BUILD_ROOT}/usr/lib/openldap/start +install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}/%{_unitdir} +mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/slapd.d +mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2 +install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2/slapd.conf +install -m 755 -d ${RPM_BUILD_ROOT}/var/lib/ldap +chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so* +chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so* +chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so* +install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif %if "%{name}" == "openldap2" %define DOCDIR %{_defaultdocdir}/%{name} -mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates -install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap -install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema -install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG -install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example -install -d $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/ -install -m 644 SuSEfirewall2.openldap $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/openldap +mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates +install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap +install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema +install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema +install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema +install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap +install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG +install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example +install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/ +install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d` rm -rf doc/guide/release -install -d $RPM_BUILD_ROOT/%{DOCDIR}/adminguide \ - $RPM_BUILD_ROOT/%{DOCDIR}/images \ - $RPM_BUILD_ROOT/%{DOCDIR}/drafts -install -m 644 doc/guide/admin/* $RPM_BUILD_ROOT/%{DOCDIR}/adminguide -install -m 644 doc/guide/images/*.gif $RPM_BUILD_ROOT/%{DOCDIR}/images -install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts +install -d ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide \ + ${RPM_BUILD_ROOT}/%{DOCDIR}/images \ + ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts +install -m 644 doc/guide/admin/* ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide +install -m 644 doc/guide/images/*.gif ${RPM_BUILD_ROOT}/%{DOCDIR}/images +install -m 644 doc/drafts/* ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts install -m 644 ANNOUNCEMENT \ COPYRIGHT \ LICENSE \ README \ CHANGES \ %{SOURCE5} \ - $RPM_BUILD_ROOT/%{DOCDIR} + ${RPM_BUILD_ROOT}/%{DOCDIR} install -m 644 servers/slapd/slapd.ldif \ - $RPM_BUILD_ROOT/%{DOCDIR}/slapd.ldif.default -rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example -rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README -rm -f $RPM_BUILD_ROOT/etc/openldap/slapd.ldif* -rm -f $RPM_BUILD_ROOT%{_rundir}/slapd/openldap-data/DB_CONFIG.example + ${RPM_BUILD_ROOT}/%{DOCDIR}/slapd.ldif.default +rm -f ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example +rm -f ${RPM_BUILD_ROOT}/etc/openldap/schema/README +rm -f ${RPM_BUILD_ROOT}/etc/openldap/slapd.ldif* +rm -f ${RPM_BUILD_ROOT}/%{_rundir}/openldap-data/DB_CONFIG.example mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples # Provide SUSE policy symlink /usr/sbin/rcFOO -> /etc/init.d/FOO # /usr/sbin/service exists only since openSUSE 12.3: @@ -307,16 +376,15 @@ ln -s /sbin/service %{buildroot}%{_sbindir}/rcslapd %endif %endif -rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sock.5 -rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5 +rm -f ${RPM_BUILD_ROOT}/%{_libdir}/openldap/*.a +rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-dnssrv.5 +rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-ndb.5 +rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-null.5 +rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-passwd.5 +rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-shell.5 +rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5 # Remove *.la files, libtool does not handle this correct -rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la +rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la #put filelists into files cat >openldap2.filelist <<EOF @@ -330,36 +398,45 @@ %dir /etc/openldap/schema %config /etc/openldap/schema/*.schema %config /etc/openldap/schema/*.ldif -%config(noreplace) %attr(640, root, ldap) /etc/openldap/slapd.conf +%config(noreplace) %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf %config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG %config /var/lib/ldap/DB_CONFIG.example -%attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default +%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default +%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.example %config(noreplace) /etc/sasl2/slapd.conf %dir /usr/lib/openldap -%dir /usr/lib/openldap/modules -/usr/lib/openldap/modules/accesslog* -/usr/lib/openldap/modules/auditlog* -/usr/lib/openldap/modules/collect* -/usr/lib/openldap/modules/constraint* -/usr/lib/openldap/modules/dds* -/usr/lib/openldap/modules/deref* -/usr/lib/openldap/modules/dyngroup* -/usr/lib/openldap/modules/dynlist* -/usr/lib/openldap/modules/memberof* -/usr/lib/openldap/modules/pcache* -/usr/lib/openldap/modules/refint* -/usr/lib/openldap/modules/retcode* -/usr/lib/openldap/modules/rwm* -/usr/lib/openldap/modules/seqmod* -/usr/lib/openldap/modules/sssvlv* -/usr/lib/openldap/modules/translucent* -/usr/lib/openldap/modules/unique* -/usr/lib/openldap/modules/valsort* -/usr/lib/openldap/slapd +%dir /%{_libdir}/openldap +%{_libdir}/openldap/back_bdb* +%{_libdir}/openldap/back_hdb* +%{_libdir}/openldap/back_ldap* +%{_libdir}/openldap/back_mdb* +%{_libdir}/openldap/back_monitor* +%{_libdir}/openldap/back_relay* +%{_libdir}/openldap/accesslog* +%{_libdir}/openldap/auditlog* +%{_libdir}/openldap/collect* +%{_libdir}/openldap/constraint* +%{_libdir}/openldap/dds* +%{_libdir}/openldap/deref* +%{_libdir}/openldap/dyngroup* +%{_libdir}/openldap/dynlist* +%{_libdir}/openldap/memberof* +%{_libdir}/openldap/pcache* +%{_libdir}/openldap/ppolicy* +%{_libdir}/openldap/refint* +%{_libdir}/openldap/retcode* +%{_libdir}/openldap/rwm* +%{_libdir}/openldap/seqmod* +%{_libdir}/openldap/sssvlv* +%{_libdir}/openldap/syncprov* +%{_libdir}/openldap/translucent* +%{_libdir}/openldap/unique* +%{_libdir}/openldap/valsort* +%{_libdir}/slapd /usr/lib/openldap/start -/usr/lib/systemd/system/slapd.service -%dir %attr(0700, ldap, ldap) /var/lib/ldap -%dir %attr(0755, ldap, ldap) %ghost %{_rundir}/slapd +%{_unitdir}/slapd.service +%dir %attr(0750, ldap, ldap) /var/lib/ldap +%ghost %attr(0750, ldap, ldap) %{_rundir} %doc %{_mandir}/man8/sl* %doc %{_mandir}/man5/slapd.* %doc %{_mandir}/man5/slapd-bdb.* @@ -380,11 +457,6 @@ %doc %{DOCDIR}/CHANGES %doc %{DOCDIR}/slapd.ldif.default EOF -%if %suse_version < 1130 -cat >>openldap2.filelist <<EOF -/usr/sbin/openldap-2.3-slapcat -EOF -%endif # # cat > openldap2-client.filelist <<EOF @@ -424,20 +496,37 @@ %_libdir/libldap*.a EOF cat > openldap2-back-perl.filelist <<EOF -/usr/lib/openldap/modules/back_perl* +%{_libdir}/openldap/back_perl* %doc %{_mandir}/man5/slapd-perl.* EOF +cat > openldap2-back-sock.filelist <<EOF +%{_libdir}/openldap/back_sock* +%doc %{_mandir}/man5/slapd-sock.* +EOF cat > openldap2-back-meta.filelist <<EOF -/usr/lib/openldap/modules/back_meta* +%{_libdir}/openldap/back_meta* %doc %{_mandir}/man5/slapd-meta.* EOF cat > openldap2-back-sql.filelist <<EOF -/usr/lib/openldap/modules/back_sql* +%{_libdir}/openldap/back_sql* %doc %{_mandir}/man5/slapd-sql.* %doc servers/slapd/back-sql/examples %doc servers/slapd/back-sql/docs/bugs %doc servers/slapd/back-sql/docs/install EOF +cat > openldap2-contrib.filelist <<EOF +%{_libdir}/openldap/allowed.* +%{_libdir}/openldap/allop.* +%{_libdir}/openldap/autogroup.* +%{_libdir}/openldap/lastbind.* +%{_libdir}/openldap/noopsrch.* +%{_libdir}/openldap/nops.* +%{_libdir}/openldap/pw-sha2.* +%{_libdir}/openldap/pw-pbkdf2.* +%{_libdir}/openldap/denyop.* +%{_libdir}/openldap/cloak.* +%{_libdir}/openldap/smbk5pwd.* +EOF cat >openldap2-doc.filelist <<EOF %dir %{DOCDIR} %doc %{DOCDIR}/drafts @@ -449,32 +538,20 @@ cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist \ openldap2-devel-static.filelist | %else -cat openldap2.filelist openldap2-back-perl.filelist \ +cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-sock.filelist \ openldap2-back-meta.filelist openldap2-back-sql.filelist \ - openldap2-doc.filelist + openldap2-doc.filelist openldap2-contrib.filelist | %endif grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do - rm -rf $RPM_BUILD_ROOT$name + rm -rf ${RPM_BUILD_ROOT}${name} done %if "%{name}" == "openldap2" %pre /usr/sbin/groupadd -g 70 -o -r ldap || : -/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/bash -c "User for OpenLDAP" -d /var/lib/ldap ldap || : -# try to figure out if a db update is needed -if [ ${1:-0} -gt 1 ] && [ -f /usr/lib/openldap/slapd ] && - /usr/bin/strings /usr/lib/openldap/slapd | \ - grep "slapd 2.3" 2>&1 > /dev/null; -then - # create a backup of the schema shipped with 2.3 - # at least core.schema changed between 2.3 and 2.4 - TEMPDIR=`mktemp -d /etc/openldap/schema.backup.XXXXXX` - echo "Schema backup created in $TEMPDIR" - cp -p --remove-destination /etc/openldap/schema/* $TEMPDIR - echo $TEMPDIR > /etc/openldap/UPDATE_NEEDED ; -fi +/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || : if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then - touch /var/run/enable_slapd_service + touch %{_rundir}/enable_slapd_service fi %service_add_pre slapd.service @@ -486,7 +563,7 @@ %{fillup_only -n openldap ldap} %{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER} %service_add_post slapd.service -if [ -f /var/run/enable_slapd_service ]; then +if [ -f %{_rundir}/enable_slapd_service ]; then /usr/bin/systemctl --quiet enable slapd fi @@ -502,6 +579,9 @@ %files -n openldap2-back-perl -f openldap2-back-perl.filelist %defattr(-,root,root) +%files -n openldap2-back-sock -f openldap2-back-sock.filelist +%defattr(-,root,root) + %files -n openldap2-back-meta -f openldap2-back-meta.filelist %defattr(-,root,root) @@ -511,6 +591,9 @@ %files -n openldap2-doc -f openldap2-doc.filelist %defattr(-,root,root) +%files -n openldap2-contrib -f openldap2-contrib.filelist +%defattr(-,root,root) + %else %post -n libldap-2_4-2 -p /sbin/ldconfig ++++++ 0002-slapd.conf.dif ++++++ --- /var/tmp/diff_new_pack.UGwmDj/_old 2016-01-30 11:30:55.000000000 +0100 +++ /var/tmp/diff_new_pack.UGwmDj/_new 2016-01-30 11:30:55.000000000 +0100 @@ -1,35 +1,38 @@ -From a8be17d4a1db1c6ee24b328f3f34e21ccb02ca3f Mon Sep 17 00:00:00 2001 -From: Ralf Haferkamp <rhafer(a)suse.de> -Date: Wed, 16 Jun 2010 14:05:49 +0200 -Subject: slapd.conf - - diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf -index 4938b85..9caf292 100644 +index 4938b85..b9bec75 100644 --- a/servers/slapd/slapd.conf +++ b/servers/slapd/slapd.conf -@@ -3,6 +3,10 @@ +@@ -2,7 +2,11 @@ + # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # - include %SYSCONFDIR%/schema/core.schema -+include %SYSCONFDIR%/schema/cosine.schema -+include %SYSCONFDIR%/schema/inetorgperson.schema -+include %SYSCONFDIR%/schema/rfc2307bis.schema -+include %SYSCONFDIR%/schema/yast.schema +-include %SYSCONFDIR%/schema/core.schema ++include /etc/openldap/schema/core.schema ++include /etc/openldap/schema/cosine.schema ++include /etc/openldap/schema/inetorgperson.schema ++include /etc/openldap/schema/rfc2307bis.schema ++include /etc/openldap/schema/yast.schema # Define global ACLs to disable default read access. -@@ -10,8 +14,8 @@ include %SYSCONFDIR%/schema/core.schema +@@ -10,13 +14,13 @@ include %SYSCONFDIR%/schema/core.schema # service AND an understanding of referrals. #referral ldap://root.openldap.org -pidfile %LOCALSTATEDIR%/run/slapd.pid -argsfile %LOCALSTATEDIR%/run/slapd.args -+pidfile %LOCALSTATEDIR%/slapd.pid -+argsfile %LOCALSTATEDIR%/slapd.args ++pidfile /run/slapd/slapd.pid ++argsfile /run/slapd/slapd.args # Load dynamic backend modules: - # modulepath %MODULEDIR% +-# modulepath %MODULEDIR% ++# modulepath /usr/lib/openldap + # moduleload back_bdb.la +-# moduleload back_hdb.la ++moduleload back_hdb.la + # moduleload back_ldap.la + + # Sample security restrictions @@ -26,20 +30,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args # security ssf=1 update_ssf=112 simple_bind=64 @@ -75,9 +78,12 @@ # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") -@@ -52,6 +66,8 @@ argsfile %LOCALSTATEDIR%/run/slapd.args +@@ -50,8 +64,10 @@ argsfile %LOCALSTATEDIR%/run/slapd.args + # BDB database definitions + ####################################################################### - database bdb +-database bdb ++database hdb suffix "dc=my-domain,dc=com" +checkpoint 1024 5 +cachesize 10000 @@ -92,6 +98,3 @@ +directory /var/lib/ldap # Indices to maintain index objectClass eq --- -1.7.10.4 - ++++++ 0011-Enforce-minimum-DH-size-of-1024.patch -> 0010-Enforce-minimum-DH-size-of-1024.patch ++++++ ++++++ 0011-openldap-re24-its7796.patch ++++++ diff --git a/servers/slapd/back-bdb/filterindex.c b/servers/slapd/back-bdb/filterindex.c index 71e3ea4..bafef72 100644 --- a/servers/slapd/back-bdb/filterindex.c +++ b/servers/slapd/back-bdb/filterindex.c @@ -741,7 +741,7 @@ equality_candidates( &db, &mask, &prefix ); if ( rc == LDAP_INAPPROPRIATE_MATCHING ) { - Debug( LDAP_DEBUG_ANY, + Debug( LDAP_DEBUG_TRACE, "<= bdb_equality_candidates: (%s) not indexed\n", ava->aa_desc->ad_cname.bv_val, 0, 0 ); return 0; @@ -858,7 +858,7 @@ approx_candidates( &db, &mask, &prefix ); if ( rc == LDAP_INAPPROPRIATE_MATCHING ) { - Debug( LDAP_DEBUG_ANY, + Debug( LDAP_DEBUG_TRACE, "<= bdb_approx_candidates: (%s) not indexed\n", ava->aa_desc->ad_cname.bv_val, 0, 0 ); return 0; @@ -978,7 +978,7 @@ substring_candidates( &db, &mask, &prefix ); if ( rc == LDAP_INAPPROPRIATE_MATCHING ) { - Debug( LDAP_DEBUG_ANY, + Debug( LDAP_DEBUG_TRACE, "<= bdb_substring_candidates: (%s) not indexed\n", sub->sa_desc->ad_cname.bv_val, 0, 0 ); return 0; @@ -1095,7 +1095,7 @@ inequality_candidates( &db, &mask, &prefix ); if ( rc == LDAP_INAPPROPRIATE_MATCHING ) { - Debug( LDAP_DEBUG_ANY, + Debug( LDAP_DEBUG_TRACE, "<= bdb_inequality_candidates: (%s) not indexed\n", ava->aa_desc->ad_cname.bv_val, 0, 0 ); return 0; diff --git a/servers/slapd/back-mdb/filterindex.c b/servers/slapd/back-mdb/filterindex.c index 58c1cc8..20c58b7 100644 --- a/servers/slapd/back-mdb/filterindex.c +++ b/servers/slapd/back-mdb/filterindex.c @@ -709,7 +709,7 @@ equality_candidates( &dbi, &mask, &prefix ); if ( rc == LDAP_INAPPROPRIATE_MATCHING ) { - Debug( LDAP_DEBUG_ANY, + Debug( LDAP_DEBUG_TRACE, "<= mdb_equality_candidates: (%s) not indexed\n", ava->aa_desc->ad_cname.bv_val, 0, 0 ); return 0; @@ -825,7 +825,7 @@ approx_candidates( &dbi, &mask, &prefix ); if ( rc == LDAP_INAPPROPRIATE_MATCHING ) { - Debug( LDAP_DEBUG_ANY, + Debug( LDAP_DEBUG_TRACE, "<= mdb_approx_candidates: (%s) not indexed\n", ava->aa_desc->ad_cname.bv_val, 0, 0 ); return 0; @@ -944,7 +944,7 @@ substring_candidates( &dbi, &mask, &prefix ); if ( rc == LDAP_INAPPROPRIATE_MATCHING ) { - Debug( LDAP_DEBUG_ANY, + Debug( LDAP_DEBUG_TRACE, "<= mdb_substring_candidates: (%s) not indexed\n", sub->sa_desc->ad_cname.bv_val, 0, 0 ); return 0; @@ -1060,7 +1060,7 @@ inequality_candidates( &dbi, &mask, &prefix ); if ( rc == LDAP_INAPPROPRIATE_MATCHING ) { - Debug( LDAP_DEBUG_ANY, + Debug( LDAP_DEBUG_TRACE, "<= mdb_inequality_candidates: (%s) not indexed\n", ava->aa_desc->ad_cname.bv_val, 0, 0 ); return 0; ++++++ 0012-openldap-re24-its8336.patch ++++++ >From fd7bfbc0df0ade534bea84914d385ecf2a73f678 Mon Sep 17 00:00:00 2001 From: Howard Chu <hyc(a)openldap.org> Date: Tue, 8 Dec 2015 18:17:24 +0000 Subject: ITS#8336 fix page_search_root assert on FreeDB Let "illegal" branch pages thru on the FreeDB - the condition is only temporary and will be fixed by the time rebalance finishes. diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c index fa0c9e5..a624cba 100644 --- a/libraries/liblmdb/mdb.c +++ b/libraries/liblmdb/mdb.c @@ -5279,7 +5279,11 @@ mdb_page_search_root(MDB_cursor *mc, MDB_val *key, int flags) indx_t i; DPRINTF(("branch page %"Z"u has %u keys", mp->mp_pgno, NUMKEYS(mp))); - mdb_cassert(mc, NUMKEYS(mp) > 1); + /* Don't assert on branch pages in the FreeDB. We can get here + * while in the process of rebalancing a FreeDB branch page; we must + * let that proceed. ITS#8336 + */ + mdb_cassert(mc, !mc->mc_dbi || NUMKEYS(mp) > 1); DPRINTF(("found index 0 to page %"Z"u", NODEPGNO(NODEPTR(mp, 0)))); if (flags & (MDB_PS_FIRST|MDB_PS_LAST)) { ++++++ README.module-loading ++++++ All of the OpenLDAP backends (except back-config) and overlays are now compiled as dynamic modules in our packages. If you want to use any of these in your setup make sure to put the correct "olcModuleLoad" or "moduleload" statements in your configuration. For details please see the slapd-config(5) and slapd.conf(5) manpages (depending on which config mechanism you use). For a list of the included dynamic modules list all modules files: ls /usr/lib*/openldap/*.so Or just the backend files: ls /usr/lib*/openldap/back_*.so Documentations for the overlays can be found in the respective man pages or the OpenLDAP Administration Guide which is part of the "openldap2-doc" package. Backend man-pages: man 5 slapo-<back_name> Overlays man-pages: man 5 slapo-<name> ++++++ SuSEfirewall2.openldap ++++++ ## Name: OpenLDAP Server ## Description: Opens ports for the OpenLDAP Server (slapd). # space separated list of allowed TCP ports TCP="ldap ldaps" # space separated list of allowed UDP ports UDP="ldap" # space separated list of allowed RPC services RPC="" # space separated list of allowed IP protocols IP="" # space separated list of allowed UDP broadcast ports BROADCAST="" ++++++ ldapns.schema ++++++ # $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $ # LDAP Name Service Additional Schema # http://www.iana.org/assignments/gssapi-service-names attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' DESC 'Auxiliary object class for adding authorizedService attribute' SUP top AUXILIARY MAY authorizedService ) objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxiliary object class for adding host attribute' SUP top AUXILIARY MAY host ) ++++++ openldap-2.4.42.tgz -> openldap-2.4.43.tgz ++++++ ++++ 6915 lines of diff (skipped) ++++++ rfc2307bis.schema ++++++ # builtin # #attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' # DESC 'An integer uniquely identifying a user in an administrative domain' # EQUALITY integerMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 # SINGLE-VALUE ) # builtin # #attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' # DESC 'An integer uniquely identifying a group in an # administrative domain' # EQUALITY integerMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 # SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolute path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to the login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup triple' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Service port number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Service protocol name' SUP name ) attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'IP protocol number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'ONC RPC number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IPv4 addresses as a dotted decimal omitting leading zeros or IPv6 addresses as defined in RFC2373' SUP name ) attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP network as a dotted decimal, eg. 192.168, omitting leading zeros' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netmask as a dotted decimal, eg. 255.255.255.0, omitting leading zeros' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address in maximal, colon separated hex notation, eg. 00:00:92:90:ee:e2' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootparamd parameter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Name of a A generic NIS map' SUP name ) attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'A generic NIS entry' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' DESC 'NIS public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' DESC 'NIS secret key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) attributetype ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key value' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automount information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY DESC 'Abstraction of an account with POSIX attributes' MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) ) objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY DESC 'Additional attributes for shadow passwords' MUST uid MAY ( userPassword $ description $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag ) ) objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY DESC 'Abstraction of a group of accounts' MUST gidNumber MAY ( userPassword $ memberUid $ description ) ) objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL DESC 'Abstraction an Internet Protocol service. Maps an IP port and protocol (such as tcp or udp) to one or more names; the distinguished value of the cn attribute denotes the services canonical name' MUST ( cn $ ipServicePort $ ipServiceProtocol ) MAY description ) objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL DESC 'Abstraction of an IP protocol. Maps a protocol number to one or more names. The distinguished value of the cn attribute denotes the protocols canonical name' MUST ( cn $ ipProtocolNumber ) MAY description ) objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL DESC 'Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure Call (RPC) binding. This class maps an ONC RPC number to a name. The distinguished value of the cn attribute denotes the RPC services canonical name' MUST ( cn $ oncRpcNumber ) MAY description ) objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY DESC 'Abstraction of a host, an IP device. The distinguished value of the cn attribute denotes the hosts canonical name. Device SHOULD be used as a structural class' MUST ( cn $ ipHostNumber ) MAY ( userPassword $ l $ description $ manager ) ) objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL DESC 'Abstraction of a network. The distinguished value of the cn attribute denotes the networks canonical name' MUST ipNetworkNumber MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) ) objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL DESC 'Abstraction of a netgroup. May refer to other netgroups' MUST cn MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL DESC 'A generic abstraction of a NIS map' MUST nisMapName MAY description ) objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL DESC 'An entry in a NIS map' MUST ( cn $ nisMapEntry $ nisMapName ) MAY description ) objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY DESC 'A device with a MAC address; device SHOULD be used as a structural class' MAY macAddress ) objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY DESC 'A device with boot parameters; device SHOULD be used as a structural class' MAY ( bootFile $ bootParameter ) ) objectclass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY DESC 'An object with a public and secret key' MUST ( cn $ nisPublicKey $ nisSecretKey ) MAY ( uidNumber $ description ) ) objectclass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY DESC 'Associates a NIS domain with a naming context' MUST nisDomain ) objectclass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL MUST ( automountMapName ) MAY description ) objectclass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL DESC 'Automount information' MUST ( automountKey $ automountInformation ) MAY description ) ## namedObject is needed for groups without members objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top STRUCTURAL MAY cn ) ++++++ slapd.conf.example ++++++ ############################################################################ # See slapd.conf(5) for details on configuration options. # This file SHOULD NOT be world readable. # # Important note: # You surely have to adjust some settings to meet your (security) # requirements. # At least you should replace suffix "dc=example,dc=com" by # something meaningful for your setup. # If you plan to use OpenLDAP server as backend for Samba and/or Kerberos # KDC then you MUST add decent ACLs for protecting user credentials! # # Read the man pages before changing something! # # You can debug the config by running (as root while slapd stopped): # /usr/sbin/slapd -f /etc/openldap/slapd.conf -u ldap -g ldap -h "ldapi:/// ldap://127.0.0.1" -d 65535 ############################################################################ #--------------------------------------------------------------------------- # slapd global parameters #--------------------------------------------------------------------------- # serverID must be unique across all provider replicas # for using multi-master replication (MMR) serverID 99 # only alter this when you know what you're doing #threads 4 # Run-time files pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args # for more debugging set: #loglevel config stats stats2 loglevel stats #--------------------------------------------------------------------------- # Load runtime loadable modules #--------------------------------------------------------------------------- # Load additional backend modules installed by package 'openldap2' # The following backends are statically built-in and therefore don't have # to be loaded here: # config, ldif, monitor, bdb, hdb, ldap, mdb, relay #moduleload back_ #moduleload back_ #moduleload back_mdb #moduleload back_meta #moduleload back_sock # Load additional overlay modules installed by package 'openldap2' # The following overlay are statically built-in and therefore don't have # to be loaded here: # ppolicy, syncprov #moduleload accesslog #moduleload constraint #moduleload dds #moduleload deref #moduleload dynlist #moduleload memberof moduleload refint #moduleload sssvlv #moduleload translucent moduleload unique #moduleload valsort # Load additional overlay modules installed by package 'openldap2-contrib' #moduleload allowed #moduleload lastbind #moduleload noopsrch #moduleload pw-pbkdf2 #moduleload pw-sha2 #moduleload smbk5pwd #--------------------------------------------------------------------------- # Include schema files #--------------------------------------------------------------------------- # Schema files installed by package 'openldap2' include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/ppolicy.schema #include /etc/openldap/schema/yast.schema # Schema file installed by package 'dhcp-server' #include /etc/openldap/schema/dhcp.schema # Schema file installed by package 'samba' #include /etc/openldap/schema/samba3.schema # Schema file installed by package 'krb5-plugin-kdb-ldap' #include /usr/share/doc/packages/krb5/kerberos.schema #--------------------------------------------------------------------------- # Transport Layer Security (TLS) configuration #--------------------------------------------------------------------------- # require at least TLS 1.0 and highly secure ciphers #TLSProtocolMin 3.1 #TLSCipherSuite HIGH:!SSLv3:!SSLv2:!ADH # TLS certificate and key files #TLSCACertificateFile /etc/ssl/ca-bundle.pem #TLSCertificateFile /etc/openldap/ssl.crt/server.crt #TLSCertificateKeyFile /etc/openldap/ssl.key/server.key # For enabling Perfect Forward Secrecy (PFS), see dhparam(1) #TLSDHParamFile /etc/openldap/ssl.key/dhparam #--------------------------------------------------------------------------- # Password hashing #--------------------------------------------------------------------------- #password-hash {CRYPT} # Parameters for {CRYPT} scheme: SHA-512, 72 bits) of salt, 5000 iterations #password-crypt-salt-format "$6$%.12s" #--------------------------------------------------------------------------- # Security requirements #--------------------------------------------------------------------------- #disallow bind_anon #require bind LDAPv3 strong # SSF value for ldapi:// localSSF 256 # minimum required SSF value (security strength factor) # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 #security ssf=128 update_ssf=256 simple_bind=128 security ssf=0 #--------------------------------------------------------------------------- # Global access control (ACLs) #--------------------------------------------------------------------------- # Root DSE: allow anyone to read it access to dn.base="" by * read # Sub schema sub entry: allow anyone to read it access to dn.base="cn=Subschema" by * read #--------------------------------------------------------------------------- # Authz-DN mappings #--------------------------------------------------------------------------- # If connected via IPC socket (ldapi:///) and SASL/EXTERNAL was used # System user root is mapped to the rootdn in database dc=example,dc=com # which has also read access on config and monitor databases authz-regexp "gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=root,dc=example,dc=com" # Map local system user to LDAP entry # if connected via IPC socket (ldapi:///) and SASL/EXTERNAL was used authz-regexp "gidnumber=([0-9]+)\\+uidnumber=([0-9]+),cn=peercred,cn=external,cn=auth" "ldap:///dc=example,dc=com??sub?(&(objectClass=posixAccount)(uidNumber=$2)(gidNumber=$1))" # this maps the attribute uid to a LDAP entry # if one of the typical password-based SASL mechs was used authz-regexp "uid=([a-zA-Z0-9_-]+),cn=(DIGEST-MD5|CRAM-MD5|NTLM|PLAIN|LOGIN|SCRAM-SHA-1),cn=auth" "ldap:///dc=example,dc=com??sub?(uid=$1)" # this maps the attribute uid to a LDAP entry # if one of the Kerberos based SASL mechs was used #authz-regexp # "uid=([a-zA-Z0-9_-]+),cn=(GSSAPI|GS2-KRB5|GS2-IAKERB),cn=auth" # "ldap:///dc=example,dc=com??sub?(|(krbPrincipalName=$1)(krbPrincipalAlias=$1))" # Map client cert subject DN to LDAP entry if SASL/EXTERNAL was used #authz-regexp # "(.+)" # "ldap:///dc=example,dc=com??sub?(&(objectClass=pkiUser)(seeAlso=$1))" #=========================================================================== # Database specific configuration sections below # Required order of databases: # config (first), ...others..., monitor (last) #=========================================================================== #--------------------------------------------------------------------------- # cn=config // Configuration database (always first!) # see slapd-config(5) #--------------------------------------------------------------------------- database config # Cleartext passwords, especially for the rootdn, should # be avoid! See slappasswd(8) and slapd.conf(5) for details. # Best thing is not to set rootpw at all! # For local config access by root use LDAPI with SASL/EXTERNAL instead # (see above). #rootpw secret access to dn.subtree="cn=config" by dn.exact="cn=root,dc=example,dc=com" manage by group.base="cn=slapd admins,ou=groups,dc=example,dc=com" read by * none #--------------------------------------------------------------------------- # dc=example,dc=com // Example MDB database to be used by normal clients # see slapd-mdb(5) #--------------------------------------------------------------------------- database mdb suffix "dc=example,dc=com" # rootdn has to be set for overlays' internal operations rootdn "cn=root,dc=example,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid! See slappasswd(8) and slapd.conf(5) for details. # Best thing is not to set rootpw at all! rootpw secret # The database directory MUST exist prior to running slapd and # SHOULD only be accessible by the slapd user 'ldap'. # mkdir /var/lib/ldap/example-db && chown ldap:ldap /var/lib/ldap/example-db && chmod 0700 /var/lib/ldap/example-db directory /var/lib/ldap/example-db # Permissions of database files created mode 0600 # extra information to be available in cn=monitor for this database monitoring on # Perform ACL checks on the content of a new entry being added add_content_acl on # backend-specific database parameters checkpoint 1024 5 # 100 MB (you can raise the limit later) maxsize 104857600 # Indices to maintain # # Whenever you change indexing configuration you have to re-run slapindex # while slapd being stopped! # Don't forget to fix ownership/permissions of newly generated index files # afterwards! # set always! index objectClass eq # for typical address book use index cn,sn,givenName,mail eq,sub # for user management index uid,uidNumber,gidNumber eq # for authz-regexp mapping of Kerberos principal name #index krbPrincipalName,krbPrincipalAlias eq # for authz-regexp mapping of client cert subject DNs #index seeAlso eq # for syncrepl index entryUUID,entryCSN eq # access control lists (ACLs) for dc=example,dc=com # see slapd.access(5) for details on access control lists (ACLs) # full read access also to 'userPassword' for group of replicas # and control is forwarded to subsequent ACLs access to dn.subtree=dc=example,dc=com by group.base="cn=slapd replicas,ou=groups,dc=example,dc=com" read by * break # write-only access to 'userPassword' for user, auth access else access to attrs=userPassword by self =w by * auth # 'userPKCS' must only be accessible by self access to attrs=userPKCS12 by self write by * none # No access to history of passwords #access to # attrs=pwdHistory # by * none # Catch-all ACL for the rest access to dn.subtree=dc=example,dc=com by group.base="cn=slapd admins,ou=groups,dc=example,dc=com" manage by self read by users read by * auth # see slapo-ppolicy(5) overlay ppolicy # Default password policy entry #ppolicy_default cn=ppolicy-default,ou=policies,dc=example,dc=com # Hash clear-text userPassword values sent in with add/modify operations #ppolicy_hash_cleartext # Return AccountLocked error code to client #ppolicy_use_lockout # see slapo-refint(5) overlay refint refint_attributes member seeAlso refint_nothing cn=dummy # Check sub-tree wide uniqueness of certain attributes # see slapo-unique(5) # you have to add eq-index for efficient uniqueness check! # Note that filter part is currently ignored because of OpenLDAP ITS#6825 overlay unique unique_uri "ldap:///dc=example,dc=com?uid,uidNumber,homeDirectory?sub" unique_uri "ldap:///ou=groups,dc=example,dc=com?cn,gidNumber?sub?(|(objectClass=groupOfNames)(objectClass=posixGroup))" #unique_uri "ldap:///dc=example,dc=com?krbPrincipalName,krbPrincipalAlias?sub" #unique_uri "ldap:///dc=example,dc=com?ipHostNumber?sub" #unique_uri "ldap:///dc=example,dc=com?employeeNumber?sub" #unique_uri "ldap:///dc=example,dc=com?uniqueIdentifier?sub" #overlay syncprov #mirrormode on #--------------------------------------------------------------------------- # cn=monitor // Monitoring database (always last!) # see slapd-monitor(5) #--------------------------------------------------------------------------- database monitor access to dn.subtree="cn=monitor" by dn.exact="cn=root,dc=example,dc=com" write by group.base="cn=slapd admins,ou=groups,dc=example,dc=com" write by users read ++++++ slapd.service ++++++ [Unit] Description=OpenLDAP Server Daemon After=syslog.target network.target [Service] Type=forking ExecStart=/usr/lib/openldap/start [Install] WantedBy=multi-user.target ++++++ start ++++++ #! /bin/sh # Copyright (c) 1997-2000 SuSE GmbH Nuernberg, Germany. # Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany. # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # # Author: Carsten Hoeger # Ralf Haferkamp # # /etc/init.d/ldap # ### BEGIN INIT INFO # Provides: ldap # Required-Start: $network $remote_fs # Required-Stop: $network $remote_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: OpenLDAP Server (slapd) # Description: Start and Stop the OpenLDAP Server (slapd) to # provide LDAP directory services. ### END INIT INFO # Determine the base and follow a runlevel link name. base=${0##*/} link=${base#*[SK][0-9][0-9]} test -f /etc/sysconfig/openldap && . /etc/sysconfig/openldap SLAPD_BIN=/usr/sbin/slapd LDAP_URLS="" LDAPS_URLS="" LDAPI_URLS="" SLAPD_CONFIG_ARG="-F /etc/openldap/slapd.d" SLAPD_PID_DIR="/var/run/slapd/" test -x $SLAPD_BIN || exit 5 # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v ditto but be verbose in local rc status # rc_status -v -r ditto and clear the local rc status # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num><num> # rc_reset clear local rc status (overall remains) # rc_exit exit appropriate to overall rc status . /etc/rc.status # First reset status of this service rc_reset function init_ldap_listener_urls(){ case "$OPENLDAP_START_LDAP" in [Yy][Ee][Ss]) if [ -n "$OPENLDAP_LDAP_INTERFACES" ] then for iface in $OPENLDAP_LDAP_INTERFACES ;do LDAP_URLS="$LDAP_URLS ldap://$iface" done else LDAP_URLS="ldap:///" fi ;; esac } function init_ldapi_listener_urls(){ case "$OPENLDAP_START_LDAPI" in [Yy][Ee][Ss]) if [ -n "$OPENLDAP_LDAPI_INTERFACES" ] then for iface in $OPENLDAP_LDAPI_INTERFACES ;do esc_iface=`echo "$iface" | sed -e s'/\\//\\%2f/'g` LDAPI_URLS="$LDAPI_URLS ldapi://$esc_iface" done else LDAPI_URLS="ldapi:///" fi ;; esac } function init_ldaps_listener_urls(){ case "$OPENLDAP_START_LDAPS" in [Yy][Ee][Ss]) if [ -n "$OPENLDAP_LDAPS_INTERFACES" ] then for iface in $OPENLDAP_LDAPS_INTERFACES ;do LDAPS_URLS="$LDAPS_URLS ldaps://$iface" done else LDAPS_URLS="ldaps:///" fi ;; esac } function check_connection(){ SLAPD_TIMEOUT=10 START=$( date +%s) while [ $(( $( date +%s) - ${START} )) -lt ${SLAPD_TIMEOUT} ]; do ldapsearch -x -H "$LDAP_URLS $LDAPI_URLS $LDAPS_URLS" -b "" -s base &>/dev/null LDAPSEARCH_RC=$? if [ ${LDAPSEARCH_RC} -ge 0 ] && [ ${LDAPSEARCH_RC} -le 80 ] ; then break else sleep 1 fi done } depth=0; function chown_database_dirs_bconfig() { ldapdir=$(find $1 -type f -name "olcDatabase*" | xargs grep -i olcdbdirectory | awk '{print $2}') for dir in $ldapdir; do [ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \ chown -R $OPENLDAP_USER $dir 2>/dev/null [ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \ chgrp -R $OPENLDAP_GROUP $dir 2>/dev/null done } function chown_database_dirs() { ldapdir=`grep ^directory $1 | awk '{print $2}'` for dir in $ldapdir; do [ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \ chown -R $OPENLDAP_USER $dir 2>/dev/null [ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \ chgrp -R $OPENLDAP_GROUP $dir 2>/dev/null done includes=`grep ^include $1 | awk '{print $2}'` if [ $depth -le 50 ]; then depth=$(( $depth + 1 )); for i in $includes; do chown_database_dirs "$i" ; done fi } USER_CMD="" GROUP_CMD="" [ ! "x$OPENLDAP_USER" = "x" ] && USER_CMD="-u $OPENLDAP_USER" [ ! "x$OPENLDAP_GROUP" = "x" ] && GROUP_CMD="-g $OPENLDAP_GROUP" [ ! "x$OPENLDAP_CONFIG_BACKEND" = "xldap" ] && SLAPD_CONFIG_ARG="-f /etc/openldap/slapd.conf" if [ -f /etc/openldap/UPDATE_NEEDED ]; then rc_failed 6 echo " The configuration of your LDAP server needs to be updated." echo " Please see /usr/share/doc/packages/openldap2/README.update" echo " for details." echo " After the update please remove the file:" echo " /etc/openldap/UPDATE_NEEDED" rc_status -v exit fi # chown backend directories if OPENLDAP_CHOWN_DIRS ist set if [ "$(echo "$OPENLDAP_CHOWN_DIRS" | tr 'A-Z' 'a-z')" = "yes" ]; then if [ -n "$OPENLDAP_USER" -o -n "$OPENLDAP_GROUP" ]; then if [ -n "$OPENLDAP_CONFIG_BACKEND" -a "$OPENLDAP_CONFIG_BACKEND" = "ldap" ]; then chown -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null chgrp -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null chown_database_dirs_bconfig "/etc/openldap/slapd.d" # assume back-config usage if slapd.conf is not present but slapd.d is elif [ ! -f /etc/openldap/slapd.conf -a /etc/openldap/slapd.d ]; then chown -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null chgrp -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null chown_database_dirs_bconfig "/etc/openldap/slapd.d" else chown_database_dirs "/etc/openldap/slapd.conf" chgrp $OPENLDAP_GROUP /etc/openldap/slapd.conf 2>/dev/null fi if test -f /etc/sasl2/slapd.conf ; then chgrp $OPENLDAP_GROUP /etc/sasl2/slapd.conf 2>/dev/null chmod 640 /etc/sasl2/slapd.conf 2>/dev/null fi if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then keytabfile=${OPENLDAP_KRB5_KEYTAB/#FILE:/} if test -f $keytabfile ; then chgrp $OPENLDAP_GROUP $keytabfile 2>/dev/null chmod g+r $keytabfile 2>/dev/null fi fi fi fi if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then export KRB5_KTNAME=$OPENLDAP_KRB5_KEYTAB fi case "$OPENLDAP_REGISTER_SLP" in [Yy][Ee][Ss]) SLAPD_SLP_REG="-o slp=on" ;; *) SLAPD_SLP_REG="-o slp=off" ;; esac init_ldap_listener_urls init_ldapi_listener_urls init_ldaps_listener_urls if [ ! -d $SLAPD_PID_DIR ]; then mkdir -p $SLAPD_PID_DIR chown ldap:ldap $SLAPD_PID_DIR fi echo -n "Starting ldap-server" exec $SLAPD_BIN -h "$LDAP_URLS $LDAPS_URLS $LDAPI_URLS" \ $SLAPD_CONFIG_ARG $USER_CMD $GROUP_CMD \ $OPENLDAP_SLAPD_PARAMS $SLAPD_SLP_REG ++++++ sysconfig.openldap ++++++ ## Path: Network/LDAP ## Description: Basic Configuration of the OpenLDAP Directory Server ## Type: yesno ## Default: yes ## ServiceRestart: ldap # # If set to "no" the LDAP server will not accept any "normal" LDAP connections # but just connections over "ldaps" or "ldapi". Setting this to "no" does only # make sense when either OPENLDAP_START_LDAPS or OPENLDAP_START_LDAPI is set # "yes". # OPENLDAP_START_LDAP="yes" ## Type: yesno ## Default: no ## ServiceRestart: ldap # # If set to "yes" the "ldap over ssl" feature of slapd will be enabled. Don't # forget to add the "TLSCertificateFile" and "TLSCertificateKeyFile" options # to the /etc/openldap/slapd.conf (man slapd.conf). # Note: Don't confuse this with "START_TLS", the preferred method for # making encrypted LDAP connections, which is enabled as soon as You # specify "TLSCertificateFile" and "TLSCertificateKeyFile" in your config # file # OPENLDAP_START_LDAPS="no" ## Type: yesno ## Default: no ## ServiceRestart: ldap # # If set to "yes", "ldap over IPC" feature of slapd will be enabled. # The ldap server creates a Unix domain socket as /var/run/slapd/ldapi. # Default: no # OPENLDAP_START_LDAPI="yes" ## Type: string ## Default: "" ## ServiceRestart: ldap # # If not empty, additional parameters for slapd daemon. # Default: "" # OPENLDAP_SLAPD_PARAMS="" ## Type: string ## Default: ldap ## ServiceRestart: ldap # # specifies a user, as which the openldap server should be executed # Default: ldap # OPENLDAP_USER="ldap" ## Type: string ## Default: ldap ## ServiceRestart: ldap # # specifies a group, as which the openldap server should be executed # Default: ldap # OPENLDAP_GROUP="ldap" ## Type: yesno ## Default: yes ## ServiceRestart: ldap # # If set to "yes" the init scripts will change the owner/group of the # different backend database directories (e.g. /var/lib/ldap) to the # user/group specified above # OPENLDAP_CHOWN_DIRS="yes" ## Type: string ## Default: "" ## ServiceRestart: ldap # # Use this to specify the interfaces that the server such accept # LDAP connections from. The values are specified in the format # <address>:<port>, where address is an IP address and port is the # portnumber, the daemon should listen to (defaulting to 389). If this # parameter is empty the server will attach to all interfaces. This # parameter is only evaluated if "OPENLDAP_START_LDAP" is set to # "yes" # Default: "" # OPENLDAP_LDAP_INTERFACES="" ## Type: string ## Default: "" ## ServiceRestart: ldap # # Use this to specify the interfaces that the server such accept # LDAPS connections from. The values are specified in the format # <address>:<port>, where address is an IP address and port is the # portnumber, the daemon should listen to (defaulting to 636). If this # parameter is empty the server will attach to all interfaces. This # parameter is only evaluated if "OPENLDAP_START_LDAPS" is set to # "yes" # Default: "" # OPENLDAP_LDAPS_INTERFACES="" ## Type: string ## Default: "" ## ServiceRestart: ldap # # Use this to specify the paths of the Unix Domain Sockets that # the server should create an accept incoming LDAPI connections # on. This parameter is only evaluated if "OPENLDAP_START_LDAPI" # is set to "yes". # Default: "" # OPENLDAP_LDAPI_INTERFACES="" ## Type: yesno ## Default: "yes" ## ServiceRestart: ldap # # If set to "no" the LDAP server will not try itself at a running SLP # daemon. # Default: "yes" # OPENLDAP_REGISTER_SLP="no" ## Type: string ## Default: "" ## ServiceRestart: ldap # # Set this to the name of the keytab, if you want to use a non-default # Kerberos Keytab. If OPENLDAP_CHOWN_DIRS is set to "yes" the permissions of # this file will be changed so that the group OPENLDAP_GROUP has read # access to the file. # Example: OPENLDAP_KRB5_KEYTAB="FILE:/etc/openldap/krb5.keytab # Default: "" # OPENLDAP_KRB5_KEYTAB="" ## Type: string ## Default: "files" ## ServiceRestart: ldap # # Here you can configure which of the configuration backends you want to # use. Possible values are "files" for slapd.conf(5) styleconfiguration or # "ldap" for the slapd-config(5) LDAP based configuration backend. # OPENLDAP_CONFIG_BACKEND="" ## Type: yesno ## Default: "yes" ## ServiceRestart: ldap # # Here you can configure if the slapd shall start with or without memory limit. # OPENLDAP_MEMORY_LIMIT="yes" ++++++ yast.schema ++++++ ## Some macros objectidentifier SUSE 1.3.6.1.4.1.7057 objectidentifier SUSE.YaST SUSE:10.1 objectidentifier SUSE.YaST.ModuleConfig SUSE:10.1.2 objectidentifier SUSE.YaST.ModuleConfig.OC SUSE.YaST.ModuleConfig:1 objectidentifier SUSE.YaST.ModuleConfig.Attr SUSE.YaST.ModuleConfig:2 # Attributes # deprecated # #attributetype ( SUSE.YaST.ModuleConfig.Attr:1 NAME ( 'userConfigDn' ) # DESC 'Where is the configuration for user management stored' # EQUALITY distinguishedNameMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributetype ( SUSE.YaST.ModuleConfig.Attr:2 NAME ( 'suseDefaultBase' ) DESC 'Base DN where new Objects should be created by default' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributetype ( SUSE.YaST.ModuleConfig.Attr:3 NAME ( 'suseNextUniqueId' ) DESC 'Next unused unique ID, can be used to generate directory wide uniqe IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( SUSE.YaST.ModuleConfig.Attr:4 NAME ( 'suseMinUniqueId' ) DESC 'lower Border for Unique IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( SUSE.YaST.ModuleConfig.Attr:5 NAME ( 'suseMaxUniqueId' ) DESC 'upper Border for Unique IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( SUSE.YaST.ModuleConfig.Attr:6 NAME ( 'suseDefaultTemplate' ) DESC 'The DN of a template that should be used by default' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributetype ( SUSE.YaST.ModuleConfig.Attr:7 NAME ( 'suseSearchFilter' ) DESC 'Search filter to localize Objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # deprecated # #attributetype ( SUSE.YaST.ModuleConfig.Attr:8 NAME ( 'DefaultObjectClass' ) # DESC 'ObjectClass that new Objects should use' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # #attributetype ( SUSE.YaST.ModuleConfig.Attr:9 NAME ( 'suseRequiredAttribute' ) # DESC '' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # #attributetype ( SUSE.YaST.ModuleConfig.Attr:10 NAME ( 'allowedAttribute' ) # DESC '' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( SUSE.YaST.ModuleConfig.Attr:11 NAME ( 'suseDefaultValue' ) DESC 'an Attribute-Value-Assertions to define defaults for specific Attributes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( SUSE.YaST.ModuleConfig.Attr:12 NAME ( 'suseNamingAttribute' ) DESC 'AttributeType that should be used as the RDN' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( SUSE.YaST.ModuleConfig.Attr:15 NAME ( 'suseSecondaryGroup' ) DESC 'seconday group DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributetype ( SUSE.YaST.ModuleConfig.Attr:16 NAME ( 'suseMinPasswordLength' ) DESC 'minimum Password length for new users' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( SUSE.YaST.ModuleConfig.Attr:17 NAME ( 'suseMaxPasswordLength' ) DESC 'maximum Password length for new users' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( SUSE.YaST.ModuleConfig.Attr:18 NAME ( 'susePasswordHash' ) DESC 'Hash method to use for new users' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( SUSE.YaST.ModuleConfig.Attr:19 NAME ( 'suseSkelDir' ) DESC '' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( SUSE.YaST.ModuleConfig.Attr:20 NAME ( 'susePlugin' ) DESC 'plugin to use upon user/ group creation' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( SUSE.YaST.ModuleConfig.Attr:21 NAME ( 'suseMapAttribute' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( SUSE.YaST.ModuleConfig.Attr:22 NAME ( 'suseImapServer' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( SUSE.YaST.ModuleConfig.Attr:23 NAME ( 'suseImapAdmin' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( SUSE.YaST.ModuleConfig.Attr:24 NAME ( 'suseImapDefaultQuota' ) DESC '' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( SUSE.YaST.ModuleConfig.Attr:25 NAME ( 'suseImapUseSsl' ) DESC '' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # ObjectClasses objectClass ( SUSE.YaST.ModuleConfig.OC:2 NAME 'suseModuleConfiguration' SUP top STRUCTURAL DESC 'Contains configuration of Management Modules' MUST ( cn ) MAY ( suseDefaultBase )) objectClass ( SUSE.YaST.ModuleConfig.OC:3 NAME 'suseUserConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of user management tools' MAY ( suseMinPasswordLength $ suseMaxPasswordLength $ susePasswordHash $ suseSkelDir $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute )) objectClass ( SUSE.YaST.ModuleConfig.OC:4 NAME 'suseObjectTemplate' SUP top STRUCTURAL DESC 'Base Class for Object-Templates' MUST ( cn ) MAY ( susePlugin $ suseDefaultValue $ suseNamingAttribute )) objectClass ( SUSE.YaST.ModuleConfig.OC:5 NAME 'suseUserTemplate' SUP suseObjectTemplate STRUCTURAL DESC 'User object template' MUST ( cn ) MAY ( suseSecondaryGroup )) objectClass ( SUSE.YaST.ModuleConfig.OC:6 NAME 'suseGroupTemplate' SUP suseObjectTemplate STRUCTURAL DESC 'Group object template' MUST ( cn )) objectClass ( SUSE.YaST.ModuleConfig.OC:7 NAME 'suseGroupConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of user management tools' MAY ( suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute )) objectClass ( SUSE.YaST.ModuleConfig.OC:8 NAME 'suseCaConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of CA management tools') objectClass ( SUSE.YaST.ModuleConfig.OC:9 NAME 'suseDnsConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of mail server management tools') objectClass ( SUSE.YaST.ModuleConfig.OC:10 NAME 'suseDhcpConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of DHCP server management tools') objectClass ( SUSE.YaST.ModuleConfig.OC:11 NAME 'suseMailConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of IMAP user management tools' MUST ( suseImapServer $ suseImapAdmin $ suseImapDefaultQuota $ suseImapUseSsl ))

1 0

commit apache-commons-logging for openSUSE:Factory
by root＠hilbert.suse.de 30 Jan '16

30 Jan '16

Hello community, here is the log from the commit of package apache-commons-logging for openSUSE:Factory checked in at 2016-01-30 11:30:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache-commons-logging (Old) and /work/SRC/openSUSE:Factory/.apache-commons-logging.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "apache-commons-logging" Changes: -------- --- /work/SRC/openSUSE:Factory/apache-commons-logging/apache-commons-logging.changes 2015-04-02 16:00:21.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.apache-commons-logging.new/apache-commons-logging.changes 2016-01-30 11:30:48.000000000 +0100 @@ -1,0 +2,7 @@ +Sun Jan 24 13:55:36 UTC 2016 - p.drouand(a)gmail.com + +- Update to version 1.2 + see http://commons.apache.org/proper/commons-logging/changes-report.html + or RELEASE-NOTES.txt for details + +------------------------------------------------------------------- Old: ---- commons-logging-1.1.3-src.tar.gz commons-logging-1.1.3-src.tar.gz.asc commons-logging-api-1.1.pom New: ---- commons-logging-1.2-src.tar.gz commons-logging-1.2-src.tar.gz.asc commons-logging-1.2.pom ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache-commons-logging.spec ++++++ --- /var/tmp/diff_new_pack.qDxKgr/_old 2016-01-30 11:30:49.000000000 +0100 +++ /var/tmp/diff_new_pack.qDxKgr/_new 2016-01-30 11:30:49.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package apache-commons-logging # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2000-2007, JPackage Project # # All modifications and additions to the file contributed by third parties @@ -21,7 +21,7 @@ %define short_name commons-%{base_name} %bcond_with java_bootstrap Name: apache-%{short_name} -Version: 1.1.3 +Version: 1.2 Release: 0 Summary: Apache Commons Logging License: Apache-2.0 @@ -30,7 +30,7 @@ Source0: http://www.apache.org/dist/commons/%{base_name}/source/%{short_name}-%{vers… Source1: http://www.apache.org/dist/commons/%{base_name}/source/%{short_name}-%{vers… Source2: apache-commons-logging.keyring -Source3: http://mirrors.ibiblio.org/pub/mirrors/maven2/%{short_name}/%{short_name}-a… +Source3: http://central.maven.org/maven2/commons-logging/commons-logging/%{version}/… Patch0: commons-logging-1.1.3-src-junit.diff BuildRequires: ant BuildRequires: apache-commons-parent ++++++ commons-logging-1.1.3-src.tar.gz -> commons-logging-1.2-src.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/NOTICE.txt new/commons-logging-1.2-src/NOTICE.txt --- old/commons-logging-1.1.3-src/NOTICE.txt 2013-05-16 22:04:22.000000000 +0200 +++ new/commons-logging-1.2-src/NOTICE.txt 2014-07-05 20:11:36.000000000 +0200 @@ -1,5 +1,5 @@ Apache Commons Logging -Copyright 2003-2013 The Apache Software Foundation +Copyright 2003-2014 The Apache Software Foundation This product includes software developed at The Apache Software Foundation (http://www.apache.org/). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/README.txt new/commons-logging-1.2-src/README.txt --- old/commons-logging-1.1.3-src/README.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/commons-logging-1.2-src/README.txt 2014-07-05 20:11:36.000000000 +0200 @@ -0,0 +1,50 @@ + + +Logging +------- + +Getting started: + +1) Build the jar file + + If you have the source distribution you will need to build the jar file + using Maven 2/3. For instructions on downloading and installing Maven see + http://maven.apache.org/. + + To build execute the command 'mvn package verify'. + The jar file will be built in the target directory. + + Note: the unit tests are executed during the verify phase and require that + the respective jar files have been created successfully. + +2) Generate the documentation + + Run the 'mvn verify site' command. The documentation will be written + to the target/site directory. The documentation has some examples of + how to use this package as well as a troubleshooting guide. + +3) Create source and binary distributions + + Run the 'mvn verify site assembly:assembly' command. The source and binary + distributions are created in the 'target' directory. + +4) Use + + Simply include the jar file built in step #1 in your classpath. Import the + classes that you want to use and you are ready to go! + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/RELEASE-NOTES.txt new/commons-logging-1.2-src/RELEASE-NOTES.txt --- old/commons-logging-1.1.3-src/RELEASE-NOTES.txt 2013-05-16 22:04:22.000000000 +0200 +++ new/commons-logging-1.2-src/RELEASE-NOTES.txt 2014-07-05 20:11:36.000000000 +0200 @@ -1,22 +1,31 @@ Apache Commons Logging - Version 1.1.3 + Version 1.2 RELEASE NOTES -The Commons Logging team is pleased to announce the release of Apache Commons Logging 1.1.3 +The Apache Commons Logging team is pleased to announce +the release of Apache Commons Logging 1.2 -Commons Logging is a thin adapter allowing configurable bridging to other, -well known logging systems. +Apache Commons Logging is a thin adapter allowing configurable +bridging to other, well known logging systems. This is a maintenance release containing bug fixes. +Java 1.2 or later is required. Changes in this version include: Fixed Bugs: -o LOGGING-151: Use "org.apache.commons.logging" as bundle symbolic name. Thanks to Krzysztof Daniel. +o LOGGING-37: Improve performance of LogFactory#getFactory() by calling + Thread#currentThread()#getContextClassLoader() directly instead + of using reflection. As a consequence support for JDK 1.1 has + been dropped. Thanks to Matthias Ernst, Archie Cobbs. +o LOGGING-156: Fix SecurityAllowedTestCase when executed with OpenJDK 1.7 due + to an additional required RuntimePermission. Thanks to Mikolaj Izdebski. +o LOGGING-157: Fix javadoc to comply with javadoc tool from jdk 1.8. Thanks to Ville Skyttä. + Historical list of changes: http://commons.apache.org/proper/commons-logging/changes-report.html -For complete information on Commons Logging, including instructions on how to submit bug reports, +For complete information on Apache Commons Logging, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Logging website: http://commons.apache.org/proper/commons-logging/ \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/build.xml new/commons-logging-1.2-src/build.xml --- old/commons-logging-1.1.3-src/build.xml 2013-05-16 22:04:22.000000000 +0200 +++ new/commons-logging-1.2-src/build.xml 2014-07-05 20:11:36.000000000 +0200 @@ -39,7 +39,7 @@ - the path to a 1.4 J2SDK. This will be used to compile those classes - which require the 1.4 API. - - - $Id: build.xml 1483540 2013-05-16 20:03:52Z tn $ + - $Id: build.xml 1608092 2014-07-05 18:11:22Z tn $ --> <project name="Logging" default="all" basedir="."> @@ -94,7 +94,7 @@ <property name="component.title" value="Logging Wrapper Library"/>  - <property name="component.version" value="1.1.3"/> + <property name="component.version" value="1.2"/>  <property name="build.home" value="${basedir}/target"/> @@ -106,7 +106,7 @@ <property name="dist.home" value="dist"/>  - <property name="artifacts.home" value="artifacts"/> + <property name="artifacts.home" value="artifacts"/>  <property name="source.home" value="src/main/java"/> @@ -130,7 +130,7 @@   - <property name="target.version" value="1.1"/> + <property name="target.version" value="1.2"/>  <property name="source.version" value="1.2"/> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/pmd.xml new/commons-logging-1.2-src/pmd.xml --- old/commons-logging-1.1.3-src/pmd.xml 1970-01-01 01:00:00.000000000 +0100 +++ new/commons-logging-1.2-src/pmd.xml 2014-07-05 20:11:36.000000000 +0200 @@ -0,0 +1,26 @@ +<?xml version="1.0"?> + +<ruleset name="mybraces" + xmlns="http://pmd.sourceforge.net/ruleset/2.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 http://pmd.sourceforge.net/ruleset_2_0_0.xsd"> + <description>Excludes from default PMD rules.</description> + <rule ref="rulesets/java/unusedcode.xml"> + <exclude name="UnnecessaryParentheses"/> + </rule> +</ruleset> \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/pom.xml new/commons-logging-1.2-src/pom.xml --- old/commons-logging-1.1.3-src/pom.xml 2013-05-16 22:04:22.000000000 +0200 +++ new/commons-logging-1.2-src/pom.xml 2014-07-05 20:11:36.000000000 +0200 @@ -26,14 +26,14 @@ <parent> <groupId>org.apache.commons</groupId> <artifactId>commons-parent</artifactId> - <version>28</version> + <version>34</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> - <name>Commons Logging</name> - <version>1.1.3</version> - <description>Commons Logging is a thin adapter allowing configurable bridging to other, + <name>Apache Commons Logging</name> + <version>1.2</version> + <description>Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.</description> <url>http://commons.apache.org/proper/commons-logging/</url> @@ -375,6 +375,7 @@ <goal>verify</goal> </goals> <configuration> + <runOrder>${failsafe.runorder}</runOrder> <includes> <include>**/*TestCase.java</include> </includes> @@ -491,6 +492,27 @@ <artifactId>jdepend-maven-plugin</artifactId> <version>2.0-beta-1</version> </plugin> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>findbugs-maven-plugin</artifactId> + <version>2.5.2</version> + <configuration> + <skip>true</skip> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-pmd-plugin</artifactId> + <version>3.0.1</version> + <configuration> +  + <targetJdk>1.3</targetJdk> + <linkXref>true</linkXref> + <rulesets> + <ruleset>${basedir}/pmd.xml</ruleset> + </rulesets> + </configuration> + </plugin> </plugins> </reporting> @@ -502,16 +524,18 @@ </distributionManagement> <properties> - <maven.compile.source>1.2</maven.compile.source> - <maven.compile.target>1.1</maven.compile.target> + <maven.compiler.source>1.2</maven.compiler.source> + <maven.compiler.target>1.2</maven.compiler.target> <commons.componentid>logging</commons.componentid> - <commons.release.version>1.1.3</commons.release.version> + <commons.release.version>1.2</commons.release.version> <commons.jira.id>LOGGING</commons.jira.id> <commons.jira.pid>12310484</commons.jira.pid>  <commons.rc.version>RC2</commons.rc.version> <commons.surefire.version>2.12</commons.surefire.version> - <skipSurefireReport>true</skipSurefireReport> + <skipSurefireReport>true</skipSurefireReport> +  + <failsafe.runorder>filesystem</failsafe.runorder> <commons.osgi.import> javax.servlet;version="[2.1.0, 3.0.0)";resolution:=optional, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/changes/changes.xml new/commons-logging-1.2-src/src/changes/changes.xml --- old/commons-logging-1.1.3-src/src/changes/changes.xml 2013-05-16 22:04:22.000000000 +0200 +++ new/commons-logging-1.2-src/src/changes/changes.xml 2014-07-05 20:11:36.000000000 +0200 @@ -43,6 +43,18 @@ <title>Release Notes</title> </properties> <body> + <release version="1.2" date="2014-07-11" description="This is a maintenance release containing bug fixes. Java 1.2 or later is required."> + <action issue="LOGGING-37" dev="tn" type="fix" due-to="Matthias Ernst,Archie Cobbs"> + Improve performance of LogFactory#getFactory() by calling Thread#currentThread()#getContextClassLoader() + directly instead of using reflection. As a consequence support for JDK 1.1 has been dropped. + </action> + <action issue="LOGGING-156" dev="tn" type="fix" due-to="Mikolaj Izdebski"> + Fix SecurityAllowedTestCase when executed with OpenJDK 1.7 due to an additional required RuntimePermission. + </action> + <action issue="LOGGING-157" dev="tn" type="fix" due-to="Ville Skyttä"> + Fix javadoc to comply with javadoc tool from jdk 1.8. + </action> + </release> <release version="1.1.3" date="2013-05-23" description="This is a maintenance release containing bug fixes."> <action issue="LOGGING-151" dev="tn" type="fix" due-to="Krzysztof Daniel"> Use "org.apache.commons.logging" as bundle symbolic name. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/conf/MANIFEST.MF new/commons-logging-1.2-src/src/conf/MANIFEST.MF --- old/commons-logging-1.1.3-src/src/conf/MANIFEST.MF 2013-05-16 22:04:22.000000000 +0200 +++ new/commons-logging-1.2-src/src/conf/MANIFEST.MF 2014-07-05 20:11:36.000000000 +0200 @@ -1,20 +1,20 @@ Manifest-Version: 1.0 -Export-Package: org.apache.commons.logging;version="1.1.3",org.apache. - commons.logging.impl;version="1.1.3" +Export-Package: org.apache.commons.logging;version="1.2.0",org.apache. + commons.logging.impl;version="1.2.0" Implementation-Title: Commons Logging Implementation-Vendor: The Apache Software Foundation Implementation-Vendor-Id: org.apache Specification-Title: Commons Logging Bundle-License: http://www.apache.org/licenses/LICENSE-2.0.txt Bundle-SymbolicName: org.apache.commons.logging -X-Compile-Target-JDK: 1.1 -Implementation-Version: 1.1.3 +X-Compile-Target-JDK: 1.2 +Implementation-Version: 1.2 Specification-Vendor: The Apache Software Foundation Bundle-Name: Commons Logging Created-By: Apache Maven Bundle Plugin X-Compile-Source-JDK: 1.2 Bundle-Vendor: The Apache Software Foundation -Bundle-Version: 1.1.3 +Bundle-Version: 1.2.0 Bundle-ManifestVersion: 2 Bundle-Description: Commons Logging is a thin adapter allowing configu rable bridging to other, well known logging systems. @@ -25,4 +25,4 @@ .0.1]",org.apache.log4j;resolution:=optional;version="[1.2.15,2.0.0)" Include-Resource: META-INF/NOTICE.txt=NOTICE.txt,META-INF/LICENSE.txt= LICENSE.txt -Specification-Version: 1.1.3 +Specification-Version: 1.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/main/assembly/src.xml new/commons-logging-1.2-src/src/main/assembly/src.xml --- old/commons-logging-1.1.3-src/src/main/assembly/src.xml 2013-05-16 22:04:21.000000000 +0200 +++ new/commons-logging-1.2-src/src/main/assembly/src.xml 2014-07-05 20:11:36.000000000 +0200 @@ -28,8 +28,10 @@ <fileSet> <includes> <include>checkstyle.xml</include> + <include>README.txt</include> <include>LICENSE.txt</include> <include>NOTICE.txt</include> + <include>pmd.xml</include> <include>pom.xml</include> <include>PROPOSAL.html</include> <include>RELEASE-NOTES.txt</include> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/main/java/org/apache/commons/logging/Log.java new/commons-logging-1.2-src/src/main/java/org/apache/commons/logging/Log.java --- old/commons-logging-1.1.3-src/src/main/java/org/apache/commons/logging/Log.java 2013-05-16 22:04:22.000000000 +0200 +++ new/commons-logging-1.2-src/src/main/java/org/apache/commons/logging/Log.java 2014-07-05 20:11:36.000000000 +0200 @@ -43,22 +43,80 @@ * to be logged). * <p> * For example, - * <code><pre> + * <pre> * if (log.isDebugEnabled()) { * ... do something expensive ... * log.debug(theResult); * } - * </pre></code> + * </pre> * <p> * Configuration of the underlying logging system will generally be done * external to the Logging APIs, through whatever mechanism is supported by * that system. * - * @version $Id: Log.java 1432663 2013-01-13 17:24:18Z tn $ + * @version $Id: Log.java 1606045 2014-06-27 12:11:56Z tn $ */ public interface Log { - // ----------------------------------------------------- Logging Properties + /** + * Logs a message with debug log level. + * + * @param message log this message + */ + void debug(Object message); + + /** + * Logs an error with debug log level. + * + * @param message log this message + * @param t log this cause + */ + void debug(Object message, Throwable t); + + /** + * Logs a message with error log level. + * + * @param message log this message + */ + void error(Object message); + + /** + * Logs an error with error log level. + * + * @param message log this message + * @param t log this cause + */ + void error(Object message, Throwable t); + + /** + * Logs a message with fatal log level. + * + * @param message log this message + */ + void fatal(Object message); + + /** + * Logs an error with fatal log level. + * + * @param message log this message + * @param t log this cause + */ + void fatal(Object message, Throwable t); + + /** + * Logs a message with info log level. + * + * @param message log this message + */ + void info(Object message); + + /** + * Logs an error with info log level. + * + * @param message log this message + * @param t log this cause + */ + void info(Object message, Throwable t); /** * Is debug logging currently enabled? @@ -69,7 +127,7 @@ * * @return true if debug is enabled in the underlying logger. */ - public boolean isDebugEnabled(); + boolean isDebugEnabled(); /** * Is error logging currently enabled? @@ -80,7 +138,7 @@ * * @return true if error is enabled in the underlying logger. */ - public boolean isErrorEnabled(); + boolean isErrorEnabled(); /** * Is fatal logging currently enabled? @@ -91,7 +149,7 @@ * * @return true if fatal is enabled in the underlying logger. */ - public boolean isFatalEnabled(); + boolean isFatalEnabled(); /** * Is info logging currently enabled? @@ -102,7 +160,7 @@ * * @return true if info is enabled in the underlying logger. */ - public boolean isInfoEnabled(); + boolean isInfoEnabled(); /** * Is trace logging currently enabled? @@ -113,7 +171,7 @@ * * @return true if trace is enabled in the underlying logger. */ - public boolean isTraceEnabled(); + boolean isTraceEnabled(); /** * Is warn logging currently enabled? @@ -124,97 +182,35 @@ * * @return true if warn is enabled in the underlying logger. */ - public boolean isWarnEnabled(); - - // -------------------------------------------------------- Logging Methods - - /** - * Log a message with trace log level. - * - * @param message log this message - */ - public void trace(Object message); - - /** - * Log an error with trace log level. - * - * @param message log this message - * @param t log this cause - */ - public void trace(Object message, Throwable t); - - /** - * Log a message with debug log level. - * - * @param message log this message - */ - public void debug(Object message); - - /** - * Log an error with debug log level. - * - * @param message log this message - * @param t log this cause - */ - public void debug(Object message, Throwable t); - - /** - * Log a message with info log level. - * - * @param message log this message - */ - public void info(Object message); - - /** - * Log an error with info log level. - * - * @param message log this message - * @param t log this cause - */ - public void info(Object message, Throwable t); - - /** - * Log a message with warn log level. - * - * @param message log this message - */ - public void warn(Object message); - - /** - * Log an error with warn log level. - * - * @param message log this message - * @param t log this cause - */ - public void warn(Object message, Throwable t); + boolean isWarnEnabled(); /** - * Log a message with error log level. + * Logs a message with trace log level. * * @param message log this message */ - public void error(Object message); + void trace(Object message); /** - * Log an error with error log level. + * Logs an error with trace log level. * * @param message log this message * @param t log this cause */ - public void error(Object message, Throwable t); + void trace(Object message, Throwable t); /** - * Log a message with fatal log level. + * Logs a message with warn log level. * * @param message log this message */ - public void fatal(Object message); + void warn(Object message); /** - * Log an error with fatal log level. + * Logs an error with warn log level. * * @param message log this message * @param t log this cause */ - public void fatal(Object message, Throwable t); + void warn(Object message, Throwable t); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/main/java/org/apache/commons/logging/LogFactory.java new/commons-logging-1.2-src/src/main/java/org/apache/commons/logging/LogFactory.java --- old/commons-logging-1.1.3-src/src/main/java/org/apache/commons/logging/LogFactory.java 2013-05-16 22:04:22.000000000 +0200 +++ new/commons-logging-1.2-src/src/main/java/org/apache/commons/logging/LogFactory.java 2014-07-05 20:11:35.000000000 +0200 @@ -23,8 +23,6 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.io.PrintStream; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; import java.net.URL; import java.net.URLConnection; import java.security.AccessController; @@ -42,7 +40,7 @@ * based on the SAXParserFactory and DocumentBuilderFactory implementations * (corresponding to the JAXP pluggability APIs) found in Apache Xerces. * - * @version $Id: LogFactory.java 1449064 2013-02-22 14:49:22Z tn $ + * @version $Id: LogFactory.java 1606041 2014-06-27 11:56:59Z tn $ */ public abstract class LogFactory { // Implementation note re AccessController usage @@ -151,23 +149,23 @@ * classloaders to be substituted by an alternative implementation. * <p> * <strong>Note:</strong> <code>LogFactory</code> will print: - * <code><pre> - * [ERROR] LogFactory: Load of custom hashtable failed</em> - * </pre></code> + * <pre> + * [ERROR] LogFactory: Load of custom hashtable failed + * </pre> * to system error and then continue using a standard Hashtable. * <p> * <strong>Usage:</strong> Set this property when Java is invoked * and <code>LogFactory</code> will attempt to load a new instance * of the given implementation class. * For example, running the following ant scriplet: - * <code><pre> + * <pre> * <java classname="${test.runner}" fork="yes" failonerror="${test.failonerror}"> * ... * <sysproperty * key="org.apache.commons.logging.LogFactory.HashtableImpl" * value="org.apache.commons.logging.AltHashtable"/> * </java> - * </pre></code> + * </pre> * will mean that <code>LogFactory</code> will load an instance of * <code>org.apache.commons.logging.AltHashtable</code>. * <p> @@ -787,8 +785,6 @@ * or null if security doesn't allow it. * @throws LogConfigurationException if there was some weird error while * attempting to get the context classloader. - * @throws SecurityException if the current java security policy doesn't - * allow this class to access the context classloader. */ protected static ClassLoader getContextClassLoader() throws LogConfigurationException { return directGetContextClassLoader(); @@ -807,8 +803,6 @@ * or null if security doesn't allow it. * @throws LogConfigurationException if there was some weird error while * attempting to get the context classloader. - * @throws SecurityException if the current java security policy doesn't - * allow this class to access the context classloader. */ private static ClassLoader getContextClassLoaderInternal() throws LogConfigurationException { return (ClassLoader)AccessController.doPrivileged( @@ -834,64 +828,27 @@ * * @throws LogConfigurationException if a suitable class loader * cannot be identified. - * @throws SecurityException if the java security policy forbids - * access to the context classloader from one of the classes in the - * current call stack. + * @return the thread's context classloader or {@code null} if the java security + * policy forbids access to the context classloader from one of the classes + * in the current call stack. * @since 1.1 */ protected static ClassLoader directGetContextClassLoader() throws LogConfigurationException { ClassLoader classLoader = null; try { - // Are we running on a JDK 1.2 or later system? - final Method method = Thread.class.getMethod("getContextClassLoader", (Class[]) null); - - // Get the thread context class loader (if there is one) - try { - classLoader = (ClassLoader)method.invoke(Thread.currentThread(), (Object[]) null); - } catch (IllegalAccessException e) { - throw new LogConfigurationException - ("Unexpected IllegalAccessException", e); - } catch (InvocationTargetException e) { - /** - * InvocationTargetException is thrown by 'invoke' when - * the method being invoked (getContextClassLoader) throws - * an exception. - * - * getContextClassLoader() throws SecurityException when - * the context class loader isn't an ancestor of the - * calling class's class loader, or if security - * permissions are restricted. - * - * In the first case (not related), we want to ignore and - * keep going. We cannot help but also ignore the second - * with the logic below, but other calls elsewhere (to - * obtain a class loader) will trigger this exception where - * we can make a distinction. - */ - if (e.getTargetException() instanceof SecurityException) { - // ignore - } else { - // Capture 'e.getTargetException()' exception for details - // alternate: log 'e.getTargetException()', and pass back 'e'. - throw new LogConfigurationException("Unexpected InvocationTargetException", e.getTargetException()); - } - } - } catch (NoSuchMethodException e) { - // Assume we are running on JDK 1.1 - classLoader = getClassLoader(LogFactory.class); - - // We deliberately don't log a message here to outputStream; - // this message would be output for every call to LogFactory.getLog() - // when running on JDK1.1 - // - // if (outputStream != null) { - // outputStream.println( - // "Method Thread.getContextClassLoader does not exist;" - // + " assuming this is JDK 1.1, and that the context" - // + " classloader is the same as the class that loaded" - // + " the concrete LogFactory class."); - // } + classLoader = Thread.currentThread().getContextClassLoader(); + } catch (SecurityException ex) { + /** + * getContextClassLoader() throws SecurityException when + * the context class loader isn't an ancestor of the + * calling class's class loader, or if security + * permissions are restricted. + * + * We ignore this exception to be consistent with the previous + * behavior (e.g. 1.1.3 and earlier). + */ + // ignore } // Return the selected class loader @@ -951,8 +908,8 @@ * implementation class, loaded by the specified class loader. * If that fails, try the class loader used to load this * (abstract) LogFactory. - * <p> * <h2>ClassLoader conflicts</h2> + * <p> * Note that there can be problems if the specified ClassLoader is not the * same as the classloader that loaded this class, ie when loading a * concrete LogFactory subclass via a context classloader. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/site/site.xml new/commons-logging-1.2-src/src/site/site.xml --- old/commons-logging-1.1.3-src/src/site/site.xml 2013-05-16 22:04:22.000000000 +0200 +++ new/commons-logging-1.2-src/src/site/site.xml 2014-07-05 20:11:35.000000000 +0200 @@ -39,8 +39,8 @@ href="/RELEASE-NOTES.txt"/> <item name='JavaDoc (Latest release)' href='/javadocs/api-release/index.html'/> - <item name='JavaDoc (v1.1)' - href='/javadocs/api-1.1/index.html'/> + <item name='JavaDoc (v1.1.3)' + href='/javadocs/api-1.1.3/index.html'/> <item name='JavaDoc (v1.0.4)' href='/javadocs/api-1.0.4/index.html'/> </menu> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/site/xdoc/download_logging.xml new/commons-logging-1.2-src/src/site/xdoc/download_logging.xml --- old/commons-logging-1.1.3-src/src/site/xdoc/download_logging.xml 2013-05-16 22:04:22.000000000 +0200 +++ new/commons-logging-1.2-src/src/site/xdoc/download_logging.xml 2014-07-05 20:11:36.000000000 +0200 @@ -45,11 +45,11 @@ --> <document> <properties> - <title>Download Commons Logging</title> + <title>Download Apache Commons Logging</title> <author email="dev(a)commons.apache.org">Commons Documentation Team</author> </properties> <body> - <section name="Download Commons Logging"> + <section name="Download Apache Commons Logging"> <subsection name="Using a Mirror"> <p> We recommend you use a mirror to download our release @@ -95,32 +95,32 @@ </p> </subsection> </section> - <section name="Commons Logging 1.1.3 "> + <section name="Apache Commons Logging 1.2 "> <subsection name="Binaries"> <table> <tr> - <td><a href="[preferred]/commons/logging/binaries/commons-logging-1.1.3-bin.tar.gz">commons-logging-1.1.3-bin.tar.gz</a></td> - <td><a href="http://www.apache.org/dist/commons/logging/binaries/commons-logging-1.1.3-b…">md5</a></td> - <td><a href="http://www.apache.org/dist/commons/logging/binaries/commons-logging-1.1.3-b…">pgp</a></td> + <td><a href="[preferred]/commons/logging/binaries/commons-logging-1.2-bin.tar.gz">commons-logging-1.2-bin.tar.gz</a></td> + <td><a href="http://www.apache.org/dist/commons/logging/binaries/commons-logging-1.2-bin…">md5</a></td> + <td><a href="http://www.apache.org/dist/commons/logging/binaries/commons-logging-1.2-bin…">pgp</a></td> </tr> <tr> - <td><a href="[preferred]/commons/logging/binaries/commons-logging-1.1.3-bin.zip">commons-logging-1.1.3-bin.zip</a></td> - <td><a href="http://www.apache.org/dist/commons/logging/binaries/commons-logging-1.1.3-b…">md5</a></td> - <td><a href="http://www.apache.org/dist/commons/logging/binaries/commons-logging-1.1.3-b…">pgp</a></td> + <td><a href="[preferred]/commons/logging/binaries/commons-logging-1.2-bin.zip">commons-logging-1.2-bin.zip</a></td> + <td><a href="http://www.apache.org/dist/commons/logging/binaries/commons-logging-1.2-bin…">md5</a></td> + <td><a href="http://www.apache.org/dist/commons/logging/binaries/commons-logging-1.2-bin…">pgp</a></td> </tr> </table> </subsection> <subsection name="Source"> <table> <tr> - <td><a href="[preferred]/commons/logging/source/commons-logging-1.1.3-src.tar.gz">commons-logging-1.1.3-src.tar.gz</a></td> - <td><a href="http://www.apache.org/dist/commons/logging/source/commons-logging-1.1.3-src…">md5</a></td> - <td><a href="http://www.apache.org/dist/commons/logging/source/commons-logging-1.1.3-src…">pgp</a></td> + <td><a href="[preferred]/commons/logging/source/commons-logging-1.2-src.tar.gz">commons-logging-1.2-src.tar.gz</a></td> + <td><a href="http://www.apache.org/dist/commons/logging/source/commons-logging-1.2-src.t…">md5</a></td> + <td><a href="http://www.apache.org/dist/commons/logging/source/commons-logging-1.2-src.t…">pgp</a></td> </tr> <tr> - <td><a href="[preferred]/commons/logging/source/commons-logging-1.1.3-src.zip">commons-logging-1.1.3-src.zip</a></td> - <td><a href="http://www.apache.org/dist/commons/logging/source/commons-logging-1.1.3-src…">md5</a></td> - <td><a href="http://www.apache.org/dist/commons/logging/source/commons-logging-1.1.3-src…">pgp</a></td> + <td><a href="[preferred]/commons/logging/source/commons-logging-1.2-src.zip">commons-logging-1.2-src.zip</a></td> + <td><a href="http://www.apache.org/dist/commons/logging/source/commons-logging-1.2-src.z…">md5</a></td> + <td><a href="http://www.apache.org/dist/commons/logging/source/commons-logging-1.2-src.z…">pgp</a></td> </tr> </table> </subsection> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/site/xdoc/index.xml new/commons-logging-1.2-src/src/site/xdoc/index.xml --- old/commons-logging-1.1.3-src/src/site/xdoc/index.xml 2013-05-16 22:04:22.000000000 +0200 +++ new/commons-logging-1.2-src/src/site/xdoc/index.xml 2014-07-05 20:11:36.000000000 +0200 @@ -81,6 +81,11 @@ Binary and source distributions are available <a href="http://commons.apache.org/logging/download_logging.cgi">here</a>. </p> + <subsection name='1.2 Release - July 2014'> + <p>The main purpose of the 1.2 release is to drop support for Java 1.1.</p> + <p>For a full list of changes since the 1.1.3 release, please refer to the + <a href="changes-report.html">change-report</a>.</p> + </subsection> <subsection name='1.1.3 Release - May 2013'> <p>The 1.1.3 release only updates the Bundle-SymbolicName in the manifest to "org.apache.commons.logging".</p> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/test/java/org/apache/commons/logging/AltHashtableTestCase.java new/commons-logging-1.2-src/src/test/java/org/apache/commons/logging/AltHashtableTestCase.java --- old/commons-logging-1.1.3-src/src/test/java/org/apache/commons/logging/AltHashtableTestCase.java 2013-05-16 22:04:21.000000000 +0200 +++ new/commons-logging-1.2-src/src/test/java/org/apache/commons/logging/AltHashtableTestCase.java 2014-07-05 20:11:35.000000000 +0200 @@ -23,7 +23,7 @@ /** * Test the ability to force the LogFactory class to use some * arbitrary Hashtable implementation to store its mapping from - * context-classloader -> LogFactory object. + * context-classloader -> LogFactory object. */ public class AltHashtableTestCase extends TestCase { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/test/java/org/apache/commons/logging/security/DummyClass.java new/commons-logging-1.2-src/src/test/java/org/apache/commons/logging/security/DummyClass.java --- old/commons-logging-1.1.3-src/src/test/java/org/apache/commons/logging/security/DummyClass.java 1970-01-01 01:00:00.000000000 +0100 +++ new/commons-logging-1.2-src/src/test/java/org/apache/commons/logging/security/DummyClass.java 2014-07-05 20:11:35.000000000 +0200 @@ -0,0 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE + * file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file + * to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by + * applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language + * governing permissions and limitations under the License. + */ +package org.apache.commons.logging.security; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +public class DummyClass { + + public DummyClass() { + Log log = LogFactory.getLog(DummyClass.class); + log.info("Some log message"); + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/test/java/org/apache/commons/logging/security/MockSecurityManager.java new/commons-logging-1.2-src/src/test/java/org/apache/commons/logging/security/MockSecurityManager.java --- old/commons-logging-1.1.3-src/src/test/java/org/apache/commons/logging/security/MockSecurityManager.java 2013-05-16 22:04:21.000000000 +0200 +++ new/commons-logging-1.2-src/src/test/java/org/apache/commons/logging/security/MockSecurityManager.java 2014-07-05 20:11:35.000000000 +0200 @@ -95,6 +95,13 @@ return; } + if (cname.equals("java.util.logging.Level") && stack[i].getMethodName().equals("getLocalizedLevelName")) { + // LOGGING-156: OpenJDK 1.7 JULI code (java.util.logging.Level#getLocalizedLevelName) + // calls ResourceBundle#getBundle() without using AccessController#doPrivileged() + // requiring RuntimePermission: "accessClassInPackage.sun.util.logging.resources" + return; + } + if (cname.equals("java.security.AccessController")) { // Presumably method name equals "doPrivileged" // diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java new/commons-logging-1.2-src/src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java --- old/commons-logging-1.1.3-src/src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java 2013-05-16 22:04:21.000000000 +0200 +++ new/commons-logging-1.2-src/src/test/java/org/apache/commons/logging/security/SecurityAllowedTestCase.java 2014-07-05 20:11:35.000000000 +0200 @@ -125,7 +125,7 @@ // we better compare that we have no security exception during the call to log // IBM JVM tries to load bundles during the invoke call, which increase the count - assertEquals(untrustedCodeCount, mySecurityManager.getUntrustedCodeCount()); + assertEquals("Untrusted code count", untrustedCodeCount, mySecurityManager.getUntrustedCodeCount()); } catch(Throwable t) { // Restore original security manager so output can be generated; the // PrintWriter constructor tries to read the line.separator diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/commons-logging-1.1.3-src/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java new/commons-logging-1.2-src/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java --- old/commons-logging-1.1.3-src/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java 2013-05-16 22:04:21.000000000 +0200 +++ new/commons-logging-1.2-src/src/test/java/org/apache/commons/logging/security/SecurityForbiddenTestCase.java 2014-07-05 20:11:35.000000000 +0200 @@ -47,6 +47,7 @@ public class SecurityForbiddenTestCase extends TestCase { private SecurityManager oldSecMgr; + private ClassLoader otherClassLoader; // Dummy special hashtable, so we can tell JCL to use this instead of // the standard one. @@ -75,6 +76,12 @@ public void setUp() { // save security manager so it can be restored in tearDown oldSecMgr = System.getSecurityManager(); + + PathableClassLoader classLoader = new PathableClassLoader(null); + classLoader.addLogicalLib("commons-logging"); + classLoader.addLogicalLib("testclasses"); + + otherClassLoader = classLoader; } public void tearDown() { @@ -131,4 +138,54 @@ fail("Unexpected exception:" + t.getMessage() + ":" + sw.toString()); } } + + /** + * Test what happens when JCL is run with absolutely no security + * privileges at all and a class loaded with a different classloader + * than the context classloader of the current thread tries to log something. + */ + public void testContextClassLoader() { + System.setProperty( + LogFactory.HASHTABLE_IMPLEMENTATION_PROPERTY, + CustomHashtable.class.getName()); + MockSecurityManager mySecurityManager = new MockSecurityManager(); + + System.setSecurityManager(mySecurityManager); + + try { + // load a dummy class with another classloader + // to force a SecurityException when the LogFactory calls + // Thread.getCurrentThread().getContextClassLoader() + loadClass("org.apache.commons.logging.security.DummyClass", otherClassLoader); + + System.setSecurityManager(oldSecMgr); + assertEquals(0, mySecurityManager.getUntrustedCodeCount()); + } catch(Throwable t) { + // Restore original security manager so output can be generated; the + // PrintWriter constructor tries to read the line.separator + // system property. + System.setSecurityManager(oldSecMgr); + StringWriter sw = new StringWriter(); + PrintWriter pw = new PrintWriter(sw); + t.printStackTrace(pw); + fail("Unexpected exception:" + t.getMessage() + ":" + sw.toString()); + } + } + + /** + * Loads a class with the given classloader. + */ + private Object loadClass(String name, ClassLoader classLoader) { + try { + Class clazz = classLoader.loadClass(name); + Object obj = clazz.newInstance(); + return obj; + } catch ( Exception e ) { + StringWriter sw = new StringWriter(); + PrintWriter pw = new PrintWriter(sw); + e.printStackTrace(pw); + fail("Unexpected exception:" + e.getMessage() + ":" + sw.toString()); + } + return null; + } } ++++++ commons-logging-api-1.1.pom -> commons-logging-1.2.pom ++++++ ++++ 652 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/apache-commons-logging/commons-logging-api-1.1.pom ++++ and /work/SRC/openSUSE:Factory/.apache-commons-logging.new/commons-logging-1.2.pom

1 0

commit python-keyring for openSUSE:Factory
by root＠hilbert.suse.de 30 Jan '16

30 Jan '16

Hello community, here is the log from the commit of package python-keyring for openSUSE:Factory checked in at 2016-01-30 11:30:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-keyring (Old) and /work/SRC/openSUSE:Factory/.python-keyring.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-keyring" Changes: -------- --- /work/SRC/openSUSE:Factory/python-keyring/python-keyring.changes 2015-12-21 12:03:30.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python-keyring.new/python-keyring.changes 2016-01-30 11:30:43.000000000 +0100 @@ -1,0 +2,50 @@ +Tue Jan 12 16:56:53 UTC 2016 - michael(a)stroeder.com + +- update to upstream release 7.1.2 +- require Python 2.7+ +- require python-setuptools_scm 1.9+ + +7.1 +* Issue #186: Removed preference for keyrings based on + ``XDG_CURRENT_DESKTOP`` as these values are to varied + to be a reliable indicator of which keyring implementation + might be preferable. + +7.0.2 +* Issue #187: Restore ``Keyring`` name in ``kwallet`` backend. + Users of keyring 6.1 or later should prefer an explicit reference + to DBusKeyring or QtKeyring instead. + +7.0.1 +* Issue #183 and Issue #185: Gnome keyring no longer relies + on environment variables, but instead relies on the GnomeKeyring + library to determine viability. + +7.0 +* Issue #99: Keyring now expects the config file to be located + in the XDG_CONFIG_HOME rather than XDG_DATA_HOME and will + fail to start if the config is found in the old location but not + the new. On systems where the two locations are distinct, + simply copy or symlink the config to remain compatible with + older versions or move the file to work only with 7.0 and later. +* Replaced Pull Request #182 with a conditional SessionBus + construction, based on subsequent discussion. + +6.1.1 +* Pull Request #182: Prevent DBus from indicating as a viable + backend when no viable X DISPLAY variable is present. + +6.1 +* Pull Request #174: Add DBus backend for KWallet, preferred to Qt + backend. Theoretically, it should be auto-detected based on + available libraries and interchangeable with the Qt backend. + +6.0 +* Drop support for Python 2.6. + +5.7.1 +* Updated project metadata to match Github hosting and + generally refreshed the metadata structure to match + practices with other projects. + +------------------------------------------------------------------- Old: ---- keyring-5.7.tar.gz New: ---- keyring-7.1.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-keyring.spec ++++++ --- /var/tmp/diff_new_pack.JKy6ry/_old 2016-01-30 11:30:45.000000000 +0100 +++ /var/tmp/diff_new_pack.JKy6ry/_new 2016-01-30 11:30:45.000000000 +0100 @@ -17,7 +17,7 @@ Name: python-keyring -Version: 5.7 +Version: 7.1.2 Release: 0 Url: https://bitbucket.org/kang/python-keyring-lib Summary: Store and access your passwords safely @@ -25,9 +25,9 @@ Group: Development/Languages/Python Source: https://pypi.python.org/packages/source/k/keyring/keyring-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: python-devel +BuildRequires: python-devel >= 2.7 BuildRequires: python-setuptools -BuildRequires: python-setuptools_scm +BuildRequires: python-setuptools_scm >= 1.9 # Test requirements: BuildRequires: python-mock BuildRequires: python-pytest ++++++ keyring-5.7.tar.gz -> keyring-7.1.2.tar.gz ++++++ ++++ 2642 lines of diff (skipped)

1 0

commit Mesa for openSUSE:13.2:Update
by root＠hilbert.suse.de 29 Jan '16

29 Jan '16

Hello community, here is the log from the commit of package Mesa for openSUSE:13.2:Update checked in at 2016-01-29 11:55:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/Mesa (Old) and /work/SRC/openSUSE:13.2:Update/.Mesa.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "Mesa" Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.V9LaqR/_old 2016-01-29 11:55:34.000000000 +0100 +++ /var/tmp/diff_new_pack.V9LaqR/_new 2016-01-29 11:55:34.000000000 +0100 @@ -1 +1 @@ -<link package='Mesa.4346' cicount='copy' /> +<link package='Mesa.4558' cicount='copy' />

1 0

commit patterns-openSUSE for openSUSE:Factory
by root＠hilbert.suse.de 28 Jan '16

28 Jan '16

Hello community, here is the log from the commit of package patterns-openSUSE for openSUSE:Factory checked in at 2016-01-28 22:50:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/patterns-openSUSE (Old) and /work/SRC/openSUSE:Factory/.patterns-openSUSE.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patterns-openSUSE" Changes: -------- --- /work/SRC/openSUSE:Factory/patterns-openSUSE/patterns-openSUSE.changes 2016-01-23 18:40:23.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.patterns-openSUSE.new/patterns-openSUSE.changes 2016-01-28 22:50:27.000000000 +0100 @@ -1,0 +2,13 @@ +Wed Jan 27 13:50:43 UTC 2016 - tittiatcoke(a)gmail.com + +- Obsolete the kde4bindings for perl, python, ruby and mono. They + haven't been ported and are obstructing the switch of Akonadi to + its Frameworks port + +------------------------------------------------------------------- +Sun Jan 24 02:11:55 UTC 2016 - dimstar(a)opensuse.org + +- Do not require midori on the Rescue CD: we already have Firefox + on it; midori pulling in webkit makes it just too big. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ patterns-openSUSE.spec ++++++ --- /var/tmp/diff_new_pack.HuWV4U/_old 2016-01-28 22:50:28.000000000 +0100 +++ /var/tmp/diff_new_pack.HuWV4U/_new 2016-01-28 22:50:28.000000000 +0100 @@ -2866,6 +2866,11 @@ Obsoletes: kdebase4-workspace-devel Requires: pattern() = basesystem Requires: pattern() = x11 +# Obsolete the KDE bindings which have not been ported yet +Obsoletes: mono-kde4 +Obsoletes: perl-kde4 +Obsoletes: python3-kde3 +Obsoletes: ruby-kde4 # from data/KDE4-BASIS Requires: breeze Requires: breeze5-cursors @@ -5350,7 +5355,6 @@ Requires: file-roller Requires: gparted Requires: leafpad -Requires: midori Requires: mupdf Requires: photorec Requires: ristretto

1 0

commit python3-Sphinx for openSUSE:Factory
by root＠hilbert.suse.de 28 Jan '16

28 Jan '16

Hello community, here is the log from the commit of package python3-Sphinx for openSUSE:Factory checked in at 2016-01-28 22:50:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python3-Sphinx (Old) and /work/SRC/openSUSE:Factory/.python3-Sphinx.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python3-Sphinx" Changes: -------- --- /work/SRC/openSUSE:Factory/python3-Sphinx/python3-Sphinx.changes 2016-01-09 23:09:39.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python3-Sphinx.new/python3-Sphinx.changes 2016-01-28 22:50:25.000000000 +0100 @@ -1,0 +2,98 @@ +Mon Jan 25 21:40:36 UTC 2016 - toddrme2178(a)gmail.com + +- Add additional latex requirements. + +------------------------------------------------------------------- +Sun Jan 24 20:29:36 UTC 2016 - arun(a)gmx.de + +- update to version 1.3.5: + * Fix line numbers was not shown on warnings in LaTeX and texinfo + builders + * Fix filenames were not shown on warnings of citations + * Fix line numbers was not shown on warnings in LaTeX and texinfo + builders + * Fix line numbers was not shown on warnings of indecies + * #2026: Fix LaTeX builder rais error if parsed-literal includes + links + * #2243: Ignore strange docstring types for classes, do not crash + * #2247: Fix #2205 breaks make html for definition list with + classifiers that contains regular-expression like string + * #1565: Show warning if Pygments throws an ErrorToken + * #2211: Fix paragraphs in table cell doesn't work in Latex output + * #2253: ":pyobject:" option of "literalinclude" directive can't + detect indented body block when the block starts with blank or + comment lines. + * Fix TOC is not shown when no ":maxdepth:" for toctrees (ref: #771) + * Fix warning message for ":numref:" if target is in orphaned doc + (ref: #2244) + +------------------------------------------------------------------- +Wed Jan 20 05:31:04 UTC 2016 - arun(a)gmx.de + +- update to version 1.3.4: + * #2134: Fix figure caption with reference causes latex build error + * #2094: Fix rubric with reference not working in Latex + * #2147: Fix literalinclude code in latex does not break in pages + * #1833: Fix email addresses is showed again if latex_show_urls is + not None + * #2176: sphinx.ext.graphviz: use <object> instead of <img> to embed + svg + * #967: Fix SVG inheritance diagram is not hyperlinked (clickable) + * #1237: Fix footnotes not working in definition list in LaTeX + * #2168: Fix raw directive does not work for text writer + * #2171: Fix cannot linkcheck url with unicode + * #2182: LaTeX: support image file names with more than 1 dots + * #2189: Fix previous sibling link for first file in subdirectory + uses last file, not intended previous from root toctree + * #2003: Fix decode error under python2 (only) when "make linkcheck" + is run + * #2186: Fix LaTeX output of \mathbb in math + * #1480, #2188: LaTeX: Support math in section titles + * #2071: Fix same footnote in more than two section titles => + LaTeX/PDF Bug + * #2040: Fix UnicodeDecodeError in sphinx-apidoc when author + contains non-ascii characters + * #2193: Fix shutil.SameFileError if source directory and + destination directory are same + * #2178: Fix unparseable C++ cross-reference when referencing a + function with :cpp:any: + * #2206: Fix Sphinx latex doc build failed due to a footnotes + * #2201: Fix wrong table caption for tables with over 30 rows + * #2213: Set <blockquote> in the classic theme to fit with <p> + * #1815: Fix linkcheck does not raise an exception if warniserror + set to true and link is broken + * #2197: Fix slightly cryptic error message for missing index.rst + file + * #1894: Unlisted phony targets in quickstart Makefile + * #2125: Fix unifies behavior of collapsed fields ("GroupedField" + and "TypedField") + * #1408: Check latex_logo validity before copying + * #771: Fix latex output doesn't set tocdepth + * #1820: On Windows, console coloring is broken with colorama + version 0.3.3. Now sphinx use colorama>=0.3.5 to avoid this + problem. + * #2072: Fix footnotes in chapter-titles do not appear in PDF output + * #1580: Fix paragraphs in longtable don't work in Latex output + * #1366: Fix centered image not centered in latex + * #1860: Fix man page using ":samp:" with braces - font doesn't + reset + * #1610: Sphinx crashes in japanese indexing in some systems + * Fix Sphinx crashes if mecab initialization failed + * #2160: Fix broken TOC of PDFs if section includes an image + * #2172: Fix dysfunctional admonition \py@lightbox in + sphinx.sty. Thanks to jfbu. + * #2198,#2205: "make gettext" generate broken msgid for definition + lists. + * #2062: Escape characters in doctests are treated incorrectly with + Python 2. + * #2225: Fix if the option does not begin with dash, linking is not + performed + * #2226: Fix math is not HTML-encoded when :nowrap: is given + (jsmath, mathjax) + * #1601, #2220: 'any' role breaks extended domains + behavior. Affected extensions doesn't support resolve_any_xref + and resolve_xref returns problematic node instead of None. + sphinxcontrib-httpdomain is one of them. + * #2229: Fix no warning is given for unknown options + +------------------------------------------------------------------- Old: ---- Sphinx-1.3.3.tar.gz New: ---- Sphinx-1.3.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python3-Sphinx.spec ++++++ --- /var/tmp/diff_new_pack.shUM2H/_old 2016-01-28 22:50:26.000000000 +0100 +++ /var/tmp/diff_new_pack.shUM2H/_new 2016-01-28 22:50:26.000000000 +0100 @@ -17,7 +17,7 @@ Name: python3-Sphinx -Version: 1.3.3 +Version: 1.3.5 Release: 0 Url: http://sphinx.pocoo.org Summary: Python documentation generator @@ -101,11 +101,13 @@ Requires: tex(atbegshi.sty) Requires: tex(babel.sty) Requires: tex(bm.sty) +Requires: tex(capt-of.sty) Requires: tex(cmap.sty) Requires: tex(color.sty) Requires: tex(colortbl.sty) Requires: tex(dvipdfmx.def) Requires: tex(english.ldf) +Requires: tex(eqparbox.sty) Requires: tex(fancybox.sty) Requires: tex(fancyhdr.sty) Requires: tex(fancyvrb.sty) @@ -123,6 +125,8 @@ Requires: tex(longtable.sty) Requires: tex(makeidx.sty) Requires: tex(multirow.sty) +Requires: tex(needspace.sty) +Requires: tex(newfloat.sty) Requires: tex(palatino.sty) Requires: tex(parskip.sty) Requires: tex(pcrr.tfm) ++++++ Sphinx-1.3.3.tar.gz -> Sphinx-1.3.5.tar.gz ++++++ ++++ 6738 lines of diff (skipped)

1 0

commit python3-setuptools for openSUSE:Factory
by root＠hilbert.suse.de 28 Jan '16

28 Jan '16

Hello community, here is the log from the commit of package python3-setuptools for openSUSE:Factory checked in at 2016-01-28 22:50:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python3-setuptools (Old) and /work/SRC/openSUSE:Factory/.python3-setuptools.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python3-setuptools" Changes: -------- --- /work/SRC/openSUSE:Factory/python3-setuptools/python3-setuptools.changes 2016-01-23 01:04:20.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python3-setuptools.new/python3-setuptools.changes 2016-01-28 22:50:24.000000000 +0100 @@ -1,0 +2,31 @@ +Mon Jan 25 17:04:28 UTC 2016 - arun(a)gmx.de + +- update to version 19.6: + * Added a new entry script "setuptools.launch", implementing the + shim found in "pip.util.setuptools_build". Use this command to + launch distutils-only packages under setuptools in the same way + that pip does, causing the setuptools monkeypatching of distutils + to be invoked prior to invoking a script. Useful for debugging or + otherwise installing a distutils-only package under setuptools + when pip isn't available or otherwise does not expose the desired + functionality. For example:: + + $ python -m setuptools.launch setup.py develop + * Issue #488: Fix dual manifestation of Extension class in extension + packages installed as dependencies when Cython is present. + +------------------------------------------------------------------- +Sun Jan 24 03:29:36 UTC 2016 - arun(a)gmx.de + +- update to version 19.5: + * Issue #486: Correct TypeError when getfilesystemencoding + returns None. + * Issue #139: Clarified the license as MIT. + * Pull Request #169: Removed special handling of command + spec in scripts for Jython. + +- changes from version 19.4.1: + * Issue #487: Use direct invocation of "importlib.machinery" in + "pkg_resources" to avoid missing detection on relevant platforms. + +------------------------------------------------------------------- Old: ---- setuptools-19.4.tar.gz New: ---- setuptools-19.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python3-setuptools.spec ++++++ --- /var/tmp/diff_new_pack.3T9yaE/_old 2016-01-28 22:50:25.000000000 +0100 +++ /var/tmp/diff_new_pack.3T9yaE/_new 2016-01-28 22:50:25.000000000 +0100 @@ -17,7 +17,7 @@ Name: python3-setuptools -Version: 19.4 +Version: 19.6 Release: 0 Url: http://pypi.python.org/pypi/setuptools Summary: Easily download, build, install, upgrade, and uninstall Python packages ++++++ setuptools-19.4.tar.gz -> setuptools-19.6.tar.gz ++++++ ++++ 2075 lines of diff (skipped)

1 0

commit java-1_8_0-openjdk for openSUSE:Factory
by root＠hilbert.suse.de 28 Jan '16

28 Jan '16

Hello community, here is the log from the commit of package java-1_8_0-openjdk for openSUSE:Factory checked in at 2016-01-28 22:50:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/java-1_8_0-openjdk (Old) and /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "java-1_8_0-openjdk" Changes: -------- --- /work/SRC/openSUSE:Factory/java-1_8_0-openjdk/java-1_8_0-openjdk.changes 2015-10-28 17:15:38.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new/java-1_8_0-openjdk.changes 2016-01-28 22:50:14.000000000 +0100 @@ -1,0 +2,52 @@ +Mon Jan 25 07:54:33 UTC 2016 - fstrba(a)suse.com + +- Upgrade to upstream tag jdk8u72-b15 + * Oracle Critical Patch Update of January 2016 (bsc#962743) + * Using aarch64 hotspot tag aarch64-jdk8u72-b15 +- Security issues fixed: + * CVE-2015-7575: Mozilla Network Security Services (NSS) before + 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox + ESR 38.x before 38.5.2, does not reject MD5 signatures in Server + Key Exchange messages in TLS 1.2 Handshake Protocol traffic, + which makes it easier for man-in-the-middle attackers to spoof + servers by triggering a collision. + * CVE-2015-8126: Multiple buffer overflows in the (1) png_set_PLTE + and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x + and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x + before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to + cause a denial of service (application crash) or possibly have + unspecified other impact via a small bit-depth value in an IHDR + (aka image header) chunk in a PNG image. + * CVE-2016-0402: Unspecified vulnerability in the Java SE and + Java SE Embedded components in Oracle Java SE 6u105, 7u91, and + 8u66 and Java SE Embedded 8u65 allows remote attackers to affect + integrity via unknown vectors related to Networking. + * CVE-2016-0448: Unspecified vulnerability in the Java SE and + Java SE Embedded components in Oracle Java SE 6u105, 7u91, and + 8u66, and Java SE Embedded 8u65 allows remote authenticated + users to affect confidentiality via vectors related to JMX. + * CVE-2016-0466: Unspecified vulnerability in the Java SE, Java SE + Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, + and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows + remote attackers to affect availability via vectors related to + JAXP. + * CVE-2016-0475: Unspecified vulnerability in the Java SE, Java SE + Embedded, and JRockit components in Oracle Java SE 8u66; Java SE + Embedded 8u65; and JRockit R28.3.8 allows remote attackers to + affect confidentiality and integrity via unknown vectors related + to Libraries. + * CVE-2016-0483: Unspecified vulnerability in the Java SE, Java SE + Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, + and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows + remote attackers to affect confidentiality, integrity, and + availability via vectors related to AWT. + * CVE-2016-0494: Unspecified vulnerability in the Java SE and Java + SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 + and Java SE Embedded 8u65 allows remote attackers to affect + confidentiality, integrity, and availability via unknown vectors + related to 2D. +- Modified patch: + * s390-java-opts.patch + + rediff to the changed context + +------------------------------------------------------------------- Old: ---- 14a4b0a9a0b7.tar.bz2 1ac6501881b2.tar.bz2 8e9c73f18f7e.tar.bz2 b6b6756b041d.tar.bz2 c684352da3e3.tar.bz2 d038f63e5167.tar.bz2 d9c2dcdd835c.tar.bz2 dbdfb913c528.tar.bz2 df0218bcade3.tar.bz2 New: ---- 1bcc41894340.tar.bz2 2f840ac0adf0.tar.bz2 48d0c20256a3.tar.bz2 769b21d1b85c.tar.bz2 8d2e1dabe378.tar.bz2 91e3b8e2e006.tar.bz2 d6670c5d49ba.tar.bz2 f3e86cc60726.tar.bz2 fff0c11d2811.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ java-1_8_0-openjdk.spec ++++++ --- /var/tmp/diff_new_pack.WiBsvI/_old 2016-01-28 22:50:17.000000000 +0100 +++ /var/tmp/diff_new_pack.WiBsvI/_new 2016-01-28 22:50:17.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package java-1_8_0-openjdk # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,21 +29,21 @@ %global syslibdir %{_libdir} %global archname %{name} # Standard JPackage naming and versioning defines. -%global updatever 65 -%global buildver b17 +%global updatever 72 +%global buildver b15 %global root_project jdk8u %global root_repository jdk8u -%global root_revision c684352da3e3 -%global corba_revision d9c2dcdd835c -%global hotspot_revision 8e9c73f18f7e -%global jaxp_revision b6b6756b041d -%global jaxws_revision dbdfb913c528 -%global jdk_revision 14a4b0a9a0b7 -%global langtools_revision d038f63e5167 -%global nashorn_revision df0218bcade3 +%global root_revision fff0c11d2811 +%global corba_revision 91e3b8e2e006 +%global hotspot_revision d6670c5d49ba +%global jaxp_revision 1bcc41894340 +%global jaxws_revision 2f840ac0adf0 +%global jdk_revision f3e86cc60726 +%global langtools_revision 48d0c20256a3 +%global nashorn_revision 769b21d1b85c %global aarch64_project aarch64-port -%global aarch64_repository jdk8u60 -%global aarch64_hotspot_revision 1ac6501881b2 +%global aarch64_repository jdk8u +%global aarch64_hotspot_revision 8d2e1dabe378 %global icedtea_sound_version 1.0.1 # priority must be 6 digits in total %global priority 1805 ++++++ 14a4b0a9a0b7.tar.bz2 -> 1bcc41894340.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_8_0-openjdk/14a4b0a9a0b7.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new/1bcc41894340.tar.bz2 differ: char 11, line 1 ++++++ 14a4b0a9a0b7.tar.bz2 -> 2f840ac0adf0.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_8_0-openjdk/14a4b0a9a0b7.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new/2f840ac0adf0.tar.bz2 differ: char 11, line 1 ++++++ df0218bcade3.tar.bz2 -> 48d0c20256a3.tar.bz2 ++++++ ++++ 977380 lines of diff (skipped) ++++++ dbdfb913c528.tar.bz2 -> 769b21d1b85c.tar.bz2 ++++++ ++++ 967186 lines of diff (skipped) ++++++ 14a4b0a9a0b7.tar.bz2 -> 8d2e1dabe378.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_8_0-openjdk/14a4b0a9a0b7.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new/8d2e1dabe378.tar.bz2 differ: char 11, line 1 ++++++ 14a4b0a9a0b7.tar.bz2 -> 91e3b8e2e006.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_8_0-openjdk/14a4b0a9a0b7.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new/91e3b8e2e006.tar.bz2 differ: char 11, line 1 ++++++ 14a4b0a9a0b7.tar.bz2 -> d6670c5d49ba.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_8_0-openjdk/14a4b0a9a0b7.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new/d6670c5d49ba.tar.bz2 differ: char 11, line 1 ++++++ 14a4b0a9a0b7.tar.bz2 -> f3e86cc60726.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_8_0-openjdk/14a4b0a9a0b7.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new/f3e86cc60726.tar.bz2 differ: char 11, line 1 ++++++ 14a4b0a9a0b7.tar.bz2 -> fff0c11d2811.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_8_0-openjdk/14a4b0a9a0b7.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new/fff0c11d2811.tar.bz2 differ: char 11, line 1 ++++++ s390-java-opts.patch ++++++ --- /var/tmp/diff_new_pack.WiBsvI/_old 2016-01-28 22:50:24.000000000 +0100 +++ /var/tmp/diff_new_pack.WiBsvI/_new 2016-01-28 22:50:24.000000000 +0100 @@ -1,7 +1,6 @@ -diff -urEbwB jdk8/common/autoconf/boot-jdk.m4 jdk8/common/autoconf/boot-jdk.m4 ---- jdk8/common/autoconf/boot-jdk.m4 2014-10-28 18:10:36.000000000 +0100 -+++ jdk8/common/autoconf/boot-jdk.m4 2014-11-11 12:54:41.698246995 +0100 -@@ -319,21 +319,12 @@ +--- jdk8/common/autoconf/boot-jdk.m4 2015-12-22 20:16:46.000000000 +0100 ++++ jdk8/common/autoconf/boot-jdk.m4 2016-01-23 13:16:40.069301419 +0100 +@@ -329,21 +329,12 @@ AC_MSG_CHECKING([flags for boot jdk java command for big workloads]) # Starting amount of heap memory. @@ -10,7 +9,7 @@ # Maximum amount of heap memory. # Maximum stack size. -- if test "x$BUILD_NUM_BITS" = x32; then +- if test "x$BOOT_JDK_BITS" = x32; then - JVM_MAX_HEAP=1100M + JVM_MAX_HEAP=768M STACK_SIZE=768

1 0