openSUSE Commits
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
March 2016
- 1 participants
- 1605 discussions
Hello community,
here is the log from the commit of package chromium for openSUSE:13.2:Update checked in at 2016-03-31 23:33:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/chromium (Old)
and /work/SRC/openSUSE:13.2:Update/.chromium.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _link ++++++
--- /var/tmp/diff_new_pack.E9gkqW/_old 2016-03-31 23:34:00.000000000 +0200
+++ /var/tmp/diff_new_pack.E9gkqW/_new 2016-03-31 23:34:00.000000000 +0200
@@ -1 +1 @@
-<link package='chromium.4852' cicount='copy' />
+<link package='chromium.4890' cicount='copy' />
1
0
Hello community,
here is the log from the commit of package opera for openSUSE:Factory:NonFree checked in at 2016-03-31 13:03:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory:NonFree/opera (Old)
and /work/SRC/openSUSE:Factory:NonFree/.opera.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opera"
Changes:
--------
--- /work/SRC/openSUSE:Factory:NonFree/opera/opera.changes 2016-02-28 02:34:39.000000000 +0100
+++ /work/SRC/openSUSE:Factory:NonFree/.opera.new/opera.changes 2016-03-31 13:03:54.000000000 +0200
@@ -1,0 +2,22 @@
+Tue Mar 15 17:24:15 UTC 2016 - kieltux(a)gmail.com
+
+- Update to 36.0.2130.32:
+ * Better touch support and some interface tweaks
+ for Windows 10 users.
+ * Hidden sync button when signed in without any problems.
+ * Faster and more stable transitions between internal pages.
+ * Updated support for the latest Chromium/Blink release,
+ version 49.
+ * Stability enhancements and bug fixes.
+
+-------------------------------------------------------------------
+Wed Mar 2 18:11:55 UTC 2016 - kieltux(a)gmail.com
+
+- Update to 35.0.2066.92:
+ * Opera stops responding/freezes on various sites on
+ Windows 10.
+ * Monitor won’t go sleep when Opera has animated theme.
+ * [Linux] Mosaic of tab bar artifacts instead of Web UIs
+ when hardware accelerated.
+
+-------------------------------------------------------------------
Old:
----
opera-stable_35.0.2066.82_amd64.deb
opera-stable_35.0.2066.82_i386.deb
New:
----
opera-stable_36.0.2130.32_amd64.deb
opera-stable_36.0.2130.32_i386.deb
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ opera.spec ++++++
--- /var/tmp/diff_new_pack.VTkXqr/_old 2016-03-31 13:03:57.000000000 +0200
+++ /var/tmp/diff_new_pack.VTkXqr/_new 2016-03-31 13:03:57.000000000 +0200
@@ -24,7 +24,7 @@
%define alt_deb_arch amd64
%endif
Name: opera
-Version: 35.0.2066.82
+Version: 36.0.2130.32
Release: 0
Summary: Proprietary web browser
License: SUSE-NonFree
1
0
Hello community,
here is the log from the commit of package awesome for openSUSE:Factory checked in at 2016-03-31 13:03:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/awesome (Old)
and /work/SRC/openSUSE:Factory/.awesome.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "awesome"
Changes:
--------
--- /work/SRC/openSUSE:Factory/awesome/awesome.changes 2016-02-01 19:57:15.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.awesome.new/awesome.changes 2016-03-31 13:03:49.000000000 +0200
@@ -1,0 +2,14 @@
+Tue Mar 22 13:20:10 UTC 2016 - kmroz(a)suse.com
+
+- Update to 3.5.9:
+ - Always send ConfigureNotifies
+ - Don't modify WM_HINTS in client_set_urgent()
+ - Fix awful.ewmh to handle window gravities
+ - Check that the Lua stack is empty in the main loop
+ - Fix unbalance Lua stack usage in event_handle_leavenotify()
+ - Balance the stack in luaA_loadrc()
+ - Fix arguments to luaL_checkstack()
+ - Make client key bindings for e.g. xeyes work again
+ - Change codename
+
+-------------------------------------------------------------------
Old:
----
awesome-3.5.8.tar.xz
New:
----
awesome-3.5.9.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ awesome.spec ++++++
--- /var/tmp/diff_new_pack.K6Dgvm/_old 2016-03-31 13:03:50.000000000 +0200
+++ /var/tmp/diff_new_pack.K6Dgvm/_new 2016-03-31 13:03:50.000000000 +0200
@@ -18,7 +18,7 @@
%define _version 3.5
Name: awesome
-Version: 3.5.8
+Version: 3.5.9
Release: 0
Summary: Highly configurable tiling and floating Window Manager
License: GPL-2.0+
++++++ awesome-3.5.8.tar.xz -> awesome-3.5.9.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/awesome-3.5.8/.version_stamp new/awesome-3.5.9/.version_stamp
--- old/awesome-3.5.8/.version_stamp 2016-01-30 14:57:02.000000000 +0100
+++ new/awesome-3.5.9/.version_stamp 2016-03-06 15:11:57.000000000 +0100
@@ -1 +1 @@
-v3.5.8
\ No newline at end of file
+v3.5.9
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/awesome-3.5.8/awesome.c new/awesome-3.5.9/awesome.c
--- old/awesome-3.5.8/awesome.c 2016-01-30 14:55:18.000000000 +0100
+++ new/awesome-3.5.9/awesome.c 2016-03-06 15:05:54.000000000 +0100
@@ -285,6 +285,13 @@
/* Do all deferred work now */
awesome_refresh();
+ /* Check if the Lua stack is the way it should be */
+ if (lua_gettop(globalconf.L) != 0) {
+ warn("Something was left on the Lua stack, this is a bug!");
+ luaA_dumpstack(globalconf.L);
+ lua_settop(globalconf.L, 0);
+ }
+
/* Check how long this main loop iteration took */
gettimeofday(&now, NULL);
timersub(&now, &last_wakeup, &length_time);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/awesome-3.5.8/awesomeConfig.cmake new/awesome-3.5.9/awesomeConfig.cmake
--- old/awesome-3.5.8/awesomeConfig.cmake 2016-01-30 14:55:18.000000000 +0100
+++ new/awesome-3.5.9/awesomeConfig.cmake 2016-03-06 15:05:54.000000000 +0100
@@ -4,7 +4,7 @@
# `git describe` later.
set(VERSION devel)
-set(CODENAME "Major Tom")
+set(CODENAME "Mighty Ravendark")
project(${PROJECT_AWE_NAME} C)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/awesome-3.5.8/common/luaobject.c new/awesome-3.5.9/common/luaobject.c
--- old/awesome-3.5.8/common/luaobject.c 2016-01-30 14:55:18.000000000 +0100
+++ new/awesome-3.5.9/common/luaobject.c 2016-03-06 15:05:54.000000000 +0100
@@ -218,7 +218,7 @@
if(sigfound)
{
int nbfunc = sigfound->sigfuncs.len;
- luaL_checkstack(L, lua_gettop(L) + nbfunc + nargs + 1, "too much signal");
+ luaL_checkstack(L, nbfunc + nargs + 1, "too much signal");
/* Push all functions and then execute, because this list can change
* while executing funcs. */
foreach(func, sigfound->sigfuncs)
@@ -263,7 +263,7 @@
if(sigfound)
{
int nbfunc = sigfound->sigfuncs.len;
- luaL_checkstack(L, lua_gettop(L) + nbfunc + nargs + 2, "too much signal");
+ luaL_checkstack(L, nbfunc + nargs + 2, "too much signal");
/* Push all functions and then execute, because this list can change
* while executing funcs. */
foreach(func, sigfound->sigfuncs)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/awesome-3.5.8/event.c new/awesome-3.5.9/event.c
--- old/awesome-3.5.8/event.c 2016-01-30 14:55:18.000000000 +0100
+++ new/awesome-3.5.9/event.c 2016-03-06 15:05:54.000000000 +0100
@@ -507,6 +507,7 @@
{
luaA_object_push(globalconf.L, c);
luaA_object_emit_signal(globalconf.L, -1, "mouse::leave", 0);
+ lua_pop(globalconf.L, 1);
}
lua_pushnil(globalconf.L);
@@ -644,7 +645,7 @@
/* get keysym ignoring all modifiers */
xcb_keysym_t keysym = keyresolv_get_keysym(ev->detail, 0);
client_t *c;
- if((c = client_getbywin(ev->event)))
+ if((c = client_getbywin(ev->event)) || (c = client_getbynofocuswin(ev->event)))
{
luaA_object_push(globalconf.L, c);
event_key_callback(ev, &c->keys, -1, 1, &keysym);
@@ -835,6 +836,8 @@
client_t *c = *_c;
xcb_ungrab_key(globalconf.connection, XCB_GRAB_ANY, c->window, XCB_BUTTON_MASK_ANY);
xwindow_grabkeys(c->window, &c->keys);
+ if (c->nofocus_window)
+ xwindow_grabkeys(c->nofocus_window, &c->keys);
}
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/awesome-3.5.8/lib/awful/ewmh.lua.in new/awesome-3.5.9/lib/awful/ewmh.lua.in
--- old/awesome-3.5.8/lib/awful/ewmh.lua.in 2016-01-30 14:55:18.000000000 +0100
+++ new/awesome-3.5.9/lib/awful/ewmh.lua.in 2016-03-06 15:05:54.000000000 +0100
@@ -66,11 +66,11 @@
store_geometry(window, "fullscreen")
data[window].fullscreen.border_width = window.border_width
local g = screen[window.screen].geometry
- window:geometry(screen[window.screen].geometry)
window.border_width = 0
+ window:geometry(screen[window.screen].geometry)
elseif data[window] and data[window].fullscreen then
- window:geometry(data[window].fullscreen)
window.border_width = data[window].fullscreen.border_width
+ window:geometry(data[window].fullscreen)
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/awesome-3.5.8/luaa.c new/awesome-3.5.9/luaa.c
--- old/awesome-3.5.8/luaa.c 2016-01-30 14:55:18.000000000 +0100
+++ new/awesome-3.5.9/luaa.c 2016-03-06 15:05:54.000000000 +0100
@@ -498,40 +498,41 @@
static bool
luaA_loadrc(const char *confpath, bool run)
{
- if(!luaL_loadfile(globalconf.L, confpath))
- {
- if(run)
- {
- /* Set the conffile right now so it can be used inside the
- * configuration file. */
- conffile = a_strdup(confpath);
- /* Move error handling function before function */
- lua_pushcfunction(globalconf.L, luaA_dofunction_on_error);
- lua_insert(globalconf.L, -2);
- if(lua_pcall(globalconf.L, 0, LUA_MULTRET, -2))
- {
- const char *err = lua_tostring(globalconf.L, -1);
- luaA_startup_error(err);
- fprintf(stderr, "%s\n", err);
- /* An error happened, so reset this. */
- conffile = NULL;
- }
- else
- return true;
- }
- else
- {
- lua_pop(globalconf.L, 1);
- return true;
- }
- }
- else
+ if(luaL_loadfile(globalconf.L, confpath))
{
const char *err = lua_tostring(globalconf.L, -1);
luaA_startup_error(err);
fprintf(stderr, "%s\n", err);
+ return false;
+ }
+
+ if(!run)
+ {
+ lua_pop(globalconf.L, 1);
+ return true;
}
+ /* Set the conffile right now so it can be used inside the
+ * configuration file. */
+ conffile = a_strdup(confpath);
+ /* Move error handling function before function */
+ lua_pushcfunction(globalconf.L, luaA_dofunction_on_error);
+ lua_insert(globalconf.L, -2);
+ if(!lua_pcall(globalconf.L, 0, 0, -2))
+ {
+ /* Pop luaA_dofunction_on_error */
+ lua_pop(globalconf.L, 1);
+ return true;
+ }
+
+ const char *err = lua_tostring(globalconf.L, -1);
+ luaA_startup_error(err);
+ fprintf(stderr, "%s\n", err);
+ /* An error happened, so reset this. */
+ conffile = NULL;
+ /* Pop luaA_dofunction_on_error() and the error message */
+ lua_pop(globalconf.L, 2);
+
return false;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/awesome-3.5.8/objects/client.c new/awesome-3.5.9/objects/client.c
--- old/awesome-3.5.8/objects/client.c 2016-01-30 14:55:18.000000000 +0100
+++ new/awesome-3.5.9/objects/client.c 2016-03-06 15:05:54.000000000 +0100
@@ -71,22 +71,8 @@
if(c->urgent != urgent)
{
- xcb_get_property_cookie_t hints =
- xcb_icccm_get_wm_hints_unchecked(globalconf.connection, c->window);
-
c->urgent = urgent;
- /* update ICCCM hints */
- xcb_icccm_wm_hints_t wmh;
- xcb_icccm_get_wm_hints_reply(globalconf.connection, hints, &wmh, NULL);
-
- if(urgent)
- wmh.flags |= XCB_ICCCM_WM_HINT_X_URGENCY;
- else
- wmh.flags &= ~XCB_ICCCM_WM_HINT_X_URGENCY;
-
- xcb_icccm_set_wm_hints(globalconf.connection, c->window, &wmh);
-
luaA_object_emit_signal(L, cidx, "property::urgent", 0);
}
}
@@ -178,6 +164,16 @@
return NULL;
}
+client_t *
+client_getbynofocuswin(xcb_window_t w)
+{
+ foreach(c, globalconf.clients)
+ if((*c)->nofocus_window == w)
+ return *c;
+
+ return NULL;
+}
+
/** Get a client by its frame window.
* \param w The client window to find.
* \return A client pointer if found, NULL otherwise.
@@ -340,6 +336,20 @@
globalconf.focus.need_update = true;
}
+static xcb_window_t
+client_get_nofocus_window(client_t *c)
+{
+ if (c->nofocus_window == XCB_NONE) {
+ c->nofocus_window = xcb_generate_id(globalconf.connection);
+ xcb_create_window(globalconf.connection, globalconf.default_depth, c->nofocus_window, c->frame_window,
+ -2, -2, 1, 1, 0, XCB_COPY_FROM_PARENT, globalconf.visual->visual_id,
+ 0, NULL);
+ xcb_map_window(globalconf.connection, c->nofocus_window);
+ xwindow_grabkeys(c->nofocus_window, &c->keys);
+ }
+ return c->nofocus_window;
+}
+
void
client_focus_refresh(void)
{
@@ -358,11 +368,7 @@
if(!c->nofocus)
win = c->window;
else
- /* Move the focus away from whatever has it to make sure the
- * previously focused client doesn't get any input in case
- * WM_TAKE_FOCUS gets ignored.
- */
- win = globalconf.focus.window_no_focus;
+ win = client_get_nofocus_window(c);
if(client_hasproto(c, WM_TAKE_FOCUS))
xwindow_takefocus(c->window);
@@ -741,12 +747,17 @@
bool send_notice = force_notice;
bool hide_titlebars = c->fullscreen;
screen_t *new_screen = screen_getbycoord(geometry.x, geometry.y);
+ bool java_is_broken = true;
if (honor_hints)
geometry = client_apply_size_hints(c, geometry);
if(c->geometry.width == geometry.width
&& c->geometry.height == geometry.height)
+ /* We are moving without changing the size, see ICCCM 4.2.3 */
+ send_notice = true;
+ if(java_is_broken)
+ /* Java strong. Java Hulk. Java make own rules! */
send_notice = true;
/* Also store geometry including border */
@@ -779,7 +790,6 @@
(uint32_t[]) { real_geometry.x, real_geometry.y, real_geometry.width, real_geometry.height });
if(send_notice)
- /* We are moving without changing the size, see ICCCM 4.2.3 */
client_send_configure(c);
client_restore_enterleave_events();
@@ -1236,6 +1246,8 @@
/* Ignore all spurious enter/leave notify events */
client_ignore_enterleave_events();
+ if (c->nofocus_window != XCB_NONE)
+ xcb_destroy_window(globalconf.connection, c->nofocus_window);
xcb_destroy_window(globalconf.connection, c->frame_window);
client_restore_enterleave_events();
@@ -2285,6 +2297,8 @@
luaA_object_emit_signal(L, 1, "property::keys", 0);
xcb_ungrab_key(globalconf.connection, XCB_GRAB_ANY, c->window, XCB_BUTTON_MASK_ANY);
xwindow_grabkeys(c->window, keys);
+ if (c->nofocus_window)
+ xwindow_grabkeys(c->nofocus_window, &c->keys);
}
return luaA_key_array_get(L, 1, keys);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/awesome-3.5.8/objects/client.h new/awesome-3.5.9/objects/client.h
--- old/awesome-3.5.8/objects/client.h 2016-01-30 14:55:18.000000000 +0100
+++ new/awesome-3.5.9/objects/client.h 2016-03-06 15:05:54.000000000 +0100
@@ -56,6 +56,8 @@
struct client_t
{
WINDOW_OBJECT_HEADER
+ /** Window we use for input focus and no-input clients */
+ xcb_window_t nofocus_window;
/** Client logical screen */
screen_t *screen;
/** Client name */
@@ -137,6 +139,7 @@
bool client_maybevisible(client_t *);
client_t * client_getbywin(xcb_window_t);
+client_t * client_getbynofocuswin(xcb_window_t);
client_t * client_getbyframewin(xcb_window_t);
void client_ban(client_t *);
1
0
Hello community,
here is the log from the commit of package apache2-mod_nss for openSUSE:Factory checked in at 2016-03-31 13:03:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_nss (Old)
and /work/SRC/openSUSE:Factory/.apache2-mod_nss.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_nss"
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2-mod_nss/apache2-mod_nss.changes 2016-01-23 01:16:32.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.apache2-mod_nss.new/apache2-mod_nss.changes 2016-03-31 13:03:47.000000000 +0200
@@ -1,0 +2,68 @@
+Thu Mar 17 16:27:13 UTC 2016 - vcizek(a)suse.com
+
+- use a whitelist approach for keeping directives in the migration
+ script (bsc#961907)
+ * modify mod_nss_migrate.pl
+
+-------------------------------------------------------------------
+Wed Mar 16 14:45:24 UTC 2016 - pgajdos(a)suse.com
+
+- fix test: add NSSPassPhraseDialog, point it to plain file
+
+-------------------------------------------------------------------
+Mon Mar 14 12:27:37 UTC 2016 - vcizek(a)suse.com
+
+- update to 1.0.13
+ Update default ciphers to something more modern and secure
+ Check for host and netstat commands in gencert before trying to use them
+ Add server support for DHE ciphers
+ Extract SAN from server/client certificates into env
+ Fix memory leaks and other coding issues caught by clang analyzer
+ Add support for Server Name Indication (SNI) (#1010751)
+ Add support for SNI for reverse proxy connections
+ Add RenegBufferSize? option
+ Add support for TLS Session Tickets (RFC 5077)
+ Fix logical AND support in OpenSSL cipher compatibility
+ Correctly handle disabled ciphers (CVE-2015-5244)
+ Implement a slew more OpenSSL cipher macros
+ Fix a number of illegal memory accesses and memory leaks
+ Support for SHA384 ciphers if they are available in NSS
+ Add compatibility for mod_ssl-style cipher definitions (#862938)
+ Add TLSv1.2-specific ciphers
+ Completely remove support for SSLv2
+ Add support for sqlite NSS databases (#1057650)
+ Compare subject CN and VS hostname during server start up
+ Add support for enabling TLS v1.2
+ Don't enable SSL 3 by default (CVE-2014-3566)
+ Fix CVE-2013-4566
+ Move nss_pcache to /usr/libexec
+ Support httpd 2.4+
+- drop almost all our patches (upstream)
+ * 0001-SNI-check-with-NameVirtualHosts.patch
+ * mod_nss-CVE-2013-4566-NSSVerifyClient.diff
+ * mod_nss-PK11_ListCerts_2.patch
+ * mod_nss-add_support_for_enabling_TLS_v1.2.patch
+ * mod_nss-array_overrun.patch
+ * mod_nss-cipherlist_update_for_tls12-doc.diff
+ * mod_nss-cipherlist_update_for_tls12.diff
+ * mod_nss-clientauth.patch
+ * mod_nss-compare_subject_CN_and_VS_hostname.patch
+ * mod_nss-gencert.patch
+ * mod_nss-httpd24.patch
+ * mod_nss-lockpcache.patch
+ * mod_nss-negotiate.patch
+ * mod_nss-no_shutdown_if_not_init_2.patch
+ * mod_nss-overlapping_memcpy.patch
+ * mod_nss-pcachesignal.h
+ * mod_nss-proxyvariables.patch
+ * mod_nss-reseterror.patch
+ * mod_nss-reverse_proxy_send_SNI.patch
+ * mod_nss-reverseproxy.patch
+ * mod_nss-sslmultiproxy.patch
+ * mod_nss-tlsv1_1.patch
+ * mod_nss-wouldblock.patch
+ * update-ciphers.patch
+- add automake and libtool to BuildRequires
+- temporarily comment out %check
+
+-------------------------------------------------------------------
Old:
----
0001-SNI-check-with-NameVirtualHosts.patch
mod_nss-1.0.8.tar.gz
mod_nss-CVE-2013-4566-NSSVerifyClient.diff
mod_nss-PK11_ListCerts_2.patch
mod_nss-add_support_for_enabling_TLS_v1.2.patch
mod_nss-array_overrun.patch
mod_nss-cipherlist_update_for_tls12-doc.diff
mod_nss-cipherlist_update_for_tls12.diff
mod_nss-clientauth.patch
mod_nss-compare_subject_CN_and_VS_hostname.patch
mod_nss-gencert.patch
mod_nss-httpd24.patch
mod_nss-lockpcache.patch
mod_nss-negotiate.patch
mod_nss-no_shutdown_if_not_init_2.patch
mod_nss-overlapping_memcpy.patch
mod_nss-pcachesignal.h
mod_nss-proxyvariables.patch
mod_nss-reseterror.patch
mod_nss-reverse_proxy_send_SNI.patch
mod_nss-reverseproxy.patch
mod_nss-sslmultiproxy.patch
mod_nss-tlsv1_1.patch
mod_nss-wouldblock.patch
update-ciphers.patch
New:
----
mod_nss-1.0.13.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_nss.spec ++++++
--- /var/tmp/diff_new_pack.ZpLJKc/_old 2016-03-31 13:03:48.000000000 +0200
+++ /var/tmp/diff_new_pack.ZpLJKc/_new 2016-03-31 13:03:48.000000000 +0200
@@ -20,7 +20,7 @@
Summary: SSL/TLS module for the Apache HTTP server
License: Apache-2.0
Group: Productivity/Networking/Web/Servers
-Version: 1.0.8
+Version: 1.0.13
Release: 0.4.8
Url: https://fedorahosted.org/mod_nss
Source: https://fedorahosted.org/released/mod_nss/mod_nss-%{version}.tar.gz
@@ -38,6 +38,7 @@
PreReq: mozilla-nss-tools
BuildRequires: apache-rpm-macros
BuildRequires: apache2-devel >= 2.2.12
+BuildRequires: automake
BuildRequires: bison
BuildRequires: curl
BuildRequires: findutils
@@ -45,43 +46,13 @@
BuildRequires: gcc-c++
BuildRequires: libapr-util1-devel
BuildRequires: libapr1-devel
+BuildRequires: libtool
BuildRequires: mozilla-nspr-devel >= 4.6.3
BuildRequires: mozilla-nss-devel >= 3.15.1
BuildRequires: mozilla-nss-tools
BuildRequires: pkgconfig
-# [bnc#799483] Patch to adjust mod_nss.conf to match SUSE dir layout
-# Fri Nov 8 14:10:04 CET 2013 - draht: patch disabled, nss.conf.in is now scratch.
-#Patch1: mod_nss-conf.patch
-Patch2: mod_nss-gencert.patch
-Patch3: mod_nss-wouldblock.patch
-Patch4: mod_nss-negotiate.patch
-Patch5: mod_nss-reverseproxy.patch
-Patch6: mod_nss-pcachesignal.h
-Patch7: mod_nss-reseterror.patch
-Patch8: mod_nss-lockpcache.patch
-# Fix build with apache 2.4
-Patch9: mod_nss-httpd24.patch
-
-Patch10: mod_nss-proxyvariables.patch
-Patch11: mod_nss-tlsv1_1.patch
-Patch12: mod_nss-array_overrun.patch
-Patch13: mod_nss-clientauth.patch
-Patch14: mod_nss-no_shutdown_if_not_init_2.patch
-Patch15: mod_nss-PK11_ListCerts_2.patch
-Patch16: mod_nss-sslmultiproxy.patch
-Patch17: mod_nss-overlapping_memcpy.patch
-Patch18: mod_nss-CVE-2013-4566-NSSVerifyClient.diff
-Patch19: mod_nss-cipherlist_update_for_tls12.diff
-Patch20: mod_nss-cipherlist_update_for_tls12-doc.diff
+
Patch23: mod_nss-bnc863518-reopen_dev_tty.diff
-# PATCH-FIX-UPSTREAM bnc#897712 kstreitova(a)suse.com -- check for the misconfiguration of certificate's CN and virtual name
-Patch24: mod_nss-compare_subject_CN_and_VS_hostname.patch
-# PATCH-FIX-UPSTREAM bnc#902068 kstreitova(a)suse.com -- small fixes for TLS-v1.2
-Patch25: mod_nss-add_support_for_enabling_TLS_v1.2.patch
-# PATCH-FEATURE-UPSTREAM bnc#897712 fate#318331 kstreitova(a)suse.com -- add Server Name Indication support
-Patch26: 0001-SNI-check-with-NameVirtualHosts.patch
-Patch27: update-ciphers.patch
-Patch28: mod_nss-reverse_proxy_send_SNI.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define apxs /usr/sbin/apxs2
@@ -101,36 +72,7 @@
%prep
%setup -q -n mod_nss-%{version}
-##%patch1 -p1 -b .conf.rpmpatch
-%patch2 -p1 -b .gencert.rpmpatch
-%patch3 -p1 -b .wouldblock.rpmpatch
-%patch4 -p1 -b .negotiate.rpmpatch
-%patch5 -p1 -b .reverseproxy.rpmpatch
-%patch6 -p1 -b .pcachesignal.h.rpmpatch
-%patch7 -p1 -b .reseterror.rpmpatch
-%patch8 -p1 -b .lockpcache.rpmpatch
-%patch10 -p1 -b .proxyvariables.rpmpatch
-%patch11 -p1 -b .tlsv1_1.rpmpatch
-%patch12 -p1 -b .array_overrun.rpmpatch
-%patch13 -p1 -b .clientauth.rpmpatch
-%patch14 -p1 -b .no_shutdown_if_not_init_2.rpmpatch
-%patch15 -p1 -b .PK11_ListCerts_2.rpmpatch
-%patch16 -p1 -b .sslmultiproxy.rpmpatch
-%patch17 -p1 -b .overlapping_memcpy.rpmpatch
-%patch18 -p0 -b .CVE-2013-4566.rpmpatch
-%patch19 -p0 -b .ciphers.rpmpatch
-%patch20 -p0 -b .ciphers.doc.rpmpatch
%patch23 -p0 -b .mod_nss-bnc863518-reopen_dev_tty.rpmpatch
-%patch24 -p1 -b .mod_nss-compare_subject_CN_and_VS_hostname.rpmpatch
-%patch25 -p1 -b .mod_nss-add_support_for_enabling_TLS_v1.2.rpmpatch
-%patch26 -p1 -b .SNI_support.rpmpatch
-%patch27 -p1 -b .update-ciphers.rpmpatch
-%patch28 -p1 -b .reverse_proxy_send_SNI.rpmpatch
-
-# keep this last, otherwise we get fuzzyness from above
-%if %{apache_branch} >= 204
-%patch9 -p1 -b .http24
-%endif
# Touch expression parser sources to prevent regenerating it
touch nss_expr_*.[chyl]
@@ -150,7 +92,7 @@
cp -a %{SOURCE1} ./nss.conf.in
cp -a %{SOURCE4} .
chmod 644 ./nss.conf.in
-#autoreconf -fvi
+autoreconf -fvi
%configure \
--with-nss-lib=$NSS_LIB_DIR \
--with-nss-inc=$NSS_INCLUDE_DIR \
@@ -193,11 +135,18 @@
%check
set +x
mkdir -p %{apache_test_module_dir}
+# create password file including internal token to suppress
+# apache 'builtin dialog', see NSSPassPhraseDialog below
+# (http://mcs.une.edu.au/doc/mod_nss/mod_nss.html)
+cat << EOF > %{apache_test_module_dir}/password.conf
+internal:httptest
+EOF
# create test configuration
cat << EOF > %{apache_test_module_dir}/mod_nss-test.conf
NSSEngine on
NSSNickname Server-Cert
NSSCertificateDatabase %{apache_test_module_dir}/mod_nss.d
+NSSPassPhraseDialog file:%{apache_test_module_dir}/password.conf
NSSPassPhraseHelper %{buildroot}/usr/sbin/nss_pcache
NSSCipherSuite +ecdhe_ecdsa_aes_128_gcm_sha,+ecdh_ecdsa_aes_128_gcm_sha,+ecdhe_rsa_aes_256_sha,+ecdh_rsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha,+ecdh_rsa_aes_128_gcm_sha,+ecdhe_rsa_aes_128_sha,+ecdh_rsa_aes_128_sha,+rsa_aes_128_gcm_sha,+rsa_aes_256_sha,+rsa_aes_128_sha,+rsa_aes_128_sha256,+rsa_aes_256_sha256
NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2
++++++ mod_nss-1.0.8.tar.gz -> mod_nss-1.0.13.tar.gz ++++++
++++ 51602 lines of diff (skipped)
++++++ mod_nss-bnc863518-reopen_dev_tty.diff ++++++
--- /var/tmp/diff_new_pack.ZpLJKc/_old 2016-03-31 13:03:49.000000000 +0200
+++ /var/tmp/diff_new_pack.ZpLJKc/_new 2016-03-31 13:03:49.000000000 +0200
@@ -1,54 +1,8 @@
-diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_pphrase.c ./nss_engine_pphrase.c
---- ../mod_nss-1.0.8-o/nss_engine_pphrase.c 2014-07-24 12:23:30.000000000 +0200
-+++ ./nss_engine_pphrase.c 2014-07-24 13:54:23.000000000 +0200
-@@ -181,199 +181,218 @@
- * that may be done.
- */
- static PRBool nss_check_password(unsigned char *cp)
- {
- int len;
- unsigned char *end, ch;
-
- len = strlen((char *)cp);
- if (len < 8) {
- return PR_TRUE;
- }
- end = cp + len;
- while (cp < end) {
- ch = *cp++;
- if (!((ch >= 'A') && (ch <= 'Z')) &&
- !((ch >= 'a') && (ch <= 'z'))) {
- /* pass phrase has at least one non alphabetic in it */
- return PR_TRUE;
- }
- }
- return PR_TRUE;
- }
-
- /*
- * Password callback so the user is not prompted to enter the password
- * after the server starts.
- */
- static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg)
- {
- return NULL;
- }
-
- /*
- * Password callback to prompt the user for a password. This requires
- * twiddling with the tty. Alternatively, if the file password.conf
- * exists then it may be used to store the token password(s).
- */
- static char *nss_get_password(FILE *input, FILE *output,
- PK11SlotInfo *slot,
- PRBool (*ok)(unsigned char *),
- pphrase_arg_t *parg)
- {
- char *pwdstr = NULL;
- char *token_name = NULL;
- int tmp;
- FILE *pwd_fileptr;
- char *ptr;
+Index: nss_engine_pphrase.c
+===================================================================
+--- nss_engine_pphrase.c.orig 2016-03-14 12:33:49.139529734 +0100
++++ nss_engine_pphrase.c 2016-03-14 12:40:42.603094487 +0100
+@@ -228,6 +228,7 @@ static char *nss_get_password(FILE *inpu
char line[1024];
unsigned char phrase[200];
int infd = fileno(input);
@@ -56,103 +10,10 @@
int isTTY = isatty(infd);
token_name = PK11_GetTokenName(slot);
-
- if (parg->mc->pphrase_dialog_type == SSL_PPTYPE_FILE ||
- parg->mc->pphrase_dialog_type == SSL_PPTYPE_DEFER) {
- /* Try to get the passwords from the password file if it exists.
- * THIS IS UNSAFE and is provided for convenience only. Without this
- * capability the server would have to be started in foreground mode.
- */
- if ((*parg->mc->pphrase_dialog_path != '\0') &&
- ((pwd_fileptr = fopen(parg->mc->pphrase_dialog_path, "r")) != NULL)) {
- while(fgets(line, 1024, pwd_fileptr)) {
- if (PL_strstr(line, token_name) == line) {
- tmp = PL_strlen(line) - 1;
- while((line[tmp] == ' ') || (line[tmp] == '\n'))
- tmp--;
- line[tmp+1] = '\0';
- ptr = PL_strchr(line, ':');
- if (ptr == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "Malformed password entry for token %s. Format should be token:password", token_name);
- continue;
- }
- for(tmp=1; ptr[tmp] == ' '; tmp++) {}
- pwdstr = strdup(&(ptr[tmp]));
- }
- }
- fclose(pwd_fileptr);
- } else {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "Unable to open password file %s", parg->mc->pphrase_dialog_path);
- nss_die();
- }
- }
-
- /* For SSL_PPTYPE_DEFER we only want to authenticate passwords found
- * in the password file.
- */
- if ((parg->mc->pphrase_dialog_type == SSL_PPTYPE_DEFER) &&
- (pwdstr == NULL)) {
- return NULL;
- }
-
- /* This purposely comes after the file check because that is more
- * authoritative.
- */
- if (parg->mc->nInitCount > 1) {
- char buf[1024];
- apr_status_t rv;
- apr_size_t nBytes = 1024;
- struct sembuf sb;
-
- /* lock the pipe */
- sb.sem_num = 0;
- sb.sem_op = -1;
- sb.sem_flg = SEM_UNDO;
- if (semop(parg->mc->semid, &sb, 1) == -1) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "Unable to reserve semaphore resource");
- }
-
- snprintf(buf, 1024, "RETR\t%s", token_name);
- rv = apr_file_write_full(parg->mc->proc.in, buf, strlen(buf), NULL);
- if (rv != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "Unable to write to pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv);
- nss_die();
- }
-
- /* The helper just returns a token pw or "", so we don't have much
- * to check for.
- */
- memset(buf, 0, sizeof(buf));
- rv = apr_file_read(parg->mc->proc.out, buf, &nBytes);
- sb.sem_op = 1;
- if (semop(parg->mc->semid, &sb, 1) == -1) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "Unable to free semaphore resource");
- /* perror("semop free resource id"); */
- }
-
- if (rv != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "Unable to read from pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv);
- nss_die();
- }
-
- /* Just return what we got. If we got this far and we don't have a
- * PIN then I/O is already shut down, so we can't do anything really
- * clever.
- */
- pwdstr = strdup(buf);
- }
-
- /* If we got a password we're done */
+@@ -327,6 +328,24 @@ static char *nss_get_password(FILE *inpu
if (pwdstr)
return pwdstr;
--
-+
+
+ /* It happens that stdin is not opened with O_RDONLY. Better make sure
+ * it is and re-open /dev/tty.
+ */
@@ -174,50 +35,3 @@
for (;;) {
/* Prompt for password */
if (isTTY) {
- if (parg->retryCount > 0) {
- fprintf(output, "Password incorrect. Please try again.\n");
- }
- fprintf(output, "%s", prompt);
- echoOff(infd);
- }
- fgets((char*) phrase, sizeof(phrase), input);
- if (isTTY) {
- fprintf(output, "\n");
- echoOn(infd);
- }
- /* stomp on newline */
- phrase[strlen((char*)phrase)-1] = 0;
-
- /* Validate password */
- if (!(*ok)(phrase)) {
- /* Not weird enough */
- if (!isTTY) return 0;
- fprintf(output, "Password must be at least 8 characters long with one or more\n");
- fprintf(output, "non-alphabetic characters\n");
- continue;
- }
- if (PK11_IsFIPS() && strlen(phrase) == 0) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "The FIPS security policy requires that a password be set.");
- nss_die();
- } else
- return (char*) PORT_Strdup((char*)phrase);
- }
- }
-
- /*
- * Turn the echoing off on a tty.
- */
- static void echoOff(int fd)
- {
- if (isatty(fd)) {
- struct termios tio;
- tcgetattr(fd, &tio);
- tio.c_lflag &= ~ECHO;
- tcsetattr(fd, TCSAFLUSH, &tio);
- }
- }
-
- /*
- * Turn the echoing on on a tty.
- */
++++++ mod_nss_migrate.pl ++++++
--- /var/tmp/diff_new_pack.ZpLJKc/_old 2016-03-31 13:03:49.000000000 +0200
+++ /var/tmp/diff_new_pack.ZpLJKc/_new 2016-03-31 13:03:49.000000000 +0200
@@ -6,7 +6,7 @@
use Getopt::Std;
BEGIN {
-# $NSSDir = cwd();
+ #$NSSDir = cwd();
$NSSDir = "/etc/apache2/mod_nss.d";
$SSLCACertificatePath = "";
@@ -18,21 +18,34 @@
$passphrase = 0;
}
-%skip = ( "SSLRandomSeed" => "",
- "SSLSessionCache" => "",
- "SSLMutex" => "",
- "SSLCertificateChainFile" => "",
- "SSLVerifyDepth" => "" ,
- "SSLCryptoDevice" => "" ,
- "LoadModule" => "" ,
- );
+# these directives are common for mod_ssl 2.4.18 and mod_nss 1.0.13
+%keep = ( "SSLCipherSuite" => "",
+ "SSLEngine" => "",
+ "SSLFIPS" => "",
+ "SSLOptions" => "",
+ "SSLPassPhraseDialog" => "",
+ "SSLProtocol" => "",
+ "SSLProxyCipherSuite" => "",
+ "SSLProxyEngine" => "",
+ "SSLProxyCheckPeerCN" => "",
+ "SSLProxyProtocol" => "",
+ "SSLRandomSeed" => "",
+ "SSLRenegBufferSize" => "",
+ "SSLRequire" => "",
+ "SSLRequireSSL" => "",
+ "SSLSessionCacheTimeout" => "",
+ "SSLSessionTickets" => "",
+ "SSLStrictSNIVHostCheck" => "",
+ "SSLUserName" => "",
+ "SSLVerifyClient" => "",
+);
-%insert = ( "NSSSessionCacheTimeout", "NSSSessionCacheSize 10000\nNSSSession3CacheTimeout 86400\n",);
+%insert = ( "SSLSessionCacheTimeout", "NSSSessionCacheSize 10000\nNSSSession3CacheTimeout 86400\n",);
getopts('chr:w:' , \%opt );
sub usage() {
- print STDERR "Usage: mod_nss_migrate.pl [-c] -r <mod_ssl input file> -w <mod_nss output file>\n";
+ print STDERR "Usage: migrate.pl [-c] -r <mod_ssl input file> -w <mod_nss output file>\n";
print STDERR "\t-c converts the certificates\n";
print STDERR "This conversion script is not aware of apache's configuration blocks\n";
print STDERR "and nestable conditional directives. Please check the output of the\n";
@@ -40,27 +53,22 @@
exit();
}
-usage() if ( $opt{h} || !$opt{r} || !$opt{w} ) ;
-
-
+usage() if ($opt{h} || !$opt{r} || !$opt{w});
print STDERR "input: $opt{r} output: $opt{w}\n";
open (SSL, "<", $opt{r} ) or die "Unable to open $opt{r}: $!.\n";
open (NSS, ">", $opt{w} ) or die "Unable to open $opt{w}: $!.\n";
-
-print NSS "## This is a conversion of mod_ssl specific options by /usr/sbin/mod_nss_migrate.pl\n";
+print NSS "## This is a conversion of mod_ssl specific options by migrate.pl\n";
print NSS "## Most of the comments in the original .conf file have been omitted here, as\n";
print NSS "## the comments may not be valid for mod_nss, too.\n";
print NSS "## \n";
print NSS "## Please read through this configuration and verify the individual options!\n\n";
-
while (<SSL>) {
my $comment = 0;
-
# write through even if in comment before comments are stripped below.
if(/(ServerName|ServerAlias)/) {
print NSS $_;
@@ -68,9 +76,8 @@
}
# skip blank lines and comments
- if (/^#/ || /^\s*#/ || /^\s*$/) {
-# do not copy them; they may not be useful anyway.
-# print NSS $_;
+ if (/^\s*#/ || /^\s*$/) {
+ print NSS $_;
next;
}
@@ -93,19 +100,15 @@
next;
}
- if ($stmt eq "SSLCipherSuite") {
- print NSS "## original SSLCipherSuite config line: $_";
- print NSS "NSSCipherSuite ", get_ciphers($val), "\n\n";
- next;
- } elsif ($stmt eq "SSLEngine" ) {
- print NSS "##$_";
- print NSS "NSSEngine $value\n\n";
- next;
- } elsif ($stmt eq "SSLProtocol" ) {
+ # we support OpenSSL cipher strings now, keeping the string as is
+ #if ($stmt eq "SSLCipherSuite") {
+ #print NSS "NSSCipherSuite ", get_ciphers($val), "\n";
+ #print NSS "NSSProtocol SSLv3,TLSv1\n";
+ #$comment = 1;
+ if ($stmt eq "SSLProtocol" ) {
print NSS "## we ignore the arguments to SSLProtocol. The original value was:\n";
print NSS "##$_";
print NSS "## The following is a _range_ from TLSv1.0 to TLSv1.2.\n";
- print NSS "## You may also specify SSLv3 at the beginning of the range. Not done here:\n";
print NSS "NSSProtocol TLSv1.0,TLSv1.2\n\n";
next;
} elsif ($stmt eq "SSLCACertificatePath") {
@@ -129,27 +132,29 @@
$SSLCARevocationFile = $value;
$comment = 1;
} elsif ($stmt eq "SSLPassPhraseDialog") {
- print NSS "NSSPassPhraseHelper /usr/sbin/nss_pcache\n";
+ print NSS "NSSPassPhraseHelper /usr/libexec/nss_pcache\n";
$passphrase = 1;
$comment = 1;
}
- if (exists($skip{$stmt})) {
- print NSS "# Skipping, not applicable in mod_nss\n";
- print NSS "##$_";
- next;
- }
-
- # Fix up any remaining directive names
- s/SSL/NSS/;
-
if (exists($insert{$stmt})) {
- print NSS "$_";
+ #print NSS "$_";
print NSS $insert{$stmt};
next;
}
+ if (m/^\s*SSL/) {
+ if (!exists($keep{$stmt})) {
+ print NSS "# Skipping, not applicable in mod_nss\n";
+ print NSS "##$_";
+ next;
+ } else {
+ # Fix up any remaining directive names
+ s/^(\s*)SSL/\1NSS/;
+ }
+ }
+
# Fall-through to print whatever is left
if ($comment) {
print NSS "##$_";
@@ -157,11 +162,11 @@
} else {
print NSS $_;
}
-
}
if ($passphrase == 0) {
- print NSS "NSSPassPhraseHelper /usr/sbin/nss_pcache\n";
+ # NOTE: Located at '/usr/sbin/nss_pcache' prior to 'mod_nss-1.0.9'.
+ print NSS "NSSPassPhraseHelper /usr/libexec/nss_pcache\n";
}
close(NSS);
@@ -179,15 +184,15 @@
if ($SSLCertificateFile ne "" && $SSLCertificateKeyFile ne "") {
my $subject = get_cert_subject($SSLCertificateFile);
print STDERR "Importing certificate $subject as \"Server-Cert\".\n";
- run_command("openssl pkcs12 -export -in $SSLCertificateFile -inkey $SSLCertificateKeyFile -out server.p12 -name \"Server-Cert\" -passout pass:foo ");
- run_command("pk12util -i server.p12 -d $NSSDir -W foo ");
+ run_command("openssl pkcs12 -export -in $SSLCertificateFile -inkey $SSLCertificateKeyFile -out server.p12 -name \"Server-Cert\" -passout pass:foo");
+ run_command("pk12util -i server.p12 -d $NSSDir -W foo");
}
if ($SSLCACertificateFile ne "") {
my $subject = get_cert_subject($SSLCACertificateFile);
if ($subject ne "") {
print STDERR "Importing CA certificate $subject\n";
- run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $SSLCACertificateFile ");
+ run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $SSLCACertificateFile");
}
}
@@ -202,7 +207,7 @@
my $subject = get_cert_subject("$SSLCACertificatePath/$file");
if ($subject ne "") {
print STDERR "Importing CA certificate $subject\n";
- run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $SSLCACertificatePath/$file ");
+ run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $SSLCACertificatePath/$file");
}
}
}
@@ -258,7 +263,7 @@
my $str = shift;
%cipher_list = (
- "rc4" => ":ALL:SSLv2:RSA:MD5:MEDIUM:RC4:",
+ "rc4" => ":ALL:SSLv2:RSA:MD5:MEDIUM:RC4:",
"rc4export" => ":ALL:SSLv2:RSA:EXP:EXPORT40:MD5:RC4:",
"rc2" => ":ALL:SSLv2:RSA:MD5:MEDIUM:RC2:",
"rc2export" => ":ALL:SSLv2:RSA:EXP:EXPORT40:MD5:RC2:",
@@ -281,21 +286,21 @@
for ($i = 0; $i < $NUM_CIPHERS; $i++) {
$selected[$i] = 0;
}
-
+
# Don't need to worry about the ordering properties of "+" because
# NSS always chooses the "best" cipher anyway. You can't specify
# preferred order.
-
+
# -1: this cipher is completely out
# 0: this cipher is currently unselected, but maybe added later
# 1: this cipher is selected
-
+
@s = split(/:/, $str);
-
+
for ($i = 0; $i <= $#s; $i++) {
$j = 0;
$val = 1;
-
+
# ! means this cipher is disabled forever
if ($s[$i] =~ /^!/) {
$val = -1;
@@ -306,10 +311,10 @@
} elsif ($s[$i] =~ /^+/) {
($s[$i] =~ s/^+//);
}
-
+
for $cipher (sort keys %cipher_list) {
$match = 0;
-
+
# For embedded + we do an AND for all options
if ($s[$i] =~ m/(\w+\+)+/) {
@sub = split(/^\+/, $s[$i]);
@@ -324,22 +329,22 @@
$match = 1;
}
}
-
+
if ($match && $selected[$j] != -1) {
$selected[$j] = $val;
}
$j++;
}
}
-
+
# NSS doesn't honor the order of a cipher list, it uses the "strongest"
# cipher available. So we'll print out the ciphers as SSLv2, SSLv3 and
# the NSS ciphers not available in OpenSSL.
$str = "SSLv2:SSLv3";
@s = split(/:/, $str);
-
+
$ciphersuite = "";
-
+
for ($i = 0; $i <= $#s; $i++) {
$j = 0;
for $cipher (sort keys %cipher_list) {
@@ -354,9 +359,9 @@
$j++;
}
}
-
+
$ciphersuite .= "-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha";
-
+
return $ciphersuite;
}
@@ -385,7 +390,7 @@
sub run_command {
my @args = shift;
my $status = 0;
-
+
$status = 0xffff & system(@args);
return if ($status == 0);
1
0
Hello community,
here is the log from the commit of package kdebindings3 for openSUSE:Factory checked in at 2016-03-31 13:03:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kdebindings3 (Old)
and /work/SRC/openSUSE:Factory/.kdebindings3.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kdebindings3"
Changes:
--------
kdebindings3-javascript.changes: same change
--- /work/SRC/openSUSE:Factory/kdebindings3/kdebindings3.changes 2015-09-08 18:10:47.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.kdebindings3.new/kdebindings3.changes 2016-03-31 13:03:45.000000000 +0200
@@ -1,0 +2,5 @@
+Wed Mar 30 12:15:50 UTC 2016 - dvaleev(a)suse.com
+
+- Fix rubyarchhdrs on non x86 arch
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kdebindings3-java.spec ++++++
--- /var/tmp/diff_new_pack.m7ednR/_old 2016-03-31 13:03:46.000000000 +0200
+++ /var/tmp/diff_new_pack.m7ednR/_new 2016-03-31 13:03:46.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package kdebindings3-java
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
kdebindings3-javascript.spec: same change
++++++ kdebindings3.spec ++++++
--- /var/tmp/diff_new_pack.m7ednR/_old 2016-03-31 13:03:46.000000000 +0200
+++ /var/tmp/diff_new_pack.m7ednR/_new 2016-03-31 13:03:46.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package kdebindings3
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -136,9 +136,12 @@
%endif
sed -i 's%2.6%2.7%g' configure
+export RUBY_ARCH=`ruby -r rbconfig -e "print RbConfig::CONFIG['rubyarchhdrdir']"`
+export RUBY_INCLUDE=`ruby -r rbconfig -e "print RbConfig::CONFIG['rubyhdrdir']"`
+
./configure \
$configkde $configopts \
---with-extra-includes="/usr/include/ruby-%rb_ver:/usr/include/ruby-%rb_ver/%_target_cpu-linux-gnu:/usr/include/ruby-%rb_ver/ruby:/usr/include/ruby-%rb_ver/%_target_cpu-linux"
+ --with-extra-includes="$RUBY_ARCH:$RUBY_INCLUDE:$RUBY_INCLUDE/ruby"
%if %{is_base}
make
1
0
Hello community,
here is the log from the commit of package gnumeric for openSUSE:Factory checked in at 2016-03-31 13:03:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnumeric (Old)
and /work/SRC/openSUSE:Factory/.gnumeric.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnumeric"
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnumeric/gnumeric.changes 2016-02-17 12:12:23.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.gnumeric.new/gnumeric.changes 2016-03-31 13:03:43.000000000 +0200
@@ -1,0 +2,13 @@
+Wed Mar 23 09:37:43 UTC 2016 - dimstar(a)opensuse.org
+
+- Update to version 1.12.28:
+ + Fuzzed file fixes (bgo#761663, bgo#761727, bgo#762278).
+ + Plug leaks.
+ + Fix problems with ssconvert to lp/cplex formats.
+ + Add sensitivity report to solver.
+ + Fix bounds problem with cplex exporter.
+ + Fix IMARCCOSH(1).
+ + Add more tests for complex number evaluation.
+ + Improve accuracy of IMLOG10.
+
+-------------------------------------------------------------------
Old:
----
gnumeric-1.12.27.tar.xz
New:
----
gnumeric-1.12.28.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gnumeric.spec ++++++
--- /var/tmp/diff_new_pack.08AQG9/_old 2016-03-31 13:03:45.000000000 +0200
+++ /var/tmp/diff_new_pack.08AQG9/_new 2016-03-31 13:03:45.000000000 +0200
@@ -17,7 +17,7 @@
Name: gnumeric
-Version: 1.12.27
+Version: 1.12.28
Release: 0
Summary: Spreadsheet Application
License: GPL-2.0 or GPL-3.0
@@ -37,7 +37,7 @@
BuildRequires: pkgconfig(gtk+-3.0) >= 3.8.7
BuildRequires: pkgconfig(libgda-5.0) >= 5.0.0
BuildRequires: pkgconfig(libgda-ui-5.0) >= 5.0.0
-BuildRequires: pkgconfig(libgoffice-0.10) >= 0.10.22
+BuildRequires: pkgconfig(libgoffice-0.10) >= 0.10.28
BuildRequires: pkgconfig(libgsf-1) >= 1.14.33
BuildRequires: pkgconfig(libxml-2.0) >= 2.4.12
BuildRequires: pkgconfig(pango) >= 1.24.0
++++++ gnumeric-1.12.27.tar.xz -> gnumeric-1.12.28.tar.xz ++++++
/work/SRC/openSUSE:Factory/gnumeric/gnumeric-1.12.27.tar.xz /work/SRC/openSUSE:Factory/.gnumeric.new/gnumeric-1.12.28.tar.xz differ: char 27, line 1
1
0
Hello community,
here is the log from the commit of package xine-lib for openSUSE:Factory checked in at 2016-03-31 13:03:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xine-lib (Old)
and /work/SRC/openSUSE:Factory/.xine-lib.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xine-lib"
Changes:
--------
--- /work/SRC/openSUSE:Factory/xine-lib/xine-lib.changes 2015-11-11 10:35:42.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.xine-lib.new/xine-lib.changes 2016-03-31 13:03:40.000000000 +0200
@@ -1,0 +2,8 @@
+Fri Feb 26 15:12:34 UTC 2016 - joerg.lorenzen(a)ki.tng.de
+
+- Added xine-lib-ffmpeg3.0.patch to build against ffmpeg-3.0
+ libraries on PMBS.
+- Add pkgconfig(libva-glx) to BuildRequires because it's a separate
+ package for openSUSE > 13.2.
+
+-------------------------------------------------------------------
New:
----
xine-lib-ffmpeg3.0.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xine-lib.spec ++++++
--- /var/tmp/diff_new_pack.zBevQY/_old 2016-03-31 13:03:41.000000000 +0200
+++ /var/tmp/diff_new_pack.zBevQY/_new 2016-03-31 13:03:41.000000000 +0200
@@ -73,12 +73,13 @@
%endif
%if !%{with distributable}
BuildRequires: libfaad-devel
-BuildRequires: pkgconfig(libavcodec) >= 51.68.0
-BuildRequires: pkgconfig(libavutil) >= 49.6.0
+BuildRequires: pkgconfig(libavcodec) >= 57
+BuildRequires: pkgconfig(libavutil) >= 55
BuildRequires: pkgconfig(libbluray) >= 0.2.1
BuildRequires: pkgconfig(libdts)
-BuildRequires: pkgconfig(libpostproc)
+BuildRequires: pkgconfig(libpostproc) >= 54
BuildRequires: pkgconfig(libva)
+BuildRequires: pkgconfig(libva-glx)
BuildRequires: pkgconfig(mad)
BuildRequires: pkgconfig(vdpau)
%else
@@ -136,6 +137,7 @@
Patch3: fix-non-x86-build.diff
# Add theora FOURCC to libxine I found an avi container that xine wouldn't play.
Patch4: xine-lib-theora.patch
+Patch5: xine-lib-ffmpeg3.0.patch
%description
<p>Great video and multimediaplayer, supports DVD, MPEG, AVI, DivX, VCD, Quicktime ...</p><p>You need a frontend for xine-lib like <a href=http://packman.links2linux.de/package/xine-ui>xine-ui</a>, <a href=http://packman.links2linux.de/package/gxine>gxine</a>, <a href=http://packman.links2linux.de/package/kaffeine>kaffeine</a> or <a href=http://packman.links2linux.de/package/totem>totem</a>.</p><p>Since 1-rc6 the package number is reduced, all you may miss, is in the base package</p><p>If you want to play css encrypted Video-DVD's, you need to install <a href=http://packman.links2linux.de/package/libdvdcss2>libdvdcss</a>.</p>
@@ -509,6 +511,8 @@
%endif
%if %{with distributable}
%patch2 -p1
+%else
+%patch5 -p0
%endif
%ifnarch %ix86 x86_64
%patch3
++++++ xine-lib-ffmpeg3.0.patch ++++++
--- src/combined/ffmpeg/ff_audio_decoder.c.orig 2014-06-09 18:08:42.000000000 +0200
+++ src/combined/ffmpeg/ff_audio_decoder.c 2016-02-26 14:31:45.000000000 +0100
@@ -593,7 +593,7 @@
int got_frame;
float gain = this->class->gain;
if (!this->av_frame)
- this->av_frame = avcodec_alloc_frame ();
+ this->av_frame = av_frame_alloc ();
consumed = avcodec_decode_audio4 (this->context, this->av_frame, &got_frame, &avpkt);
if ((consumed >= 0) && got_frame) {
@@ -1071,7 +1071,7 @@
/* try to reset the wma decoder */
if( this->decoder_ok ) {
#if AVAUDIO > 3
- avcodec_free_frame (&this->av_frame);
+ av_frame_free (&this->av_frame);
#endif
pthread_mutex_lock (&ffmpeg_lock);
avcodec_close (this->context);
@@ -1106,7 +1106,7 @@
if( this->context && this->decoder_ok ) {
#if AVAUDIO > 3
- avcodec_free_frame (&this->av_frame);
+ av_frame_free (&this->av_frame);
#endif
pthread_mutex_lock (&ffmpeg_lock);
avcodec_close (this->context);
--- src/combined/ffmpeg/ff_video_decoder.c.orig 2014-06-24 18:21:06.000000000 +0200
+++ src/combined/ffmpeg/ff_video_decoder.c 2016-02-26 14:31:45.000000000 +0100
@@ -2526,7 +2526,7 @@
this->stream = stream;
this->class = (ff_video_class_t *) class_gen;
- this->av_frame = avcodec_alloc_frame();
+ this->av_frame = av_frame_alloc();
this->context = avcodec_alloc_context();
this->context->opaque = this;
#if AVPALETTE == 1
--- src/dxr3/ffmpeg_encoder.c.orig 2014-03-13 05:06:09.000000000 +0200
+++ src/dxr3/ffmpeg_encoder.c 2016-02-26 14:31:45.000000000 +0100
@@ -164,7 +164,7 @@
"dxr3_mpeg_encoder: Couldn't start the ffmpeg library\n");
return 0;
}
- this->picture = avcodec_alloc_frame();
+ this->picture = av_frame_alloc();
if (!this->picture) {
xprintf(drv->class->xine, XINE_VERBOSITY_LOG,
"dxr3_mpeg_encoder: Couldn't allocate ffmpeg frame\n");
1
0
Hello community,
here is the log from the commit of package bleachbit for openSUSE:Factory checked in at 2016-03-31 13:03:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/bleachbit (Old)
and /work/SRC/openSUSE:Factory/.bleachbit.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bleachbit"
Changes:
--------
--- /work/SRC/openSUSE:Factory/bleachbit/bleachbit.changes 2015-11-05 11:35:58.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.bleachbit.new/bleachbit.changes 2016-03-31 13:03:38.000000000 +0200
@@ -1,0 +2,29 @@
+Sun Mar 20 16:02:48 UTC 2016 - mailaender(a)opensuse.org
+
+- Update to 1.10
+ * Speed up identification of files using regular expressions by 5% to 50%
+ * Allow relative paths with --shred command line argument (reported by Eva Putnam).
+ * Add descriptions for cleaners (thanks to theatre-x).
+ * Fix resizing of preference dialog (thanks to Anton Bobov).
+ * Warn when deleting passwords on Firefox (reported by Theatre-X).
+ * Accept abbreviations T and F in bleachbit.ini configuration (reported by Ken Wallace).
+ * Show a user-friendly error message when checking for updates fails because of a network error (reported by Gary).
+ * Improve logging of errors. Some errors are more informative, and on Windows, errors are unlikely to cause a popup message about bleachbit.exe.log.
+ * Add an option to show file sizes as IEC units (1 KiB = 1024 bytes) instead of SI units (1 kB = 1000 bytes; thanks to Tristan Stenner).
+ * Clean passwords on Firefox version 32+.
+ * Clean Google Chrome cookies for non-default profiles.
+ * Clean more autofill on Google Chrome (reported by pcdoctor01). If you are logged in to Google Chrome, it may automatically restore some of these values from your online Google account unless you disable the option Show addresses and credit cards from Google Payments in the autofill page of Google Chrome settings.
+ * Add size column to side tree control (thanks to Ivor Hewitt).
+ * Clean more localizations (thanks to Tristan Stenner).
+ * Add localization codes (thanks to Tristan Stenner).
+ * Fix memory cleaning on Ubuntu 15.10 and other distributions (reported by Richard Pearse).
+ * Fix harmless error that localizations.xml is unusable (thanks to Tristan Stenner).
+ * Do not show localizations at the base level (reported by BBUser).
+ * Do not show Windows Explorer cleaner on Linux (reported by Tomás F. L.).
+ * Fulfill Fedora license file location change.
+ * Do not delete xauth under KDE (reported by mike).
+ * Remove deprecated key encoding in bleachbit.desktop.
+ * Drop support for Mandriva, which is dead.
+ * Do not show cleaner is unusable message in the console (except when debug mode is enabled or in non-final releases).
+
+-------------------------------------------------------------------
Old:
----
bleachbit-1.8.tar.bz2
New:
----
bleachbit-1.10.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ bleachbit.spec ++++++
--- /var/tmp/diff_new_pack.jUEJQx/_old 2016-03-31 13:03:39.000000000 +0200
+++ /var/tmp/diff_new_pack.jUEJQx/_new 2016-03-31 13:03:39.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package bleachbit
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 8/2011 by open-slx GmbH <Sascha.Manns(a)open-slx.de>
# Copyright (c) 2010 - 7/2011 by Sascha Manns <saigkill(a)opensuse.org>
#
@@ -19,14 +19,14 @@
Name: bleachbit
-Version: 1.8
+Version: 1.10
Release: 0
Summary: Remove unnecessary files, free space, and maintain privacy
License: GPL-3.0
Group: Productivity/File utilities
-Url: http://bleachbit.sourceforge.net/
-Source0: http://download.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
-# PATCH-FIX-OPENSUSE: use path to kde4 files as ~/.kde4
+Url: http://www.bleachbit.org/
+Source: http://download.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
+# PATCH-FIX-UPSTREAM: https://github.com/az0/bleachbit/pull/130
Patch0: bleachbit-kde-patch.patch
BuildRequires: fdupes
BuildRequires: python-setuptools
@@ -74,10 +74,16 @@
%find_lang %{name}
%fdupes -s %{buildroot}
-# Hack to fix non-executable-script
+# Fix non-executable-script
chmod +x %{buildroot}%{_datadir}/%{name}/CLI.py
chmod +x %{buildroot}%{_datadir}/%{name}/GUI.py
+%post
+%desktop_database_post
+
+%postun
+%desktop_database_postun
+
%files
%defattr(-,root,root,-)
%{_bindir}/%{name}
++++++ bleachbit-1.8.tar.bz2 -> bleachbit-1.10.tar.bz2 ++++++
++++ 56465 lines of diff (skipped)
++++++ bleachbit-kde-patch.patch ++++++
--- /var/tmp/diff_new_pack.jUEJQx/_old 2016-03-31 13:03:40.000000000 +0200
+++ /var/tmp/diff_new_pack.jUEJQx/_new 2016-03-31 13:03:40.000000000 +0200
@@ -1,28 +1,32 @@
-diff -Pdpru bleachbit-1.6.orig/cleaners/kde.xml bleachbit-1.6/cleaners/kde.xml
---- bleachbit-1.6.orig/cleaners/kde.xml 2014-11-19 04:32:54.000000000 +0100
-+++ bleachbit-1.6/cleaners/kde.xml 2014-12-02 23:08:12.090055975 +0100
-@@ -24,20 +24,19 @@
- <option id="cache">
+From 344b24eb3378270e649351711469b722d779a111 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Matthias=20Mail=C3=A4nder?=
+ <Mailaender(a)users.noreply.github.com>
+Date: Sun, 20 Mar 2016 17:10:18 +0100
+Subject: [PATCH] Add ~/.kde4 folders everywhere.
+
+---
+ cleaners/kde.xml | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/cleaners/kde.xml b/cleaners/kde.xml
+index 4cb644c..2f0a180 100644
+--- a/cleaners/kde.xml
++++ b/cleaners/kde.xml
+@@ -26,13 +26,17 @@
<label>Cache</label>
<description>Delete the cache</description>
-- <action command="delete" search="glob" path="~/.kde/cache-*/*/*"/>
-- <action command="delete" search="glob" path="~/.kde/cache-*/*"/>
+ <action command="delete" search="glob" path="~/.kde/cache-*/*/*"/>
+ <action command="delete" search="glob" path="~/.kde4/cache-*/*/*"/>
+ <action command="delete" search="glob" path="~/.kde/cache-*/*"/>
+ <action command="delete" search="glob" path="~/.kde4/cache-*/*"/>
</option>
<option id="tmp">
<label>Temporary files</label>
<description>Delete the temporary files</description>
- <warning>This option may be incompatible with kdesudo</warning>
-- <action command="delete" search="glob" path="~/.kde/tmp-*/*/*"/>
-- <action command="delete" search="glob" path="~/.kde/tmp-*/*"/>
-+ <action command="delete" search="glob" path="~/.kde4/tmp-*/*/*"/>
-+ <action command="delete" search="glob" path="~/.kde4/tmp-*/*"/>
+ <action command="delete" search="glob" path="~/.kde/tmp-*/*/*" nregex="^xauth="/>
++ <action command="delete" search="glob" path="~/.kde4/tmp-*/*/*" nregex="^xauth="/>
+ <action command="delete" search="glob" path="~/.kde/tmp-*/*" nregex="^xauth="/>
++ <action command="delete" search="glob" path="~/.kde4/tmp-*/*" nregex="^xauth="/>
</option>
<option id="recent_documents">
<label>Recent documents list</label>
- <description>Delete the list of recently used documents</description>
-- <action command="delete" search="glob" path="~/.kde/share/apps/RecentDocuments/*.desktop"/>
- <action command="delete" search="glob" path="~/.kde4/share/apps/RecentDocuments/*.desktop"/>
- </option>
- </cleaner>
1
0
Hello community,
here is the log from the commit of package rhythmbox for openSUSE:Factory checked in at 2016-03-31 13:03:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rhythmbox (Old)
and /work/SRC/openSUSE:Factory/.rhythmbox.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rhythmbox"
Changes:
--------
--- /work/SRC/openSUSE:Factory/rhythmbox/rhythmbox.changes 2016-02-17 12:23:58.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.rhythmbox.new/rhythmbox.changes 2016-03-31 13:03:37.000000000 +0200
@@ -1,0 +2,8 @@
+Sun Feb 14 10:33:47 UTC 2016 - zaitor(a)opensuse.org
+
+- Add rhythmbox-Port-to-webkit2.patch: Port to webkit2gtk3, patches
+ from upstream bug (bgo#752019).
+- Due to above port, replace pkgconfig(webkitgtk-3.0) for
+ pkgconfig(webkit2gtk-4.0) BuildRequires.
+
+-------------------------------------------------------------------
@@ -7,0 +16,22 @@
+
+-------------------------------------------------------------------
+Mon Jan 25 09:48:14 UTC 2016 - dimstar(a)opensuse.org
+
+- Update to version 3.3:
+ + New plugin supporting Android devices via gvfs-mtp.
+ + Encoding settings are now configurable per device type.
+ + Encoding settings can force lossless files to be transcoded.
+ + Bugs fixed: bgo#733830, bgo#748857, bgo#749015, bgo#751265,
+ bgo#751630, bgo#751961, bgo#752433, bgo#753359, bgo#753767,
+ bgo#755881, bgo#756992, bgo#757225, bgo#760192, bgo#761030.
+ + Updated translations.
+
+-------------------------------------------------------------------
+Wed Dec 23 22:12:27 UTC 2015 - dimstar(a)opensuse.org
+
+- Port to grilo 0.3 (bgo#759589):
+ + Add rhythmbox-grilo-0.3.patch: do the port.
+ + Replace pkgconfig(grilo-0.2) BuildRequires with
+ pkgconfig(grilo-0.3).
+ + Add libtool BuildRequires and call to autoreconf, as the patch
+ touches the build system.
Old:
----
rhythmbox-3.2.1.tar.xz
New:
----
rhythmbox-3.3.tar.xz
rhythmbox-Port-to-webkit2.patch
rhythmbox-grilo-0.3.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rhythmbox.spec ++++++
--- /var/tmp/diff_new_pack.VdMT9H/_old 2016-03-31 13:03:38.000000000 +0200
+++ /var/tmp/diff_new_pack.VdMT9H/_new 2016-03-31 13:03:38.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rhythmbox
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,28 +21,34 @@
%bcond_with visualizer
Name: rhythmbox
-Version: 3.2.1
+Version: 3.3
Release: 0
Summary: GNOME Music Management Application
License: GPL-2.0+
Group: Productivity/Multimedia/Sound/Players
Url: http://www.gnome.org/projects/rhythmbox/
-Source: http://download.gnome.org/sources/rhythmbox/3.2/%{name}-%{version}.tar.xz
+Source: http://download.gnome.org/sources/rhythmbox/3.3/%{name}-%{version}.tar.xz
+# PATCH-FEATURE-UPSTREAM rhythmbox-grilo-0.3.patch bgo#759589 dimstar(a)opensuse.org -- Port to grilo 0.3
+Patch0: rhythmbox-grilo-0.3.patch
+# PATCH-FEATURE-UPSTREAM rhythmbox-Port-to-webkit2.patch bgo#752019 zaitor(a)opensuse.org -- Port to webkit2gtk3
+Patch1: rhythmbox-Port-to-webkit2.patch
BuildRequires: gobject-introspection-devel
BuildRequires: intltool
BuildRequires: libdiscid-devel
+# Needed for patch0
+BuildRequires: libtool
BuildRequires: lirc-devel
BuildRequires: translation-update-upstream
BuildRequires: update-desktop-files
BuildRequires: vala
BuildRequires: yelp-tools
-BuildRequires: pkgconfig(grilo-0.2) >= 0.2.0
+BuildRequires: pkgconfig(grilo-0.3) >= 0.2.0
BuildRequires: pkgconfig(gstreamer-1.0) >= 0.11.92
BuildRequires: pkgconfig(gstreamer-audio-1.0) >= 0.11.02
BuildRequires: pkgconfig(gstreamer-base-1.0) >= 0.11.92
BuildRequires: pkgconfig(gstreamer-pbutils-1.0) >= 0.11.92
BuildRequires: pkgconfig(gstreamer-plugins-base-1.0) >= 0.11.92
-BuildRequires: pkgconfig(gtk+-3.0) >= 3.6.0
+BuildRequires: pkgconfig(gtk+-3.0) >= 3.12.0
BuildRequires: pkgconfig(gudev-1.0)
BuildRequires: pkgconfig(ice)
BuildRequires: pkgconfig(json-glib-1.0)
@@ -61,7 +67,7 @@
BuildRequires: pkgconfig(tdb)
BuildRequires: pkgconfig(totem-plparser) >= 3.2.0
%if %{with webkit}
-BuildRequires: pkgconfig(webkitgtk-3.0)
+BuildRequires: pkgconfig(webkit2gtk-4.0)
%endif
%if %{with visualizer}
BuildRequires: pkgconfig(clutter-1.0) >= 1.8
@@ -100,9 +106,14 @@
%lang_package
%prep
%setup -q
+%patch0 -p1
+%patch1 -p1
translation-update-upstream
%build
+# Needed for patch0
+autopoint --force
+AUTOPOINT='intltoolize --automake --copy' autoreconf --force --install --verbose
export MOZILLA_PLUGINDIR=%{_libdir}/browser-plugins
%configure\
--disable-static\
@@ -162,13 +173,11 @@
%{_libdir}/browser-plugins/librhythmbox-itms-detection-plugin.*
%dir %{_libdir}/rhythmbox
%dir %{_libdir}/rhythmbox/plugins
+%{_libdir}/rhythmbox/plugins/android/
%{_libdir}/rhythmbox/plugins/artsearch/
%{_libdir}/rhythmbox/plugins/audiocd/
%{_libdir}/rhythmbox/plugins/audioscrobbler/
%{_libdir}/rhythmbox/plugins/cd-recorder/
-%if %{with webkit}
-%{_libdir}/rhythmbox/plugins/context/
-%endif
%{_libdir}/rhythmbox/plugins/daap/
%{_libdir}/rhythmbox/plugins/dbus-media-server/
%{_libdir}/rhythmbox/plugins/fmradio/
++++++ rhythmbox-3.2.1.tar.xz -> rhythmbox-3.3.tar.xz ++++++
/work/SRC/openSUSE:Factory/rhythmbox/rhythmbox-3.2.1.tar.xz /work/SRC/openSUSE:Factory/.rhythmbox.new/rhythmbox-3.3.tar.xz differ: char 25, line 1
++++++ rhythmbox-Port-to-webkit2.patch ++++++
>From b971c9017c3295d50f2611220bd2dc58c33b7ffb Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro(a)igalia.com>
Date: Fri, 8 Jan 2016 08:41:53 -0600
Subject: [PATCH] Remove context plugin
It has not been ported to WebKit2.
Ian: "I could look at the context plugin but it seems generally a bit
broken even with wk1 so I would prefer to remove it."
---
plugins/Makefile.am | 4 ----
1 file changed, 4 deletions(-)
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index bea62b2..5f60c6a 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -24,10 +24,6 @@ SUBDIRS += \
soundcloud \
rb
-if WITH_WEBKIT
-SUBDIRS += context
-endif
-
endif # ENABLE_PYTHON
if WITH_LIRC
--
2.5.0
>From 499b26235b62f33edd551e795f3e5b6310496e0b Mon Sep 17 00:00:00 2001
From: Iain Lane <iain(a)orangesquash.org.uk>
Date: Fri, 8 Jan 2016 12:13:40 +0000
Subject: [PATCH] Port rb-podcast-properties-dialog to webkit2
---
configure.ac | 3 +-
podcast/rb-podcast-properties-dialog.c | 111 ++++++++++++++++-----------------
2 files changed, 54 insertions(+), 60 deletions(-)
diff --git a/configure.ac b/configure.ac
index 4457182..cba7789 100644
--- a/configure.ac
+++ b/configure.ac
@@ -60,7 +60,6 @@ LIBSECRET_REQS=0.18
LIBNOTIFY_REQS=0.7.0
BRASERO_MIN_REQS=2.31.5
-WEBKIT_MIN_REQS=1.3.9
PYGOBJECT_REQUIRED=3.0.0
GLIB_GSETTINGS
@@ -440,7 +439,7 @@ AC_ARG_WITH(webkit,
[Use WebKit to display HTML]),,
with_webkit=auto)
if test "x$with_webkit" != xno; then
- PKG_CHECK_MODULES(WEBKIT, [webkitgtk-3.0 >= $WEBKIT_MIN_REQS], have_webkit=yes, have_webkit=no)
+ PKG_CHECK_MODULES(WEBKIT, [webkit2gtk-4.0], have_webkit=yes, have_webkit=no)
if test "x$have_webkit" = "xno" -a "x$with_webkit" = "xyes"; then
AC_MSG_ERROR([WebKit support explicitly requested, but WebKit could not be found])
fi
diff --git a/podcast/rb-podcast-properties-dialog.c b/podcast/rb-podcast-properties-dialog.c
index 531958d..283687e 100644
--- a/podcast/rb-podcast-properties-dialog.c
+++ b/podcast/rb-podcast-properties-dialog.c
@@ -36,7 +36,7 @@
#include <glib.h>
#if defined(WITH_WEBKIT)
-#include <webkit/webkit.h>
+#include <webkit2/webkit2.h>
#endif
#include "rb-podcast-properties-dialog.h"
@@ -170,43 +170,63 @@ rb_podcast_properties_dialog_class_init (RBPodcastPropertiesDialogClass *klass)
#if defined(WITH_WEBKIT)
-static WebKitNavigationResponse
-navigation_requested_cb (WebKitWebView *web_view,
- WebKitWebFrame *frame,
- WebKitNetworkRequest *request,
- RBPodcastPropertiesDialog *dialog)
+static gboolean
+decide_policy_cb (WebKitWebView *web_view,
+ WebKitPolicyDecision *decision,
+ WebKitPolicyDecisionType type,
+ gpointer user_data)
{
const char *uri;
GError *error = NULL;
int i;
-
- uri = webkit_network_request_get_uri (request);
-
- /* ignore some obnoxious social networking stuff */
- for (i = 0; i < G_N_ELEMENTS (ignore_uris); i++) {
- if (g_str_has_prefix (uri, ignore_uris[i])) {
- rb_debug ("ignoring external URI %s", uri);
- return WEBKIT_NAVIGATION_RESPONSE_IGNORE;
- }
+ WebKitNavigationPolicyDecision *navigation_decision;
+ WebKitURIRequest *request;
+ RBPodcastPropertiesDialog *dialog = (RBPodcastPropertiesDialog *) user_data;
+
+
+ switch (type)
+ {
+ case WEBKIT_POLICY_DECISION_TYPE_NAVIGATION_ACTION:
+ navigation_decision = WEBKIT_NAVIGATION_POLICY_DECISION (decision);
+ request = webkit_navigation_policy_decision_get_request (navigation_decision);
+ uri = webkit_uri_request_get_uri (request);
+
+ /* from _load_plain_text or _load_html */
+ if (g_strcmp0 (uri, "about:blank") == 0)
+ {
+ webkit_policy_decision_use (decision);
+ return TRUE;
+ }
+
+ webkit_policy_decision_ignore (decision);
+
+ /* ignore some obnoxious social networking stuff */
+ for (i = 0; i < G_N_ELEMENTS (ignore_uris); i++) {
+ if (g_str_has_prefix (uri, ignore_uris[i])) {
+ rb_debug ("ignoring external URI %s", uri);
+ return TRUE;
+ }
+ }
+
+ gtk_show_uri (gtk_widget_get_screen (GTK_WIDGET (dialog)), uri, GDK_CURRENT_TIME, &error);
+ if (error != NULL) {
+ rb_error_dialog (NULL, _("Unable to display requested URI"), "%s", error->message);
+ g_error_free (error);
+ }
+
+ default:
+ webkit_policy_decision_ignore (decision);
+ return FALSE;
}
-
- gtk_show_uri (gtk_widget_get_screen (GTK_WIDGET (dialog)), uri, GDK_CURRENT_TIME, &error);
- if (error != NULL) {
- rb_error_dialog (NULL, _("Unable to display requested URI"), "%s", error->message);
- g_error_free (error);
- }
-
- return WEBKIT_NAVIGATION_RESPONSE_IGNORE;
}
static void
set_webkit_settings (WebKitWebView *view)
{
- WebKitWebSettings *settings;
+ WebKitSettings *settings;
- settings = webkit_web_settings_new ();
- g_object_set (settings,
- "enable-scripts", FALSE,
+ settings = webkit_settings_new_with_settings (
+ "enable-javascript", FALSE,
"enable-plugins", FALSE,
NULL);
webkit_web_view_set_settings (view, settings);
@@ -215,7 +235,7 @@ set_webkit_settings (WebKitWebView *view)
static void
set_webkit_font_from_gtk_style (WebKitWebView *view)
{
- WebKitWebSettings *settings;
+ WebKitSettings *settings;
const PangoFontDescription *font_desc;
GtkStyleContext *style;
int font_size;
@@ -293,8 +313,8 @@ rb_podcast_properties_dialog_init (RBPodcastPropertiesDialog *dialog)
set_webkit_font_from_gtk_style (WEBKIT_WEB_VIEW (dialog->priv->description));
g_signal_connect_object (dialog->priv->description,
- "navigation-requested",
- G_CALLBACK (navigation_requested_cb),
+ "decide-policy",
+ G_CALLBACK (decide_policy_cb),
dialog,
0);
#else
@@ -656,51 +676,26 @@ rb_podcast_properties_dialog_update_date (RBPodcastPropertiesDialog *dialog)
g_free (time);
}
-#if defined(WITH_WEBKIT)
-static gboolean
-update_scrollbar_policy_cb (WebKitWebFrame *frame, RBPodcastPropertiesDialog *dialog)
-{
- gtk_scrolled_window_set_policy (GTK_SCROLLED_WINDOW (dialog->priv->description_window),
- webkit_web_frame_get_horizontal_scrollbar_policy (frame),
- webkit_web_frame_get_vertical_scrollbar_policy (frame));
- return TRUE;
-}
-
-#endif
-
static void
rb_podcast_properties_dialog_update_description (RBPodcastPropertiesDialog *dialog)
{
#if defined(WITH_WEBKIT)
- WebKitWebFrame *frame;
const char *str;
int i;
gboolean loaded = FALSE;
str = rhythmdb_entry_get_string (dialog->priv->current_entry, RHYTHMDB_PROP_DESCRIPTION);
for (i = 0; i < G_N_ELEMENTS (html_clues); i++) {
if (g_strstr_len (str, -1, html_clues[i]) != NULL) {
- webkit_web_view_load_html_string (WEBKIT_WEB_VIEW (dialog->priv->description),
+ webkit_web_view_load_html (WEBKIT_WEB_VIEW (dialog->priv->description),
str,
- "");
+ NULL);
loaded = TRUE;
}
}
if (loaded == FALSE) {
- webkit_web_view_load_string (WEBKIT_WEB_VIEW (dialog->priv->description),
- str,
- "text/plain",
- "utf-8",
- "");
+ webkit_web_view_load_plain_text (WEBKIT_WEB_VIEW (dialog->priv->description), str);
}
-
- /* ensure scrollbar policy for the frame matches the viewport */
- frame = webkit_web_view_get_main_frame (WEBKIT_WEB_VIEW (dialog->priv->description));
- g_signal_connect_object (frame,
- "scrollbars-policy-changed",
- G_CALLBACK (update_scrollbar_policy_cb),
- dialog, 0);
- update_scrollbar_policy_cb (frame, dialog);
#else
const char *str;
str = rhythmdb_entry_get_string (dialog->priv->current_entry, RHYTHMDB_PROP_DESCRIPTION);
--
2.7.0.rc3
++++++ rhythmbox-grilo-0.3.patch ++++++
@@ -, +, @@
configure.ac | 4 ++--
plugins/grilo/rb-grilo-plugin.c | 2 +-
plugins/grilo/rb-grilo-source.c | 10 +++++-----
3 files changed, 8 insertions(+), 8 deletions(-)
--- a/configure.ac
+++ a/configure.ac
@@ -54,7 +54,7 @@ LIBSOUP_REQS=2.34.0
GUDEV_REQS=143
LIBMTP_REQS=0.3.0
LIBPEAS_REQS=0.7.3
-GRILO_REQS=0.2.0
+GRILO_REQS=0.3.0
LIBXML2_REQS=2.7.8
LIBSECRET_REQS=0.18
@@ -714,7 +714,7 @@ AC_ARG_ENABLE(grilo,
[Disable Grilo support]),,
enable_grilo=auto)
if test "x$enable_grilo" != "xno"; then
- PKG_CHECK_MODULES(GRILO, grilo-0.2 >= $GRILO_REQS, have_grilo=yes, have_grilo=no)
+ PKG_CHECK_MODULES(GRILO, grilo-0.3 >= $GRILO_REQS, have_grilo=yes, have_grilo=no)
if test "x$have_grilo" = "xno" -a "x$enable_grilo" = "xyes"; then
AC_MSG_ERROR([Grilo support explicitly requested, but grilo couldn not be found])
fi
--- a/plugins/grilo/rb-grilo-plugin.c
+++ a/plugins/grilo/rb-grilo-plugin.c
@@ -213,7 +213,7 @@ impl_activate (PeasActivatable *plugin)
pi->registry = grl_registry_get_default ();
g_signal_connect (pi->registry, "source-added", G_CALLBACK (grilo_source_added_cb), pi);
g_signal_connect (pi->registry, "source-removed", G_CALLBACK (grilo_source_removed_cb), pi);
- if (grl_registry_load_all_plugins (pi->registry, &error) == FALSE) {
+ if (grl_registry_load_all_plugins (pi->registry, TRUE, &error) == FALSE) {
g_warning ("Failed to load Grilo plugins: %s", error->message);
g_clear_error (&error);
}
--- a/plugins/grilo/rb-grilo-source.c
+++ a/plugins/grilo/rb-grilo-source.c
@@ -524,7 +524,7 @@ make_operation_options (RBGriloSource *source, GrlSupportedOps op, int position)
grl_operation_options_set_count (options,
CONTAINER_FETCH_SIZE);
grl_operation_options_set_type_filter (options, GRL_TYPE_FILTER_AUDIO);
- grl_operation_options_set_flags (options, GRL_RESOLVE_NORMAL);
+ grl_operation_options_set_resolution_flags (options, GRL_RESOLVE_NORMAL);
return options;
}
@@ -684,7 +684,7 @@ grilo_browse_cb (GrlSource *grilo_source, guint operation_id, GrlMedia *media, g
source->priv->browse_position++;
}
- if (media && GRL_IS_MEDIA_BOX (media)) {
+ if (media && grl_media_is_container (media)) {
GtkTreeIter new_row;
if (source->priv->browse_container == NULL) {
@@ -724,7 +724,7 @@ grilo_browse_cb (GrlSource *grilo_source, guint operation_id, GrlMedia *media, g
2, CONTAINER_MARKER,
3, 0,
-1);
- } else if (media && GRL_IS_MEDIA_AUDIO (media)) {
+ } else if (media && grl_media_is_audio (media)) {
source->priv->browse_got_media = TRUE;
}
@@ -854,7 +854,7 @@ grilo_media_browse_cb (GrlSource *grilo_source, guint operation_id, GrlMedia *me
source->priv->media_browse_got_results = TRUE;
source->priv->media_browse_position++;
- if (GRL_IS_MEDIA_AUDIO (media)) {
+ if (grl_media_is_audio (media)) {
RhythmDBEntry *entry;
entry = create_entry_for_media (source->priv->db,
source->priv->entry_type,
@@ -863,7 +863,7 @@ grilo_media_browse_cb (GrlSource *grilo_source, guint operation_id, GrlMedia *me
if (entry != NULL) {
rhythmdb_query_model_add_entry (source->priv->query_model, entry, -1);
}
- } else if (GRL_IS_MEDIA_BOX (media)) {
+ } else if (grl_media_is_container (media)) {
source->priv->media_browse_got_containers = TRUE;
}
}
1
0
Hello community,
here is the log from the commit of package yast2-vpn for openSUSE:Factory checked in at 2016-03-31 13:03:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-vpn (Old)
and /work/SRC/openSUSE:Factory/.yast2-vpn.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-vpn"
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-vpn/yast2-vpn.changes 2015-10-28 17:30:51.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.yast2-vpn.new/yast2-vpn.changes 2016-03-31 13:03:35.000000000 +0200
@@ -1,0 +2,10 @@
+Thu Mar 24 11:15:40 UTC 2016 - hguo(a)suse.com
+
+- Fix several important issues:
+ * Properly reduce TCP MSS instead of setting it to a fixed value.
+ * Force UDP encapsulation in case of IPv4 gateway.
+ * Fix two cases of incorrect SUSEfirewall and iptables configuration.
+
+Further implements fate#320616.
+
+-------------------------------------------------------------------
Old:
----
yast2-vpn-3.1.2.tar.bz2
New:
----
yast2-vpn-3.1.3.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-vpn.spec ++++++
--- /var/tmp/diff_new_pack.B5jnFa/_old 2016-03-31 13:03:36.000000000 +0200
+++ /var/tmp/diff_new_pack.B5jnFa/_new 2016-03-31 13:03:36.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package yast2-vpn
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: yast2-vpn
-Version: 3.1.2
+Version: 3.1.3
Release: 0
Url: https://github.com/yast/yast-vpn
Source0: %{name}-%{version}.tar.bz2
++++++ yast2-vpn-3.1.2.tar.bz2 -> yast2-vpn-3.1.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-vpn-3.1.2/package/yast2-vpn.changes new/yast2-vpn-3.1.3/package/yast2-vpn.changes
--- old/yast2-vpn-3.1.2/package/yast2-vpn.changes 2015-10-27 09:42:34.000000000 +0100
+++ new/yast2-vpn-3.1.3/package/yast2-vpn.changes 2016-03-30 09:32:33.000000000 +0200
@@ -1,4 +1,14 @@
-------------------------------------------------------------------
+Thu Mar 24 11:15:40 UTC 2016 - hguo(a)suse.com
+
+- Fix several important issues:
+ * Properly reduce TCP MSS instead of setting it to a fixed value.
+ * Force UDP encapsulation in case of IPv4 gateway.
+ * Fix two cases of incorrect SUSEfirewall and iptables configuration.
+
+Further implements fate#320616.
+
+-------------------------------------------------------------------
Tue Oct 27 08:42:26 UTC 2015 - hguo(a)suse.com
- Fix build failure on Leap.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-vpn-3.1.2/package/yast2-vpn.spec new/yast2-vpn-3.1.3/package/yast2-vpn.spec
--- old/yast2-vpn-3.1.2/package/yast2-vpn.spec 2015-10-27 09:42:24.000000000 +0100
+++ new/yast2-vpn-3.1.3/package/yast2-vpn.spec 2016-03-30 09:32:33.000000000 +0200
@@ -16,7 +16,7 @@
#
Name: yast2-vpn
-Version: 3.1.2
+Version: 3.1.3
Release: 0
License: GPL-2.0
URL: https://github.com/yast/yast-vpn
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-vpn-3.1.2/src/lib/vpn/ipsec.rb new/yast2-vpn-3.1.3/src/lib/vpn/ipsec.rb
--- old/yast2-vpn-3.1.2/src/lib/vpn/ipsec.rb 2015-09-07 14:42:44.000000000 +0200
+++ new/yast2-vpn-3.1.3/src/lib/vpn/ipsec.rb 2016-03-30 09:32:33.000000000 +0200
@@ -413,6 +413,9 @@
end
end
get_current_conn[param_name] = val
+ if val == nil
+ get_current_conn.delete(param_name)
+ end
end
# Change gateway password.
@@ -518,16 +521,14 @@
conn_template = SCENARIO_TEMPLATES[conf["scenario"]]
# Find customised parameters
customisation = conf.select{|key, val| conn_template[key] == nil}
- # Remove keys that don't belong to the scenario
- customisation.delete_if {|key, val| !conn_template.has_key?(key)}
# Merge customised with the template
merged_conf = conn_template.merge(customisation)
# Remove parameters that aren't configuration or don't belong to the scenario
merged_conf.delete("name")
merged_conf.delete("scenario")
# Find blanks that aren't filled
- param_blanks = merged_conf.select{|key, val| val == nil || val.strip == ""}.keys
- if param_blanks.length > 0
+ param_blanks = merged_conf.select{|_key, val| val.to_s.strip == ""}.keys
+ if param_blanks.any?
unfilled_blanks[name] = param_blanks
end
scr_conf[name] = merged_conf
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-vpn-3.1.2/src/lib/vpn/main_dialog.rb new/yast2-vpn-3.1.3/src/lib/vpn/main_dialog.rb
--- old/yast2-vpn-3.1.2/src/lib/vpn/main_dialog.rb 2015-09-07 13:33:28.000000000 +0200
+++ new/yast2-vpn-3.1.3/src/lib/vpn/main_dialog.rb 2016-03-30 09:32:33.000000000 +0200
@@ -67,7 +67,7 @@
VBox(
Left(CheckBox(Id(:enable_daemon), _("Enable VPN daemon"), Yast::IPSecConf.DaemonEnabled?)),
Left(HBox(
- CheckBox(Id(:fix_mss), _("Reduce TCP MSS"), Yast::IPSecConf.TCPMSS1024Enabled?),
+ CheckBox(Id(:fix_mss), _("Reduce TCP MSS"), Yast::IPSecConf.TCPReduceMSS?),
PushButton(Id(:fix_mss_help), "?")))
)),
Frame(_("All VPNs"), ReplacePoint(Id(:conn_list), Empty())),
@@ -84,7 +84,7 @@
),
HBox(
PushButton(Id(:ok), Yast::Label.OKButton),
- PushButton(Id(:abort), Yast::Label.AbortButton)
+ PushButton(Id(:cancel), Yast::Label.CancelButton)
)
)
end
@@ -156,7 +156,7 @@
# Save new settings and apply
Yast::IPSecConf.Import({
"enable_ipsec" => enable_daemon,
- "tcp_mss_1024" => !!Yast::UI.QueryWidget(:fix_mss, :Value),
+ "tcp_reduce_mss" => !!Yast::UI.QueryWidget(:fix_mss, :Value),
"ipsec_conns" => scr_conf,
"ipsec_secrets" => IPSec.make_scr_secrets
})
@@ -188,11 +188,9 @@
end
end
- # Abandon all changes and quit.
- def abort_handler
- if Yast::Popup.ReallyAbort(true)
- finish_dialog(:abort)
- end
+ # Quit the dialog.
+ def cancel_handler
+ finish_dialog(:cancel)
end
# Select a connection from connection list, load its configuration.
@@ -212,6 +210,8 @@
else
IPSec.change_conn_param("rightsubnet", "0.0.0.0/0")
end
+ # Force UDP encapsulation only for IPv4 (it does not work for v6)
+ IPSec.change_conn_param("forceencaps", "yes")
# Disable specific subnet input
Yast::UI.ChangeWidget(Id(:conn_access_subnet), :Enabled, false)
Yast::UI.ChangeWidget(Id(:conn_access_subnet), :Value, "")
@@ -225,6 +225,8 @@
else
IPSec.change_conn_param("rightsubnet", "::/0")
end
+ # If this was an IPv4 gateway and now an IPv6 gateway, make sure there's no forceencaps
+ IPSec.change_conn_param("forceencaps", nil)
# Disable specific subnet input
Yast::UI.ChangeWidget(Id(:conn_access_subnet), :Enabled, false)
Yast::UI.ChangeWidget(Id(:conn_access_subnet), :Value, "")
@@ -239,6 +241,8 @@
# Client: specify networks (CIDRs) accessed via IPSec tunnel.
def conn_access_subnet_handler
subnet = Yast::UI.QueryWidget(Id(:conn_access_subnet), :Value)
+ # Since I cannot tell whether the new subnet is v4 or v6, get rid of forceencaps.
+ IPSec.change_conn_param("forceencaps", nil)
if IPSec.get_current_conn_type == :gateway
IPSec.change_conn_param("leftsubnet", subnet)
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-vpn-3.1.2/src/modules/IPSecConf.rb new/yast2-vpn-3.1.3/src/modules/IPSecConf.rb
--- old/yast2-vpn-3.1.2/src/modules/IPSecConf.rb 2015-09-09 10:39:50.000000000 +0200
+++ new/yast2-vpn-3.1.3/src/modules/IPSecConf.rb 2016-03-30 09:32:33.000000000 +0200
@@ -30,6 +30,9 @@
include Yast::Logger
FW_CUSTOMRULES_FILE = "/etc/YaST2/vpn_firewall_rules"
+ # If TCP MSS reduction is required, the new MSS will be this value.
+ REDUCED_MSS = 1220
+
def initialize
log.info "IPSecConf is initialised"
@orig_conf = {}
@@ -41,7 +44,7 @@
@ipsec_secrets = {"psk" => [], "rsa" => [], "eap" => [], "xauth" => []}
@enable_ipsec = false
- @tcp_mss_1024 = false
+ @tcp_reduce_mss = false
@autoyast_modified = false
end
@@ -58,7 +61,7 @@
# Read daemon settings
@enable_ipsec = Service.Enabled("strongswan")
customrules_content = SCR.Read(path(".target.string"), FW_CUSTOMRULES_FILE)
- @tcp_mss_1024 = !customrules_content.nil? && customrules_content.include?("--set-mss 1024")
+ @tcp_reduce_mss = !customrules_content.nil? && customrules_content.include?("--set-mss #{REDUCED_MSS}")
@autoyast_modified = true
end
@@ -97,9 +100,9 @@
return @enable_ipsec
end
- # Return true if TCP MSS 1024 workaround is enabled, otherwise false.
- def TCPMSS1024Enabled?
- return @tcp_mss_1024
+ # Return true if TCP MSS reduction workaround is enabled, otherwise false.
+ def TCPReduceMSS?
+ return @tcp_reduce_mss
end
# Create a firewall configuration script for all VPN gateways. Return the script content
@@ -129,19 +132,18 @@
script << func_template % {func_name: "fw_custom_before_port_handling", content: ""}
# Reduce TCP MSS - if this has to be done, it must come before FORWARD and MASQUERADE
inet_access = ""
- if @tcp_mss_1024
- inet_access += "iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1024\n" +
- "ip6tables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1024\n"
+ if @tcp_reduce_mss
+ inet_access += "iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss #{REDUCED_MSS+1}:65535 -j TCPMSS --set-mss #{REDUCED_MSS}\n" +
+ "ip6tables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss #{REDUCED_MSS+1}:65535 -j TCPMSS --set-mss #{REDUCED_MSS}\n"
end
# Forwarding for Internet access
- forward_template = "%s -A FORWARD -s %s -j ACCEPT\n"
- masq_template = "%s -t nat -A POSTROUTING -s %s -j MASQUERADE\n"
inet_access_networks.each { |cidr|
iptables = "iptables"
if cidr.include?(":")
iptables = "ip6tables"
end
- inet_access += forward_template % [iptables, cidr] + masq_template % [iptables, cidr]
+ inet_access += "#{iptables} -A FORWARD -s #{cidr} -j ACCEPT\n#{iptables} -A FORWARD -d #{cidr} -j ACCEPT\n"
+ inet_access += "#{iptables} -t nat -A POSTROUTING -s #{cidr} -j MASQUERADE\n"
}
script << func_template % {func_name: "fw_custom_before_masq", content: inet_access}
# Nothing in denyall or finished
@@ -219,6 +221,7 @@
SCR.Write(path(".sysconfig.SuSEfirewall2.FW_CUSTOMRULES"), existing_rules + FW_CUSTOMRULES_FILE)
SCR.Write(path(".sysconfig.SuSEfirewall2"), nil)
end
+ SuSEFirewall.Read
if SuSEFirewall.IsEnabled
if @enable_ipsec
if !SuSEFirewall.IsStarted
@@ -255,7 +258,7 @@
return false
end
@enable_ipsec = !!params["enable_ipsec"]
- @tcp_mss_1024 = !!params["tcp_mss_1024"]
+ @tcp_reduce_mss = !!params["tcp_reduce_mss"]
@ipsec_conns = params.fetch("ipsec_conns", {})
@ipsec_secrets = params.fetch("ipsec_secrets", {})
@autoyast_modified = true
@@ -267,7 +270,7 @@
log.info("IPSecConf.Export is called, connections are: " + @ipsec_conns.keys.to_s)
return {
"enable_ipsec" => @enable_ipsec,
- "tcp_mss_1024" => @tcp_mss_1024,
+ "tcp_reduce_mss" => @tcp_reduce_mss,
"ipsec_conns" => @ipsec_conns,
"ipsec_secrets" => @ipsec_secrets
}
@@ -278,7 +281,7 @@
log.info("IPSecConf.Summary is called")
ret = Summary.AddHeader("", _("VPN Global Settings"))
ret = Summary.AddLine(ret, _("Enable VPN (IPSec) daemon: %s") % [(!!(a)enable_ipsec).to_s])
- ret = Summary.AddLine(ret, _("Reduce TCP MSS to 1024: %s") % [(!!(a)tcp_mss_1024).to_s])
+ ret = Summary.AddLine(ret, _("Reduce TCP MSS: %s") % [(!!(a)tcp_reduce_mss).to_s])
ret = Summary.AddHeader(ret, _("Gateway and Connections"))
if @ipsec_conns != nil
@ipsec_conns.each{|name, conf|
@@ -320,7 +323,7 @@
@ipsec_secrets = {"psk" => [], "rsa" => [], "eap" => [], "xauth" => []}
@enable_ipsec = false
- @tcp_mss_1024 = false
+ @tcp_reduce_mss = false
@autoyast_modified = false
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-vpn-3.1.2/test/ipsec_test.rb new/yast2-vpn-3.1.3/test/ipsec_test.rb
--- old/yast2-vpn-3.1.2/test/ipsec_test.rb 2015-10-27 09:42:05.000000000 +0100
+++ new/yast2-vpn-3.1.3/test/ipsec_test.rb 2016-03-30 09:32:33.000000000 +0200
@@ -19,10 +19,7 @@
# Summary: Test the functions and features of IPSec configuration models.
# Authors: Howard Guo <hguo(a)suse.com>
-ENV["Y2DIR"] = File.expand_path("../../src", __FILE__)
-
-require "yast"
-require "yast/rspec"
+require_relative "./test_helper"
require "vpn/ipsec"
describe VPN::IPSec do
@@ -327,7 +324,7 @@
end
describe ".make_scr_conf" do
- it "Makes SCR-compatible IPSec config" do
+ it "Makes SCR-compatible IPSec config with new parameter assignments" do
# Introduce unnecessary parameters, make_scr_conf will get rid of these
VPN::IPSec.switch_conn("gw_psk0")
VPN::IPSec.change_conn_param("abc", 123)
@@ -348,6 +345,7 @@
"dpdtimeout"=>"600",
"dpddelay"=>"60",
"leftsubnet"=>"192.168.82.0/24",
+ "abc" => 123,
"rightsourceip"=>"192.168.83.0/24"},
"gw_cert1"=>
{"auto"=>"add",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-vpn-3.1.2/test/ipsecconf_test.rb new/yast2-vpn-3.1.3/test/ipsecconf_test.rb
--- old/yast2-vpn-3.1.2/test/ipsecconf_test.rb 2015-10-27 09:41:55.000000000 +0100
+++ new/yast2-vpn-3.1.3/test/ipsecconf_test.rb 2016-03-30 09:32:33.000000000 +0200
@@ -19,10 +19,7 @@
# Summary: Test the functions and features of IPSec configuration agents.
# Authors: Howard Guo <hguo(a)suse.com>
-ENV["Y2DIR"] = File.expand_path("../../src", __FILE__)
-
-require "yast"
-require "yast/rspec"
+require_relative "./test_helper"
Yast.import "IPSecConf"
describe Yast::IPSecConf do
@@ -211,9 +208,9 @@
it "Creates a SuSE firewall script for all connections" do
# Set reduce MSS to true
exported = Yast::IPSecConf.Export
- exported["tcp_mss_1024"] = true
+ exported["tcp_reduce_mss"] = true
Yast::IPSecConf.Import(exported)
- expect(Yast::IPSecConf.GenFirewallScript).to eq("""# The file is automatically generated by YaST VPN module.
+ expect(Yast::IPSecConf.GenFirewallScript).to eq "# The file is automatically generated by YaST VPN module.
# You may run the file using bourne-shell-compatible interpreter.
fw_custom_after_chain_creation() {
iptables -A INPUT -p udp --dport 500 -j ACCEPT
@@ -230,13 +227,16 @@
}
fw_custom_before_port_handling
fw_custom_before_masq() {
-iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1024
-ip6tables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1024
+iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1221:65535 -j TCPMSS --set-mss 1220
+ip6tables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1221:65535 -j TCPMSS --set-mss 1220
iptables -A FORWARD -s 192.168.83.0/24 -j ACCEPT
+iptables -A FORWARD -d 192.168.83.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.83.0/24 -j MASQUERADE
iptables -A FORWARD -s 192.168.98.0/24 -j ACCEPT
+iptables -A FORWARD -d 192.168.98.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.98.0/24 -j MASQUERADE
iptables -A FORWARD -s 192.168.99.0/24 -j ACCEPT
+iptables -A FORWARD -d 192.168.99.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.99.0/24 -j MASQUERADE
true
}
@@ -249,7 +249,7 @@
true
}
fw_custom_after_finished
-""")
+"
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-vpn-3.1.2/test/test_helper.rb new/yast2-vpn-3.1.3/test/test_helper.rb
--- old/yast2-vpn-3.1.2/test/test_helper.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-vpn-3.1.3/test/test_helper.rb 2016-03-30 09:32:33.000000000 +0200
@@ -0,0 +1,22 @@
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of version 2 of the GNU General Public License as published by the
+# Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; if not, contact SUSE Linux GmbH.
+#
+# ------------------------------------------------------------------------------
+#
+# Summary: Common header for test source files.
+# Authors: Howard Guo <hguo(a)suse.com>
+
+ENV["Y2DIR"] = File.expand_path("../../src", __FILE__)
+
+require "yast"
+require "yast/rspec"
1
0