openSUSE Commits
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
November 2018
- 1 participants
- 1606 discussions
Hello community,
here is the log from the commit of package elilo for openSUSE:Factory checked in at 2018-11-28 11:12:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/elilo (Old)
and /work/SRC/openSUSE:Factory/.elilo.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "elilo"
Wed Nov 28 11:12:21 2018 rev:31 rq:652139 version:3.16
Changes:
--------
--- /work/SRC/openSUSE:Factory/elilo/elilo.changes 2017-02-03 17:36:19.088445848 +0100
+++ /work/SRC/openSUSE:Factory/.elilo.new.19453/elilo.changes 2018-11-28 11:12:43.690955174 +0100
@@ -1,0 +2,25 @@
+Fri Nov 23 14:29:41 UTC 2018 - rw(a)suse.com
+
+- elilo.efi
+ * Try to properly allocate high_base_mem. (bsc#1000769)
+ (elilo-high_base_mem.diff)
+
+-------------------------------------------------------------------
+Thu Nov 22 16:17:20 UTC 2018 - rw(a)suse.com
+
+- elilo.spec
+ * Work around glitches introduced by gnu-efi.
+ * Add '-mno-red-zone' to work around Microsoft/SystemV AMD64 ABI
+ discrepancies. (bsc#953502)
+- elilo.pl
+ * Support 'ucode=' for XEN. (bsc#1102567)
+ * SecureBoot: Support detached configuration template.
+ * Add support for 'UUID='/'LABEL=' to specify EFI system partition
+ and fix bug introduced by NVMe device handling. (bsc#917195)
+ * Handle NVMe device names. (fate#317591)
+ * Don't abort, when "skip" is announced. (bsc#917130)
+- elilo.efi
+ * Remove special handling for '?' in textmenu-mode. (bsc#928546)
+ (elilo-textmenu-disable-print-devices.diff)
+
+-------------------------------------------------------------------
@@ -16 +41 @@
- * update to elilo-3.16 to fix OBS download check.
+ * Update to elilo-3.16 to fix OBS download check.
New:
----
elilo-high_base_mem.diff
elilo-textmenu-disable-print-devices.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ elilo.spec ++++++
--- /var/tmp/diff_new_pack.NTcPBC/_old 2018-11-28 11:12:44.182954483 +0100
+++ /var/tmp/diff_new_pack.NTcPBC/_new 2018-11-28 11:12:44.186954478 +0100
@@ -1,7 +1,7 @@
#
# spec file for package elilo
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -23,6 +23,7 @@
%endif
%endif
BuildRequires: gnu-efi >= 3.0u
+BuildRequires: xz
BuildRequires: perl(Pod::Man)
Name: elilo
@@ -52,6 +53,8 @@
Patch3: elilo-auto-add_efi_memmap.diff
Patch4: elilo-blocksize.diff
Patch5: elilo-text-mode.diff
+Patch6: elilo-textmenu-disable-print-devices.diff
+Patch7: elilo-high_base_mem.diff
Patch10: elilo-de-debianify.diff
Patch11: eliloalt-no-date.diff
@@ -68,23 +71,32 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
+%patch7 -p1
%patch10 -p1
%patch11 -p1
+# work around b0rked 'Str'-ops in newer 'gnu-efi' ... :-(
+find . -type f -name '*.[ch]' -print0 | xargs -0rn 1 \
+ perl -pi -e 's{Str(Chr|n(X?Cpy|Cat))}{eliloStr$1}g'
%build
perl -pi -e 's{/usr/lib}{%{_libdir}}' Make.defaults
##################################################################
## DO NOT ADD RPM OPT FLAGS! THIS DOES NOT BUILD AGAINST GLIBC. ##
##################################################################
-make OPTIMFLAGS="-fmessage-length=0"
+OPTFLAGS="-fmessage-length=0"
+%ifnarch ia64
+OPTFLAGS="$OPTFLAGS -mno-red-zone"
+%endif
+make OPTIMFLAGS="$OPTFLAGS"
perl -pe 's{\@EDITION\@}{%{version}};
s{\@LIBDIR\@}{%{_libdir}};
s{\@ARCH\@}{%{_target_cpu}};
' < %{SOURCE1} > elilo.pl &&
chmod 555 elilo.pl && touch -r %{SOURCE1} elilo.pl
-! grep -F '%%{version}-%%{release}' elilo.pl
+! grep -F '%%{version}' elilo.pl
pod2man -s 8 -c "System Boot" -r "SuSE Linux" \
- -n elilo -d "%{version}-%{release}" elilo.pl elilo.8
+ -n elilo -d "%{version}" elilo.pl elilo.8
touch -r elilo.pl elilo.8
%install
++++++ elilo-high_base_mem.diff ++++++
---
x86_64/system.c | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
--- a/x86_64/system.c
+++ b/x86_64/system.c
@@ -44,7 +44,9 @@
#include "loader.h"
#include "rmswitch.h"
+#ifndef DEBUG_CREATE_BOOT_PARAMS
#define DEBUG_CREATE_BOOT_PARAMS 0
+#endif
#if DEBUG_CREATE_BOOT_PARAMS
#define DPR(a) do { if (elilo_opt.debug) { Print a; } } while ( 0 )
#else
@@ -100,6 +102,7 @@ UINTN sizeof_init_gdt = sizeof init_gdt;
*/
UINTN high_base_mem = 0x90000;
+VOID *high_base_mem_address = NULL;
/*
* Highest available extended memory address.
@@ -128,6 +131,30 @@ sysdeps_init(EFI_HANDLE dev)
{
DBG_PRT((L"sysdeps_init()\n"));
+ DBG_PRT((L"fix high_base_mem and gdt_addr\n"));
+ while (!high_base_mem_address) {
+ high_base_mem_address = alloc_pages(5, EfiLoaderData,
+ AllocateAddress,
+ (void *)high_base_mem);
+ if (!high_base_mem_address) {
+ if (high_base_mem > (1 << 16)) {
+ high_base_mem -= (1 << 16);
+ } else {
+ /* fall back to previous behavior */
+ high_base_mem = 0x90000;
+ break;
+ }
+ }
+ }
+ if (high_base_mem_address) {
+ VERB_PRT(3, Print(L"high_base_mem="PTR_FMT"\n",
+ high_base_mem_address));
+ gdt_addr.base = high_base_mem + 0x4000;
+ } else {
+ ERR_PRT((L"Failed to allocate high_base_mem, "
+ "stomping over heritage 0x90000.\n"));
+ }
+
/*
* Register our loader(s)...
*/
@@ -624,6 +651,10 @@ sysdeps_create_boot_params(
ERR_PRT((L"bp="PTR_FMT" cmdline="PTR_FMT" initrd="PTR_FMT" cookie="PTR_FMT"",
bp, cmdline, initrd, cookie));
+ if (high_base_mem_address != NULL) {
+ free(high_base_mem_address);
+ high_base_mem_address = NULL;
+ }
if (param_start != NULL) {
free(param_start);
param_start = NULL;
++++++ elilo-textmenu-disable-print-devices.diff ++++++
---
choosers/textmenu.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/choosers/textmenu.c
+++ b/choosers/textmenu.c
@@ -308,11 +308,19 @@ reprint:
switch (key.UnicodeChar) {
/* XXX Do we really want this in textmenual mode? */
+#if 0
+ /*
+ * Definitely not, as '?' is a valid character on a
+ * kernel command line and sometimes needed for URLs
+ * while booting an installation. (And the output
+ * is barely visible anyhow...)
+ */
case L'?':
Print(L"\n");
print_devices();
first_time = 0;
goto reprint;
+#endif
case CHAR_BACKSPACE:
case CHAR_DEL:
if (PromptLen == 0) break;
++++++ elilo.pl ++++++
--- /var/tmp/diff_new_pack.NTcPBC/_old 2018-11-28 11:12:44.282954343 +0100
+++ /var/tmp/diff_new_pack.NTcPBC/_new 2018-11-28 11:12:44.282954343 +0100
@@ -1,5 +1,5 @@
#!/usr/bin/perl -w
-# $Id: elilo.pl,v 0.86 2013/10/25 14:22:33 rw Exp $
+# $Id: elilo.pl,v 0.94 2018/11/22 15:48:50 rw Exp $
use strict;
my $C = $0; $C =~ s{^.*/}{};
@@ -18,6 +18,7 @@
my $Sconf = "$dbg/etc/" . $Fconf;
my $Xconf = "xen.cfg";
my $Gconf = "grub.cfg";
+my $GconfT = "$dbg/etc/default/elilo2grub.in";
my @eBinaries = ("elilo.efi", "xen.efi", "shim.efi");
my ($elilo, $xen, $shim) = @eBinaries;
@@ -57,7 +58,7 @@
$| = 1;
sub Version() {
- my $v = q($Revision: 0.86 $ );
+ my $v = q($Revision: 0.94 $ );
$v =~ s/^\$ Rev.*:\ ([0-9.]+)\ \$\ /$1/x;
$v .= " (part of elilo-$Edition)" if ( $Edition ne "\@EDITION\@" );
print "$C version $v\n";
@@ -226,7 +227,7 @@
my $Xsections = 0;
sub section2Xconf($$%) {
my( $in, $lnr, %current) = @_;
- my( $label, $image, $initrd, $append, $root, $vmm, $vmmopts, $desc);
+ my( $label, $image, $initrd, $append, $root, $vmm, $vmmopts, $ucode, $desc);
if ( ! $current{xencfg} ) {
Info( 3, "=== Xconf: skipping ".
@@ -256,6 +257,8 @@
$root = ($root ? " root=$root " : " ");
$vmm = (exists( $current{VMM}) ? $current{VMM} :
(exists( $Sconf{vmm}) ? $Sconf{vmm} : ""));
+ $ucode = (exists( $current{ucode}) ? $current{ucode} :
+ (exists( $Sconf{ucode}) ? $Sconf{ucode} : ""));
if ( exists( $current{description}) ) {
$desc = $current{description};
} else {
@@ -273,6 +276,7 @@
return( 0 );
}
Info( 2, sprintf "=== %2d. Xconf: $label\n", ++$sections);
+ $Xconf{$label}{ucode} = $ucode if ($ucode);
$Xconf{$label}{vmm} = $vmm;
$Xconf{$label}{options} = $vmmopts;
$Xconf{$label}{kernel} = $image;
@@ -289,7 +293,6 @@
$Xconf{$label}{cfg} = "xen". ++$Xsections .".cfg";
}
-
return( 0 );
}
@@ -344,11 +347,11 @@
$current{$1} = (defined($2)) ? $2 : "true";
next;
}
- if ( m{^\s*(?:image|initrd|vmm)\s*=\s*} ) {
+ if ( m{^\s*(?:image|initrd|vmm|ucode)\s*=\s*} ) {
my $orig = $_;
chomp;
s{(vmm\s*=\s*)"([^"]+)"\s*(#.*)?$}{$1$2};
- s{^(\s*(image|initrd|vmm)\s*=\s*)(/\S+/)?([^/\s]+)\s*(.*?)\s*$}{$1$4};
+ s{^(\s*(image|initrd|vmm|ucode)\s*=\s*)(/\S+/)?([^/\s]+)\s*(.*?)\s*$}{$1$4};
my( $k, $p, $f, $o) = ($2, $3, $4, $5);
#Info( 8, ">>> $.: k=$k p=$p f=$f\n");
$_ .= "\n";
@@ -368,6 +371,11 @@
} elsif ( defined( $o) && $o ) {
Warn( "$in: $.: ignoring trailing garbage...\n");
}
+ if ( $k eq "ucode" ) {
+ $Sconf{$k} = $f if (!exists( $current{image}) && !exists( $Sconf{$k}));
+ $_ = "# $_"; # hide 'ucode' from elilo.conf -- it's only for XEN!
+ $opt = 0; # ucode is *never* optional!
+ }
if ( ! defined( $p) ) {
$p = "/boot/";
}
@@ -396,7 +404,7 @@
} elsif ( $opt ) {
Info( 0, "$C: Info: $in: $.: missing optional '$p$f' skipped\n");
} else {
- Warn( "$in: $.: missing '$p$f' skipped\n");
+ Warn( "$in: $.: missing '$p$f'\n");
}
}
next if ( $k eq "VMM" ); # omit efi-based "vmm" lines from elilo.conf!
@@ -564,6 +572,7 @@
sub GconfFSuuid($) {
my( $spec) = @_;
return ( "" ) unless ( $Sconf{SB} );
+ $spec =~ s{^UUID=}{/dev/disk/by-uuid/};
return ( $GconfFSuuid{$spec} ) if ( exists( $GconfFSuuid{$spec}) );
my $uuid = "";
@@ -571,17 +580,20 @@
if ( -x $cmd ) {
my $dop = (-b $spec) ? "--device" : "";
chomp( $uuid = qx{$cmd --target=fs_uuid $dop "$spec"});
- } else {
+ }
+ if ( ! defined( $uuid) || ! $uuid ) {
$uuid = GconfProbeFSuuid( $spec);
}
if ( ! defined( $uuid) || ! $uuid ) {
- Panic( 3, "couldn't determine fs_uuid -- skip SecureBoot/grub2 config!\n");
+ Warn( "couldn't determine fs_uuid -- skip SecureBoot/grub2 config!\n");
$Sconf{SB} = "";
+ return ( "" );
}
$GconfFSuuid{$spec} = $uuid;
return ( $uuid );
}
-sub Gconf() {
+sub Gconf($) {
+ my ($data) = @_;
my @parts = ("pre", "Econf", "Xconf", "post");
my @keys = ("label", "kernel", "ramdisk", "options", "description",
"rootfsuuid", "bootfsuuid", "disknr", "partnr", "vmm", "cfg");
@@ -593,7 +605,7 @@
$re = qr{^\>\>grub\.($re|.*)\<\<}ox;
- while ( <DATA> ) {
+ while ( <$data> ) {
if ( m{^__(END)__} || ($current && m{$re}o) ) {
Info( 9, "<<$current\n$lines>>$current => $_");
$S{$current} = $lines;
@@ -695,8 +707,16 @@
my( $in, $dir) = @_;
my $c = $Sconf{'__warn-count'};
-
- Gconf() if ( $Sconf{SB} );
+ if ( $Sconf{SB} ) {
+ my $fh;
+ if ( -r $GconfT ) {
+ open( $fh, "< $GconfT") || Panic( 1, "$GconfT: failed to open: $!\n");
+ } else {
+ open( $fh, "<&DATA") || Panic( 1, "<DATA>: failed to dup: $!\n");
+ }
+ Gconf($fh) if ( $Sconf{SB} );
+ close( $fh);
+ }
Warn( "no complete section for $Xconf!\n")
if ( $Sconf{xencfg} && ! exists( $Labels{Xconf}) );
@@ -844,16 +864,36 @@
my ( $d) = @_;
my @I = ("/etc/fstab", "/proc/mounts", "/etc/mtab");
Info( 3, "### MP($d):");
- foreach my $f ( @I ) {
+ SOURCE: foreach my $f ( @I ) {
open( IN, "< $f") || next;
while ( <IN> ) {
chomp;
next if ( m{^#} );
my @F = split;
+ my $lno;
if ( $F[1] eq $d ) {
- Info( 3, " found in '$f' line $. => true\n");
- close( IN);
- return( $F[0]);
+ my $dev = $F[0];
+ $dev =~ s{^UUID=}{/dev/disk/by-uuid/};
+ $dev =~ s{^LABEL=}{/dev/disk/by-label/};
+ $lno = $.;
+ close( IN);
+ while ( -l $dev ) {
+ my $t = `readlink -en "$dev"`;
+ if ( ! defined( $t) ) {
+ Info( 0, "readlink failed for line $lno in '$f'.\n");
+ next SOURCE;
+ }
+ if ( ! -b $dev ) {
+ Info( 0, "no block-device on line $lno in '$f': $dev.\n");
+ next SOURCE;
+ }
+ if ( $t =~ m{^(/dev/|(../)*)dm-[0-9a-f]+$}i ) {
+ last;
+ }
+ $dev = $t;
+ }
+ Info( 3, " found '$dev' in '$f' line $lno => true\n");
+ return( $dev);
}
}
close( IN);
@@ -920,8 +960,8 @@
my $entry;
if ( ! -r "$MP$path" ) {
- #Warn( "refusing to create EBM for non-existant binary ($MP$path).\n");
- Warn( "refusing to create EBM for non-existant binary.\n");
+ #Warn( "refusing to create EBM for non-existent binary ($MP$path).\n");
+ Warn( "refusing to create EBM for non-existent binary.\n");
return unless ( $test );
Info( 1, "#");
}
@@ -942,10 +982,10 @@
next unless ( hwpEqual( $hwp, $3) );
if ( $file eq $4 ) {
my $c = hex($1);
-# This effort below to elliminate holes in the boot enry list voids
+# This effort below to eliminate holes in the boot entry list voids
# the attempt to order EBM entries by simply calling '--refresh-EBM'.
# The full solution would require adding an interface to 'efibootmgr -o',
-# which is unfortunately not feasable this late in the release cycle.
+# which is unfortunately not feasible this late in the release cycle.
# if ( $lbl eq $2 ) {
# # delete label with higher number
# my $n = ($num < $c) ? $c : $num;
@@ -969,26 +1009,33 @@
sub Refresh($$) {
my ( $device, $dir) = @_;
- my ($dev, $part, $path, $label, $ret);
+ my ($dev, $sep, $part, $path, $label, $ret);
my $shim_opts = ""; #$sBinaries[1];
# device & partition
- if ( $device =~ m{^(.*)-part(\d+)$} ) {
+ if ( $device =~ m{^(.*)([-_]part)(\d+)$} ) {
$dev = $1;
- $part = $2;
- } elsif ( $device =~ m{^(.*)_part(\d+)$} ) {
- # /dev/mapper/... should not be used
+ $sep = $2;
+ $part = $3;
+ } elsif ( $device =~ m{^(.*/[a-z0-9]+)(p)(\d+)$}i ) {
+ # accept things like 'c0d0p1' or 'nvme0n0p1'
$dev = $1;
- $part = $2;
- } elsif ( $device =~ m{^(.*/c\d+d\d+)p(\d+)$} ) {
- $dev = $1;
- $part = $2;
- } elsif ( $device =~ m{^(/dev/\D+)(\d+)$} ) {
+ $sep = $2;
+ $part = $3;
+ } elsif ( $device =~ m{^(/dev/[a-z]+)(\d+)$}i ) {
+ # accept '/dev/sda1', but refuse '/dev/dm-1'
$dev = $1;
+ $sep = "";
$part = $2;
} else {
Panic( 2, "parse error on EFI partition $device.\n");
}
+ if ( ! -b $dev ) {
+ Panic( 2, "EFI partition parent device $dev not found.\n");
+ }
+ if ( ! -b "$dev$sep$part" ) {
+ Panic( 2, "EFI partition $part on device $dev not found.\n");
+ }
Info( 4, "#### dev=$dev, part=$part\n");
# path
$path = "/efi/$VD/";
@@ -1002,6 +1049,11 @@
$label = "SUSE Linux Enterprise";
}
Info( 4, "#### label=$label\n");
+ if ( $Sconf{SB} && ! exists($Sconf{'SB-fallback'}) &&
+ ! -r "$MP$path$shim" ) {
+ # try to force "fallback" when primary target went missing!
+ $Sconf{'SB-fallback'} = "true";
+ }
if ( ! $Sconf{SB} || exists($Sconf{'SB-fallback'}) ) {
my $lbl = $label . ($Sconf{'SB'} ? " (fallback)" : "");
$ret = ebm( "XEN ".$lbl, $dev, $part, $path . $xen, "")
1
0
Hello community,
here is the log from the commit of package valgrind for openSUSE:Factory checked in at 2018-11-28 11:11:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/valgrind (Old)
and /work/SRC/openSUSE:Factory/.valgrind.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "valgrind"
Wed Nov 28 11:11:53 2018 rev:111 rq:652030 version:3.14.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/valgrind/valgrind.changes 2018-10-01 09:07:45.211772453 +0200
+++ /work/SRC/openSUSE:Factory/.valgrind.new.19453/valgrind.changes 2018-11-28 11:12:42.666956612 +0100
@@ -1,0 +2,53 @@
+Sun Nov 25 21:06:20 UTC 2018 - olaf(a)aepfle.de
+
+- update valgrind.xen.patch to branch bug390553-20181125-ddfc274b2
+
+-------------------------------------------------------------------
+Thu Nov 22 09:21:45 UTC 2018 - Dirk Mueller <dmueller(a)suse.com>
+
+- build against Toolchain module for SLE12
+- add 0001-Bug-397187-s390x-Add-vector-register-support-for-vgd.patch
+ 0001-Bug-400490-s390x-Fix-register-allocation-for-VRs-vs-.patch,
+ 0001-Bug-400491-s390x-Sign-extend-immediate-operand-of-LO.patch,
+ 0001-s390x-more-fixes.patch,
+ Implement-emulated-system-registers.-Fixes-392146.patch (FATE#326355)
+- enable check (poo#36751)
+
+-------------------------------------------------------------------
+Wed Nov 21 11:51:45 UTC 2018 - Dirk Mueller <dmueller(a)suse.com>
+
+- update to 3.14.0 (bsc#1114575, FATE#326355):
+ see http://www.valgrind.org/docs/manual/dist.news.html
+ * The new option --keep-debuginfo=no|yes (default no) can be used to retain
+ debug info for unloaded code. This allows saved stack traces (e.g. for
+ memory leaks) to include file/line info for code that has been dlclose'd (or
+ similar). See the user manual for more information and known limitations.
+ * Ability to specify suppressions based on source file name and line number.
+ * Majorly overhauled register allocator. No end-user changes, but the JIT
+ generates code a bit more quickly now.
+ * Preliminary support for macOS 10.13 has been added.
+ * mips: support for MIPS32/MIPS64 Revision 6 has been added.
+ * mips: support for MIPS SIMD architecture (MSA) has been added.
+ * mips: support for MIPS N32 ABI has been added.
+ * s390: partial support for vector instructions (integer and string) has been
+ added.
+ * Helgrind: Addition of a flag
+ --delta-stacktrace=no|yes [yes on linux amd64/x86]
+ which specifies how full history stack traces should be computed.
+ Setting this to =yes can speed up Helgrind by 25% when using
+ --history-level=full.
+ * Memcheck: reduced false positive rate for optimised code created by Clang 6
+ / LLVM 6 on x86, amd64 and arm64. In particular, Memcheck analyses code
+ blocks more carefully to determine where it can avoid expensive definedness
+ checks without loss of precision. This is controlled by the flag
+ --expensive-definedness-checks=no|auto|yes [auto].
+ * Valgrind is now buildable with link-time optimisation (LTO). A new
+ configure option --enable-lto=yes allows building Valgrind with LTO. If the
+ toolchain supports it, this produces a smaller/faster Valgrind (up to 10%).
+ Note that if you are doing Valgrind development, --enable-lto=yes massively
+ slows down the build process.
+- remove epoll-wait-fix.patch,
+ Fix-access-to-time-base-register-to-return-64-bits.patch,
+ 0001-Accept-read-only-PT_LOAD-segments-and-.rodata.patch (upstream),
+
+-------------------------------------------------------------------
Old:
----
0001-Accept-read-only-PT_LOAD-segments-and-.rodata.patch
Fix-access-to-time-base-register-to-return-64-bits.patch
epoll-wait-fix.patch
valgrind-3.13.0.tar.bz2
New:
----
0001-Bug-397187-s390x-Add-vector-register-support-for-vgd.patch
0001-Bug-400490-s390x-Fix-register-allocation-for-VRs-vs-.patch
0001-Bug-400491-s390x-Sign-extend-immediate-operand-of-LO.patch
0001-s390x-more-fixes.patch
valgrind-3.14.0.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ valgrind.spec ++++++
--- /var/tmp/diff_new_pack.Ms6TLR/_old 2018-11-28 11:12:43.422955551 +0100
+++ /var/tmp/diff_new_pack.Ms6TLR/_new 2018-11-28 11:12:43.422955551 +0100
@@ -22,31 +22,35 @@
%define building_docs 1
Name: valgrind
-Version: 3.13.0
+Version: 3.14.0
Release: 0
Summary: Memory Management Debugger
License: GPL-2.0-or-later
Group: Development/Tools/Debuggers
Url: http://valgrind.org/
Source0: ftp://sourceware.org/pub/valgrind/valgrind-%{version}.tar.bz2
-# svn di svn://svn.valgrind.org/valgrind/tags/VALGRIND_3_5_0 svn://svn.valgrind.org/valgrind/branches/VALGRIND_3_5_BRANCH > 3_5_BRANCH.diff
-# svn di svn://svn.valgrind.org/vex/tags/VEX_3_5_0 svn://svn.valgrind.org/vex/branches/VEX_3_5_BRANCH > VEX_3_5_BRANCH.diff
+# https://bugs.kde.org/show_bug.cgi?id=390553
+# https://github.com/olafhering/valgrind/compare/olh-base-master...olh-fixes-…
Patch0: valgrind.xen.patch
Patch1: jit-register-unregister.diff
Patch2: armv6-support.diff
-Patch3: epoll-wait-fix.patch
Patch4: Implement-emulated-system-registers.-Fixes-392146.patch
-# PATCH-FIX-UPSTREAM [backport] - https://sourceware.org/git/?p=valgrind.git;a=commit;h=64aa729bfae71561505a4…
-Patch5: 0001-Accept-read-only-PT_LOAD-segments-and-.rodata.patch
-# PATCH-FIX-UPSTREAM - https://sourceware.org/git/?p=valgrind.git;a=commit;h=6a55b1e82ccda3f0d663d…
-Patch6: Fix-access-to-time-base-register-to-return-64-bits.patch
+Patch5: 0001-Bug-400490-s390x-Fix-register-allocation-for-VRs-vs-.patch
+Patch6: 0001-Bug-400491-s390x-Sign-extend-immediate-operand-of-LO.patch
+Patch7: 0001-Bug-397187-s390x-Add-vector-register-support-for-vgd.patch
+Patch8: 0001-s390x-more-fixes.patch
BuildRequires: automake
BuildRequires: docbook-xsl-stylesheets
BuildRequires: docbook_4
+%if 0%{?suse_version} < 1320
+BuildRequires: gcc8-c++
+%else
BuildRequires: gcc-c++
+%endif
BuildRequires: glibc-devel-32bit
BuildRequires: libxslt
BuildRequires: pkgconfig
+BuildRequires: procps
Requires: glibc >= %{glibc_main_version}.%{glibc_major_version}
Requires: glibc < %{glibc_main_version}.%{lua:print(rpm.expand("%{glibc_major_version}")+1)}
Provides: callgrind = %{version}
@@ -110,12 +114,18 @@
# needs porting to 3.11
##%patch1
%patch2
-%patch3
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
+%patch8 -p1
%build
+%if 0%{?suse_version} < 1320
+export CC="%{_bindir}/gcc-8"
+export CXX="%{_bindir}/g++-8"
+%endif
+
export FLAGS="%{optflags}"
%ifarch %arm
# Valgrind doesn't support compiling for Thumb yet. Remove when it gets
@@ -135,6 +145,7 @@
export GDB=%{_bindir}/gdb
%configure \
+ --enable-lto=yes \
%ifarch aarch64
--enable-only64bit
%endif
@@ -157,6 +168,15 @@
mkdir -p %{buildroot}%{_docdir}/%{name}
cp -a README* NEWS AUTHORS %{buildroot}/%{_defaultdocdir}/%{name}
+%check
+# OBS doesn't have a z13
+%ifnarch s390x
+# has too many spurious failures
+# make %{?_smp_mflags} regtest
+#patent pending self test
+VALGRIND_LIB=$PWD/.in_place VALGRIND_LIB_INNER=$PWD/.in_place ./coregrind/valgrind /usr/bin/perl -wc tests/vg_regtest
+%endif
+
%files
%license COPYING COPYING.DOCS
%{_bindir}/*
@@ -257,12 +277,16 @@
%{_libdir}/valgrind/s390-acr.xml
%{_libdir}/valgrind/s390-fpr-valgrind-s*.xml
%{_libdir}/valgrind/s390-fpr.xml
+%{_libdir}/valgrind/s390-vx-valgrind-s*.xml
+%{_libdir}/valgrind/s390-vx.xml
%{_libdir}/valgrind/s390x-core64-valgrind-s*.xml
%{_libdir}/valgrind/s390x-core64.xml
%{_libdir}/valgrind/s390x-generic-valgrind.xml
%{_libdir}/valgrind/s390x-generic.xml
%{_libdir}/valgrind/s390x-linux64-valgrind-s*.xml
%{_libdir}/valgrind/s390x-linux64.xml
+%{_libdir}/valgrind/s390x-vx-linux-valgrind.xml
+%{_libdir}/valgrind/s390x-vx-linux.xml
%files devel
%{_libdir}/valgrind/lib*.a
++++++ 0001-Bug-397187-s390x-Add-vector-register-support-for-vgd.patch ++++++
>From 50bd2282bce101012a5668b670cb185375600d2d Mon Sep 17 00:00:00 2001
From: Andreas Arnez <arnez(a)linux.ibm.com>
Date: Thu, 18 Oct 2018 17:51:57 +0200
Subject: [PATCH] Bug 397187 s390x: Add vector register support for vgdb
On s390x machines with a vector facility, Valgrind's gdbserver didn't
represent the vector registers. This is fixed.
---
NEWS | 1 +
coregrind/Makefile.am | 5 +
coregrind/m_gdbserver/s390-vx-valgrind-s1.xml | 43 ++++++++
coregrind/m_gdbserver/s390-vx-valgrind-s2.xml | 43 ++++++++
coregrind/m_gdbserver/s390-vx.xml | 59 +++++++++++
.../m_gdbserver/s390x-vx-linux-valgrind.xml | 28 ++++++
coregrind/m_gdbserver/s390x-vx-linux.xml | 18 ++++
coregrind/m_gdbserver/valgrind-low-s390x.c | 97 +++++++++++++++++--
8 files changed, 288 insertions(+), 6 deletions(-)
create mode 100644 coregrind/m_gdbserver/s390-vx-valgrind-s1.xml
create mode 100644 coregrind/m_gdbserver/s390-vx-valgrind-s2.xml
create mode 100644 coregrind/m_gdbserver/s390-vx.xml
create mode 100644 coregrind/m_gdbserver/s390x-vx-linux-valgrind.xml
create mode 100644 coregrind/m_gdbserver/s390x-vx-linux.xml
Index: valgrind-3.14.0/coregrind/Makefile.am
===================================================================
--- valgrind-3.14.0.orig/coregrind/Makefile.am
+++ valgrind-3.14.0/coregrind/Makefile.am
@@ -681,6 +681,11 @@ GDBSERVER_XML_FILES = \
m_gdbserver/s390x-linux64-valgrind-s1.xml \
m_gdbserver/s390x-linux64-valgrind-s2.xml \
m_gdbserver/s390x-linux64.xml \
+ m_gdbserver/s390-vx-valgrind-s1.xml \
+ m_gdbserver/s390-vx-valgrind-s2.xml \
+ m_gdbserver/s390-vx.xml \
+ m_gdbserver/s390x-vx-linux-valgrind.xml \
+ m_gdbserver/s390x-vx-linux.xml \
m_gdbserver/mips-cp0-valgrind-s1.xml \
m_gdbserver/mips-cp0-valgrind-s2.xml \
m_gdbserver/mips-cp0.xml \
Index: valgrind-3.14.0/coregrind/m_gdbserver/s390-vx-valgrind-s1.xml
===================================================================
--- /dev/null
+++ valgrind-3.14.0/coregrind/m_gdbserver/s390-vx-valgrind-s1.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0"?>
+<!-- Copyright (C) 2015-2018 Free Software Foundation, Inc.
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. -->
+
+<!DOCTYPE feature SYSTEM "gdb-target.dtd">
+<feature name="org.gnu.gdb.s390.vx-valgrind-s1">
+ <reg name="v0ls1" bitsize="64" type="uint64"/>
+ <reg name="v1ls1" bitsize="64" type="uint64"/>
+ <reg name="v2ls1" bitsize="64" type="uint64"/>
+ <reg name="v3ls1" bitsize="64" type="uint64"/>
+ <reg name="v4ls1" bitsize="64" type="uint64"/>
+ <reg name="v5ls1" bitsize="64" type="uint64"/>
+ <reg name="v6ls1" bitsize="64" type="uint64"/>
+ <reg name="v7ls1" bitsize="64" type="uint64"/>
+ <reg name="v8ls1" bitsize="64" type="uint64"/>
+ <reg name="v9ls1" bitsize="64" type="uint64"/>
+ <reg name="v10ls1" bitsize="64" type="uint64"/>
+ <reg name="v11ls1" bitsize="64" type="uint64"/>
+ <reg name="v12ls1" bitsize="64" type="uint64"/>
+ <reg name="v13ls1" bitsize="64" type="uint64"/>
+ <reg name="v14ls1" bitsize="64" type="uint64"/>
+ <reg name="v15ls1" bitsize="64" type="uint64"/>
+
+ <reg name="v16s1" bitsize="128" type="uint128"/>
+ <reg name="v17s1" bitsize="128" type="uint128"/>
+ <reg name="v18s1" bitsize="128" type="uint128"/>
+ <reg name="v19s1" bitsize="128" type="uint128"/>
+ <reg name="v20s1" bitsize="128" type="uint128"/>
+ <reg name="v21s1" bitsize="128" type="uint128"/>
+ <reg name="v22s1" bitsize="128" type="uint128"/>
+ <reg name="v23s1" bitsize="128" type="uint128"/>
+ <reg name="v24s1" bitsize="128" type="uint128"/>
+ <reg name="v25s1" bitsize="128" type="uint128"/>
+ <reg name="v26s1" bitsize="128" type="uint128"/>
+ <reg name="v27s1" bitsize="128" type="uint128"/>
+ <reg name="v28s1" bitsize="128" type="uint128"/>
+ <reg name="v29s1" bitsize="128" type="uint128"/>
+ <reg name="v30s1" bitsize="128" type="uint128"/>
+ <reg name="v31s1" bitsize="128" type="uint128"/>
+</feature>
Index: valgrind-3.14.0/coregrind/m_gdbserver/s390-vx-valgrind-s2.xml
===================================================================
--- /dev/null
+++ valgrind-3.14.0/coregrind/m_gdbserver/s390-vx-valgrind-s2.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0"?>
+<!-- Copyright (C) 2015-2018 Free Software Foundation, Inc.
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. -->
+
+<!DOCTYPE feature SYSTEM "gdb-target.dtd">
+<feature name="org.gnu.gdb.s390.vx-valgrind-s2">
+ <reg name="v0ls2" bitsize="64" type="uint64"/>
+ <reg name="v1ls2" bitsize="64" type="uint64"/>
+ <reg name="v2ls2" bitsize="64" type="uint64"/>
+ <reg name="v3ls2" bitsize="64" type="uint64"/>
+ <reg name="v4ls2" bitsize="64" type="uint64"/>
+ <reg name="v5ls2" bitsize="64" type="uint64"/>
+ <reg name="v6ls2" bitsize="64" type="uint64"/>
+ <reg name="v7ls2" bitsize="64" type="uint64"/>
+ <reg name="v8ls2" bitsize="64" type="uint64"/>
+ <reg name="v9ls2" bitsize="64" type="uint64"/>
+ <reg name="v10ls2" bitsize="64" type="uint64"/>
+ <reg name="v11ls2" bitsize="64" type="uint64"/>
+ <reg name="v12ls2" bitsize="64" type="uint64"/>
+ <reg name="v13ls2" bitsize="64" type="uint64"/>
+ <reg name="v14ls2" bitsize="64" type="uint64"/>
+ <reg name="v15ls2" bitsize="64" type="uint64"/>
+
+ <reg name="v16s2" bitsize="128" type="uint128"/>
+ <reg name="v17s2" bitsize="128" type="uint128"/>
+ <reg name="v18s2" bitsize="128" type="uint128"/>
+ <reg name="v19s2" bitsize="128" type="uint128"/>
+ <reg name="v20s2" bitsize="128" type="uint128"/>
+ <reg name="v21s2" bitsize="128" type="uint128"/>
+ <reg name="v22s2" bitsize="128" type="uint128"/>
+ <reg name="v23s2" bitsize="128" type="uint128"/>
+ <reg name="v24s2" bitsize="128" type="uint128"/>
+ <reg name="v25s2" bitsize="128" type="uint128"/>
+ <reg name="v26s2" bitsize="128" type="uint128"/>
+ <reg name="v27s2" bitsize="128" type="uint128"/>
+ <reg name="v28s2" bitsize="128" type="uint128"/>
+ <reg name="v29s2" bitsize="128" type="uint128"/>
+ <reg name="v30s2" bitsize="128" type="uint128"/>
+ <reg name="v31s2" bitsize="128" type="uint128"/>
+</feature>
Index: valgrind-3.14.0/coregrind/m_gdbserver/s390-vx.xml
===================================================================
--- /dev/null
+++ valgrind-3.14.0/coregrind/m_gdbserver/s390-vx.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0"?>
+<!-- Copyright (C) 2015-2018 Free Software Foundation, Inc.
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. -->
+
+<!DOCTYPE feature SYSTEM "gdb-target.dtd">
+<feature name="org.gnu.gdb.s390.vx">
+ <vector id="v4f" type="ieee_single" count="4"/>
+ <vector id="v2d" type="ieee_double" count="2"/>
+ <vector id="v16i8" type="int8" count="16"/>
+ <vector id="v8i16" type="int16" count="8"/>
+ <vector id="v4i32" type="int32" count="4"/>
+ <vector id="v2i64" type="int64" count="2"/>
+ <union id="vec128">
+ <field name="v4_float" type="v4f"/>
+ <field name="v2_double" type="v2d"/>
+ <field name="v16_int8" type="v16i8"/>
+ <field name="v8_int16" type="v8i16"/>
+ <field name="v4_int32" type="v4i32"/>
+ <field name="v2_int64" type="v2i64"/>
+ <field name="uint128" type="uint128"/>
+ </union>
+
+ <reg name="v0l" bitsize="64" type="uint64"/>
+ <reg name="v1l" bitsize="64" type="uint64"/>
+ <reg name="v2l" bitsize="64" type="uint64"/>
+ <reg name="v3l" bitsize="64" type="uint64"/>
+ <reg name="v4l" bitsize="64" type="uint64"/>
+ <reg name="v5l" bitsize="64" type="uint64"/>
+ <reg name="v6l" bitsize="64" type="uint64"/>
+ <reg name="v7l" bitsize="64" type="uint64"/>
+ <reg name="v8l" bitsize="64" type="uint64"/>
+ <reg name="v9l" bitsize="64" type="uint64"/>
+ <reg name="v10l" bitsize="64" type="uint64"/>
+ <reg name="v11l" bitsize="64" type="uint64"/>
+ <reg name="v12l" bitsize="64" type="uint64"/>
+ <reg name="v13l" bitsize="64" type="uint64"/>
+ <reg name="v14l" bitsize="64" type="uint64"/>
+ <reg name="v15l" bitsize="64" type="uint64"/>
+
+ <reg name="v16" bitsize="128" type="vec128"/>
+ <reg name="v17" bitsize="128" type="vec128"/>
+ <reg name="v18" bitsize="128" type="vec128"/>
+ <reg name="v19" bitsize="128" type="vec128"/>
+ <reg name="v20" bitsize="128" type="vec128"/>
+ <reg name="v21" bitsize="128" type="vec128"/>
+ <reg name="v22" bitsize="128" type="vec128"/>
+ <reg name="v23" bitsize="128" type="vec128"/>
+ <reg name="v24" bitsize="128" type="vec128"/>
+ <reg name="v25" bitsize="128" type="vec128"/>
+ <reg name="v26" bitsize="128" type="vec128"/>
+ <reg name="v27" bitsize="128" type="vec128"/>
+ <reg name="v28" bitsize="128" type="vec128"/>
+ <reg name="v29" bitsize="128" type="vec128"/>
+ <reg name="v30" bitsize="128" type="vec128"/>
+ <reg name="v31" bitsize="128" type="vec128"/>
+</feature>
Index: valgrind-3.14.0/coregrind/m_gdbserver/s390x-vx-linux-valgrind.xml
===================================================================
--- /dev/null
+++ valgrind-3.14.0/coregrind/m_gdbserver/s390x-vx-linux-valgrind.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0"?>
+<!-- Copyright (C) 2010-2018 Free Software Foundation, Inc.
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. -->
+
+<!-- S/390 64-bit user-level code. -->
+
+<!DOCTYPE target SYSTEM "gdb-target.dtd">
+<target>
+ <architecture>s390:64-bit</architecture>
+ <xi:include href="s390x-core64.xml"/>
+ <xi:include href="s390-acr.xml"/>
+ <xi:include href="s390-fpr.xml"/>
+ <xi:include href="s390x-linux64.xml"/>
+ <xi:include href="s390-vx.xml"/>
+ <xi:include href="s390x-core64-valgrind-s1.xml"/>
+ <xi:include href="s390-acr-valgrind-s1.xml"/>
+ <xi:include href="s390-fpr-valgrind-s1.xml"/>
+ <xi:include href="s390x-linux64-valgrind-s1.xml"/>
+ <xi:include href="s390-vx-valgrind-s1.xml"/>
+ <xi:include href="s390x-core64-valgrind-s2.xml"/>
+ <xi:include href="s390-acr-valgrind-s2.xml"/>
+ <xi:include href="s390-fpr-valgrind-s2.xml"/>
+ <xi:include href="s390x-linux64-valgrind-s2.xml"/>
+ <xi:include href="s390-vx-valgrind-s2.xml"/>
+</target>
Index: valgrind-3.14.0/coregrind/m_gdbserver/s390x-vx-linux.xml
===================================================================
--- /dev/null
+++ valgrind-3.14.0/coregrind/m_gdbserver/s390x-vx-linux.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<!-- Copyright (C) 2010-2018 Free Software Foundation, Inc.
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. -->
+
+<!-- S/390 64-bit user-level code. -->
+
+<!DOCTYPE target SYSTEM "gdb-target.dtd">
+<target>
+ <architecture>s390:64-bit</architecture>
+ <xi:include href="s390x-core64.xml"/>
+ <xi:include href="s390-acr.xml"/>
+ <xi:include href="s390-fpr.xml"/>
+ <xi:include href="s390x-linux64.xml"/>
+ <xi:include href="s390-vx.xml"/>
+</target>
Index: valgrind-3.14.0/coregrind/m_gdbserver/valgrind-low-s390x.c
===================================================================
--- valgrind-3.14.0.orig/coregrind/m_gdbserver/valgrind-low-s390x.c
+++ valgrind-3.14.0/coregrind/m_gdbserver/valgrind-low-s390x.c
@@ -88,9 +88,42 @@ static struct reg regs[] = {
{ "f14", 2592, 64 },
{ "f15", 2656, 64 },
{ "orig_r2", 2720, 64 },
+ { "v0l", 2784, 64 },
+ { "v1l", 2848, 64 },
+ { "v2l", 2912, 64 },
+ { "v3l", 2976, 64 },
+ { "v4l", 3040, 64 },
+ { "v5l", 3104, 64 },
+ { "v6l", 3168, 64 },
+ { "v7l", 3232, 64 },
+ { "v8l", 3296, 64 },
+ { "v9l", 3360, 64 },
+ { "v10l", 3424, 64 },
+ { "v11l", 3488, 64 },
+ { "v12l", 3552, 64 },
+ { "v13l", 3616, 64 },
+ { "v14l", 3680, 64 },
+ { "v15l", 3744, 64 },
+ { "v16", 3808, 128 },
+ { "v17", 3936, 128 },
+ { "v18", 4064, 128 },
+ { "v19", 4192, 128 },
+ { "v20", 4320, 128 },
+ { "v21", 4448, 128 },
+ { "v22", 4576, 128 },
+ { "v23", 4704, 128 },
+ { "v24", 4832, 128 },
+ { "v25", 4960, 128 },
+ { "v26", 5088, 128 },
+ { "v27", 5216, 128 },
+ { "v28", 5344, 128 },
+ { "v29", 5472, 128 },
+ { "v30", 5600, 128 },
+ { "v31", 5728, 128 },
};
static const char *expedite_regs[] = { "r14", "r15", "pswa", 0 };
-#define num_regs (sizeof (regs) / sizeof (regs[0]))
+#define num_regs_all (sizeof (regs) / sizeof (regs[0]))
+static int num_regs;
static
CORE_ADDR get_pc (void)
@@ -165,7 +198,7 @@ void transfer_register (ThreadId tid, in
case 32: VG_(transfer) (&s390x->guest_a14, buf, dir, size, mod); break;
case 33: VG_(transfer) (&s390x->guest_a15, buf, dir, size, mod); break;
case 34: VG_(transfer) (&s390x->guest_fpc, buf, dir, size, mod); break;
- case 35: VG_(transfer) (&s390x->guest_v0, buf, dir, size, mod); break;
+ case 35: VG_(transfer) (&s390x->guest_v0.w64[0], buf, dir, size, mod); break;
case 36: VG_(transfer) (&s390x->guest_v1.w64[0], buf, dir, size, mod); break;
case 37: VG_(transfer) (&s390x->guest_v2.w64[0], buf, dir, size, mod); break;
case 38: VG_(transfer) (&s390x->guest_v3.w64[0], buf, dir, size, mod); break;
@@ -182,18 +215,65 @@ void transfer_register (ThreadId tid, in
case 49: VG_(transfer) (&s390x->guest_v14.w64[0], buf, dir, size, mod); break;
case 50: VG_(transfer) (&s390x->guest_v15.w64[0], buf, dir, size, mod); break;
case 51: *mod = False; break; //GDBTD??? { "orig_r2", 0, 64 },
+ case 52: VG_(transfer) (&s390x->guest_v0.w64[1], buf, dir, size, mod); break;
+ case 53: VG_(transfer) (&s390x->guest_v1.w64[1], buf, dir, size, mod); break;
+ case 54: VG_(transfer) (&s390x->guest_v2.w64[1], buf, dir, size, mod); break;
+ case 55: VG_(transfer) (&s390x->guest_v3.w64[1], buf, dir, size, mod); break;
+ case 56: VG_(transfer) (&s390x->guest_v4.w64[1], buf, dir, size, mod); break;
+ case 57: VG_(transfer) (&s390x->guest_v5.w64[1], buf, dir, size, mod); break;
+ case 58: VG_(transfer) (&s390x->guest_v6.w64[1], buf, dir, size, mod); break;
+ case 59: VG_(transfer) (&s390x->guest_v7.w64[1], buf, dir, size, mod); break;
+ case 60: VG_(transfer) (&s390x->guest_v8.w64[1], buf, dir, size, mod); break;
+ case 61: VG_(transfer) (&s390x->guest_v9.w64[1], buf, dir, size, mod); break;
+ case 62: VG_(transfer) (&s390x->guest_v10.w64[1], buf, dir, size, mod); break;
+ case 63: VG_(transfer) (&s390x->guest_v11.w64[1], buf, dir, size, mod); break;
+ case 64: VG_(transfer) (&s390x->guest_v12.w64[1], buf, dir, size, mod); break;
+ case 65: VG_(transfer) (&s390x->guest_v13.w64[1], buf, dir, size, mod); break;
+ case 66: VG_(transfer) (&s390x->guest_v14.w64[1], buf, dir, size, mod); break;
+ case 67: VG_(transfer) (&s390x->guest_v15.w64[1], buf, dir, size, mod); break;
+ case 68: VG_(transfer) (&s390x->guest_v16, buf, dir, size, mod); break;
+ case 69: VG_(transfer) (&s390x->guest_v17, buf, dir, size, mod); break;
+ case 70: VG_(transfer) (&s390x->guest_v18, buf, dir, size, mod); break;
+ case 71: VG_(transfer) (&s390x->guest_v19, buf, dir, size, mod); break;
+ case 72: VG_(transfer) (&s390x->guest_v20, buf, dir, size, mod); break;
+ case 73: VG_(transfer) (&s390x->guest_v21, buf, dir, size, mod); break;
+ case 74: VG_(transfer) (&s390x->guest_v22, buf, dir, size, mod); break;
+ case 75: VG_(transfer) (&s390x->guest_v23, buf, dir, size, mod); break;
+ case 76: VG_(transfer) (&s390x->guest_v24, buf, dir, size, mod); break;
+ case 77: VG_(transfer) (&s390x->guest_v25, buf, dir, size, mod); break;
+ case 78: VG_(transfer) (&s390x->guest_v26, buf, dir, size, mod); break;
+ case 79: VG_(transfer) (&s390x->guest_v27, buf, dir, size, mod); break;
+ case 80: VG_(transfer) (&s390x->guest_v28, buf, dir, size, mod); break;
+ case 81: VG_(transfer) (&s390x->guest_v29, buf, dir, size, mod); break;
+ case 82: VG_(transfer) (&s390x->guest_v30, buf, dir, size, mod); break;
+ case 83: VG_(transfer) (&s390x->guest_v31, buf, dir, size, mod); break;
default: vg_assert(0);
}
}
static
+Bool have_vx (void)
+{
+ VexArch va;
+ VexArchInfo vai;
+ VG_(machine_get_VexArchInfo) (&va, &vai);
+ return (vai.hwcaps & VEX_HWCAPS_S390X_VX) != 0;
+}
+
+static
const char* target_xml (Bool shadow_mode)
{
if (shadow_mode) {
- return "s390x-generic-valgrind.xml";
+ if (have_vx())
+ return "s390x-vx-linux-valgrind.xml";
+ else
+ return "s390x-generic-valgrind.xml";
} else {
- return "s390x-generic.xml";
- }
+ if (have_vx())
+ return "s390x-vx-linux.xml";
+ else
+ return "s390x-generic.xml";
+ }
}
static CORE_ADDR** target_get_dtv (ThreadState *tst)
@@ -206,7 +286,7 @@ static CORE_ADDR** target_get_dtv (Threa
}
static struct valgrind_target_ops low_target = {
- num_regs,
+ -1, // Override at init time.
regs,
17, //sp = r15, which is register offset 17 in regs
transfer_register,
@@ -220,6 +300,11 @@ static struct valgrind_target_ops low_ta
void s390x_init_architecture (struct valgrind_target_ops *target)
{
*target = low_target;
+ if (have_vx())
+ num_regs = num_regs_all;
+ else
+ num_regs = num_regs_all - 32; // Remove all VX registers.
+ target->num_regs = num_regs;
set_register_cache (regs, num_regs);
gdbserver_expedite_regs = expedite_regs;
}
++++++ 0001-Bug-400490-s390x-Fix-register-allocation-for-VRs-vs-.patch ++++++
>From 71002d8a5111d02ce8049c55017a8d948c820e35 Mon Sep 17 00:00:00 2001
From: Andreas Arnez <arnez(a)linux.ibm.com>
Date: Thu, 25 Oct 2018 13:47:12 +0200
Subject: [PATCH] Bug 400490 s390x: Fix register allocation for VRs vs FPRs
On s390x, if vector registers are available, they are fed to the register
allocator as if they were separate from the floating-point registers. But
in fact the FPRs are embedded in the VRs. So for instance, if both f3 and
v3 are allocated and used at the same time, corruption will result.
This is fixed by offering only the non-overlapping VRs, v16 to v31, to the
register allocator instead.
---
NEWS | 1 +
VEX/priv/host_s390_defs.c | 17 +++++++----------
2 files changed, 8 insertions(+), 10 deletions(-)
Index: valgrind-3.14.0/VEX/priv/host_s390_defs.c
===================================================================
--- valgrind-3.14.0.orig/VEX/priv/host_s390_defs.c
+++ valgrind-3.14.0/VEX/priv/host_s390_defs.c
@@ -59,7 +59,6 @@ static UInt s390_tchain_load64_len(void)
/* A mapping from register number to register index */
static Int gpr_index[16]; // GPR regno -> register index
-static Int fpr_index[16]; // FPR regno -> register index
static Int vr_index[32]; // VR regno -> register index
HReg
@@ -73,7 +72,7 @@ s390_hreg_gpr(UInt regno)
HReg
s390_hreg_fpr(UInt regno)
{
- Int ix = fpr_index[regno];
+ Int ix = vr_index[regno];
vassert(ix >= 0);
return mkHReg(/*virtual*/False, HRcFlt64, regno, ix);
}
@@ -463,11 +462,9 @@ getRRegUniverse_S390(void)
RRegUniverse__init(ru);
- /* Assign invalid values to the gpr/fpr/vr_index */
+ /* Assign invalid values to the gpr/vr_index */
for (UInt i = 0; i < sizeof gpr_index / sizeof gpr_index[0]; ++i)
gpr_index[i] = -1;
- for (UInt i = 0; i < sizeof fpr_index / sizeof fpr_index[0]; ++i)
- fpr_index[i] = -1;
for (UInt i = 0; i < sizeof vr_index / sizeof vr_index[0]; ++i)
vr_index[i] = -1;
@@ -494,17 +491,17 @@ getRRegUniverse_S390(void)
ru->allocable_start[HRcFlt64] = ru->size;
for (UInt regno = 8; regno <= 15; ++regno) {
- fpr_index[regno] = ru->size;
+ vr_index[regno] = ru->size;
ru->regs[ru->size++] = s390_hreg_fpr(regno);
}
for (UInt regno = 0; regno <= 7; ++regno) {
- fpr_index[regno] = ru->size;
+ vr_index[regno] = ru->size;
ru->regs[ru->size++] = s390_hreg_fpr(regno);
}
ru->allocable_end[HRcFlt64] = ru->size - 1;
ru->allocable_start[HRcVec128] = ru->size;
- for (UInt regno = 0; regno <= 31; ++regno) {
+ for (UInt regno = 16; regno <= 31; ++regno) {
vr_index[regno] = ru->size;
ru->regs[ru->size++] = s390_hreg_vr(regno);
}
@@ -527,12 +524,12 @@ getRRegUniverse_S390(void)
/* Sanity checking */
for (UInt i = 0; i < sizeof gpr_index / sizeof gpr_index[0]; ++i)
vassert(gpr_index[i] >= 0);
- for (UInt i = 0; i < sizeof fpr_index / sizeof fpr_index[0]; ++i)
- vassert(fpr_index[i] >= 0);
for (UInt i = 0; i < sizeof vr_index / sizeof vr_index[0]; ++i)
vassert(vr_index[i] >= 0);
initialised = True;
+
+ RRegUniverse__check_is_sane(ru);
return ru;
}
++++++ 0001-Bug-400491-s390x-Sign-extend-immediate-operand-of-LO.patch ++++++
>From 9545e9f96beda6e9f2205bdb3c3e96edaf8d9e2b Mon Sep 17 00:00:00 2001
From: Andreas Arnez <arnez(a)linux.ibm.com>
Date: Tue, 30 Oct 2018 17:06:38 +0100
Subject: [PATCH] Bug 400491 s390x: Sign-extend immediate operand of LOCHI and
friends
The VEX implementation of each of the z/Architecture instructions LOCHI,
LOCHHI, and LOCGHI treats the immediate 16-bit operand as an unsigned
integer instead of a signed integer. This is fixed.
---
NEWS | 1 +
VEX/priv/guest_s390_toIR.c | 6 +++---
2 files changed, 4 insertions(+), 3 deletions(-)
Index: valgrind-3.14.0/VEX/priv/guest_s390_toIR.c
===================================================================
--- valgrind-3.14.0.orig/VEX/priv/guest_s390_toIR.c
+++ valgrind-3.14.0/VEX/priv/guest_s390_toIR.c
@@ -16307,7 +16307,7 @@ static const HChar *
s390_irgen_LOCHHI(UChar r1, UChar m3, UShort i2, UChar unused)
{
next_insn_if(binop(Iop_CmpEQ32, s390_call_calculate_cond(m3), mkU32(0)));
- put_gpr_w0(r1, mkU32(i2));
+ put_gpr_w0(r1, mkU32((UInt)(Int)(Short)i2));
return "lochhi";
}
@@ -16316,7 +16316,7 @@ static const HChar *
s390_irgen_LOCHI(UChar r1, UChar m3, UShort i2, UChar unused)
{
next_insn_if(binop(Iop_CmpEQ32, s390_call_calculate_cond(m3), mkU32(0)));
- put_gpr_w1(r1, mkU32(i2));
+ put_gpr_w1(r1, mkU32((UInt)(Int)(Short)i2));
return "lochi";
}
@@ -16325,7 +16325,7 @@ static const HChar *
s390_irgen_LOCGHI(UChar r1, UChar m3, UShort i2, UChar unused)
{
next_insn_if(binop(Iop_CmpEQ32, s390_call_calculate_cond(m3), mkU32(0)));
- put_gpr_dw0(r1, mkU64(i2));
+ put_gpr_dw0(r1, mkU64((UInt)(Int)(Short)i2));
return "locghi";
}
++++++ 0001-s390x-more-fixes.patch ++++++
>From d10cd86ee32bf76495f79c02df62fc242adbcbe3 Mon Sep 17 00:00:00 2001
From: Andreas Arnez <arnez(a)linux.vnet.ibm.com>
Date: Thu, 26 Jul 2018 16:35:24 +0200
Subject: [PATCH] s390x: More fixes for z13 support
This patch addresses the following:
* Fix the implementation of LOCGHI. Previously Valgrind performed 32-bit
sign extension instead of 64-bit sign extension on the immediate value.
* Advertise VXRS in HWCAP. If no VXRS are advertised, but the program
uses vector registers, this could cause problems with a glibc built with
"-march=z13".
---
VEX/priv/guest_s390_toIR.c | 2 +-
coregrind/m_initimg/initimg-linux.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/VEX/priv/guest_s390_toIR.c b/VEX/priv/guest_s390_toIR.c
index 9c4d79b87..50a5a4177 100644
--- a/VEX/priv/guest_s390_toIR.c
+++ b/VEX/priv/guest_s390_toIR.c
@@ -16325,7 +16325,7 @@ static const HChar *
s390_irgen_LOCGHI(UChar r1, UChar m3, UShort i2, UChar unused)
{
next_insn_if(binop(Iop_CmpEQ32, s390_call_calculate_cond(m3), mkU32(0)));
- put_gpr_dw0(r1, mkU64((UInt)(Int)(Short)i2));
+ put_gpr_dw0(r1, mkU64((ULong)(Long)(Short)i2));
return "locghi";
}
diff --git a/coregrind/m_initimg/initimg-linux.c b/coregrind/m_initimg/initimg-linux.c
index 61cc458bc..8a7f0d024 100644
--- a/coregrind/m_initimg/initimg-linux.c
+++ b/coregrind/m_initimg/initimg-linux.c
@@ -699,9 +699,9 @@ Addr setup_client_stack( void* init_sp,
}
# elif defined(VGP_s390x_linux)
{
- /* Advertise hardware features "below" TE only. TE and VXRS
- (and anything above) are not supported by Valgrind. */
- auxv->u.a_val &= VKI_HWCAP_S390_TE - 1;
+ /* Advertise hardware features "below" TE and VXRS. TE itself
+ and anything above VXRS is not supported by Valgrind. */
+ auxv->u.a_val &= (VKI_HWCAP_S390_TE - 1) | VKI_HWCAP_S390_VXRS;
}
# elif defined(VGP_arm64_linux)
{
--
2.17.0
++++++ Implement-emulated-system-registers.-Fixes-392146.patch ++++++
--- /var/tmp/diff_new_pack.Ms6TLR/_old 2018-11-28 11:12:43.466955489 +0100
+++ /var/tmp/diff_new_pack.Ms6TLR/_new 2018-11-28 11:12:43.470955483 +0100
@@ -10,11 +10,11 @@
VEX/priv/guest_arm64_toIR.c | 222 +++++++++++++++++++++++++++++++++
3 files changed, 331 insertions(+)
-diff --git a/VEX/priv/guest_arm64_defs.h b/VEX/priv/guest_arm64_defs.h
-index b28f326c2..ae01e6f3b 100644
---- a/VEX/priv/guest_arm64_defs.h
-+++ b/VEX/priv/guest_arm64_defs.h
-@@ -126,6 +126,15 @@ extern ULong arm64g_dirtyhelper_MRS_CNTVCT_EL0 ( void );
+Index: valgrind-3.14.0/VEX/priv/guest_arm64_defs.h
+===================================================================
+--- valgrind-3.14.0.orig/VEX/priv/guest_arm64_defs.h
++++ valgrind-3.14.0/VEX/priv/guest_arm64_defs.h
+@@ -126,6 +126,15 @@ extern ULong arm64g_dirtyhelper_MRS_CNTV
extern ULong arm64g_dirtyhelper_MRS_CNTFRQ_EL0 ( void );
@@ -30,11 +30,11 @@
extern void arm64g_dirtyhelper_PMULLQ ( /*OUT*/V128* res,
ULong arg1, ULong arg2 );
-diff --git a/VEX/priv/guest_arm64_helpers.c b/VEX/priv/guest_arm64_helpers.c
-index 10065d547..c579c9e1b 100644
---- a/VEX/priv/guest_arm64_helpers.c
-+++ b/VEX/priv/guest_arm64_helpers.c
-@@ -788,6 +788,106 @@ ULong arm64g_dirtyhelper_MRS_CNTFRQ_EL0 ( void )
+Index: valgrind-3.14.0/VEX/priv/guest_arm64_helpers.c
+===================================================================
+--- valgrind-3.14.0.orig/VEX/priv/guest_arm64_helpers.c
++++ valgrind-3.14.0/VEX/priv/guest_arm64_helpers.c
+@@ -788,6 +788,106 @@ ULong arm64g_dirtyhelper_MRS_CNTFRQ_EL0
# endif
}
@@ -141,11 +141,11 @@
void arm64g_dirtyhelper_PMULLQ ( /*OUT*/V128* res, ULong arg1, ULong arg2 )
{
-diff --git a/VEX/priv/guest_arm64_toIR.c b/VEX/priv/guest_arm64_toIR.c
-index e5af388e1..ed6c1ffa5 100644
---- a/VEX/priv/guest_arm64_toIR.c
-+++ b/VEX/priv/guest_arm64_toIR.c
-@@ -6872,6 +6872,228 @@ Bool dis_ARM64_branch_etc(/*MB_OUT*/DisResult* dres, UInt insn,
+Index: valgrind-3.14.0/VEX/priv/guest_arm64_toIR.c
+===================================================================
+--- valgrind-3.14.0.orig/VEX/priv/guest_arm64_toIR.c
++++ valgrind-3.14.0/VEX/priv/guest_arm64_toIR.c
+@@ -6891,6 +6891,228 @@ Bool dis_ARM64_branch_etc(/*MB_OUT*/DisR
}
/* ------------------ M{SR,RS} ------------------ */
@@ -374,6 +374,3 @@
/* ---- Cases for TPIDR_EL0 ----
0xD51BD0 010 Rt MSR tpidr_el0, rT
0xD53BD0 010 Rt MRS rT, tpidr_el0
---
-2.17.0
-
++++++ armv6-support.diff ++++++
--- /var/tmp/diff_new_pack.Ms6TLR/_old 2018-11-28 11:12:43.478955472 +0100
+++ /var/tmp/diff_new_pack.Ms6TLR/_new 2018-11-28 11:12:43.478955472 +0100
@@ -2,7 +2,7 @@
===================================================================
--- configure.ac.orig
+++ configure.ac
-@@ -234,7 +234,7 @@ case "${host_cpu}" in
+@@ -252,7 +252,7 @@ case "${host_cpu}" in
ARCH_MAX="s390x"
;;
++++++ valgrind-3.13.0.tar.bz2 -> valgrind-3.14.0.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/valgrind/valgrind-3.13.0.tar.bz2 /work/SRC/openSUSE:Factory/.valgrind.new.19453/valgrind-3.14.0.tar.bz2 differ: char 11, line 1
++++++ valgrind.xen.patch ++++++
++++ 2647 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/valgrind/valgrind.xen.patch
++++ and /work/SRC/openSUSE:Factory/.valgrind.new.19453/valgrind.xen.patch
1
0
Hello community,
here is the log from the commit of package openssh for openSUSE:Factory checked in at 2018-11-28 11:11:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssh (Old)
and /work/SRC/openSUSE:Factory/.openssh.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh"
Wed Nov 28 11:11:24 2018 rev:123 rq:652023 version:7.9p1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssh/openssh-askpass-gnome.changes 2018-10-23 20:34:05.768995508 +0200
+++ /work/SRC/openSUSE:Factory/.openssh.new.19453/openssh-askpass-gnome.changes 2018-11-28 11:12:35.650966466 +0100
@@ -1,0 +2,7 @@
+Mon Oct 22 08:59:02 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com>
+
+- Version update to 7.9p1
+ * No actual changes for the askpass
+ * See main package changelog for details
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2018-10-23 20:34:06.312994858 +0200
+++ /work/SRC/openSUSE:Factory/.openssh.new.19453/openssh.changes 2018-11-28 11:12:35.750966326 +0100
@@ -1,0 +2,86 @@
+Mon Nov 26 11:07:42 UTC 2018 - Vítězslav Čížek <vcizek(a)suse.com>
+
+- Fix build with openssl < 1.1.0
+ * add openssh-openssl-1_0_0-compatibility.patch
+
+-------------------------------------------------------------------
+Wed Oct 31 00:27:41 UTC 2018 - Cristian Rodríguez <crrodriguez(a)opensuse.org>
+
+- openssh-7.7p1-audit.patch: fix sshd fatal error in
+ mm_answer_keyverify: buffer error: incomplete message [bnc#1114008]
+
+-------------------------------------------------------------------
+Mon Oct 22 08:51:30 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com>
+
+- Version update to 7.9p1
+ * ssh(1), sshd(8): the setting of the new CASignatureAlgorithms
+ option (see below) bans the use of DSA keys as certificate
+ authorities.
+ * sshd(8): the authentication success/failure log message has
+ changed format slightly. It now includes the certificate
+ fingerprint (previously it included only key ID and CA key
+ fingerprint).
+ * ssh(1), sshd(8): allow most port numbers to be specified using
+ service names from getservbyname(3) (typically /etc/services).
+ * sshd(8): support signalling sessions via the SSH protocol.
+ A limited subset of signals is supported and only for login or
+ command sessions (i.e. not subsystems) that were not subject to
+ a forced command via authorized_keys or sshd_config. bz#1424
+ * ssh(1): support "ssh -Q sig" to list supported signature options.
+ Also "ssh -Q help" to show the full set of supported queries.
+ * ssh(1), sshd(8): add a CASignatureAlgorithms option for the
+ client and server configs to allow control over which signature
+ formats are allowed for CAs to sign certificates. For example,
+ this allows banning CAs that sign certificates using the RSA-SHA1
+ signature algorithm.
+ * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to
+ revoke keys specified by SHA256 hash.
+ * ssh-keygen(1): allow creation of key revocation lists directly
+ from base64-encoded SHA256 fingerprints. This supports revoking
+ keys using only the information contained in sshd(8)
+ authentication log messages.
+
+- Removed obsolete configuration option --with-tcp-wrappers, and
+ --with-opensc for s390 and s390x.
+
+- Removed patch merged upstream
+ * openssh-7.7p1-openssl_1.1.0.patch
+
+- Refreshed patches
+ * openssh-7.7p1-audit.patch
+ * openssh-7.7p1-disable_short_DH_parameters.patch
+ * openssh-7.7p1-fips.patch
+ * openssh-7.7p1-gssapi_key_exchange.patch
+ * openssh-7.7p1-seccomp_ipc_flock.patch
+ * openssh-7.7p1-cavstest-ctr.patch
+ * openssh-7.7p1-ldap.patch
+
+-------------------------------------------------------------------
+Fri Oct 19 13:22:10 UTC 2018 - Tomáš Chvátal <tchvatal(a)suse.com>
+
+- Mention upstream bugs on multiple local patches
+- Adjust service to not spam restart and reload only on fails
+
+-------------------------------------------------------------------
+Fri Oct 19 13:11:34 UTC 2018 - Tomáš Chvátal <tchvatal(a)suse.com>
+
+- Update openssh-7.7p1-sftp_force_permissions.patch from the
+ upstream bug, and mention the bug in the spec
+
+-------------------------------------------------------------------
+Fri Oct 19 08:36:52 UTC 2018 - Tomáš Chvátal <tchvatal(a)suse.com>
+
+- Drop patch openssh-7.7p1-allow_root_password_login.patch
+ * There is no reason to set less secure default value, if
+ users need the behaviour they can still set it up themselves
+- Drop patch openssh-7.7p1-blocksigalrm.patch
+ * We had a bug way in past about this but it was never reproduced
+ or even confirmed in the ticket, thus rather drop the patch
+
+-------------------------------------------------------------------
+Wed Oct 17 09:22:36 UTC 2018 - Tomáš Chvátal <tchvatal(a)suse.com>
+
+- Disable ssh1 protocol support as neither RH or Debian enable
+ this protocol by default anymore either.
+
+-------------------------------------------------------------------
Old:
----
openssh-7.7p1-allow_root_password_login.patch
openssh-7.7p1-blocksigalrm.patch
openssh-7.7p1-openssl_1.1.0.patch
openssh-7.8p1.tar.gz
openssh-7.8p1.tar.gz.asc
New:
----
openssh-7.9p1.tar.gz
openssh-7.9p1.tar.gz.asc
openssh-openssl-1_0_0-compatibility.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssh-askpass-gnome.spec ++++++
--- /var/tmp/diff_new_pack.tFM0X3/_old 2018-11-28 11:12:36.462965326 +0100
+++ /var/tmp/diff_new_pack.tFM0X3/_new 2018-11-28 11:12:36.462965326 +0100
@@ -18,7 +18,7 @@
%define _name openssh
Name: openssh-askpass-gnome
-Version: 7.8p1
+Version: 7.9p1
Release: 0
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
License: BSD-2-Clause
++++++ openssh.spec ++++++
--- /var/tmp/diff_new_pack.tFM0X3/_old 2018-11-28 11:12:36.478965304 +0100
+++ /var/tmp/diff_new_pack.tFM0X3/_new 2018-11-28 11:12:36.478965304 +0100
@@ -27,8 +27,7 @@
%bcond_without susefirewall
%bcond_with tirpc
%endif
-%define _fwdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d
-%define _fwdefdir %{_fwdir}/services
+%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define _appdefdir %( grep "configdirspec=" $( which xmkmf ) | sed -r 's,^[^=]+=.*-I(.*)/config.*$,\\1/app-defaults,' )
%define CHECKSUM_SUFFIX .hmac
%define CHECKSUM_HMAC_KEY "HMAC_KEY:OpenSSH-FIPS@SLE"
@@ -37,7 +36,7 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: openssh
-Version: 7.8p1
+Version: 7.9p1
Release: 0
Summary: Secure Shell Client and Server (Remote Login Program)
License: BSD-2-Clause AND MIT
@@ -56,37 +55,49 @@
Source10: sshd.service
Source11: README.FIPS
Source12: cavs_driver-ssh.pl
-Patch0: openssh-7.7p1-allow_root_password_login.patch
Patch1: openssh-7.7p1-X11_trusted_forwarding.patch
Patch3: openssh-7.7p1-enable_PAM_by_default.patch
Patch4: openssh-7.7p1-eal3.patch
-Patch5: openssh-7.7p1-blocksigalrm.patch
Patch6: openssh-7.7p1-send_locale.patch
Patch7: openssh-7.7p1-hostname_changes_when_forwarding_X.patch
Patch8: openssh-7.7p1-remove_xauth_cookies_on_exit.patch
Patch9: openssh-7.7p1-pts_names_formatting.patch
Patch10: openssh-7.7p1-pam_check_locks.patch
Patch11: openssh-7.7p1-disable_short_DH_parameters.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Patch14: openssh-7.7p1-seccomp_stat.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Patch15: openssh-7.7p1-seccomp_ipc_flock.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Patch16: openssh-7.7p1-seccomp_ioctl_s390_EP11.patch
+# Local FIPS patchset
Patch17: openssh-7.7p1-fips.patch
+# Local cavs patchset
Patch18: openssh-7.7p1-cavstest-ctr.patch
+# Local cavs patchset
Patch19: openssh-7.7p1-cavstest-kdf.patch
+# Local FIPS patchset
Patch20: openssh-7.7p1-fips_checks.patch
Patch21: openssh-7.7p1-seed-prng.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2641
Patch22: openssh-7.7p1-systemd-notify.patch
Patch23: openssh-7.7p1-gssapi_key_exchange.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Patch24: openssh-7.7p1-audit.patch
-Patch25: openssh-7.7p1-openssl_1.1.0.patch
+# Local patch to disable runtime abi SSL checks, quite pointless for us
Patch26: openssh-7.7p1-disable_openssl_abi_check.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2641
Patch27: openssh-7.7p1-no_fork-no_pid_file.patch
Patch28: openssh-7.7p1-host_ident.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=1844
Patch29: openssh-7.7p1-sftp_force_permissions.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2143
Patch30: openssh-7.7p1-X_forward_with_disabled_ipv6.patch
Patch31: openssh-7.7p1-ldap.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2213
Patch32: openssh-7.7p1-IPv6_X_forwarding.patch
Patch33: openssh-7.7p1-sftp_print_diagnostic_messages.patch
+Patch34: openssh-openssl-1_0_0-compatibility.patch
BuildRequires: audit-devel
BuildRequires: autoconf
BuildRequires: groff
@@ -176,7 +187,6 @@
%configure \
--sysconfdir=%{_sysconfdir}/ssh \
--libexecdir=%{_libexecdir}/ssh \
- --with-tcp-wrappers \
--with-selinux \
--with-pid-dir=/run \
--with-systemd \
@@ -189,18 +199,13 @@
%else
--with-sandbox=rlimit \
%endif
-%ifnarch s390 s390x
- --with-opensc \
-%endif
--disable-strip \
--with-audit=linux \
--with-ldap \
--with-xauth=%{_bindir}/xauth \
--with-libedit \
- --with-ssh1 \
- --target=%{_target_cpu}-suse-linux \
+ --target=%{_target_cpu}-suse-linux
-### configure end
make %{?_smp_mflags}
%install
++++++ README.SUSE ++++++
--- /var/tmp/diff_new_pack.tFM0X3/_old 2018-11-28 11:12:36.518965247 +0100
+++ /var/tmp/diff_new_pack.tFM0X3/_new 2018-11-28 11:12:36.518965247 +0100
@@ -5,16 +5,6 @@
* PAM authentication is enabled and mostly even required, do not turn it off.
-* root authentiation with password is enabled by default (PermitRootLogin yes).
- NOTE: this has security implications and is only done in order to not change
- behaviour of the server in an update. We strongly suggest setting this option
- either "prohibit-password" or even better to "no" (which disables direct
- remote root login entirely).
-
-* SSH protocol version 1 is enabled for maximum compatibility.
- NOTE: do not use protocol version 1. It is less secure then v2 and should
- generally be phased out.
-
* DSA authentication is enabled by default for maximum compatibility.
NOTE: do not use DSA authentication since it is being phased out for a reason
- the size of DSA keys is limited by the standard to 1024 bits which cannot
++++++ openssh-7.7p1-audit.patch ++++++
++++ 860 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/openssh/openssh-7.7p1-audit.patch
++++ and /work/SRC/openSUSE:Factory/.openssh.new.19453/openssh-7.7p1-audit.patch
++++++ openssh-7.7p1-cavstest-ctr.patch ++++++
--- /var/tmp/diff_new_pack.tFM0X3/_old 2018-11-28 11:12:36.554965197 +0100
+++ /var/tmp/diff_new_pack.tFM0X3/_new 2018-11-28 11:12:36.554965197 +0100
@@ -2,15 +2,11 @@
# Parent cc1022edba2c5eeb0facba08468f65afc2466b63
CAVS test for OpenSSH's own CTR encryption mode implementation
-diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in
---- openssh-7.7p1/Makefile.in
-+++ openssh-7.7p1/Makefile.in
-@@ -19,16 +19,17 @@ top_srcdir=@top_srcdir@
-
- DESTDIR=
- VPATH=@srcdir@
- SSH_PROGRAM=@bindir@/ssh
- ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
+Index: openssh-7.9p1/Makefile.in
+===================================================================
+--- openssh-7.9p1.orig/Makefile.in
++++ openssh-7.9p1/Makefile.in
+@@ -24,6 +24,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
@@ -18,17 +14,7 @@
PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
STRIP_OPT=@STRIP_OPT@
- TEST_SHELL=@TEST_SHELL@
-
- PATHS= -DSSHDIR=\"$(sysconfdir)\" \
- -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
- -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
-@@ -57,16 +58,18 @@ ENT=@ENT@
- XAUTH_PATH=@XAUTH_PATH@
- LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
- EXEEXT=@EXEEXT@
- MANFMT=@MANFMT@
- MKDIR_P=@MKDIR_P@
+@@ -62,6 +63,8 @@ MKDIR_P=@MKDIR_P@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
@@ -37,17 +23,7 @@
XMSS_OBJS=\
ssh-xmss.o \
sshkey-xmss.o \
- xmss_commons.o \
- xmss_fast.o \
- xmss_hash.o \
- xmss_hash_address.o \
- xmss_wots.o
-@@ -199,16 +202,20 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libss
- $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
-
- sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
- $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-
+@@ -204,6 +207,10 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libss
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
@@ -58,17 +34,7 @@
# test driver for the loginrec code - not built by default
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
-
- $(MANPAGES): $(MANPAGES_IN)
- if test "$(MANTYPE)" = "cat"; then \
- manpage=$(srcdir)/`echo $@ | sed 's/\.[1-9]\.out$$/\.0/'`; \
- else \
-@@ -339,16 +346,17 @@ install-files:
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent$(EXEEXT) $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
- $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
+@@ -348,6 +355,7 @@ install-files:
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
@@ -76,15 +42,10 @@
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
- $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
- $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
- $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
- $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
- $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
-diff --git a/openssh-7.7p1/cavstest-ctr.c b/openssh-7.7p1/cavstest-ctr.c
-new file mode 100644
+Index: openssh-7.9p1/cavstest-ctr.c
+===================================================================
--- /dev/null
-+++ openssh-7.7p1/cavstest-ctr.c
++++ openssh-7.9p1/cavstest-ctr.c
@@ -0,0 +1,214 @@
+/*
+ *
@@ -238,7 +199,7 @@
+ usage();
+ }
+
-+ SSLeay_add_all_algorithms();
++ OpenSSL_add_all_algorithms();
+
+ c = cipher_by_name(algo);
+ if (c == NULL) {
@@ -300,15 +261,11 @@
+ printf("\n");
+ return 0;
+}
-diff --git a/openssh-7.7p1/cipher.c b/openssh-7.7p1/cipher.c
---- openssh-7.7p1/cipher.c
-+++ openssh-7.7p1/cipher.c
-@@ -49,25 +49,16 @@
- #include "ssherr.h"
- #include "digest.h"
-
- #include "openbsd-compat/openssl-compat.h"
-
+Index: openssh-7.9p1/cipher.c
+===================================================================
+--- openssh-7.9p1.orig/cipher.c
++++ openssh-7.9p1/cipher.c
+@@ -54,15 +54,6 @@
#include "fips.h"
#include "log.h"
@@ -324,20 +281,11 @@
struct sshcipher {
char *name;
u_int block_size;
- u_int key_len;
- u_int iv_len; /* defaults to block_size */
- u_int auth_len;
- u_int flags;
- #define CFLAG_CBC (1<<0)
-diff --git a/openssh-7.7p1/cipher.h b/openssh-7.7p1/cipher.h
---- openssh-7.7p1/cipher.h
-+++ openssh-7.7p1/cipher.h
-@@ -41,17 +41,25 @@
- #include <openssl/evp.h>
- #include "cipher-chachapoly.h"
- #include "cipher-aesctr.h"
-
- #define CIPHER_ENCRYPT 1
+Index: openssh-7.9p1/cipher.h
+===================================================================
+--- openssh-7.9p1.orig/cipher.h
++++ openssh-7.9p1/cipher.h
+@@ -46,7 +46,15 @@
#define CIPHER_DECRYPT 0
struct sshcipher;
@@ -354,8 +302,3 @@
const struct sshcipher *cipher_by_name(const char *);
const char *cipher_warning_message(const struct sshcipher_ctx *);
- int ciphers_valid(const char *);
- char *cipher_alg_list(char, int);
- int cipher_init(struct sshcipher_ctx **, const struct sshcipher *,
- const u_char *, u_int, const u_char *, u_int, int);
- int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *,
++++++ openssh-7.7p1-disable_short_DH_parameters.patch ++++++
--- /var/tmp/diff_new_pack.tFM0X3/_old 2018-11-28 11:12:36.570965174 +0100
+++ /var/tmp/diff_new_pack.tFM0X3/_new 2018-11-28 11:12:36.570965174 +0100
@@ -12,23 +12,23 @@
CVE-2015-4000 (LOGJAM)
bsc#932483
-Index: openssh-7.8p1/dh.c
+Index: openssh-7.9p1/dh.c
===================================================================
---- openssh-7.8p1.orig/dh.c
-+++ openssh-7.8p1/dh.c
-@@ -43,6 +43,8 @@
- #include "misc.h"
- #include "ssherr.h"
+--- openssh-7.9p1.orig/dh.c
++++ openssh-7.9p1/dh.c
+@@ -45,6 +45,8 @@
+
+ #include "openbsd-compat/openssl-compat.h"
+int dh_grp_min = DH_GRP_MIN;
+
static int
parse_prime(int linenum, char *line, struct dhgroup *dhg)
{
-Index: openssh-7.8p1/dh.h
+Index: openssh-7.9p1/dh.h
===================================================================
---- openssh-7.8p1.orig/dh.h
-+++ openssh-7.8p1/dh.h
+--- openssh-7.9p1.orig/dh.h
++++ openssh-7.9p1/dh.h
@@ -50,6 +50,7 @@ u_int dh_estimate(int);
* Max value from RFC4419.
* Miniumum increased in light of DH precomputation attacks.
@@ -37,11 +37,11 @@
#define DH_GRP_MIN 2048
#define DH_GRP_MAX 8192
-Index: openssh-7.8p1/kexgexc.c
+Index: openssh-7.9p1/kexgexc.c
===================================================================
---- openssh-7.8p1.orig/kexgexc.c
-+++ openssh-7.8p1/kexgexc.c
-@@ -51,6 +51,9 @@
+--- openssh-7.9p1.orig/kexgexc.c
++++ openssh-7.9p1/kexgexc.c
+@@ -53,6 +53,9 @@
#include "sshbuf.h"
#include "misc.h"
@@ -51,7 +51,7 @@
static int input_kex_dh_gex_group(int, u_int32_t, struct ssh *);
static int input_kex_dh_gex_reply(int, u_int32_t, struct ssh *);
-@@ -63,7 +66,7 @@ kexgex_client(struct ssh *ssh)
+@@ -65,7 +68,7 @@ kexgex_client(struct ssh *ssh)
nbits = dh_estimate(kex->dh_need * 8);
@@ -60,7 +60,7 @@
kex->max = DH_GRP_MAX;
kex->nbits = nbits;
if (datafellows & SSH_BUG_DHGEX_LARGE)
-@@ -108,6 +111,12 @@ input_kex_dh_gex_group(int type, u_int32
+@@ -111,6 +114,12 @@ input_kex_dh_gex_group(int type, u_int32
goto out;
if ((bits = BN_num_bits(p)) < 0 ||
(u_int)bits < kex->min || (u_int)bits > kex->max) {
@@ -73,11 +73,11 @@
r = SSH_ERR_DH_GEX_OUT_OF_RANGE;
goto out;
}
-Index: openssh-7.8p1/kexgexs.c
+Index: openssh-7.9p1/kexgexs.c
===================================================================
---- openssh-7.8p1.orig/kexgexs.c
-+++ openssh-7.8p1/kexgexs.c
-@@ -54,6 +54,9 @@
+--- openssh-7.9p1.orig/kexgexs.c
++++ openssh-7.9p1/kexgexs.c
+@@ -56,6 +56,9 @@
#include "sshbuf.h"
#include "misc.h"
@@ -87,7 +87,7 @@
static int input_kex_dh_gex_request(int, u_int32_t, struct ssh *);
static int input_kex_dh_gex_init(int, u_int32_t, struct ssh *);
-@@ -82,13 +85,19 @@ input_kex_dh_gex_request(int type, u_int
+@@ -85,13 +88,19 @@ input_kex_dh_gex_request(int type, u_int
kex->nbits = nbits;
kex->min = min;
kex->max = max;
@@ -109,10 +109,10 @@
r = SSH_ERR_DH_GEX_OUT_OF_RANGE;
goto out;
}
-Index: openssh-7.8p1/readconf.c
+Index: openssh-7.9p1/readconf.c
===================================================================
---- openssh-7.8p1.orig/readconf.c
-+++ openssh-7.8p1/readconf.c
+--- openssh-7.9p1.orig/readconf.c
++++ openssh-7.9p1/readconf.c
@@ -67,6 +67,7 @@
#include "uidswap.h"
#include "myproposal.h"
@@ -130,7 +130,7 @@
oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
-@@ -291,6 +292,7 @@ static struct {
+@@ -292,6 +293,7 @@ static struct {
{ "remotecommand", oRemoteCommand },
{ "visualhostkey", oVisualHostKey },
{ "kexalgorithms", oKexAlgorithms },
@@ -138,7 +138,7 @@
{ "ipqos", oIPQoS },
{ "requesttty", oRequestTTY },
{ "proxyusefdpass", oProxyUseFdpass },
-@@ -312,6 +314,9 @@ static struct {
+@@ -313,6 +315,9 @@ static struct {
{ NULL, oBadOption }
};
@@ -148,7 +148,7 @@
/*
* Adds a local TCP/IP port forward to options. Never returns if there is an
* error.
-@@ -1206,6 +1211,10 @@ parse_int:
+@@ -1216,6 +1221,10 @@ parse_int:
options->kex_algorithms = xstrdup(arg);
break;
@@ -159,15 +159,15 @@
case oHostKeyAlgorithms:
charptr = &options->hostkeyalgorithms;
parse_keytypes:
-@@ -1835,6 +1844,7 @@ initialize_options(Options * options)
+@@ -1860,6 +1869,7 @@ initialize_options(Options * options)
options->ciphers = NULL;
options->macs = NULL;
options->kex_algorithms = NULL;
+ options->kex_dhmin = -1;
options->hostkeyalgorithms = NULL;
+ options->ca_sign_algorithms = NULL;
options->num_identity_files = 0;
- options->num_certificate_files = 0;
-@@ -1988,6 +1998,13 @@ fill_default_options(Options * options)
+@@ -2014,6 +2024,13 @@ fill_default_options(Options * options)
options->connection_attempts = 1;
if (options->number_of_password_prompts == -1)
options->number_of_password_prompts = 3;
@@ -181,22 +181,22 @@
/* options->hostkeyalgorithms, default set in myproposals.h */
if (options->add_keys_to_agent == -1)
options->add_keys_to_agent = 0;
-Index: openssh-7.8p1/readconf.h
+Index: openssh-7.9p1/readconf.h
===================================================================
---- openssh-7.8p1.orig/readconf.h
-+++ openssh-7.8p1/readconf.h
-@@ -67,6 +67,7 @@ typedef struct {
- char *macs; /* SSH2 macs in order of preference. */
+--- openssh-7.9p1.orig/readconf.h
++++ openssh-7.9p1/readconf.h
+@@ -68,6 +68,7 @@ typedef struct {
char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */
char *kex_algorithms; /* SSH2 kex methods in order of preference. */
-+ int kex_dhmin; /* minimum bit length of the DH group parameter */
+ char *ca_sign_algorithms; /* Allowed CA signature algorithms */
++ int kex_dhmin; /* minimum bit length of the DH group parameter */
char *hostname; /* Real host to connect. */
char *host_key_alias; /* hostname alias for .ssh/known_hosts */
char *proxy_command; /* Proxy command for connecting the host. */
-Index: openssh-7.8p1/servconf.c
+Index: openssh-7.9p1/servconf.c
===================================================================
---- openssh-7.8p1.orig/servconf.c
-+++ openssh-7.8p1/servconf.c
+--- openssh-7.9p1.orig/servconf.c
++++ openssh-7.9p1/servconf.c
@@ -64,6 +64,10 @@
#include "auth.h"
#include "myproposal.h"
@@ -213,10 +213,10 @@
options->macs = NULL;
options->kex_algorithms = NULL;
+ options->kex_dhmin = -1;
+ options->ca_sign_algorithms = NULL;
options->fwd_opts.gateway_ports = -1;
options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
- options->fwd_opts.streamlocal_bind_unlink = -1;
-@@ -263,6 +268,14 @@ fill_default_server_options(ServerOption
+@@ -267,6 +272,14 @@ fill_default_server_options(ServerOption
if (options->use_pam_check_locks == -1)
options->use_pam_check_locks = 0;
@@ -231,16 +231,16 @@
/* Standard Options */
if (options->num_host_key_files == 0) {
/* fill default hostkeys for protocols */
-@@ -490,7 +503,7 @@ typedef enum {
+@@ -494,7 +507,7 @@ typedef enum {
sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
-- sKexAlgorithms, sIPQoS, sVersionAddendum,
-+ sKexAlgorithms, sKexDHMin, sIPQoS, sVersionAddendum,
+- sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
++ sKexAlgorithms, sKexDHMin, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
sStreamLocalBindMask, sStreamLocalBindUnlink,
-@@ -631,6 +644,7 @@ static struct {
+@@ -635,6 +648,7 @@ static struct {
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
@@ -248,7 +248,7 @@
{ "ipqos", sIPQoS, SSHCFG_ALL },
{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
-@@ -1726,6 +1740,10 @@ process_server_config_line(ServerOptions
+@@ -1735,6 +1749,10 @@ process_server_config_line(ServerOptions
options->kex_algorithms = xstrdup(arg);
break;
@@ -259,7 +259,7 @@
case sSubsystem:
if (options->num_subsystems >= MAX_SUBSYSTEMS) {
fatal("%s line %d: too many subsystems defined.",
-@@ -2540,6 +2558,7 @@ dump_config(ServerOptions *o)
+@@ -2549,6 +2567,7 @@ dump_config(ServerOptions *o)
dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
@@ -267,10 +267,10 @@
/* formatted integer arguments */
dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
-Index: openssh-7.8p1/servconf.h
+Index: openssh-7.9p1/servconf.h
===================================================================
---- openssh-7.8p1.orig/servconf.h
-+++ openssh-7.8p1/servconf.h
+--- openssh-7.9p1.orig/servconf.h
++++ openssh-7.9p1/servconf.h
@@ -103,6 +103,7 @@ typedef struct {
char *ciphers; /* Supported SSH2 ciphers. */
char *macs; /* Supported SSH2 macs. */
@@ -279,10 +279,10 @@
struct ForwardOptions fwd_opts; /* forwarding options */
SyslogFacility log_facility; /* Facility for system logging. */
LogLevel log_level; /* Level for system logging. */
-Index: openssh-7.8p1/ssh_config
+Index: openssh-7.9p1/ssh_config
===================================================================
---- openssh-7.8p1.orig/ssh_config
-+++ openssh-7.8p1/ssh_config
+--- openssh-7.9p1.orig/ssh_config
++++ openssh-7.9p1/ssh_config
@@ -17,6 +17,11 @@
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
@@ -295,11 +295,11 @@
Host *
# ForwardAgent no
# ForwardX11 no
-Index: openssh-7.8p1/ssh_config.0
+Index: openssh-7.9p1/ssh_config.0
===================================================================
---- openssh-7.8p1.orig/ssh_config.0
-+++ openssh-7.8p1/ssh_config.0
-@@ -595,6 +595,23 @@ DESCRIPTION
+--- openssh-7.9p1.orig/ssh_config.0
++++ openssh-7.9p1/ssh_config.0
+@@ -610,6 +610,23 @@ DESCRIPTION
The list of available key exchange algorithms may also be
obtained using "ssh -Q kex".
@@ -323,11 +323,11 @@
LocalCommand
Specifies a command to execute on the local machine after
successfully connecting to the server. The command string
-Index: openssh-7.8p1/ssh_config.5
+Index: openssh-7.9p1/ssh_config.5
===================================================================
---- openssh-7.8p1.orig/ssh_config.5
-+++ openssh-7.8p1/ssh_config.5
-@@ -1025,6 +1025,22 @@ diffie-hellman-group14-sha1
+--- openssh-7.9p1.orig/ssh_config.5
++++ openssh-7.9p1/ssh_config.5
+@@ -1047,6 +1047,22 @@ diffie-hellman-group14-sha1
.Pp
The list of available key exchange algorithms may also be obtained using
.Qq ssh -Q kex .
@@ -350,10 +350,10 @@
.It Cm LocalCommand
Specifies a command to execute on the local machine after successfully
connecting to the server.
-Index: openssh-7.8p1/sshd_config
+Index: openssh-7.9p1/sshd_config
===================================================================
---- openssh-7.8p1.orig/sshd_config
-+++ openssh-7.8p1/sshd_config
+--- openssh-7.9p1.orig/sshd_config
++++ openssh-7.9p1/sshd_config
@@ -19,6 +19,13 @@
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
@@ -368,11 +368,11 @@
# Ciphers and keying
#RekeyLimit default none
-Index: openssh-7.8p1/sshd_config.0
+Index: openssh-7.9p1/sshd_config.0
===================================================================
---- openssh-7.8p1.orig/sshd_config.0
-+++ openssh-7.8p1/sshd_config.0
-@@ -545,6 +545,23 @@ DESCRIPTION
+--- openssh-7.9p1.orig/sshd_config.0
++++ openssh-7.9p1/sshd_config.0
+@@ -555,6 +555,23 @@ DESCRIPTION
The list of available key exchange algorithms may also be
obtained using "ssh -Q kex".
@@ -396,11 +396,11 @@
ListenAddress
Specifies the local addresses sshd(8) should listen on. The
following forms may be used:
-Index: openssh-7.8p1/sshd_config.5
+Index: openssh-7.9p1/sshd_config.5
===================================================================
---- openssh-7.8p1.orig/sshd_config.5
-+++ openssh-7.8p1/sshd_config.5
-@@ -912,6 +912,22 @@ diffie-hellman-group14-sha256,diffie-hel
+--- openssh-7.9p1.orig/sshd_config.5
++++ openssh-7.9p1/sshd_config.5
+@@ -923,6 +923,22 @@ diffie-hellman-group14-sha256,diffie-hel
.Pp
The list of available key exchange algorithms may also be obtained using
.Qq ssh -Q kex .
++++++ openssh-7.7p1-fips.patch ++++++
--- /var/tmp/diff_new_pack.tFM0X3/_old 2018-11-28 11:12:36.582965158 +0100
+++ /var/tmp/diff_new_pack.tFM0X3/_new 2018-11-28 11:12:36.582965158 +0100
@@ -3,10 +3,10 @@
FIPS 140-2 compliance. Perform selftests on start and use only FIPS approved
algorithms.
-Index: openssh-7.8p1/Makefile.in
+Index: openssh-7.9p1/Makefile.in
===================================================================
---- openssh-7.8p1.orig/Makefile.in
-+++ openssh-7.8p1/Makefile.in
+--- openssh-7.9p1.orig/Makefile.in
++++ openssh-7.9p1/Makefile.in
@@ -102,6 +102,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
platform-pledge.o platform-tracing.o platform-misc.o
@@ -16,10 +16,10 @@
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect2.o mux.o
-Index: openssh-7.8p1/cipher-ctr.c
+Index: openssh-7.9p1/cipher-ctr.c
===================================================================
---- openssh-7.8p1.orig/cipher-ctr.c
-+++ openssh-7.8p1/cipher-ctr.c
+--- openssh-7.9p1.orig/cipher-ctr.c
++++ openssh-7.9p1/cipher-ctr.c
@@ -27,6 +27,8 @@
#include "xmalloc.h"
#include "log.h"
@@ -38,10 +38,10 @@
#endif
return (&aes_ctr);
}
-Index: openssh-7.8p1/cipher.c
+Index: openssh-7.9p1/cipher.c
===================================================================
---- openssh-7.8p1.orig/cipher.c
-+++ openssh-7.8p1/cipher.c
+--- openssh-7.9p1.orig/cipher.c
++++ openssh-7.9p1/cipher.c
@@ -51,6 +51,8 @@
#include "openbsd-compat/openssl-compat.h"
@@ -131,10 +131,10 @@
if (strcmp(c->name, name) == 0)
return c;
return NULL;
-Index: openssh-7.8p1/dh.h
+Index: openssh-7.9p1/dh.h
===================================================================
---- openssh-7.8p1.orig/dh.h
-+++ openssh-7.8p1/dh.h
+--- openssh-7.9p1.orig/dh.h
++++ openssh-7.9p1/dh.h
@@ -52,6 +52,7 @@ u_int dh_estimate(int);
*/
#define DH_GRP_MIN_RFC 1024
@@ -143,10 +143,10 @@
#define DH_GRP_MAX 8192
/*
-Index: openssh-7.8p1/fips.c
+Index: openssh-7.9p1/fips.c
===================================================================
--- /dev/null
-+++ openssh-7.8p1/fips.c
++++ openssh-7.9p1/fips.c
@@ -0,0 +1,237 @@
+/*
+ * Copyright (c) 2012 Petr Cerny. All rights reserved.
@@ -385,10 +385,10 @@
+ return dh;
+}
+
-Index: openssh-7.8p1/fips.h
+Index: openssh-7.9p1/fips.h
===================================================================
--- /dev/null
-+++ openssh-7.8p1/fips.h
++++ openssh-7.9p1/fips.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2012 Petr Cerny. All rights reserved.
@@ -435,10 +435,10 @@
+
+#endif
+
-Index: openssh-7.8p1/hmac.c
+Index: openssh-7.9p1/hmac.c
===================================================================
---- openssh-7.8p1.orig/hmac.c
-+++ openssh-7.8p1/hmac.c
+--- openssh-7.9p1.orig/hmac.c
++++ openssh-7.9p1/hmac.c
@@ -144,7 +144,7 @@ hmac_test(void *key, size_t klen, void *
size_t i;
u_char digest[16];
@@ -448,10 +448,10 @@
printf("ssh_hmac_start failed");
if (ssh_hmac_init(ctx, key, klen) < 0 ||
ssh_hmac_update(ctx, m, mlen) < 0 ||
-Index: openssh-7.8p1/kex.c
+Index: openssh-7.9p1/kex.c
===================================================================
---- openssh-7.8p1.orig/kex.c
-+++ openssh-7.8p1/kex.c
+--- openssh-7.9p1.orig/kex.c
++++ openssh-7.9p1/kex.c
@@ -54,6 +54,8 @@
#include "sshbuf.h"
#include "digest.h"
@@ -547,11 +547,11 @@
free(s);
return 0;
}
-Index: openssh-7.8p1/kexgexc.c
+Index: openssh-7.9p1/kexgexc.c
===================================================================
---- openssh-7.8p1.orig/kexgexc.c
-+++ openssh-7.8p1/kexgexc.c
-@@ -51,8 +51,7 @@
+--- openssh-7.9p1.orig/kexgexc.c
++++ openssh-7.9p1/kexgexc.c
+@@ -53,8 +53,7 @@
#include "sshbuf.h"
#include "misc.h"
@@ -561,7 +561,7 @@
static int input_kex_dh_gex_group(int, u_int32_t, struct ssh *);
static int input_kex_dh_gex_reply(int, u_int32_t, struct ssh *);
-@@ -66,7 +65,7 @@ kexgex_client(struct ssh *ssh)
+@@ -68,7 +67,7 @@ kexgex_client(struct ssh *ssh)
nbits = dh_estimate(kex->dh_need * 8);
@@ -570,11 +570,11 @@
kex->max = DH_GRP_MAX;
kex->nbits = nbits;
if (datafellows & SSH_BUG_DHGEX_LARGE)
-Index: openssh-7.8p1/kexgexs.c
+Index: openssh-7.9p1/kexgexs.c
===================================================================
---- openssh-7.8p1.orig/kexgexs.c
-+++ openssh-7.8p1/kexgexs.c
-@@ -54,8 +54,7 @@
+--- openssh-7.9p1.orig/kexgexs.c
++++ openssh-7.9p1/kexgexs.c
+@@ -56,8 +56,7 @@
#include "sshbuf.h"
#include "misc.h"
@@ -584,7 +584,7 @@
static int input_kex_dh_gex_request(int, u_int32_t, struct ssh *);
static int input_kex_dh_gex_init(int, u_int32_t, struct ssh *);
-@@ -85,9 +84,9 @@ input_kex_dh_gex_request(int type, u_int
+@@ -88,9 +87,9 @@ input_kex_dh_gex_request(int type, u_int
kex->nbits = nbits;
kex->min = min;
kex->max = max;
@@ -596,10 +596,10 @@
nbits = MINIMUM(DH_GRP_MAX, nbits);
if (kex->max < kex->min || kex->nbits < kex->min ||
-Index: openssh-7.8p1/mac.c
+Index: openssh-7.9p1/mac.c
===================================================================
---- openssh-7.8p1.orig/mac.c
-+++ openssh-7.8p1/mac.c
+--- openssh-7.9p1.orig/mac.c
++++ openssh-7.9p1/mac.c
@@ -40,6 +40,9 @@
#include "openbsd-compat/openssl-compat.h"
@@ -679,11 +679,11 @@
if (strcmp(name, m->name) != 0)
continue;
if (mac != NULL)
-Index: openssh-7.8p1/myproposal.h
+Index: openssh-7.9p1/myproposal.h
===================================================================
---- openssh-7.8p1.orig/myproposal.h
-+++ openssh-7.8p1/myproposal.h
-@@ -141,6 +141,8 @@
+--- openssh-7.9p1.orig/myproposal.h
++++ openssh-7.9p1/myproposal.h
+@@ -151,6 +151,8 @@
#else /* WITH_OPENSSL */
@@ -692,10 +692,10 @@
#define KEX_SERVER_KEX \
"curve25519-sha256," \
"curve25519-sha256(a)libssh.org"
-Index: openssh-7.8p1/readconf.c
+Index: openssh-7.9p1/readconf.c
===================================================================
---- openssh-7.8p1.orig/readconf.c
-+++ openssh-7.8p1/readconf.c
+--- openssh-7.9p1.orig/readconf.c
++++ openssh-7.9p1/readconf.c
@@ -68,6 +68,7 @@
#include "myproposal.h"
#include "digest.h"
@@ -704,7 +704,7 @@
/* Format of the configuration file:
-@@ -1800,6 +1801,23 @@ option_clear_or_none(const char *o)
+@@ -1825,6 +1826,23 @@ option_clear_or_none(const char *o)
return o == NULL || strcasecmp(o, "none") == 0;
}
@@ -728,7 +728,7 @@
/*
* Initializes options to special values that indicate that they have not yet
* been set. Read_config_file will only set options with this value. Options
-@@ -1999,9 +2017,9 @@ fill_default_options(Options * options)
+@@ -2025,9 +2043,9 @@ fill_default_options(Options * options)
if (options->number_of_password_prompts == -1)
options->number_of_password_prompts = 3;
if (options->kex_dhmin == -1)
@@ -740,7 +740,7 @@
options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX);
}
dh_grp_min = options->kex_dhmin;
-@@ -2086,6 +2104,8 @@ fill_default_options(Options * options)
+@@ -2112,6 +2130,8 @@ fill_default_options(Options * options)
options->canonicalize_hostname = SSH_CANONICALISE_NO;
if (options->fingerprint_hash == -1)
options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
@@ -749,19 +749,19 @@
if (options->update_hostkeys == -1)
options->update_hostkeys = 0;
-@@ -2110,6 +2130,7 @@ fill_default_options(Options * options)
- free(all_mac);
- free(all_kex);
+@@ -2594,6 +2614,7 @@ dump_client_config(Options *o, const cha
+ KEX_DEFAULT_PK_ALG, all_key) != 0)
+ fatal("%s: kex_assemble_names failed", __func__);
free(all_key);
-+ filter_fips_algorithms(options);
++ filter_fips_algorithms(o);
- #define CLEAR_ON_NONE(v) \
- do { \
-Index: openssh-7.8p1/readconf.h
-===================================================================
---- openssh-7.8p1.orig/readconf.h
-+++ openssh-7.8p1/readconf.h
-@@ -197,6 +197,7 @@ typedef struct {
+ /* Most interesting options first: user, host, port */
+ dump_cfg_string(oUser, o->user);
+Index: openssh-7.9p1/readconf.h
+===================================================================
+--- openssh-7.9p1.orig/readconf.h
++++ openssh-7.9p1/readconf.h
+@@ -198,6 +198,7 @@ typedef struct {
#define SSH_STRICT_HOSTKEY_YES 2
#define SSH_STRICT_HOSTKEY_ASK 3
@@ -769,10 +769,10 @@
void initialize_options(Options *);
void fill_default_options(Options *);
void fill_default_options_for_canonicalization(Options *);
-Index: openssh-7.8p1/servconf.c
+Index: openssh-7.9p1/servconf.c
===================================================================
---- openssh-7.8p1.orig/servconf.c
-+++ openssh-7.8p1/servconf.c
+--- openssh-7.9p1.orig/servconf.c
++++ openssh-7.9p1/servconf.c
@@ -65,6 +65,7 @@
#include "myproposal.h"
#include "digest.h"
@@ -781,7 +781,7 @@
/* import from dh.c */
extern int dh_grp_min;
-@@ -194,6 +195,23 @@ option_clear_or_none(const char *o)
+@@ -195,6 +196,23 @@ option_clear_or_none(const char *o)
return o == NULL || strcasecmp(o, "none") == 0;
}
@@ -805,16 +805,16 @@
static void
assemble_algorithms(ServerOptions *o)
{
-@@ -220,6 +238,8 @@ assemble_algorithms(ServerOptions *o)
- free(all_mac);
+@@ -224,6 +242,8 @@ assemble_algorithms(ServerOptions *o)
free(all_kex);
free(all_key);
+ free(all_sig);
+
+ filter_fips_algorithms_s(o);
}
static void
-@@ -269,9 +289,9 @@ fill_default_server_options(ServerOption
+@@ -273,9 +293,9 @@ fill_default_server_options(ServerOption
options->use_pam_check_locks = 0;
if (options->kex_dhmin == -1)
@@ -826,7 +826,7 @@
options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX);
}
dh_grp_min = options->kex_dhmin;
-@@ -419,6 +439,8 @@ fill_default_server_options(ServerOption
+@@ -423,6 +443,8 @@ fill_default_server_options(ServerOption
options->fwd_opts.streamlocal_bind_unlink = 0;
if (options->fingerprint_hash == -1)
options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
@@ -835,10 +835,10 @@
if (options->disable_forwarding == -1)
options->disable_forwarding = 0;
if (options->expose_userauth_info == -1)
-Index: openssh-7.8p1/ssh-keygen.c
+Index: openssh-7.9p1/ssh-keygen.c
===================================================================
---- openssh-7.8p1.orig/ssh-keygen.c
-+++ openssh-7.8p1/ssh-keygen.c
+--- openssh-7.9p1.orig/ssh-keygen.c
++++ openssh-7.9p1/ssh-keygen.c
@@ -61,6 +61,8 @@
#include "utf8.h"
#include "authfd.h"
@@ -848,7 +848,7 @@
#ifdef WITH_OPENSSL
# define DEFAULT_KEY_TYPE_NAME "rsa"
#else
-@@ -965,11 +967,13 @@ do_fingerprint(struct passwd *pw)
+@@ -996,11 +998,13 @@ do_fingerprint(struct passwd *pw)
static void
do_gen_all_hostkeys(struct passwd *pw)
{
@@ -864,7 +864,7 @@
#ifdef WITH_OPENSSL
{ "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },
{ "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },
-@@ -984,6 +988,17 @@ do_gen_all_hostkeys(struct passwd *pw)
+@@ -1015,6 +1019,17 @@ do_gen_all_hostkeys(struct passwd *pw)
{ NULL, NULL, NULL }
};
@@ -882,7 +882,7 @@
int first = 0;
struct stat st;
struct sshkey *private, *public;
-@@ -991,6 +1006,12 @@ do_gen_all_hostkeys(struct passwd *pw)
+@@ -1022,6 +1037,12 @@ do_gen_all_hostkeys(struct passwd *pw)
int i, type, fd, r;
FILE *f;
@@ -895,7 +895,7 @@
for (i = 0; key_types[i].key_type; i++) {
public = private = NULL;
prv_tmp = pub_tmp = prv_file = pub_file = NULL;
-@@ -2727,6 +2748,15 @@ main(int argc, char **argv)
+@@ -2817,6 +2838,15 @@ main(int argc, char **argv)
key_type_name = DEFAULT_KEY_TYPE_NAME;
type = sshkey_type_from_name(key_type_name);
@@ -911,11 +911,11 @@
type_bits_valid(type, key_type_name, &bits);
if (!quiet)
-Index: openssh-7.8p1/ssh_config.0
+Index: openssh-7.9p1/ssh_config.0
===================================================================
---- openssh-7.8p1.orig/ssh_config.0
-+++ openssh-7.8p1/ssh_config.0
-@@ -343,6 +343,9 @@ DESCRIPTION
+--- openssh-7.9p1.orig/ssh_config.0
++++ openssh-7.9p1/ssh_config.0
+@@ -353,6 +353,9 @@ DESCRIPTION
Specifies the hash algorithm used when displaying key
fingerprints. Valid options are: md5 and sha256 (the default).
@@ -925,7 +925,7 @@
ForwardAgent
Specifies whether the connection to the authentication agent (if
any) will be forwarded to the remote machine. The argument must
-@@ -612,6 +615,9 @@ DESCRIPTION
+@@ -627,6 +630,9 @@ DESCRIPTION
resort and all efforts should be made to fix the (broken)
counterparty.
@@ -935,11 +935,11 @@
LocalCommand
Specifies a command to execute on the local machine after
successfully connecting to the server. The command string
-Index: openssh-7.8p1/ssh_config.5
+Index: openssh-7.9p1/ssh_config.5
===================================================================
---- openssh-7.8p1.orig/ssh_config.5
-+++ openssh-7.8p1/ssh_config.5
-@@ -628,6 +628,8 @@ Valid options are:
+--- openssh-7.9p1.orig/ssh_config.5
++++ openssh-7.9p1/ssh_config.5
+@@ -642,6 +642,8 @@ Valid options are:
and
.Cm sha256
(the default).
@@ -948,7 +948,7 @@
.It Cm ForwardAgent
Specifies whether the connection to the authentication agent (if any)
will be forwarded to the remote machine.
-@@ -1041,6 +1043,9 @@ maximum backward compatibility, using it
+@@ -1063,6 +1065,9 @@ maximum backward compatibility, using it
security and thus should be viewed as a temporary fix of last
resort and all efforts should be made to fix the (broken)
counterparty.
@@ -958,10 +958,10 @@
.It Cm LocalCommand
Specifies a command to execute on the local machine after successfully
connecting to the server.
-Index: openssh-7.8p1/sshd.c
+Index: openssh-7.9p1/sshd.c
===================================================================
---- openssh-7.8p1.orig/sshd.c
-+++ openssh-7.8p1/sshd.c
+--- openssh-7.9p1.orig/sshd.c
++++ openssh-7.9p1/sshd.c
@@ -123,6 +123,8 @@
#include "version.h"
#include "ssherr.h"
@@ -971,11 +971,11 @@
/* Re-exec fds */
#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
-Index: openssh-7.8p1/sshd_config.0
+Index: openssh-7.9p1/sshd_config.0
===================================================================
---- openssh-7.8p1.orig/sshd_config.0
-+++ openssh-7.8p1/sshd_config.0
-@@ -338,6 +338,9 @@ DESCRIPTION
+--- openssh-7.9p1.orig/sshd_config.0
++++ openssh-7.9p1/sshd_config.0
+@@ -348,6 +348,9 @@ DESCRIPTION
Specifies the hash algorithm used when logging key fingerprints.
Valid options are: md5 and sha256. The default is sha256.
@@ -985,7 +985,7 @@
ForceCommand
Forces the execution of the command specified by ForceCommand,
ignoring any command supplied by the client and ~/.ssh/rc if
-@@ -562,6 +565,9 @@ DESCRIPTION
+@@ -572,6 +575,9 @@ DESCRIPTION
resort and all efforts should be made to fix the (broken)
counterparty.
@@ -995,11 +995,11 @@
ListenAddress
Specifies the local addresses sshd(8) should listen on. The
following forms may be used:
-Index: openssh-7.8p1/sshd_config.5
+Index: openssh-7.9p1/sshd_config.5
===================================================================
---- openssh-7.8p1.orig/sshd_config.5
-+++ openssh-7.8p1/sshd_config.5
-@@ -592,6 +592,8 @@ and
+--- openssh-7.9p1.orig/sshd_config.5
++++ openssh-7.9p1/sshd_config.5
+@@ -603,6 +603,8 @@ and
.Cm sha256 .
The default is
.Cm sha256 .
++++++ openssh-7.7p1-gssapi_key_exchange.patch ++++++
++++ 1356 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/openssh/openssh-7.7p1-gssapi_key_exchange.patch
++++ and /work/SRC/openSUSE:Factory/.openssh.new.19453/openssh-7.7p1-gssapi_key_exchange.patch
++++++ openssh-7.7p1-ldap.patch ++++++
--- /var/tmp/diff_new_pack.tFM0X3/_old 2018-11-28 11:12:36.602965130 +0100
+++ /var/tmp/diff_new_pack.tFM0X3/_new 2018-11-28 11:12:36.602965130 +0100
@@ -10,10 +10,10 @@
# internal versions. ssh-keyconverter consequently fails to link as it lacks
# the proper flags, and libopenbsd-compat doesn't contain the b64_* functions)
-Index: openssh-7.8p1/HOWTO.ldap-keys
+Index: openssh-7.9p1/HOWTO.ldap-keys
===================================================================
--- /dev/null
-+++ openssh-7.8p1/HOWTO.ldap-keys
++++ openssh-7.9p1/HOWTO.ldap-keys
@@ -0,0 +1,108 @@
+
+HOW TO START
@@ -123,10 +123,10 @@
+ - frederic peters.
+ - Finlay dobbie.
+ - Stefan Fisher.
-Index: openssh-7.8p1/Makefile.in
+Index: openssh-7.9p1/Makefile.in
===================================================================
---- openssh-7.8p1.orig/Makefile.in
-+++ openssh-7.8p1/Makefile.in
+--- openssh-7.9p1.orig/Makefile.in
++++ openssh-7.9p1/Makefile.in
@@ -24,6 +24,8 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
@@ -146,7 +146,7 @@
XMSS_OBJS=\
ssh-xmss.o \
sshkey-xmss.o \
-@@ -132,8 +137,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
+@@ -130,8 +135,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
sandbox-solaris.o uidswap.o
@@ -157,7 +157,7 @@
MANTYPE = @MANTYPE@
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
-@@ -208,6 +213,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
+@@ -206,6 +211,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
@@ -167,7 +167,7 @@
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-@@ -363,6 +371,10 @@ install-files:
+@@ -361,6 +369,10 @@ install-files:
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
@@ -178,7 +178,7 @@
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) cavstest-ctr$(EXEEXT) $(DESTDIR)$(libexecdir)/cavstest-ctr$(EXEEXT)
-@@ -381,6 +393,10 @@ install-files:
+@@ -379,6 +391,10 @@ install-files:
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
@@ -189,7 +189,7 @@
install-sysconf:
$(MKDIR_P) $(DESTDIR)$(sysconfdir)
-@@ -404,6 +420,13 @@ install-sysconf:
+@@ -402,6 +418,13 @@ install-sysconf:
else \
echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
fi
@@ -203,7 +203,7 @@
host-key: ssh-keygen$(EXEEXT)
@if [ -z "$(DESTDIR)" ] ; then \
-@@ -441,6 +464,8 @@ uninstall:
+@@ -439,6 +462,8 @@ uninstall:
-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
@@ -212,7 +212,7 @@
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -452,6 +477,7 @@ uninstall:
+@@ -450,6 +475,7 @@ uninstall:
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
@@ -220,11 +220,11 @@
regress-prep:
$(MKDIR_P) `pwd`/regress/unittests/test_helper
-Index: openssh-7.8p1/configure.ac
+Index: openssh-7.9p1/configure.ac
===================================================================
---- openssh-7.8p1.orig/configure.ac
-+++ openssh-7.8p1/configure.ac
-@@ -1680,6 +1680,106 @@ AC_ARG_WITH([audit],
+--- openssh-7.9p1.orig/configure.ac
++++ openssh-7.9p1/configure.ac
+@@ -1671,6 +1671,106 @@ AC_ARG_WITH([audit],
esac ]
)
@@ -331,10 +331,10 @@
AC_ARG_WITH([pie],
[ --with-pie Build Position Independent Executables if possible], [
if test "x$withval" = "xno"; then
-Index: openssh-7.8p1/ldap-helper.c
+Index: openssh-7.9p1/ldap-helper.c
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ldap-helper.c
++++ openssh-7.9p1/ldap-helper.c
@@ -0,0 +1,155 @@
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -491,10 +491,10 @@
+void *buffer_get_string(struct sshbuf *b, u_int *l) { return NULL; }
+void buffer_put_string(struct sshbuf *b, const void *f, u_int l) {}
+
-Index: openssh-7.8p1/ldap-helper.h
+Index: openssh-7.9p1/ldap-helper.h
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ldap-helper.h
++++ openssh-7.9p1/ldap-helper.h
@@ -0,0 +1,32 @@
+/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -528,10 +528,10 @@
+extern int config_warning_config_file;
+
+#endif /* LDAP_HELPER_H */
-Index: openssh-7.8p1/ldap.conf
+Index: openssh-7.9p1/ldap.conf
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ldap.conf
++++ openssh-7.9p1/ldap.conf
@@ -0,0 +1,88 @@
+# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $
+#
@@ -621,10 +621,10 @@
+#tls_cert
+#tls_key
+
-Index: openssh-7.8p1/ldapbody.c
+Index: openssh-7.9p1/ldapbody.c
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ldapbody.c
++++ openssh-7.9p1/ldapbody.c
@@ -0,0 +1,494 @@
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1120,10 +1120,10 @@
+ return;
+}
+
-Index: openssh-7.8p1/ldapbody.h
+Index: openssh-7.9p1/ldapbody.h
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ldapbody.h
++++ openssh-7.9p1/ldapbody.h
@@ -0,0 +1,37 @@
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1162,10 +1162,10 @@
+
+#endif /* LDAPBODY_H */
+
-Index: openssh-7.8p1/ldapconf.c
+Index: openssh-7.9p1/ldapconf.c
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ldapconf.c
++++ openssh-7.9p1/ldapconf.c
@@ -0,0 +1,711 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1878,10 +1878,10 @@
+ dump_cfg_string(lSSH_Filter, options.ssh_filter);
+}
+
-Index: openssh-7.8p1/ldapconf.h
+Index: openssh-7.9p1/ldapconf.h
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ldapconf.h
++++ openssh-7.9p1/ldapconf.h
@@ -0,0 +1,71 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1954,10 +1954,10 @@
+void dump_config(void);
+
+#endif /* LDAPCONF_H */
-Index: openssh-7.8p1/ldapincludes.h
+Index: openssh-7.9p1/ldapincludes.h
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ldapincludes.h
++++ openssh-7.9p1/ldapincludes.h
@@ -0,0 +1,41 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -2000,10 +2000,10 @@
+#endif
+
+#endif /* LDAPINCLUDES_H */
-Index: openssh-7.8p1/ldapmisc.c
+Index: openssh-7.9p1/ldapmisc.c
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ldapmisc.c
++++ openssh-7.9p1/ldapmisc.c
@@ -0,0 +1,79 @@
+
+#include "ldapincludes.h"
@@ -2084,10 +2084,10 @@
+}
+#endif
+
-Index: openssh-7.8p1/ldapmisc.h
+Index: openssh-7.9p1/ldapmisc.h
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ldapmisc.h
++++ openssh-7.9p1/ldapmisc.h
@@ -0,0 +1,35 @@
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -2124,10 +2124,10 @@
+
+#endif /* LDAPMISC_H */
+
-Index: openssh-7.8p1/openbsd-compat/base64.c
+Index: openssh-7.9p1/openbsd-compat/base64.c
===================================================================
---- openssh-7.8p1.orig/openbsd-compat/base64.c
-+++ openssh-7.8p1/openbsd-compat/base64.c
+--- openssh-7.9p1.orig/openbsd-compat/base64.c
++++ openssh-7.9p1/openbsd-compat/base64.c
@@ -46,7 +46,7 @@
#include "includes.h"
@@ -2155,10 +2155,10 @@
/* skips all whitespace anywhere.
converts characters, four at a time, starting at (or after)
-Index: openssh-7.8p1/openbsd-compat/base64.h
+Index: openssh-7.9p1/openbsd-compat/base64.h
===================================================================
---- openssh-7.8p1.orig/openbsd-compat/base64.h
-+++ openssh-7.8p1/openbsd-compat/base64.h
+--- openssh-7.9p1.orig/openbsd-compat/base64.h
++++ openssh-7.9p1/openbsd-compat/base64.h
@@ -45,16 +45,16 @@
#include "includes.h"
@@ -2180,10 +2180,10 @@
int b64_pton(char const *src, u_char *target, size_t targsize);
# endif /* !HAVE_B64_PTON */
# define __b64_pton(a,b,c) b64_pton(a,b,c)
-Index: openssh-7.8p1/openssh-lpk-openldap.schema
+Index: openssh-7.9p1/openssh-lpk-openldap.schema
===================================================================
--- /dev/null
-+++ openssh-7.8p1/openssh-lpk-openldap.schema
++++ openssh-7.9p1/openssh-lpk-openldap.schema
@@ -0,0 +1,21 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -2206,10 +2206,10 @@
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
+ MUST ( sshPublicKey $ uid )
+ )
-Index: openssh-7.8p1/openssh-lpk-sun.schema
+Index: openssh-7.9p1/openssh-lpk-sun.schema
===================================================================
--- /dev/null
-+++ openssh-7.8p1/openssh-lpk-sun.schema
++++ openssh-7.9p1/openssh-lpk-sun.schema
@@ -0,0 +1,23 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -2234,10 +2234,10 @@
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
+ MUST ( sshPublicKey $ uid )
+ )
-Index: openssh-7.8p1/ssh-ldap-helper.8
+Index: openssh-7.9p1/ssh-ldap-helper.8
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ssh-ldap-helper.8
++++ openssh-7.9p1/ssh-ldap-helper.8
@@ -0,0 +1,79 @@
+.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
+.\"
@@ -2318,19 +2318,19 @@
+OpenSSH 5.5 + PKA-LDAP .
+.Sh AUTHORS
+.An Jan F. Chadima Aq jchadima(a)redhat.com
-Index: openssh-7.8p1/ssh-ldap-wrapper
+Index: openssh-7.9p1/ssh-ldap-wrapper
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ssh-ldap-wrapper
++++ openssh-7.9p1/ssh-ldap-wrapper
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+exec @LIBEXECDIR@/ssh-ldap-helper -s "$1"
+
-Index: openssh-7.8p1/ssh-ldap.conf.5
+Index: openssh-7.9p1/ssh-ldap.conf.5
===================================================================
--- /dev/null
-+++ openssh-7.8p1/ssh-ldap.conf.5
++++ openssh-7.9p1/ssh-ldap.conf.5
@@ -0,0 +1,376 @@
+.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
+.\"
++++++ openssh-7.7p1-seccomp_ipc_flock.patch ++++++
--- /var/tmp/diff_new_pack.tFM0X3/_old 2018-11-28 11:12:36.618965107 +0100
+++ /var/tmp/diff_new_pack.tFM0X3/_new 2018-11-28 11:12:36.618965107 +0100
@@ -15,15 +15,11 @@
Signed-off-by: Eduardo Barretto <ebarretto(a)linux.vnet.ibm.com>
-diff --git a/openssh-7.7p1/sandbox-seccomp-filter.c b/openssh-7.7p1/sandbox-seccomp-filter.c
---- openssh-7.7p1/sandbox-seccomp-filter.c
-+++ openssh-7.7p1/sandbox-seccomp-filter.c
-@@ -167,16 +167,19 @@ static const struct sock_filter preauth_
- SC_ALLOW(__NR_exit_group),
- #endif
- #ifdef __NR_geteuid
- SC_ALLOW(__NR_geteuid),
- #endif
+Index: openssh-7.9p1/sandbox-seccomp-filter.c
+===================================================================
+--- openssh-7.9p1.orig/sandbox-seccomp-filter.c
++++ openssh-7.9p1/sandbox-seccomp-filter.c
+@@ -175,6 +175,9 @@ static const struct sock_filter preauth_
#ifdef __NR_geteuid32
SC_ALLOW(__NR_geteuid32),
#endif
@@ -33,17 +29,7 @@
#ifdef __NR_getpgid
SC_ALLOW(__NR_getpgid),
#endif
- #ifdef __NR_getpid
- SC_ALLOW(__NR_getpid),
- #endif
- #ifdef __NR_getrandom
- SC_ALLOW(__NR_getrandom),
-@@ -185,16 +188,19 @@ static const struct sock_filter preauth_
- SC_ALLOW(__NR_gettimeofday),
- #endif
- #ifdef __NR_getuid
- SC_ALLOW(__NR_getuid),
- #endif
+@@ -193,6 +196,9 @@ static const struct sock_filter preauth_
#ifdef __NR_getuid32
SC_ALLOW(__NR_getuid32),
#endif
@@ -53,8 +39,3 @@
#ifdef __NR_madvise
SC_ALLOW(__NR_madvise),
#endif
- #ifdef __NR_mmap
- SC_ALLOW(__NR_mmap),
- #endif
- #ifdef __NR_mmap2
- SC_ALLOW(__NR_mmap2),
++++++ openssh-7.7p1-sftp_force_permissions.patch ++++++
--- /var/tmp/diff_new_pack.tFM0X3/_old 2018-11-28 11:12:36.630965090 +0100
+++ /var/tmp/diff_new_pack.tFM0X3/_new 2018-11-28 11:12:36.630965090 +0100
@@ -1,123 +1,100 @@
-# HG changeset patch
-# Parent 37bba3ff816d9ab93ddcf23389a4eb29d7716006
-additional option for sftp-server to force file mode for new files
-FATE#312774
-http://lists.mindrot.org/pipermail/openssh-unix-dev/2010-November/029044.html
-http://marc.info/?l=openssh-unix-dev&m=128896838930893
-
-diff --git a/openssh-7.7p1/sftp-server.8 b/openssh-7.7p1/sftp-server.8
---- openssh-7.7p1/sftp-server.8
-+++ openssh-7.7p1/sftp-server.8
-@@ -33,16 +33,17 @@
- .Bk -words
- .Op Fl ehR
- .Op Fl d Ar start_directory
- .Op Fl f Ar log_facility
- .Op Fl l Ar log_level
+--- original/sftp-server.8 2016-12-19 04:59:41.000000000 +0000
++++ original/sftp-server.8 2017-11-23 08:47:01.267239186 +0000
+@@ -38,6 +38,7 @@
.Op Fl P Ar blacklisted_requests
.Op Fl p Ar whitelisted_requests
.Op Fl u Ar umask
-+.Op Fl m Ar force_file_permissions
++.Op Fl m Ar force_file_dir_perms
.Ek
.Nm
.Fl Q Ar protocol_feature
- .Sh DESCRIPTION
- .Nm
- is a program that speaks the server side of SFTP protocol
- to stdout and expects client requests from stdin.
- .Nm
-@@ -133,16 +134,20 @@ Places this instance of
- into a read-only mode.
- Attempts to open files for writing, as well as other operations that change
- the state of the filesystem, will be denied.
- .It Fl u Ar umask
- Sets an explicit
+@@ -138,6 +139,10 @@
.Xr umask 2
to be applied to newly-created files and directories, instead of the
user's default mask.
-+.It Fl m Ar force_file_permissions
-+Sets explicit file permissions to be applied to newly-created files instead
-+of the default or client requested mode. Numeric values include:
++.It Fl m Ar force_file_dir_perms
++Sets explicit permissions to be applied to newly-created files and directories
++instead of the default or client requested mode. Numeric values include:
+777, 755, 750, 666, 644, 640, etc. Option -u is ineffective if -m is set.
.El
.Pp
On some systems,
- .Nm
- must be able to access
- .Pa /dev/log
- for logging to work, and use of
- .Nm
-diff --git a/openssh-7.7p1/sftp-server.c b/openssh-7.7p1/sftp-server.c
---- openssh-7.7p1/sftp-server.c
-+++ openssh-7.7p1/sftp-server.c
-@@ -71,16 +71,20 @@ static u_int version;
- static int init_done;
-
- /* Disable writes */
- static int readonly;
-
- /* Requests that are allowed/denied */
- static char *request_whitelist, *request_blacklist;
+--- original/sftp-server.c 2016-12-19 04:59:41.000000000 +0000
++++ original/sftp-server.c 2017-11-23 13:07:08.481765581 +0000
+@@ -65,6 +65,10 @@
+ /* Version of client */
+ static u_int version;
-+/* Force file permissions */
++/* Force file and directory permissions */
+int permforce = 0;
+long permforcemode;
+
- /* portable attributes, etc. */
- typedef struct Stat Stat;
+ /* SSH2_FXP_INIT received */
+ static int init_done;
- struct Stat {
+@@ -679,6 +683,7 @@
+ Attrib a;
char *name;
- char *long_name;
- Attrib attrib;
- };
-@@ -685,16 +689,20 @@ process_open(u_int32_t id)
+ int r, handle, fd, flags, mode, status = SSH2_FX_FAILURE;
++ mode_t old_umask = 0;
+
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
(r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */
- (r = decode_attrib(iqueue, &a)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
-
+@@ -688,6 +693,10 @@
debug3("request %u: open flags %d", id, pflags);
flags = flags_from_portable(pflags);
mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666;
-+ if (permforce == 1) {
++ if (permforce == 1) { /* Force perm if -m is set */
+ mode = permforcemode;
-+ (void)umask(0); /* so umask does not interfere */
++ old_umask = umask(0); /* so umask does not interfere */
+ }
logit("open \"%s\" flags %s mode 0%o",
name, string_from_portable(pflags), mode);
if (readonly &&
- ((flags & O_ACCMODE) != O_RDONLY ||
- (flags & (O_CREAT|O_TRUNC)) != 0)) {
- verbose("Refusing open request in read-only mode");
- status = SSH2_FX_PERMISSION_DENIED;
- } else {
-@@ -1487,17 +1495,18 @@ sftp_server_cleanup_exit(int i)
- static void
- sftp_server_usage(void)
- {
- extern char *__progname;
+@@ -709,6 +718,8 @@
+ }
+ }
+ }
++ if (permforce == 1)
++ (void) umask(old_umask); /* restore umask to something sane */
+ if (status != SSH2_FX_OK)
+ send_status(id, status);
+ free(name);
+@@ -1110,6 +1121,7 @@
+ Attrib a;
+ char *name;
+ int r, mode, status = SSH2_FX_FAILURE;
++ mode_t old_umask = 0;
+
+ if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
+ (r = decode_attrib(iqueue, &a)) != 0)
+@@ -1117,9 +1129,16 @@
+ mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
+ a.perm & 07777 : 0777;
++ if (permforce == 1) { /* Force perm if -m is set */
++ mode = permforcemode;
++ old_umask = umask(0); /* so umask does not interfere */
++ }
++
+ debug3("request %u: mkdir", id);
+ logit("mkdir name \"%s\" mode 0%o", name, mode);
+ r = mkdir(name, mode);
++ if (permforce == 1)
++ (void) umask(old_umask); /* restore umask to something sane */
+ status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ send_status(id, status);
+ free(name);
+@@ -1490,7 +1509,7 @@
fprintf(stderr,
"usage: %s [-ehR] [-d start_directory] [-f log_facility] "
"[-l log_level]\n\t[-P blacklisted_requests] "
- "[-p whitelisted_requests] [-u umask]\n"
-+ "[-p whitelisted_requests] [-u umask]\n\t"
-+ "[-m force_file_permissions]\n"
++ "[-p whitelisted_requests] [-u umask] [-m force_file_dir_perms]\n"
" %s -Q protocol_feature\n",
__progname, __progname);
exit(1);
- }
-
- int
- sftp_server_main(int argc, char **argv, struct passwd *user_pw)
- {
-@@ -1516,17 +1525,17 @@ sftp_server_main(int argc, char **argv,
-
- ssh_malloc_init(); /* must be called before any mallocs */
- __progname = ssh_get_progname(argv[0]);
- log_init(__progname, log_level, log_facility, log_stderr);
-
+@@ -1516,7 +1535,7 @@
pw = pwcopy(user_pw);
while (!skipargs && (ch = getopt(argc, argv,
@@ -126,32 +103,19 @@
switch (ch) {
case 'Q':
if (strcasecmp(optarg, "requests") != 0) {
- fprintf(stderr, "Invalid query type\n");
- exit(1);
- }
- for (i = 0; handlers[i].handler != NULL; i++)
- printf("%s\n", handlers[i].name);
-@@ -1576,16 +1585,23 @@ sftp_server_main(int argc, char **argv,
- case 'u':
- errno = 0;
- mask = strtol(optarg, &cp, 8);
- if (mask < 0 || mask > 0777 || *cp != '\0' ||
- cp == optarg || (mask == 0 && errno != 0))
+@@ -1576,6 +1595,15 @@
fatal("Invalid umask \"%s\"", optarg);
(void)umask((mode_t)mask);
break;
+ case 'm':
++ /* Force permissions on file and directory received via sftp */
+ permforce = 1;
+ permforcemode = strtol(optarg, &cp, 8);
-+ if (permforcemode < 0 || permforcemode > 0777 || *cp != '\0' ||
-+ cp == optarg || (permforcemode == 0 && errno != 0))
-+ fatal("Invalid umask \"%s\"", optarg);
++ if (permforcemode < 0 || permforcemode > 0777 ||
++ *cp != '\0' || (permforcemode == 0 &&
++ errno != 0))
++ fatal("Invalid file mode \"%s\"", optarg);
+ break;
case 'h':
default:
sftp_server_usage();
- }
- }
-
- log_init(__progname, log_level, log_facility, log_stderr);
-
++++++ openssh-7.8p1.tar.gz -> openssh-7.9p1.tar.gz ++++++
++++ 12283 lines of diff (skipped)
++++++ openssh-openssl-1_0_0-compatibility.patch ++++++
Index: openssh-7.9p1/openbsd-compat/openssl-compat.c
===================================================================
--- openssh-7.9p1.orig/openbsd-compat/openssl-compat.c 2018-11-26 11:47:17.417925053 +0100
+++ openssh-7.9p1/openbsd-compat/openssl-compat.c 2018-11-26 11:52:47.127727580 +0100
@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void)
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
-#if OPENSSL_VERSION_NUMBER < 0x10001000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
OPENSSL_config(NULL);
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
Index: openssh-7.9p1/gss-genr.c
===================================================================
--- openssh-7.9p1.orig/gss-genr.c 2018-11-26 11:47:17.417925053 +0100
+++ openssh-7.9p1/gss-genr.c 2018-11-26 12:01:40.354642746 +0100
@@ -114,7 +114,11 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
if ((buf = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ md = EVP_MD_CTX_create();
+#else
md = EVP_MD_CTX_new();
+#endif
oidpos = 0;
for (i = 0; i < gss_supported->count; i++) {
if (gss_supported->elements[i].length < 128 &&
@@ -156,7 +160,11 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
oidpos++;
}
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_MD_CTX_destroy(md);
+#else
EVP_MD_CTX_free(md);
+#endif
gss_enc2oid[oidpos].oid = NULL;
gss_enc2oid[oidpos].encoded = NULL;
++++++ sshd.service ++++++
--- /var/tmp/diff_new_pack.tFM0X3/_old 2018-11-28 11:12:37.018964545 +0100
+++ /var/tmp/diff_new_pack.tFM0X3/_new 2018-11-28 11:12:37.022964540 +0100
@@ -10,7 +10,8 @@
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
-Restart=always
+Restart=on-failure
+RestartPreventExitStatus=255
TasksMax=infinity
[Install]
1
0
Hello community,
here is the log from the commit of package libpipeline for openSUSE:Factory checked in at 2018-11-28 11:11:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libpipeline (Old)
and /work/SRC/openSUSE:Factory/.libpipeline.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libpipeline"
Wed Nov 28 11:11:16 2018 rev:11 rq:652003 version:1.5.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/libpipeline/libpipeline.changes 2015-11-15 12:45:30.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libpipeline.new.19453/libpipeline.changes 2018-11-28 11:12:32.174971350 +0100
@@ -1,0 +2,7 @@
+Fri Nov 23 14:12:20 UTC 2018 - Dr. Werner Fink <werner(a)suse.de>
+
+- Update to version 1.5.0
+ * Add `pipecmd_pre_exec' to install a pre-exec handler for a single command.
+ * Fix EOF detection in get_line.
+
+-------------------------------------------------------------------
Old:
----
libpipeline-1.4.1.tar.gz
libpipeline-1.4.1.tar.gz.sig
New:
----
libpipeline-1.5.0.tar.gz
libpipeline-1.5.0.tar.gz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libpipeline.spec ++++++
--- /var/tmp/diff_new_pack.eEnVyg/_old 2018-11-28 11:12:33.178969939 +0100
+++ /var/tmp/diff_new_pack.eEnVyg/_new 2018-11-28 11:12:33.178969939 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libpipeline
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,10 +18,10 @@
%define lname libpipeline1
Name: libpipeline
-Version: 1.4.1
+Version: 1.5.0
Release: 0
Summary: A pipeline manipulation library
-License: GPL-3.0+
+License: GPL-3.0-or-later
Group: System/Libraries
Url: http://www.nongnu.org/libpipeline/
Source0: http://download.savannah.gnu.org/releases/%{name}/%{name}-%{version}.tar.gz
++++++ libpipeline-1.4.1.tar.gz -> libpipeline-1.5.0.tar.gz ++++++
++++ 22206 lines of diff (skipped)
1
0
Hello community,
here is the log from the commit of package mariadb for openSUSE:Factory checked in at 2018-11-28 11:11:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mariadb (Old)
and /work/SRC/openSUSE:Factory/.mariadb.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mariadb"
Wed Nov 28 11:11:08 2018 rev:78 rq:651994 version:10.2.19
Changes:
--------
--- /work/SRC/openSUSE:Factory/mariadb/mariadb.changes 2018-10-02 19:40:47.182266240 +0200
+++ /work/SRC/openSUSE:Factory/.mariadb.new.19453/mariadb.changes 2018-11-28 11:12:22.946984317 +0100
@@ -1,0 +2,60 @@
+Wed Nov 14 09:42:24 UTC 2018 - kstreitova(a)suse.com
+
+- update to 10.2.19 GA [bsc#1116686]
+ * notable changes:
+ * innodb_safe_truncate system variable for a backup-safe
+ TRUNCATE TABLE implementation that is based on RENAME,
+ CREATE, DROP (MDEV-14717, MDEV-14585, MDEV-13564). Default
+ value for this variable is ON. If you absolutely must use
+ XtraBackup instead of Mariabackup, you can set it to OFF and
+ restart the server
+ * MDEV-17289: Multi-pass recovery fails to apply some redo
+ log records
+ * MDEV-17073: INSERT…ON DUPLICATE KEY UPDATE became more
+ deadlock-prone
+ * MDEV-17491: micro optimize page_id_t
+ * MDEV-13671: InnoDB should use case-insensitive column name
+ comparisons like the rest of the server
+ * Fixes for indexed virtual columns: MDEV-17215, MDEV-16980
+ * MDEV-17433: Allow InnoDB start up with empty ib_logfile0
+ from mariabackup --prepare
+ * MDEV-12547: InnoDB FULLTEXT index has too strict
+ innodb_ft_result_cache_limit max limit
+ * MDEV-17541: KILL QUERY during lock wait in FOREIGN KEY
+ check causes hang
+ * MDEV-17531: Crash in RENAME TABLE with FOREIGN KEY and
+ FULLTEXT INDEX
+ * MDEV-17532: Performance_schema reports wrong directory for
+ the temporary files of ALTER TABLE…ALGORITHM=INPLACE
+ * MDEV-17545: Predicate lock for SPATIAL INDEX should lock
+ non-matching record
+ * MDEV-17546: SPATIAL INDEX should not be allowed for
+ FOREIGN KEY
+ * MDEV-17548: Incorrect access to off-page column for
+ indexed virtual column
+ * MDEV-12023: Assertion failure sym_node->table != NULL
+ on startup
+ * MDEV-17230: encryption_key_id from alter is ignored by
+ encryption threads
+ * fixes for the following security vulnerabilities:
+ CVE-2018-3282 [bsc#1112432], CVE-2016-9843 [bsc#1013882],
+ CVE-2018-3174 [bsc#1112368], CVE-2018-3143 [bsc#1112421],
+ CVE-2018-3156 [bsc#1112417], CVE-2018-3251 [bsc#1112397],
+ CVE-2018-3185 [bsc#1112384], CVE-2018-3277 [bsc#1112391],
+ CVE-2018-3162 [bsc#1112415], CVE-2018-3173 [bsc#1112386],
+ CVE-2018-3200 [bsc#1112404], CVE-2018-3284 [bsc#1112377]
+ * release notes and changelog:
+ https://mariadb.com/kb/en/library/mariadb-10219-release-notes
+ https://mariadb.com/kb/en/library/mariadb-10219-changelog
+- do not pack libmariadb.pc (packed in mariadb-connector-c)
+
+-------------------------------------------------------------------
+Tue Oct 30 14:59:59 UTC 2018 - kstreitova(a)suse.com
+
+- add "Requires: libmariadb_plugins" to the mariadb-test subpackage
+ in order to be able to test client plugins successfuly
+ [bsc#1111859]
+- don't remove debug_key_management.so anymore [bsc#1111858]
+
+
+-------------------------------------------------------------------
Old:
----
mariadb-10.2.18.tar.gz
mariadb-10.2.18.tar.gz.sig
New:
----
mariadb-10.2.19.tar.gz
mariadb-10.2.19.tar.gz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mariadb.spec ++++++
--- /var/tmp/diff_new_pack.oXiarP/_old 2018-11-28 11:12:25.726980409 +0100
+++ /var/tmp/diff_new_pack.oXiarP/_new 2018-11-28 11:12:25.726980409 +0100
@@ -48,7 +48,7 @@
%define with_mroonga 0
%endif
Name: mariadb
-Version: 10.2.18
+Version: 10.2.19
Release: 0
Summary: Server part of MariaDB
License: SUSE-GPL-2.0-with-FLOSS-exception
@@ -273,6 +273,8 @@
Requires: %{name}-bench = %{version}
Requires: %{name}-client = %{version}
Requires: %{name}-tools = %{version}
+# Requires libmariadb_plugins in order to test client plugins successfuly
+Requires: libmariadb_plugins >= 3.0
Requires: perl-DBD-mysql
Requires: procps
Requires: time
@@ -498,9 +500,6 @@
# Remove systemd-sysusers conf file for creating of mysql user (we do it in the specfile)
rm -f %{buildroot}%{_sysusersdir}/sysusers.conf
-# Remove debug management for keys Mariadb 101+
-rm -f %{buildroot}%{_libdir}/mysql/plugin/debug_key_management.so
-
# Remove client libraries that are now provided in mariadb-connector-c
# Client library and links
rm %{buildroot}%{_libdir}/libmariadb*.so.*
@@ -513,6 +512,7 @@
rm %{buildroot}%{_bindir}/mysql_config
rm %{buildroot}%{_bindir}/mariadb_config
rm %{buildroot}%{_datadir}/pkgconfig/mariadb.pc
+rm %{buildroot}%{_prefix}/lib/pkgconfig/libmariadb.pc
rm %{buildroot}%{_datadir}/aclocal/mysql.m4
rm %{buildroot}%{_mandir}/man1/mysql_config*.1*
rm -r %{buildroot}%{_includedir}/mysql
++++++ mariadb-10.2.18.tar.gz -> mariadb-10.2.19.tar.gz ++++++
/work/SRC/openSUSE:Factory/mariadb/mariadb-10.2.18.tar.gz /work/SRC/openSUSE:Factory/.mariadb.new.19453/mariadb-10.2.19.tar.gz differ: char 5, line 1
1
0
Hello community,
here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2018-11-28 11:10:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old)
and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox"
Wed Nov 28 11:10:42 2018 rev:279 rq:651985 version:63.0.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2018-10-09 15:51:47.194451891 +0200
+++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19453/MozillaFirefox.changes 2018-11-28 11:11:17.539076355 +0100
@@ -1,0 +2,96 @@
+Mon Nov 26 09:46:02 UTC 2018 - Guillaume GARDET <guillaume.gardet(a)opensuse.org>
+
+- Clean-up %arm build
+
+-------------------------------------------------------------------
+Sun Nov 18 11:01:21 UTC 2018 - manfred.h(a)gmx.net
+
+- update to Firefox 63.0.3
+ * Games using WebGL (created in Unity) get stuck after very short
+ time of gameplay (bmo#1502748)
+ * Slow page loading for some users with specific proxy configurations
+ (bmo#1495024)
+ * Disable HTTP response throttling by default for causing bugs with
+ videos in background tabs (bmo#1503354)
+ * Opening magnet links no longer works (bmo#1498934)
+ * Crash fixes (bmo#1498510, bmo#1503424)
+- removed mozilla-newer-cbindgen.patch; no longer needed
+
+-------------------------------------------------------------------
+Thu Nov 8 14:59:13 UTC 2018 - wr(a)rosenauer.org
+
+- update to Firefox 63.0.1
+ * Snippets are not loaded due to missing element (bmo#1503047)
+ * Print preview always shows 30& scale when it is actually
+ Shrink To Fit (bmo#1501952)
+ * Dialog displayed when closing multiple windows shows unreplaced
+ %1$S placeholder in Japanese and potentially other locales
+ (bmo#1500823)
+
+-------------------------------------------------------------------
+Mon Oct 29 14:07:51 UTC 2018 - wr(a)rosenauer.org
+
+- update to Firefox 63.0
+ * WebExtensions now run in their own process on Linux
+ * The Ctrl+Tab shortcut now displays thumbnail previews of your
+ tabs and cycles through tabs in recently used order. This new
+ default behavior is activated only in new profiles and can be
+ changed in preferences.
+ * Added support for Web Components custom elements and shadow DOM
+ MFSA 2018-26 (bsc#1112852)
+ * CVE-2018-12391 (bmo#1478843) (Android-only)
+ HTTP Live Stream audio data is accessible cross-origin
+ * CVE-2018-12392 (bmo#1492823)
+ Crash with nested event loops
+ * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs)
+ Integer overflow during Unicode conversion while loading JavaScript
+ * CVE-2018-12395 (bmo#1467523)
+ WebExtension bypass of domain restrictions through header rewriting
+ * CVE-2018-12396 (bmo#1483602)
+ WebExtension content scripts can execute in disallowed contexts
+ * CVE-2018-12397 (bmo#1487478)
+ Missing warning prompt when WebExtension requests local file access
+ * CVE-2018-12398 (bmo#1460538, bmo#1488061)
+ CSP bypass through stylesheet injection in resource URIs
+ * CVE-2018-12399 (bmo#1490276)
+ Spoofing of protocol registration notification bar
+ * CVE-2018-12400 (bmo#1448305) (Android only)
+ Favicons are cached in private browsing mode on Firefox for Android
+ * CVE-2018-12401 (bmo#1422456)
+ DOS attack through special resource URI parsing
+ * CVE-2018-12402 (bmo#1469916)
+ SameSite cookies leak when pages are explicitly saved
+ * CVE-2018-12403 (bmo#1484753)
+ Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
+ * CVE-2018-12388 (bmo#1472639, bmo#1485698, bmo#1301547, bmo#1471427,
+ bmo#1379411, bmo#1482122, bmo#1486314, bmo#1487167)
+ Memory safety bugs fixed in Firefox 63
+ * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
+ bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
+ bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
+ bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
+ Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
+- requires NSPR 4.20, NSS 3.39 and Rust 1.28
+- latest rust does not provide rust-std so stop requiring it
+- requires rust-cbindgen >= 0.6.2 to build
+- requires nodejs >= 8.11 to build
+- added mozilla-bmo1491289.patch to fix system NSS build (bmo#1491289)
+- added mozilla-cubeb-noreturn.patch to fix non-return function
+- added mozilla-newer-cbindgen.patch to fix build with cbindgen 0.6.7
+- disable elfhack for TW and newer due to build errors
+- removed obsolete patches
+ * mozilla-no-return.patch
+ * mozilla-no-stdcxx-check.patch
+
+-------------------------------------------------------------------
+Thu Oct 25 14:39:04 UTC 2018 - guillaume.gardet(a)opensuse.org
+
+- Update _constraints for armv6/7
+
+-------------------------------------------------------------------
+Thu Oct 25 08:50:24 UTC 2018 - guillaume.gardet(a)opensuse.org
+
+- Add patch to fix build on armv7:
+ * mozilla-bmo1463035.patch
+
+-------------------------------------------------------------------
Old:
----
firefox-62.0.3.source.tar.xz
firefox-62.0.3.source.tar.xz.asc
l10n-62.0.3.tar.xz
mozilla-no-return.patch
mozilla-no-stdcxx-check.patch
New:
----
firefox-63.0.3.source.tar.xz
firefox-63.0.3.source.tar.xz.asc
l10n-63.0.3.tar.xz
mozilla-bmo1463035.patch
mozilla-bmo1491289.patch
mozilla-cubeb-noreturn.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MozillaFirefox.spec ++++++
--- /var/tmp/diff_new_pack.nL9wlQ/_old 2018-11-28 11:11:56.907020931 +0100
+++ /var/tmp/diff_new_pack.nL9wlQ/_new 2018-11-28 11:11:56.907020931 +0100
@@ -13,18 +13,18 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# changed with every update
-%define major 62
+%define major 63
%define mainver %major.0.3
-%define orig_version 62.0.3
+%define orig_version 63.0.3
%define orig_suffix %{nil}
%define update_channel release
%define branding 1
-%define releasedate 20181002000000
+%define releasedate 20181114214635
%define source_prefix firefox-%{orig_version}
# PIE, full relro (x86_64 for now)
@@ -66,7 +66,7 @@
%else
BuildRequires: gcc-c++
%endif
-BuildRequires: cargo
+BuildRequires: cargo >= 1.28
BuildRequires: libXcomposite-devel
BuildRequires: libcurl-devel
BuildRequires: libidl-devel
@@ -74,13 +74,14 @@
BuildRequires: libnotify-devel
BuildRequires: libproxy-devel
BuildRequires: makeinfo
-BuildRequires: mozilla-nspr-devel >= 4.19
-BuildRequires: mozilla-nss-devel >= 3.38
+BuildRequires: mozilla-nspr-devel >= 4.20
+BuildRequires: mozilla-nss-devel >= 3.39
+BuildRequires: nodejs8 >= 8.11
BuildRequires: python-devel
BuildRequires: python2-xml
BuildRequires: python3 >= 3.5
-BuildRequires: rust >= 1.24
-BuildRequires: rust-std
+BuildRequires: rust >= 1.28
+BuildRequires: rust-cbindgen >= 0.6.2
BuildRequires: startup-notification-devel
BuildRequires: unzip
BuildRequires: update-desktop-files
@@ -155,11 +156,12 @@
Patch2: mozilla-kde.patch
Patch3: mozilla-ntlm-full-path.patch
Patch4: mozilla-openaes-decl.patch
-Patch5: mozilla-no-stdcxx-check.patch
Patch6: mozilla-reduce-files-per-UnifiedBindings.patch
Patch7: mozilla-aarch64-startup-crash.patch
Patch8: mozilla-bmo256180.patch
-Patch9: mozilla-no-return.patch
+Patch9: mozilla-bmo1463035.patch
+Patch10: mozilla-bmo1491289.patch
+Patch11: mozilla-cubeb-noreturn.patch
# Firefox/browser
Patch101: firefox-kde.patch
Patch102: firefox-branded-icons.patch
@@ -263,13 +265,14 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
-%patch5 -p1
%ifarch %ix86
%patch6 -p1
%endif
%patch7 -p1
%patch8 -p1
%patch9 -p1
+%patch10 -p1
+%patch11 -p1
# Firefox
%patch101 -p1
%patch102 -p1
@@ -303,9 +306,6 @@
%if 0%{?suse_version} > 1320
export CFLAGS="$CFLAGS -fno-delete-null-pointer-checks"
%endif
-%ifarch %arm
-export CFLAGS="${CFLAGS/-g / }"
-%endif
%ifarch %arm %ix86
# Limit RAM usage during link
export LDFLAGS="${LDFLAGS} -Wl,--no-keep-memory -Wl,--reduce-memory-overheads"
@@ -319,9 +319,6 @@
export CFLAGS="$CFLAGS -mminimal-toc"
%endif
export CXXFLAGS="$CFLAGS"
-%ifarch %{arm}
-export RUSTFLAGS="-Cdebuginfo=0"
-%endif
export MOZCONFIG=$RPM_BUILD_DIR/mozconfig
%limit_build -m 1500
cat << EOF > $MOZCONFIG
@@ -345,16 +342,11 @@
%if 0%{?suse_version} > 1320
ac_add_options --enable-optimize="-g -O2"
%endif
-%ifarch %arm
-%if 0%{?suse_version} > 1230
-ac_add_options --disable-optimize
-%endif
-%endif
# bmo#1441155 - Disable the generation of Rust debug symbols on Linux32
-%ifarch %ix86
+%ifarch %ix86 %arm
ac_add_options --disable-debug-symbols
%endif
-%ifarch %arm
+%if 0%{?suse_version} > 1549
ac_add_options --disable-elf-hack
%endif
ac_add_options --with-system-nspr
++++++ _constraints ++++++
--- /var/tmp/diff_new_pack.nL9wlQ/_old 2018-11-28 11:11:56.979020830 +0100
+++ /var/tmp/diff_new_pack.nL9wlQ/_new 2018-11-28 11:11:56.979020830 +0100
@@ -12,15 +12,6 @@
<conditions>
<arch>armv6l</arch>
<arch>armv7l</arch>
- </conditions>
- <hardware>
- <memory>
- <size unit="M">2600</size>
- </memory>
- </hardware>
- </overwrite>
- <overwrite>
- <conditions>
<arch>aarch64</arch>
</conditions>
<hardware>
++++++ compare-locales.tar.xz ++++++
++++++ create-tar.sh ++++++
--- /var/tmp/diff_new_pack.nL9wlQ/_old 2018-11-28 11:11:57.043020740 +0100
+++ /var/tmp/diff_new_pack.nL9wlQ/_new 2018-11-28 11:11:57.043020740 +0100
@@ -7,8 +7,8 @@
CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="c9ed11ae5c79df3dcb69075e1c9da0317d1ecb1b"
-VERSION="62.0.3"
+RELEASE_TAG="FIREFOX_63.0.3_RELEASE"
+VERSION="63.0.3"
VERSION_SUFFIX=""
LOCALE_FILE="firefox-$VERSION/browser/locales/l10n-changesets.json"
++++++ firefox-62.0.3.source.tar.xz -> firefox-63.0.3.source.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaFirefox/firefox-62.0.3.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19453/firefox-63.0.3.source.tar.xz differ: char 15, line 1
++++++ firefox-kde.patch ++++++
--- /var/tmp/diff_new_pack.nL9wlQ/_old 2018-11-28 11:11:57.079020690 +0100
+++ /var/tmp/diff_new_pack.nL9wlQ/_new 2018-11-28 11:11:57.079020690 +0100
@@ -1,11 +1,11 @@
# HG changeset patch
-# Parent 0629fb9c6879e14c1b5e3cbff53b0d44371f0127
+# Parent fdf78810e83396d10418791fbe32bed6bfe1558b
diff --git a/browser/base/content/browser-kde.xul b/browser/base/content/browser-kde.xul
new file mode 100644
--- /dev/null
+++ b/browser/base/content/browser-kde.xul
-@@ -0,0 +1,1291 @@
+@@ -0,0 +1,1317 @@
+#filter substitution
+<?xml version="1.0"?>
+# -*- Mode: HTML -*-
@@ -14,18 +14,23 @@
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
++<!-- The "global.css" stylesheet is imported first to allow other stylesheets to
++ override rules using selectors with the same specificity. This applies to
++ both "content" and "skin" packages, which bug 1385444 will unify later. -->
++<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
++
+<?xml-stylesheet href="chrome://browser/content/browser.css" type="text/css"?>
-+<?xml-stylesheet href="chrome://browser/content/downloads/downloads.css"?>
++<?xml-stylesheet href="chrome://browser/content/tabbrowser.css" type="text/css"?>
++<?xml-stylesheet href="chrome://browser/content/downloads/downloads.css" type="text/css"?>
+<?xml-stylesheet href="chrome://browser/content/places/places.css" type="text/css"?>
+<?xml-stylesheet href="chrome://browser/content/usercontext/usercontext.css" type="text/css"?>
++<?xml-stylesheet href="chrome://browser/skin/" type="text/css"?>
+<?xml-stylesheet href="chrome://browser/skin/controlcenter/panel.css" type="text/css"?>
+<?xml-stylesheet href="chrome://browser/skin/customizableui/panelUI.css" type="text/css"?>
-+<?xml-stylesheet href="chrome://browser/skin/downloads/downloads.css"?>
-+<?xml-stylesheet href="chrome://browser/skin/searchbar.css"?>
-+<?xml-stylesheet href="chrome://browser/skin/places/places.css"?>
-+<?xml-stylesheet href="chrome://browser/skin/places/editBookmark.css"?>
-+<?xml-stylesheet href="chrome://browser/skin/" type="text/css"?>
-+<?xml-stylesheet href="chrome://browser/content/tabbrowser.css" type="text/css"?>
++<?xml-stylesheet href="chrome://browser/skin/downloads/downloads.css" type="text/css"?>
++<?xml-stylesheet href="chrome://browser/skin/searchbar.css" type="text/css"?>
++<?xml-stylesheet href="chrome://browser/skin/places/tree-icons.css" type="text/css"?>
++<?xml-stylesheet href="chrome://browser/skin/places/editBookmark.css" type="text/css"?>
+<?xml-stylesheet href="chrome://browser/skin/compacttheme.css" type="text/css" alternate="yes" title="Light/Dark"?>
+
+# All DTD information is stored in a separate file so that it can be shared by
@@ -40,7 +45,6 @@
+ xmlns:html="http://www.w3.org/1999/xhtml"
+ xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+ xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-+ onload="gBrowserInit.onLoad()" onunload="gBrowserInit.onUnload()" onclose="return WindowIsClosing();"
+ title="&mainWindow.title;"
+ title_normal="&mainWindow.title;"
+#ifdef XP_MACOSX
@@ -75,31 +79,36 @@
+# that they can be shared with macWindow.inc.xul.
+#include global-scripts.inc
+
-+<script type="application/javascript">
++<script type="application/javascript"
++#ifdef BROWSER_XHTML
++xmlns="http://www.w3.org/1999/xhtml"
++#endif
++>
+ Services.scriptloader.loadSubScript("chrome://global/content/contentAreaUtils.js", this);
+ Services.scriptloader.loadSubScript("chrome://browser/content/tabbrowser.js", this);
+
-+ ChromeUtils.defineModuleGetter(window,
-+ "PlacesUtils", "resource://gre/modules/PlacesUtils.jsm");
-+ ChromeUtils.defineModuleGetter(window,
-+ "PlacesUIUtils", "resource:///modules/PlacesUIUtils.jsm");
-+ ChromeUtils.defineModuleGetter(window,
-+ "PlacesTransactions", "resource://gre/modules/PlacesTransactions.jsm");
-+
-+ ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
-+ XPCOMUtils.defineLazyScriptGetter(window, "PlacesTreeView",
-+ "chrome://browser/content/places/treeView.js");
-+ XPCOMUtils.defineLazyScriptGetter(window,
-+ ["PlacesInsertionPoint", "PlacesController", "PlacesControllerDragHelper"],
-+ "chrome://browser/content/places/controller.js");
++ window.onload = gBrowserInit.onLoad.bind(gBrowserInit);
++ window.onunload = gBrowserInit.onUnload.bind(gBrowserInit);
++ window.onclose = WindowIsClosing;
++#ifdef BROWSER_XHTML
++ window.addEventListener("DOMContentLoaded",
++ gBrowserInit.onBeforeInitialXULLayout.bind(gBrowserInit), { once: true });
++#else
++ window.addEventListener("MozBeforeInitialXULLayout",
++ gBrowserInit.onBeforeInitialXULLayout.bind(gBrowserInit), { once: true });
++#endif
++ // The listener of DOMContentLoaded must be set on window, rather than
++ // document, because the window can go away before the event is fired.
++ // In that case, we don't want to initialize anything, otherwise we
++ // may be leaking things because they will never be destroyed after.
++ window.addEventListener("DOMContentLoaded",
++ gBrowserInit.onDOMContentLoaded.bind(gBrowserInit), { once: true });
+</script>
+
-+# All sets except for popupsets (commands, keys, stringbundles and broadcasters)
++# All sets except for popupsets (commands, keys, and stringbundles)
+# *must* go into the browser-sets.inc file so that they can be shared with other
+# top level windows in macWindow.inc.xul.
-+#define FULL_BROWSER_WINDOW
+#include browser-sets.inc
-+#undef FULL_BROWSER_WINDOW
+
+ <popupset id="mainPopupSet">
+ <menupopup id="tabContextMenu"
@@ -107,6 +116,9 @@
+ onpopuphidden="if (event.target == this) TabContextMenu.contextTab = null;">
+ <menuitem id="context_reloadTab" label="&reloadTab.label;" accesskey="&reloadTab.accesskey;"
+ oncommand="gBrowser.reloadTab(TabContextMenu.contextTab);"/>
++ <menuitem id="context_reloadSelectedTabs" label="&reloadSelectedTabs.label;" hidden="true"
++ accesskey="&reloadSelectedTabs.accesskey;"
++ oncommand="gBrowser.reloadMultiSelectedTabs();"/>
+ <menuitem id="context_toggleMuteTab" oncommand="TabContextMenu.contextTab.toggleMuteAudio();"/>
+ <menuitem id="context_toggleMuteSelectedTabs" hidden="true"
+ oncommand="gBrowser.toggleMuteAudioOnMultiSelectedTabs(TabContextMenu.contextTab);"/>
@@ -117,6 +129,12 @@
+ <menuitem id="context_unpinTab" label="&unpinTab.label;" hidden="true"
+ accesskey="&unpinTab.accesskey;"
+ oncommand="gBrowser.unpinTab(TabContextMenu.contextTab);"/>
++ <menuitem id="context_pinSelectedTabs" label="&pinSelectedTabs.label;" hidden="true"
++ accesskey="&pinSelectedTabs.accesskey;"
++ oncommand="gBrowser.pinMultiSelectedTabs();"/>
++ <menuitem id="context_unpinSelectedTabs" label="&unpinSelectedTabs.label;" hidden="true"
++ accesskey="&unpinSelectedTabs.accesskey;"
++ oncommand="gBrowser.unpinMultiSelectedTabs();"/>
+ <menuitem id="context_duplicateTab" label="&duplicateTab.label;"
+ accesskey="&duplicateTab.accesskey;"
+ oncommand="duplicateTabIn(TabContextMenu.contextTab, 'tab');"/>
@@ -124,13 +142,13 @@
+ label="&reopenInContainer.label;"
+ accesskey="&reopenInContainer.accesskey;"
+ hidden="true">
-+ <menupopup oncommand="reopenInContainer(event);"
-+ onpopupshowing="return createReopenInContainerMenu(event);" />
++ <menupopup oncommand="TabContextMenu.reopenInContainer(event);"
++ onpopupshowing="TabContextMenu.createReopenInContainerMenu(event);"/>
+ </menu>
+ <menuitem id="context_openTabInWindow" label="&moveToNewWindow.label;"
+ accesskey="&moveToNewWindow.accesskey;"
+ tbattr="tabbrowser-multiple"
-+ oncommand="gBrowser.replaceTabWithWindow(TabContextMenu.contextTab);"/>
++ oncommand="gBrowser.replaceTabsWithWindow(TabContextMenu.contextTab);"/>
+ <menuseparator id="context_sendTabToDevice_separator" class="sync-ui-item"/>
+ <menu id="context_sendTabToDevice" label="&sendTabToDevice.label;"
+ class="sync-ui-item"
@@ -142,6 +160,11 @@
+ <menuitem id="context_reloadAllTabs" label="&reloadAllTabs.label;" accesskey="&reloadAllTabs.accesskey;"
+ tbattr="tabbrowser-multiple-visible"
+ oncommand="gBrowser.reloadAllTabs();"/>
++ <menuitem id="context_bookmarkSelectedTabs"
++ hidden="true"
++ label="&bookmarkSelectedTabs.label;"
++ accesskey="&bookmarkSelectedTabs.accesskey;"
++ oncommand="PlacesCommandHook.bookmarkPages(PlacesCommandHook.uniqueSelectedPages);"/>
+ <menuitem id="context_bookmarkAllTabs"
+ label="&bookmarkAllTabs.label;"
+ accesskey="&bookmarkAllTabs.accesskey;"
@@ -237,7 +260,6 @@
+ ignorekeys="true"
+ hidden="true"
+ tabspecific="true"
-+ onpopupshown="StarUI.panelShown(event);"
+ aria-labelledby="editBookmarkPanelTitle">
+ <box class="panel-header">
+ <label id="editBookmarkPanelTitle"/>
@@ -247,8 +269,15 @@
+ </html:div>
+ <box id="editBookmarkPanelImage"/>
+#include ../../components/places/content/editBookmarkPanel.inc.xul
++ <vbox id="editBookmarkPanelBottomContent"
++ flex="1">
++ <checkbox id="editBookmarkPanel_showForNewBookmarks"
++ label="&editBookmark.showForNewBookmarks.label;"
++ accesskey="&editBookmark.showForNewBookmarks.accesskey;"
++ oncommand="StarUI.onShowForNewBookmarksCheckboxCommand();"/>
++ </vbox>
+ <hbox id="editBookmarkPanelBottomButtons"
-+ style="min-width: 30em;">
++ style="min-width: &editBookmark.panel.width;;">
+#ifdef XP_UNIX
+ <button id="editBookmarkPanelDoneButton"
+ class="editBookmarkPanelBottomButton"
@@ -316,27 +345,22 @@
+ orient="vertical"
+ position="bottomcenter topleft">
+ <toolbarbutton id="sidebar-switcher-bookmarks"
++ type="checkbox"
++ label="&bookmarksButton.label;"
+ class="subviewbutton subviewbutton-iconic"
+ key="viewBookmarksSidebarKb"
-+ observes="viewBookmarksSidebar"
-+ oncommand="SidebarUI.show('viewBookmarksSidebar');">
-+ <observes element="viewBookmarksSidebar" attribute="checked"/>
-+ </toolbarbutton>
++ oncommand="SidebarUI.show('viewBookmarksSidebar');"/>
+ <toolbarbutton id="sidebar-switcher-history"
++ type="checkbox"
+ label="&historyButton.label;"
+ class="subviewbutton subviewbutton-iconic"
+ key="key_gotoHistory"
-+ observes="viewHistorySidebar"
-+ oncommand="SidebarUI.show('viewHistorySidebar');">
-+ <observes element="viewHistorySidebar" attribute="checked"/>
-+ </toolbarbutton>
++ oncommand="SidebarUI.show('viewHistorySidebar');"/>
+ <toolbarbutton id="sidebar-switcher-tabs"
++ type="checkbox"
+ label="&syncedTabs.sidebar.label;"
+ class="subviewbutton subviewbutton-iconic sync-ui-item"
-+ observes="viewTabsSidebar"
-+ oncommand="SidebarUI.show('viewTabsSidebar');">
-+ <observes element="viewTabsSidebar" attribute="checked"/>
-+ </toolbarbutton>
++ oncommand="SidebarUI.show('viewTabsSidebar');"/>
+ <toolbarseparator/>
+ <!-- Extension toolbarbuttons go here. -->
+ <toolbarseparator id="sidebar-extensions-separator"/>
@@ -409,10 +433,22 @@
+ <menupopup id="blockedPopupOptions"
+ onpopupshowing="gPopupBlockerObserver.fillPopupList(event);"
+ onpopuphiding="gPopupBlockerObserver.onPopupHiding(event);">
-+ <menuitem observes="blockedPopupAllowSite"/>
-+ <menuitem observes="blockedPopupEditSettings"/>
-+ <menuitem observes="blockedPopupDontShowMessage"/>
-+ <menuseparator observes="blockedPopupsSeparator"/>
++ <menuitem id="blockedPopupAllowSite"
++ accesskey="&allowPopups.accesskey;"
++ oncommand="gPopupBlockerObserver.toggleAllowPopupsForSite(event);"/>
++ <menuitem
++#ifdef XP_WIN
++ label="&editPopupSettings.label;"
++#else
++ label="&editPopupSettingsUnix.label;"
++#endif
++ accesskey="&editPopupSettings.accesskey;"
++ oncommand="gPopupBlockerObserver.editPopupSettings();"/>
++ <menuitem id="blockedPopupDontShowMessage"
++ accesskey="&dontShowMessage.accesskey;"
++ type="checkbox"
++ oncommand="gPopupBlockerObserver.dontShowMessage();"/>
++ <menuseparator id="blockedPopupsSeparator"/>
+ </menupopup>
+
+ <menupopup id="autohide-context"
@@ -462,7 +498,8 @@
+ emailLink-title="&emailPageCmd.label;"
+ sendToDevice-title="&pageAction.sendTabToDevice.label;"
+ sendToDevice-notReadyTitle="&sendToDevice.syncNotReady.label;"
-+ shareURL-title="&pageAction.shareUrl.label;">
++ shareURL-title="&pageAction.shareUrl.label;"
++ shareMore-label="&pageAction.shareMore.label;">
+ <panelmultiview id="pageActionPanelMultiView"
+ mainViewId="pageActionPanelMainView"
+ viewCacheId="appMenu-viewCache">
@@ -605,6 +642,16 @@
+ accesskey="&syncSyncNowItem.accesskey;"
+ id="syncedTabsRefreshFilter"/>
+ </menupopup>
++
++ <hbox id="statuspanel" inactive="true" layer="true">
++ <hbox id="statuspanel-inner">
++ <label id="statuspanel-label"
++ role="status"
++ aria-live="off"
++ flex="1"
++ crop="end"/>
++ </hbox>
++ </hbox>
+ </popupset>
+ <box id="appMenu-viewCache" hidden="true"/>
+
@@ -633,7 +680,7 @@
+ <toolbox id="navigator-toolbox">
+ <!-- Menu -->
+ <toolbar type="menubar" id="toolbar-menubar"
-+ class="chromeclass-menubar titlebar-color"
++ class="browser-toolbar chromeclass-menubar titlebar-color"
+ customizable="true"
+ mode="icons"
+#ifdef MENUBAR_CAN_AUTOHIDE
@@ -655,7 +702,7 @@
+ </toolbar>
+
+ <toolbar id="TabsToolbar"
-+ class="titlebar-color"
++ class="browser-toolbar titlebar-color"
+ fullscreentoolbar="true"
+ customizable="true"
+ mode="icons"
@@ -714,6 +761,7 @@
+ </toolbar>
+
+ <toolbar id="nav-bar"
++ class="browser-toolbar"
+ aria-label="&navbarCmd.label;"
+ fullscreentoolbar="true" mode="icons" customizable="true"
+ customizationtarget="nav-bar-customization-target"
@@ -771,7 +819,7 @@
+ key="goHome"
+ onclick="BrowserGoHome(event);"
+ cui-areatype="toolbar"
-+ aboutHomeOverrideTooltip="&homeButton.defaultPage.tooltip;"/>
++ tooltiptext="&homeButton.defaultPage.tooltip;"/>
+ <toolbarspring cui-areatype="toolbar" class="chromeclass-toolbar-additional"/>
+ <toolbaritem id="urlbar-container" flex="400" persist="width"
+ removable="false"
@@ -785,7 +833,6 @@
+ autocompletesearchparam="enable-actions"
+ autocompletepopup="PopupAutoCompleteRichResult"
+ completeselectedindex="true"
-+ shrinkdelay="250"
+ tabscrolling="true"
+ newlines="stripsurroundingwhitespace"
+ ontextentered="this.handleCommand(param);"
@@ -803,7 +850,12 @@
+ consumeanchor="identity-box"
+ onclick="PageProxyClickHandler(event);"/>
+ <image id="sharing-icon" mousethrough="always"/>
-+ <image id="tracking-protection-icon"/>
++ <box id="tracking-protection-icon-box" animationsenabled="true">
++ <image id="tracking-protection-icon"/>
++ <box id="tracking-protection-icon-animatable-box" flex="1">
++ <image id="tracking-protection-icon-animatable-image" flex="1"/>
++ </box>
++ </box>
+ <box id="blocked-permissions-container" align="center">
+ <image data-permission-id="geo" class="blocked-permission-icon geo-icon" role="button"
+ tooltiptext="&urlbar.geolocationBlocked.tooltip;"/>
@@ -889,6 +941,14 @@
+ <label id="extension" class="urlbar-display urlbar-display-extension" value="&urlbar.extension.label;"/>
+ </box>
+ <hbox id="page-action-buttons" context="pageActionContextMenu">
++ <hbox id="contextual-feature-recommendation" role="button" hidden="true">
++ <hbox id="cfr-label-container">
++ <label id="cfr-label"/>
++ </hbox>
++ <image id="cfr-button"
++ class="urlbar-icon urlbar-page-action"
++ role="presentation"/>
++ </hbox>
+ <hbox id="userContext-icons" hidden="true">
+ <label id="userContext-label"/>
+ <image id="userContext-indicator"/>
@@ -915,12 +975,10 @@
+ onclick="BrowserPageActions.doCommandForAction(PageActions.actionForID('bookmark'), event, this);">
+ <image id="star-button"
+ class="urlbar-icon"
-+ role="button"
-+ observes="bookmarkThisPageBroadcaster"/>
++ role="button"/>
+ <hbox id="star-button-animatable-box">
+ <image id="star-button-animatable-image"
-+ role="presentation"
-+ observes="bookmarkThisPageBroadcaster"/>
++ role="presentation"/>
+ </hbox>
+ </hbox>
+ </hbox>
@@ -1010,7 +1068,7 @@
+
+ <toolbar id="PersonalToolbar"
+ mode="icons"
-+ class="chromeclass-directories"
++ class="browser-toolbar chromeclass-directories"
+ context="toolbar-context-menu"
+ toolbarname="&personalbarCmd.label;" accesskey="&personalbarCmd.accesskey;"
+ collapsed="true"
@@ -1101,13 +1159,12 @@
+ ondragleave="PlacesMenuDNDHandler.onDragLeave(event);"
+ ondrop="PlacesMenuDNDHandler.onDrop(event);"
+ oncommand="BookmarkingUI.onCommand(event);">
-+ <observes element="bookmarkThisPageBroadcaster" attribute="starred"/>
-+ <observes element="bookmarkThisPageBroadcaster" attribute="buttontooltiptext"/>
+ <menupopup id="BMB_bookmarksPopup"
+ class="cui-widget-panel cui-widget-panelview cui-widget-panelWithFooter PanelUI-subView"
+ placespopup="true"
+ context="placesContext"
+ openInTabs="children"
++ side="top"
+ onmouseup="BookmarksEventHandler.onMouseUp(event);"
+ oncommand="BookmarksEventHandler.onCommand(event);"
+ onclick="BookmarksEventHandler.onClick(event, this.parentNode._placesView);"
@@ -1202,7 +1259,7 @@
+ <sidebarheader id="sidebar-header" align="center">
+ <toolbarbutton id="sidebar-switcher-target" flex="1" class="tabbable">
+ <image id="sidebar-icon" consumeanchor="sidebar-switcher-target"/>
-+ <label id="sidebar-title" persist="value" crop="end" flex="1" control="sidebar"/>
++ <label id="sidebar-title" crop="end" flex="1" control="sidebar"/>
+ <image id="sidebar-switcher-arrow"/>
+ </toolbarbutton>
+ <image id="sidebar-throbber"/>
@@ -1221,40 +1278,9 @@
+ <vbox id="appcontent" flex="1">
+ <notificationbox id="high-priority-global-notificationbox" notificationside="top"/>
+ <tabbox id="tabbrowser-tabbox"
-+ flex="1" eventnode="document" tabcontainer="tabbrowser-tabs">
++ flex="1" tabcontainer="tabbrowser-tabs">
+ <tabpanels id="tabbrowser-tabpanels"
-+ flex="1" class="plain" selectedIndex="0"
-+ onselect="if (event.target == this) gBrowser.updateCurrentBrowser();">
-+ <notificationbox flex="1" notificationside="top">
-+ <!-- Set large flex to allow the devtools toolbox to set a flex attribute.
-+ We don't want the toolbox to actually take up free space, but we do want it to collapse when the window shrinks, and with flex=0 it can't.
-+ When the toolbox is on the bottom it's a sibling of browserSidebarContainer,
-+ and when it's on the side it's a sibling of browserContainer. -->
-+ <hbox flex="10000" class="browserSidebarContainer">
-+ <vbox flex="10000" class="browserContainer">
-+ <stack flex="1" class="browserStack">
-+ <browser id="tabbrowser-initialBrowser" type="content"
-+ message="true" messagemanagergroup="browsers"
-+ primary="true" blank="true"
-+ tooltip="aHTMLTooltip"
-+ contextmenu="contentAreaContextMenu"
-+ autocompletepopup="PopupAutoComplete"
-+ selectmenulist="ContentSelectDropdown"
-+ datetimepicker="DateTimePickerPanel"/>
-+ </stack>
-+ <hbox id="statuspanel" inactive="true" layer="true">
-+ <hbox id="statuspanel-inner">
-+ <label id="statuspanel-label"
-+ role="status"
-+ aria-live="off"
-+ flex="1"
-+ crop="end"/>
-+ </hbox>
-+ </hbox>
-+ </vbox>
-+ </hbox>
-+ </notificationbox>
-+ </tabpanels>
++ flex="1" class="plain" selectedIndex="0"/>
+ </tabbox>
+ </vbox>
+ <vbox id="browser-border-end" hidden="true" layer="true"/>
@@ -1300,14 +1326,14 @@
diff --git a/browser/base/jar.mn b/browser/base/jar.mn
--- a/browser/base/jar.mn
+++ b/browser/base/jar.mn
-@@ -24,16 +24,18 @@ browser.jar:
- content/browser/aboutRobots-icon.png (content/aboutRobots-icon.png)
- content/browser/aboutRobots-widget-left.png (content/aboutRobots-widget-left.png)
- content/browser/aboutTabCrashed.css (content/aboutTabCrashed.css)
+@@ -28,16 +28,18 @@ browser.jar:
content/browser/aboutTabCrashed.js (content/aboutTabCrashed.js)
content/browser/aboutTabCrashed.xhtml (content/aboutTabCrashed.xhtml)
* content/browser/browser.css (content/browser.css)
content/browser/browser.js (content/browser.js)
+ #ifdef MOZ_BROWSER_XHTML
+ * content/browser/browser.xhtml (content/browser.xhtml)
+ #endif
* content/browser/browser.xul (content/browser.xul)
+* content/browser/browser-kde.xul (content/browser-kde.xul)
+% override chrome://browser/content/browser.xul chrome://browser/content/browser-kde.xul desktop=kde
@@ -1318,7 +1344,7 @@
content/browser/browser-customization.js (content/browser-customization.js)
content/browser/browser-data-submission-info-bar.js (content/browser-data-submission-info-bar.js)
content/browser/browser-compacttheme.js (content/browser-compacttheme.js)
- #ifndef MOZILLA_OFFICIAL
+ content/browser/browser-contentblocking.js (content/browser-contentblocking.js)
diff --git a/browser/components/build/nsModule.cpp b/browser/components/build/nsModule.cpp
--- a/browser/components/build/nsModule.cpp
+++ b/browser/components/build/nsModule.cpp
@@ -1335,13 +1361,13 @@
+#include "nsUnixShellService.h"
#endif
- #if defined(XP_WIN)
- #include "nsIEHistoryEnumerator.h"
+ #if defined(MOZ_WIDGET_COCOA)
+ #include "nsMacAttribution.h"
#endif
- #include "nsFeedSniffer.h"
- #include "AboutRedirector.h"
-@@ -30,18 +30,16 @@ using namespace mozilla::browser;
+ #if defined(XP_WIN)
+ #include "nsIEHistoryEnumerator.h"
+@@ -34,18 +34,16 @@ using namespace mozilla::browser;
/////////////////////////////////////////////////////////////////////////////
@@ -1354,14 +1380,14 @@
-NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsGNOMEShellService, Init)
#endif
- #if defined(XP_WIN)
- NS_GENERIC_FACTORY_CONSTRUCTOR(nsIEHistoryEnumerator)
+ #if defined(MOZ_WIDGET_COCOA)
+ NS_GENERIC_FACTORY_CONSTRUCTOR(nsMacAttributionService)
#endif
- NS_GENERIC_FACTORY_CONSTRUCTOR(nsFeedSniffer)
-
-@@ -59,17 +57,17 @@ NS_DEFINE_NAMED_CID(NS_WINIEHISTORYENUME
- NS_DEFINE_NAMED_CID(NS_SHELLSERVICE_CID);
+ #if defined(XP_WIN)
+ NS_GENERIC_FACTORY_CONSTRUCTOR(nsIEHistoryEnumerator)
+@@ -70,17 +68,17 @@ NS_DEFINE_NAMED_CID(NS_SHELLSERVICE_CID)
+ NS_DEFINE_NAMED_CID(NS_MACATTRIBUTIONSERVICE_CID);
#endif
static const mozilla::Module::CIDEntry kBrowserCIDs[] = {
@@ -1382,7 +1408,7 @@
diff --git a/browser/components/preferences/in-content/main.js b/browser/components/preferences/in-content/main.js
--- a/browser/components/preferences/in-content/main.js
+++ b/browser/components/preferences/in-content/main.js
-@@ -321,16 +321,23 @@ var gMainPane = {
+@@ -327,16 +327,23 @@ var gMainPane = {
this._backoffIndex++ : backoffTimes.length - 1]);
};
@@ -1406,7 +1432,7 @@
performanceSettingsLink.setAttribute("href", performanceSettingsUrl);
this.updateDefaultPerformanceSettingsPref();
-@@ -861,16 +868,27 @@ var gMainPane = {
+@@ -962,16 +969,27 @@ var gMainPane = {
// Reset exponential backoff delay time in order to do visual update in pollForDefaultBrowser.
this._backoffIndex = 0;
@@ -1750,7 +1776,7 @@
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
-@@ -455,16 +455,18 @@
+@@ -462,16 +462,18 @@
@RESPATH@/browser/defaults/settings/pinning
@RESPATH@/browser/defaults/settings/main
++++++ l10n-62.0.3.tar.xz -> l10n-63.0.3.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaFirefox/l10n-62.0.3.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.19453/l10n-63.0.3.tar.xz differ: char 8, line 1
++++++ mozilla-bmo1463035.patch ++++++
# HG changeset patch
# User Mike Hommey <mh+mozilla(a)glandium.org>
# Date 1526871862 -32400
# Node ID 94f21505ff13cd089f7129cd24927cf8b31a0f43
# Parent 1800b8895c08bc0c60302775dc0a4b5ea4deb310
Bug 1463035 - Remove MOZ_SIGNAL_TRAMPOLINE. r?darchons
For some reason, GNU as is not happy with the assembly generated after
bug 1238661 anymore on Debian armel.
OTOH, as mentioned in bug 1238661 comment 4, we actually don't need this
workaround anymore, so let's just kill it.
diff --git a/mfbt/LinuxSignal.h b/mfbt/LinuxSignal.h
deleted file mode 100644
--- a/mfbt/LinuxSignal.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef mozilla_LinuxSignal_h
-#define mozilla_LinuxSignal_h
-
-namespace mozilla {
-
-#if defined(__arm__)
-
-// Some (old) Linux kernels on ARM have a bug where a signal handler
-// can be called without clearing the IT bits in CPSR first. The result
-// is that the first few instructions of the handler could be skipped,
-// ultimately resulting in crashes. To workaround this bug, the handler
-// on ARM is a trampoline that starts with enough NOP instructions, so
-// that even if the IT bits are not cleared, only the NOP instructions
-// will be skipped over.
-
-template <void (*H)(int, siginfo_t*, void*)>
-__attribute__((naked)) void
-SignalTrampoline(int aSignal, siginfo_t* aInfo, void* aContext)
-{
- asm volatile (
- "nop; nop; nop; nop"
- : : : "memory");
-
- asm volatile (
- "b %0"
- :
- : "X"(H)
- : "memory");
-}
-
-# define MOZ_SIGNAL_TRAMPOLINE(h) (mozilla::SignalTrampoline<h>)
-
-#else // __arm__
-
-# define MOZ_SIGNAL_TRAMPOLINE(h) (h)
-
-#endif // __arm__
-
-} // namespace mozilla
-
-#endif // mozilla_LinuxSignal_h
diff --git a/mfbt/moz.build b/mfbt/moz.build
--- a/mfbt/moz.build
+++ b/mfbt/moz.build
@@ -117,20 +117,16 @@ EXPORTS["double-conversion"] = [
LOCAL_INCLUDES += [
'/mfbt/double-conversion',
]
if CONFIG['OS_ARCH'] == 'WINNT':
EXPORTS.mozilla += [
'WindowsVersion.h',
]
-elif CONFIG['OS_ARCH'] == 'Linux':
- EXPORTS.mozilla += [
- 'LinuxSignal.h',
- ]
UNIFIED_SOURCES += [
'Assertions.cpp',
'ChaosMode.cpp',
'double-conversion/double-conversion/bignum-dtoa.cc',
'double-conversion/double-conversion/bignum.cc',
'double-conversion/double-conversion/cached-powers.cc',
'double-conversion/double-conversion/diy-fp.cc',
diff --git a/tools/profiler/core/platform-linux-android.cpp b/tools/profiler/core/platform-linux-android.cpp
--- a/tools/profiler/core/platform-linux-android.cpp
+++ b/tools/profiler/core/platform-linux-android.cpp
@@ -55,17 +55,16 @@
#ifdef __GLIBC__
#include <execinfo.h> // backtrace, backtrace_symbols
#endif // def __GLIBC__
#include <strings.h> // index
#include <errno.h>
#include <stdarg.h>
#include "prenv.h"
-#include "mozilla/LinuxSignal.h"
#include "mozilla/PodOperations.h"
#include "mozilla/DebugOnly.h"
#include <string.h>
#include <list>
using namespace mozilla;
@@ -272,17 +271,17 @@ Sampler::Sampler(PSLockRef aLock)
// NOTE: We don't initialize LUL here, instead initializing it in
// SamplerThread's constructor. This is because with the
// profiler_suspend_and_sample_thread entry point, we want to be able to
// sample without waiting for LUL to be initialized.
// Request profiling signals.
struct sigaction sa;
- sa.sa_sigaction = MOZ_SIGNAL_TRAMPOLINE(SigprofHandler);
+ sa.sa_sigaction = SigprofHandler;
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART | SA_SIGINFO;
if (sigaction(SIGPROF, &sa, &mOldSigprofHandler) != 0) {
MOZ_CRASH("Error installing SIGPROF handler in the profiler");
}
}
void
++++++ mozilla-bmo1491289.patch ++++++
++++ 24896 lines (skipped)
++++++ mozilla-cubeb-noreturn.patch ++++++
# HG changeset patch
# User Wolfgang Rosenauer <wr(a)rosenauer.org>
# Parent a9d61a2614b01b1e0ca37d00a6b11b2571868f86
diff --git a/media/libcubeb/src/cubeb_utils.cpp b/media/libcubeb/src/cubeb_utils.cpp
--- a/media/libcubeb/src/cubeb_utils.cpp
+++ b/media/libcubeb/src/cubeb_utils.cpp
@@ -15,9 +15,10 @@ size_t cubeb_sample_size(cubeb_sample_fo
return sizeof(int16_t);
case CUBEB_SAMPLE_FLOAT32LE:
case CUBEB_SAMPLE_FLOAT32BE:
return sizeof(float);
default:
// should never happen as all cases are handled above.
assert(false);
}
+ return 0;
}
++++++ mozilla-kde.patch ++++++
--- /var/tmp/diff_new_pack.nL9wlQ/_old 2018-11-28 11:11:57.191020532 +0100
+++ /var/tmp/diff_new_pack.nL9wlQ/_new 2018-11-28 11:11:57.191020532 +0100
@@ -1,5 +1,5 @@
# HG changeset patch
-# Parent 989a507ffc5faf9a3bd950c2391a24afa9f463c8
+# Parent 06a62125ffbb15e88dacb486169d8e6a9595bd78
Description: Add KDE integration to Firefox (toolkit parts)
Author: Wolfgang Rosenauer <wolfgang(a)rosenauer.org>
Author: Lubos Lunak <lunak(a)suse.com>
@@ -9,7 +9,7 @@
diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
--- a/modules/libpref/Preferences.cpp
+++ b/modules/libpref/Preferences.cpp
-@@ -77,16 +77,17 @@
+@@ -80,16 +80,17 @@
#include "nsXPCOMCID.h"
#include "nsXPCOM.h"
#include "nsXULAppAPI.h"
@@ -20,14 +20,14 @@
#include "prlink.h"
+#include "nsKDEUtils.h"
+ #ifdef MOZ_MEMORY
+ #include "mozmemory.h"
+ #endif
+
#ifdef XP_WIN
#include "windows.h"
#endif
-
- using namespace mozilla;
-
- #ifdef DEBUG
-@@ -4189,25 +4190,37 @@ Preferences::InitInitialObjects(bool aIs
+@@ -4932,25 +4933,37 @@ Preferences::InitInitialObjects(bool aIs
// application pref files for backwards compatibility.
static const char* specialFiles[] = {
#if defined(XP_MACOSX)
@@ -65,7 +65,7 @@
// Load jar:$app/omni.jar!/defaults/preferences/*.js
// or jar:$gre/omni.jar!/defaults/preferences/*.js.
-@@ -4256,17 +4269,17 @@ Preferences::InitInitialObjects(bool aIs
+@@ -4999,17 +5012,17 @@ Preferences::InitInitialObjects(bool aIs
}
nsCOMPtr<nsIFile> path = do_QueryInterface(elem);
@@ -87,13 +87,13 @@
diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build
--- a/modules/libpref/moz.build
+++ b/modules/libpref/moz.build
-@@ -29,16 +29,20 @@ EXPORTS.mozilla += [
- 'Preferences.h',
+@@ -31,16 +31,20 @@ EXPORTS.mozilla += [
'StaticPrefs.h',
]
UNIFIED_SOURCES += [
'Preferences.cpp',
+ 'SharedPrefMap.cpp',
]
+LOCAL_INCLUDES += [
@@ -167,11 +167,11 @@
+]
+
with Files('**'):
- BUG_COMPONENT = ('Toolkit', 'Download Manager')
+ BUG_COMPONENT = ('Toolkit', 'Downloads API')
diff --git a/toolkit/content/jar.mn b/toolkit/content/jar.mn
--- a/toolkit/content/jar.mn
+++ b/toolkit/content/jar.mn
-@@ -69,16 +69,18 @@ toolkit.jar:
+@@ -70,16 +70,18 @@ toolkit.jar:
content/global/bindings/checkbox.xml (widgets/checkbox.xml)
content/global/bindings/colorpicker.xml (widgets/colorpicker.xml)
content/global/bindings/datekeeper.js (widgets/datekeeper.js)
@@ -182,19 +182,19 @@
* content/global/bindings/dialog.xml (widgets/dialog.xml)
+* content/global/bindings/dialog-kde.xml (widgets/dialog-kde.xml)
+% override chrome://global/content/bindings/dialog.xml chrome://global/content/bindings/dialog-kde.xml desktop=kde
- content/global/bindings/editor.xml (widgets/editor.xml)
* content/global/bindings/findbar.xml (widgets/findbar.xml)
content/global/bindings/general.xml (widgets/general.xml)
content/global/bindings/groupbox.xml (widgets/groupbox.xml)
- content/global/bindings/listbox.xml (widgets/listbox.xml)
content/global/bindings/menu.xml (widgets/menu.xml)
content/global/bindings/menulist.xml (widgets/menulist.xml)
content/global/bindings/notification.xml (widgets/notification.xml)
+ content/global/bindings/numberbox.xml (widgets/numberbox.xml)
+ content/global/bindings/popup.xml (widgets/popup.xml)
diff --git a/toolkit/content/widgets/dialog-kde.xml b/toolkit/content/widgets/dialog-kde.xml
new file mode 100644
--- /dev/null
+++ b/toolkit/content/widgets/dialog-kde.xml
-@@ -0,0 +1,478 @@
+@@ -0,0 +1,475 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -211,9 +211,6 @@
+ xmlns:xbl="http://www.mozilla.org/xbl">
+
+ <binding id="dialog">
-+ <resources>
-+ <stylesheet src="chrome://global/skin/dialog.css"/>
-+ </resources>
+ <content>
+ <xul:vbox class="box-inherit dialog-content-box" flex="1">
+ <children/>
@@ -232,7 +229,7 @@
+ <xul:button dlgtype="accept" class="dialog-button" xbl:inherits="disabled=buttondisabledaccept"/>
+#elif XP_UNIX
+ >
-+ <xul:button dlgtype="help" class="dialog-button" hidden="true"/>
++ <xul:button dlgtype="help" class="dialog-button" hidden="true"/>
+ <xul:button dlgtype="extra2" class="dialog-button" hidden="true"/>
+ <xul:spacer anonid="spacer" flex="1"/>
+ <xul:button dlgtype="accept" class="dialog-button" xbl:inherits="disabled=buttondisabledaccept"/>
@@ -676,7 +673,7 @@
diff --git a/toolkit/mozapps/downloads/nsHelperAppDlg.js b/toolkit/mozapps/downloads/nsHelperAppDlg.js
--- a/toolkit/mozapps/downloads/nsHelperAppDlg.js
+++ b/toolkit/mozapps/downloads/nsHelperAppDlg.js
-@@ -1035,30 +1035,60 @@ nsUnknownContentTypeDialog.prototype = {
+@@ -1030,30 +1030,60 @@ nsUnknownContentTypeDialog.prototype = {
if (params.handlerApp &&
params.handlerApp.executable &&
@@ -848,7 +845,7 @@
diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build
--- a/toolkit/xre/moz.build
+++ b/toolkit/xre/moz.build
-@@ -71,17 +71,19 @@ elif CONFIG['MOZ_WIDGET_TOOLKIT'] == 'co
+@@ -67,17 +67,19 @@ elif CONFIG['MOZ_WIDGET_TOOLKIT'] == 'co
'../components/printingui',
]
elif CONFIG['MOZ_WIDGET_TOOLKIT'] == 'uikit':
@@ -1313,7 +1310,7 @@
diff --git a/uriloader/exthandler/moz.build b/uriloader/exthandler/moz.build
--- a/uriloader/exthandler/moz.build
+++ b/uriloader/exthandler/moz.build
-@@ -77,17 +77,19 @@ else:
+@@ -76,17 +76,19 @@ else:
SOURCES += [
osdir + '/nsOSHelperAppService.cpp',
]
@@ -1330,10 +1327,10 @@
elif CONFIG['MOZ_WIDGET_TOOLKIT'] == 'android':
UNIFIED_SOURCES += [
'android/nsAndroidHandlerApp.cpp',
- 'android/nsExternalSharingAppService.cpp',
'android/nsExternalURLHandlerService.cpp',
'android/nsMIMEInfoAndroid.cpp',
-@@ -122,16 +124,17 @@ include('/ipc/chromium/chromium-config.m
+ ]
+@@ -120,16 +122,17 @@ include('/ipc/chromium/chromium-config.m
FINAL_LIBRARY = 'xul'
LOCAL_INCLUDES += [
@@ -1691,7 +1688,7 @@
#include "nsIURL.h"
#include "nsIFileStreams.h"
#include "nsILineInputStream.h"
-@@ -1128,17 +1128,17 @@ nsOSHelperAppService::GetHandlerAndDescr
+@@ -1125,17 +1125,17 @@ nsOSHelperAppService::GetHandlerAndDescr
nsresult nsOSHelperAppService::OSProtocolHandlerExists(const char * aProtocolScheme, bool * aHandlerExists)
{
@@ -1710,7 +1707,7 @@
nsCOMPtr<nsIHandlerService> handlerSvc = do_GetService(NS_HANDLERSERVICE_CONTRACTID, &rv);
if (NS_SUCCEEDED(rv) && handlerSvc) {
rv = handlerSvc->ExistsForProtocol(nsCString(aProtocolScheme), aHandlerExists);
-@@ -1146,17 +1146,17 @@ nsresult nsOSHelperAppService::OSProtoco
+@@ -1143,17 +1143,17 @@ nsresult nsOSHelperAppService::OSProtoco
}
return rv;
@@ -1729,7 +1726,7 @@
nsresult nsOSHelperAppService::GetFileTokenForPath(const char16_t * platformAppPath, nsIFile ** aFile)
{
-@@ -1243,17 +1243,17 @@ nsOSHelperAppService::GetFromExtension(c
+@@ -1240,17 +1240,17 @@ nsOSHelperAppService::GetFromExtension(c
mime_types_description,
true);
@@ -1748,7 +1745,7 @@
rv = LookUpTypeAndDescription(NS_ConvertUTF8toUTF16(aFileExt),
majorType,
-@@ -1364,17 +1364,17 @@ nsOSHelperAppService::GetFromType(const
+@@ -1361,17 +1361,17 @@ nsOSHelperAppService::GetFromType(const
nsAutoString extensions, mime_types_description;
LookUpExtensionsAndDescription(majorType,
minorType,
@@ -1770,12 +1767,12 @@
diff --git a/widget/gtk/moz.build b/widget/gtk/moz.build
--- a/widget/gtk/moz.build
+++ b/widget/gtk/moz.build
-@@ -122,16 +122,17 @@ else:
- include('/ipc/chromium/chromium-config.mozbuild')
+@@ -123,16 +123,17 @@ include('/ipc/chromium/chromium-config.m
FINAL_LIBRARY = 'xul'
LOCAL_INCLUDES += [
+ '/layout/base',
'/layout/generic',
'/layout/xul',
'/other-licenses/atk-1.0',
@@ -2166,7 +2163,7 @@
const char* directive;
int argc;
-@@ -437,16 +438,17 @@ ParseManifest(NSLocationType aType, File
+@@ -419,16 +420,17 @@ ParseManifest(NSLocationType aType, File
NS_NAMED_LITERAL_STRING(kRemoteEnabled, "remoteenabled");
NS_NAMED_LITERAL_STRING(kRemoteRequired, "remoterequired");
NS_NAMED_LITERAL_STRING(kApplication, "application");
@@ -2184,7 +2181,7 @@
NS_NAMED_LITERAL_STRING(kMain, "main");
NS_NAMED_LITERAL_STRING(kContent, "content");
-@@ -492,44 +494,49 @@ ParseManifest(NSLocationType aType, File
+@@ -474,44 +476,49 @@ ParseManifest(NSLocationType aType, File
CopyUTF8toUTF16(s, abi);
abi.Insert(char16_t('_'), 0);
abi.Insert(osTarget, 0);
@@ -2234,7 +2231,7 @@
process = kMain;
}
-@@ -631,25 +638,27 @@ ParseManifest(NSLocationType aType, File
+@@ -598,25 +605,27 @@ ParseManifest(NSLocationType aType, File
TriState stOsVersion = eUnspecified;
TriState stOs = eUnspecified;
TriState stABI = eUnspecified;
@@ -2262,7 +2259,7 @@
}
#if defined(MOZ_WIDGET_ANDROID)
-@@ -694,16 +703,17 @@ ParseManifest(NSLocationType aType, File
+@@ -661,16 +670,17 @@ ParseManifest(NSLocationType aType, File
}
if (!ok ||
@@ -2303,7 +2300,7 @@
@@ -47,16 +47,17 @@
#include "prproces.h"
#include "nsIDirectoryEnumerator.h"
- #include "nsISimpleEnumerator.h"
+ #include "nsSimpleEnumerator.h"
#include "private/pprio.h"
#include "prlink.h"
@@ -2318,7 +2315,7 @@
#include "prmem.h"
#include "plbase64.h"
-@@ -1999,63 +2000,78 @@ nsLocalFile::SetPersistentDescriptor(con
+@@ -2007,63 +2008,78 @@ nsLocalFile::SetPersistentDescriptor(con
NS_IMETHODIMP
nsLocalFile::Reveal()
{
++++++ source-stamp.txt ++++++
--- /var/tmp/diff_new_pack.nL9wlQ/_old 2018-11-28 11:11:57.231020476 +0100
+++ /var/tmp/diff_new_pack.nL9wlQ/_new 2018-11-28 11:11:57.231020476 +0100
@@ -1,2 +1,2 @@
-REV=c9ed11ae5c79
+REV=4666a1c322d8
REPO=http://hg.mozilla.org/releases/mozilla-release
1
0
Hello community,
here is the log from the commit of package wayland for openSUSE:Factory checked in at 2018-11-28 11:10:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/wayland (Old)
and /work/SRC/openSUSE:Factory/.wayland.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wayland"
Wed Nov 28 11:10:37 2018 rev:38 rq:651980 version:1.16.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/wayland/wayland.changes 2018-11-22 13:24:00.054095327 +0100
+++ /work/SRC/openSUSE:Factory/.wayland.new.19453/wayland.changes 2018-11-28 11:11:13.983081364 +0100
@@ -1,0 +2,9 @@
+Tue Nov 20 12:57:23 UTC 2018 - sndirsch(a)suse.com
+
+- Downgrades do not work in SLES service packs, because the SP0
+ repo remains enabled for SP1. (This is unlike Leap, where a 15.1
+ system will have no 15.0 directories.) As such, to force the
+ upgrade from Mesa:libwayland-egl1 to wayland:libwayland-egl1,
+ the number in wayland is bumped to >18 for those distros.
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ wayland.spec ++++++
--- /var/tmp/diff_new_pack.ei91aU/_old 2018-11-28 11:11:15.555079150 +0100
+++ /var/tmp/diff_new_pack.ei91aU/_new 2018-11-28 11:11:15.559079144 +0100
@@ -15,10 +15,16 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+%define _version 1.16.0
+%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1550
+%define eglversion 99~%_version
+%else
+%define eglversion %_version
+%endif
%define lname libwayland0
Name: wayland
-Version: 1.16.0
+Version: %_version
Release: 0
Summary: Wayland Compositor Infrastructure
License: MIT
@@ -82,6 +88,7 @@
%package -n libwayland-egl1
Summary: Additional egl functions for wayland
Group: System/Libraries
+Version: %eglversion
%description -n libwayland-egl1
This package provides additional functions for EGL-using programs
@@ -103,10 +110,10 @@
%package devel
Summary: Development files for the Wayland Compositor Infrastructure
Group: Development/Libraries/C and C++
-Requires: libwayland-client0 = %version
-Requires: libwayland-cursor0 = %version
-Requires: libwayland-egl1 = %version
-Requires: libwayland-server0 = %version
+Requires: libwayland-client0 = %_version
+Requires: libwayland-cursor0 = %_version
+Requires: libwayland-egl1 = %eglversion
+Requires: libwayland-server0 = %_version
%if 0%{?suse_version} >= 1500
%if 0%{?suse_version} >= 1550
Provides: libwayland-egl-devel = 18.1.5
@@ -138,6 +145,7 @@
%prep
%setup -q
+sed -i 's/<eglversion>/%eglversion/' "%_sourcedir/baselibs.conf"
%build
if [ ! -e configure ]; then
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.ei91aU/_old 2018-11-28 11:11:15.587079105 +0100
+++ /var/tmp/diff_new_pack.ei91aU/_new 2018-11-28 11:11:15.591079099 +0100
@@ -6,5 +6,5 @@
requires -wayland-<targettype>
requires "libwayland-client0-<targettype> = <version>"
requires "libwayland-cursor0-<targettype> = <version>"
- requires "libwayland-egl1-<targettype> = <version>"
+ requires "libwayland-egl1-<targettype> = <eglversion>"
requires "libwayland-server0-<targettype> = <version>"
1
0
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2018-11-28 11:10:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grub2"
Wed Nov 28 11:10:33 2018 rev:196 rq:651971 version:2.02
Changes:
--------
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2018-10-09 15:53:08.594355530 +0200
+++ /work/SRC/openSUSE:Factory/.grub2.new.19453/grub2.changes 2018-11-28 11:11:07.151090993 +0100
@@ -1,0 +2,12 @@
+Mon Nov 26 06:54:34 UTC 2018 - mchang(a)suse.com
+
+- Change default tsc calibration method to pmtimer on EFI (bsc#1114754)
+ * 0001-tsc-Change-default-tsc-calibration-method-to-pmtimer.patch
+
+-------------------------------------------------------------------
+Fri Oct 19 07:17:34 UTC 2018 - mchang(a)suse.com
+
+- ieee1275: Fix double free in CAS reboot (bsc#1111955)
+ * grub2-ppc64-cas-fix-double-free.patch
+
+-------------------------------------------------------------------
New:
----
0001-tsc-Change-default-tsc-calibration-method-to-pmtimer.patch
grub2-ppc64-cas-fix-double-free.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ grub2.spec ++++++
--- /var/tmp/diff_new_pack.FlO7zI/_old 2018-11-28 11:11:08.939088473 +0100
+++ /var/tmp/diff_new_pack.FlO7zI/_new 2018-11-28 11:11:08.943088467 +0100
@@ -223,6 +223,7 @@
Patch91: grub2-msdos-fix-overflow.patch
Patch92: grub2-util-30_os-prober-multiple-initrd.patch
Patch93: grub2-getroot-support-nvdimm.patch
+Patch94: 0001-tsc-Change-default-tsc-calibration-method-to-pmtimer.patch
# Btrfs snapshot booting related patches
Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
Patch102: grub2-btrfs-02-export-subvolume-envvars.patch
@@ -261,6 +262,7 @@
Patch215: grub2-ppc64-cas-new-scope.patch
Patch216: 0001-ofnet-Initialize-structs-in-bootpath-parser.patch
Patch217: grub2-ieee1275-FCP-methods-for-WWPN-and-LUNs.patch
+Patch218: grub2-ppc64-cas-fix-double-free.patch
Patch233: grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch
Patch234: fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch
Patch236: grub2-efi_gop-avoid-low-resolution.patch
@@ -523,6 +525,7 @@
%patch91 -p1
%patch92 -p1
%patch93 -p1
+%patch94 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
@@ -554,6 +557,7 @@
%patch215 -p1
%patch216 -p1
%patch217 -p1
+%patch218 -p1
%patch233 -p1
%patch234 -p1
%patch236 -p1
++++++ 0001-tsc-Change-default-tsc-calibration-method-to-pmtimer.patch ++++++
>From 446794de8da4329ea532cbee4ca877bcafd0e534 Mon Sep 17 00:00:00 2001
From: "David E. Box" <david.e.box(a)linux.intel.com>
Date: Fri, 15 Sep 2017 15:37:05 -0700
Subject: [PATCH] tsc: Change default tsc calibration method to pmtimer on EFI
systems
On efi systems, make pmtimer based tsc calibration the default over the
pit. This prevents Grub from hanging on Intel SoC systems that power gate
the pit.
Signed-off-by: David E. Box <david.e.box(a)linux.intel.com>
Reviewed-by: Daniel Kiper <daniel.kiper(a)oracle.com>
---
grub-core/kern/i386/tsc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: grub-2.02/grub-core/kern/i386/tsc.c
===================================================================
--- grub-2.02.orig/grub-core/kern/i386/tsc.c
+++ grub-2.02/grub-core/kern/i386/tsc.c
@@ -68,7 +68,7 @@ grub_tsc_init (void)
#ifdef GRUB_MACHINE_XEN
(void) (grub_tsc_calibrate_from_xen () || calibrate_tsc_hardcode());
#elif defined (GRUB_MACHINE_EFI)
- (void) (grub_tsc_calibrate_from_pit () || grub_tsc_calibrate_from_pmtimer () || grub_tsc_calibrate_from_efi() || calibrate_tsc_hardcode());
+ (void) (grub_tsc_calibrate_from_pmtimer () || grub_tsc_calibrate_from_pit () || grub_tsc_calibrate_from_efi() || calibrate_tsc_hardcode());
#elif defined (GRUB_MACHINE_COREBOOT)
(void) (grub_tsc_calibrate_from_pmtimer () || grub_tsc_calibrate_from_pit () || calibrate_tsc_hardcode());
#else
++++++ grub2-ppc64-cas-fix-double-free.patch ++++++
Index: grub-2.02/grub-core/kern/ieee1275/openfw.c
===================================================================
--- grub-2.02.orig/grub-core/kern/ieee1275/openfw.c
+++ grub-2.02/grub-core/kern/ieee1275/openfw.c
@@ -592,7 +592,7 @@ grub_ieee1275_canonicalise_devname (cons
/* Check if it's a CAS reboot. If so, set the script to be executed. */
int
-grub_ieee1275_cas_reboot (char *script)
+grub_ieee1275_cas_reboot (char **script)
{
grub_uint32_t ibm_ca_support_reboot;
grub_uint32_t ibm_fw_nbr_reboots;
@@ -625,16 +625,37 @@ grub_ieee1275_cas_reboot (char *script)
if (ibm_ca_support_reboot || ibm_fw_nbr_reboots)
{
- if (! grub_ieee1275_get_property_length (options, "boot-last-label", &actual))
- {
- if (actual > 1024)
- script = grub_realloc (script, actual + 1);
- grub_ieee1275_get_property (options, "boot-last-label", script, actual,
- &actual);
- return 0;
- }
+ grub_ssize_t len;
+ char *buf;
+
+ if (grub_ieee1275_get_property_length (options, "boot-last-label", &len)
+ || len <= 0)
+ {
+ grub_dprintf ("ieee1275", "boot-last-label missing or invalid\n");
+ goto out;
+ }
+ /* The returned property string length may not include terminating null byte, and in
+ a bid to avoid out of bound access we allocate one more byte to add it back */
+ buf = grub_malloc ((grub_size_t)len + 1);
+ if (!buf)
+ {
+ grub_print_error ();
+ goto out;
+ }
+ if (grub_ieee1275_get_property (options, "boot-last-label", buf, (grub_size_t)len + 1, &actual)
+ || actual < 0)
+ {
+ grub_dprintf ("ieee1275", "error while get boot-last-label property\n");
+ grub_free (buf);
+ goto out;
+ }
+ /* Add terminating null byte */
+ buf[len] = '\0';
+ *script = buf;
+ return 0;
}
+out:
grub_ieee1275_set_boot_last_label ("");
return -1;
@@ -648,7 +669,8 @@ int grub_ieee1275_set_boot_last_label (c
grub_dprintf("ieee1275", "set boot_last_label (size: %" PRIxGRUB_SIZE ")\n", grub_strlen(text));
if (! grub_ieee1275_finddevice ("/options", &options) &&
options != (grub_ieee1275_ihandle_t) -1)
+ /* To be on the safe side, set the property string with terminating null byte */
grub_ieee1275_set_property (options, "boot-last-label", text,
- grub_strlen (text), &actual);
+ grub_strlen (text) + 1, &actual);
return 0;
}
Index: grub-2.02/grub-core/normal/main.c
===================================================================
--- grub-2.02.orig/grub-core/normal/main.c
+++ grub-2.02/grub-core/normal/main.c
@@ -281,10 +281,9 @@ grub_normal_execute (const char *config,
#ifdef GRUB_MACHINE_IEEE1275
int boot;
boot = 0;
- char *script;
+ char *script = NULL;
char *dummy[1] = { NULL };
- script = grub_malloc (1024);
- if (! grub_ieee1275_cas_reboot (script))
+ if (! grub_ieee1275_cas_reboot (&script) && script)
{
if (! grub_script_execute_new_scope (script, 0, dummy))
boot = 1;
Index: grub-2.02/include/grub/ieee1275/ieee1275.h
===================================================================
--- grub-2.02.orig/include/grub/ieee1275/ieee1275.h
+++ grub-2.02/include/grub/ieee1275/ieee1275.h
@@ -243,7 +243,7 @@ int EXPORT_FUNC(grub_ieee1275_devalias_n
void EXPORT_FUNC(grub_ieee1275_children_peer) (struct grub_ieee1275_devalias *alias);
void EXPORT_FUNC(grub_ieee1275_children_first) (const char *devpath,
struct grub_ieee1275_devalias *alias);
-int EXPORT_FUNC(grub_ieee1275_cas_reboot) (char *script);
+int EXPORT_FUNC(grub_ieee1275_cas_reboot) (char **script);
int EXPORT_FUNC(grub_ieee1275_set_boot_last_label) (const char *text);
#define FOR_IEEE1275_DEVALIASES(alias) for (grub_ieee1275_devalias_init_iterator (&(alias)); grub_ieee1275_devalias_next (&(alias));)
1
0
Hello community,
here is the log from the commit of package firebird for openSUSE:Factory checked in at 2018-11-28 11:10:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/firebird (Old)
and /work/SRC/openSUSE:Factory/.firebird.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firebird"
Wed Nov 28 11:10:26 2018 rev:50 rq:651958 version:3.0.4.33054
Changes:
--------
--- /work/SRC/openSUSE:Factory/firebird/firebird.changes 2018-07-10 16:13:55.917676059 +0200
+++ /work/SRC/openSUSE:Factory/.firebird.new.19453/firebird.changes 2018-11-28 11:10:44.919122340 +0100
@@ -1,0 +2,33 @@
+Wed Nov 21 07:39:56 UTC 2018 - mkubecek(a)suse.cz
+
+- update to upstream version 3.0.4
+ * add support for SRP authentication using SHA-256
+ * ODS (database file format) version raised to 12.2 on some
+ architectures (including i586, not x86_64); new version will be
+ able to open existing ODS 12.0 created on the same architecture
+ but for database transfer between architectures, backup/restore
+ is always recommended
+ * context variables WIRE_COMPRESSED and WIRE_ENCRYPTED were added
+ to the SYSTEM namespace to report compression and encryption
+ status, respectively, of the current connection (CORE-5913)
+ * enhanced reporting of errors when dynamic library fails to load
+ (CORE-5908)
+ * include funciton name when UDF causes "Arithmetic exception,
+ numeric overflow, or string truncation" error (CORE-5876)
+ * context variables LOCALTIME and LOCALTIMESTAMP (synonyms for
+ CURRENT_TIME and CURRENT_TIMESTAMP) for compatibility with 4.0
+ (CORE-5853)
+ * read-only restriction for system tables was relaxed to permit
+ CREATE, ALTER and DROP operations on their indexes (CORE-5746)
+ * fix unauthorized BLOB access vulnerability (CORE-5801)
+ * for a full list of bugfixes and improvements see
+ http://www.firebirdsql.org/file/documentation/release_notes/html/en/3_0/rnf…
+- drop patches included in new upstream release:
+ Make-it-build-with-icu60.patch
+ An-attempt-to-fix-CORE-5764-need-feedback-on-snapsho.patch
+ Fixed-a-code-somewhy-accepted-by-gcc6.patch
+- refresh patches:
+ work-around-g-problem-in-SLE11.patch
+ use-C-98-on-SLE11.patch
+
+-------------------------------------------------------------------
Old:
----
An-attempt-to-fix-CORE-5764-need-feedback-on-snapsho.patch
Firebird-3.0.3.32900-0.tar.xz
Fixed-a-code-somewhy-accepted-by-gcc6.patch
Make-it-build-with-icu60.patch
New:
----
Firebird-3.0.4.33054-0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ firebird.spec ++++++
--- /var/tmp/diff_new_pack.ni4jUG/_old 2018-11-28 11:11:00.023101040 +0100
+++ /var/tmp/diff_new_pack.ni4jUG/_new 2018-11-28 11:11:00.023101040 +0100
@@ -19,7 +19,7 @@
%define up_stage 0
Name: firebird
-Version: 3.0.3.32900
+Version: 3.0.4.33054
Release: 0
Summary: Database system (common files)
License: SUSE-IDPL-1.0 AND SUSE-IBPL-1.0
@@ -51,10 +51,7 @@
Patch3: disable-xinetd-service-by-default.patch
Patch4: add-pkgconfig-files.patch
Patch5: Provide-sized-global-delete-operators-when-compiled-.patch
-Patch6: Make-it-build-with-icu60.patch
-Patch7: An-attempt-to-fix-CORE-5764-need-feedback-on-snapsho.patch
-Patch8: Fixed-a-code-somewhy-accepted-by-gcc6.patch
-Patch9: unicode-handle-new-SUSE-ICU-version-hack.patch
+Patch6: unicode-handle-new-SUSE-ICU-version-hack.patch
# work around problems with old g++
Patch91: work-around-g-problem-in-SLE11.patch
Patch92: use-C-98-on-SLE11.patch
@@ -84,9 +81,6 @@
%patch4 -p1
%patch5 -p1
%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
# --
# work around a problem with old g++
%if 0%{?suse_version} < 1140
++++++ Firebird-3.0.3.32900-0.tar.xz -> Firebird-3.0.4.33054-0.tar.xz ++++++
/work/SRC/openSUSE:Factory/firebird/Firebird-3.0.3.32900-0.tar.xz /work/SRC/openSUSE:Factory/.firebird.new.19453/Firebird-3.0.4.33054-0.tar.xz differ: char 1, line 1
++++++ use-C-98-on-SLE11.patch ++++++
--- /var/tmp/diff_new_pack.ni4jUG/_old 2018-11-28 11:11:00.087100950 +0100
+++ /var/tmp/diff_new_pack.ni4jUG/_new 2018-11-28 11:11:00.091100944 +0100
@@ -11,45 +11,36 @@
builds/posix/prefix.linux_generic | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
-diff --git a/builds/posix/prefix.linux b/builds/posix/prefix.linux
-index fef782d7c65f..46641f9c1c7c 100644
--- a/builds/posix/prefix.linux
+++ b/builds/posix/prefix.linux
-@@ -18,7 +18,7 @@
- #
+@@ -19,7 +19,7 @@
# 2 Oct 2002, Nickolay Samofatov - Major cleanup
--COMMON_FLAGS=-ggdb -DFB_SEND_FLAGS=MSG_NOSIGNAL -DLINUX -pipe -MMD -fPIC -fmessage-length=0 -std=gnu++03 -fno-delete-null-pointer-checks
-+COMMON_FLAGS=-ggdb -DFB_SEND_FLAGS=MSG_NOSIGNAL -DLINUX -pipe -MMD -fPIC -fmessage-length=0 -std=gnu++98 -fno-delete-null-pointer-checks
+ COMMON_FLAGS=-ggdb -DFB_SEND_FLAGS=MSG_NOSIGNAL -DLINUX -pipe -MMD -fPIC -fmessage-length=0 -fno-delete-null-pointer-checks
+-CXXFLAGS=-std=gnu++03
++CXXFLAGS=-std=gnu++98
OPTIMIZE_FLAGS=-O3 -march=i586 -mtune=i686 -fno-omit-frame-pointer
WARN_FLAGS=-Wall -Wno-switch -Wno-parentheses -Wno-unknown-pragmas -Wno-unused-variable -Wno-narrowing
-diff --git a/builds/posix/prefix.linux_amd64 b/builds/posix/prefix.linux_amd64
-index ecf60436c892..5ce520bb5fdc 100644
--- a/builds/posix/prefix.linux_amd64
+++ b/builds/posix/prefix.linux_amd64
-@@ -18,7 +18,7 @@
- #
+@@ -19,7 +19,7 @@
# 2 Oct 2002, Nickolay Samofatov - Major cleanup
--COMMON_FLAGS=-ggdb -DFB_SEND_FLAGS=MSG_NOSIGNAL -DLINUX -DAMD64 -pipe -MMD -fPIC -fmessage-length=0 -std=gnu++03 -fno-delete-null-pointer-checks
-+COMMON_FLAGS=-ggdb -DFB_SEND_FLAGS=MSG_NOSIGNAL -DLINUX -DAMD64 -pipe -MMD -fPIC -fmessage-length=0 -std=gnu++98 -fno-delete-null-pointer-checks
- OPTIMIZE_FLAGS=-O3 -fno-omit-frame-pointer
+ COMMON_FLAGS=-ggdb -DFB_SEND_FLAGS=MSG_NOSIGNAL -DLINUX -DAMD64 -pipe -MMD -fPIC -fmessage-length=0 -fno-delete-null-pointer-checks
+-CXXFLAGS=-std=gnu++03
++CXXFLAGS=-std=gnu++98
+ OPTIMIZE_FLAGS=-O3 -fno-omit-frame-pointer
WARN_FLAGS=-Wall -Wno-switch -Wno-parentheses -Wno-unknown-pragmas -Wno-unused-variable -Wno-invalid-offsetof -Wno-narrowing -Wno-unused-local-typedefs
-diff --git a/builds/posix/prefix.linux_generic b/builds/posix/prefix.linux_generic
-index d976845795c2..60dc8b3428ca 100644
--- a/builds/posix/prefix.linux_generic
+++ b/builds/posix/prefix.linux_generic
-@@ -18,7 +18,7 @@
- #
+@@ -19,7 +19,7 @@
# 2 Oct 2002, Nickolay Samofatov - Major cleanup
--COMMON_FLAGS=-DLINUX -pipe -MMD -fPIC -DFB_SEND_FLAGS=MSG_NOSIGNAL -std=gnu++03 -fno-delete-null-pointer-checks
-+COMMON_FLAGS=-DLINUX -pipe -MMD -fPIC -DFB_SEND_FLAGS=MSG_NOSIGNAL -std=gnu++98 -fno-delete-null-pointer-checks
+ COMMON_FLAGS=-DLINUX -pipe -MMD -fPIC -DFB_SEND_FLAGS=MSG_NOSIGNAL -fno-delete-null-pointer-checks
+-CXXFLAGS=-std=gnu++03
++CXXFLAGS=-std=gnu++98
PROD_FLAGS=-ggdb -O3 $(COMMON_FLAGS)
DEV_FLAGS=-ggdb -p -Wall -Wno-switch $(COMMON_FLAGS) -Wno-non-virtual-dtor
---
-2.16.2
-
++++++ work-around-g-problem-in-SLE11.patch ++++++
--- /var/tmp/diff_new_pack.ni4jUG/_old 2018-11-28 11:11:00.095100940 +0100
+++ /var/tmp/diff_new_pack.ni4jUG/_new 2018-11-28 11:11:00.099100934 +0100
@@ -18,11 +18,9 @@
src/jrd/constants.h | 2 +-
src/jrd/trace/TraceObjects.h | 4 ++--
src/yvalve/YObjects.h | 2 +-
- src/yvalve/why.cpp | 18 +++++++++---------
- 8 files changed, 22 insertions(+), 22 deletions(-)
+ src/yvalve/why.cpp | 19 ++++++++++---------
+ 8 files changed, 23 insertions(+), 22 deletions(-)
-diff --git a/src/common/StatusHolder.h b/src/common/StatusHolder.h
-index e2d444f5192f..398076640779 100644
--- a/src/common/StatusHolder.h
+++ b/src/common/StatusHolder.h
@@ -141,7 +141,7 @@ class DynamicStatusVector : public DynamicVector<ISC_STATUS_LENGTH>
@@ -43,11 +41,9 @@
{ }
ISC_STATUS save(IStatus* status);
-diff --git a/src/common/classes/alloc.cpp b/src/common/classes/alloc.cpp
-index 16cc6d39b018..26def6855f47 100644
--- a/src/common/classes/alloc.cpp
+++ b/src/common/classes/alloc.cpp
-@@ -407,7 +407,7 @@ public:
+@@ -424,7 +424,7 @@ public:
{
MemBlock* rc = new(memory) MemBlock(size);
@@ -56,7 +52,7 @@
return rc;
}
-@@ -443,7 +443,7 @@ private:
+@@ -460,7 +460,7 @@ private:
public:
MemMediumHunk(MemMediumHunk** top, size_t spaceAllocated)
@@ -65,7 +61,7 @@
prev(NULL),
useCount(0)
{
-@@ -470,7 +470,7 @@ public:
+@@ -487,7 +487,7 @@ public:
{
MemBlock* rc = new(memory) MemBlock(size, this);
@@ -74,8 +70,6 @@
incrUsage();
return rc;
-diff --git a/src/include/firebird/Interface.h b/src/include/firebird/Interface.h
-index 57f0a90e5c81..3a65bba0124b 100644
--- a/src/include/firebird/Interface.h
+++ b/src/include/firebird/Interface.h
@@ -243,7 +243,7 @@ namespace Firebird
@@ -96,26 +90,22 @@
{
}
-diff --git a/src/jrd/Mapping.cpp b/src/jrd/Mapping.cpp
-index a2008f580e64..21ab7dda607f 100644
--- a/src/jrd/Mapping.cpp
+++ b/src/jrd/Mapping.cpp
-@@ -881,11 +881,11 @@ class DbHandle : public AutoPtr<IAttachment, SimpleRelease<IAttachment> >
+@@ -895,11 +895,11 @@ class DbHandle : public AutoPtr<IAttachment, SimpleRelease>
{
public:
DbHandle()
- : AutoPtr()
-+ : AutoPtr<IAttachment, SimpleRelease<IAttachment> >()
++ : AutoPtr<IAttachment, SimpleRelease>()
{ }
DbHandle(IAttachment* att)
- : AutoPtr(att)
-+ : AutoPtr<IAttachment, SimpleRelease<IAttachment> >(att)
++ : AutoPtr<IAttachment, SimpleRelease>(att)
{
if (att)
att->addRef();
-diff --git a/src/jrd/constants.h b/src/jrd/constants.h
-index 78742e9ac76d..6b8f99ffbf86 100644
--- a/src/jrd/constants.h
+++ b/src/jrd/constants.h
@@ -444,7 +444,7 @@ const int DDL_TRIGGER_DROP_MAPPING = 47;
@@ -127,8 +117,6 @@
// Number of streams, conjuncts, indices that will be statically allocated
// in various arrays. Larger numbers will have to be allocated dynamically
-diff --git a/src/jrd/trace/TraceObjects.h b/src/jrd/trace/TraceObjects.h
-index 5bfce6c3b7c5..bf6f42ba9dc9 100644
--- a/src/jrd/trace/TraceObjects.h
+++ b/src/jrd/trace/TraceObjects.h
@@ -143,7 +143,7 @@ class TraceBLRStatementImpl : public BLRPrinter<TraceBLRStatementImpl>
@@ -149,33 +137,30 @@
{}
ISC_INT64 getStmtID() { return 0; }
-diff --git a/src/yvalve/YObjects.h b/src/yvalve/YObjects.h
-index 346b9e98a84e..b508109f3b1c 100644
--- a/src/yvalve/YObjects.h
+++ b/src/yvalve/YObjects.h
-@@ -253,7 +253,7 @@ public:
+@@ -286,7 +286,7 @@ public:
private:
YTransaction(YTransaction* from)
- : YHelper(from->next),
+ : YHelper<YTransaction, Firebird::ITransactionImpl<YTransaction, Firebird::CheckStatusWrapper> >(from->next),
- attachment(from->attachment),
+ attachment(from->attachment.get()),
childBlobs(getPool()),
childCursors(getPool()),
-diff --git a/src/yvalve/why.cpp b/src/yvalve/why.cpp
-index ecdf018bc34b..e9564e399303 100644
--- a/src/yvalve/why.cpp
+++ b/src/yvalve/why.cpp
-@@ -3848,7 +3848,7 @@ YHelper<Impl, Intf>::YHelper(NextInterface* aNext)
+@@ -3751,7 +3751,8 @@ YHelper<Impl, Intf>::YHelper(NextInterface* aNext)
YEvents::YEvents(YAttachment* aAttachment, IEvents* aNext, IEventCallback* aCallback)
-- : YHelper(aNext)
-+ : YHelper<YEvents, Firebird::IEventsImpl<YEvents, Firebird::CheckStatusWrapper> >(aNext)
- {
- attachment = aAttachment;
- callback = aCallback;
-@@ -3905,7 +3905,7 @@ void YEvents::cancel(CheckStatusWrapper* status)
+- : YHelper(aNext), attachment(aAttachment), callback(aCallback)
++ : YHelper<YEvents, Firebird::IEventsImpl<YEvents, Firebird::CheckStatusWrapper> >(aNext),
++ attachment(aAttachment), callback(aCallback)
+ {
+ aAttachment->childEvents.add(this);
+ }
+@@ -3809,7 +3810,7 @@ void YEvents::cancel(CheckStatusWrapper* status)
YRequest::YRequest(YAttachment* aAttachment, IRequest* aNext)
@@ -184,7 +169,7 @@
attachment(aAttachment),
userHandle(NULL)
{
-@@ -4045,7 +4045,7 @@ void YRequest::free(CheckStatusWrapper* status)
+@@ -3950,7 +3951,7 @@ void YRequest::free(CheckStatusWrapper* status)
YBlob::YBlob(YAttachment* aAttachment, YTransaction* aTransaction, IBlob* aNext)
@@ -193,7 +178,7 @@
attachment(aAttachment),
transaction(aTransaction)
{
-@@ -4169,7 +4169,7 @@ int YBlob::seek(CheckStatusWrapper* status, int mode, int offset)
+@@ -4076,7 +4077,7 @@ int YBlob::seek(CheckStatusWrapper* status, int mode, int offset)
YStatement::YStatement(YAttachment* aAttachment, IStatement* aNext)
@@ -201,8 +186,8 @@
+ : YHelper<YStatement, Firebird::IStatementImpl<YStatement, Firebird::CheckStatusWrapper> >(aNext),
attachment(aAttachment), cursor(NULL), input(true), output(false)
{
- attachment->childStatements.add(this);
-@@ -4436,7 +4436,7 @@ void YStatement::free(CheckStatusWrapper* status)
+ attachment.get()->childStatements.add(this);
+@@ -4464,7 +4465,7 @@ FB_BOOLEAN IscStatement::fetch(CheckStatusWrapper* status, IMessageMetadata* out
YResultSet::YResultSet(YAttachment* anAttachment, YTransaction* aTransaction, IResultSet* aNext)
@@ -211,7 +196,7 @@
attachment(anAttachment),
transaction(aTransaction),
statement(NULL)
-@@ -4447,7 +4447,7 @@ YResultSet::YResultSet(YAttachment* anAttachment, YTransaction* aTransaction, IR
+@@ -4475,7 +4476,7 @@ YResultSet::YResultSet(YAttachment* anAttachment, YTransaction* aTransaction, IR
YResultSet::YResultSet(YAttachment* anAttachment, YTransaction* aTransaction,
YStatement* aStatement, IResultSet* aNext)
@@ -220,7 +205,7 @@
attachment(anAttachment),
transaction(aTransaction),
statement(aStatement)
-@@ -4673,7 +4673,7 @@ void YResultSet::close(CheckStatusWrapper* status)
+@@ -4701,7 +4702,7 @@ void YResultSet::close(CheckStatusWrapper* status)
YTransaction::YTransaction(YAttachment* aAttachment, ITransaction* aNext)
@@ -229,7 +214,7 @@
attachment(aAttachment),
childBlobs(getPool()),
childCursors(getPool()),
-@@ -4936,7 +4936,7 @@ YTransaction* YTransaction::enterDtc(CheckStatusWrapper* status)
+@@ -4960,7 +4961,7 @@ YTransaction* YTransaction::enterDtc(CheckStatusWrapper* status)
YAttachment::YAttachment(IProvider* aProvider, IAttachment* aNext, const PathName& aDbPath)
@@ -238,7 +223,7 @@
provider(aProvider),
dbPath(getPool(), aDbPath),
childBlobs(getPool()),
-@@ -5509,7 +5509,7 @@ void YAttachment::getNextTransaction(CheckStatusWrapper* status, ITransaction* t
+@@ -5538,7 +5539,7 @@ void YAttachment::getNextTransaction(CheckStatusWrapper* status, ITransaction* t
YService::YService(IProvider* aProvider, IService* aNext, bool utf8)
@@ -247,6 +232,3 @@
provider(aProvider),
utf8Connection(utf8)
{
---
-2.10.0
-
1
0
Hello community,
here is the log from the commit of package postfix for openSUSE:Factory checked in at 2018-11-28 11:10:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
and /work/SRC/openSUSE:Factory/.postfix.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix"
Wed Nov 28 11:10:21 2018 rev:162 rq:651633 version:3.3.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2018-11-06 15:23:56.300652014 +0100
+++ /work/SRC/openSUSE:Factory/.postfix.new.19453/postfix.changes 2018-11-28 11:10:29.667143418 +0100
@@ -2 +2,24 @@
-Mon Oct 22 13:00:03 UTC 2018 - Christian Wittmer <chris(a)computersalat.de>
+Sun Nov 25 10:18:07 UTC 2018 - Michael Ströder <michael(a)stroeder.com>
+
+- Update to 3.3.2
+ * Support for OpenSSL 1.1.1 and TLSv1.3.
+ * Bugfixes:
+ - smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because
+ some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
+ - minor memory leak in DANE support when minting issuer certs.
+ - The Postfix build did not abort if the m4 command was not installed,
+ resulting in a broken postconf command.
+
+-------------------------------------------------------------------
+Sat Nov 24 17:08:30 UTC 2018 - chris(a)computersalat.de
+
+- add POSTFIX_RELAY_DOMAINS
+ * more flexibility to add to relay_domains without breaking
+ config.postfix
+ * rework restriction examples in sysconf.postfix
+ based on postfix-buch.com (2. edtion by Hildebrandt, Koetter)
+- disable weak cipher: RC4
+ after check with https://ssl-tools.net/mailservers
+
+-------------------------------------------------------------------
+Mon Oct 22 13:00:03 UTC 2018 - chris(a)computersalat.de
Old:
----
postfix-3.3.1.tar.gz
New:
----
postfix-3.3.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ postfix.spec ++++++
--- /var/tmp/diff_new_pack.HFO2lf/_old 2018-11-28 11:10:30.591142162 +0100
+++ /var/tmp/diff_new_pack.HFO2lf/_new 2018-11-28 11:10:30.595142157 +0100
@@ -55,7 +55,7 @@
%bcond_with libnsl
%endif
Name: postfix
-Version: 3.3.1
+Version: 3.3.2
Release: 0
Summary: A fast, secure, and flexible mailer
License: IPL-1.0 OR EPL-2.0
++++++ postfix-3.3.1.tar.gz -> postfix-3.3.2.tar.gz ++++++
++++ 2146 lines of diff (skipped)
++++++ postfix-SuSE.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/config.postfix new/postfix-SuSE/config.postfix
--- old/postfix-SuSE/config.postfix 2018-10-22 13:48:17.339040765 +0200
+++ new/postfix-SuSE/config.postfix 2018-11-24 17:42:03.902173507 +0100
@@ -245,6 +245,7 @@
export POSTFIX_WITH_LDAP
# needed when for WITH_MYSQL
export POSTFIX_WITH_MYSQL
+ export POSTFIX_RELAY_DOMAINS
MCF_DIR=$TMPDIR
export MCF_DIR
@@ -710,6 +711,8 @@
$with_mysql = lc($with_mysql);
+my $pf_relay_domains = $ENV{POSTFIX_RELAY_DOMAINS};
+
open(MNCF,"<$mncf") || die "unable to open $mncf: $!";
while( <MNCF> ) {
@@ -799,9 +802,9 @@
}
} elsif ( /^(relay_domains\s=\s).*/ ) {
if ($with_mysql ne "yes") {
- $line = $1."\$mydestination, hash:/etc/postfix/relay";
+ $line = $1."\$mydestination hash:/etc/postfix/relay $pf_relay_domains";
} else {
- $line = $1."\$mydestination, hash:/etc/postfix/relay, mysql:/etc/postfix/mysql_relay_domains_maps.cf";
+ $line = $1."\$mydestination hash:/etc/postfix/relay mysql:/etc/postfix/mysql_relay_domains_maps.cf $pf_relay_domains";
}
} else {
$line = $_;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/sysconfig.postfix new/postfix-SuSE/sysconfig.postfix
--- old/postfix-SuSE/sysconfig.postfix 2017-01-26 18:31:57.871280147 +0100
+++ new/postfix-SuSE/sysconfig.postfix 2018-11-24 17:50:05.508755214 +0100
@@ -184,6 +184,16 @@
POSTFIX_MAP_LIST="virtual transport access canonical sender_canonical relocated sasl_passwd:600 relay_ccerts helo_access relay"
## Type: string
+## Default: ""
+# Defaults by config.postfix:
+# without MySQL: $mydestination hash:/etc/postfix/relay
+# with MySQL: $mydestination hash:/etc/postfix/relay mysql:/etc/postfix/mysql_relay_domains_maps.cf
+#
+# Here you can add further *maps.cf files if needed
+#
+POSTFIX_RELAY_DOMAINS=""
+
+## Type: string
## Default: hash:/etc/postfix/transport
#
# The list of transport_maps postfix should look for
@@ -244,7 +254,8 @@
# check_client_access hash:/etc/postfix/pop-before-smtp,
# check_client_access hash:/etc/postfix/relay,
# check_client_access hash:/etc/postfix/access,
-# reject_unknown_client_hostname"
+# reject_unknown_client_hostname,
+# reject_unauth_pipelining"
#
POSTFIX_SMTPD_CLIENT_RESTRICTIONS=""
@@ -260,12 +271,12 @@
# hard : "permit_mynetworks, reject_invalid_helo_hostname"
#
# Example:
-# POSTFIX_SMTPD_HELO_RESTRICTIONS="permit_mynetworks,
-# check_client_access hash:/etc/postfix/pop-before-smtp,
-# check_client_access hash:/etc/postfix/relay,
-# check_client_access hash:/etc/postfix/access,
+# POSTFIX_SMTPD_HELO_RESTRICTIONS="
# check_helo_access hash:/etc/postfix/helo_access,
-# reject_invalid_helo_hostname"
+# reject_invalid_helo_hostname,
+# reject_non_fqdn_helo_hostname,
+# reject_unknown_helo_hostname,
+# reject_unauth_pipelining"
#
POSTFIX_SMTPD_HELO_RESTRICTIONS=""
@@ -282,11 +293,11 @@
#
# Example:
# POSTFIX_SMTPD_SENDER_RESTRICTIONS="
-# check_client_access hash:/etc/postfix/pop-before-smtp,
-# check_client_access hash:/etc/postfix/relay,
-# check_client_access hash:/etc/postfix/access,
+# check_sender_access hash:/etc/postfix/access,
+# check_sender_a_access hash:/etc/postfix/access,
+# reject_non_fqdn_sender,
# reject_unknown_sender_domain,
-# reject_unknown_client_hostname"
+# reject_unauth_pipelining"
#
POSTFIX_SMTPD_SENDER_RESTRICTIONS=""
@@ -302,20 +313,13 @@
# hard : "permit_mynetworks, reject_unauth_destination"
#
# Example:
-# POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="permit_mynetworks,
-# check_client_access hash:/etc/postfix/pop-before-smtp,
-# check_client_access hash:/etc/postfix/relay,
-# check_client_access hash:/etc/postfix/access,
-# warn_if_reject,
-# reject_unknown_sender_domain,
-# warn_if_reject,
-# reject_unknown_recipient_domain,
-# reject_unknown_helo_hostname,
-# reject_unknown_client_hostname,
-# reject_non_fqdn_sender,
+# POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="
+# check_recipient_access hash:/etc/postfix/access,
# reject_non_fqdn_recipient,
-# reject_non_fqdn_hostname,
-# reject_unauth_destination"
+# reject_unauth_destination,
+# reject_unknown_recipient_domain,
+# reject_unverified_recipient,
+# reject_unauth_pipelining"
#
POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS=""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/sysconfig.postfix.20170126 new/postfix-SuSE/sysconfig.postfix.20170126
--- old/postfix-SuSE/sysconfig.postfix.20170126 1970-01-01 01:00:00.000000000 +0100
+++ new/postfix-SuSE/sysconfig.postfix.20170126 2017-01-26 18:31:57.871280147 +0100
@@ -0,0 +1,522 @@
+## Path: Network/Mail/Postfix
+## Description: Basic configuration of the postfix MTA
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# Should we use a mailrelay?
+# NOTE: ALL mail that is not considered to be my destination
+# (POSTFIX_LOCALDOMAINS), will be sent to this host.
+# If this host is not your MX, then you have to use [square brackets]
+# around the hostname, e.g. [relay.example.com]
+# You may also specify an alternate port number, e.g.
+# relay.example.com:26 or [relay.example.com]:26 to prevent MX lookups.
+#
+POSTFIX_RELAYHOST=""
+
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# Comma separated list of IP's
+# NOTE: If not set, LISTEN on all interfaces
+#
+POSTFIX_LISTEN=""
+
+## Type: string
+## Default: "all"
+## Config: postfix
+#
+# One Argument for proto to listen to
+# Example: POSTFIX_INET_PROTO="ipv4"
+# NOTE: If not set, LISTEN on all proto
+#
+POSTFIX_INET_PROTO=""
+
+## Type: string
+## Default: "$(hostname -f)"
+## Config: postfix
+#
+# define HOSTNAME you want postfix to show
+# NOTE: If set, You should have a "MX Record" in DNS for that name
+# and have a valid reverse entry ;)
+#
+POSTFIX_MYHOSTNAME=""
+
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# Comma separated list of domains that must have their subdomain
+# structure stripped off.
+# NOTE: If set, FROM_HEADER will also be appended to this list
+#
+POSTFIX_MASQUERADE_DOMAIN=""
+
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# Comma separated list of host-/domainnames for which postfix
+# should accept mail for.
+# localhost and the own hostname is the default if POSTFIX_LOCALDOMAINS
+# is set empty.
+# Examples:
+# POSTFIX_LOCALDOMAINS="\$myhostname, \$mydomain, localhost.\$mydomain"
+# if you want to use postfix internal variable substitutes or
+# POSTFIX_LOCALDOMAINS="example.com, host.example.com, localhost.example.com"
+#
+POSTFIX_LOCALDOMAINS=""
+
+## Type: yesno
+## Default: no
+## Config: postfix
+## ServiceRestart: postfix
+#
+# A null client is a machine that can only send mail. It receives no
+# mail from the network, and it does not deliver any mail locally.
+# A null client typically uses POP or NFS for mailbox access.
+# NOTE: This overrides the following variable: POSTFIX_LOCALDOMAINS
+#
+POSTFIX_NULLCLIENT="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# if set to yes, mail that will be delivered via smtp will stay
+# in the queue unless someone issues "sendmail -q" or equivalent.
+#
+POSTFIX_DIALUP="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Some people use Postfix to deliver mail across a LAN that is disconnected
+# most of the time. Under such conditions, mail delivery can suffer from
+# delays while the Postfix SMTP client performs sender and recipient
+# domain DNS lookups in order to be standards-compliant. To prevent these
+# delays, set this to yes.
+#
+POSTFIX_NODNS="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Start postfix services chrooted, that are able to run chrooted?
+# Note: if you want /usr/sbin/config.postfix to maintain the chroot jail, you
+# also have to set POSTFIX_UPDATE_CHROOT_JAIL to yes.
+# Note: if you want postfix runs in CHROOT enviroment, then the whole
+# /var directory must be on one partition.
+#
+POSTFIX_CHROOT="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Set this to yes, if /usr/sbin/config.postfix should setup the chroot jail itself
+#
+POSTFIX_UPDATE_CHROOT_JAIL="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Set this to yes, if /usr/sbin/config.postfix should activate ldap stuff in main.cf
+# This extends virtual_alias_maps with "ldap:/etc/postfix/ldap_aliases.cf"
+#
+POSTFIX_WITH_LDAP="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Set this to yes, if /usr/sbin/config.postfix should activate mysql stuff in main.cf
+# and having 'mysql.sock' inside chroot jail
+# Note: When POSTFIX_CHROOT="yes" then 'mysql.sock' will be available
+# in postfix CHROOT
+#
+POSTFIX_WITH_MYSQL="no"
+
+## Type: string(socket,tcp)
+## Default: "socket"
+## Config: postfix
+#
+# Set this to "tcp", if your MySQL is not on localhost
+# Note: When POSTFIX_CHROOT="yes" then MYSQL_SOCKET will also be available
+# in postfix chroot, but you can use "tcp" just as well with MySQL
+# on localhost
+#
+POSTFIX_MYSQL_CONN="socket"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Some of the postfix services require a fifo to operate correctly at least
+# when the system load is high. Recurring fifo access will prevent the
+# disk to fall asleep, so you might want to use a unix domain socket
+# instead, if you are using a laptop.
+#
+POSTFIX_LAPTOP="no"
+
+## Type: yesno
+## Default: yes
+## Config: postfix
+#
+# Should /usr/sbin/config.postfix update the different .db maps in /etc/postfix?
+#
+POSTFIX_UPDATE_MAPS="yes"
+
+## Type: string
+## Default: "virtual transport access canonical sender_canonical relocated sasl_passwd:600 relay_ccerts"
+## Config: postfix
+#
+# The list of maps, which should be maintained, if
+# POSTFIX_UPDATE_MAPS=yes. POSTFIX_MAP_LIST must be a space seperated list of
+# file names without an absolute path. They are all to be exptected
+# within the directory /etc/postfix. Optionally a file mode can be appended
+# using a colon as separator
+#
+POSTFIX_MAP_LIST="virtual transport access canonical sender_canonical relocated sasl_passwd:600 relay_ccerts helo_access relay"
+
+## Type: string
+## Default: hash:/etc/postfix/transport
+#
+# The list of transport_maps postfix should look for
+#
+POSTFIX_TRANSPORT_MAPS=""
+
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# A comma seperated list of hosts that blacklist client IP addresses
+# Note: This only has effect, if POSTFIX_BASIC_SPAM_PREVENTION is set
+# to either "medium" or "hard" or "custom". If left empty, no RBL checks will take place.
+#
+# Example: POSTFIX_RBL_HOSTS="bl.spamcop.net, cbl.abuseat.org, zen.spamhaus.org"
+#
+POSTFIX_RBL_HOSTS=""
+
+## Type: string(off,medium,hard)
+## Default: off
+## Config: postfix
+#
+# POSTFIX_BASIC_SPAM_PREVENTION possible values:
+# off : postfix default configuration
+# medium : medium UCE policy checks
+# hard : hard UCE policy checks
+# custom : you can define your own stuff
+
+# Note: when setting to "custom" and no settings in
+# "POSTFIX_SMTPD_CLIENT_RESTRICTIONS"
+# "POSTFIX_HELO_RESTRICTIONS"
+# "POSTFIX_SENDER_RESTRICTIONS"
+# "POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" result is like setting to "medium"
+#
+# Setting this to medium or hard will activate some basic UCE controls
+# supported by postfix. This may lead to mails which are undeliverable
+# to your mailserver! USE THAT ON YOUR OWN RISC!!!
+# See http://www.postfix.org/uce.html for more details !
+#
+POSTFIX_BASIC_SPAM_PREVENTION="off"
+
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# Fill "POSTFIX_SMTPD_CLIENT_RESTRICTIONS" for completion of this RESTRICTION
+#
+# A comma or space separated list of restrictions
+# Note: if set to ...
+# medium: "$POSTFIX_RBL_HOSTS"
+# hard" : "permit_mynetworks, $POSTFIX_RBL_HOSTS, reject_unknown_client_hostname"
+#
+# "POSTFIX_RBL_HOSTS" will be placed by /usr/sbin/config.postfix. You do not need to define it here.
+# Fill "POSTFIX_RBL_HOSTS" instead
+#
+# Example:
+# POSTFIX_SMTPD_CLIENT_RESTRICTIONS="permit_mynetworks,
+# check_client_access hash:/etc/postfix/pop-before-smtp,
+# check_client_access hash:/etc/postfix/relay,
+# check_client_access hash:/etc/postfix/access,
+# reject_unknown_client_hostname"
+#
+POSTFIX_SMTPD_CLIENT_RESTRICTIONS=""
+
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# Fill "POSTFIX_SMTPD_HELO_RESTRICTIONS" for completion of this RESTRICTION
+#
+# A comma or space separated list of restrictions
+# Note: if set to ...
+# medium: ""
+# hard : "permit_mynetworks, reject_invalid_helo_hostname"
+#
+# Example:
+# POSTFIX_SMTPD_HELO_RESTRICTIONS="permit_mynetworks,
+# check_client_access hash:/etc/postfix/pop-before-smtp,
+# check_client_access hash:/etc/postfix/relay,
+# check_client_access hash:/etc/postfix/access,
+# check_helo_access hash:/etc/postfix/helo_access,
+# reject_invalid_helo_hostname"
+#
+POSTFIX_SMTPD_HELO_RESTRICTIONS=""
+
+## Type: string
+## Default: "hash:/etc/postfix/access, reject_unknown_sender_domain"
+## Config: postfix
+#
+# Fill "POSTFIX_SMTPD_SENDER_RESTRICTIONS" for completion of this RESTRICTION
+#
+# A comma or space separated list of restrictions
+# Note: if set to ...
+# medium: "hash:/etc/postfix/access, reject_unknown_sender_domain"
+# hard : "hash:/etc/postfix/access, reject_unknown_sender_domain"
+#
+# Example:
+# POSTFIX_SMTPD_SENDER_RESTRICTIONS="
+# check_client_access hash:/etc/postfix/pop-before-smtp,
+# check_client_access hash:/etc/postfix/relay,
+# check_client_access hash:/etc/postfix/access,
+# reject_unknown_sender_domain,
+# reject_unknown_client_hostname"
+#
+POSTFIX_SMTPD_SENDER_RESTRICTIONS=""
+
+## Type: string
+## Default: "permit_mynetworks, reject_unauth_destination"
+## Config: postfix
+#
+# Fill "POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" for completion of this RESTRICTION
+#
+# A comma or space separated list of restrictions
+# Note: if set to
+# medium: "permit_mynetworks, reject_unauth_destination"
+# hard : "permit_mynetworks, reject_unauth_destination"
+#
+# Example:
+# POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="permit_mynetworks,
+# check_client_access hash:/etc/postfix/pop-before-smtp,
+# check_client_access hash:/etc/postfix/relay,
+# check_client_access hash:/etc/postfix/access,
+# warn_if_reject,
+# reject_unknown_sender_domain,
+# warn_if_reject,
+# reject_unknown_recipient_domain,
+# reject_unknown_helo_hostname,
+# reject_unknown_client_hostname,
+# reject_non_fqdn_sender,
+# reject_non_fqdn_recipient,
+# reject_non_fqdn_hostname,
+# reject_unauth_destination"
+#
+POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS=""
+
+## Type: list(procmail,cyrus,dovecot,local)
+## Default: local
+## Config: postfix
+#
+# POSTFIX_MDA possible values:
+# procmail: use procmail to deliver mail locally
+# cyrus : use lmtp to deliver to cyrus-imapd
+# dovecot : use dovecot to deliver mail to dovecot
+# local : use postfix local MDA
+#
+POSTFIX_MDA="local"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Configure postfix to enable users to auth against postfix
+# to be able to relay mail independent of being within
+# the local network/domain.
+# You may want to edit /etc/sasl2/smtpd.conf to fit your needs.
+# See /usr/share/doc/packages/postfix/README_FILES/SASL_README
+# for more details.
+#
+POSTFIX_SMTP_AUTH_SERVER="no"
+
+## Type: string(cyrus,dovecot)
+## Default: "cyrus"
+## Config: postfix
+#
+# Configure postfix which SASL service to use
+# cyrus : smtpd_sasl_type = cyrus, smtpd_sasl_path = smtpd
+# dovecot : smtpd_sasl_type = dovecot, smtpd_sasl_path = private/auth
+#
+POSTFIX_SMTP_AUTH_SERVICE="cyrus"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Enable SMTP-AUTH for the postfix smtp client
+# you have to edit /etc/postfix/sasl_passwd and call
+# /usr/sbin/config.postfix afterwards
+#
+POSTFIX_SMTP_AUTH="no"
+
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# POSTFIX_SMTP_AUTH_OPTIONS possible values:
+# comma separated list of one or more of
+#
+# noplaintext: disallow methods that use plaintext passwords
+# noactive: disallow methods subject to active (non-dictionary) attack
+# nodictionary: disallow methods subject to passive (dictionary) attack
+# noanonymous: disallow methods that allow anonymous authentication
+#
+POSTFIX_SMTP_AUTH_OPTIONS=""
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Do you want to use STARTTLS
+#
+POSTFIX_SMTP_TLS_SERVER="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Do you want to use SMTP over SSL.
+# assigns port 465 to smtps in /etc/services
+# CAUTION: the IANA has assigned a different protocol to port 465
+# Usage of port 465 for smtps was not officially encouraged
+# If you enable this you need to make sure that it does not collide
+# with protocol urd
+#
+POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT="no"
+
+## Type: list(no,yes,must)
+## Default: no
+## Config: postfix
+#
+# Do you want to enable postfix smtp client to use TLS
+#
+POSTFIX_SMTP_TLS_CLIENT="no"
+
+## Type: string
+## Default: "/etc/postfix/ssl"
+## Config: postfix
+#
+# path to the directory where the certificates (default: certs/postfixcert.pem)
+# and CA certificates (default: ./cacerts) can be found
+#
+# This folder will be synced via 'config.postfix' when running 'chrooted'
+#
+POSTFIX_SSL_PATH="/etc/postfix/ssl"
+
+## Type: string
+## Default: "cacert.pem"
+## Config: postfix
+#
+# name of the CAfile (below POSTFIX_SSL_PATH)
+#
+# when having more than one CA you want to trust, then
+# leave it empty and CApath ( POSTFIX_SSL_PATH/cacerts )
+# is used instead. Do not forget to run c_rehash POSTFIX_SSL_PATH/cacerts
+# after storing the certs.
+#
+POSTFIX_TLS_CAFILE=""
+
+## Type: string
+## Default: "certs/postfixcert.pem"
+## Config: postfix
+#
+# name of the file containing the certificate (below POSTFIX_SSL_PATH)
+#
+POSTFIX_TLS_CERTFILE="certs/postfixcert.pem"
+
+## Type: string
+## Default: "certs/postfixkey.pem"
+## Config: postfix
+#
+# name of the file containing the key (below POSTFIX_SSL_PATH)
+#
+POSTFIX_TLS_KEYFILE="certs/postfixkey.pem"
+
+#
+# The following options are used by /usr/sbin/config.postfix and mkpostfixcert
+# to create a CA and certificates
+# POSTFIX_SSL_COUNTRY must be a two letter code defined by ISO 3166
+#
+## Type: string
+## Default: "XX"
+POSTFIX_SSL_COUNTRY=""
+
+## Type: string
+## Default: "Some state"
+POSTFIX_SSL_STATE=""
+
+## Type: string
+## Default: "Some locality"
+POSTFIX_SSL_LOCALITY=""
+
+## Type: string
+## Default: "Some Organization"
+POSTFIX_SSL_ORGANIZATION=""
+
+## Type: string
+## Default: "Some Organizational Unit"
+POSTFIX_SSL_ORGANIZATIONAL_UNIT=""
+
+## Type: string
+## Default: "A common name"
+POSTFIX_SSL_COMMON_NAME=""
+
+## Type: string
+## Default: "postmaster"
+POSTFIX_SSL_EMAIL_ADDRESS=""
+
+#
+# POSTFIX_ADD_*
+# You may add any existing postfix parameter here. Just execute the
+# postconf command to get a complete list. You then have to uppercase
+# the parameter and prepend POSTFIX_ADD_.
+# Example:
+# Let's say you want to add the postfix parameter mailbox_size_limit.
+# Then just add
+# POSTFIX_ADD_MAILBOX_SIZE_LIMIT=0
+# POSTFIX_ADD_MESSAGE_SIZE_LIMIT=30000000
+
+## Type: string
+## Default: 0
+POSTFIX_ADD_MAILBOX_SIZE_LIMIT="0"
+
+## Type: string
+## Default: 10240000
+POSTFIX_ADD_MESSAGE_SIZE_LIMIT="0"
+
+## Type: yesno
+## Default: yes
+## Config: postfix
+#
+# Automatically register to slpd, if running?
+#
+POSTFIX_REGISTER_SLP="yes"
+
+## Type: list(subnet,host,class)
+## Default: subnet
+## Config: postfix
+#
+#
+# The postfix default for this setting is "subnet"
+# for security reasons you should use host
+# otherwise every user in the same subnet as you, can use
+# your postfix server as a mail relay for spam.
+# If you set POSTFIX_DIALUP to "yes" mynetworks_style
+# will be set to "host" by /usr/sbin/config.postfix.
+#
+POSTFIX_ADD_MYNETWORKS_STYLE="subnet"
++++++ postfix-main.cf.patch ++++++
--- /var/tmp/diff_new_pack.HFO2lf/_old 2018-11-28 11:10:32.215139957 +0100
+++ /var/tmp/diff_new_pack.HFO2lf/_new 2018-11-28 11:10:32.215139957 +0100
@@ -10,7 +10,7 @@
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
-@@ -673,4 +674,138 @@ sample_directory =
+@@ -673,4 +674,140 @@ sample_directory =
# readme_directory: The location of the Postfix README files.
#
readme_directory =
@@ -108,6 +108,7 @@
+smtpd_tls_cert_file =
+smtpd_tls_key_file =
+smtpd_tls_ask_ccert = no
++smtpd_tls_exclude_ciphers = RC4
+smtpd_tls_received_header = no
+############################################################
+# Start MySQL from postfixwiki.org
@@ -144,6 +145,7 @@
+#unknown_address_reject_code = 550
+#unknown_client_reject_code = 550
+#unknown_hostname_reject_code = 550
++#unverified_recipient_reject_code = 550
+#soft_bounce = yes
+############################################################
+#debug_peer_list = example.com
1
0