openSUSE Commits
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
December 2019
- 1 participants
- 2204 discussions
Hello community,
here is the log from the commit of package python-pytest-xdist for openSUSE:Factory checked in at 2019-12-02 11:26:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pytest-xdist (Old)
and /work/SRC/openSUSE:Factory/.python-pytest-xdist.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pytest-xdist"
Mon Dec 2 11:26:51 2019 rev:11 rq:735843 version:1.30.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-pytest-xdist/python-pytest-xdist.changes 2019-07-30 13:00:30.514446513 +0200
+++ /work/SRC/openSUSE:Factory/.python-pytest-xdist.new.4691/python-pytest-xdist.changes 2019-12-02 11:27:08.650676139 +0100
@@ -1,0 +2,7 @@
+Mon Oct 7 13:00:36 UTC 2019 - Tomáš Chvátal <tchvatal(a)suse.com>
+
+- Update to 1.30.0:
+ * Fix crash issues related to running xdist with the terminal plugin disabled
+ * Initialization between workers and master nodes is now more consistent
+
+-------------------------------------------------------------------
Old:
----
pytest-xdist-1.29.0.tar.gz
New:
----
pytest-xdist-1.30.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-pytest-xdist.spec ++++++
--- /var/tmp/diff_new_pack.lYn1Ra/_old 2019-12-02 11:27:09.270675904 +0100
+++ /var/tmp/diff_new_pack.lYn1Ra/_new 2019-12-02 11:27:09.274675903 +0100
@@ -18,7 +18,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-pytest-xdist
-Version: 1.29.0
+Version: 1.30.0
Release: 0
Summary: Distributed testing and loop-on-failing for py.test
License: MIT
++++++ pytest-xdist-1.29.0.tar.gz -> pytest-xdist-1.30.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pytest-xdist-1.29.0/CHANGELOG.rst new/pytest-xdist-1.30.0/CHANGELOG.rst
--- old/pytest-xdist-1.29.0/CHANGELOG.rst 2019-06-14 22:11:07.000000000 +0200
+++ new/pytest-xdist-1.30.0/CHANGELOG.rst 2019-10-01 17:36:18.000000000 +0200
@@ -411,6 +411,28 @@
.. towncrier release notes start
+pytest-xdist 1.30.0 (2019-10-01)
+================================
+
+Features
+--------
+
+- `#448 <https://github.com/pytest-dev/pytest-xdist/issues/448>`_: Initialization between workers and master nodes is now more consistent, which fixes a number of
+ long-standing issues related to startup with the ``-c`` option.
+
+ Issues:
+
+ * `#6 <https://github.com/pytest-dev/pytest-xdist/issues/6>`__: Poor interaction between ``-n#`` and ``-c X.cfg``
+ * `#445 <https://github.com/pytest-dev/pytest-xdist/issues/445>`__: pytest-xdist is not reporting the same nodeid as pytest does
+
+ This however only works with **pytest 5.1 or later**, as it required changes in pytest itself.
+
+
+Bug Fixes
+---------
+
+- `#467 <https://github.com/pytest-dev/pytest-xdist/issues/467>`_: Fix crash issues related to running xdist with the terminal plugin disabled.
+
1.17.0
------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pytest-xdist-1.29.0/PKG-INFO new/pytest-xdist-1.30.0/PKG-INFO
--- old/pytest-xdist-1.29.0/PKG-INFO 2019-06-14 22:11:25.000000000 +0200
+++ new/pytest-xdist-1.30.0/PKG-INFO 2019-10-01 17:36:34.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: pytest-xdist
-Version: 1.29.0
+Version: 1.30.0
Summary: pytest xdist plugin for distributed testing and loop-on-failing modes
Home-page: https://github.com/pytest-dev/pytest-xdist
Author: holger krekel and contributors
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pytest-xdist-1.29.0/src/pytest_xdist.egg-info/PKG-INFO new/pytest-xdist-1.30.0/src/pytest_xdist.egg-info/PKG-INFO
--- old/pytest-xdist-1.29.0/src/pytest_xdist.egg-info/PKG-INFO 2019-06-14 22:11:24.000000000 +0200
+++ new/pytest-xdist-1.30.0/src/pytest_xdist.egg-info/PKG-INFO 2019-10-01 17:36:33.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: pytest-xdist
-Version: 1.29.0
+Version: 1.30.0
Summary: pytest xdist plugin for distributed testing and loop-on-failing modes
Home-page: https://github.com/pytest-dev/pytest-xdist
Author: holger krekel and contributors
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pytest-xdist-1.29.0/src/xdist/_version.py new/pytest-xdist-1.30.0/src/xdist/_version.py
--- old/pytest-xdist-1.29.0/src/xdist/_version.py 2019-06-14 22:11:24.000000000 +0200
+++ new/pytest-xdist-1.30.0/src/xdist/_version.py 2019-10-01 17:36:33.000000000 +0200
@@ -1,4 +1,4 @@
# coding: utf-8
# file generated by setuptools_scm
# don't change, don't track in version control
-version = '1.29.0'
+version = '1.30.0'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pytest-xdist-1.29.0/src/xdist/dsession.py new/pytest-xdist-1.30.0/src/xdist/dsession.py
--- old/pytest-xdist-1.29.0/src/xdist/dsession.py 2019-06-14 22:11:07.000000000 +0200
+++ new/pytest-xdist-1.30.0/src/xdist/dsession.py 2019-10-01 17:36:18.000000000 +0200
@@ -49,11 +49,8 @@
self._max_worker_restart = get_default_max_worker_restart(self.config)
# summary message to print at the end of the session
self._summary_report = None
- try:
- self.terminal = config.pluginmanager.getplugin("terminalreporter")
- except KeyError:
- self.terminal = None
- else:
+ self.terminal = config.pluginmanager.getplugin("terminalreporter")
+ if self.terminal:
self.trdist = TerminalDistReporter(config)
config.pluginmanager.register(self.trdist, "terminaldistreporter")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pytest-xdist-1.29.0/src/xdist/plugin.py new/pytest-xdist-1.30.0/src/xdist/plugin.py
--- old/pytest-xdist-1.29.0/src/xdist/plugin.py 2019-06-14 22:11:07.000000000 +0200
+++ new/pytest-xdist-1.30.0/src/xdist/plugin.py 2019-10-01 17:36:18.000000000 +0200
@@ -154,11 +154,7 @@
def pytest_addhooks(pluginmanager):
from xdist import newhooks
- # avoid warnings with pytest-2.8
- method = getattr(pluginmanager, "add_hookspecs", None)
- if method is None:
- method = pluginmanager.addhooks
- method(newhooks)
+ pluginmanager.add_hookspecs(newhooks)
# -------------------------------------------------------------------------
@@ -174,7 +170,8 @@
session = DSession(config)
config.pluginmanager.register(session, "dsession")
tr = config.pluginmanager.getplugin("terminalreporter")
- tr.showfspath = False
+ if tr:
+ tr.showfspath = False
if config.getoption("boxed"):
config.option.forked = True
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pytest-xdist-1.29.0/src/xdist/remote.py new/pytest-xdist-1.30.0/src/xdist/remote.py
--- old/pytest-xdist-1.29.0/src/xdist/remote.py 2019-06-14 22:11:07.000000000 +0200
+++ new/pytest-xdist-1.30.0/src/xdist/remote.py 2019-10-01 17:36:18.000000000 +0200
@@ -15,6 +15,8 @@
import pytest
from execnet.gateway_base import dumps, DumpError
+from _pytest.config import _prepareconfig, Config
+
class WorkerInteractor(object):
def __init__(self, config, channel):
@@ -211,18 +213,18 @@
def remote_initconfig(option_dict, args):
- from _pytest.config import Config
-
option_dict["plugins"].append("no:terminal")
- config = Config.fromdictargs(option_dict, args)
+ return Config.fromdictargs(option_dict, args)
+
+
+def setup_config(config, basetemp):
config.option.looponfail = False
config.option.usepdb = False
config.option.dist = "no"
config.option.distload = False
config.option.numprocesses = None
config.option.maxprocesses = None
- config.args = args
- return config
+ config.option.basetemp = basetemp
if __name__ == "__channelexec__":
@@ -239,7 +241,13 @@
os.environ["PYTEST_XDIST_WORKER"] = workerinput["workerid"]
os.environ["PYTEST_XDIST_WORKER_COUNT"] = str(workerinput["workercount"])
- config = remote_initconfig(option_dict, args)
+ if hasattr(Config, "InvocationParams"):
+ config = _prepareconfig(args, None)
+ else:
+ config = remote_initconfig(option_dict, args)
+ config.args = args
+
+ setup_config(config, option_dict.get("basetemp"))
config._parser.prog = os.path.basename(workerinput["mainargv"][0])
config.workerinput = workerinput
config.workeroutput = {}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pytest-xdist-1.29.0/src/xdist/workermanage.py new/pytest-xdist-1.30.0/src/xdist/workermanage.py
--- old/pytest-xdist-1.29.0/src/xdist/workermanage.py 2019-06-14 22:11:07.000000000 +0200
+++ new/pytest-xdist-1.30.0/src/xdist/workermanage.py 2019-10-01 17:36:18.000000000 +0200
@@ -112,7 +112,10 @@
ignores += self.config.option.rsyncignore
ignores += self.config.getini("rsyncignore")
- return {"ignores": ignores, "verbose": self.config.option.verbose}
+ return {
+ "ignores": ignores,
+ "verbose": getattr(self.config.option, "verbose", False),
+ }
def rsync(self, gateway, source, notify=None, verbose=False, ignores=None):
"""Perform rsync to remote hosts for node."""
@@ -186,6 +189,8 @@
for arg in args:
parts = arg.split(splitcode)
fspath = py.path.local(parts[0])
+ if not fspath.exists():
+ continue
for root in roots:
x = fspath.relto(root)
if x or fspath == root:
@@ -236,10 +241,14 @@
def setup(self):
self.log("setting up worker session")
spec = self.gateway.spec
- args = self.config.args
+ if hasattr(self.config, "invocation_params"):
+ args = [str(x) for x in self.config.invocation_params.args or ()]
+ option_dict = {}
+ else:
+ args = self.config.args
+ option_dict = vars(self.config.option)
if not spec.popen or spec.chdir:
args = make_reltoroot(self.nodemanager.roots, args)
- option_dict = vars(self.config.option)
if spec.popen:
name = "popen-%s" % self.gateway.id
if hasattr(self.config, "_tmpdirhandler"):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pytest-xdist-1.29.0/testing/acceptance_test.py new/pytest-xdist-1.30.0/testing/acceptance_test.py
--- old/pytest-xdist-1.29.0/testing/acceptance_test.py 2019-06-14 22:11:07.000000000 +0200
+++ new/pytest-xdist-1.30.0/testing/acceptance_test.py 2019-10-01 17:36:18.000000000 +0200
@@ -559,6 +559,30 @@
assert result.ret
+def test_config_initialization(testdir, pytestconfig):
+ """Ensure workers and master are initialized consistently. Integration test for #445"""
+ if not hasattr(pytestconfig, "invocation_params"):
+ pytest.skip(
+ "requires pytest >=5.1 (config has no attribute 'invocation_params')"
+ )
+ testdir.makepyfile(
+ **{
+ "dir_a/test_foo.py": """
+ def test_1(): pass
+ """
+ }
+ )
+ testdir.makefile(
+ ".ini",
+ myconfig="""
+ [pytest]
+ testpaths=dir_a
+ """,
+ )
+ result = testdir.runpytest("-n2", "-c", "myconfig.ini", "-v")
+ result.stdout.fnmatch_lines(["dir_a/test_foo.py::test_1*"])
+
+
@pytest.mark.parametrize("when", ["setup", "call", "teardown"])
def test_crashing_item(testdir, when):
"""Ensure crashing item is correctly reported during all testing stages"""
@@ -1050,6 +1074,22 @@
assert "gw0 C / gw1 C" not in result.stdout.str()
+def test_without_terminal_plugin(testdir, request):
+ """
+ No output when terminal plugin is disabled
+ """
+ testdir.makepyfile(
+ """
+ def test_1():
+ pass
+ """
+ )
+ result = testdir.runpytest("-p", "no:terminal", "-n2")
+ assert result.stdout.str() == ""
+ assert result.stderr.str() == ""
+ assert result.ret == 0
+
+
def test_internal_error_with_maxfail(testdir):
"""
Internal error when using --maxfail option (#62, #65).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pytest-xdist-1.29.0/testing/conftest.py new/pytest-xdist-1.30.0/testing/conftest.py
--- old/pytest-xdist-1.29.0/testing/conftest.py 2019-06-14 22:11:07.000000000 +0200
+++ new/pytest-xdist-1.30.0/testing/conftest.py 2019-10-01 17:36:18.000000000 +0200
@@ -1,20 +1,19 @@
+import six
import py
import pytest
import execnet
-
-(a)pytest.fixture(scope="session", autouse=True)
-def _ensure_imports():
- # we import some modules because pytest-2.8's testdir fixture
- # will unload all modules after each test and this cause
- # (unknown) problems with execnet.Group()
- execnet.Group
- execnet.makegateway
-
-
pytest_plugins = "pytester"
-# rsyncdirs = ['.', '../xdist', py.path.local(execnet.__file__).dirpath()]
+if six.PY2:
+
+ @pytest.fixture(scope="session", autouse=True)
+ def _ensure_imports():
+ # we import some modules because pytest-2.8's testdir fixture
+ # will unload all modules after each test and this cause
+ # (unknown) problems with execnet.Group()
+ execnet.Group
+ execnet.makegateway
@pytest.fixture(autouse=True)
@@ -45,14 +44,6 @@
return getspecssh(request.config)
-(a)pytest.fixture
-def testdir(testdir):
- # pytest before 2.8 did not have a runpytest_subprocess
- if not hasattr(testdir, "runpytest_subprocess"):
- testdir.runpytest_subprocess = testdir.runpytest
- return testdir
-
-
# configuration information for tests
def getgspecs(config):
return [execnet.XSpec(spec) for spec in config.getvalueorskip("gspecs")]
1
0
Hello community,
here is the log from the commit of package upower for openSUSE:Factory checked in at 2019-12-02 11:26:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/upower (Old)
and /work/SRC/openSUSE:Factory/.upower.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "upower"
Mon Dec 2 11:26:35 2019 rev:70 rq:750505 version:0.99.11
Changes:
--------
--- /work/SRC/openSUSE:Factory/upower/upower.changes 2019-09-11 10:25:00.259476434 +0200
+++ /work/SRC/openSUSE:Factory/.upower.new.4691/upower.changes 2019-12-02 11:27:02.122678608 +0100
@@ -1,0 +2,8 @@
+Thu Nov 21 12:20:06 UTC 2019 - Frederic Crozat <fcrozat(a)suse.com>
+
+- Add upower-sle15.patch: disable some systemd hardening,
+ presenting upower to start with SLE15 SP2+ systemd.
+- Switch back to setup/patch macros, autosetup doesn't allow
+ skipping some patches.
+
+-------------------------------------------------------------------
New:
----
upower-sle15.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ upower.spec ++++++
--- /var/tmp/diff_new_pack.yBU9Dl/_old 2019-12-02 11:27:02.626678418 +0100
+++ /var/tmp/diff_new_pack.yBU9Dl/_new 2019-12-02 11:27:02.626678418 +0100
@@ -33,6 +33,8 @@
Source: %{name}-%{version}.tar.xz
# PATCH-FEATURE-OPENSUSE upower-hibernate-insteadof-hybridsleep.patch boo#985741 dimstar(a)opensuse.org -- Set the system per default to hibernate, not hybridsleep
Patch0: upower-hibernate-insteadof-hybridsleep.patch
+# PATCH-FEATURE-SLE upower-sle15.patch fcrozat(a)suse.com -- Disable some hardenings, don't work on SLE15 SP2+
+Patch1: upower-sle15.patch
BuildRequires: gobject-introspection-devel >= 0.9.9
BuildRequires: gtk-doc >= 1.11
@@ -102,7 +104,11 @@
%lang_package
%prep
-%autosetup -p1
+%setup -q
+%patch0 -p1
+%if 0%{?sle_version}
+%patch1 -p1
+%endif
%build
NOCONFIGURE=1 ./autogen.sh
++++++ upower-sle15.patch ++++++
diff -up upower/src/upower.service.in.sle15 upower/src/upower.service.in
--- upower/src/upower.service.in.sle15 2019-11-21 13:17:05.087461073 +0100
+++ upower/src/upower.service.in 2019-11-21 14:08:28.107317367 +0100
@@ -14,13 +14,13 @@ ProtectSystem=strict
ProtectKernelTunables=false
ProtectControlGroups=true
ReadWritePaths=@historydir@
-StateDirectory=upower
+#StateDirectory=upower
ProtectHome=true
PrivateTmp=true
# Network
# PrivateNetwork=true would block udev's netlink socket
-IPAddressDeny=any
+#IPAddressDeny=any
RestrictAddressFamilies=AF_UNIX AF_NETLINK
# Execute Mappings
@@ -39,10 +39,10 @@ NoNewPrivileges=true
CapabilityBoundingSet=
# System call interfaces
-LockPersonality=yes
+#LockPersonality=yes
SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallFilter=ioprio_get
+#SystemCallFilter=@system-service
+#SystemCallFilter=ioprio_get
# Namespaces
PrivateUsers=yes
1
0
Hello community,
here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2019-12-02 11:26:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ca-certificates-mozilla"
Mon Dec 2 11:26:32 2019 rev:44 rq:750502 version:2.34
Changes:
--------
--- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2019-08-15 12:25:20.586607048 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.4691/ca-certificates-mozilla.changes 2019-12-02 11:26:51.950682456 +0100
@@ -1,0 +2,6 @@
+Tue Nov 12 09:58:01 UTC 2019 - Ludwig Nussel <lnussel(a)suse.de>
+
+- export correct p11kit trust attributes so Firefox detects built in
+ certificates (boo#1154871). Courtesy of Fedora.
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ca-certificates-mozilla.spec ++++++
--- /var/tmp/diff_new_pack.vnKWC3/_old 2019-12-02 11:26:56.886680589 +0100
+++ /var/tmp/diff_new_pack.vnKWC3/_new 2019-12-02 11:26:56.890680587 +0100
@@ -38,8 +38,7 @@
# accidentally included!
Source: http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certd…
Source1: http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/nssck…
-# from Fedora. Note: currently contains extra fix to remove quotes. Pending upstream approval.
-Source10: certdata2pem.py
+Source10: https://src.fedoraproject.org/rpms/ca-certificates/raw/master/f/certdata2pe…
Source11: %{name}.COPYING
Source12: compareoldnew
BuildRequires: ca-certificates
@@ -61,7 +60,8 @@
%prep
%setup -qcT
-/bin/cp %{SOURCE0} .
+mkdir certs
+ln -s %{SOURCE0} certs
install -m 644 %{SOURCE11} COPYING
ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*"\(.*\)"/\1/p' < "%{SOURCE1}"`
@@ -72,44 +72,29 @@
%build
export LANG=en_US.UTF-8
+cd certs
python3 %{SOURCE10}
+cd ..
+(
+ cat <<-EOF
+ # This is a bundle of X.509 certificates of public Certificate
+ # Authorities. It was generated from the Mozilla root CA list.
+ # These certificates and trust/distrust attributes use the file format accepted
+ # by the p11-kit-trust module.
+ #
+ # Source: nss/lib/ckfw/builtins/certdata.txt
+ # Source: nss/lib/ckfw/builtins/nssckbi.h
+ #
+ # Generated from:
+ EOF
+ awk '$2 = "NSS_BUILTINS_LIBRARY_VERSION" {print "# " $2 " " $3}';
+ echo '#';
+ ls -1 certs/*.tmp-p11-kit | sort | xargs cat
+) > ca-certificates-mozila.trust.p11-kit
%install
-mkdir -p %{buildroot}/%{trustdir_static}/anchors
-set +x
-for i in *.crt; do
- args=()
- trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"`
- distrust=`sed -n '/^# openssl-distrust=/{s/^.*=//;p;q;}' "$i"`
- alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' "$i"`
- args+=('-trustout')
- for t in $trust; do
- args+=("-addtrust" "$t")
- done
- for t in $distrust; do
- args+=("-addreject" "$t")
- done
- [ -z "$alias" ] || args+=('-setalias' "$alias")
-
- echo "$i ${args[*]}"
- fname="%{buildroot}/%{trustdir_static}$d/${i%%:*}.pem"
- if [ -e "$fname" ]; then
- fname="${fname%.pem}"
- j=1
- while [ -e "$fname.$j.pem" ]; do
- j=$((j+1))
- done
- fname="$fname.$j.pem"
- fi
- {
- grep '^#' "$i"
- openssl x509 -in "$i" "${args[@]}"
- } > "$fname"
-done
-for i in *.p11-kit ; do
- install -m 644 "$i" "%{buildroot}/%{trustdir_static}"
-done
-set -x
+mkdir -p %{buildroot}/%{trustdir_static}
+install -m 644 ca-certificates-mozila.trust.p11-kit "%{buildroot}/%{trustdir_static}/ca-certificates-mozila.trust.p11-kit"
%post
update-ca-certificates || true
++++++ certdata2pem.py ++++++
--- /var/tmp/diff_new_pack.vnKWC3/_old 2019-12-02 11:26:57.002680545 +0100
+++ /var/tmp/diff_new_pack.vnKWC3/_new 2019-12-02 11:26:57.002680545 +0100
@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/python
# vim:set et sw=4:
#
# certdata2pem.py - splits certdata.txt into multiple files
@@ -26,7 +26,8 @@
import re
import sys
import textwrap
-import urllib.parse
+import urllib.request, urllib.parse, urllib.error
+import subprocess
objects = []
@@ -35,7 +36,7 @@
# Dirty file parser.
in_data, in_multiline, in_obj = False, False, False
-field, vtype, value, obj = None, None, None, dict()
+field, ftype, value, binval, obj = None, None, None, bytearray(), dict()
for line in open('certdata.txt', 'r'):
# Ignore the file header.
if not in_data:
@@ -55,33 +56,36 @@
continue
if in_multiline:
if not line.startswith('END'):
- if vtype == 'MULTILINE_OCTAL':
+ if ftype == 'MULTILINE_OCTAL':
line = line.strip()
- numbers = [int(i.group(1), 8) for i in re.finditer(r'\\([0-3][0-7][0-7])', line)]
- value += bytes(numbers)
+ for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
+ integ = int(i.group(1), 8)
+ binval.extend((integ).to_bytes(1, sys.byteorder))
+ obj[field] = binval
else:
value += line
+ obj[field] = value
continue
- obj[field] = value
in_multiline = False
continue
if line.startswith('CKA_CLASS'):
in_obj = True
line_parts = line.strip().split(' ', 2)
if len(line_parts) > 2:
- field, vtype = line_parts[0:2]
+ field, ftype = line_parts[0:2]
value = ' '.join(line_parts[2:])
elif len(line_parts) == 2:
- field, vtype = line_parts
+ field, ftype = line_parts
value = None
else:
raise NotImplementedError('line_parts < 2 not supported.\n' + line)
- if vtype == 'MULTILINE_OCTAL':
+ if ftype == 'MULTILINE_OCTAL':
in_multiline = True
- value = b""
+ value = ""
+ binval = bytearray()
continue
obj[field] = value
-if obj:
+if len(list(obj.items())) > 0:
objects.append(obj)
# Build up trust database.
@@ -109,15 +113,32 @@
.replace('(', '=')\
.replace(')', '=')\
.replace(',', '_')
- # encode possible Unicode string to UTF8 bytes first
- label = label.encode("utf8")
- # decode hex escape sequences
- label = re.sub(rb'\\x[0-9a-fA-F]{2}', lambda m:bytes([int(m.group(0)[2:], 16)]), label)
- # read back UTF8 bytes
- label = label.decode("utf8")
+ labelbytes = bytearray()
+ i = 0
+ imax = len(label)
+ while i < imax:
+ if i < imax-3 and label[i] == '\\' and label[i+1] == 'x':
+ labelbytes.extend(bytes.fromhex(label[i+2:i+4]))
+ i += 4
+ continue
+ labelbytes.extend(str.encode(label[i]))
+ i = i+1
+ continue
+ label = labelbytes.decode('utf-8')
serial = printable_serial(obj)
return label + ":" + serial
+def write_cert_ext_to_file(f, oid, value, public_key):
+ f.write("[p11-kit-object-v1]\n")
+ f.write("label: ");
+ f.write(tobj['CKA_LABEL'])
+ f.write("\n")
+ f.write("class: x-certificate-extension\n");
+ f.write("object-id: " + oid + "\n")
+ f.write("value: \"" + value + "\"\n")
+ f.write("modifiable: false\n");
+ f.write(public_key)
+
trust_types = {
"CKA_TRUST_DIGITAL_SIGNATURE": "digital-signature",
"CKA_TRUST_NON_REPUDIATION": "non-repudiation",
@@ -137,6 +158,18 @@
"CKA_TRUST_STEP_UP_APPROVED": "step-up-approved",
}
+legacy_trust_types = {
+ "LEGACY_CKA_TRUST_SERVER_AUTH": "server-auth",
+ "LEGACY_CKA_TRUST_CODE_SIGNING": "code-signing",
+ "LEGACY_CKA_TRUST_EMAIL_PROTECTION": "email-protection",
+}
+
+legacy_to_real_trust_types = {
+ "LEGACY_CKA_TRUST_SERVER_AUTH": "CKA_TRUST_SERVER_AUTH",
+ "LEGACY_CKA_TRUST_CODE_SIGNING": "CKA_TRUST_CODE_SIGNING",
+ "LEGACY_CKA_TRUST_EMAIL_PROTECTION": "CKA_TRUST_EMAIL_PROTECTION",
+}
+
openssl_trust = {
"CKA_TRUST_SERVER_AUTH": "serverAuth",
"CKA_TRUST_CLIENT_AUTH": "clientAuth",
@@ -152,7 +185,9 @@
distrustbits = []
openssl_trustflags = []
openssl_distrustflags = []
- for t in sorted(trust_types.keys()):
+ legacy_trustbits = []
+ legacy_openssl_trustflags = []
+ for t in list(trust_types.keys()):
if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
trustbits.append(t)
if t in openssl_trust:
@@ -162,29 +197,186 @@
if t in openssl_trust:
openssl_distrustflags.append(openssl_trust[t])
+ for t in list(legacy_trust_types.keys()):
+ if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ real_t = legacy_to_real_trust_types[t]
+ legacy_trustbits.append(real_t)
+ if real_t in openssl_trust:
+ legacy_openssl_trustflags.append(openssl_trust[real_t])
+ if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
+ raise NotImplementedError('legacy distrust not supported.\n' + line)
+
fname = obj_to_filename(tobj)
try:
obj = certmap[key]
except:
obj = None
+ # optional debug code, that dumps the parsed input to files
+ #fulldump = "dump-" + fname
+ #dumpf = open(fulldump, 'w')
+ #dumpf.write(str(obj));
+ #dumpf.write(str(tobj));
+ #dumpf.close();
+
+ is_legacy = 0
+ if 'LEGACY_CKA_TRUST_SERVER_AUTH' in tobj or 'LEGACY_CKA_TRUST_EMAIL_PROTECTION' in tobj or 'LEGACY_CKA_TRUST_CODE_SIGNING' in tobj:
+ is_legacy = 1
+ if obj == None:
+ raise NotImplementedError('found legacy trust without certificate.\n' + line)
+
+ legacy_fname = "legacy-default/" + fname + ".crt"
+ f = open(legacy_fname, 'w')
+ f.write("# alias=%s\n"%tobj['CKA_LABEL'])
+ f.write("# trust=" + " ".join(legacy_trustbits) + "\n")
+ if legacy_openssl_trustflags:
+ f.write("# openssl-trust=" + " ".join(legacy_openssl_trustflags) + "\n")
+ f.write("-----BEGIN CERTIFICATE-----\n")
+ temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
+ temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
+ f.write("\n".join(temp_wrapped))
+ f.write("\n-----END CERTIFICATE-----\n")
+ f.close()
+
+ if 'CKA_TRUST_SERVER_AUTH' in tobj or 'CKA_TRUST_EMAIL_PROTECTION' in tobj or 'CKA_TRUST_CODE_SIGNING' in tobj:
+ legacy_fname = "legacy-disable/" + fname + ".crt"
+ f = open(legacy_fname, 'w')
+ f.write("# alias=%s\n"%tobj['CKA_LABEL'])
+ f.write("# trust=" + " ".join(trustbits) + "\n")
+ if openssl_trustflags:
+ f.write("# openssl-trust=" + " ".join(openssl_trustflags) + "\n")
+ f.write("-----BEGIN CERTIFICATE-----\n")
+ f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
+ f.write("\n-----END CERTIFICATE-----\n")
+ f.close()
+
+ # don't produce p11-kit output for legacy certificates
+ continue
+
+ pk = ''
+ cert_comment = ''
if obj != None:
- fname += ".crt"
- else:
- fname += ".p11-kit"
+ # must extract the public key from the cert, let's use openssl
+ cert_fname = "cert-" + fname
+ fc = open(cert_fname, 'w')
+ fc.write("-----BEGIN CERTIFICATE-----\n")
+ temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
+ temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
+ fc.write("\n".join(temp_wrapped))
+ fc.write("\n-----END CERTIFICATE-----\n")
+ fc.close();
+ pk_fname = "pubkey-" + fname
+ fpkout = open(pk_fname, "w")
+ dump_pk_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-pubkey"]
+ subprocess.call(dump_pk_command, stdout=fpkout)
+ fpkout.close()
+ with open (pk_fname, "r") as myfile:
+ pk=myfile.read()
+ # obtain certificate information suitable as a comment
+ comment_fname = "comment-" + fname
+ fcout = open(comment_fname, "w")
+ comment_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-text"]
+ subprocess.call(comment_command, stdout=fcout)
+ fcout.close()
+ sed_command = ["sed", "--in-place", "s/^/#/", comment_fname]
+ subprocess.call(sed_command)
+ with open (comment_fname, "r", errors = 'replace') as myfile:
+ cert_comment=myfile.read()
+ fname += ".tmp-p11-kit"
f = open(fname, 'w')
+
if obj != None:
- f.write("# alias=%s\n"%tobj['CKA_LABEL'][1:-1])
- f.write("# trust=" + " ".join(trustbits) + "\n")
- f.write("# distrust=" + " ".join(distrustbits) + "\n")
- if openssl_trustflags:
- f.write("# openssl-trust=" + " ".join(openssl_trustflags) + "\n")
- if openssl_distrustflags:
- f.write("# openssl-distrust=" + " ".join(openssl_distrustflags) + "\n")
+ is_distrusted = False
+ has_server_trust = False
+ has_email_trust = False
+ has_code_trust = False
+
+ if 'CKA_TRUST_SERVER_AUTH' in tobj:
+ if tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
+ is_distrusted = True
+ elif tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ has_server_trust = True
+
+ if 'CKA_TRUST_EMAIL_PROTECTION' in tobj:
+ if tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED':
+ is_distrusted = True
+ elif tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ has_email_trust = True
+
+ if 'CKA_TRUST_CODE_SIGNING' in tobj:
+ if tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED':
+ is_distrusted = True
+ elif tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ has_code_trust = True
+
+ if is_distrusted:
+ trust_ext_oid = "1.3.6.1.4.1.3319.6.10.1"
+ trust_ext_value = "0.%06%0a%2b%06%01%04%01%99w%06%0a%01%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
+ write_cert_ext_to_file(f, trust_ext_oid, trust_ext_value, pk)
+
+ trust_ext_oid = "2.5.29.37"
+ if has_server_trust:
+ if has_email_trust:
+ if has_code_trust:
+ # server + email + code
+ trust_ext_value = "0%2a%06%03U%1d%25%01%01%ff%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
+ else:
+ # server + email
+ trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01"
+ else:
+ if has_code_trust:
+ # server + code
+ trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
+ else:
+ # server
+ trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%01"
+ else:
+ if has_email_trust:
+ if has_code_trust:
+ # email + code
+ trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%03"
+ else:
+ # email
+ trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%04"
+ else:
+ if has_code_trust:
+ # code
+ trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%03"
+ else:
+ # none
+ trust_ext_value = "0%18%06%03U%1d%25%01%01%ff%04%0e0%0c%06%0a%2b%06%01%04%01%99w%06%0a%10"
+
+ # no 2.5.29.37 for neutral certificates
+ if (is_distrusted or has_server_trust or has_email_trust or has_code_trust):
+ write_cert_ext_to_file(f, trust_ext_oid, trust_ext_value, pk)
+
+ pk = ''
+ f.write("\n")
+
+ f.write("[p11-kit-object-v1]\n")
+ f.write("label: ");
+ f.write(tobj['CKA_LABEL'])
+ f.write("\n")
+ if is_distrusted:
+ f.write("x-distrusted: true\n")
+ elif has_server_trust or has_email_trust or has_code_trust:
+ f.write("trusted: true\n")
+ else:
+ f.write("trusted: false\n")
+
+ # requires p11-kit >= 0.23.4
+ f.write("nss-mozilla-ca-policy: true\n")
+ f.write("modifiable: false\n");
+
f.write("-----BEGIN CERTIFICATE-----\n")
- f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']).decode("ascii"), 64)))
+ temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
+ temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
+ f.write("\n".join(temp_wrapped))
f.write("\n-----END CERTIFICATE-----\n")
+ f.write(cert_comment)
+ f.write("\n")
+
else:
f.write("[p11-kit-object-v1]\n")
f.write("label: ");
@@ -192,6 +384,7 @@
f.write("\n")
f.write("class: certificate\n")
f.write("certificate-type: x-509\n")
+ f.write("modifiable: false\n");
f.write("issuer: \"");
f.write(urllib.parse.quote(tobj['CKA_ISSUER']));
f.write("\"\n")
@@ -201,4 +394,5 @@
if (tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED'):
f.write("x-distrusted: true\n")
f.write("\n\n")
+ f.close()
print(" -> written as '%s', trust = %s, openssl-trust = %s, distrust = %s, openssl-distrust = %s" % (fname, trustbits, openssl_trustflags, distrustbits, openssl_distrustflags))
++++++ compareoldnew ++++++
--- /var/tmp/diff_new_pack.vnKWC3/_old 2019-12-02 11:26:57.018680539 +0100
+++ /var/tmp/diff_new_pack.vnKWC3/_new 2019-12-02 11:26:57.018680539 +0100
@@ -18,13 +18,13 @@
echo old...
ln -s ../.osc/certdata.txt
python3 ../certdata2pem.py > stdout 2> stderr
-ls -1 *.crt | sort > ../old.files
+ls -1 cert-* | sort > ../old.files
cd ..
cd new
echo new...
ln -s ../certdata.txt
python3 ../certdata2pem.py > stdout 2> stderr
-ls -1 *.crt | sort > ../new.files
+ls -1 cert-* | sort > ../new.files
cd ..
echo '----------------------------'
while read line; do
1
0
Hello community,
here is the log from the commit of package libtirpc for openSUSE:Factory checked in at 2019-12-02 11:26:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libtirpc (Old)
and /work/SRC/openSUSE:Factory/.libtirpc.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libtirpc"
Mon Dec 2 11:26:29 2019 rev:51 rq:750501 version:1.1.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/libtirpc/libtirpc.changes 2019-03-25 09:47:22.816012945 +0100
+++ /work/SRC/openSUSE:Factory/.libtirpc.new.4691/libtirpc.changes 2019-12-02 11:26:45.738684806 +0100
@@ -1,0 +2,36 @@
+Tue Nov 12 10:24:59 UTC 2019 - Petr Vorel <pvorel(a)suse.cz>
+
+- Fix previous version:
+ - actually delete
+ 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
+ - use 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch
+ - use 0002-man-rpc_secure.3t-Fix-typo-in-manpage.patch (renamed from
+ 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch)
+ - use 0003-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch
+ (renamed from
+ 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch)
+
+-------------------------------------------------------------------
+Wed Oct 16 11:46:28 UTC 2019 - Petr Vorel <pvorel(a)suse.cz>
+
+- Updated to libtirpc 1.1.5 rc2 (this includes changes in 1.1.4 release)
+ - add libtirpc-1-1-5-rc1.patch and libtirpc-1-1-5-rc2.patch to reflect
+ upstream changes after 1.1.4 release
+ - remove /etc/bindresvport.blacklist as it's still supported by glibc
+ although it's not compiled with --enable-obsolete-rpc
+
+- Drop patches accepted in previous releases or not needed
+ - 000-bindresvport_blacklist.patch (accepted in 5b037cc9, libtirpc 1.1.4)
+ - 001-new-rpcbindsock-path.patch (not needed, rpcbind now uses /var/run directory)
+ - 002-revert-binddynport.patch (fixed in 2802259, libtirpc-1-0-4-rc1)
+ - 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch
+ (backport of 25d38d7, libtirpc-1-0-4-rc1)
+ - 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
+ (backport of 145272c, libtirpc-1-0-4-rc2)
+
+- Add fixes from upcomming release
+ - 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch
+ - 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch
+ - 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch
+
+-------------------------------------------------------------------
Old:
----
000-bindresvport_blacklist.patch
0001-Fix-regression-introduced-by-change-rpc-version-orde.patch
0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
001-new-rpcbindsock-path.patch
002-revert-binddynport.patch
libtirpc-1.0.3.tar.bz2
New:
----
0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch
0002-man-rpc_secure.3t-Fix-typo-in-manpage.patch
0003-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch
libtirpc-1-1-5-rc1.patch
libtirpc-1-1-5-rc2.patch
libtirpc-1.1.4.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libtirpc.spec ++++++
--- /var/tmp/diff_new_pack.3Y6Lzh/_old 2019-12-02 11:26:47.866684001 +0100
+++ /var/tmp/diff_new_pack.3Y6Lzh/_new 2019-12-02 11:26:47.870683999 +0100
@@ -18,7 +18,7 @@
Name: libtirpc
# src/crypt_client.c and tirpc/rpcsvc/crypt.x have the BSD advertising clause
-Version: 1.0.3
+Version: 1.1.4
Release: 0
Summary: Transport Independent RPC Library
License: BSD-3-Clause
@@ -34,13 +34,11 @@
Url: https://sourceforge.net/projects/libtirpc/
Source: %{name}-%{version}.tar.bz2
Source1: baselibs.conf
-Patch0: 000-bindresvport_blacklist.patch
-# only needed on openSUSE >= 13.1, SLE >= 12
-Patch1: 001-new-rpcbindsock-path.patch
-# Revert upstream change until tirpc 1.0.4 with a final solutions comes out
-Patch2: 002-revert-binddynport.patch
-Patch3: 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch
-Patch16: 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
+Patch0: libtirpc-1-1-5-rc1.patch
+Patch1: libtirpc-1-1-5-rc2.patch
+Patch2: 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch
+Patch3: 0002-man-rpc_secure.3t-Fix-typo-in-manpage.patch
+Patch4: 0003-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define debug_package_requires libtirpc3 = %{version}-%{release}
@@ -85,13 +83,11 @@
%prep
%setup -q -n %name-%version
-%patch0 -p0
-%if 0%{suse_version} >= 1310
+%patch0 -p1
%patch1 -p1
-%endif
%patch2 -p1
%patch3 -p1
-%patch16 -p1
+%patch4 -p1
%build
sed -i -e 's|@includedir@/tirpc|@includedir@|g' libtirpc.pc.in
@@ -118,6 +114,7 @@
# they are now default
mv -v %{buildroot}%{_includedir}/tirpc/* %{buildroot}%{_includedir}
rmdir %{buildroot}%{_includedir}/tirpc
+rm -v %{buildroot}/etc/bindresvport.blacklist
%post -n libtirpc3 -p /sbin/ldconfig
++++++ 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch ++++++
>From 013cc45abef8055b3ee135fc072e402611a4a3f0 Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bigon(a)bigon.be>
Date: Tue, 11 Jun 2019 11:34:16 -0400
Subject: [PATCH 1/7] Makefile.am: Use LIBADD instead of LDFLAGS to link
against krb5
LDFLAGS shouldn't be used to link against libraries as this would break
positional flags like --as-needed
Use LIBADD instead
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1639032
Signed-off-by: Steve Dickson <steved(a)redhat.com>
Signed-off-by: Petr Vorel <pvorel(a)suse.cz>
[Upstream status: 013cc45abef8055b3ee135fc072e402611a4a3f0]
---
src/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 932414d..b40a6b4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -38,7 +38,7 @@ endif
if GSS
libtirpc_la_SOURCES += auth_gss.c authgss_prot.c svc_auth_gss.c \
rpc_gss_utils.c
- libtirpc_la_LDFLAGS += $(GSSAPI_LIBS)
+ libtirpc_la_LIBADD = $(GSSAPI_LIBS)
libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
endif
--
2.23.0
++++++ 0002-man-rpc_secure.3t-Fix-typo-in-manpage.patch ++++++
>From e51590d6c4ab61f1a22a2f47104053fe2966ecdd Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bigon(a)bigon.be>
Date: Tue, 11 Jun 2019 11:53:14 -0400
Subject: [PATCH 3/7] man/rpc_secure.3t: Fix typo in manpage
Currently the publickey parameter of the authdes_pk_create() function is
not displayed because of a typo
Signed-off-by: Steve Dickson <steved(a)redhat.com>
Signed-off-by: Petr Vorel <pvorel(a)suse.cz>
[Upstream status: e51590d6c4ab61f1a22a2f47104053fe2966ecdd]
---
man/rpc_secure.3t | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/rpc_secure.3t b/man/rpc_secure.3t
index 4a1ad93..404df0b 100644
--- a/man/rpc_secure.3t
+++ b/man/rpc_secure.3t
@@ -19,7 +19,7 @@
.Ft AUTH *
.Fo authdes_pk_create
.Fa "char *name"
-.FA "netobj *publickey"
+.Fa "netobj *publickey"
.Fa "unsigned window"
.Fa "struct sockaddr *addr"
.Fa "des_block *ckey"
--
2.23.0
++++++ 0003-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch ++++++
>From d1208b5de7b52172a34e3a7262e96f99830c9770 Mon Sep 17 00:00:00 2001
From: Stefano Garzarella <sgarzare(a)redhat.com>
Date: Tue, 3 Sep 2019 10:54:11 -0400
Subject: [PATCH 4/7] xdr: add a defensive mask in xdr_int64_t() and
xdr_u_int64_t()
In order to be more defensive, we should mask bits of u_int64_t
value if we want to use only the first 32bit.
Signed-off-by: Stefano Garzarella <sgarzare(a)redhat.com>
Signed-off-by: Steve Dickson <steved(a)redhat.com>
Signed-off-by: Petr Vorel <pvorel(a)suse.cz>
[Upstream status: d1208b5de7b52172a34e3a7262e96f99830c9770]
---
src/xdr.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/xdr.c b/src/xdr.c
index b9a1558..28d1382 100644
--- a/src/xdr.c
+++ b/src/xdr.c
@@ -877,7 +877,8 @@ xdr_int64_t(xdrs, llp)
if (XDR_GETLONG(xdrs, (long *)&ul[1]) == FALSE)
return (FALSE);
*llp = (int64_t)
- (((u_int64_t)ul[0] << 32) | ((u_int64_t)ul[1]));
+ (((u_int64_t)ul[0] << 32) |
+ ((u_int64_t)(ul[1]) & 0xffffffff));
return (TRUE);
case XDR_FREE:
return (TRUE);
@@ -910,7 +911,8 @@ xdr_u_int64_t(xdrs, ullp)
if (XDR_GETLONG(xdrs, (long *)&ul[1]) == FALSE)
return (FALSE);
*ullp = (u_int64_t)
- (((u_int64_t)ul[0] << 32) | ((u_int64_t)ul[1]));
+ (((u_int64_t)ul[0] << 32) |
+ ((u_int64_t)(ul[1]) & 0xffffffff));
return (TRUE);
case XDR_FREE:
return (TRUE);
--
2.23.0
++++++ libtirpc-1-1-5-rc1.patch ++++++
git diff libtirpc-1-1-4..libtirpc-1-1-5-rc1
Commits:
e49077d clnt_vc.c: remove a false positive from a covscan
4d2ceca svc_simple.c: resource_leak
92d4b35 svc_generic.c: resource_leak
3b2e537 rtime.c: resource_leak
830e3f6 rpcb_clnt.c: resource_leak
c0885a7 rpc_soc.c: buffer_size_warning
6db7f04 rpc_soc.c: resource_leak
710a713 rpc_generic.c: resource_leak
57d1529 getnetpath.c: resource_leak
a1fae25 getnetconfig.c: cppcheck_warning
55d1460 clnt_vc.c: resource_leak
757f379 clnt_bcast.c: resource_leak
489dd50 auth_gss.c: buffer_size_warning
25fdba9 auth_gss.c: resource_leak
Signed-off-by: Petr Vorel <pvorel(a)suse.cz>
diff --git a/src/auth_gss.c b/src/auth_gss.c
index 5959893..7d08262 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -207,6 +207,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
rpc_createerr.cf_stat = RPC_SYSTEMERROR;
rpc_createerr.cf_error.re_errno = ENOMEM;
free(auth);
+ free(gd);
return (NULL);
}
}
@@ -592,7 +593,7 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
if (rpc_gss_oid_to_mech(actual_mech_type, &mechanism)) {
strncpy(options_ret->actual_mechanism,
mechanism,
- sizeof(options_ret->actual_mechanism));
+ (sizeof(options_ret->actual_mechanism)-1));
}
gd->established = TRUE;
diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c
index 98cf061..2ad6c89 100644
--- a/src/clnt_bcast.c
+++ b/src/clnt_bcast.c
@@ -330,6 +330,7 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp,
if (nettype == NULL)
nettype = "datagram_n";
if ((handle = __rpc_setconf(nettype)) == NULL) {
+ AUTH_DESTROY(sys_auth);
return (RPC_UNKNOWNPROTO);
}
while ((nconf = __rpc_getconf(handle)) != NULL) {
diff --git a/src/getnetconfig.c b/src/getnetconfig.c
index 92e7c43..d67d97d 100644
--- a/src/getnetconfig.c
+++ b/src/getnetconfig.c
@@ -709,6 +709,8 @@ struct netconfig *ncp;
p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *));
if (p->nc_lookups == NULL) {
free(p->nc_netid);
+ free(p);
+ free(tmp);
return(NULL);
}
for (i=0; i < p->nc_nlookups; i++) {
diff --git a/src/getnetpath.c b/src/getnetpath.c
index 7c19932..ea1a18c 100644
--- a/src/getnetpath.c
+++ b/src/getnetpath.c
@@ -88,6 +88,7 @@ setnetpath()
}
if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) {
syslog (LOG_ERR, "rpc: failed to open " NETCONFIG);
+ free(np_sessionp);
return (NULL);
}
np_sessionp->valid = NP_VALID;
diff --git a/src/rpc_generic.c b/src/rpc_generic.c
index 589cbd5..51f36ac 100644
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -319,6 +319,7 @@ __rpc_setconf(nettype)
handle->nflag = FALSE;
break;
default:
+ free(handle);
return (NULL);
}
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index 5a6eeb7..a85cb17 100644
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -663,15 +663,17 @@ svcunix_create(sock, sendsize, recvsize, path)
strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0)
break;
}
- if (nconf == NULL)
+ if (nconf == NULL) {
+ endnetconfig(localhandle);
return(xprt);
+ }
if ((sock = __rpc_nconf2fd(nconf)) < 0)
goto done;
memset(&sun, 0, sizeof sun);
sun.sun_family = AF_LOCAL;
- strncpy(sun.sun_path, path, sizeof(sun.sun_path));
+ strncpy(sun.sun_path, path, (sizeof(sun.sun_path)-1));
addrlen = sizeof(struct sockaddr_un);
sa = (struct sockaddr *)&sun;
@@ -692,6 +694,8 @@ svcunix_create(sock, sendsize, recvsize, path)
}
xprt = (SVCXPRT *)svc_tli_create(sock, nconf, &taddr, sendsize, recvsize);
+ if (xprt == NULL)
+ close(sock);
done:
endnetconfig(localhandle);
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index e45736a..0c34cb7 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -547,6 +547,7 @@ try_nconf:
if (tmpnconf == NULL) {
rpc_createerr.cf_stat = RPC_UNKNOWNPROTO;
mutex_unlock(&loopnconf_lock);
+ endnetconfig(nc_handle);
return (NULL);
}
loopnconf = getnetconfigent(tmpnconf->nc_netid);
diff --git a/src/rtime.c b/src/rtime.c
index b642840..29fbf0a 100644
--- a/src/rtime.c
+++ b/src/rtime.c
@@ -90,6 +90,7 @@ rtime(addrp, timep, timeout)
/* TCP and UDP port are the same in this case */
if ((serv = getservbyname("time", "tcp")) == NULL) {
+ do_close(s);
return(-1);
}
diff --git a/src/svc_generic.c b/src/svc_generic.c
index 52a56c2..20abaa2 100644
--- a/src/svc_generic.c
+++ b/src/svc_generic.c
@@ -113,6 +113,7 @@ svc_create(dispatch, prognum, versnum, nettype)
if (l == NULL) {
warnx("svc_create: no memory");
mutex_unlock(&xprtlist_lock);
+ __rpc_endconf(handle);
return (0);
}
l->xprt = xprt;
diff --git a/src/svc_simple.c b/src/svc_simple.c
index cb58002..c32fe0a 100644
--- a/src/svc_simple.c
+++ b/src/svc_simple.c
@@ -157,6 +157,7 @@ rpc_reg(prognum, versnum, procnum, progname, inproc, outproc, nettype)
((netid = strdup(nconf->nc_netid)) == NULL)) {
warnx(rpc_reg_err, rpc_reg_msg, __no_mem_str);
SVC_DESTROY(svcxprt);
+ free(xdrbuf);
break;
}
madenow = TRUE;
++++++ libtirpc-1-1-5-rc2.patch ++++++
git diff libtirpc-1-1-5-rc1..libtirpc-1-1-5-rc2
Commits:
3a17941 Fix EOF detection on non-blocking socket
e80e668 getrpcent.c: fix typo
9e738df __getpublickey_real: Removed a warning
959b200 getnetconfig.c: fix a BAD_FREE (CWE-763)
Signed-off-by: Petr Vorel <pvorel(a)suse.cz>
diff --git a/src/getnetconfig.c b/src/getnetconfig.c
index d67d97d..cfd33c2 100644
--- a/src/getnetconfig.c
+++ b/src/getnetconfig.c
@@ -681,6 +681,7 @@ struct netconfig *ncp;
{
struct netconfig *p;
char *tmp;
+ char *t;
u_int i;
if ((tmp=malloc(MAXNETCONFIGLINE)) == NULL)
@@ -700,22 +701,21 @@ struct netconfig *ncp;
*/
*p = *ncp;
p->nc_netid = (char *)strcpy(tmp,ncp->nc_netid);
- tmp = strchr(tmp, 0) + 1;
- p->nc_protofmly = (char *)strcpy(tmp,ncp->nc_protofmly);
- tmp = strchr(tmp, 0) + 1;
- p->nc_proto = (char *)strcpy(tmp,ncp->nc_proto);
- tmp = strchr(tmp, 0) + 1;
- p->nc_device = (char *)strcpy(tmp,ncp->nc_device);
+ t = strchr(tmp, 0) + 1;
+ p->nc_protofmly = (char *)strcpy(t,ncp->nc_protofmly);
+ t = strchr(t, 0) + 1;
+ p->nc_proto = (char *)strcpy(t,ncp->nc_proto);
+ t = strchr(t, 0) + 1;
+ p->nc_device = (char *)strcpy(t,ncp->nc_device);
p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *));
if (p->nc_lookups == NULL) {
- free(p->nc_netid);
free(p);
free(tmp);
return(NULL);
}
for (i=0; i < p->nc_nlookups; i++) {
- tmp = strchr(tmp, 0) + 1;
- p->nc_lookups[i] = (char *)strcpy(tmp,ncp->nc_lookups[i]);
+ t = strchr(t, 0) + 1;
+ p->nc_lookups[i] = (char *)strcpy(t,ncp->nc_lookups[i]);
}
return(p);
}
diff --git a/src/getpublickey.c b/src/getpublickey.c
index 8cf4dc2..be37a24 100644
--- a/src/getpublickey.c
+++ b/src/getpublickey.c
@@ -74,7 +74,7 @@ __getpublickey_real(netname, publickey)
return (0);
}
*p = '\0';
- (void) strncpy(publickey, lookup, HEXKEYBYTES);
+ memcpy(publickey, lookup, HEXKEYBYTES);
publickey[HEXKEYBYTES] = '\0';
return (1);
}
diff --git a/src/getrpcent.c b/src/getrpcent.c
index cba4cd8..e49dc05 100644
--- a/src/getrpcent.c
+++ b/src/getrpcent.c
@@ -100,7 +100,7 @@ _rpcdata()
return (d);
}
-#if !HAVE_GETRPCBYNYMBER
+#if !HAVE_GETRPCBYNUMBER
struct rpcent *
getrpcbynumber(number)
int number;
diff --git a/src/svc_vc.c b/src/svc_vc.c
index 97a76a3..c23cd36 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -502,9 +502,14 @@ read_vc(xprtp, buf, len)
cfp = (struct cf_conn *)xprt->xp_p1;
if (cfp->nonblock) {
+ /* Since len == 0 is returned on zero length
+ * read or EOF errno needs to be reset before
+ * the read
+ */
+ errno = 0;
len = read(sock, buf, (size_t)len);
if (len < 0) {
- if (errno == EAGAIN)
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
len = 0;
else
goto fatal_err;
diff --git a/src/xdr_rec.c b/src/xdr_rec.c
index 7d535cf..676cc82 100644
--- a/src/xdr_rec.c
+++ b/src/xdr_rec.c
@@ -61,6 +61,7 @@
#include <rpc/svc.h>
#include <rpc/clnt.h>
#include <stddef.h>
+#include <errno.h>
#include "rpc_com.h"
static bool_t xdrrec_getlong(XDR *, long *);
static bool_t xdrrec_putlong(XDR *, const long *);
@@ -537,7 +538,13 @@ __xdrrec_getrec(xdrs, statp, expectdata)
n = rstrm->readit(rstrm->tcp_handle, rstrm->in_hdrp,
(int)sizeof (rstrm->in_header) - rstrm->in_hdrlen);
if (n == 0) {
- *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
+ /* EAGAIN or EWOULDBLOCK means a zero length
+ * read not an EOF.
+ */
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
+ *statp = XPRT_IDLE;
+ else
+ *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
return FALSE;
}
if (n < 0) {
@@ -564,6 +571,7 @@ __xdrrec_getrec(xdrs, statp, expectdata)
rstrm->in_header &= ~LAST_FRAG;
rstrm->last_frag = TRUE;
}
+ rstrm->in_haveheader = 1;
}
n = rstrm->readit(rstrm->tcp_handle,
@@ -576,7 +584,13 @@ __xdrrec_getrec(xdrs, statp, expectdata)
}
if (n == 0) {
- *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
+ /* EAGAIN or EWOULDBLOCK means a zero length
+ * read not an EOF.
+ */
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
+ *statp = XPRT_IDLE;
+ else
+ *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
return FALSE;
}
++++++ libtirpc-1.0.3.tar.bz2 -> libtirpc-1.1.4.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/compile new/libtirpc-1.1.4/compile
--- old/libtirpc-1.0.3/compile 2018-03-14 14:56:24.000000000 +0100
+++ new/libtirpc-1.1.4/compile 2018-08-27 16:10:10.000000000 +0200
@@ -1,4 +1,4 @@
-#! /bin/sh
+#!/bin/sh
# Wrapper for compilers which do not understand '-c -o'.
scriptversion=2016-01-11.22; # UTC
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/config.guess new/libtirpc-1.1.4/config.guess
--- old/libtirpc-1.0.3/config.guess 2018-03-14 14:56:24.000000000 +0100
+++ new/libtirpc-1.1.4/config.guess 2018-08-27 16:10:10.000000000 +0200
@@ -1,4 +1,4 @@
-#! /bin/sh
+#!/bin/sh
# Attempt to guess a canonical system name.
# Copyright 1992-2017 Free Software Foundation, Inc.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/config.sub new/libtirpc-1.1.4/config.sub
--- old/libtirpc-1.0.3/config.sub 2018-03-14 14:56:24.000000000 +0100
+++ new/libtirpc-1.1.4/config.sub 2018-08-27 16:10:10.000000000 +0200
@@ -1,4 +1,4 @@
-#! /bin/sh
+#!/bin/sh
# Configuration validation subroutine script.
# Copyright 1992-2017 Free Software Foundation, Inc.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/configure new/libtirpc-1.1.4/configure
--- old/libtirpc-1.0.3/configure 2018-03-14 14:56:24.000000000 +0100
+++ new/libtirpc-1.1.4/configure 2018-08-27 16:10:11.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libtirpc 1.0.3.
+# Generated by GNU Autoconf 2.69 for libtirpc 1.1.4.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='libtirpc'
PACKAGE_TARNAME='libtirpc'
-PACKAGE_VERSION='1.0.3'
-PACKAGE_STRING='libtirpc 1.0.3'
+PACKAGE_VERSION='1.1.4'
+PACKAGE_STRING='libtirpc 1.1.4'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1325,7 +1325,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libtirpc 1.0.3 to adapt to many kinds of systems.
+\`configure' configures libtirpc 1.1.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1395,7 +1395,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libtirpc 1.0.3:";;
+ short | recursive ) echo "Configuration of libtirpc 1.1.4:";;
esac
cat <<\_ACEOF
@@ -1508,7 +1508,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libtirpc configure 1.0.3
+libtirpc configure 1.1.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1873,7 +1873,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libtirpc $as_me 1.0.3, which was
+It was created by libtirpc $as_me 1.1.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2736,7 +2736,7 @@
# Define the identity of the package.
PACKAGE='libtirpc'
- VERSION='1.0.3'
+ VERSION='1.1.4'
cat >>confdefs.h <<_ACEOF
@@ -12964,7 +12964,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libtirpc $as_me 1.0.3, which was
+This file was extended by libtirpc $as_me 1.1.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -13030,7 +13030,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libtirpc config.status 1.0.3
+libtirpc config.status 1.1.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/configure.ac new/libtirpc-1.1.4/configure.ac
--- old/libtirpc-1.0.3/configure.ac 2018-03-14 14:55:12.000000000 +0100
+++ new/libtirpc-1.1.4/configure.ac 2018-08-27 16:06:49.000000000 +0200
@@ -1,4 +1,4 @@
-AC_INIT(libtirpc, 1.0.3)
+AC_INIT(libtirpc, 1.1.4)
AM_INIT_AUTOMAKE([silent-rules])
AM_SILENT_RULES([yes])
AC_CONFIG_SRCDIR([src/auth_des.c])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/depcomp new/libtirpc-1.1.4/depcomp
--- old/libtirpc-1.0.3/depcomp 2018-03-14 14:56:24.000000000 +0100
+++ new/libtirpc-1.1.4/depcomp 2018-08-27 16:10:10.000000000 +0200
@@ -1,4 +1,4 @@
-#! /bin/sh
+#!/bin/sh
# depcomp - compile a program generating dependencies as side-effects
scriptversion=2016-01-11.22; # UTC
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/doc/Makefile.am new/libtirpc-1.1.4/doc/Makefile.am
--- old/libtirpc-1.0.3/doc/Makefile.am 2018-03-14 14:55:12.000000000 +0100
+++ new/libtirpc-1.1.4/doc/Makefile.am 2018-08-27 16:06:49.000000000 +0200
@@ -1,4 +1,4 @@
-dist_sysconf_DATA = netconfig
+dist_sysconf_DATA = netconfig bindresvport.blacklist
CLEANFILES = cscope.* *~
DISTCLEANFILES = Makefile.in
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/doc/Makefile.in new/libtirpc-1.1.4/doc/Makefile.in
--- old/libtirpc-1.0.3/doc/Makefile.in 2018-03-14 14:56:24.000000000 +0100
+++ new/libtirpc-1.1.4/doc/Makefile.in 2018-08-27 16:10:10.000000000 +0200
@@ -270,7 +270,7 @@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
-dist_sysconf_DATA = netconfig
+dist_sysconf_DATA = netconfig bindresvport.blacklist
CLEANFILES = cscope.* *~
DISTCLEANFILES = Makefile.in
all: all-am
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/doc/bindresvport.blacklist new/libtirpc-1.1.4/doc/bindresvport.blacklist
--- old/libtirpc-1.0.3/doc/bindresvport.blacklist 1970-01-01 01:00:00.000000000 +0100
+++ new/libtirpc-1.1.4/doc/bindresvport.blacklist 2018-08-27 16:06:49.000000000 +0200
@@ -0,0 +1,13 @@
+#
+# This file contains a list of port numbers between 600 and 1024,
+# which should not be used by bindresvport. bindresvport is mostly
+# called by RPC services. This mostly solves the problem, that a
+# RPC service uses a well known port of another service.
+#
+623 # ASF, used by IPMI on some cards
+631 # cups
+636 # ldaps
+664 # Secure ASF, used by IPMI on some cards
+921 # lwresd
+993 # imaps
+995 # pops
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/ltmain.sh new/libtirpc-1.1.4/ltmain.sh
--- old/libtirpc-1.0.3/ltmain.sh 2018-03-14 14:56:23.000000000 +0100
+++ new/libtirpc-1.1.4/ltmain.sh 2018-08-27 16:10:09.000000000 +0200
@@ -7272,10 +7272,12 @@
# -tp=* Portland pgcc target processor selection
# --sysroot=* for sysroot support
# -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
+ # -specs=* GCC specs files
# -stdlib=* select c++ std lib with clang
-64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
-t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
- -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*)
+ -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
+ -specs=*)
func_quote_for_eval "$arg"
arg=$func_quote_for_eval_result
func_append compile_command " $arg"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/missing new/libtirpc-1.1.4/missing
--- old/libtirpc-1.0.3/missing 2018-03-14 14:56:24.000000000 +0100
+++ new/libtirpc-1.1.4/missing 2018-08-27 16:10:10.000000000 +0200
@@ -1,4 +1,4 @@
-#! /bin/sh
+#!/bin/sh
# Common wrapper for a few potentially missing GNU programs.
scriptversion=2016-01-11.22; # UTC
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/src/bindresvport.c new/libtirpc-1.1.4/src/bindresvport.c
--- old/libtirpc-1.0.3/src/bindresvport.c 2018-03-14 14:55:12.000000000 +0100
+++ new/libtirpc-1.1.4/src/bindresvport.c 2018-08-27 16:06:49.000000000 +0200
@@ -39,7 +39,10 @@
#include <netdb.h>
#include <netinet/in.h>
+#include <stdio.h>
+#include <ctype.h>
#include <errno.h>
+#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -68,6 +71,80 @@
#define ENDPORT (IPPORT_RESERVED - 1)
#define NPORTS (ENDPORT - STARTPORT + 1)
+/*
+ * Read the file /etc/bindresvport.blacklist, so that we don't bind
+ * to these ports.
+ */
+
+static int blacklist_read;
+static int *list;
+static int list_size = 0;
+
+static void
+load_blacklist (void)
+{
+ FILE *fp;
+ char *buf = NULL;
+ size_t buflen = 0;
+ int size = 0, ptr = 0;
+
+ blacklist_read = 1;
+
+ fp = fopen ("/etc/bindresvport.blacklist", "r");
+ if (NULL == fp)
+ return;
+
+ while (!feof (fp))
+ {
+ unsigned long port;
+ char *tmp, *cp;
+ ssize_t n = getline (&buf, &buflen, fp);
+ if (n < 1)
+ break;
+
+ cp = buf;
+ tmp = strchr (cp, '#'); /* remove comments */
+ if (tmp)
+ *tmp = '\0';
+ while (isspace ((int)*cp)) /* remove spaces and tabs */
+ ++cp;
+ if (*cp == '\0') /* ignore empty lines */
+ continue;
+ if (cp[strlen (cp) - 1] == '\n')
+ cp[strlen (cp) - 1] = '\0';
+
+ port = strtoul (cp, &tmp, 0);
+ while (isspace(*tmp))
+ ++tmp;
+ if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
+ continue;
+
+ /* Don't bother with out-of-range ports */
+ if (port < LOWPORT || port > ENDPORT)
+ continue;
+
+ if (ptr >= size)
+ {
+ size += 10;
+ list = realloc (list, size * sizeof (int));
+ if (list == NULL)
+ {
+ free (buf);
+ return;
+ }
+ }
+
+ list[ptr++] = port;
+ }
+
+ fclose (fp);
+
+ if (buf)
+ free (buf);
+
+ list_size = ptr;
+}
+
int
bindresvport_sa(sd, sa)
int sd;
@@ -87,6 +164,9 @@
int endport = ENDPORT;
int i;
+ if (!blacklist_read)
+ load_blacklist();
+
mutex_lock(&port_lock);
nports = ENDPORT - startport + 1;
@@ -132,12 +212,21 @@
errno = EADDRINUSE;
again:
for (i = 0; i < nports; ++i) {
- *portp = htons(port++);
- if (port > endport)
- port = startport;
- res = bind(sd, sa, salen);
+ int j;
+
+ /* Check if this port is not blacklisted. */
+ for (j = 0; j < list_size; j++)
+ if (port == list[j])
+ goto try_next_port;
+
+ *portp = htons(port);
+ res = bind(sd, sa, salen);
if (res >= 0 || errno != EADDRINUSE)
break;
+
+try_next_port:
+ if (++port > endport)
+ port = startport;
}
if (i == nports && startport != LOWPORT) {
startport = LOWPORT;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/src/clnt_dg.c new/libtirpc-1.1.4/src/clnt_dg.c
--- old/libtirpc-1.0.3/src/clnt_dg.c 2018-03-14 14:55:12.000000000 +0100
+++ new/libtirpc-1.1.4/src/clnt_dg.c 2018-08-27 16:06:49.000000000 +0200
@@ -160,15 +160,22 @@
thr_sigsetmask(SIG_SETMASK, &newmask, &mask);
mutex_lock(&clnt_fd_lock);
if (dg_fd_locks == (int *) NULL) {
- int cv_allocsz;
- size_t fd_allocsz;
- int dtbsize = __rpc_dtbsize();
+ size_t cv_allocsz, fd_allocsz;
+ unsigned int dtbsize = __rpc_dtbsize();
+
+ if ( (size_t) dtbsize > SIZE_MAX/sizeof(cond_t)) {
+ mutex_unlock(&clnt_fd_lock);
+ thr_sigsetmask(SIG_SETMASK, &(mask), NULL);
+ errno = EOVERFLOW;
+ goto err1;
+ }
fd_allocsz = dtbsize * sizeof (int);
dg_fd_locks = (int *) mem_alloc(fd_allocsz);
if (dg_fd_locks == (int *) NULL) {
mutex_unlock(&clnt_fd_lock);
thr_sigsetmask(SIG_SETMASK, &(mask), NULL);
+ errno = ENOMEM;
goto err1;
} else
memset(dg_fd_locks, '\0', fd_allocsz);
@@ -180,6 +187,7 @@
dg_fd_locks = (int *) NULL;
mutex_unlock(&clnt_fd_lock);
thr_sigsetmask(SIG_SETMASK, &(mask), NULL);
+ errno = ENOMEM;
goto err1;
} else {
int i;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/src/clnt_generic.c new/libtirpc-1.1.4/src/clnt_generic.c
--- old/libtirpc-1.0.3/src/clnt_generic.c 2018-03-14 14:55:12.000000000 +0100
+++ new/libtirpc-1.1.4/src/clnt_generic.c 2018-08-27 16:06:49.000000000 +0200
@@ -47,7 +47,6 @@
extern bool_t __rpc_is_local_host(const char *);
int __rpc_raise_fd(int);
-extern int __binddynport(int fd);
#ifndef NETIDLEN
#define NETIDLEN 32
@@ -341,8 +340,7 @@
servtype = nconf->nc_semantics;
if (!__rpc_fd2sockinfo(fd, &si))
goto err;
- if (__binddynport(fd) == -1)
- goto err;
+ bindresvport(fd, NULL);
} else {
if (!__rpc_fd2sockinfo(fd, &si))
goto err;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/src/clnt_vc.c new/libtirpc-1.1.4/src/clnt_vc.c
--- old/libtirpc-1.0.3/src/clnt_vc.c 2018-03-14 14:55:12.000000000 +0100
+++ new/libtirpc-1.1.4/src/clnt_vc.c 2018-08-27 16:06:49.000000000 +0200
@@ -63,6 +63,7 @@
#include <string.h>
#include <unistd.h>
#include <signal.h>
+#include <stdint.h>
#include <rpc/rpc.h>
#include "rpc_com.h"
@@ -201,14 +202,25 @@
thr_sigsetmask(SIG_SETMASK, &newmask, &mask);
mutex_lock(&clnt_fd_lock);
if (vc_fd_locks == (int *) NULL) {
- int cv_allocsz, fd_allocsz;
- int dtbsize = __rpc_dtbsize();
+ size_t cv_allocsz, fd_allocsz;
+ unsigned int dtbsize = __rpc_dtbsize();
+ struct rpc_createerr *ce = &get_rpc_createerr();
+
+ if ( (size_t) dtbsize > SIZE_MAX/sizeof(cond_t)) {
+ mutex_unlock(&clnt_fd_lock);
+ thr_sigsetmask(SIG_SETMASK, &(mask), NULL);
+ ce->cf_stat = RPC_SYSTEMERROR;
+ ce->cf_error.re_errno = EOVERFLOW;
+ goto err;
+ }
fd_allocsz = dtbsize * sizeof (int);
vc_fd_locks = (int *) mem_alloc(fd_allocsz);
if (vc_fd_locks == (int *) NULL) {
mutex_unlock(&clnt_fd_lock);
thr_sigsetmask(SIG_SETMASK, &(mask), NULL);
+ ce->cf_stat = RPC_SYSTEMERROR;
+ ce->cf_error.re_errno = ENOMEM;
goto err;
} else
memset(vc_fd_locks, '\0', fd_allocsz);
@@ -221,6 +233,8 @@
vc_fd_locks = (int *) NULL;
mutex_unlock(&clnt_fd_lock);
thr_sigsetmask(SIG_SETMASK, &(mask), NULL);
+ ce->cf_stat = RPC_SYSTEMERROR;
+ ce->cf_error.re_errno = ENOMEM;
goto err;
} else {
int i;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/src/rpc_soc.c new/libtirpc-1.1.4/src/rpc_soc.c
--- old/libtirpc-1.0.3/src/rpc_soc.c 2018-03-14 14:55:12.000000000 +0100
+++ new/libtirpc-1.1.4/src/rpc_soc.c 2018-08-27 16:06:49.000000000 +0200
@@ -67,8 +67,6 @@
extern mutex_t rpcsoc_lock;
-extern int __binddynport(int fd);
-
static CLIENT *clnt_com_create(struct sockaddr_in *, rpcprog_t, rpcvers_t,
int *, u_int, u_int, char *, int);
static SVCXPRT *svc_com_create(int, u_int, u_int, char *);
@@ -147,8 +145,7 @@
bindaddr.maxlen = bindaddr.len = sizeof (struct sockaddr_in);
bindaddr.buf = raddr;
- if (__binddynport(fd) == -1)
- goto err;
+ bindresvport(fd, NULL);
cl = clnt_tli_create(fd, nconf, &bindaddr, prog, vers,
sendsz, recvsz);
if (cl) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/src/rpcb_clnt.c new/libtirpc-1.1.4/src/rpcb_clnt.c
--- old/libtirpc-1.0.3/src/rpcb_clnt.c 2018-03-14 14:55:12.000000000 +0100
+++ new/libtirpc-1.1.4/src/rpcb_clnt.c 2018-08-27 16:06:49.000000000 +0200
@@ -752,7 +752,7 @@
client = getpmaphandle(nconf, host, &parms.r_addr);
if (client == NULL)
- return (NULL);
+ goto error;
/*
* Set retry timeout.
@@ -771,11 +771,11 @@
if (clnt_st != RPC_SUCCESS) {
rpc_createerr.cf_stat = RPC_PMAPFAILURE;
clnt_geterr(client, &rpc_createerr.cf_error);
- return (NULL);
+ goto error;
} else if (port == 0) {
pmapaddress = NULL;
rpc_createerr.cf_stat = RPC_PROGNOTREGISTERED;
- return (NULL);
+ goto error;
}
port = htons(port);
CLNT_CONTROL(client, CLGET_SVC_ADDR, (char *)&remote);
@@ -789,14 +789,24 @@
free(pmapaddress);
pmapaddress = NULL;
}
- return (NULL);
+ goto error;
}
memcpy(pmapaddress->buf, remote.buf, remote.len);
memcpy(&((char *)pmapaddress->buf)[sizeof (short)],
(char *)(void *)&port, sizeof (short));
pmapaddress->len = pmapaddress->maxlen = remote.len;
+ CLNT_DESTROY(client);
return pmapaddress;
+
+error:
+ if (client) {
+ CLNT_DESTROY(client);
+ client = NULL;
+
+ }
+ return (NULL);
+
}
#endif
@@ -836,6 +846,7 @@
struct netbuf *address = NULL;
rpcvers_t start_vers = RPCBVERS4;
struct netbuf servaddr;
+ struct rpc_err rpcerr;
/* parameter checking */
if (nconf == NULL) {
@@ -892,7 +903,8 @@
clnt_st = CLNT_CALL(client, (rpcproc_t)RPCBPROC_GETADDR,
(xdrproc_t) xdr_rpcb, (char *)(void *)&parms,
(xdrproc_t) xdr_wrapstring, (char *)(void *) &ua, *tp);
- if (clnt_st == RPC_SUCCESS) {
+ switch (clnt_st) {
+ case RPC_SUCCESS:
if ((ua == NULL) || (ua[0] == 0)) {
/* address unknown */
rpc_createerr.cf_stat = RPC_PROGNOTREGISTERED;
@@ -914,12 +926,15 @@
(char *)(void *)&servaddr);
__rpc_fixup_addr(address, &servaddr);
goto done;
- } else if (clnt_st == RPC_PROGVERSMISMATCH) {
- struct rpc_err rpcerr;
+ case RPC_PROGVERSMISMATCH:
clnt_geterr(client, &rpcerr);
if (rpcerr.re_vers.low > RPCBVERS4)
goto error; /* a new version, can't handle */
- } else if (clnt_st != RPC_PROGUNAVAIL) {
+ /* Try the next lower version */
+ case RPC_PROGUNAVAIL:
+ case RPC_CANTDECODEARGS:
+ break;
+ default:
/* Cant handle this error */
rpc_createerr.cf_stat = clnt_st;
clnt_geterr(client, &rpc_createerr.cf_error);
@@ -929,7 +944,7 @@
#ifdef PORTMAP /* Try version 2 for TCP or UDP */
if (strcmp(nconf->nc_protofmly, NC_INET) == 0) {
- address = __try_protocol_version_2(program, 2, nconf, host, tp);
+ address = __try_protocol_version_2(program, version, nconf, host, tp);
if (address == NULL)
goto error;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libtirpc-1.0.3/src/xdr_stdio.c new/libtirpc-1.1.4/src/xdr_stdio.c
--- old/libtirpc-1.0.3/src/xdr_stdio.c 2018-03-14 14:55:12.000000000 +0100
+++ new/libtirpc-1.1.4/src/xdr_stdio.c 2018-08-27 16:06:49.000000000 +0200
@@ -38,6 +38,7 @@
*/
#include <stdio.h>
+#include <stdint.h>
#include <arpa/inet.h>
#include <rpc/types.h>
@@ -103,10 +104,12 @@
XDR *xdrs;
long *lp;
{
+ int32_t mycopy;
- if (fread(lp, sizeof(int32_t), 1, (FILE *)xdrs->x_private) != 1)
+ if (fread(&mycopy, sizeof(int32_t), 1, (FILE *)xdrs->x_private) != 1)
return (FALSE);
- *lp = (long)ntohl((u_int32_t)*lp);
+
+ *lp = (long)ntohl(mycopy);
return (TRUE);
}
@@ -115,8 +118,14 @@
XDR *xdrs;
const long *lp;
{
- long mycopy = (long)htonl((u_int32_t)*lp);
+ int32_t mycopy;
+
+#if defined(_LP64)
+ if ((*lp > UINT32_MAX) || (*lp < INT32_MIN))
+ return (FALSE);
+#endif
+ mycopy = (int32_t)htonl((int32_t)*lp);
if (fwrite(&mycopy, sizeof(int32_t), 1, (FILE *)xdrs->x_private) != 1)
return (FALSE);
return (TRUE);
1
0
Hello community,
here is the log from the commit of package findutils for openSUSE:Factory checked in at 2019-12-02 11:26:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/findutils (Old)
and /work/SRC/openSUSE:Factory/.findutils.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "findutils"
Mon Dec 2 11:26:27 2019 rev:61 rq:750033 version:4.7.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/findutils/findutils.changes 2019-09-11 10:24:33.783479719 +0200
+++ /work/SRC/openSUSE:Factory/.findutils.new.4691/findutils.changes 2019-12-02 11:26:33.850689303 +0100
@@ -1,0 +2,5 @@
+Wed Nov 20 15:03:07 UTC 2019 - Martin Liška <mliska(a)suse.cz>
+
+- Add disable-null-ptr-test.patch in order to fix boo#1157342.
+
+-------------------------------------------------------------------
New:
----
disable-null-ptr-test.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ findutils.spec ++++++
--- /var/tmp/diff_new_pack.cRiM2w/_old 2019-12-02 11:26:35.726688593 +0100
+++ /var/tmp/diff_new_pack.cRiM2w/_new 2019-12-02 11:26:35.778688573 +0100
@@ -1,7 +1,7 @@
#
# spec file for package findutils
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: findutils
-Url: http://www.gnu.org/software/findutils/
+URL: http://www.gnu.org/software/findutils/
Version: 4.7.0
Release: 0
Summary: The GNU versions of find utilities (find and xargs)
@@ -44,6 +44,7 @@
# adds a new option -xautofs to find to not descend into directories on autofs file systems
Patch0: findutils-xautofs.patch
+Patch1: disable-null-ptr-test.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# BuildRequire dejagnu for 'runtest' to execute all tests.
@@ -74,6 +75,7 @@
%prep
%setup -q
%patch0
+%patch1 -p1
%build
%if 0%{?qemu_user_space_build}
++++++ disable-null-ptr-test.patch ++++++
diff --git a/gnulib-tests/test-canonicalize.c b/gnulib-tests/test-canonicalize.c
index 8d1ff86..0f3c5e3 100644
--- a/gnulib-tests/test-canonicalize.c
+++ b/gnulib-tests/test-canonicalize.c
@@ -71,10 +71,6 @@ main (void)
ASSERT (result2 == NULL);
ASSERT (errno == ENOENT);
errno = 0;
- result1 = canonicalize_file_name (null_ptr ());
- ASSERT (result1 == NULL);
- ASSERT (errno == EINVAL);
- errno = 0;
result2 = canonicalize_filename_mode (NULL, CAN_EXISTING);
ASSERT (result2 == NULL);
ASSERT (errno == EINVAL);
1
0
Hello community,
here is the log from the commit of package aaa_base for openSUSE:Factory checked in at 2019-12-02 11:26:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/aaa_base (Old)
and /work/SRC/openSUSE:Factory/.aaa_base.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aaa_base"
Mon Dec 2 11:26:25 2019 rev:458 rq:749969 version:84.87+git20191120.98f1524
Changes:
--------
--- /work/SRC/openSUSE:Factory/aaa_base/aaa_base.changes 2019-10-22 15:38:40.377253575 +0200
+++ /work/SRC/openSUSE:Factory/.aaa_base.new.4691/aaa_base.changes 2019-12-02 11:26:30.138690707 +0100
@@ -1,0 +2,8 @@
+Wed Nov 20 17:03:03 UTC 2019 - ro(a)suse.com
+
+- Update to version 84.87+git20191120.98f1524:
+ * merged PR 65
+ * dash fixes
+ * handle /usr/etc/login.defs for wsl
+
+-------------------------------------------------------------------
Old:
----
aaa_base-84.87+git20191017.bf0a315.tar.xz
New:
----
aaa_base-84.87+git20191120.98f1524.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ aaa_base.spec ++++++
--- /var/tmp/diff_new_pack.1CYM7u/_old 2019-12-02 11:26:31.258690283 +0100
+++ /var/tmp/diff_new_pack.1CYM7u/_new 2019-12-02 11:26:31.258690283 +0100
@@ -1,7 +1,7 @@
#
# spec file for package aaa_base
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -23,9 +23,9 @@
%endif
Name: aaa_base
-Version: 84.87+git20191017.bf0a315
+Version: 84.87+git20191120.98f1524
Release: 0
-Url: https://github.com/openSUSE/aaa_base
+URL: https://github.com/openSUSE/aaa_base
# do not require systemd - aaa_base is in the build environment and we don't
# want to pull in tons of dependencies
Conflicts: sysvinit-init
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.1CYM7u/_old 2019-12-02 11:26:31.294690270 +0100
+++ /var/tmp/diff_new_pack.1CYM7u/_new 2019-12-02 11:26:31.294690270 +0100
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/openSUSE/aaa_base.git</param>
- <param name="changesrevision">bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1</param></service></servicedata>
\ No newline at end of file
+ <param name="changesrevision">90b35240d1a699f69c2093ea9b5c94879e1aba17</param></service></servicedata>
\ No newline at end of file
++++++ aaa_base-84.87+git20191017.bf0a315.tar.xz -> aaa_base-84.87+git20191120.98f1524.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aaa_base-84.87+git20191017.bf0a315/files/etc/profile.d/wsl.csh new/aaa_base-84.87+git20191120.98f1524/files/etc/profile.d/wsl.csh
--- old/aaa_base-84.87+git20191017.bf0a315/files/etc/profile.d/wsl.csh 2019-10-17 07:19:47.000000000 +0200
+++ new/aaa_base-84.87+git20191120.98f1524/files/etc/profile.d/wsl.csh 2019-11-20 18:02:16.000000000 +0100
@@ -7,8 +7,16 @@
set -f path=($orig_path $path)
endif
if (`umask` == 0) then
- set umask_login_defs=`sed -ne 's/^UMASK[[:space:]]*//p' /etc/login.defs`
- if ( $umask_login_defs ) umask $umask_login_defs
- unset umask_login_defs
+ foreach logindefs ({,/usr}/etc/login.defs)
+ if ( ! -e $logindefs ) continue
+ break
+ end
+ if ( -e $logindefs ) then
+ set _umask_login_defs=`sed -ne 's/^UMASK[[:space:]]*//p' "$logindefs"`
+ if ( ${%_umask_login_defs} > 0) then
+ umask ${_umask_login_defs}
+ endif
+ unset _umask_login_defs
+ endif
endif
endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aaa_base-84.87+git20191017.bf0a315/files/etc/profile.d/wsl.sh new/aaa_base-84.87+git20191120.98f1524/files/etc/profile.d/wsl.sh
--- old/aaa_base-84.87+git20191017.bf0a315/files/etc/profile.d/wsl.sh 2019-10-17 07:19:47.000000000 +0200
+++ new/aaa_base-84.87+git20191120.98f1524/files/etc/profile.d/wsl.sh 2019-11-20 18:02:16.000000000 +0100
@@ -1,15 +1,25 @@
-# WSL does not utilitze this pam functionality currently.
-if test -f /proc/version ; then
- IS_WSL=$(grep -i microsoft /proc/version)
-fi
+# restore WSL path and set umask as WSL doesn't use pam to open a login shell
+__profile_setup_wsl() {
+ test -n "$WSL_DISTRO_NAME" || return 0
-if test -n "$IS_WSL" ; then
if test -n "$ORIG_PATH" ; then
PATH=$ORIG_PATH:$PATH
fi
- if test $(umask) -eq 0; then
- UMASK_LOGIN_DEFS=$(sed -ne 's/^UMASK[[:space:]]*//p' /etc/login.defs)
- test "$UMASK_LOGIN_DEFS" && umask "$UMASK_LOGIN_DEFS"
- unset UMASK_LOGIN_DEFS
+
+ if test $(umask) -eq 0000; then
+ local logindefs
+ for logindefs in /etc/login.defs /usr/etc/login.defs; do
+ test -e "$logindefs" || continue
+ break
+ done
+ if test -e "$logindefs"; then
+ local umask_login_defs=`sed -ne 's/^UMASK[[:space:]]*//p' "$logindefs"`
+ if test -n "$umask_login_defs"; then
+ umask "$umask_login_defs"
+ fi
+ fi
fi
-fi
+}
+
+__profile_setup_wsl
+unset __profile_setup_wsl
1
0
Hello community,
here is the log from the commit of package lzo for openSUSE:Factory checked in at 2019-12-02 11:26:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lzo (Old)
and /work/SRC/openSUSE:Factory/.lzo.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lzo"
Mon Dec 2 11:26:15 2019 rev:38 rq:749922 version:2.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/lzo/lzo.changes 2019-05-03 22:06:39.330828622 +0200
+++ /work/SRC/openSUSE:Factory/.lzo.new.4691/lzo.changes 2019-12-02 11:26:27.854691571 +0100
@@ -1,0 +2,6 @@
+Wed Nov 20 09:04:53 UTC 2019 - Martin Liška <mliska(a)suse.cz>
+
+- Disable strict aliasing due to its violation
+ (boo#1157271).
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lzo.spec ++++++
--- /var/tmp/diff_new_pack.rdKWJK/_old 2019-12-02 11:26:28.498691327 +0100
+++ /var/tmp/diff_new_pack.rdKWJK/_new 2019-12-02 11:26:28.498691327 +0100
@@ -1,7 +1,7 @@
#
# spec file for package lzo
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -75,7 +75,7 @@
%build
%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
-export CFLAGS="%{optflags} -fvisibility=hidden"
+export CFLAGS="%{optflags} -fvisibility=hidden -fno-strict-aliasing"
%configure --enable-shared \
--enable-static \
--disable-silent-rules \
1
0
Hello community,
here is the log from the commit of package rpmlint-Factory for openSUSE:Factory checked in at 2019-12-02 11:26:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rpmlint-Factory (Old)
and /work/SRC/openSUSE:Factory/.rpmlint-Factory.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rpmlint-Factory"
Mon Dec 2 11:26:11 2019 rev:51 rq:749900 version:1.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/rpmlint-Factory/rpmlint-Factory.changes 2019-07-29 17:25:29.450322212 +0200
+++ /work/SRC/openSUSE:Factory/.rpmlint-Factory.new.4691/rpmlint-Factory.changes 2019-12-02 11:26:25.670692397 +0100
@@ -1,0 +2,7 @@
+Fri Sep 27 09:12:25 UTC 2019 - Johannes Segitz <jsegitz(a)suse.de>
+
+- Reduce default badness values of various security relevant warnings
+ and increase them again in -strict subpackage. With that building
+ doesn't fail in home projects anymore if these warnings pop up
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rpmlint-Factory.spec ++++++
--- /var/tmp/diff_new_pack.JzPU20/_old 2019-12-02 11:26:26.762691984 +0100
+++ /var/tmp/diff_new_pack.JzPU20/_new 2019-12-02 11:26:26.766691983 +0100
@@ -40,7 +40,8 @@
%description strict
The package contains additional rpmlint configuration that forbids
-invalid licenses.
+invalid licenses and enforces higher badness values for warnings/errors
+that indicate that a security audit needs to take place.
%prep
cp %{SOURCE1} .
++++++ config ++++++
--- /var/tmp/diff_new_pack.JzPU20/_old 2019-12-02 11:26:26.802691969 +0100
+++ /var/tmp/diff_new_pack.JzPU20/_new 2019-12-02 11:26:26.802691969 +0100
@@ -76,13 +76,13 @@
setBadness('invalid-filepath-dependency', 10000)
setBadness('suse-policy-kmp-missing-supplements', 10000)
-setBadness('polkit-unauthorized-file', 10000)
-setBadness('polkit-unauthorized-privilege', 10000)
-setBadness('polkit-unauthorized-rules', 10000)
-setBadness('polkit-untracked-privilege', 10000)
-setBadness('permissions-unauthorized-file', 10000)
-setBadness('permissions-file-setuid-bit', 10000)
-setBadness('permissions-world-writable', 10000)
+setBadness('polkit-unauthorized-file', 10)
+setBadness('polkit-unauthorized-privilege', 10)
+setBadness('polkit-unauthorized-rules', 10)
+setBadness('polkit-untracked-privilege', 10)
+setBadness('permissions-unauthorized-file', 10)
+setBadness('permissions-file-setuid-bit', 10)
+setBadness('permissions-world-writable', 10)
setBadness('suse-filelist-forbidden', 10000)
setBadness('suse-filelist-forbidden-sysconfig', 10000)
setBadness('suse-filelist-forbidden-perl-dir', 10000)
@@ -100,7 +100,7 @@
#setBadness('suse-filelist-forbidden-fhs23', 10000)
setBadness('info-dir-file', 10000)
-setBadness('suse-dbus-unauthorized-service', 10000)
+setBadness('suse-dbus-unauthorized-service', 10)
setBadness('non-position-independent-executable', 10000)
setBadness('lto-bytecode', 10000)
setBadness('lto-no-text-in-archive', 10000)
++++++ config.strict ++++++
--- /var/tmp/diff_new_pack.JzPU20/_old 2019-12-02 11:26:26.814691964 +0100
+++ /var/tmp/diff_new_pack.JzPU20/_new 2019-12-02 11:26:26.818691963 +0100
@@ -26,4 +26,11 @@
from Config import *
setBadness('invalid-license', 100000)
-
+setBadness('polkit-unauthorized-file', 10000)
+setBadness('polkit-unauthorized-privilege', 10000)
+setBadness('polkit-unauthorized-rules', 10000)
+setBadness('polkit-untracked-privilege', 10000)
+setBadness('permissions-unauthorized-file', 10000)
+setBadness('permissions-file-setuid-bit', 10000)
+setBadness('permissions-world-writable', 10000)
+setBadness('suse-dbus-unauthorized-service', 10000)
1
0
Hello community,
here is the log from the commit of package sed for openSUSE:Factory checked in at 2019-12-02 11:26:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sed (Old)
and /work/SRC/openSUSE:Factory/.sed.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sed"
Mon Dec 2 11:26:05 2019 rev:33 rq:749899 version:4.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/sed/sed.changes 2019-09-26 20:35:50.523406910 +0200
+++ /work/SRC/openSUSE:Factory/.sed.new.4691/sed.changes 2019-12-02 11:26:15.246696340 +0100
@@ -1,0 +2,6 @@
+Wed Nov 20 09:09:47 UTC 2019 - Martin Liška <mliska(a)suse.cz>
+
+- Add disable-null-ptr-argument.patch in order to fix
+ boo#1157218.
+
+-------------------------------------------------------------------
New:
----
disable-null-ptr-argument.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sed.spec ++++++
--- /var/tmp/diff_new_pack.afNaRQ/_old 2019-12-02 11:26:15.998696056 +0100
+++ /var/tmp/diff_new_pack.afNaRQ/_new 2019-12-02 11:26:16.002696054 +0100
@@ -1,7 +1,7 @@
#
# spec file for package sed
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -28,6 +28,7 @@
Source2: %{name}.keyring
# PATCH-FIX-SLE sed-dont_close_twice.patch bnc@880817 tcech(a)suse.cz -- Fix double close.
Patch0: sed-dont_close_twice.patch
+Patch1: disable-null-ptr-argument.patch
BuildRequires: libacl-devel
BuildRequires: libselinux-devel
Requires(post): %{install_info_prereq}
@@ -45,6 +46,7 @@
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%build
%define warn_flags -Wall -Wstrict-prototypes -Wpointer-arith -Wformat-security
++++++ disable-null-ptr-argument.patch ++++++
diff --git a/gnulib-tests/test-canonicalize-lgpl.c b/gnulib-tests/test-canonicalize-lgpl.c
index 4cec490..c91aa1f 100644
--- a/gnulib-tests/test-canonicalize-lgpl.c
+++ b/gnulib-tests/test-canonicalize-lgpl.c
@@ -71,9 +71,6 @@ main (void)
ASSERT (result == NULL);
ASSERT (errno == ENOENT);
errno = 0;
- result = canonicalize_file_name (null_ptr ());
- ASSERT (result == NULL);
- ASSERT (errno == EINVAL);
}
/* Check that a non-directory with trailing slash yields NULL. */
1
0
Hello community,
here is the log from the commit of package efont-unicode-bitmap-fonts for openSUSE:Factory checked in at 2019-12-02 11:25:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/efont-unicode-bitmap-fonts (Old)
and /work/SRC/openSUSE:Factory/.efont-unicode-bitmap-fonts.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "efont-unicode-bitmap-fonts"
Mon Dec 2 11:25:48 2019 rev:9 rq:752331 version:0.4.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/efont-unicode-bitmap-fonts/efont-unicode-bitmap-fonts.changes 2017-06-21 13:52:38.385895222 +0200
+++ /work/SRC/openSUSE:Factory/.efont-unicode-bitmap-fonts.new.4691/efont-unicode-bitmap-fonts.changes 2019-12-02 11:26:09.458698530 +0100
@@ -1,0 +2,6 @@
+Thu Nov 21 18:54:57 UTC 2019 - Stefan Brüns <stefan.bruens(a)rwth-aachen.de>
+
+- Fix use of deprecated one-based array index, removed in perl 5.30.
+ Add remove_deprecated_one_based_array_index.diff
+
+-------------------------------------------------------------------
New:
----
remove_deprecated_one_based_array_index.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ efont-unicode-bitmap-fonts.spec ++++++
--- /var/tmp/diff_new_pack.xDTQwr/_old 2019-12-02 11:26:11.142697893 +0100
+++ /var/tmp/diff_new_pack.xDTQwr/_new 2019-12-02 11:26:11.142697893 +0100
@@ -1,7 +1,7 @@
#
# spec file for package efont-unicode-bitmap-fonts
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -21,9 +21,9 @@
Release: 0
%define _miscfontsdir /usr/share/fonts/misc
Summary: Unicode Font by /efont/
-License: SUSE-Public-Domain and BSD-3-Clause
+License: SUSE-Public-Domain AND BSD-3-Clause
Group: System/X11/Fonts
-Url: http://openlab.ring.gr.jp/efont/
+URL: http://openlab.ring.gr.jp/efont/
Source0: http://openlab.ring.gr.jp/efont/dist/unicode-bdf/efont-unicode-bdf-0.4.2-sr…
# PATCH-MISSING-TAG -- See http://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines
Patch0: baseline-offset.diff
@@ -31,15 +31,15 @@
Patch1: bugzilla-199997-some-glyphs-for-yast.patch
# PATCH-FIX-UPSTREAM -- ToDo
Patch2: reproducible.patch
+# PATCH-FIX-OPENSUSE
+Patch3: remove_deprecated_one_based_array_index.diff
BuildRequires: bdfresize
-BuildRequires: fontpackages-devel
-%if 0%{?suse_version} >= 1220
BuildRequires: bdftopcf
-BuildRequires: mkfontdir
-%else
-BuildRequires: xorg-x11
-%endif
+BuildRequires: fontpackages-devel
%reconfigure_fonts_prereq
+Requires(post): mkfontdir
+Requires(postun): mkfontdir
+Requires(posttrans): mkfontdir
Provides: efont-unicode = %{version}
Obsoletes: efont-unicode <= 0.4.2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -54,6 +54,7 @@
%patch0
%patch1 -p1
%patch2 -p1
+%patch3 -p1
iconv -f ISO-8859-1 -t UTF-8 < README.etl-unicode > README.etl-unicode.tmp
mv README.etl-unicode.tmp README.etl-unicode
for i in README.shinonome README.naga10
@@ -74,7 +75,8 @@
%files
%defattr(-, root,root)
-%doc README* COPYRIGHT ChangeLog
+%license COPYRIGHT
+%doc README* ChangeLog
%dir %{_miscfontsdir}/
%{_miscfontsdir}/*.pcf.gz
++++++ remove_deprecated_one_based_array_index.diff ++++++
--- efont-unicode-bdf-0.4.2-src/tools/hex2bdf.in_orig 2019-11-21 19:52:54.341747143 +0100
+++ efont-unicode-bdf-0.4.2-src/tools/hex2bdf.in 2019-11-21 19:53:57.469747085 +0100
@@ -14,7 +14,7 @@
while (<>) { $glyph{$1} = $2 if /(.{4,}):(.+)\n/; }
-@chars = sort keys %glyph; $[ = 1;
+@chars = sort keys %glyph;
#dbmopen (%charname, "/usr/share/unicode/unidata/charname.db", 0);
print "STARTFONT 2.1\n";
@@ -55,7 +55,7 @@
FONT_DESCENT 2
DEFAULT_CHAR $default_char
ENDPROPERTIES
-CHARS $#chars\n";
+CHARS " . scalar(@chars) . "\n";
foreach $character (@chars) {
$encoding = hex($character); $glyph = $glyph{$character};
1
0