January 2017 - openSUSE Commits - openSUSE Mailing Lists

commit unar for openSUSE:Factory
by root＠hilbertn.suse.de 25 Jan '17

25 Jan '17

Hello community, here is the log from the commit of package unar for openSUSE:Factory checked in at 2017-01-25 23:33:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/unar (Old) and /work/SRC/openSUSE:Factory/.unar.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "unar" Changes: -------- --- /work/SRC/openSUSE:Factory/unar/unar.changes 2017-01-24 10:39:23.299397950 +0100 +++ /work/SRC/openSUSE:Factory/.unar.new/unar.changes 2017-01-25 23:33:55.299032540 +0100 @@ -1,0 +2,5 @@ +Mon Jan 23 13:00:03 UTC 2017 - aloisio(a)gmx.com + +- Added missing build dependency. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ unar.spec ++++++ --- /var/tmp/diff_new_pack.vxP76G/_old 2017-01-25 23:33:55.930937319 +0100 +++ /var/tmp/diff_new_pack.vxP76G/_new 2017-01-25 23:33:55.934936717 +0100 @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: unar Version: 1.10.1 Release: 0 @@ -31,6 +32,7 @@ BuildRequires: gcc-c++ BuildRequires: gcc-objc BuildRequires: gnustep-base-devel +BuildRequires: gnustep-make BuildRequires: libbz2-devel BuildRequires: libicu-devel BuildRequires: unzip

1 0

commit openvpn for openSUSE:Factory
by root＠hilbertn.suse.de 25 Jan '17

25 Jan '17

Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2017-01-25 23:33:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openvpn" Changes: -------- --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2017-01-10 10:52:01.367138159 +0100 +++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2017-01-25 23:33:51.207649062 +0100 @@ -1,0 +2,34 @@ +Sun Jan 22 15:21:17 UTC 2017 - mrueckert(a)suse.de + +- silence warning about %{_rundir}/openvpn + - for non systemd case: just package the %{_rundir}/openvpn in + the package + - for systemd case: call systemd-tmpfiles and own the dir as + %ghost in the filelist + +------------------------------------------------------------------- +Sun Jan 22 14:51:44 UTC 2017 - mrueckert(a)suse.de + +- refreshed patches to apply cleanly again + openvpn-2.3-plugin-man.dif + openvpn-fips140-2.3.2.patch + +------------------------------------------------------------------- +Sun Jan 22 14:47:39 UTC 2017 - mrueckert(a)suse.de + +- update to 2.3.14 + - update year in copyright message + - Document the --auth-token option + - Repair topology subnet on FreeBSD 11 + - Repair topology subnet on OpenBSD + - Drop recursively routed packets + - Support --block-outside-dns on multiple tunnels + - When parsing '--setenv opt xx ..' make sure a third parameter + is present + - Map restart signals from event loop to SIGTERM during + exit-notification wait + - Correctly state the default dhcp server address in man page + - Clean up format_hex_ex() +- enabled pkcs11 support + +------------------------------------------------------------------- Old: ---- openvpn-2.3.13.tar.xz openvpn-2.3.13.tar.xz.asc New: ---- openvpn-2.3.14.tar.xz openvpn-2.3.14.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openvpn.spec ++++++ --- /var/tmp/diff_new_pack.NzaYsJ/_old 2017-01-25 23:33:52.127510450 +0100 +++ /var/tmp/diff_new_pack.NzaYsJ/_new 2017-01-25 23:33:52.131509847 +0100 @@ -1,7 +1,7 @@ # # spec file for package openvpn # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,7 +32,7 @@ %else PreReq: %insserv_prereq %fillup_prereq %endif -Version: 2.3.13 +Version: 2.3.14 Release: 0 Summary: Full-featured SSL VPN solution using a TUN/TAP Interface License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 @@ -154,6 +154,7 @@ --enable-iproute2 \ --enable-x509-alt-username \ --enable-password-save \ + --enable-pkcs11 \ %if %{with_systemd} --enable-systemd \ %endif @@ -194,8 +195,8 @@ find sample -name .gitignore | xargs rm -f %post -%__mkdir_p -m750 %{_rundir}/openvpn %if %{with_systemd} +systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf ||: %service_add_post %{name}.target # try to migrate openvpn.service autostart to openvpn@<CONF>.service if test ${FIRST_ARG:-$1} -ge 1 -a \ @@ -265,13 +266,14 @@ %{_unitdir}/%{name}@.service %{_unitdir}/%{name}.target %{_libexecdir}/tmpfiles.d/%{name}.conf +%dir %attr(0750,root,root) %ghost %{_rundir}/openvpn/ %else %config %{_sysconfdir}/init.d/openvpn /var/adm/fillup-templates/sysconfig.openvpn +%dir %attr(750,root,root) %{_rundir}/openvpn/ %endif %{_sbindir}/rcopenvpn %{_sbindir}/openvpn -%attr(0750,root,root) %dir %ghost %{_rundir}/openvpn %files down-root-plugin %defattr(-,root,root) ++++++ openvpn-2.3-plugin-man.dif ++++++ --- /var/tmp/diff_new_pack.NzaYsJ/_old 2017-01-25 23:33:52.191500807 +0100 +++ /var/tmp/diff_new_pack.NzaYsJ/_new 2017-01-25 23:33:52.191500807 +0100 @@ -1,6 +1,8 @@ ---- doc/openvpn.8 -+++ doc/openvpn.8 2015/03/02 08:58:02 -@@ -2569,12 +2569,11 @@ plug-in modules, see the README file in +Index: doc/openvpn.8 +=================================================================== +--- doc/openvpn.8.orig ++++ doc/openvpn.8 +@@ -2690,12 +2690,11 @@ plug-in modules, see the README file in .B plugin folder of the OpenVPN source distribution. ++++++ openvpn-2.3.13.tar.xz -> openvpn-2.3.14.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/ChangeLog new/openvpn-2.3.14/ChangeLog --- old/openvpn-2.3.13/ChangeLog 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/ChangeLog 2016-12-07 12:35:43.000000000 +0100 @@ -1,6 +1,30 @@ OpenVPN Change Log Copyright (C) 2002-2015 OpenVPN Technologies, Inc. <sales(a)openvpn.net> +2016.12.06 -- Version 2.3.14 +Christian Hesse (1): + update year in copyright message + +David Sommerseth (1): + Document the --auth-token option + +Gert Doering (2): + Repair topology subnet on FreeBSD 11 + Repair topology subnet on OpenBSD + +Lev Stipakov (1): + Drop recursively routed packets + +Selva Nair (4): + Support --block-outside-dns on multiple tunnels + When parsing '--setenv opt xx ..' make sure a third parameter is present + Map restart signals from event loop to SIGTERM during exit-notification wait + Correctly state the default dhcp server address in man page + +Steffan Karger (1): + Clean up format_hex_ex() + + 2016.11.02 -- Version 2.3.13 Arne Schwabe (2): Use AES ciphers in our sample configuration files and add a few modern 2.4 examples diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/Makefile.in new/openvpn-2.3.14/Makefile.in --- old/openvpn-2.3.13/Makefile.in 2016-11-03 09:52:54.000000000 +0100 +++ new/openvpn-2.3.14/Makefile.in 2016-12-07 12:36:12.000000000 +0100 @@ -113,8 +113,8 @@ $(srcdir)/config.h.in $(srcdir)/version.sh.in \ $(am__dist_doc_DATA_DIST) $(am__dist_noinst_DATA_DIST) \ $(dist_noinst_HEADERS) AUTHORS COPYING ChangeLog INSTALL NEWS \ - README compile config.guess config.sub install-sh missing \ - ltmain.sh + README compile config.guess config.sub depcomp install-sh \ + missing ltmain.sh ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \ $(top_srcdir)/m4/ax_socklen_t.m4 \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/configure new/openvpn-2.3.14/configure --- old/openvpn-2.3.13/configure 2016-11-03 09:52:52.000000000 +0100 +++ new/openvpn-2.3.14/configure 2016-12-07 12:36:14.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for OpenVPN 2.3.13. +# Generated by GNU Autoconf 2.69 for OpenVPN 2.3.14. # # Report bugs to <openvpn-users(a)lists.sourceforge.net>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='OpenVPN' PACKAGE_TARNAME='openvpn' -PACKAGE_VERSION='2.3.13' -PACKAGE_STRING='OpenVPN 2.3.13' +PACKAGE_VERSION='2.3.14' +PACKAGE_STRING='OpenVPN 2.3.14' PACKAGE_BUGREPORT='openvpn-users(a)lists.sourceforge.net' PACKAGE_URL='' @@ -1436,7 +1436,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures OpenVPN 2.3.13 to adapt to many kinds of systems. +\`configure' configures OpenVPN 2.3.14 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1506,7 +1506,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of OpenVPN 2.3.13:";; + short | recursive ) echo "Configuration of OpenVPN 2.3.14:";; esac cat <<\_ACEOF @@ -1708,7 +1708,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -OpenVPN configure 2.3.13 +OpenVPN configure 2.3.14 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2490,7 +2490,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by OpenVPN $as_me 2.3.13, which was +It was created by OpenVPN $as_me 2.3.14, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2854,7 +2854,7 @@ fi -$as_echo "#define OPENVPN_VERSION_RESOURCE 2,3,13,0" >>confdefs.h +$as_echo "#define OPENVPN_VERSION_RESOURCE 2,3,14,0" >>confdefs.h ac_aux_dir= @@ -3378,7 +3378,7 @@ # Define the identity of the package. PACKAGE='openvpn' - VERSION='2.3.13' + VERSION='2.3.14' cat >>confdefs.h <<_ACEOF @@ -17755,7 +17755,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by OpenVPN $as_me 2.3.13, which was +This file was extended by OpenVPN $as_me 2.3.14, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -17821,7 +17821,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -OpenVPN config.status 2.3.13 +OpenVPN config.status 2.3.14 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/distro/rpm/openvpn.spec new/openvpn-2.3.14/distro/rpm/openvpn.spec --- old/openvpn-2.3.13/distro/rpm/openvpn.spec 2016-11-03 09:53:39.000000000 +0100 +++ new/openvpn-2.3.14/distro/rpm/openvpn.spec 2016-12-07 12:36:59.000000000 +0100 @@ -13,7 +13,7 @@ Summary: OpenVPN is a robust and highly flexible VPN daemon by James Yonan. Name: openvpn -Version: 2.3.13 +Version: 2.3.14 Release: 1 URL: http://openvpn.net/ Source0: http://prdownloads.sourceforge.net/openvpn/%{name}-%{version}.tar.gz diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/doc/openvpn.8 new/openvpn-2.3.14/doc/openvpn.8 --- old/openvpn-2.3.13/doc/openvpn.8 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/doc/openvpn.8 2016-12-07 12:35:43.000000000 +0100 @@ -4,7 +4,7 @@ .\" packet encryption, packet authentication, and .\" packet compression. .\" -.\" Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales(a)openvpn.net> +.\" Copyright (C) 2002-2016 OpenVPN Technologies, Inc. <sales(a)openvpn.net> .\" .\" This program is free software; you can redistribute it and/or modify .\" it under the terms of the GNU General Public License version 2 @@ -34,7 +34,7 @@ .\" .ft -- normal face .\" .in +|-{n} -- indent .\" -.TH openvpn 8 "17 November 2008" +.TH openvpn 8 "25 August 2016" .\"********************************************************* .SH NAME openvpn - secure IP tunnel daemon. @@ -1626,16 +1626,25 @@ are mutually exclusive and cannot be used together. .\"********************************************************* .TP -.B \-\-keepalive n m +.B \-\-keepalive interval timeout A helper directive designed to simplify the expression of .B \-\-ping and +.B \-\-ping\-restart. + +This option can be used on both client and server side, but it is +in enough to add this on the server side as it will push appropriate +.B \-\-ping +and .B \-\-ping\-restart -in server mode configurations. +options to the client. If used on both server and client, +the values pushed from server will override the client local values. -The server timeout is set twice the value of the second argument. -This ensures that a timeout is detected on client side -before the server side drops the connection. +The +.B timeout +argument will be twice as long on the server side. This ensures that +a timeout is detected on client side before the server side drops +the connection. For example, .B \-\-keepalive 10 60 @@ -1645,13 +1654,13 @@ .ft 3 .in +4 if mode server: - ping 10 - ping-restart 120 - push "ping 10" - push "ping-restart 60" + ping 10 # Argument: interval + ping\-restart 120 # Argument: timeout*2 + push "ping 10" # Argument: interval + push "ping\-restart 60" # Argument: timeout else - ping 10 - ping-restart 60 + ping 10 # Argument: interval + ping\-restart 60 # Argument: timeout .in -4 .ft .fi @@ -2745,10 +2754,10 @@ if dev tap OR (dev tun AND topology == subnet): ifconfig 10.8.0.1 255.255.255.0 if !nopool: - ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0 - push "route-gateway 10.8.0.1" - if route-gateway unset: - route-gateway 10.8.0.2 + ifconfig\-pool 10.8.0.2 10.8.0.253 255.255.255.0 + push "route\-gateway 10.8.0.1" + if route\-gateway unset: + route\-gateway 10.8.0.2 .in -4 .ft @@ -2880,6 +2889,7 @@ .B \-\-ip\-win32, \-\-dhcp\-option, .B \-\-inactive, \-\-ping, \-\-ping\-exit, \-\-ping\-restart, .B \-\-setenv, +.B \-\-auth\-token, .B \-\-persist\-key, \-\-persist\-tun, \-\-echo, .B \-\-comp\-lzo, .B \-\-socket\-flags, @@ -3796,6 +3806,10 @@ parameter (default=1) controls the maximum number of attempts that the client will try to resend the exit notification message. OpenVPN will not send any exit notifications unless this option is enabled. +.TP +.B \-\-allow\-recursive\-routing +When this option is set, OpenVPN will not drop incoming tun packets +with same destination as host. .\"********************************************************* .SS Data Channel Encryption Options: These options are meaningful for both Static & TLS-negotiated key modes @@ -4817,6 +4831,57 @@ username/password. It is always cached. .\"********************************************************* .TP +.B \-\-auth\-token token +This is not an option to be used directly in any configuration files, +but rather push this option from a +.B \-\-client\-connect +script or a +.B \-\-plugin +which hooks into the OPENVPN_PLUGIN_CLIENT_CONNECT or +OPENVPN_PLUGIN_CLIENT_CONNECT_V2 calls. This option provides +a possibility to replace the clients password with an authentication +token during the lifetime of the OpenVPN client. + +Whenever the connection is renegotiated and the +.B \-\-auth\-user\-pass\-verify +script or +.B \-\-plugin +making use of the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY hook is +triggered, it will pass over this token as the password +instead of the password the user provided. The authentication +token can only be reset by a full reconnect where the server +can push new options to the client. The password the user entered +is never preserved once an authentication token have been set. If +the OpenVPN server side rejects the authentication token, the +client will receive an AUTH_FAIL and disconnect. + +The purpose of this is to enable two factor authentication +methods, such as HOTP or TOTP, to be used without needing to +retrieve a new OTP code each time the connection is renegotiated. +Another use case is to cache authentication data on the client +without needing to have the users password cached in memory +during the life time of the session. + +To make use of this feature, the +.B \-\-client\-connect +script or +.B \-\-plugin +needs to put + +.nf +.ft 3 +.in +4 +push "auth\-token UNIQUE_TOKEN_VALUE" +.in -4 +.ft +.fi + +into the file/buffer for dynamic configuration data. This +will then make the OpenVPN server to push this value to the +client, which replaces the local password with the +UNIQUE_TOKEN_VALUE. +.\"********************************************************* +.TP .B \-\-tls\-verify cmd Run command .B cmd @@ -5297,7 +5362,7 @@ .B \-\-dev tun mode, OpenVPN will cause the DHCP server to masquerade as if it were coming from the remote endpoint. The optional offset parameter is -an integer which is > \-256 and < 256 and which defaults to 0. +an integer which is > \-256 and < 256 and which defaults to -1. If offset is positive, the DHCP server will masquerade as the IP address at network address + offset. If offset is negative, the DHCP server will masquerade as the IP diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/src/openvpn/buffer.c new/openvpn-2.3.14/src/openvpn/buffer.c --- old/openvpn-2.3.13/src/openvpn/buffer.c 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/src/openvpn/buffer.c 2016-12-07 12:35:43.000000000 +0100 @@ -400,9 +400,13 @@ int space_break, const char* separator, struct gc_arena *gc) { - struct buffer out = alloc_buf_gc (maxoutput ? maxoutput : - ((size * 2) + (size / space_break) * (int) strlen (separator) + 2), - gc); + const size_t separator_len = separator ? strlen (separator) : 0; + static_assert (INT_MAX <= SIZE_MAX, "Code assumes INT_MAX <= SIZE_MAX"); + const size_t out_len = maxoutput > 0 ? maxoutput : + ((size * 2) + ((size / space_break) * separator_len) + 2); + + struct buffer out = alloc_buf_gc (out_len, gc); + int i; for (i = 0; i < size; ++i) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/src/openvpn/error.h new/openvpn-2.3.14/src/openvpn/error.h --- old/openvpn-2.3.13/src/openvpn/error.h 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/src/openvpn/error.h 2016-12-07 12:35:43.000000000 +0100 @@ -217,6 +217,14 @@ void assert_failed (const char *filename, int line, const char *condition) __attribute__((__noreturn__)); +/* Poor-man's static_assert() for when not supplied by assert.h, taken from + * Linux's sys/cdefs.h under GPLv2 */ +#ifndef static_assert +#define static_assert(expr, diagnostic) \ + extern int (*__OpenVPN_static_assert_function (void)) \ + [!!sizeof (struct { int __error_if_negative: (expr) ? 2 : -1; })] +#endif + #ifdef ENABLE_DEBUG void crash (void); /* force a segfault (debugging only) */ #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/src/openvpn/forward.c new/openvpn-2.3.14/src/openvpn/forward.c --- old/openvpn-2.3.13/src/openvpn/forward.c 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/src/openvpn/forward.c 2016-12-07 12:35:43.000000000 +0100 @@ -968,6 +968,76 @@ perf_pop (); } +/** + * Drops UDP packets which OS decided to route via tun. + * + * On Windows and OS X when netwotk adapter is disabled or + * disconnected, platform starts to use tun as external interface. + * When packet is sent to tun, it comes to openvpn, encapsulated + * and sent to routing table, which sends it again to tun. + */ +static void +drop_if_recursive_routing (struct context *c, struct buffer *buf) +{ + bool drop = false; + struct openvpn_sockaddr tun_sa; + int ip_hdr_offset = 0; + + if (c->c2.to_link_addr == NULL) /* no remote addr known */ + return; + + tun_sa = c->c2.to_link_addr->dest; + + int proto_ver = get_tun_ip_ver (TUNNEL_TYPE (c->c1.tuntap), &c->c2.buf, &ip_hdr_offset); + + if (proto_ver == 4) + { + const struct openvpn_iphdr *pip; + + /* make sure we got whole IP header */ + if (BLEN (buf) < ((int) sizeof (struct openvpn_iphdr) + ip_hdr_offset)) + return; + + /* skip ipv4 packets for ipv6 tun */ + if (tun_sa.addr.sa.sa_family != AF_INET) + return; + + pip = (struct openvpn_iphdr *) (BPTR (buf) + ip_hdr_offset); + + /* drop packets with same dest addr as gateway */ + if (tun_sa.addr.in4.sin_addr.s_addr == pip->daddr) + drop = true; + } + else if (proto_ver == 6) + { + const struct openvpn_ipv6hdr *pip6; + + /* make sure we got whole IPv6 header */ + if (BLEN (buf) < ((int) sizeof (struct openvpn_ipv6hdr) + ip_hdr_offset)) + return; + + /* skip ipv6 packets for ipv4 tun */ + if (tun_sa.addr.sa.sa_family != AF_INET6) + return; + + /* drop packets with same dest addr as gateway */ + pip6 = (struct openvpn_ipv6hdr *) (BPTR (buf) + ip_hdr_offset); + if (IN6_ARE_ADDR_EQUAL(&tun_sa.addr.in6.sin6_addr, &pip6->daddr)) + drop = true; + } + + if (drop) + { + struct gc_arena gc = gc_new (); + + c->c2.buf.len = 0; + + msg(D_LOW, "Recursive routing detected, drop tun packet to %s", + print_link_socket_actual(c->c2.to_link_addr, &gc)); + gc_free (&gc); + } +} + /* * Input: c->c2.buf * Output: c->c2.to_link @@ -993,6 +1063,8 @@ if (c->c2.buf.len > 0) { + if ((c->options.mode == MODE_POINT_TO_POINT) && (!c->options.allow_recursive_routing)) + drop_if_recursive_routing (c, &c->c2.buf); /* * The --passtos and --mssfix options require * us to examine the IP header (IPv4 or IPv6). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/src/openvpn/helper.c new/openvpn-2.3.14/src/openvpn/helper.c --- old/openvpn-2.3.13/src/openvpn/helper.c 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/src/openvpn/helper.c 2016-12-07 12:35:43.000000000 +0100 @@ -230,7 +230,7 @@ * if tap OR (tun AND topology == subnet): * ifconfig 10.8.0.1 255.255.255.0 * if !nopool: - * ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0 + * ifconfig-pool 10.8.0.2 10.8.0.253 255.255.255.0 * push "route-gateway 10.8.0.1" * if route-gateway unset: * route-gateway 10.8.0.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/src/openvpn/options.c new/openvpn-2.3.14/src/openvpn/options.c --- old/openvpn-2.3.13/src/openvpn/options.c 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/src/openvpn/options.c 2016-12-07 12:35:43.000000000 +0100 @@ -500,6 +500,8 @@ "--server-poll-timeout n : when polling possible remote servers to connect to\n" " in a round-robin fashion, spend no more than n seconds\n" " waiting for a response before trying the next server.\n" + "--allow-recursive-routing : When this option is set, OpenVPN will not drop\n" + " incoming tun packets with same destination as host.\n" #endif #ifdef ENABLE_OCC "--explicit-exit-notify [n] : On exit/restart, send exit signal to\n" @@ -876,6 +878,7 @@ } #endif /* WIN32 */ #endif /* P2MP_SERVER */ + o->allow_recursive_routing = false; } void @@ -2091,6 +2094,8 @@ if (options->ifconfig_ipv6_local && !options->tun_ipv6 ) msg (M_INFO, "Warning: --ifconfig-ipv6 without --tun-ipv6 will not do IPv6"); + if (options->allow_recursive_routing) + msg (M_USAGE, "--allow-recursive-routing cannot be used with --mode server"); if (options->auth_user_pass_file) msg (M_USAGE, "--auth-user-pass cannot be used with --mode server (it should be used on the client side only)"); if (options->ccd_exclusive && !options->client_config_dir) @@ -3528,7 +3533,7 @@ show_windows_version( M_INFO|M_NOPREFIX ); #endif msg (M_INFO|M_NOPREFIX, "Originally developed by James Yonan"); - msg (M_INFO|M_NOPREFIX, "Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales(a)openvpn.net>"); + msg (M_INFO|M_NOPREFIX, "Copyright (C) 2002-2016 OpenVPN Technologies, Inc. <sales(a)openvpn.net>"); #ifndef ENABLE_SMALL #ifdef CONFIGURE_DEFINES msg (M_INFO|M_NOPREFIX, "Compile time defines: %s", CONFIGURE_DEFINES); @@ -4210,6 +4215,8 @@ */ if (streq (p[0], "setenv") && p[1] && streq (p[1], "opt") && !(permission_mask & OPT_P_PULL_MODE)) { + if (!p[2]) + p[2] = "setenv opt"; /* will trigger an error that includes setenv opt */ p += 2; msglevel_fc = M_WARN; } @@ -7122,6 +7129,11 @@ options->use_peer_id = true; options->peer_id = atoi(p[1]); } + else if (streq (p[0], "allow-recursive-routing") && !p[1]) + { + VERIFY_PERMISSION (OPT_P_GENERAL); + options->allow_recursive_routing = true; + } else { int i; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/src/openvpn/options.h new/openvpn-2.3.14/src/openvpn/options.h --- old/openvpn-2.3.13/src/openvpn/options.h 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/src/openvpn/options.h 2016-12-07 12:35:43.000000000 +0100 @@ -598,6 +598,10 @@ bool use_peer_id; uint32_t peer_id; + + /* Useful when packets sent by openvpn itself are not subject + to the routing tables that would move packets into the tunnel. */ + bool allow_recursive_routing; }; #define streq(x, y) (!strcmp((x), (y))) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/src/openvpn/proto.h new/openvpn-2.3.14/src/openvpn/proto.h --- old/openvpn-2.3.13/src/openvpn/proto.h 2016-11-03 09:49:49.000000000 +0100 +++ new/openvpn-2.3.14/src/openvpn/proto.h 2016-11-08 09:37:16.000000000 +0100 @@ -219,6 +219,45 @@ - sizeof(struct openvpn_tcphdr)) /* + * This returns an ip protocol version of packet inside tun + * and offset of IP header (via parameter). + */ +inline static int get_tun_ip_ver(int tunnel_type, struct buffer *buf, int *ip_hdr_offset) +{ + int ip_ver = -1; + + /* for tun get ip version from ip header */ + if (tunnel_type == DEV_TYPE_TUN) + { + *ip_hdr_offset = 0; + if (likely(BLEN (buf) >= (int) sizeof (struct openvpn_iphdr))) + { + ip_ver = OPENVPN_IPH_GET_VER (*BPTR(buf)); + } + } + else if (tunnel_type == DEV_TYPE_TAP) + { + *ip_hdr_offset = (int)(sizeof (struct openvpn_ethhdr)); + /* for tap get ip version from eth header */ + if (likely(BLEN (buf) >= *ip_hdr_offset)) + { + const struct openvpn_ethhdr *eh = (const struct openvpn_ethhdr *) BPTR (buf); + uint16_t proto = ntohs (eh->proto); + if (proto == OPENVPN_ETH_P_IPV6) + { + ip_ver = 6; + } + else if (proto == OPENVPN_ETH_P_IPV4) + { + ip_ver = 4; + } + } + } + + return ip_ver; +} + +/* * If raw tunnel packet is IPv4 or IPv6, return true and increment * buffer offset to start of IP header. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/src/openvpn/sig.c new/openvpn-2.3.14/src/openvpn/sig.c --- old/openvpn-2.3.13/src/openvpn/sig.c 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/src/openvpn/sig.c 2016-12-07 12:35:43.000000000 +0100 @@ -362,7 +362,8 @@ /** * If a restart signal is received during exit-notification, reset the - * signal and return true. + * signal and return true. If its a soft restart signal from the event loop + * which implies the loop cannot continue, remap to SIGTERM to exit promptly. */ static bool ignore_restart_signals (struct context *c) @@ -372,10 +373,20 @@ if ( (c->sig->signal_received == SIGUSR1 || c->sig->signal_received == SIGHUP) && event_timeout_defined(&c->c2.explicit_exit_notification_interval) ) { - msg (M_INFO, "Ignoring %s received during exit notification", - signal_name(c->sig->signal_received, true)); - signal_reset (c->sig); - ret = true; + if (c->sig->hard) + { + msg (M_INFO, "Ignoring %s received during exit notification", + signal_name(c->sig->signal_received, true)); + signal_reset (c->sig); + ret = true; + } + else + { + msg (M_INFO, "Converting soft %s received during exit notification to SIGTERM", + signal_name(c->sig->signal_received, true)); + register_signal(c, SIGTERM, "exit-with-notification"); + ret = false; + } } #endif return ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/src/openvpn/tun.c new/openvpn-2.3.14/src/openvpn/tun.c --- old/openvpn-2.3.13/src/openvpn/tun.c 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/src/openvpn/tun.c 2016-12-07 12:35:43.000000000 +0100 @@ -625,7 +625,8 @@ } #endif -#if defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY) +#if defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)||\ + defined(TARGET_OPENBSD) /* we can't use true subnet mode on tun on all platforms, as that * conflicts with IPv6 (wants to use ND then, which we don't do), * but the OSes want "a remote address that is different from ours" @@ -635,8 +636,8 @@ * is still point to point and no layer 2 resolution is done... */ -const char * -create_arbitrary_remote( struct tuntap *tt, struct gc_arena * gc ) +in_addr_t +create_arbitrary_remote( struct tuntap *tt ) { in_addr_t remote; @@ -644,7 +645,7 @@ if ( remote == tt->local ) remote ++; - return print_in_addr_t (remote, 0, gc); + return remote; } #endif @@ -916,6 +917,8 @@ #elif defined(TARGET_OPENBSD) + in_addr_t remote_end; /* for "virtual" subnet topology */ + /* * On OpenBSD, tun interfaces are persistent if created with * "ifconfig tunX create", and auto-destroyed if created by @@ -935,12 +938,13 @@ else if ( tt->topology == TOP_SUBNET ) { + remote_end = create_arbitrary_remote( tt ); argv_printf (&argv, "%s %s %s %s mtu %d netmask %s up -link0", IFCONFIG_PATH, actual, ifconfig_local, - ifconfig_local, + print_in_addr_t (remote_end, 0, &gc), tun_mtu, ifconfig_remote_netmask ); @@ -957,6 +961,19 @@ ); argv_msg (M_INFO, &argv); openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig failed"); + + /* Add a network route for the local tun interface */ + if (!tun && tt->topology == TOP_SUBNET) + { + struct route_ipv4 r; + CLEAR (r); + r.flags = RT_DEFINED; + r.network = tt->local & tt->remote_netmask; + r.netmask = tt->remote_netmask; + r.gateway = remote_end; + add_route (&r, tt, 0, NULL, es); + } + if ( do_ipv6 ) { argv_printf (&argv, @@ -1126,6 +1143,8 @@ #elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY) + in_addr_t remote_end; /* for "virtual" subnet topology */ + /* example: ifconfig tun2 10.2.0.2 10.2.0.1 mtu 1450 netmask 255.255.255.255 up */ if (tun) argv_printf (&argv, @@ -1138,12 +1157,13 @@ ); else if ( tt->topology == TOP_SUBNET ) { + remote_end = create_arbitrary_remote( tt ); argv_printf (&argv, "%s %s %s %s mtu %d netmask %s up", IFCONFIG_PATH, actual, ifconfig_local, - create_arbitrary_remote( tt, &gc ), + print_in_addr_t (remote_end, 0, &gc), tun_mtu, ifconfig_remote_netmask ); @@ -1170,7 +1190,7 @@ r.flags = RT_DEFINED; r.network = tt->local & tt->remote_netmask; r.netmask = tt->remote_netmask; - r.gateway = tt->local; + r.gateway = remote_end; add_route (&r, tt, 0, NULL, es); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/src/openvpn/win32.c new/openvpn-2.3.14/src/openvpn/win32.c --- old/openvpn-2.3.13/src/openvpn/win32.c 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/src/openvpn/win32.c 2016-12-07 12:35:43.000000000 +0100 @@ -63,6 +63,7 @@ func_FwpmSubLayerDeleteByKey0 FwpmSubLayerDeleteByKey0 = NULL; func_FwpmFreeMemory0 FwpmFreeMemory0 = NULL; func_FwpmGetAppIdFromFileName0 FwpmGetAppIdFromFileName0 = NULL; +func_FwpmSubLayerGetByKey0 FwpmSubLayerGetByKey0 = NULL; /* * WFP firewall name. @@ -1140,6 +1141,7 @@ FwpmSubLayerDeleteByKey0 = (func_FwpmSubLayerDeleteByKey0)GetProcAddress(fwpuclntHandle, "FwpmSubLayerDeleteByKey0"); FwpmFreeMemory0 = (func_FwpmFreeMemory0)GetProcAddress(fwpuclntHandle, "FwpmFreeMemory0"); FwpmGetAppIdFromFileName0 = (func_FwpmGetAppIdFromFileName0)GetProcAddress(fwpuclntHandle, "FwpmGetAppIdFromFileName0"); + FwpmSubLayerGetByKey0 = (func_FwpmSubLayerGetByKey0) GetProcAddress(fwpuclntHandle, "FwpmSubLayerGetByKey0"); if (!ConvertInterfaceIndexToLuid || !FwpmFilterAdd0 || @@ -1148,6 +1150,7 @@ !FwpmSubLayerAdd0 || !FwpmSubLayerDeleteByKey0 || !FwpmFreeMemory0 || + !FwpmSubLayerGetByKey0 || !FwpmGetAppIdFromFileName0) { msg (M_NONFATAL, "Can't get address for all WFP-related procedures."); @@ -1157,6 +1160,49 @@ return true; } +/* UUID of WFP sublayer used by all instances of openvpn + 2f660d7e-6a37-11e6-a181-001e8c6e04a2 */ +DEFINE_GUID( + OPENVPN_BLOCK_OUTSIDE_DNS_SUBLAYER, + 0x2f660d7e, + 0x6a37, + 0x11e6, + 0xa1, 0x81, 0x00, 0x1e, 0x8c, 0x6e, 0x04, 0xa2 +); + +/* + * Add a persistent sublayer with specified uuid + */ +static DWORD +add_sublayer (GUID uuid) +{ + FWPM_SESSION0 session; + HANDLE engine = NULL; + DWORD err = 0; + FWPM_SUBLAYER0 sublayer; + + CLEAR (session); + CLEAR (sublayer); + + err = FwpmEngineOpen0 (NULL, RPC_C_AUTHN_WINNT, NULL, &session, &engine); + if (err != ERROR_SUCCESS) + goto out; + + sublayer.subLayerKey = uuid; + sublayer.displayData.name = FIREWALL_NAME; + sublayer.displayData.description = FIREWALL_NAME; + sublayer.flags = 0; + sublayer.weight = 0x100; + + /* Add sublayer to the session */ + err = FwpmSubLayerAdd0 (engine, &sublayer, NULL); + +out: + if (engine) + FwpmEngineClose0 (engine); + return err; +} + bool win_wfp_add_filter (HANDLE engineHandle, const FWPM_FILTER0 *filter, @@ -1175,13 +1221,14 @@ win_wfp_block_dns (const NET_IFINDEX index) { FWPM_SESSION0 session = {0}; - FWPM_SUBLAYER0 SubLayer = {0}; + FWPM_SUBLAYER0 *sublayer_ptr = NULL; NET_LUID tapluid; UINT64 filterid; WCHAR openvpnpath[MAX_PATH]; FWP_BYTE_BLOB *openvpnblob = NULL; FWPM_FILTER0 Filter = {0}; FWPM_FILTER_CONDITION0 Condition[2] = {0}; + DWORD status; /* Add temporary filters which don't survive reboots or crashes. */ session.flags = FWPM_SESSION_FLAG_DYNAMIC; @@ -1194,28 +1241,32 @@ return false; } - if (UuidCreate(&SubLayer.subLayerKey) != NO_ERROR) - return false; - - /* Populate packet filter layer information. */ - SubLayer.displayData.name = FIREWALL_NAME; - SubLayer.displayData.description = FIREWALL_NAME; - SubLayer.flags = 0; - SubLayer.weight = 0x100; - - /* Add packet filter to our interface. */ - dmsg (D_LOW, "Adding WFP sublayer"); - if (FwpmSubLayerAdd0(m_hEngineHandle, &SubLayer, NULL) != ERROR_SUCCESS) - { - msg (M_NONFATAL, "Can't add WFP sublayer"); - return false; + /* Check sublayer exists and add one if it does not. */ + if (FwpmSubLayerGetByKey0 (m_hEngineHandle, &OPENVPN_BLOCK_OUTSIDE_DNS_SUBLAYER, &sublayer_ptr) + == ERROR_SUCCESS) + { + msg (D_LOW, "Retrieved existing sublayer"); + FwpmFreeMemory0 ((void **)&sublayer_ptr); + } + else + { /* Add a new sublayer -- as another process may add it in the meantime, + do not treat "already exists" as an error */ + status = add_sublayer (OPENVPN_BLOCK_OUTSIDE_DNS_SUBLAYER); + + if (status == FWP_E_ALREADY_EXISTS || status == ERROR_SUCCESS) + msg (D_LOW, "Added a persistent sublayer with pre-defined UUID"); + else + { + msg (M_NONFATAL, "Failed to add persistent sublayer (status = %lu)", status); + goto err; + } } - dmsg (D_LOW, "Blocking DNS using WFP"); + dmsg (M_INFO, "Blocking DNS using WFP"); if (ConvertInterfaceIndexToLuid(index, &tapluid) != NO_ERROR) { msg (M_NONFATAL, "Can't convert interface index to LUID"); - return false; + goto err; } dmsg (D_LOW, "Tap Luid: %I64d", tapluid.Value); @@ -1223,10 +1274,10 @@ GetModuleFileNameW(NULL, openvpnpath, MAX_PATH); if (FwpmGetAppIdFromFileName0(openvpnpath, &openvpnblob) != ERROR_SUCCESS) - return false; + goto err; /* Prepare filter. */ - Filter.subLayerKey = SubLayer.subLayerKey; + Filter.subLayerKey = OPENVPN_BLOCK_OUTSIDE_DNS_SUBLAYER; Filter.displayData.name = FIREWALL_NAME; Filter.weight.type = FWP_UINT8; Filter.weight.uint8 = 0xF; @@ -1277,7 +1328,12 @@ goto err; dmsg (D_LOW, "Filter (Block IPv6 DNS) added with ID=%I64d", filterid); - /* Fifth filter. Permit IPv4 DNS queries from TAP. */ + /* Fifth filter. Permit IPv4 DNS queries from TAP. + * Use a non-zero weight so that the permit filters get higher priority + * over the block filter added with automatic weighting */ + + Filter.weight.type = FWP_UINT8; + Filter.weight.uint8 = 0xE; Filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4; Filter.action.type = FWP_ACTION_PERMIT; Filter.numFilterConditions = 2; @@ -1292,7 +1348,8 @@ goto err; dmsg (D_LOW, "Filter (Permit IPv4 DNS queries from TAP) added with ID=%I64d", filterid); - /* Sixth filter. Permit IPv6 DNS queries from TAP. */ + /* Sixth filter. Permit IPv6 DNS queries from TAP. + * Use same weight as IPv4 filter */ Filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V6; /* Add filter condition to our interface. */ @@ -1304,7 +1361,14 @@ return true; err: - FwpmFreeMemory0((void **)&openvpnblob); + if (openvpnblob) + FwpmFreeMemory0((void **)&openvpnblob); + if (m_hEngineHandle) + { + FwpmEngineClose0 (m_hEngineHandle); + m_hEngineHandle = NULL; + } + return false; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/src/openvpn/win32_wfp.h new/openvpn-2.3.14/src/openvpn/win32_wfp.h --- old/openvpn-2.3.13/src/openvpn/win32_wfp.h 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/src/openvpn/win32_wfp.h 2016-12-07 12:35:43.000000000 +0100 @@ -62,6 +62,9 @@ #ifndef FWPM_SESSION_FLAG_DYNAMIC #define FWPM_SESSION_FLAG_DYNAMIC 0x00000001 #endif +#ifndef FWP_E_ALREADY_EXISTS +#define FWP_E_ALREADY_EXISTS 0x80320009 +#endif // c38d57d1-05a7-4c33-904f-7fbceee60e82 DEFINE_GUID( @@ -317,7 +320,7 @@ PNET_LUID InterfaceLuid ); -typedef DWORD *(WINAPI *func_FwpmEngineOpen0)( +typedef DWORD (WINAPI *func_FwpmEngineOpen0)( const wchar_t *serverName, UINT32 authnService, SEC_WINNT_AUTH_IDENTITY_W *authIdentity, @@ -325,35 +328,41 @@ HANDLE *engineHandle ); -typedef DWORD *(WINAPI *func_FwpmEngineClose0)( +typedef DWORD (WINAPI *func_FwpmEngineClose0)( HANDLE engineHandle ); -typedef DWORD *(WINAPI *func_FwpmFilterAdd0)( +typedef DWORD (WINAPI *func_FwpmFilterAdd0)( HANDLE engineHandle, const FWPM_FILTER0 *filter, PSECURITY_DESCRIPTOR sd, UINT64 *id ); -typedef DWORD *(WINAPI *func_FwpmSubLayerAdd0)( +typedef DWORD (WINAPI *func_FwpmSubLayerAdd0)( HANDLE engineHandle, const FWPM_SUBLAYER0 *subLayer, PSECURITY_DESCRIPTOR sd ); -typedef DWORD *(WINAPI *func_FwpmSubLayerDeleteByKey0)( +typedef DWORD (WINAPI *func_FwpmSubLayerDeleteByKey0)( HANDLE engineHandle, const GUID *key ); -typedef void *(WINAPI *func_FwpmFreeMemory0)( +typedef void (WINAPI *func_FwpmFreeMemory0)( void **p ); -typedef DWORD *(WINAPI *func_FwpmGetAppIdFromFileName0)( +typedef DWORD (WINAPI *func_FwpmGetAppIdFromFileName0)( const wchar_t *fileName, FWP_BYTE_BLOB **appId ); +typedef DWORD (WINAPI *func_FwpmSubLayerGetByKey0)( + HANDLE engineHandle, + const GUID *key, + FWPM_SUBLAYER0 **subLayer +); + #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.13/version.m4 new/openvpn-2.3.14/version.m4 --- old/openvpn-2.3.13/version.m4 2016-11-03 09:52:28.000000000 +0100 +++ new/openvpn-2.3.14/version.m4 2016-12-07 12:35:43.000000000 +0100 @@ -1,9 +1,9 @@ dnl define the OpenVPN version define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) -define([PRODUCT_VERSION], [2.3.13]) +define([PRODUCT_VERSION], [2.3.14]) define([PRODUCT_BUGREPORT], [openvpn-users(a)lists.sourceforge.net] -define([PRODUCT_VERSION_RESOURCE], [2,3,13,0]) +define([PRODUCT_VERSION_RESOURCE], [2,3,14,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) ++++++ openvpn-fips140-2.3.2.patch ++++++ --- /var/tmp/diff_new_pack.NzaYsJ/_old 2017-01-25 23:33:52.579442349 +0100 +++ /var/tmp/diff_new_pack.NzaYsJ/_new 2017-01-25 23:33:52.579442349 +0100 @@ -1,6 +1,8 @@ ---- openvpn-2.3.2/src/openvpn/crypto_backend.h -+++ openvpn-2.3.2/src/openvpn/crypto_backend.h 2015/02/19 09:15:02 -@@ -452,10 +452,11 @@ void md_ctx_final (md_ctx_t *ctx, uint8_ +Index: openvpn-2.3.14/src/openvpn/crypto_backend.h +=================================================================== +--- openvpn-2.3.14.orig/src/openvpn/crypto_backend.h ++++ openvpn-2.3.14/src/openvpn/crypto_backend.h +@@ -480,10 +480,11 @@ void md_ctx_final (md_ctx_t *ctx, uint8_ * @param key The key to use for the HMAC * @param key_len The key length to use * @param kt Static message digest parameters @@ -13,9 +15,11 @@ /* * Free the given HMAC context. ---- openvpn-2.3.2/src/openvpn/crypto.c -+++ openvpn-2.3.2/src/openvpn/crypto.c 2015/02/19 09:15:02 -@@ -486,7 +486,7 @@ init_key_ctx (struct key_ctx *ctx, struc +Index: openvpn-2.3.14/src/openvpn/crypto.c +=================================================================== +--- openvpn-2.3.14.orig/src/openvpn/crypto.c ++++ openvpn-2.3.14/src/openvpn/crypto.c +@@ -505,7 +505,7 @@ init_key_ctx (struct key_ctx *ctx, struc if (kt->digest && kt->hmac_length > 0) { ALLOC_OBJ(ctx->hmac, hmac_ctx_t); @@ -24,7 +28,7 @@ msg (D_HANDSHAKE, "%s: Using %d bit message hash '%s' for HMAC authentication", -@@ -1409,61 +1409,61 @@ free_ssl_lib (void) +@@ -1421,61 +1421,61 @@ free_ssl_lib (void) #endif /* ENABLE_SSL */ /* @@ -102,9 +106,11 @@ } #endif /* ENABLE_CRYPTO */ ---- openvpn-2.3.2/src/openvpn/crypto.h -+++ openvpn-2.3.2/src/openvpn/crypto.h 2015/02/19 09:15:02 -@@ -364,24 +364,24 @@ void free_ssl_lib (void); +Index: openvpn-2.3.14/src/openvpn/crypto.h +=================================================================== +--- openvpn-2.3.14.orig/src/openvpn/crypto.h ++++ openvpn-2.3.14/src/openvpn/crypto.h +@@ -430,24 +430,24 @@ void free_ssl_lib (void); #endif /* ENABLE_SSL */ /* @@ -140,9 +146,11 @@ /* * Inline functions ---- openvpn-2.3.2/src/openvpn/crypto_openssl.c -+++ openvpn-2.3.2/src/openvpn/crypto_openssl.c 2015/02/19 09:15:02 -@@ -719,13 +719,17 @@ md_ctx_final (EVP_MD_CTX *ctx, uint8_t * +Index: openvpn-2.3.14/src/openvpn/crypto_openssl.c +=================================================================== +--- openvpn-2.3.14.orig/src/openvpn/crypto_openssl.c ++++ openvpn-2.3.14/src/openvpn/crypto_openssl.c +@@ -829,13 +829,17 @@ md_ctx_final (EVP_MD_CTX *ctx, uint8_t * void hmac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, int key_len, @@ -161,8 +169,10 @@ HMAC_Init_ex (ctx, key, key_len, kt, NULL); /* make sure we used a big enough key */ ---- openvpn-2.3.2/src/openvpn/crypto_openssl.h -+++ openvpn-2.3.2/src/openvpn/crypto_openssl.h 2015/02/19 09:15:02 +Index: openvpn-2.3.14/src/openvpn/crypto_openssl.h +=================================================================== +--- openvpn-2.3.14.orig/src/openvpn/crypto_openssl.h ++++ openvpn-2.3.14/src/openvpn/crypto_openssl.h @@ -33,6 +33,7 @@ #include <openssl/evp.h> #include <openssl/hmac.h> @@ -171,9 +181,11 @@ /** Generic cipher key type %context. */ typedef EVP_CIPHER cipher_kt_t; ---- openvpn-2.3.2/src/openvpn/crypto_polarssl.c -+++ openvpn-2.3.2/src/openvpn/crypto_polarssl.c 2015/02/19 09:15:02 -@@ -608,7 +608,7 @@ md_ctx_final (md_context_t *ctx, uint8_t +Index: openvpn-2.3.14/src/openvpn/crypto_polarssl.c +=================================================================== +--- openvpn-2.3.14.orig/src/openvpn/crypto_polarssl.c ++++ openvpn-2.3.14/src/openvpn/crypto_polarssl.c +@@ -695,7 +695,7 @@ md_ctx_final (md_context_t *ctx, uint8_t * TODO: re-enable dmsg for crypto debug */ void @@ -182,9 +194,11 @@ { ASSERT(NULL != kt && NULL != ctx); ---- openvpn-2.3.2/src/openvpn/init.c -+++ openvpn-2.3.2/src/openvpn/init.c 2015/02/19 09:15:02 -@@ -1352,12 +1352,12 @@ do_route (const struct options *options, +Index: openvpn-2.3.14/src/openvpn/init.c +=================================================================== +--- openvpn-2.3.14.orig/src/openvpn/init.c ++++ openvpn-2.3.14/src/openvpn/init.c +@@ -1360,12 +1360,12 @@ do_route (const struct options *options, */ #if P2MP static void @@ -199,7 +213,7 @@ } #endif -@@ -1649,8 +1649,8 @@ do_up (struct context *c, bool pulled_op +@@ -1713,8 +1713,8 @@ do_up (struct context *c, bool pulled_op if (!c->c2.did_open_tun && PULL_DEFINED (&c->options) && c->c1.tuntap @@ -210,7 +224,7 @@ { /* if so, close tun, delete routes, then reinitialize tun and add routes */ msg (M_INFO, "NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device."); -@@ -2697,11 +2697,11 @@ do_compute_occ_strings (struct context * +@@ -2792,11 +2792,11 @@ do_compute_occ_strings (struct context * #ifdef ENABLE_CRYPTO msg (D_SHOW_OCC_HASH, "Local Options hash (VER=%s): '%s'", options_string_version (c->c2.options_string_local, &gc), @@ -224,8 +238,10 @@ strlen (c->c2.options_string_remote), 9, &gc)); #endif ---- openvpn-2.3.2/src/openvpn/ntlm.c -+++ openvpn-2.3.2/src/openvpn/ntlm.c 2015/02/19 09:15:02 +Index: openvpn-2.3.14/src/openvpn/ntlm.c +=================================================================== +--- openvpn-2.3.14.orig/src/openvpn/ntlm.c ++++ openvpn-2.3.14/src/openvpn/ntlm.c @@ -90,7 +90,7 @@ gen_hmac_md5 (const char* data, int data hmac_ctx_t hmac_ctx; CLEAR(hmac_ctx); @@ -235,9 +251,11 @@ hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len); hmac_ctx_final(&hmac_ctx, (unsigned char *)result); hmac_ctx_cleanup(&hmac_ctx); ---- openvpn-2.3.2/src/openvpn/openvpn.h -+++ openvpn-2.3.2/src/openvpn/openvpn.h 2015/02/19 09:15:02 -@@ -206,7 +206,7 @@ struct context_1 +Index: openvpn-2.3.14/src/openvpn/openvpn.h +=================================================================== +--- openvpn-2.3.14.orig/src/openvpn/openvpn.h ++++ openvpn-2.3.14/src/openvpn/openvpn.h +@@ -205,7 +205,7 @@ struct context_1 #endif /* if client mode, hash of option strings we pulled from server */ @@ -246,7 +264,7 @@ /**< Hash of option strings received from the * remote OpenVPN server. Only used in * client-mode. */ -@@ -474,9 +474,9 @@ struct context_2 +@@ -473,9 +473,9 @@ struct context_2 bool did_pre_pull_restore; /* hash of pulled options, so we can compare when options change */ @@ -259,9 +277,11 @@ struct event_timeout server_poll_interval; ---- openvpn-2.3.2/src/openvpn/options.c -+++ openvpn-2.3.2/src/openvpn/options.c 2015/02/19 09:15:10 -@@ -828,6 +828,10 @@ init_options (struct options *o, const b +Index: openvpn-2.3.14/src/openvpn/options.c +=================================================================== +--- openvpn-2.3.14.orig/src/openvpn/options.c ++++ openvpn-2.3.14/src/openvpn/options.c +@@ -835,6 +835,10 @@ init_options (struct options *o, const b #endif #ifdef ENABLE_CRYPTO o->ciphername = "BF-CBC"; @@ -272,9 +292,11 @@ o->ciphername_defined = true; o->authname = "SHA1"; o->authname_defined = true; ---- openvpn-2.3.13.orig/src/openvpn/push.c -+++ openvpn-2.3.13/src/openvpn/push.c 2016-12-03 22:57:58.198398996 +0100 -@@ -408,7 +408,7 @@ +Index: openvpn-2.3.14/src/openvpn/push.c +=================================================================== +--- openvpn-2.3.14.orig/src/openvpn/push.c ++++ openvpn-2.3.14/src/openvpn/push.c +@@ -408,7 +408,7 @@ push_reset (struct options *o) #endif static void @@ -283,7 +305,7 @@ { char line[OPTION_PARM_SIZE]; while (buf_parse (buf, ',', line, sizeof (line))) -@@ -416,7 +416,7 @@ +@@ -416,7 +416,7 @@ push_update_digest(struct md5_state *ctx /* peer-id might change on restart and this should not trigger reopening tun */ if (strstr (line, "peer-id ") != line) { @@ -292,7 +314,7 @@ } } } -@@ -472,10 +472,10 @@ +@@ -472,10 +472,10 @@ process_incoming_push_msg (struct contex if (ch == ',') { struct buffer buf_orig = buf; @@ -306,7 +328,7 @@ } if (!c->c2.did_pre_pull_restore) { -@@ -493,8 +493,8 @@ +@@ -493,8 +493,8 @@ process_incoming_push_msg (struct contex { case 0: case 1: @@ -317,9 +339,11 @@ ret = PUSH_MSG_REPLY; break; case 2: ---- openvpn-2.3.2/src/openvpn/ssl.c -+++ openvpn-2.3.2/src/openvpn/ssl.c 2015/02/19 09:15:02 -@@ -1342,8 +1342,8 @@ tls1_P_hash(const md_kt_t *md_kt, +Index: openvpn-2.3.14/src/openvpn/ssl.c +=================================================================== +--- openvpn-2.3.14.orig/src/openvpn/ssl.c ++++ openvpn-2.3.14/src/openvpn/ssl.c +@@ -1396,8 +1396,8 @@ tls1_P_hash(const md_kt_t *md_kt, chunk = md_kt_size(md_kt); A1_len = md_kt_size(md_kt); ++++++ openvpn-tmpfile.conf ++++++ --- /var/tmp/diff_new_pack.NzaYsJ/_old 2017-01-25 23:33:52.607438130 +0100 +++ /var/tmp/diff_new_pack.NzaYsJ/_new 2017-01-25 23:33:52.607438130 +0100 @@ -1 +1 @@ -D /var/run/openvpn 0750 root root - +D /run/openvpn 0750 root root -

1 0

commit java-1_9_0-openjdk for openSUSE:Factory
by root＠hilbertn.suse.de 25 Jan '17

25 Jan '17

Hello community, here is the log from the commit of package java-1_9_0-openjdk for openSUSE:Factory checked in at 2017-01-25 23:33:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/java-1_9_0-openjdk (Old) and /work/SRC/openSUSE:Factory/.java-1_9_0-openjdk.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "java-1_9_0-openjdk" Changes: -------- --- /work/SRC/openSUSE:Factory/java-1_9_0-openjdk/java-1_9_0-openjdk.changes 2017-01-24 10:37:34.242886985 +0100 +++ /work/SRC/openSUSE:Factory/.java-1_9_0-openjdk.new/java-1_9_0-openjdk.changes 2017-01-25 23:33:46.976286680 +0100 @@ -1,0 +2,5 @@ +Mon Jan 23 07:25:17 UTC 2017 - fstrba(a)suse.com + +- Update to upstream tag jdk-9+153 + +------------------------------------------------------------------- Old: ---- 31f1d26c60df.tar.bz2 5b6f12de6f91.tar.bz2 6f8fb1cf7e5f.tar.bz2 7e3da313b174.tar.bz2 a20f2cf90762.tar.bz2 ddc52e727570.tar.bz2 ef056360ddf3.tar.bz2 ff8cb43c07c0.tar.bz2 New: ---- 03f48cd283f5.tar.bz2 1384504d2cd0.tar.bz2 19aaaf2d02b7.tar.bz2 1c4411322327.tar.bz2 217ba81b9a4c.tar.bz2 68a8e8658511.tar.bz2 7a532a9a2271.tar.bz2 816a6d03a7c4.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ java-1_9_0-openjdk.spec ++++++ --- /var/tmp/diff_new_pack.j0uGUf/_old 2017-01-25 23:33:49.871850351 +0100 +++ /var/tmp/diff_new_pack.j0uGUf/_new 2017-01-25 23:33:49.879849146 +0100 @@ -32,17 +32,17 @@ %global minorver 0 %global securityver 0 %global patchver 0 -%global buildver 152 +%global buildver 153 %global root_project jdk9 %global root_repository jdk9 -%global root_revision ef056360ddf3 -%global corba_revision ff8cb43c07c0 -%global hotspot_revision 31f1d26c60df -%global jaxp_revision 7e3da313b174 -%global jaxws_revision 6f8fb1cf7e5f -%global jdk_revision a20f2cf90762 -%global langtools_revision 5b6f12de6f91 -%global nashorn_revision ddc52e727570 +%global root_revision 816a6d03a7c4 +%global corba_revision 68a8e8658511 +%global hotspot_revision 217ba81b9a4c +%global jaxp_revision 1384504d2cd0 +%global jaxws_revision 7a532a9a2271 +%global jdk_revision 1c4411322327 +%global langtools_revision 03f48cd283f5 +%global nashorn_revision 19aaaf2d02b7 %global icedtea_sound_version 1.0.1 # priority must be 6 digits in total %global priority 1905 ++++++ 31f1d26c60df.tar.bz2 -> 03f48cd283f5.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_9_0-openjdk/31f1d26c60df.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_9_0-openjdk.new/03f48cd283f5.tar.bz2 differ: char 11, line 1 ++++++ 31f1d26c60df.tar.bz2 -> 1384504d2cd0.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_9_0-openjdk/31f1d26c60df.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_9_0-openjdk.new/1384504d2cd0.tar.bz2 differ: char 11, line 1 ++++++ 31f1d26c60df.tar.bz2 -> 19aaaf2d02b7.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_9_0-openjdk/31f1d26c60df.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_9_0-openjdk.new/19aaaf2d02b7.tar.bz2 differ: char 11, line 1 ++++++ 31f1d26c60df.tar.bz2 -> 1c4411322327.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_9_0-openjdk/31f1d26c60df.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_9_0-openjdk.new/1c4411322327.tar.bz2 differ: char 11, line 1 ++++++ 31f1d26c60df.tar.bz2 -> 217ba81b9a4c.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_9_0-openjdk/31f1d26c60df.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_9_0-openjdk.new/217ba81b9a4c.tar.bz2 differ: char 11, line 1 ++++++ 31f1d26c60df.tar.bz2 -> 68a8e8658511.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_9_0-openjdk/31f1d26c60df.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_9_0-openjdk.new/68a8e8658511.tar.bz2 differ: char 11, line 1 ++++++ 31f1d26c60df.tar.bz2 -> 7a532a9a2271.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_9_0-openjdk/31f1d26c60df.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_9_0-openjdk.new/7a532a9a2271.tar.bz2 differ: char 11, line 1 ++++++ 31f1d26c60df.tar.bz2 -> 816a6d03a7c4.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/java-1_9_0-openjdk/31f1d26c60df.tar.bz2 /work/SRC/openSUSE:Factory/.java-1_9_0-openjdk.new/816a6d03a7c4.tar.bz2 differ: char 11, line 1

1 0

commit gcc-java for openSUSE:Factory
by root＠hilbertn.suse.de 25 Jan '17

25 Jan '17

Hello community, here is the log from the commit of package gcc-java for openSUSE:Factory checked in at 2017-01-25 23:33:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gcc-java (Old) and /work/SRC/openSUSE:Factory/.gcc-java.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "gcc-java" Changes: -------- New Changes file: --- /dev/null 2016-12-08 12:47:06.134691974 +0100 +++ /work/SRC/openSUSE:Factory/.gcc-java.new/gcc-java.changes 2017-01-25 23:33:34.978094685 +0100 @@ -0,0 +1,5 @@ +------------------------------------------------------------------- +Mon Jan 23 12:26:02 UTC 2017 - rguenther(a)suse.com + +- New package split out from gcc. + New: ---- gcc-java.changes gcc-java.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gcc-java.spec ++++++ # # spec file for package gcc-java # # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: gcc-java %define separate_bi32 0 %define separate_bi64 0 %ifarch ppc %define separate_bi64 1 %endif %ifarch x86_64 s390x ppc64 %define separate_bi32 1 %endif Url: http://gcc.gnu.org/ %define gcc_version 6 %define gcc_suffix 6 Version: 6 Release: 0 Summary: The system GNU Java Compiler License: GPL-3.0+ Group: Development/Languages/Java Requires: gcc%{gcc_version}-java Requires: libgcj-devel = %{version} Recommends: gcc-gij = %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The system GNU Java Compiler. %package -n libgcj-devel Summary: The system GNU Java development files. License: GPL-2.0-with-classpath-exception Group: Development/Libraries/Java Requires: libgcj-devel-gcc%{gcc_version} %description -n libgcj-devel The system GNU Java development files. %package -n gcc-gij Summary: The system GNU Java bytecode interpreter License: GPL-2.0+ Group: Development/Languages/Java Requires: gcc%{gcc_version}-gij %description -n gcc-gij The system GNU Java bytecode interpreter. %package -n gcc-gij-32bit Summary: The system GNU Java bytecode interpreter License: GPL-2.0+ Group: Development/Languages/Java Requires: gcc%{gcc_version}-gij-32bit %description -n gcc-gij-32bit The system GNU Java bytecode interpreter as 32 bit application. %package -n gcc-gij-64bit Summary: The system GNU Java bytecode interpreter License: GPL-2.0+ Group: Development/Languages/Java Requires: gcc%{gcc_version}-gij-64bit %description -n gcc-gij-64bit The system GNU Java bytecode interpreter as 64 bit application. %prep %build echo "This is a dummy package to provide a dependency on the system compiler." > README %install mkdir -p $RPM_BUILD_ROOT%{_prefix}/bin mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1 # Link all the binaries for program in \ gcj gcjh gcj-dbtool jcf-dump jv-convert gc-analyze \ gij \ gappletviewer \ gjar gjarsigner gjavah gkeytool gnative2ascii gorbd grmic \ grmid grmiregistry gserialver gtnameserv \ %if %{separate_bi32} grmiregistry32 \ gij32 \ %endif %if %{separate_bi64} grmiregistry64 \ gij64 \ %endif ; do ln -sf $program-%{gcc_suffix} $RPM_BUILD_ROOT%{_prefix}/bin/$program done # Link section 1 manpages for man1 in \ gcj gcjh gcj-dbtool jcf-dump jv-convert gc-analyze \ gij \ gappletviewer gjar gjarsigner gjavah \ gkeytool gnative2ascii gorbd grmic grmid grmiregistry gserialver \ gtnameserv \ ; do ln -sf $man1-%{gcc_suffix}.1.gz $RPM_BUILD_ROOT%{_mandir}/man1/$man1.1.gz done %files %defattr(-,root,root) %{_prefix}/bin/gcj %{_prefix}/bin/gcjh %{_prefix}/bin/gcj-dbtool %{_prefix}/bin/jcf-dump %{_prefix}/bin/jv-convert %{_prefix}/bin/gc-analyze %doc %{_mandir}/man1/gcj.1.gz %doc %{_mandir}/man1/gcjh.1.gz %doc %{_mandir}/man1/gcj-dbtool.1.gz %doc %{_mandir}/man1/jcf-dump.1.gz %doc %{_mandir}/man1/jv-convert.1.gz %doc %{_mandir}/man1/gc-analyze.1.gz %files -n gcc-gij %defattr(-,root,root) %{_prefix}/bin/gij %{_prefix}/bin/gappletviewer %{_prefix}/bin/gjar %{_prefix}/bin/gjarsigner %{_prefix}/bin/gjavah %{_prefix}/bin/gkeytool %{_prefix}/bin/gnative2ascii %{_prefix}/bin/gorbd %{_prefix}/bin/grmic %{_prefix}/bin/grmid %{_prefix}/bin/grmiregistry %{_prefix}/bin/gserialver %{_prefix}/bin/gtnameserv %doc %{_mandir}/man1/gij.1.gz %doc %{_mandir}/man1/gappletviewer.1.gz %doc %{_mandir}/man1/gjar.1.gz %doc %{_mandir}/man1/gjarsigner.1.gz %doc %{_mandir}/man1/gjavah.1.gz %doc %{_mandir}/man1/gkeytool.1.gz %doc %{_mandir}/man1/gnative2ascii.1.gz %doc %{_mandir}/man1/gorbd.1.gz %doc %{_mandir}/man1/grmic.1.gz %doc %{_mandir}/man1/grmid.1.gz %doc %{_mandir}/man1/grmiregistry.1.gz %doc %{_mandir}/man1/gserialver.1.gz %doc %{_mandir}/man1/gtnameserv.1.gz %files -n libgcj-devel %defattr(-,root,root) # empty - only for the dependency %doc README %if %{separate_bi32} %files -n gcc-gij-32bit %defattr(-,root,root) %{_prefix}/bin/gij32 %{_prefix}/bin/grmiregistry32 %endif %if %{separate_bi64} %files -n gcc-gij-64bit %defattr(-,root,root) %{_prefix}/bin/gij64 %{_prefix}/bin/grmiregistry64 %endif %changelog

1 0

commit nss_ldap for openSUSE:Factory
by root＠hilbertn.suse.de 25 Jan '17

25 Jan '17

Hello community, here is the log from the commit of package nss_ldap for openSUSE:Factory checked in at 2017-01-25 23:33:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nss_ldap (Old) and /work/SRC/openSUSE:Factory/.nss_ldap.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "nss_ldap" Changes: -------- --- /work/SRC/openSUSE:Factory/nss_ldap/nss_ldap.changes 2016-08-29 15:43:03.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.nss_ldap.new/nss_ldap.changes 2017-01-25 23:33:14.429191246 +0100 @@ -1,0 +2,5 @@ +Mon Jan 23 09:35:26 UTC 2017 - bwiedemann(a)suse.com + +- Add reproducible.patch to allow for reproducible builds + +------------------------------------------------------------------- New: ---- reproducible.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nss_ldap.spec ++++++ --- /var/tmp/diff_new_pack.79U9Gi/_old 2017-01-25 23:33:15.085092406 +0100 +++ /var/tmp/diff_new_pack.79U9Gi/_new 2017-01-25 23:33:15.085092406 +0100 @@ -1,7 +1,7 @@ # # spec file for package nss_ldap # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -43,6 +43,8 @@ Patch9: 0009-fix-for-BUG-412-don-t-close-nested-contexts.patch Patch10: 0010-initialize-context-in-_nss_ldap_getbyname.patch Patch11: 0011-When-invoked-via-glibc-the-input-buffer-is-enlarged.patch +# PATCH-FIX-TO-UPSTREAM -- is not opensuse specific +Patch12: reproducible.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: db-devel @@ -75,6 +77,7 @@ %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 cp -v %{SOURCE1} . %build ++++++ reproducible.patch ++++++ could not be sent upstream. http://bugzilla.padl.com is broken and support at padl.com returns User unknown make build reproducible see https://reproducible-builds.org/ for why this is good and https://reproducible-builds.org/specs/source-date-epoch/ for the definition of this variable Index: nss_ldap-265/vers_string =================================================================== --- nss_ldap-265.orig/vers_string +++ nss_ldap-265/vers_string @@ -4,6 +4,7 @@ # # Implementation of SGS vers_string which uses CVSVersionInfo.txt. +use POSIX qw(strftime); require "cvslib.pl"; $OUTFILE = (-f "version.h") ? "version.h" : "vers.c"; @@ -13,7 +14,8 @@ $HEADER = '$Id: vers_string,v 2.1 2009/1 if ($ENV{'PROGRAM'}) { $PROGRAM = $ENV{'PROGRAM'}; } chop($AUTHOR); -chop($DATE=`date -u`); +$AUTHOR = "reproducible" if $ENV{SOURCE_DATE_EPOCH}; +$DATE = strftime("%Y-%m-%d %T", gmtime($ENV{SOURCE_DATE_EPOCH} || time)); chop($CWD=`pwd`); ($PROJECT, $VERSION) = split(/\-/, &getCVSVersionInfo());

1 0

commit libqt5-qtstyleplugins for openSUSE:Factory
by root＠hilbertn.suse.de 25 Jan '17

25 Jan '17

Hello community, here is the log from the commit of package libqt5-qtstyleplugins for openSUSE:Factory checked in at 2017-01-25 23:33:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libqt5-qtstyleplugins (Old) and /work/SRC/openSUSE:Factory/.libqt5-qtstyleplugins.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libqt5-qtstyleplugins" Changes: -------- --- /work/SRC/openSUSE:Factory/libqt5-qtstyleplugins/libqt5-qtstyleplugins.changes 2017-01-22 00:31:17.572863007 +0100 +++ /work/SRC/openSUSE:Factory/.libqt5-qtstyleplugins.new/libqt5-qtstyleplugins.changes 2017-01-25 23:33:06.282418919 +0100 @@ -1,0 +2,11 @@ +Tue Jan 24 06:34:38 UTC 2017 - sor.alexei(a)meowr.ru + +- Update to version 5.0.0+git20170119 (changes since + 5.0.0+git20161215): + * Use Use QCommonStyle instead of QProxyStyle in QCleanlooksStyle + and QPlastiqueStyle: this allows to use correct colour + (non-white) for label text in a QComboBox. Also improves + progress bar drawing - now looks like in Qt4, the progress bar + content fills the entire groove vertically. + +------------------------------------------------------------------- Old: ---- qtstyleplugins-opensource-src-5.0.0+git20161215.tar.xz New: ---- qtstyleplugins-opensource-src-5.0.0+git20170119.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libqt5-qtstyleplugins.spec ++++++ --- /var/tmp/diff_new_pack.BGjmA5/_old 2017-01-25 23:33:06.722352623 +0100 +++ /var/tmp/diff_new_pack.BGjmA5/_new 2017-01-25 23:33:06.726352020 +0100 @@ -1,7 +1,7 @@ # # spec file for package libqt5-qtstyleplugins # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %define qt_version 5.7.1 %bcond_without gtk2 Name: libqt5-qtstyleplugins -Version: 5.0.0+git20161215 +Version: 5.0.0+git20170119 Release: 0 Summary: Qt 5 Style Plugins License: SUSE-LGPL-2.1-with-digia-exception-1.1 ++++++ qtstyleplugins-opensource-src-5.0.0+git20161215.tar.xz -> qtstyleplugins-opensource-src-5.0.0+git20170119.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtstyleplugins-opensource-src-5.0.0+git20161215/src/plugins/styles/cleanlooks/qcleanlooksstyle.cpp new/qtstyleplugins-opensource-src-5.0.0+git20170119/src/plugins/styles/cleanlooks/qcleanlooksstyle.cpp --- old/qtstyleplugins-opensource-src-5.0.0+git20161215/src/plugins/styles/cleanlooks/qcleanlooksstyle.cpp 2016-12-15 20:26:53.254502515 +0100 +++ new/qtstyleplugins-opensource-src-5.0.0+git20170119/src/plugins/styles/cleanlooks/qcleanlooksstyle.cpp 2017-01-24 09:50:40.775718643 +0100 @@ -2325,7 +2325,7 @@ #endif // QT_NO_TABBAR default: - QProxyStyle::drawControl(element,option,painter,widget); + QCommonStyle::drawControl(element,option,painter,widget); break; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtstyleplugins-opensource-src-5.0.0+git20161215/src/plugins/styles/plastique/qplastiquestyle.cpp new/qtstyleplugins-opensource-src-5.0.0+git20170119/src/plugins/styles/plastique/qplastiquestyle.cpp --- old/qtstyleplugins-opensource-src-5.0.0+git20161215/src/plugins/styles/plastique/qplastiquestyle.cpp 2016-12-15 20:26:53.258502766 +0100 +++ new/qtstyleplugins-opensource-src-5.0.0+git20170119/src/plugins/styles/plastique/qplastiquestyle.cpp 2017-01-24 09:50:40.855718115 +0100 @@ -3634,7 +3634,7 @@ break; #endif default: - QProxyStyle::drawControl(element, option, painter, widget); + QCommonStyle::drawControl(element, option, painter, widget); break; } }

1 0

commit vala-panel-plugin-sntray for openSUSE:Factory
by root＠hilbertn.suse.de 25 Jan '17

25 Jan '17

Hello community, here is the log from the commit of package vala-panel-plugin-sntray for openSUSE:Factory checked in at 2017-01-25 23:32:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vala-panel-plugin-sntray (Old) and /work/SRC/openSUSE:Factory/.vala-panel-plugin-sntray.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "vala-panel-plugin-sntray" Changes: -------- --- /work/SRC/openSUSE:Factory/vala-panel-plugin-sntray/vala-panel-plugin-sntray.changes 2016-05-17 17:15:46.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.vala-panel-plugin-sntray.new/vala-panel-plugin-sntray.changes 2017-01-25 23:32:59.247479053 +0100 @@ -1,0 +2,6 @@ +Mon Jan 23 12:25:12 UTC 2017 - sor.alexei(a)meowr.ru + +- Update to version 0.4.1: + * No changelog available. + +------------------------------------------------------------------- Old: ---- xfce4-sntray-plugin-0.3.14.tar.gz New: ---- xfce4-sntray-plugin-0.4.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vala-panel-plugin-sntray.spec ++++++ --- /var/tmp/diff_new_pack.RFG2Lu/_old 2017-01-25 23:32:59.639419989 +0100 +++ /var/tmp/diff_new_pack.RFG2Lu/_new 2017-01-25 23:32:59.643419387 +0100 @@ -1,7 +1,7 @@ # # spec file for package vala-panel-plugin-sntray # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define _name xfce4-sntray-plugin Name: vala-panel-plugin-sntray -Version: 0.3.14 +Version: 0.4.1 Release: 0 Summary: StatusNotifierItem (appindicator) plugin for vala-panel License: LGPL-3.0+ and GPL-3.0+ @@ -26,14 +26,15 @@ Url: https://github.com/rilian-la-te/xfce4-sntray-plugin Source: https://github.com/rilian-la-te/%{_name}/releases/download/%{version}/%{_na… BuildRequires: cmake >= 2.8 +BuildRequires: fdupes BuildRequires: gettext -BuildRequires: pkg-config +BuildRequires: pkgconfig BuildRequires: vala >= 0.24 -BuildRequires: pkgconfig(gtk+-3.0) >= 3.12 +BuildRequires: pkgconfig(gtk+-3.0) >= 3.16.0 BuildRequires: pkgconfig(libpeas-1.0) >= 1.2 BuildRequires: pkgconfig(vala-panel) Recommends: %{name}-lang -%if 0%{?suse_version} >= 1315 && 0%{?suse_version} != 1320 +%if 0%{?suse_version} > 1320 || (0%{?sle_version} >= 120100 && 0%{?is_opensuse}) BuildRequires: pkgconfig(libxfce4panel-2.0) BuildRequires: pkgconfig(libxfconf-0) %endif @@ -41,7 +42,7 @@ %description StatusNotifierItem is the new D-Bus standard for system tray. -%if 0%{?suse_version} >= 1315 && 0%{?suse_version} != 1320 +%if 0%{?suse_version} > 1320 || (0%{?sle_version} >= 120100 && 0%{?is_opensuse}) %package lang Summary: Languages for package vala-panel-plugin-sntray Group: System/Localization @@ -61,7 +62,7 @@ %lang_package %endif -%if 0%{?suse_version} >= 1315 && 0%{?suse_version} != 1320 +%if 0%{?suse_version} > 1320 || (0%{?sle_version} >= 120100 && 0%{?is_opensuse}) %package -n xfce4-panel-plugin-sntray Summary: StatusNotifierItem (appindicator) plugin for xfce4-panel Group: System/GUI/XFCE @@ -74,19 +75,16 @@ %prep %setup -q -n %{_name}-%{version} -%if 0%{?suse_version} != 1320 -# Use upstream glib-2.0.vapi. -rm src/vapi/glib-2.0.vapi -%endif %build %cmake \ -DGSETTINGS_COMPILE=OFF -make %{?_smp_mflags} +make %{?_smp_mflags} V=1 %install %cmake_install %find_lang %{_name} +%fdupes %{buildroot}%{_datadir}/ %post %glib2_gsettings_schema_post @@ -106,7 +104,7 @@ %files lang -f %{_name}.lang %defattr(-,root,root) -%if 0%{?suse_version} >= 1315 && 0%{?suse_version} != 1320 +%if 0%{?suse_version} > 1320 || (0%{?sle_version} >= 120100 && 0%{?is_opensuse}) %files -n xfce4-panel-plugin-sntray %defattr(-,root,root) %doc LICENSE README.md ++++++ xfce4-sntray-plugin-0.3.14.tar.gz -> xfce4-sntray-plugin-0.4.1.tar.gz ++++++ ++++ 6842 lines of diff (skipped)

1 0

commit vala-panel for openSUSE:Factory
by root＠hilbertn.suse.de 25 Jan '17

25 Jan '17

Hello community, here is the log from the commit of package vala-panel for openSUSE:Factory checked in at 2017-01-25 23:32:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vala-panel (Old) and /work/SRC/openSUSE:Factory/.vala-panel.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "vala-panel" Changes: -------- --- /work/SRC/openSUSE:Factory/vala-panel/vala-panel.changes 2016-05-17 17:15:43.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.vala-panel.new/vala-panel.changes 2017-01-25 23:32:52.640474706 +0100 @@ -1,0 +2,7 @@ +Mon Jan 23 12:25:12 UTC 2017 - sor.alexei(a)meowr.ru + +- Update to version 0.3.6: + * No changelog available. +- Fix recommends. + +------------------------------------------------------------------- Old: ---- vala-panel-0.3.5.tar.gz New: ---- vala-panel-0.3.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vala-panel.spec ++++++ --- /var/tmp/diff_new_pack.l1LqeX/_old 2017-01-25 23:32:53.996270392 +0100 +++ /var/tmp/diff_new_pack.l1LqeX/_new 2017-01-25 23:32:54.000269790 +0100 @@ -1,7 +1,7 @@ # # spec file for package vala-panel # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: vala-panel -Version: 0.3.5 +Version: 0.3.6 Release: 0 Summary: A Gtk3 desktop panel based on Vala License: GPL-3.0+ @@ -27,15 +27,15 @@ BuildRequires: cmake >= 2.8 BuildRequires: fdupes BuildRequires: gettext -BuildRequires: pkg-config +BuildRequires: pkgconfig BuildRequires: vala >= 0.24 -BuildRequires: pkgconfig(gtk+-3.0) >= 3.12.0 +BuildRequires: pkgconfig(gtk+-3.0) >= 3.16.0 BuildRequires: pkgconfig(libpeas-1.0) >= 1.2.0 BuildRequires: pkgconfig(libwnck-3.0) >= 3.4.0 -Recommends: %{name}-lang = %{version} +Recommends: %{name}-lang +Recommends: %{name}-plugin-sntray Recommends: %{name}-plugins-base = %{version} -Recommends: %{name}-sntray = %{version} -Suggests: %{name}-appmenu = %{version} +Suggests: %{name}-plugin-appmenu Suggests: %{name}-plugins-wnck = %{version} %description @@ -54,8 +54,7 @@ Summary: Development files for vala-panel Group: Development/Libraries/Other Requires: %{name} = %{version} -Requires: pkg-config -Requires: pkgconfig(gtk+-3.0) >= 3.12.0 +Requires: pkgconfig(gtk+-3.0) >= 3.16.0 Requires: pkgconfig(libpeas-1.0) >= 1.2.0 Requires: pkgconfig(libwnck-3.0) >= 3.4.0 @@ -82,21 +81,17 @@ %prep %setup -q -%if 0%{?suse_version} != 1320 -# Use upstream glib-2.0.vapi. -rm vapi/glib-2.0.vapi -%endif %build %cmake \ -DCMAKE_INSTALL_SYSCONFDIR=%{_sysconfdir} \ -DGSETTINGS_COMPILE=OFF -make %{?_smp_mflags} +make %{?_smp_mflags} V=1 %install %cmake_install %find_lang %{name} -%fdupes %{buildroot}%{_datadir} +%fdupes %{buildroot}%{_datadir}/ %post %icon_theme_cache_post ++++++ vala-panel-0.3.5.tar.gz -> vala-panel-0.3.6.tar.gz ++++++ ++++ 8236 lines of diff (skipped)

1 0

commit python-netaddr for openSUSE:Factory
by root＠hilbertn.suse.de 25 Jan '17

25 Jan '17

Hello community, here is the log from the commit of package python-netaddr for openSUSE:Factory checked in at 2017-01-25 23:32:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-netaddr (Old) and /work/SRC/openSUSE:Factory/.python-netaddr.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-netaddr" Changes: -------- --- /work/SRC/openSUSE:Factory/python-netaddr/python-netaddr.changes 2015-09-30 05:52:32.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python-netaddr.new/python-netaddr.changes 2017-01-25 23:32:45.793506528 +0100 @@ -1,0 +2,22 @@ +Sat Jan 14 14:15:17 UTC 2017 - michael(a)stroeder.com + +- update to 0.7.19: + * added a new SubnetSplitter class for those looking to divide up subnets. + Thanks alanwill and RyPeck and those on (Stack Overflow discussion). + * removed bundled pytest dependency code for "python setup.py test". + * setup.py now uses setuptools only (no more distutils) and setup_egg.py removed. + * cleaned up INSTALL docs so they accurately reflect current Python packaging. + * fixed broken parsing, generating and reading of IEEE index files when switching + between Python 2.x and 3.x. + FIXED Issue 133: https://github.com/drkjam/netaddr/issues/133 + - Splitting a single network into multiple prefixed networks + FIXED Issue 129: https://github.com/drkjam/netaddr/issues/129 + - fix IPAddress().netmask_bits to return 0 for 0.0.0.0 and [::] addresses + FIXED Issue 117: https://github.com/drkjam/netaddr/issues/117 + - (python setup.py test) failing with python3 >= 3.5 + FIXED Issue 137: https://github.com/drkjam/netaddr/issues/137 + - API reference is broken on ReadTheDocs + FIXED Issue 143: https://github.com/drkjam/netaddr/issues/143 + - Please refresh the bundled IANA and IEEE databases + +------------------------------------------------------------------- Old: ---- netaddr-0.7.18.tar.gz New: ---- netaddr-0.7.19.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-netaddr.spec ++++++ --- /var/tmp/diff_new_pack.tarzkz/_old 2017-01-25 23:32:46.201445053 +0100 +++ /var/tmp/diff_new_pack.tarzkz/_new 2017-01-25 23:32:46.205444450 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-netaddr # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ Name: python-netaddr -Version: 0.7.18 +Version: 0.7.19 Release: 0 Url: http://github.com/drkjam/netaddr Summary: Pythonic manipulation of IPv4, IPv6, CIDR, EUI and MAC network addresses License: BSD-3-Clause Group: Development/Languages/Python -Source: https://pypi.python.org/packages/source/n/netaddr/netaddr-%{version}.tar.gz +Source: https://pypi.io/packages/source/n/netaddr/netaddr-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: python-devel BuildRequires: python-setuptools @@ -66,6 +66,6 @@ %defattr(-,root,root,-) %{python_sitelib}/* %{_bindir}/netaddr -%doc AUTHORS CHANGELOG COPYRIGHT README.md LICENSE THANKS +%doc AUTHORS CHANGELOG COPYRIGHT README.md LICENSE %changelog ++++++ netaddr-0.7.18.tar.gz -> netaddr-0.7.19.tar.gz ++++++ ++++ 386450 lines of diff (skipped)

1 0

commit python-web.py for openSUSE:Factory
by root＠hilbertn.suse.de 25 Jan '17

25 Jan '17

Hello community, here is the log from the commit of package python-web.py for openSUSE:Factory checked in at 2017-01-25 23:32:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-web.py (Old) and /work/SRC/openSUSE:Factory/.python-web.py.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-web.py" Changes: -------- --- /work/SRC/openSUSE:Factory/python-web.py/python-web.py.changes 2012-07-02 11:07:48.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python-web.py.new/python-web.py.changes 2017-01-25 23:32:39.450462416 +0100 @@ -1,0 +2,31 @@ +Mon Jan 23 21:10:49 UTC 2017 - dmueller(a)suse.com + +- fix source url + +------------------------------------------------------------------- +Wed Nov 30 21:18:23 UTC 2016 - michael(a)stroeder.com + +- Updated to 0.38 + * Fixed failing tests in test/session.py when postgres is not installed. (tx Michael Diamond) + * Fixed an error with Python 2.3 (tx Michael Diamond) + * web.database now accepts a URL, $DATABASE_URL (fixes #171) (tx Aaron Swartz, we miss you) + * support port use 'port' as keyword for postgres database with used eith pgdb (tx Sandesh Singh) + * Fixes to FirebirdDB database (tx Ben Hanna) + * Added a gaerun method to start application for google app engine (tx Matt Habel) + * Better error message from `db.multiple_insert` when not all rows have the same keys (tx Ben Hoyt) + * Allow custom messages for most errors (tx Shaun Sharples) + * IPv6 support (tx Matthew of Boswell and zamabe) + * Fixed sending email using Amazon SES (tx asldevi) + * Fixed handling of long numbers in sqlify. closes #213. (tx cjrolo) + * Escape HTML characters when emitting API docs. (tx Jeff Zellman) + * Fixed an inconsistency in form.Dropdown when numbers are used for args and value. (tx Noprianto) + * Fixed a potential remote exeution risk in `reparam` (tx Adrián Brav) + * The where clause in db queries can be a dict now + * Added `first` method to iterbetter + * Fix to unexpected session when used with MySQL (tx suhashpatil) + * Change dburl2dict to use urlparse and to support the simple case of just a database name. (tx Jeff Zellman) + * Support '204 No Content' status code (tx Matteo Landi) + * Support `451 Unavailable For Legal Reasons` status code(tx Yannik Robin Kettenbach) + * Updates to documentation (tx goodrone, asldevi) + +------------------------------------------------------------------- Old: ---- web.py-0.37.tar.gz New: ---- web.py-0.38.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-web.py.spec ++++++ --- /var/tmp/diff_new_pack.D6Q5G7/_old 2017-01-25 23:32:39.826405762 +0100 +++ /var/tmp/diff_new_pack.D6Q5G7/_new 2017-01-25 23:32:39.826405762 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-web.py # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ Name: python-web.py -Version: 0.37 +Version: 0.38 Release: 0 Url: http://webpy.org/ Summary: web.py: makes web apps License: SUSE-Public-Domain and BSD-3-Clause Group: Development/Languages/Python -Source: http://pypi.python.org/packages/source/w/web.py/web.py-%{version}.tar.gz +Source: https://pypi.io/packages/source/w/web.py/web.py-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: python-devel %if 0%{?suse_version} && 0%{?suse_version} <= 1110 ++++++ web.py-0.37.tar.gz -> web.py-0.38.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/web.py-0.37/PKG-INFO new/web.py-0.38/PKG-INFO --- old/web.py-0.37/PKG-INFO 2012-06-26 07:21:31.000000000 +0200 +++ new/web.py-0.38/PKG-INFO 2016-07-08 09:07:25.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: web.py -Version: 0.37 +Version: 0.38 Summary: web.py: makes web apps Home-page: http://webpy.org/ Author: Anand Chitipothu diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/web.py-0.37/web/__init__.py new/web.py-0.38/web/__init__.py --- old/web.py-0.37/web/__init__.py 2012-06-26 07:19:55.000000000 +0200 +++ new/web.py-0.38/web/__init__.py 2016-07-08 09:03:09.000000000 +0200 @@ -3,7 +3,7 @@ from __future__ import generators -__version__ = "0.37" +__version__ = "0.38" __author__ = [ "Aaron Swartz <me(a)aaronsw.com>", "Anand Chitipothu <anandology(a)gmail.com>" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/web.py-0.37/web/application.py new/web.py-0.38/web/application.py --- old/web.py-0.37/web/application.py 2012-06-26 07:19:55.000000000 +0200 +++ new/web.py-0.38/web/application.py 2016-07-08 09:03:09.000000000 +0200 @@ -334,7 +334,49 @@ except ImportError: # we're not running from within Google App Engine return wsgiref.handlers.CGIHandler().run(wsgiapp) - + + def gaerun(self, *middleware): + """ + Starts the program in a way that will work with Google app engine, + no matter which version you are using (2.5 / 2.7) + + If it is 2.5, just normally start it with app.gaerun() + + If it is 2.7, make sure to change the app.yaml handler to point to the + global variable that contains the result of app.gaerun() + + For example: + + in app.yaml (where code.py is where the main code is located) + + handlers: + - url: /.* + script: code.app + + Make sure that the app variable is globally accessible + """ + wsgiapp = self.wsgifunc(*middleware) + try: + # check what version of python is running + version = sys.version_info[:2] + major = version[0] + minor = version[1] + + if major != 2: + raise EnvironmentError("Google App Engine only supports python 2.5 and 2.7") + + # if 2.7, return a function that can be run by gae + if minor == 7: + return wsgiapp + # if 2.5, use run_wsgi_app + elif minor == 5: + from google.appengine.ext.webapp.util import run_wsgi_app + return run_wsgi_app(wsgiapp) + else: + raise EnvironmentError("Not a supported platform, use python 2.5 or 2.7") + except ImportError: + return wsgiref.handlers.CGIHandler().run(wsgiapp) + def load(self, env): """Initializes ctx using env.""" ctx = web.ctx diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/web.py-0.37/web/db.py new/web.py-0.38/web/db.py --- old/web.py-0.37/web/db.py 2012-06-26 07:19:55.000000000 +0200 +++ new/web.py-0.38/web/db.py 2016-07-08 09:03:09.000000000 +0200 @@ -11,7 +11,7 @@ "database", 'DB', ] -import time +import time, os, urllib, urlparse try: import datetime except ImportError: @@ -296,6 +296,8 @@ <sql: 's IN (1, 2)'> """ dictionary = dictionary.copy() # eval mucks with it + # disable builtins to avoid risk for remote code exection. + dictionary['__builtins__'] = object() vals = [] result = [] for live, chunk in _interpolate(string_): @@ -326,6 +328,8 @@ return "'t'" elif obj is False: return "'f'" + elif isinstance(obj, long): + return str(obj) elif datetime and isinstance(obj, datetime.datetime): return repr(obj.isoformat()) else: @@ -613,11 +617,22 @@ #@@@ for backward-compatibility elif isinstance(where, (list, tuple)) and len(where) == 2: where = SQLQuery(where[0], where[1]) + elif isinstance(where, dict): + where = self._where_dict(where) elif isinstance(where, SQLQuery): pass else: where = reparam(where, vars) return where + + def _where_dict(self, where): + where_clauses = [] + for k, v in where.iteritems(): + where_clauses.append(k + ' = ' + sqlquote(v)) + if where_clauses: + return SQLQuery.join(where_clauses, " AND ") + else: + return None def query(self, sql_query, vars=None, processed=False, _test=False): """ @@ -673,6 +688,8 @@ <sql: 'SELECT * FROM foo'> >>> db.select(['foo', 'bar'], where="foo.bar_id = bar.id", limit=5, _test=True) <sql: 'SELECT * FROM foo, bar WHERE foo.bar_id = bar.id LIMIT 5'> + >>> db.select('foo', where={'id': 5}, _test=True) + <sql: 'SELECT * FROM foo WHERE id = 5'> """ if vars is None: vars = {} sql_clauses = self.sql_clauses(what, tables, where, group, order, limit, offset) @@ -694,15 +711,7 @@ >>> db.where('foo', _test=True) <sql: 'SELECT * FROM foo'> """ - where_clauses = [] - for k, v in kwargs.iteritems(): - where_clauses.append(k + ' = ' + sqlquote(v)) - - if where_clauses: - where = SQLQuery.join(where_clauses, " AND ") - else: - where = None - + where = self._where_dict(kwargs) return self.select(table, what=what, order=order, group=group, limit=limit, offset=offset, _test=_test, where=where) @@ -726,6 +735,8 @@ #@@@ elif isinstance(val, (list, tuple)) and len(val) == 2: nout = SQLQuery(val[0], val[1]) # backwards-compatibility + elif sql == 'WHERE' and isinstance(val, dict): + nout = self._where_dict(val) elif isinstance(val, SQLQuery): nout = val else: @@ -815,10 +826,9 @@ keys = values[0].keys() #@@ make sure all keys are valid - # make sure all rows have same keys. for v in values: if v.keys() != keys: - raise ValueError, 'Bad data' + raise ValueError, 'Not all rows have the same keys' sql_query = SQLQuery('INSERT INTO %s (%s) VALUES ' % (tablename, ', '.join(keys))) @@ -926,6 +936,8 @@ if db_module.__name__ == "psycopg2": import psycopg2.extensions psycopg2.extensions.register_type(psycopg2.extensions.UNICODE) + if db_module.__name__ == "pgdb" and 'port' in keywords: + keywords["host"] += ":" + str(keywords.pop('port')) # if db is not provided postgres driver will take it from PGDATABASE environment variable if 'db' in keywords: @@ -1042,10 +1054,11 @@ db = None pass if 'pw' in keywords: - keywords['passwd'] = keywords['pw'] - del keywords['pw'] - keywords['database'] = keywords['db'] - del keywords['db'] + keywords['password'] = keywords.pop('pw') + keywords['database'] = keywords.pop('db') + + self.paramstyle = db.paramstyle + DB.__init__(self, db, keywords) def delete(self, table, where=None, using=None, vars=None, _test=False): @@ -1131,6 +1144,30 @@ else: return query + "; SELECT %s.currval FROM dual" % seqname +def dburl2dict(url): + """ + Takes a URL to a database and parses it into an equivalent dictionary. + + >>> dburl2dict('postgres:///mygreatdb') + {'pw': None, 'dbn': 'postgres', 'db': 'mygreatdb', 'host': None, 'user': None, 'port': None} + >>> dburl2dict('postgres://james:day@serverfarm.example.net:5432/mygreatdb') + {'pw': 'day', 'dbn': 'postgres', 'db': 'mygreatdb', 'host': 'serverfarm.example.net', 'user': 'james', 'port': 5432} + >>> dburl2dict('postgres://james:day@serverfarm.example.net/mygreatdb') + {'pw': 'day', 'dbn': 'postgres', 'db': 'mygreatdb', 'host': 'serverfarm.example.net', 'user': 'james', 'port': None} + >>> dburl2dict('postgres://james:d%40y@serverfarm.example.net/mygreatdb') + {'pw': 'd@y', 'dbn': 'postgres', 'db': 'mygreatdb', 'host': 'serverfarm.example.net', 'user': 'james', 'port': None} + >>> dburl2dict('mysql://james:d%40y@serverfarm.example.net/mygreatdb') + {'pw': 'd@y', 'dbn': 'mysql', 'db': 'mygreatdb', 'host': 'serverfarm.example.net', 'user': 'james', 'port': None} + """ + parts = urlparse.urlparse(urllib.unquote(url)) + + return {'dbn': parts.scheme, + 'user': parts.username, + 'pw': parts.password, + 'db': parts.path[1:], + 'host': parts.hostname, + 'port': parts.port} + _databases = {} def database(dburl=None, **params): """Creates appropriate database using params. @@ -1138,6 +1175,10 @@ Pooling will be enabled if DBUtils module is available. Pooling can be disabled by passing pooling=False in params. """ + if not dburl and not params: + dburl = os.environ['DATABASE_URL'] + if dburl: + params = dburl2dict(dburl) dbn = params.pop('dbn') if dbn in _databases: return _databases[dbn](**params) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/web.py-0.37/web/form.py new/web.py-0.38/web/form.py --- old/web.py-0.37/web/form.py 2012-06-26 07:19:55.000000000 +0200 +++ new/web.py-0.38/web/form.py 2016-07-08 09:03:09.000000000 +0200 @@ -253,7 +253,13 @@ else: value, desc = arg, arg - if self.value == value or (isinstance(self.value, list) and value in self.value): + value = utils.safestr(value) + if isinstance(self.value, (tuple, list)): + s_value = [utils.safestr(x) for x in self.value] + else: + s_value = utils.safestr(self.value) + + if s_value == value or (isinstance(s_value, list) and value in s_value): select_p = ' selected="selected"' else: select_p = '' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/web.py-0.37/web/net.py new/web.py-0.38/web/net.py --- old/web.py-0.37/web/net.py 2012-06-26 07:19:55.000000000 +0200 +++ new/web.py-0.38/web/net.py 2016-07-08 09:03:09.000000000 +0200 @@ -4,7 +4,7 @@ """ __all__ = [ - "validipaddr", "validipport", "validip", "validaddr", + "validipaddr", "validip6addr", "validipport", "validip", "validaddr", "urlquote", "httpdate", "parsehttpdate", "htmlquote", "htmlunquote", "websafe", @@ -13,6 +13,28 @@ import urllib, time try: import datetime except ImportError: pass +import re +import socket + +def validip6addr(address): + """ + Returns True if `address` is a valid IPv6 address. + + >>> validip6addr('::') + True + >>> validip6addr('aaaa:bbbb:cccc:dddd::1') + True + >>> validip6addr('1:2:3:4:5:6:7:8:9:10') + False + >>> validip6addr('12:10') + False + """ + try: + socket.inet_pton(socket.AF_INET6, address) + except (socket.error, AttributeError): + return False + + return True def validipaddr(address): """ @@ -55,10 +77,37 @@ return True def validip(ip, defaultaddr="0.0.0.0", defaultport=8080): - """Returns `(ip_address, port)` from string `ip_addr_port`""" + """ + Returns `(ip_address, port)` from string `ip_addr_port` + >>> validip('1.2.3.4') + ('1.2.3.4', 8080) + >>> validip('80') + ('0.0.0.0', 80) + >>> validip('192.168.0.1:85') + ('192.168.0.1', 85) + >>> validip('::') + ('::', 8080) + >>> validip('[::]:88') + ('::', 88) + >>> validip('[::1]:80') + ('::1', 80) + + """ addr = defaultaddr port = defaultport + #Matt Boswell's code to check for ipv6 first + match = re.search(r'^\[([^]]+)\](?::(\d+))?$',ip) #check for [ipv6]:port + if match: + if validip6addr(match.group(1)): + if match.group(2): + if validipport(match.group(2)): return (match.group(1),int(match.group(2))) + else: + return (match.group(1),port) + else: + if validip6addr(ip): return (ip,port) + #end ipv6 code + ip = ip.split(":", 1) if len(ip) == 1: if not ip[0]: @@ -90,6 +139,8 @@ ('127.0.0.1', 8080) >>> validaddr('127.0.0.1:8000') ('127.0.0.1', 8000) + >>> validip('[::1]:80') + ('::1', 80) >>> validaddr('fff') Traceback (most recent call last): ... diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/web.py-0.37/web/session.py new/web.py-0.38/web/session.py --- old/web.py-0.37/web/session.py 2012-06-26 07:19:55.000000000 +0200 +++ new/web.py-0.38/web/session.py 2016-07-08 09:03:09.000000000 +0200 @@ -306,9 +306,9 @@ pickled = self.encode(value) now = datetime.datetime.now() if key in self: - self.db.update(self.table, where="session_id=$key", data=pickled, vars=locals()) + self.db.update(self.table, where="session_id=$key", data=pickled,atime=now, vars=locals()) else: - self.db.insert(self.table, False, session_id=key, data=pickled ) + self.db.insert(self.table, False, session_id=key, atime=now, data=pickled ) def __delitem__(self, key): self.db.delete(self.table, where="session_id=$key", vars=locals()) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/web.py-0.37/web/utils.py new/web.py-0.38/web/utils.py --- old/web.py-0.37/web/utils.py 2012-06-26 07:19:55.000000000 +0200 +++ new/web.py-0.38/web/utils.py 2016-07-08 09:03:09.000000000 +0200 @@ -645,6 +645,15 @@ ... IndexError: already passed 3 + It is also possible to get the first value of the iterator or None. + + >>> c = iterbetter(iter([3, 4, 5])) + >>> print c.first() + 3 + >>> c = iterbetter(iter([])) + >>> print c.first() + None + For boolean test, IterBetter peeps at first value in the itertor without effecting the iteration. >>> c = iterbetter(iter(range(5))) @@ -661,6 +670,18 @@ def __init__(self, iterator): self.i, self.c = iterator, 0 + def first(self, default=None): + """Returns the first element of the iterator or None when there are no + elements. + + If the optional argument default is specified, that is returned instead + of None when there are no elements. + """ + try: + return iter(self).next() + except StopIteration: + return default + def __iter__(self): if hasattr(self, "_head"): yield self._head @@ -1493,7 +1514,7 @@ c = boto.ses.SESConnection( aws_access_key_id=webapi.config.get('aws_access_key_id'), aws_secret_access_key=web.api.config.get('aws_secret_access_key')) - c.send_raw_email(self.from_address, message_text, self.from_recipients) + c.send_raw_email(self.from_address, message_text, self.recipients) else: sendmail = webapi.config.get('sendmail_path', '/usr/sbin/sendmail') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/web.py-0.37/web/webapi.py new/web.py-0.38/web/webapi.py --- old/web.py-0.37/web/webapi.py 2012-06-26 07:19:55.000000000 +0200 +++ new/web.py-0.38/web/webapi.py 2016-07-08 09:03:09.000000000 +0200 @@ -8,23 +8,23 @@ "header", "debug", "input", "data", "setcookie", "cookies", - "ctx", - "HTTPError", + "ctx", + "HTTPError", + + # 200, 201, 202, 204 + "OK", "Created", "Accepted", "NoContent", + "ok", "created", "accepted", "nocontent", - # 200, 201, 202 - "OK", "Created", "Accepted", - "ok", "created", "accepted", - # 301, 302, 303, 304, 307 - "Redirect", "Found", "SeeOther", "NotModified", "TempRedirect", + "Redirect", "Found", "SeeOther", "NotModified", "TempRedirect", "redirect", "found", "seeother", "notmodified", "tempredirect", - # 400, 401, 403, 404, 405, 406, 409, 410, 412, 415 - "BadRequest", "Unauthorized", "Forbidden", "NotFound", "NoMethod", "NotAcceptable", "Conflict", "Gone", "PreconditionFailed", "UnsupportedMediaType", - "badrequest", "unauthorized", "forbidden", "notfound", "nomethod", "notacceptable", "conflict", "gone", "preconditionfailed", "unsupportedmediatype", + # 400, 401, 403, 404, 405, 406, 409, 410, 412, 415, 451 + "BadRequest", "Unauthorized", "Forbidden", "NotFound", "NoMethod", "NotAcceptable", "Conflict", "Gone", "PreconditionFailed", "UnsupportedMediaType", "UnavailableForLegalReasons", + "badrequest", "unauthorized", "forbidden", "notfound", "nomethod", "notacceptable", "conflict", "gone", "preconditionfailed", "unsupportedmediatype", "unavailableforlegalreasons", # 500 - "InternalError", + "InternalError", "internalerror", ] @@ -46,16 +46,16 @@ header(k, v) self.data = data Exception.__init__(self, status) - + def _status_code(status, data=None, classname=None, docstring=None): if data is None: data = status.split(" ", 1)[1] - classname = status.split(" ", 1)[1].replace(' ', '') # 304 Not Modified -> NotModified + classname = status.split(" ", 1)[1].replace(' ', '') # 304 Not Modified -> NotModified docstring = docstring or '`%s` status' % status def __init__(self, data=data, headers={}): HTTPError.__init__(self, status, headers, data) - + # trick to create class dynamically with dynamic docstring. return type(classname, (HTTPError, object), { '__doc__': docstring, @@ -65,13 +65,14 @@ ok = OK = _status_code("200 OK", data="") created = Created = _status_code("201 Created") accepted = Accepted = _status_code("202 Accepted") +nocontent = NoContent = _status_code("204 No Content") class Redirect(HTTPError): """A `301 Moved Permanently` redirect.""" def __init__(self, url, status='301 Moved Permanently', absolute=False): """ - Returns a `status` redirect to the new URL. - `url` is joined with the base URL so that things like + Returns a `status` redirect to the new URL. + `url` is joined with the base URL so that things like `redirect("about") will work properly. """ newloc = urlparse.urljoin(ctx.path, url) @@ -102,7 +103,7 @@ """A `303 See Other` redirect.""" def __init__(self, url, absolute=False): Redirect.__init__(self, url, '303 See Other', absolute=absolute) - + seeother = SeeOther class NotModified(HTTPError): @@ -132,20 +133,20 @@ class Unauthorized(HTTPError): """`401 Unauthorized` error.""" message = "unauthorized" - def __init__(self): + def __init__(self, message=None): status = "401 Unauthorized" headers = {'Content-Type': 'text/html'} - HTTPError.__init__(self, status, headers, self.message) + HTTPError.__init__(self, status, headers, message or self.message) unauthorized = Unauthorized class Forbidden(HTTPError): """`403 Forbidden` error.""" message = "forbidden" - def __init__(self): + def __init__(self, message=None): status = "403 Forbidden" headers = {'Content-Type': 'text/html'} - HTTPError.__init__(self, status, headers, self.message) + HTTPError.__init__(self, status, headers, message or self.message) forbidden = Forbidden @@ -175,7 +176,7 @@ status = '405 Method Not Allowed' headers = {} headers['Content-Type'] = 'text/html' - + methods = ['GET', 'HEAD', 'POST', 'PUT', 'DELETE'] if cls: methods = [method for method in methods if hasattr(cls, method)] @@ -183,63 +184,83 @@ headers['Allow'] = ', '.join(methods) data = None HTTPError.__init__(self, status, headers, data) - + nomethod = NoMethod class NotAcceptable(HTTPError): """`406 Not Acceptable` error.""" message = "not acceptable" - def __init__(self): + def __init__(self, message=None): status = "406 Not Acceptable" headers = {'Content-Type': 'text/html'} - HTTPError.__init__(self, status, headers, self.message) + HTTPError.__init__(self, status, headers, message or self.message) notacceptable = NotAcceptable class Conflict(HTTPError): """`409 Conflict` error.""" message = "conflict" - def __init__(self): + def __init__(self, message=None): status = "409 Conflict" headers = {'Content-Type': 'text/html'} - HTTPError.__init__(self, status, headers, self.message) + HTTPError.__init__(self, status, headers, message or self.message) conflict = Conflict class Gone(HTTPError): """`410 Gone` error.""" message = "gone" - def __init__(self): + def __init__(self, message=None): status = '410 Gone' headers = {'Content-Type': 'text/html'} - HTTPError.__init__(self, status, headers, self.message) + HTTPError.__init__(self, status, headers, message or self.message) gone = Gone class PreconditionFailed(HTTPError): """`412 Precondition Failed` error.""" message = "precondition failed" - def __init__(self): + def __init__(self, message=None): status = "412 Precondition Failed" headers = {'Content-Type': 'text/html'} - HTTPError.__init__(self, status, headers, self.message) + HTTPError.__init__(self, status, headers, message or self.message) preconditionfailed = PreconditionFailed class UnsupportedMediaType(HTTPError): """`415 Unsupported Media Type` error.""" message = "unsupported media type" - def __init__(self): + def __init__(self, message=None): status = "415 Unsupported Media Type" headers = {'Content-Type': 'text/html'} - HTTPError.__init__(self, status, headers, self.message) + HTTPError.__init__(self, status, headers, message or self.message) unsupportedmediatype = UnsupportedMediaType +class _UnavailableForLegalReasons(HTTPError): + """`451 Unavailable For Legal Reasons` error.""" + message="unavailable for legal reasons" + def __init__(self, message=None): + status = "451 Unavailable For Legal Reasons" + headers = {'Content-Type': 'text/html'} + HTTPError.__init__(self, status, headers, message or self.message) + +def UnavailableForLegalReasons(message=None): + """Returns HTTPError with '415 Unavailable For Legal Reasons' error from the active application. + """ + if message: + return _UnavailableForLegalReasons(message) + elif ctx.get('app_stack'): + return ctx.app_stack[-1].unavailableforlegalreasons() + else: + return _UnavailableForLegalReasons() + +unavailableforlegalreasons = UnavailableForLegalReasons + class _InternalError(HTTPError): """500 Internal Server Error`.""" message = "internal server error" - + def __init__(self, message=None): status = '500 Internal Server Error' headers = {'Content-Type': 'text/html'} @@ -260,41 +281,41 @@ def header(hdr, value, unique=False): """ Adds the header `hdr: value` with the response. - + If `unique` is True and a header with that name already exists, - it doesn't add a new one. + it doesn't add a new one. """ hdr, value = safestr(hdr), safestr(value) # protection against HTTP response splitting attack if '\n' in hdr or '\r' in hdr or '\n' in value or '\r' in value: raise ValueError, 'invalid characters in header' - + if unique is True: for h, v in ctx.headers: if h.lower() == hdr.lower(): return - + ctx.headers.append((hdr, value)) - + def rawinput(method=None): """Returns storage object with GET or POST arguments. """ method = method or "both" from cStringIO import StringIO - def dictify(fs): + def dictify(fs): # hack to make web.input work with enctype='text/plain. if fs.list is None: - fs.list = [] + fs.list = [] return dict([(k, fs[k]) for k in fs.keys()]) - + e = ctx.env.copy() a = b = {} - + if method.lower() in ['both', 'post', 'put']: if e['REQUEST_METHOD'] in ['POST', 'PUT']: if e.get('CONTENT_TYPE', '').lower().startswith('multipart/'): - # since wsgi.input is directly passed to cgi.FieldStorage, + # since wsgi.input is directly passed to cgi.FieldStorage, # it can not be called multiple times. Saving the FieldStorage # object in ctx to allow calling web.input multiple times. a = ctx.get('_fieldstorage') @@ -323,7 +344,7 @@ def input(*requireds, **defaults): """ - Returns a `storage` object with the GET and POST arguments. + Returns a `storage` object with the GET and POST arguments. See `storify` for how `requireds` and `defaults` work. """ _method = defaults.pop('_method', 'both') @@ -359,10 +380,10 @@ if httponly: value += '; httponly' header('Set-Cookie', value) - + def decode_cookie(value): - r"""Safely decodes a cookie value to unicode. - + r"""Safely decodes a cookie value to unicode. + Tries us-ascii, utf-8 and io8859 encodings, in that order. >>> decode_cookie('') @@ -386,7 +407,7 @@ def parse_cookies(http_cookie): r"""Parse a HTTP_COOKIE header and return dict of cookie names and decoded values. - + >>> sorted(parse_cookies('').items()) [] >>> sorted(parse_cookies('a=1').items()) @@ -422,7 +443,7 @@ cookie.load(attr_value) except Cookie.CookieError: pass - cookies = dict((k, urllib.unquote(v.value)) for k, v in cookie.iteritems()) + cookies = dict([(k, urllib.unquote(v.value)) for k, v in cookie.iteritems()]) else: # HTTP_COOKIE doesn't have quotes, use fast cookie parsing cookies = {} @@ -435,18 +456,18 @@ def cookies(*requireds, **defaults): r"""Returns a `storage` object with all the request cookies in it. - + See `storify` for how `requireds` and `defaults` work. This is forgiving on bad HTTP_COOKIE input, it tries to parse at least the cookies it can. - + The values are converted to unicode if _unicode=True is passed. """ - # If _unicode=True is specified, use decode_cookie to convert cookie value to unicode + # If _unicode=True is specified, use decode_cookie to convert cookie value to unicode if defaults.get("_unicode") is True: defaults['_unicode'] = decode_cookie - + # parse cookie string and cache the result for next time. if '_parsed_cookies' not in ctx: http_cookie = ctx.env.get("HTTP_COOKIE", "") @@ -462,18 +483,18 @@ """ Prints a prettyprinted version of `args` to stderr. """ - try: + try: out = ctx.environ['wsgi.errors'] - except: + except: out = sys.stderr for arg in args: print >> out, pprint.pformat(arg) return '' def _debugwrite(x): - try: + try: out = ctx.environ['wsgi.errors'] - except: + except: out = sys.stderr out.write(x) debug.write = _debugwrite @@ -482,7 +503,7 @@ ctx.__doc__ = """ A `storage` object containing various information about the request: - + `environ` (aka `env`) : A dictionary containing the standard WSGI environment variables. @@ -500,7 +521,7 @@ `path` : The path request. - + `query` : If there are no query arguments, the empty string. Otherwise, a `?` followed by the query string. @@ -522,4 +543,4 @@ if __name__ == "__main__": import doctest - doctest.testmod() \ No newline at end of file + doctest.testmod() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/web.py-0.37/web/wsgi.py new/web.py-0.38/web/wsgi.py --- old/web.py-0.37/web/wsgi.py 2012-06-26 07:19:55.000000000 +0200 +++ new/web.py-0.38/web/wsgi.py 2016-07-08 09:03:09.000000000 +0200 @@ -7,7 +7,7 @@ import http import webapi as web -from utils import listget +from utils import listget, intget from net import validaddr, validip import httpserver @@ -51,7 +51,12 @@ else: return runscgi(func) - return httpserver.runsimple(func, validip(listget(sys.argv, 1, ''))) + + server_addr = validip(listget(sys.argv, 1, '')) + if os.environ.has_key('PORT'): # e.g. Heroku + server_addr = ('0.0.0.0', intget(os.environ['PORT'])) + + return httpserver.runsimple(func, server_addr) def _is_dev_mode(): # Some embedded python interpreters won't have sys.arv

1 0