openSUSE Commits
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
August 2020
- 1 participants
- 2816 discussions
Hello community,
here is the log from the commit of package mpich for openSUSE:Factory checked in at 2020-08-03 14:13:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mpich (Old)
and /work/SRC/openSUSE:Factory/.mpich.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mpich"
Mon Aug 3 14:13:42 2020 rev:20 rq:823139 version:3.3.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/mpich/mpich.changes 2020-07-24 12:10:57.277898967 +0200
+++ /work/SRC/openSUSE:Factory/.mpich.new.3592/mpich.changes 2020-08-03 14:14:15.092430830 +0200
@@ -1,0 +2,6 @@
+Sat Jul 25 07:07:11 UTC 2020 - Egbert Eich <eich(a)suse.com>
+
+- For HPC builds check for gnu compiler suite version >= 10 and
+ set -fallow-argument-mismatch.
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mpich.spec ++++++
--- /var/tmp/diff_new_pack.zONoaa/_old 2020-08-03 14:14:17.436433180 +0200
+++ /var/tmp/diff_new_pack.zONoaa/_new 2020-08-03 14:14:17.440433184 +0200
@@ -388,7 +388,7 @@
%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
# GCC10 needs an extra flag to allow badly passed parameters
-%if 0%{?suse_version} > 1500
+%if 0%{?suse_version} > 1500 || 0%{?hpc_gnu_dep_version} >= 10
export FFLAGS="-fallow-argument-mismatch $FFLAGS"
%endif
1
0
Hello community,
here is the log from the commit of package aws-cli for openSUSE:Factory checked in at 2020-08-03 14:13:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/aws-cli (Old)
and /work/SRC/openSUSE:Factory/.aws-cli.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-cli"
Mon Aug 3 14:13:24 2020 rev:39 rq:821876 version:1.18.98
Changes:
--------
--- /work/SRC/openSUSE:Factory/aws-cli/aws-cli.changes 2020-06-22 17:44:34.337590450 +0200
+++ /work/SRC/openSUSE:Factory/.aws-cli.new.3592/aws-cli.changes 2020-08-03 14:14:05.724421436 +0200
@@ -1,0 +2,9 @@
+Thu Jul 16 20:32:03 UTC 2020 - John Paul Adrian Glaubitz <adrian.glaubitz(a)suse.com>
+
+- Update to version 1.18.98
+ + For detailed changes see
+ https://github.com/aws/aws-cli/blob/1.18.79/CHANGELOG.rst
+ + Forward port hide_py_pckgmgmt.patch
+ + Update Requires in spec file from setup.py
+
+-------------------------------------------------------------------
Old:
----
aws-cli-1.18.79.tar.gz
New:
----
aws-cli-1.18.98.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ aws-cli.spec ++++++
--- /var/tmp/diff_new_pack.sB8U45/_old 2020-08-03 14:14:08.312424032 +0200
+++ /var/tmp/diff_new_pack.sB8U45/_new 2020-08-03 14:14:08.316424035 +0200
@@ -17,7 +17,7 @@
Name: aws-cli
-Version: 1.18.79
+Version: 1.18.98
Release: 0
Summary: Amazon Web Services Command Line Interface
License: Apache-2.0
@@ -35,7 +35,7 @@
Requires: python3
Requires: python3-PyYAML <= 6.0.0
Requires: python3-PyYAML >= 3.10
-Requires: python3-botocore >= 1.17.2
+Requires: python3-botocore >= 1.17.21
Requires: python3-colorama <= 0.4.4
Requires: python3-colorama >= 0.2.5
Requires: python3-docutils >= 0.10
++++++ aws-cli-1.18.79.tar.gz -> aws-cli-1.18.98.tar.gz ++++++
++++ 7295 lines of diff (skipped)
++++++ hide_py_pckgmgmt.patch ++++++
--- /var/tmp/diff_new_pack.sB8U45/_old 2020-08-03 14:14:09.288425011 +0200
+++ /var/tmp/diff_new_pack.sB8U45/_new 2020-08-03 14:14:09.292425014 +0200
@@ -1,19 +1,17 @@
---- setup.py.orig 2020-06-12 20:10:00.000000000 +0200
-+++ setup.py 2020-06-15 15:09:31.139551134 +0200
-@@ -23,20 +23,20 @@
+--- setup.py.orig 2020-07-15 20:15:58.000000000 +0200
++++ setup.py 2020-07-16 22:31:38.745172282 +0200
+@@ -23,21 +23,21 @@
raise RuntimeError("Unable to find version string.")
-install_requires = [
-- 'botocore==1.17.2',
+- 'botocore==1.17.21',
- 'docutils>=0.10,<0.16',
-- 'rsa>=3.1.2,<=3.5.0',
- 's3transfer>=0.3.0,<0.4.0',
-]
+# install_requires = [
-+# 'botocore==1.17.2',
++# 'botocore==1.17.21',
+# 'docutils>=0.10,<0.16',
-+# 'rsa>=3.1.2,<=3.5.0',
+# 's3transfer>=0.3.0,<0.4.0',
+# ]
@@ -21,19 +19,23 @@
-if sys.version_info[:2] == (3, 4):
- install_requires.append('PyYAML>=3.10,<5.3')
- install_requires.append('colorama>=0.2.5,<0.4.2')
+- install_requires.append('rsa>=3.1.2,<=4.0.0')
-else:
- install_requires.append('PyYAML>=3.10,<5.4')
- install_requires.append('colorama>=0.2.5,<0.4.4')
+- install_requires.append('rsa>=3.1.2,<=4.5.0')
+# if sys.version_info[:2] == (3, 4):
+# install_requires.append('PyYAML>=3.10,<5.3')
+# install_requires.append('colorama>=0.2.5,<0.4.2')
++# install_requires.append('rsa>=3.1.2,<=4.0.0')
+# else:
+# install_requires.append('PyYAML>=3.10,<5.4')
+# install_requires.append('colorama>=0.2.5,<0.4.4')
++# install_requires.append('rsa>=3.1.2,<=4.5.0')
setup_options = dict(
-@@ -54,8 +54,8 @@
+@@ -55,8 +55,8 @@
'examples/*/*.txt', 'examples/*/*/*.txt',
'examples/*/*/*.rst', 'topics/*.rst',
'topics/*.json']},
1
0
Hello community,
here is the log from the commit of package dnsmasq for openSUSE:Factory checked in at 2020-08-03 14:13:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dnsmasq (Old)
and /work/SRC/openSUSE:Factory/.dnsmasq.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dnsmasq"
Mon Aug 3 14:13:03 2020 rev:78 rq:823748 version:2.82
Changes:
--------
--- /work/SRC/openSUSE:Factory/dnsmasq/dnsmasq.changes 2020-06-04 17:49:32.483714030 +0200
+++ /work/SRC/openSUSE:Factory/.dnsmasq.new.3592/dnsmasq.changes 2020-08-03 14:13:49.360405026 +0200
@@ -1,0 +2,18 @@
+Tue Jul 28 08:00:51 UTC 2020 - Martin Rey <mrey(a)suse.com>
+
+- Update to 2.82:
+ * Improve behaviour in the face of network interfaces which come
+ and go and change index.
+ * Convert hard startup failure on NETLINK_NO_ENOBUFS under
+ qemu-user to a warning.
+ * Allow IPv6 addresses ofthe form [::ffff:1.2.3.4] in
+ --dhcp-option.
+ * Fix crash under heavy TCP connection load introduced in 2.81.
+ * Change default lease time for DHCPv6 to one day.
+ * Alter calculation of preferred and valid times in router
+ advertisements, so that these do not have a floor applied of
+ the lease time in the dhcp-range if this is not explicitly
+ specified and is merely the default.
+- Reformat spec file with spec-cleaner
+
+-------------------------------------------------------------------
Old:
----
dnsmasq-2.81.tar.xz
dnsmasq-2.81.tar.xz.asc
New:
----
dnsmasq-2.82.tar.xz
dnsmasq-2.82.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dnsmasq.spec ++++++
--- /var/tmp/diff_new_pack.tuL7cC/_old 2020-08-03 14:13:50.924406594 +0200
+++ /var/tmp/diff_new_pack.tuL7cC/_new 2020-08-03 14:13:50.928406599 +0200
@@ -21,14 +21,12 @@
%else
%bcond_without tftp_user_package
%endif
-
Name: dnsmasq
+Version: 2.82
+Release: 0
Summary: DNS Forwarder and DHCP Server
License: GPL-2.0-only OR GPL-3.0-only
Group: Productivity/Networking/DNS/Servers
-Version: 2.81
-Release: 0
-Provides: dns_daemon
URL: http://www.thekelleys.org.uk/dnsmasq/
Source0: http://www.thekelleys.org.uk/%{name}/%{name}-%{version}.tar.xz
Source1: http://www.thekelleys.org.uk/%{name}/%{name}-%{version}.tar.xz.asc
@@ -38,20 +36,20 @@
Source5: rc.dnsmasq-suse
Source8: %{name}-rpmlintrc
Patch0: dnsmasq-groups.patch
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: dbus-1-devel
BuildRequires: dos2unix
BuildRequires: libidn2-devel
BuildRequires: libnettle-devel
BuildRequires: lua-devel
-BuildRequires: pkg-config
+BuildRequires: pkgconfig
BuildRequires: pkgconfig(libnetfilter_conntrack)
BuildRequires: pkgconfig(systemd)
Requires(pre): group(nogroup)
+Provides: dns_daemon
%if %{with tftp_user_package}
Requires(pre): user(tftp)
%else
-Requires(pre): /usr/sbin/useradd
+Requires(pre): %{_sbindir}/useradd
%endif
%description
@@ -83,7 +81,7 @@
dos2unix contrib/systemd/dbus_activation
# SED-FIX-UPSTREAM -- Fix paths
-sed -i -e 's|\(PREFIX *= *\)/usr/local|\1/usr|;
+sed -i -e 's|\(PREFIX *= *\)%{_prefix}/local|\1/usr|;
s|$(LDFLAGS)|$(CFLAGS) $(LDFLAGS)|' \
Makefile
@@ -101,31 +99,31 @@
src/config.h
# Fix trust-anchor.conf location and include /etc/dnsmasq.d/*.conf by default
-sed -i -e '/trust-anchors.conf/c\#conf-file=/etc/dnsmasq.d/trust-anchors.conf' \
+sed -i -e '/trust-anchors.conf/c\#conf-file=%{_sysconfdir}/dnsmasq.d/trust-anchors.conf' \
-e '/conf-dir=.*conf/s/^\#//' \
dnsmasq.conf.example
%build
mv po/no.po po/nb.po
-export CFLAGS="%optflags -std=gnu99 -fPIC -DPIC -fpie"
+export CFLAGS="%{optflags} -std=gnu99 -fPIC -DPIC -fpie"
export LDFLAGS="-Wl,-z,relro,-z,now -pie"
# the dnsmasq make system hashes the configuration flags, so we have to supply the
# same flags for make and make install, else everything gets recompiled
%define _copts "-DHAVE_DBUS -DHAVE_CONNTRACK -DHAVE_LIBIDN2 -DHAVE_DNSSEC -DHAVE_LUASCRIPT"
-make %{?_smp_mflags} AWK=gawk all-i18n CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" COPTS=%{_copts}
+%make_build AWK=gawk all-i18n CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" COPTS=%{_copts}
%pre
%if %{without tftp_user_package}
-if ! /usr/bin/getent group tftp >/dev/null; then
+if ! %{_bindir}/getent group tftp >/dev/null; then
%{_sbindir}/groupadd -r tftp
fi
-if ! /usr/bin/getent passwd tftp >/dev/null; then
+if ! %{_bindir}/getent passwd tftp >/dev/null; then
%{_sbindir}/useradd -c "TFTP account" -d /srv/tftpboot -G tftp -g tftp \
-r -s /bin/false tftp
fi
%endif
-if ! /usr/bin/getent passwd dnsmasq >/dev/null; then
- /usr/sbin/useradd -r -d /var/lib/empty -s /bin/false -c "dnsmasq" -g nogroup -G tftp dnsmasq
+if ! %{_bindir}/getent passwd dnsmasq >/dev/null; then
+ %{_sbindir}/useradd -r -d %{_localstatedir}/lib/empty -s /bin/false -c "dnsmasq" -g nogroup -G tftp dnsmasq
fi
%service_add_pre %{name}.service
@@ -133,8 +131,8 @@
%post
%service_add_post %{name}.service
# reload dbus after install or upgrade to apply new policies
-if [ -z "${TRANSACTIONAL_UPDATE}" -a -x /usr/bin/systemctl ]; then
- /usr/bin/systemctl reload dbus.service 2>/dev/null || :
+if [ -z "${TRANSACTIONAL_UPDATE}" -a -x %{_bindir}/systemctl ]; then
+ %{_bindir}/systemctl reload dbus.service 2>/dev/null || :
fi
%preun
@@ -144,22 +142,22 @@
%service_del_postun %{name}.service
# reload dbus after uninstall, our policies are gone again
if [ $1 -eq 0 -a -z "${TRANSACTIONAL_UPDATE}" \
- -a -x /usr/bin/systemctl ]; then
- /usr/bin/systemctl reload dbus.service 2>/dev/null || :
+ -a -x %{_bindir}/systemctl ]; then
+ %{_bindir}/systemctl reload dbus.service 2>/dev/null || :
fi
%install
-make install-i18n DESTDIR=%{buildroot} PREFIX=/usr AWK=gawk COPTS=%{_copts}
+make install-i18n DESTDIR=%{buildroot} PREFIX=%{_prefix} AWK=gawk COPTS=%{_copts}
install -d -m 755 %{buildroot}/%{_sysconfdir}/slp.reg.d
install -m 644 dnsmasq.conf.example %{buildroot}/%{_sysconfdir}/dnsmasq.conf
-install -m 644 %SOURCE3 %{buildroot}/%{_sysconfdir}/slp.reg.d/
-install -d 755 %{buildroot}/etc/dbus-1/system.d/
-install -m 644 dbus/dnsmasq.conf %{buildroot}/etc/dbus-1/system.d/dnsmasq.conf
-install -D -m 0644 %SOURCE4 %{buildroot}%{_unitdir}/dnsmasq.service
+install -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/slp.reg.d/
+install -d 755 %{buildroot}%{_sysconfdir}/dbus-1/system.d/
+install -m 644 dbus/dnsmasq.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
+install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/dnsmasq.service
%if %{without tftp_user_package}
install -d -m 0755 %{buildroot}/srv/tftpboot
%endif
-ln -sf %{_sbindir}/service %{buildroot}/usr/sbin/rcdnsmasq
+ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdnsmasq
install -d -m 755 %{buildroot}/%{_sysconfdir}/dnsmasq.d
install -m 644 trust-anchors.conf %{buildroot}/%{_sysconfdir}/dnsmasq.d/trust-anchors.conf
@@ -189,8 +187,8 @@
%{_sbindir}/rcdnsmasq
%dir %{_sysconfdir}/slp.reg.d/
%config %attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/dnsmasq.reg
-%{_mandir}/man8/dnsmasq.8.gz
-%config(noreplace) /etc/dbus-1/system.d/dnsmasq.conf
+%{_mandir}/man8/dnsmasq.8%{?ext_man}
+%config(noreplace) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
%{_unitdir}/dnsmasq.service
%dir %{_sysconfdir}/dnsmasq.d
%config(noreplace) %{_sysconfdir}/dnsmasq.d/trust-anchors.conf
++++++ dnsmasq-2.81.tar.xz -> dnsmasq-2.82.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/CHANGELOG new/dnsmasq-2.82/CHANGELOG
--- old/dnsmasq-2.81/CHANGELOG 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/CHANGELOG 2020-07-19 22:54:44.000000000 +0200
@@ -1,6 +1,27 @@
+version 2.82
+ Improve behaviour in the face of network interfaces which come
+ and go and change index. Thanks to Petr Mensik for the patch.
+
+ Convert hard startup failure on NETLINK_NO_ENOBUFS under qemu-user
+ to a warning.
+
+ Allow IPv6 addresses ofthe form [::ffff:1.2.3.4] in --dhcp-option.
+
+ Fix crash under heavy TCP connection load introduced in 2.81.
+ Thanks to Frank for good work chasing this down.
+
+ Change default lease time for DHCPv6 to one day.
+
+ Alter calculation of preferred and valid times in router
+ advertisements, so that these do not have a floor applied
+ of the lease time in the dhcp-range if this is not explicitly
+ specified and is merely the default.
+ Thanks to Martin-Éric Racine for suggestions on this.
+
+
version 2.81
Improve cache behaviour for TCP connections. For ease of
- implementaion, dnsmasq has always forked a new process to handle
+ implementation, dnsmasq has always forked a new process to handle
each incoming TCP connection. A side-effect of this is that
any DNS queries answered from TCP connections are not cached:
when TCP connections were rare, this was not a problem.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/VERSION new/dnsmasq-2.82/VERSION
--- old/dnsmasq-2.81/VERSION 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/VERSION 2020-07-19 22:54:44.000000000 +0200
@@ -1 +1 @@
- (HEAD -> master, tag: v2.81, origin/master, origin/HEAD)
+ (HEAD -> master, tag: v2.82, origin/master, origin/HEAD)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/man/dnsmasq.8 new/dnsmasq-2.82/man/dnsmasq.8
--- old/dnsmasq-2.81/man/dnsmasq.8 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/man/dnsmasq.8 2020-07-19 22:54:44.000000000 +0200
@@ -428,7 +428,7 @@
or domain parts, to upstream nameservers. If the name is not known
from /etc/hosts or DHCP then a "not found" answer is returned.
.TP
-.B \-S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]
+.B \-S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>]][@<source-ip>|<interface>[#<port>]]
Specify IP address of upstream servers directly. Setting this flag does
not suppress reading of /etc/resolv.conf, use \fB--no-resolv\fP to do that. If one or more
optional domains are given, that server is used only for those domains
@@ -861,7 +861,7 @@
options. If the lease time is given, then leases
will be given for that length of time. The lease time is in seconds,
or minutes (eg 45m) or hours (eg 1h) or "infinite". If not given,
-the default lease time is one hour. The
+the default lease time is one hour for IPv4 and one day for IPv6. The
minimum lease time is two minutes. For IPv6 ranges, the lease time
maybe "deprecated"; this sets the preferred lifetime sent in a DHCP
lease or router advertisement to zero, which causes clients to use
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/src/cache.c new/dnsmasq-2.82/src/cache.c
--- old/dnsmasq-2.81/src/cache.c 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/src/cache.c 2020-07-19 22:54:44.000000000 +0200
@@ -472,16 +472,29 @@
struct crec *cache_insert(char *name, union all_addr *addr, unsigned short class,
time_t now, unsigned long ttl, unsigned int flags)
{
- /* Don't log DNSSEC records here, done elsewhere */
- if (flags & (F_IPV4 | F_IPV6 | F_CNAME | F_SRV))
+#ifdef HAVE_DNSSEC
+ if (flags & (F_DNSKEY | F_DS))
{
+ /* The DNSSEC validation process works by getting needed records into the
+ cache, then retrying the validation until they are all in place.
+ This can be messed up by very short TTLs, and _really_ messed up by
+ zero TTLs, so we force the TTL to be at least long enough to do a validation.
+ Ideally, we should use some kind of reference counting so that records are
+ locked until the validation that asked for them is complete, but this
+ is much easier, and just as effective. */
+ if (ttl < DNSSEC_MIN_TTL)
+ ttl = DNSSEC_MIN_TTL;
+ }
+ else
+#endif
+ {
+ /* Don't log DNSSEC records here, done elsewhere */
log_query(flags | F_UPSTREAM, name, addr, NULL);
- /* Don't mess with TTL for DNSSEC records. */
if (daemon->max_cache_ttl != 0 && daemon->max_cache_ttl < ttl)
ttl = daemon->max_cache_ttl;
if (daemon->min_cache_ttl != 0 && daemon->min_cache_ttl > ttl)
ttl = daemon->min_cache_ttl;
- }
+ }
return really_insert(name, addr, class, now, ttl, flags);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/src/config.h new/dnsmasq-2.82/src/config.h
--- old/dnsmasq-2.81/src/config.h 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/src/config.h 2020-07-19 22:54:44.000000000 +0200
@@ -40,9 +40,11 @@
#define DHCP_PACKET_MAX 16384 /* hard limit on DHCP packet size */
#define SMALLDNAME 50 /* most domain names are smaller than this */
#define CNAME_CHAIN 10 /* chains longer than this atr dropped for loop protection */
+#define DNSSEC_MIN_TTL 60 /* DNSKEY and DS records in cache last at least this long */
#define HOSTSFILE "/etc/hosts"
#define ETHERSFILE "/etc/ethers"
-#define DEFLEASE 3600 /* default lease time, 1 hour */
+#define DEFLEASE 3600 /* default DHCPv4 lease time, one hour */
+#define DEFLEASE6 (3600*24) /* default lease time for DHCPv6. One day. */
#define CHUSER "nobody"
#define CHGRP "dip"
#define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/src/dbus.c new/dnsmasq-2.82/src/dbus.c
--- old/dnsmasq-2.81/src/dbus.c 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/src/dbus.c 2020-07-19 22:54:44.000000000 +0200
@@ -237,7 +237,7 @@
for (serv = daemon->servers; serv; serv = serv->next)
if (serv->flags & SERV_LOOP)
{
- prettyprint_addr(&serv->addr, daemon->addrbuff);
+ (void)prettyprint_addr(&serv->addr, daemon->addrbuff);
dbus_message_iter_append_basic (&args_iter, DBUS_TYPE_STRING, &daemon->addrbuff);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/src/dhcp-common.c new/dnsmasq-2.82/src/dhcp-common.c
--- old/dnsmasq-2.81/src/dhcp-common.c 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/src/dhcp-common.c 2020-07-19 22:54:44.000000000 +0200
@@ -38,7 +38,7 @@
ssize_t recv_dhcp_packet(int fd, struct msghdr *msg)
{
- ssize_t sz;
+ ssize_t sz, new_sz;
while (1)
{
@@ -65,9 +65,18 @@
}
}
- while ((sz = recvmsg(fd, msg, 0)) == -1 && errno == EINTR);
+ while ((new_sz = recvmsg(fd, msg, 0)) == -1 && errno == EINTR);
+
+ /* Some kernels seem to ignore MSG_PEEK, and dequeue the packet anyway.
+ If that happens we get EAGAIN here because the socket is non-blocking.
+ Use the result of the original testing recvmsg as long as the buffer
+ was big enough. There's a small race here that may lose the odd packet,
+ but it's UDP anyway. */
+
+ if (new_sz == -1 && (errno == EWOULDBLOCK || errno == EAGAIN))
+ new_sz = sz;
- return (msg->msg_flags & MSG_TRUNC) ? -1 : sz;
+ return (msg->msg_flags & MSG_TRUNC) ? -1 : new_sz;
}
struct dhcp_netid *run_tag_if(struct dhcp_netid *tags)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/src/dnsmasq.c new/dnsmasq-2.82/src/dnsmasq.c
--- old/dnsmasq-2.81/src/dnsmasq.c 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/src/dnsmasq.c 2020-07-19 22:54:44.000000000 +0200
@@ -58,6 +58,7 @@
char *bound_device = NULL;
int did_bind = 0;
struct server *serv;
+ char *netlink_warn;
#endif
#if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
struct dhcp_context *context;
@@ -327,7 +328,7 @@
#endif
#if defined(HAVE_LINUX_NETWORK)
- netlink_init();
+ netlink_warn = netlink_init();
#elif defined(HAVE_BSD_NETWORK)
route_init();
#endif
@@ -946,6 +947,9 @@
# ifdef HAVE_LINUX_NETWORK
if (did_bind)
my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device);
+
+ if (netlink_warn)
+ my_syslog(LOG_WARNING, netlink_warn);
# endif
/* after dhcp_construct_contexts */
@@ -1820,7 +1824,8 @@
addr.addr4 = tcp_addr.in.sin_addr;
for (iface = daemon->interfaces; iface; iface = iface->next)
- if (iface->index == if_index)
+ if (iface->index == if_index &&
+ iface->addr.sa.sa_family == tcp_addr.sa.sa_family)
break;
if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
@@ -1859,31 +1864,30 @@
else
{
int i;
+#ifdef HAVE_LINUX_NETWORK
+ /* The child process inherits the netlink socket,
+ which it never uses, but when the parent (us)
+ uses it in the future, the answer may go to the
+ child, resulting in the parent blocking
+ forever awaiting the result. To avoid this
+ the child closes the netlink socket, but there's
+ a nasty race, since the parent may use netlink
+ before the child has done the close.
+
+ To avoid this, the parent blocks here until a
+ single byte comes back up the pipe, which
+ is sent by the child after it has closed the
+ netlink socket. */
+
+ unsigned char a;
+ read_write(pipefd[0], &a, 1, 1);
+#endif
for (i = 0; i < MAX_PROCS; i++)
if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1)
{
- char a;
- (void)a; /* suppress potential unused warning */
-
daemon->tcp_pids[i] = p;
daemon->tcp_pipes[i] = pipefd[0];
-#ifdef HAVE_LINUX_NETWORK
- /* The child process inherits the netlink socket,
- which it never uses, but when the parent (us)
- uses it in the future, the answer may go to the
- child, resulting in the parent blocking
- forever awaiting the result. To avoid this
- the child closes the netlink socket, but there's
- a nasty race, since the parent may use netlink
- before the child has done the close.
-
- To avoid this, the parent blocks here until a
- single byte comes back up the pipe, which
- is sent by the child after it has closed the
- netlink socket. */
- retry_send(read(pipefd[0], &a, 1));
-#endif
break;
}
}
@@ -1915,16 +1919,16 @@
terminate the process. */
if (!option_bool(OPT_DEBUG))
{
- char a = 0;
- (void)a; /* suppress potential unused warning */
+#ifdef HAVE_LINUX_NETWORK
+ /* See comment above re: netlink socket. */
+ unsigned char a = 0;
+
+ close(daemon->netlinkfd);
+ read_write(pipefd[1], &a, 1, 0);
+#endif
alarm(CHILD_LIFETIME);
close(pipefd[0]); /* close read end in child. */
daemon->pipe_to_parent = pipefd[1];
-#ifdef HAVE_LINUX_NETWORK
- /* See comment above re netlink socket. */
- close(daemon->netlinkfd);
- retry_send(write(pipefd[1], &a, 1));
-#endif
}
/* start with no upstream connections. */
@@ -1951,8 +1955,10 @@
shutdown(s->tcpfd, SHUT_RDWR);
close(s->tcpfd);
}
+
if (!option_bool(OPT_DEBUG))
{
+ close(daemon->pipe_to_parent);
flush_log();
_exit(0);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/src/dnsmasq.h new/dnsmasq-2.82/src/dnsmasq.h
--- old/dnsmasq-2.81/src/dnsmasq.h 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/src/dnsmasq.h 2020-07-19 22:54:44.000000000 +0200
@@ -572,7 +572,8 @@
};
struct listener {
- int fd, tcpfd, tftpfd, family;
+ int fd, tcpfd, tftpfd, used;
+ union mysockaddr addr;
struct irec *iface; /* only sometimes valid for non-wildcard */
struct listener *next;
};
@@ -941,6 +942,7 @@
#define CONTEXT_OLD (1u<<16)
#define CONTEXT_V6 (1u<<17)
#define CONTEXT_RA_OFF_LINK (1u<<18)
+#define CONTEXT_SETLEASE (1u<<19)
struct ping_result {
struct in_addr addr;
@@ -1450,7 +1452,7 @@
/* netlink.c */
#ifdef HAVE_LINUX_NETWORK
-void netlink_init(void);
+char *netlink_init(void);
void netlink_multicast(void);
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/src/forward.c new/dnsmasq-2.82/src/forward.c
--- old/dnsmasq-2.81/src/forward.c 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/src/forward.c 2020-07-19 22:54:44.000000000 +0200
@@ -676,7 +676,7 @@
if (!(header->hb4 & HB4_RA) && rcode == NOERROR &&
server && !(server->flags & SERV_WARNED_RECURSIVE))
{
- prettyprint_addr(&server->addr, daemon->namebuff);
+ (void)prettyprint_addr(&server->addr, daemon->namebuff);
my_syslog(LOG_WARNING, _("nameserver %s refused to do a recursive query"), daemon->namebuff);
if (!option_bool(OPT_LOG))
server->flags |= SERV_WARNED_RECURSIVE;
@@ -960,7 +960,7 @@
{
forward->sentto->edns_pktsz = SAFE_PKTSZ;
forward->sentto->pktsz_reduced = now;
- prettyprint_addr(&forward->sentto->addr, daemon->addrbuff);
+ (void)prettyprint_addr(&forward->sentto->addr, daemon->addrbuff);
my_syslog(LOG_WARNING, _("reducing DNS packet size for nameserver %s to %d"), daemon->addrbuff, SAFE_PKTSZ);
}
@@ -1284,8 +1284,9 @@
CMSG_SPACE(sizeof(struct sockaddr_dl))];
#endif
} control_u;
+ int family = listen->addr.sa.sa_family;
/* Can always get recvd interface for IPv6 */
- int check_dst = !option_bool(OPT_NOWILD) || listen->family == AF_INET6;
+ int check_dst = !option_bool(OPT_NOWILD) || family == AF_INET6;
/* packet buffer overwritten */
daemon->srv_save = NULL;
@@ -1297,7 +1298,7 @@
{
auth_dns = listen->iface->dns_auth;
- if (listen->family == AF_INET)
+ if (family == AF_INET)
{
dst_addr_4 = dst_addr.addr4 = listen->iface->addr.in.sin_addr;
netmask = listen->iface->netmask;
@@ -1327,9 +1328,9 @@
information disclosure. */
memset(daemon->packet + n, 0, daemon->edns_pktsz - n);
- source_addr.sa.sa_family = listen->family;
+ source_addr.sa.sa_family = family;
- if (listen->family == AF_INET)
+ if (family == AF_INET)
{
/* Source-port == 0 is an error, we can't send back to that.
http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html */
@@ -1349,7 +1350,7 @@
{
struct addrlist *addr;
- if (listen->family == AF_INET6)
+ if (family == AF_INET6)
{
for (addr = daemon->interface_addrs; addr; addr = addr->next)
if ((addr->flags & ADDRLIST_IPV6) &&
@@ -1387,7 +1388,7 @@
return;
#if defined(HAVE_LINUX_NETWORK)
- if (listen->family == AF_INET)
+ if (family == AF_INET)
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
{
@@ -1400,7 +1401,7 @@
if_index = p.p->ipi_ifindex;
}
#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
- if (listen->family == AF_INET)
+ if (family == AF_INET)
{
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
{
@@ -1425,7 +1426,7 @@
}
#endif
- if (listen->family == AF_INET6)
+ if (family == AF_INET6)
{
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
@@ -1446,16 +1447,16 @@
if (!indextoname(listen->fd, if_index, ifr.ifr_name))
return;
- if (!iface_check(listen->family, &dst_addr, ifr.ifr_name, &auth_dns))
+ if (!iface_check(family, &dst_addr, ifr.ifr_name, &auth_dns))
{
if (!option_bool(OPT_CLEVERBIND))
enumerate_interfaces(0);
- if (!loopback_exception(listen->fd, listen->family, &dst_addr, ifr.ifr_name) &&
- !label_exception(if_index, listen->family, &dst_addr))
+ if (!loopback_exception(listen->fd, family, &dst_addr, ifr.ifr_name) &&
+ !label_exception(if_index, family, &dst_addr))
return;
}
- if (listen->family == AF_INET && option_bool(OPT_LOCALISE))
+ if (family == AF_INET && option_bool(OPT_LOCALISE))
{
struct irec *iface;
@@ -1500,7 +1501,7 @@
#endif
char *types = querystr(auth_dns ? "auth" : "query", type);
- if (listen->family == AF_INET)
+ if (family == AF_INET)
log_query(F_QUERY | F_IPV4 | F_FORWARD, daemon->namebuff,
(union all_addr *)&source_addr.in.sin_addr, types);
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/src/netlink.c new/dnsmasq-2.82/src/netlink.c
--- old/dnsmasq-2.81/src/netlink.c 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/src/netlink.c 2020-07-19 22:54:44.000000000 +0200
@@ -49,7 +49,7 @@
static void nl_async(struct nlmsghdr *h);
-void netlink_init(void)
+char *netlink_init(void)
{
struct sockaddr_nl addr;
socklen_t slen = sizeof(addr);
@@ -82,16 +82,21 @@
}
if (daemon->netlinkfd == -1 ||
- (daemon->kernel_version >= KERNEL_VERSION(2,6,30) &&
- setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1) ||
getsockname(daemon->netlinkfd, (struct sockaddr *)&addr, &slen) == -1)
die(_("cannot create netlink socket: %s"), NULL, EC_MISC);
+
/* save pid assigned by bind() and retrieved by getsockname() */
netlink_pid = addr.nl_pid;
iov.iov_len = 100;
iov.iov_base = safe_malloc(iov.iov_len);
+
+ if (daemon->kernel_version >= KERNEL_VERSION(2,6,30) &&
+ setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1)
+ return _("warning: failed to set NETLINK_NO_ENOBUFS on netlink socket");
+
+ return NULL;
}
static ssize_t netlink_recv(void)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/src/network.c new/dnsmasq-2.82/src/network.c
--- old/dnsmasq-2.81/src/network.c 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/src/network.c 2020-07-19 22:54:44.000000000 +0200
@@ -388,10 +388,11 @@
/* check whether the interface IP has been added already
we call this routine multiple times. */
for (iface = daemon->interfaces; iface; iface = iface->next)
- if (sockaddr_isequal(&iface->addr, addr))
+ if (sockaddr_isequal(&iface->addr, addr) && iface->index == if_index)
{
iface->dad = !!(iface_flags & IFACE_TENTATIVE);
iface->found = 1; /* for garbage collection */
+ iface->netmask = netmask;
return 1;
}
@@ -532,7 +533,82 @@
return iface_allowed((struct iface_param *)vparam, if_index, label, &addr, netmask, prefix, 0);
}
-
+
+/*
+ * Clean old interfaces no longer found.
+ */
+static void clean_interfaces()
+{
+ struct irec *iface;
+ struct irec **up = &daemon->interfaces;
+
+ for (iface = *up; iface; iface = *up)
+ {
+ if (!iface->found && !iface->done)
+ {
+ *up = iface->next;
+ free(iface->name);
+ free(iface);
+ }
+ else
+ {
+ up = &iface->next;
+ }
+ }
+}
+
+/** Release listener if no other interface needs it.
+ *
+ * @return 1 if released, 0 if still required
+ */
+static int release_listener(struct listener *l)
+{
+ if (l->used > 1)
+ {
+ struct irec *iface;
+ for (iface = daemon->interfaces; iface; iface = iface->next)
+ if (iface->done && sockaddr_isequal(&l->addr, &iface->addr))
+ {
+ if (iface->found)
+ {
+ /* update listener to point to active interface instead */
+ if (!l->iface->found)
+ l->iface = iface;
+ }
+ else
+ {
+ l->used--;
+ iface->done = 0;
+ }
+ }
+
+ /* Someone is still using this listener, skip its deletion */
+ if (l->used > 0)
+ return 0;
+ }
+
+ if (l->iface->done)
+ {
+ int port;
+
+ port = prettyprint_addr(&l->iface->addr, daemon->addrbuff);
+ my_syslog(LOG_DEBUG, _("stopped listening on %s(#%d): %s port %d"),
+ l->iface->name, l->iface->index, daemon->addrbuff, port);
+ /* In case it ever returns */
+ l->iface->done = 0;
+ }
+
+ if (l->fd != -1)
+ close(l->fd);
+ if (l->tcpfd != -1)
+ close(l->tcpfd);
+ if (l->tftpfd != -1)
+ close(l->tftpfd);
+
+ free(l);
+ return 1;
+}
+
int enumerate_interfaces(int reset)
{
static struct addrlist *spare = NULL;
@@ -630,6 +706,7 @@
in OPT_CLEVERBIND mode, that at listener will just disappear after
a call to enumerate_interfaces, this is checked OK on all calls. */
struct listener *l, *tmp, **up;
+ int freed = 0;
for (up = &daemon->listeners, l = daemon->listeners; l; l = tmp)
{
@@ -637,25 +714,17 @@
if (!l->iface || l->iface->found)
up = &l->next;
- else
+ else if (release_listener(l))
{
- *up = l->next;
-
- /* In case it ever returns */
- l->iface->done = 0;
-
- if (l->fd != -1)
- close(l->fd);
- if (l->tcpfd != -1)
- close(l->tcpfd);
- if (l->tftpfd != -1)
- close(l->tftpfd);
-
- free(l);
+ *up = tmp;
+ freed = 1;
}
}
+
+ if (freed)
+ clean_interfaces();
}
-
+
errno = errsave;
spare = param.spare;
@@ -895,10 +964,11 @@
{
l = safe_malloc(sizeof(struct listener));
l->next = NULL;
- l->family = addr->sa.sa_family;
l->fd = fd;
l->tcpfd = tcpfd;
- l->tftpfd = tftpfd;
+ l->tftpfd = tftpfd;
+ l->addr = *addr;
+ l->used = 1;
l->iface = NULL;
}
@@ -937,20 +1007,48 @@
daemon->listeners = l;
}
+static struct listener *find_listener(union mysockaddr *addr)
+{
+ struct listener *l;
+ for (l = daemon->listeners; l; l = l->next)
+ if (sockaddr_isequal(&l->addr, addr))
+ return l;
+ return NULL;
+}
+
void create_bound_listeners(int dienow)
{
struct listener *new;
struct irec *iface;
struct iname *if_tmp;
+ struct listener *existing;
for (iface = daemon->interfaces; iface; iface = iface->next)
- if (!iface->done && !iface->dad && iface->found &&
- (new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
+ if (!iface->done && !iface->dad && iface->found)
{
- new->iface = iface;
- new->next = daemon->listeners;
- daemon->listeners = new;
- iface->done = 1;
+ existing = find_listener(&iface->addr);
+ if (existing)
+ {
+ iface->done = 1;
+ existing->used++; /* increase usage counter */
+ }
+ else if ((new = create_listeners(&iface->addr, iface->tftp_ok, dienow)))
+ {
+ new->iface = iface;
+ new->next = daemon->listeners;
+ daemon->listeners = new;
+ iface->done = 1;
+
+ /* Don't log the initial set of listen addresses created
+ at startup, since this is happening before the logging
+ system is initialised and the sign-on printed. */
+ if (!dienow)
+ {
+ int port = prettyprint_addr(&iface->addr, daemon->addrbuff);
+ my_syslog(LOG_DEBUG, _("listening on %s(#%d): %s port %d"),
+ iface->name, iface->index, daemon->addrbuff, port);
+ }
+ }
}
/* Check for --listen-address options that haven't been used because there's
@@ -970,6 +1068,12 @@
{
new->next = daemon->listeners;
daemon->listeners = new;
+
+ if (!dienow)
+ {
+ int port = prettyprint_addr(&if_tmp->addr, daemon->addrbuff);
+ my_syslog(LOG_DEBUG, _("listening on %s port %d"), daemon->addrbuff, port);
+ }
}
}
@@ -1301,7 +1405,7 @@
errno != 0 &&
option_bool(OPT_NOWILD))
{
- prettyprint_addr(&srv->source_addr, daemon->namebuff);
+ (void)prettyprint_addr(&srv->source_addr, daemon->namebuff);
if (srv->interface[0] != 0)
{
strcat(daemon->namebuff, " ");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/src/option.c new/dnsmasq-2.82/src/option.c
--- old/dnsmasq-2.81/src/option.c 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/src/option.c 2020-07-19 22:54:44.000000000 +0200
@@ -1225,7 +1225,7 @@
}
else if (c == '.')
{
- is_addr6 = is_dec = is_hex = 0;
+ is_dec = is_hex = 0;
dots++;
}
else if (c == '-')
@@ -2991,7 +2991,6 @@
struct dhcp_context *new = opt_malloc(sizeof(struct dhcp_context));
memset (new, 0, sizeof(*new));
- new->lease_time = DEFLEASE;
while(1)
{
@@ -3041,6 +3040,7 @@
if (inet_pton(AF_INET, a[0], &new->start))
{
new->next = daemon->dhcp;
+ new->lease_time = DEFLEASE;
daemon->dhcp = new;
new->end = new->start;
if (strcmp(a[1], "static") == 0)
@@ -3088,6 +3088,7 @@
new->flags |= CONTEXT_V6;
new->prefix = 64; /* default */
new->end6 = new->start6;
+ new->lease_time = DEFLEASE6;
new->next = daemon->dhcp6;
daemon->dhcp6 = new;
@@ -3187,7 +3188,10 @@
}
if (strcmp(a[leasepos], "infinite") == 0)
- new->lease_time = 0xffffffff;
+ {
+ new->lease_time = 0xffffffff;
+ new->flags |= CONTEXT_SETLEASE;
+ }
else if (strcmp(a[leasepos], "deprecated") == 0)
new->flags |= CONTEXT_DEPRECATE;
else
@@ -3226,6 +3230,7 @@
ret_err_free(_("bad dhcp-range"), new);
new->lease_time = atoi(a[leasepos]) * fac;
+ new->flags |= CONTEXT_SETLEASE;
/* Leases of a minute or less confuse
some clients, notably Apple's */
if (new->lease_time < 120)
@@ -3233,6 +3238,7 @@
}
}
}
+
break;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/src/radv.c new/dnsmasq-2.82/src/radv.c
--- old/dnsmasq-2.81/src/radv.c 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/src/radv.c 2020-07-19 22:54:44.000000000 +0200
@@ -626,8 +626,11 @@
real_prefix = context->prefix;
}
- /* find floor time, don't reduce below 3 * RA interval. */
- if (time > context->lease_time)
+ /* find floor time, don't reduce below 3 * RA interval.
+ If the lease time has been left as default, don't
+ use that as a floor. */
+ if ((context->flags & CONTEXT_SETLEASE) &&
+ time > context->lease_time)
{
time = context->lease_time;
if (time < ((unsigned int)(3 * param->adv_interval)))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsmasq-2.81/src/tftp.c new/dnsmasq-2.82/src/tftp.c
--- old/dnsmasq-2.81/src/tftp.c 2020-04-08 18:32:53.000000000 +0200
+++ new/dnsmasq-2.82/src/tftp.c 2020-07-19 22:54:44.000000000 +0200
@@ -61,8 +61,9 @@
char *prefix = daemon->tftp_prefix;
struct tftp_prefix *pref;
union all_addr addra;
+ int family = listen->addr.sa.sa_family;
/* Can always get recvd interface for IPv6 */
- int check_dest = !option_bool(OPT_NOWILD) || listen->family == AF_INET6;
+ int check_dest = !option_bool(OPT_NOWILD) || family == AF_INET6;
union {
struct cmsghdr align; /* this ensures alignment */
char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
@@ -121,10 +122,10 @@
if (msg.msg_controllen < sizeof(struct cmsghdr))
return;
- addr.sa.sa_family = listen->family;
+ addr.sa.sa_family = family;
#if defined(HAVE_LINUX_NETWORK)
- if (listen->family == AF_INET)
+ if (family == AF_INET)
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
{
@@ -138,7 +139,7 @@
}
#elif defined(HAVE_SOLARIS_NETWORK)
- if (listen->family == AF_INET)
+ if (family == AF_INET)
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
{
union {
@@ -154,7 +155,7 @@
}
#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
- if (listen->family == AF_INET)
+ if (family == AF_INET)
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
{
union {
@@ -171,7 +172,7 @@
#endif
- if (listen->family == AF_INET6)
+ if (family == AF_INET6)
{
for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
@@ -194,7 +195,7 @@
addra.addr4 = addr.in.sin_addr;
- if (listen->family == AF_INET6)
+ if (family == AF_INET6)
addra.addr6 = addr.in6.sin6_addr;
if (daemon->tftp_interfaces)
@@ -210,12 +211,12 @@
else
{
/* Do the same as DHCP */
- if (!iface_check(listen->family, &addra, name, NULL))
+ if (!iface_check(family, &addra, name, NULL))
{
if (!option_bool(OPT_CLEVERBIND))
enumerate_interfaces(0);
- if (!loopback_exception(listen->tftpfd, listen->family, &addra, name) &&
- !label_exception(if_index, listen->family, &addra))
+ if (!loopback_exception(listen->tftpfd, family, &addra, name) &&
+ !label_exception(if_index, family, &addra))
return;
}
@@ -281,7 +282,7 @@
prefix = pref->prefix;
}
- if (listen->family == AF_INET)
+ if (family == AF_INET)
{
addr.in.sin_port = htons(port);
#ifdef HAVE_SOCKADDR_SA_LEN
@@ -304,7 +305,7 @@
if (option_bool(OPT_SINGLE_PORT))
transfer->sockfd = listen->tftpfd;
- else if ((transfer->sockfd = socket(listen->family, SOCK_DGRAM, 0)) == -1)
+ else if ((transfer->sockfd = socket(family, SOCK_DGRAM, 0)) == -1)
{
free(transfer);
return;
@@ -322,7 +323,7 @@
transfer->opt_blocksize = transfer->opt_transize = 0;
transfer->netascii = transfer->carrylf = 0;
- prettyprint_addr(&peer, daemon->addrbuff);
+ (void)prettyprint_addr(&peer, daemon->addrbuff);
/* if we have a nailed-down range, iterate until we find a free one. */
while (!option_bool(OPT_SINGLE_PORT))
@@ -337,7 +338,7 @@
{
if (++port <= daemon->end_tftp_port)
{
- if (listen->family == AF_INET)
+ if (family == AF_INET)
addr.in.sin_port = htons(port);
else
addr.in6.sin6_port = htons(port);
@@ -375,7 +376,7 @@
if ((opt = next(&p, end)) && !option_bool(OPT_TFTP_NOBLOCK))
{
/* 32 bytes for IP, UDP and TFTP headers, 52 bytes for IPv6 */
- int overhead = (listen->family == AF_INET) ? 32 : 52;
+ int overhead = (family == AF_INET) ? 32 : 52;
transfer->blocksize = atoi(opt);
if (transfer->blocksize < 1)
transfer->blocksize = 1;
@@ -624,7 +625,7 @@
{
strcpy(daemon->namebuff, transfer->file->filename);
sanitise(daemon->namebuff);
- prettyprint_addr(&transfer->peer, daemon->addrbuff);
+ (void)prettyprint_addr(&transfer->peer, daemon->addrbuff);
my_syslog(MS_TFTP | LOG_INFO, endcon ? _("failed sending %s to %s") : _("sent %s to %s"), daemon->namebuff, daemon->addrbuff);
/* unlink */
*up = tmp;
@@ -667,7 +668,7 @@
char *end = daemon->packet + len;
char *err = next(&p, end);
- prettyprint_addr(&transfer->peer, daemon->addrbuff);
+ (void)prettyprint_addr(&transfer->peer, daemon->addrbuff);
/* Sanitise error message */
if (!err)
1
0
Hello community,
here is the log from the commit of package libvdpau for openSUSE:Factory checked in at 2020-08-03 14:12:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libvdpau (Old)
and /work/SRC/openSUSE:Factory/.libvdpau.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvdpau"
Mon Aug 3 14:12:56 2020 rev:36 rq:823739 version:1.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/libvdpau/libvdpau.changes 2020-04-15 19:52:37.113548232 +0200
+++ /work/SRC/openSUSE:Factory/.libvdpau.new.3592/libvdpau.changes 2020-08-03 14:13:36.516392146 +0200
@@ -1,0 +2,7 @@
+Fri Jul 31 11:52:51 UTC 2020 - Stefan Dirsch <sndirsch(a)suse.com>
+
+- n_UsrEtc.patch
+ * switch to /usr/etc location for vdpau_wrapper.cfg, but first
+ try /etc (boo#1173038)
+
+-------------------------------------------------------------------
New:
----
n_UsrEtc.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libvdpau.spec ++++++
--- /var/tmp/diff_new_pack.oZmGo8/_old 2020-08-03 14:13:40.488396129 +0200
+++ /var/tmp/diff_new_pack.oZmGo8/_new 2020-08-03 14:13:40.492396133 +0200
@@ -16,6 +16,10 @@
#
+%if 0%{?suse_version} < 1550
+ %define _distconfdir /usr/etc
+%endif
+
Name: libvdpau
Version: 1.4
Release: 0
@@ -28,6 +32,7 @@
Source2: README
Source99: baselibs.conf
Source100: %{name}-rpmlintrc
+Patch0: n_UsrEtc.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: doxygen
@@ -82,6 +87,7 @@
%prep
%setup -q -b1
+%patch0 -p1
%build
%meson
@@ -112,9 +118,10 @@
%files -n libvdpau1
%defattr(-,root,root)
%dir %{_libdir}/vdpau
+%dir %{_distconfdir}
%{_bindir}/vdpauinfo
%{_libdir}/libvdpau.so.*
-%config %{_sysconfdir}/vdpau_wrapper.cfg
+%{_distconfdir}/vdpau_wrapper.cfg
%files -n libvdpau-devel
%defattr(-,root,root)
++++++ n_UsrEtc.patch ++++++
diff -u -r libvdpau-1.4.orig/src/meson.build libvdpau-1.4/src/meson.build
--- libvdpau-1.4.orig/src/meson.build 2020-07-31 13:36:55.104530000 +0200
+++ libvdpau-1.4/src/meson.build 2020-07-31 14:21:02.982468000 +0200
@@ -16,4 +16,4 @@
install : true,
)
-install_data('vdpau_wrapper.cfg', install_dir : get_option('sysconfdir'))
+install_data('vdpau_wrapper.cfg', install_dir : '/usr/etc')
diff -u -r libvdpau-1.4.orig/src/vdpau_wrapper.c libvdpau-1.4/src/vdpau_wrapper.c
--- libvdpau-1.4.orig/src/vdpau_wrapper.c 2020-07-31 13:36:55.116541000 +0200
+++ libvdpau-1.4/src/vdpau_wrapper.c 2020-07-31 14:19:44.407242000 +0200
@@ -362,7 +362,10 @@
fp = fopen(VDPAU_SYSCONFDIR "/vdpau_wrapper.cfg", "r");
if (!fp) {
- return;
+ fp = fopen("/usr/etc/vdpau_wrapper.cfg", "r");
+ if (!fp) {
+ return;
+ }
}
while (fgets(buffer, sizeof(buffer), fp) != NULL) {
1
0
Hello community,
here is the log from the commit of package read-only-root-fs for openSUSE:Factory checked in at 2020-08-03 14:12:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/read-only-root-fs (Old)
and /work/SRC/openSUSE:Factory/.read-only-root-fs.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "read-only-root-fs"
Mon Aug 3 14:12:46 2020 rev:13 rq:823736 version:1.0+git20200730.1243fd0
Changes:
--------
--- /work/SRC/openSUSE:Factory/read-only-root-fs/read-only-root-fs.changes 2020-07-26 16:17:50.944724403 +0200
+++ /work/SRC/openSUSE:Factory/.read-only-root-fs.new.3592/read-only-root-fs.changes 2020-08-03 14:13:13.764369330 +0200
@@ -1,0 +2,7 @@
+Thu Jul 30 17:50:08 UTC 2020 - iforster(a)suse.com
+
+- Update to version 1.0+git20200730.1243fd0:
+ * Add comment about the mounting of /root in the initrd
+ * Better check for already existing /etc overlay [boo#1174733]
+
+-------------------------------------------------------------------
Old:
----
read-only-root-fs-1.0+git20200121.5ed8d15.tar.xz
New:
----
read-only-root-fs-1.0+git20200730.1243fd0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ read-only-root-fs.spec ++++++
--- /var/tmp/diff_new_pack.sYJjgI/_old 2020-08-03 14:13:18.004373582 +0200
+++ /var/tmp/diff_new_pack.sYJjgI/_new 2020-08-03 14:13:18.008373586 +0200
@@ -17,7 +17,7 @@
Name: read-only-root-fs
-Version: 1.0+git20200121.5ed8d15
+Version: 1.0+git20200730.1243fd0
Release: 0
Summary: Files and Scripts for a RO root fileystem
License: GPL-2.0-or-later
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.sYJjgI/_old 2020-08-03 14:13:18.064373642 +0200
+++ /var/tmp/diff_new_pack.sYJjgI/_new 2020-08-03 14:13:18.064373642 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">git://github.com/openSUSE/read-only-root-fs.git</param>
- <param name="changesrevision">5ed8d156fbe7e16eee305a9747eaa158e92e3cba</param>
+ <param name="changesrevision">1258c2a7af9c0f7435b859860d19a8536b6964a4</param>
</service>
</servicedata>
\ No newline at end of file
++++++ read-only-root-fs-1.0+git20200121.5ed8d15.tar.xz -> read-only-root-fs-1.0+git20200730.1243fd0.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/read-only-root-fs-1.0+git20200121.5ed8d15/usr/sbin/setup-fstab-for-overlayfs new/read-only-root-fs-1.0+git20200730.1243fd0/usr/sbin/setup-fstab-for-overlayfs
--- old/read-only-root-fs-1.0+git20200121.5ed8d15/usr/sbin/setup-fstab-for-overlayfs 2020-01-21 18:33:49.000000000 +0100
+++ new/read-only-root-fs-1.0+git20200730.1243fd0/usr/sbin/setup-fstab-for-overlayfs 2020-07-30 19:32:45.000000000 +0200
@@ -6,7 +6,7 @@
#
# Already there?
-if [ -e /etc/fstab ] && grep -qE "overlay /etc" /etc/fstab; then
+if [ -e /etc/fstab ] && grep -qE '^overlay[[:space:]]+/etc[[:space:]]' /etc/fstab; then
exit 0 # Do nothing
fi
@@ -27,6 +27,8 @@
# Workaround for bsc#1121279
gawk -i inplace '$2 == "/var" { $4 = $4",x-initrd.mount" } { print $0 }' /etc/fstab
+
+# Make the /root subvolume available during ignition runs (boo#1161264)
gawk -i inplace '$2 == "/root" { $4 = $4",x-initrd.mount" } { print $0 }' /etc/fstab
exit 0
1
0
Hello community,
here is the log from the commit of package polkit for openSUSE:Factory checked in at 2020-08-03 14:12:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/polkit (Old)
and /work/SRC/openSUSE:Factory/.polkit.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit"
Mon Aug 3 14:12:38 2020 rev:70 rq:823734 version:0.117
Changes:
--------
--- /work/SRC/openSUSE:Factory/polkit/polkit.changes 2019-12-11 11:58:49.960895915 +0100
+++ /work/SRC/openSUSE:Factory/.polkit.new.3592/polkit.changes 2020-08-03 14:12:56.860352379 +0200
@@ -1,0 +2,11 @@
+Fri Jul 31 11:39:38 UTC 2020 - Bjørn Lie <bjorn.lie(a)gmail.com>
+
+- Update to version 0.117:
+ + Activated Gitlab CI.
+ + Updated dependency to mozjs68.
+ + Memory management fixes.
+ + Updated translations.
+- Replace pkgconfig(mozjs-60) for pkgconfig(mozjs-68)
+ BuildRequires following upstreams port.
+
+-------------------------------------------------------------------
Old:
----
polkit-0.116.tar.gz
polkit-0.116.tar.gz.sign
New:
----
polkit-0.117.tar.gz
polkit-0.117.tar.gz.sign
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ polkit.spec ++++++
--- /var/tmp/diff_new_pack.PCCk1t/_old 2020-08-03 14:12:57.812353334 +0200
+++ /var/tmp/diff_new_pack.PCCk1t/_new 2020-08-03 14:12:57.816353337 +0200
@@ -1,7 +1,7 @@
#
# spec file for package polkit
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,19 +12,19 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: polkit
-Version: 0.116
+Version: 0.117
Release: 0
Summary: PolicyKit Authorization Framework
License: LGPL-2.1-or-later
Group: System/Libraries
-Url: http://www.freedesktop.org/wiki/Software/polkit/
-Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.…
-Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.…
+URL: https://www.freedesktop.org/wiki/Software/polkit/
+Source0: https://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar…
+Source1: https://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar…
Source2: %{name}.keyring
Source99: baselibs.conf
@@ -49,7 +49,7 @@
BuildRequires: pkgconfig(gmodule-2.0) >= 2.32.0
BuildRequires: pkgconfig(gobject-introspection-1.0) >= 0.6.2
BuildRequires: pkgconfig(libsystemd)
-BuildRequires: pkgconfig(mozjs-60)
+BuildRequires: pkgconfig(mozjs-68)
BuildRequires: pkgconfig(systemd)
# gtk-doc drags indirectyly ruby in for one of the helpers. This in turn causes a build cycle.
#!BuildIgnore: ruby
++++++ polkit-0.116.tar.gz -> polkit-0.117.tar.gz ++++++
++++ 6789 lines of diff (skipped)
1
0
Hello community,
here is the log from the commit of package rpmlint for openSUSE:Factory checked in at 2020-08-03 14:12:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rpmlint (Old)
and /work/SRC/openSUSE:Factory/.rpmlint.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rpmlint"
Mon Aug 3 14:12:32 2020 rev:341 rq:823733 version:1.11
Changes:
--------
--- /work/SRC/openSUSE:Factory/rpmlint/rpmlint-tests.changes 2020-03-03 10:13:55.206362333 +0100
+++ /work/SRC/openSUSE:Factory/.rpmlint.new.3592/rpmlint-tests.changes 2020-08-03 14:12:46.248341737 +0200
@@ -1,0 +2,6 @@
+Fri Jul 31 10:28:58 UTC 2020 - matthias.gerstner(a)suse.com
+
+- Update of rpmlint-tests to version 84.87+git20200724.ef05f7e:
+ * use /usr/bin/su instead of /bin/su since the latter is no longer allowed
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/rpmlint/rpmlint.changes 2020-07-29 17:16:57.124387372 +0200
+++ /work/SRC/openSUSE:Factory/.rpmlint.new.3592/rpmlint.changes 2020-08-03 14:12:47.236342728 +0200
@@ -1,0 +2,9 @@
+Fri Jul 31 10:29:00 UTC 2020 - matthias.gerstner(a)suse.com
+
+- Update of rpmlint-checks to version master:
+ * Introduce new metadata whitelist type and related checks. Device files and
+ world-writeable files will now be covered by new whitelists from
+ rpmlint-security-whitelistings.
+- config: Enable new CheckWorldWritable and CheckDeviceFiles
+
+-------------------------------------------------------------------
Old:
----
rpmlint-tests-84.87+git20200221.3ea152b.tar.xz
New:
----
rpmlint-tests-84.87+git20200724.ef05f7e.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rpmlint-tests.spec ++++++
--- /var/tmp/diff_new_pack.exRsbc/_old 2020-08-03 14:12:48.340343835 +0200
+++ /var/tmp/diff_new_pack.exRsbc/_new 2020-08-03 14:12:48.344343839 +0200
@@ -24,7 +24,7 @@
BuildRequires: rpmlint-mini
Name: rpmlint-tests
-Version: 84.87+git20200221.3ea152b
+Version: 84.87+git20200724.ef05f7e
Release: 0
Summary: rpmlint regression tests
License: SUSE-Public-Domain
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.exRsbc/_old 2020-08-03 14:12:48.424343919 +0200
+++ /var/tmp/diff_new_pack.exRsbc/_new 2020-08-03 14:12:48.424343919 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/openSUSE/rpmlint-tests.git</param>
- <param name="changesrevision">3ea152ba41f080462891f99711fee3712c56c8c7</param></service><service name="tar_scm">
+ <param name="changesrevision">3d948bb4c8be26e2ec8922d4c3430b0e0451994b</param></service><service name="tar_scm">
<param name="url">https://github.com/openSUSE/rpmlint-checks.git</param>
- <param name="changesrevision">00c0040faa30370f367de0d2bec3e7449db8c44b</param></service></servicedata>
\ No newline at end of file
+ <param name="changesrevision">9db2d998028dac60a5c5e16af303693b158b7272</param></service></servicedata>
\ No newline at end of file
++++++ config ++++++
--- /var/tmp/diff_new_pack.exRsbc/_old 2020-08-03 14:12:48.444343939 +0200
+++ /var/tmp/diff_new_pack.exRsbc/_new 2020-08-03 14:12:48.444343939 +0200
@@ -28,6 +28,8 @@
addCheck("CheckSUIDPermissions")
# polkit-default-privs would need to be installed always
addCheck("CheckPolkitPrivs")
+addCheck("CheckWorldWritable")
+addCheck("CheckDeviceFiles")
addCheck("CheckDBUSServices")
addCheck("CheckDBusPolicy")
addCheck("CheckFilelist")
++++++ rpmlint-checks-master.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/CheckCronJobs.py new/rpmlint-checks-master/CheckCronJobs.py
--- old/rpmlint-checks-master/CheckCronJobs.py 2020-03-31 11:35:13.000000000 +0200
+++ new/rpmlint-checks-master/CheckCronJobs.py 2020-07-31 10:46:46.000000000 +0200
@@ -4,40 +4,20 @@
# Purpose : Enforce Whitelisting for cron jobs in /etc/cron.* directories
#############################################################################
-import os
-
-import AbstractCheck
-import Config
import Whitelisting
+from WhitelistingCheckBase import WhitelistingCheckBase
-from Filter import addDetails
-
-# this option is found in config files in /opt/testing/share/rpmlint/mini,
-# installed there by the rpmlint-mini package.
-WHITELIST_DIR = Config.getOption('WhitelistDataDir', [])
-
-class CronCheck(AbstractCheck.AbstractCheck):
+class CronCheck(WhitelistingCheckBase):
def __init__(self):
- AbstractCheck.AbstractCheck.__init__(self, "CheckCronJobs")
-
- for wd in WHITELIST_DIR:
- candidate = os.path.join(wd, "cron-whitelist.json")
- if os.path.exists(candidate):
- whitelist_path = candidate
- break
- else:
- whitelist_path = None
+ super().__init__("CheckCronJobs", "cron-whitelist.json")
- self.m_check_configured = whitelist_path is not None
+ def setupChecker(self, whitelist_path):
- if not self.m_check_configured:
- return
-
- parser = Whitelisting.WhitelistParser(whitelist_path)
+ parser = Whitelisting.DigestWhitelistParser(whitelist_path)
whitelist_entries = parser.parse()
- self.m_wl_checker = Whitelisting.WhitelistChecker(
+ return Whitelisting.DigestWhitelistChecker(
whitelist_entries,
restricted_paths=(
"/etc/cron.d/", "/etc/cron.hourly/", "/etc/cron.daily/",
@@ -50,51 +30,24 @@
}
)
- def _getPrintPrefix(self):
- """Returns a prefix for error / warning output."""
- return self.__class__.__name__ + ":"
-
- def _getErrorPrefix(self):
- return self._getPrintPrefix() + " ERROR: "
-
- def _getWarnPrefix(self):
- return self._getPrintPrefix() + " WARN: "
-
- def check(self, pkg):
- """This is called by rpmlint to perform the cron check on the given
- pkg."""
-
- if not self.m_check_configured:
- # don't ruin the whole run if this check is not configured, this
- # was hopefully intended by the user.
- return
-
- self.m_wl_checker.check(pkg)
-
# needs to be instantiated for the check to be registered with rpmlint
check = CronCheck()
-for _id, desc in (
- (
- 'cronjob-unauthorized-file',
- """A cron job file is installed by this package. If the package is
- intended for inclusion in any SUSE product please open a bug report to request
- review of the package by the security team. Please refer to {url} for more
- information"""
- ),
- (
- 'cronjob-changed-file',
- """A cron job or cron job related file installed by this package changed
- in content. Please open a bug report to request follow-up review of the
- introduced changes by the security team. Please refer to {url} for more
- information."""
- ),
- (
- 'cronjob-ghost-file',
- """A cron job path has been marked as %ghost file by this package.
- This is not allowed as it is impossible to review. Please refer to
- {url} for more information."""
- )
-):
- addDetails(_id, desc.format(url=Whitelisting.AUDIT_BUG_URL))
+Whitelisting.registerErrorDetails((
+ (
+ 'cronjob-unauthorized-file',
+ """A cron job file is installed by this package. {review_needed_text}"""
+ ),
+ (
+ 'cronjob-changed-file',
+ """A cron job or cron job related file installed by this package changed
+ in content. {followup_needed_text}"""
+ ),
+ (
+ 'cronjob-ghost-file',
+ """A cron job path has been marked as %ghost file by this package.
+ This is not allowed as it is impossible to review. Please refer to
+ {url} for more information."""
+ )
+))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/CheckDBUSServices.py new/rpmlint-checks-master/CheckDBUSServices.py
--- old/rpmlint-checks-master/CheckDBUSServices.py 2020-03-31 11:35:13.000000000 +0200
+++ new/rpmlint-checks-master/CheckDBUSServices.py 2020-07-31 10:46:46.000000000 +0200
@@ -51,19 +51,16 @@
check = DBUSServiceCheck()
if Config.info:
- for _id, desc in (
+ Whitelisting.registerErrorDetails((
(
'suse-dbus-unauthorized-service',
- """The package installs a DBUS system service file. If the package
- is intended for inclusion in any SUSE product please open a bug
- report to request review of the service by the security team. Please
- refer to {url} for more information."""
+ """The package installs a DBUS system service file.
+ {review_needed_text}"""
),
(
'suse-dbus-ghost-service',
"""This package installs a DBUS system service marked as %ghost.
- This is not allowed, since it is impossible to review. Please
- refer to {url} for more information."""
+ {ghost_encountered_text}
+ """
)
- ):
- addDetails(_id, desc.format(url=Whitelisting.AUDIT_BUG_URL))
+ ))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/CheckDeviceFiles.py new/rpmlint-checks-master/CheckDeviceFiles.py
--- old/rpmlint-checks-master/CheckDeviceFiles.py 1970-01-01 01:00:00.000000000 +0100
+++ new/rpmlint-checks-master/CheckDeviceFiles.py 2020-07-31 10:46:46.000000000 +0200
@@ -0,0 +1,49 @@
+# vim: sw=4 ts=4 sts=4 et :
+#############################################################################
+# Author : Matthias Gerstner
+# Purpose : Enforce Whitelisting for device files
+#############################################################################
+
+import Whitelisting
+from WhitelistingCheckBase import WhitelistingCheckBase
+
+
+class DeviceFilesCheck(WhitelistingCheckBase):
+
+ def __init__(self):
+ super().__init__("CheckDeviceFiles", "device-files-whitelist.json")
+
+ def setupChecker(self, whitelist_path):
+
+ parser = Whitelisting.MetaWhitelistParser(whitelist_path)
+ whitelist_entries = parser.parse()
+ return Whitelisting.MetaWhitelistChecker(
+ whitelist_entries,
+ error_map={
+ "unauthorized": "device-unauthorized-file",
+ "mismatch": "device-mismatched-attrs",
+ },
+ # we are interested in any device files
+ restricted_types=("c", "b"),
+ # regardless the mode we want to catch all device files
+ restricted_mode=0o7777
+ )
+
+
+# needs to be instantiated for the check to be registered with rpmlint
+check = DeviceFilesCheck()
+
+Whitelisting.registerErrorDetails((
+ (
+ 'device-unauthorized-file',
+ """A device file is installed by this package.
+ {review_needed_text}"""
+ ),
+ (
+ 'device-mismatched-attrs',
+ """A device file doesn't match the expected file properties.
+ Please open a bug report to request follow-up review of the
+ introduced changes by the security team. Please refer to {url} for
+ more information."""
+ )
+))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/CheckPAMModules.py new/rpmlint-checks-master/CheckPAMModules.py
--- old/rpmlint-checks-master/CheckPAMModules.py 2020-03-31 11:35:13.000000000 +0200
+++ new/rpmlint-checks-master/CheckPAMModules.py 2020-07-31 10:46:46.000000000 +0200
@@ -44,19 +44,14 @@
if Config.info:
- for _id, desc in (
+ Whitelisting.registerErrorDetails((
(
'suse-pam-unauthorized-module',
- """The package installs a PAM module. If the package
- is intended for inclusion in any SUSE product please open a bug
- report to request review of the service by the security team.
- Please refer to {url}"""
+ """The package installs a PAM module. {review_needed_text}"""
),
(
'suse-pam-ghost-module',
- """The package installs a PAM module as %ghost file. This is not
- allowed as it is impossible to review. For more information please
- refer to {url} for more information."""
+ """The package installs a PAM module as %ghost file.
+ {ghost_encountered_text}"""
)
- ):
- addDetails(_id, desc.format(url=Whitelisting.AUDIT_BUG_URL))
+ ))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/CheckPolkitPrivs.py new/rpmlint-checks-master/CheckPolkitPrivs.py
--- old/rpmlint-checks-master/CheckPolkitPrivs.py 2020-03-31 11:35:13.000000000 +0200
+++ new/rpmlint-checks-master/CheckPolkitPrivs.py 2020-07-31 10:46:46.000000000 +0200
@@ -52,11 +52,11 @@
for filename in POLKIT_RULES_WHITELIST:
if not os.path.exists(filename):
continue
- parser = Whitelisting.WhitelistParser(filename)
+ parser = Whitelisting.DigestWhitelistParser(filename)
res = parser.parse()
rules_entries.update(res)
- self.m_rules_checker = Whitelisting.WhitelistChecker(
+ self.m_rules_checker = Whitelisting.DigestWhitelistChecker(
rules_entries,
restricted_paths=(
"/etc/polkit-1/rules.d/", "/usr/share/polkit-1/rules.d/"
@@ -196,57 +196,56 @@
check = PolkitCheck()
-for _id, desc in (
- (
- 'polkit-unauthorized-file',
- """A custom polkit rule file is installed by this package. If the package is
- intended for inclusion in any SUSE product please open a bug report to request
- review of the package by the security team. Please refer to {url} for more
- information"""
- ),
- (
- 'polkit-unauthorized-privilege',
- """The package allows unprivileged users to carry out privileged
- operations without authentication. This could cause security
- problems if not done carefully. If the package is intended for
- inclusion in any SUSE product please open a bug report to request
- review of the package by the security team. Please refer to {url}
- for more information."""
- ),
- (
- 'polkit-untracked-privilege',
- """The privilege is not listed in /etc/polkit-default-privs.*
- which makes it harder for admins to find. Furthermore polkit
- authorization checks can easily introduce security issues. If the
- package is intended for inclusion in any SUSE product please open
- a bug report to request review of the package by the security team.
- Please refer to {url} for more information."""
- ),
- (
- 'polkit-cant-acquire-privilege',
- """Usability can be improved by allowing users to acquire privileges
- via authentication. Use e.g. 'auth_admin' instead of 'no' and make
- sure to define 'allow_any'. This is an issue only if the privilege
- is not listed in /etc/polkit-default-privs.*"""
- ),
- (
- 'polkit-unauthorized-rules',
- """A polkit rules file installed by this package is not whitelisted in the
- polkit-whitelisting package. If the package is intended for inclusion in any
- SUSE product please open a bug report to request review of the package by the
- security team. Please refer to {url} for more information."""
- ),
- (
- 'polkit-changed-rules',
- """A polkit rules file installed by this package changed in content. Please
- open a bug report to request follow-up review of the introduced changes by
- the security team. Please refer to {url} for more information."""
- ),
- (
- 'polkit-ghost-file',
- """This package installs a polkit rule or policy as %ghost file.
- This is not allowed as it is impossible to review. For more
- information please refer to {url} for more information."""
- )
-):
- addDetails(_id, desc.format(url=Whitelisting.AUDIT_BUG_URL))
+Whitelisting.registerErrorDetails((
+ (
+ 'polkit-unauthorized-file',
+ """A custom polkit rule file is installed by this package. If the package is
+ intended for inclusion in any SUSE product please open a bug report to request
+ review of the package by the security team. Please refer to {url} for more
+ information"""
+ ),
+ (
+ 'polkit-unauthorized-privilege',
+ """The package allows unprivileged users to carry out privileged
+ operations without authentication. This could cause security
+ problems if not done carefully. If the package is intended for
+ inclusion in any SUSE product please open a bug report to request
+ review of the package by the security team. Please refer to {url}
+ for more information."""
+ ),
+ (
+ 'polkit-untracked-privilege',
+ """The privilege is not listed in /etc/polkit-default-privs.*
+ which makes it harder for admins to find. Furthermore polkit
+ authorization checks can easily introduce security issues. If the
+ package is intended for inclusion in any SUSE product please open
+ a bug report to request review of the package by the security team.
+ Please refer to {url} for more information."""
+ ),
+ (
+ 'polkit-cant-acquire-privilege',
+ """Usability can be improved by allowing users to acquire privileges
+ via authentication. Use e.g. 'auth_admin' instead of 'no' and make
+ sure to define 'allow_any'. This is an issue only if the privilege
+ is not listed in /etc/polkit-default-privs.*"""
+ ),
+ (
+ 'polkit-unauthorized-rules',
+ """A polkit rules file installed by this package is not whitelisted in the
+ polkit-whitelisting package. If the package is intended for inclusion in any
+ SUSE product please open a bug report to request review of the package by the
+ security team. Please refer to {url} for more information."""
+ ),
+ (
+ 'polkit-changed-rules',
+ """A polkit rules file installed by this package changed in content. Please
+ open a bug report to request follow-up review of the introduced changes by
+ the security team. Please refer to {url} for more information."""
+ ),
+ (
+ 'polkit-ghost-file',
+ """This package installs a polkit rule or policy as %ghost file.
+ This is not allowed as it is impossible to review. For more
+ information please refer to {url} for more information."""
+ )
+))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/CheckSUIDPermissions.py new/rpmlint-checks-master/CheckSUIDPermissions.py
--- old/rpmlint-checks-master/CheckSUIDPermissions.py 2020-03-31 11:35:13.000000000 +0200
+++ new/rpmlint-checks-master/CheckSUIDPermissions.py 2020-07-31 10:46:46.000000000 +0200
@@ -8,7 +8,7 @@
from __future__ import print_function
-from Filter import printWarning, printError, printInfo, addDetails
+from Filter import printWarning, printError, printInfo
import AbstractCheck
import Whitelisting
import os
@@ -18,15 +18,10 @@
import stat
_permissions_d_whitelist = (
- "lprng",
- "lprng.paranoid",
- "mail-server",
- "mail-server.paranoid",
"postfix",
"postfix.paranoid",
"sendmail",
"sendmail.paranoid",
- "squid",
"texlive",
"texlive.texlive",
"otrs", # bsc#1118049
@@ -194,12 +189,6 @@
'pie executable' not in pkgfile.magic):
printError(pkg, 'non-position-independent-executable', f)
- if mode & stat.S_IWOTH:
- need_verifyscript = True
- printError(pkg, 'permissions-world-writable',
- '%(file)s is packaged with world writable permissions (0%(mode)o)' %
- {'file': f, 'mode': mode})
-
script = pkg[rpm.RPMTAG_POSTIN] or pkg.scriptprog(rpm.RPMTAG_POSTINPROG)
found = False
if script:
@@ -247,90 +236,73 @@
check = SUIDCheck()
-for _id, desc in (
- (
- 'permissions-unauthorized-file',
- """If the package is intended for inclusion in any SUSE product
- please open a bug report to request review of the package by the
- security team. Please refer to {url} for more
- information."""
- ),
- (
- 'permissions-symlink',
- """permissions handling for symlinks is useless. Please contact
- security(a)suse.de to remove the entry. Please refer to {url} for more
- information."""
- ),
- (
- 'permissions-dir-without-slash',
- """the entry in the permissions file refers to a directory. Please
- contact security(a)suse.de to append a slash to the entry in order to
- avoid security problems. Please refer to {url} for more information."""
- ),
- (
- 'permissions-file-as-dir',
- """the entry in the permissions file refers to a directory but the
- package actually contains a file. Please contact security(a)suse.de to
- remove the slash. Please refer to {url} for more information."""
- ),
- (
- 'permissions-incorrect',
- """please use the %attr macro to set the correct permissions."""
- ),
- (
- 'permissions-incorrect-owner',
- """please use the %attr macro to set the correct ownership."""
- ),
- (
- 'permissions-file-setuid-bit',
- """If the package is intended for inclusion in any SUSE product
- please open a bug report to request review of the program by the
- security team. Please refer to {url} for more information."""
- ),
- (
- 'permissions-directory-setuid-bit',
- """If the package is intended for inclusion in any SUSE product
- please open a bug report to request review of the package by the
- security team. Please refer to {url} for more
- information."""
- ),
- (
- 'permissions-world-writable',
- """If the package is intended for inclusion in any SUSE product
- please open a bug report to request review of the package by the
- security team. Please refer to {url} for more
- information."""
- ),
- (
- 'permissions-fscaps',
- """Packaging file capabilities is currently not supported. Please
- use normal permissions instead. You may contact the security team to
- request an entry that sets capabilities in
- /usr/share/permissions/permissions instead.""",
- ),
- (
- 'permissions-missing-postin',
- """Please add an appropriate %post section"""
- ),
- (
- 'permissions-missing-requires',
- """Please add 'PreReq: permissions'"""
- ),
- (
- 'permissions-missing-verifyscript',
- """Please add a %verifyscript section"""
- ),
- (
- 'permissions-suseconfig-obsolete',
- """The %run_permissions macro calls SuSEconfig which sets permissions for all
- files in the system. Please use %set_permissions <filename> instead
- to only set permissions for files contained in this package""",
- ),
- (
- 'permissions-ghostfile',
- """This package installs a permissions file as a %ghost file. This
- is not allowed as it is impossible to review. Please refer to
- {url} for more information."""
- )
-):
- addDetails(_id, desc.format(url=Whitelisting.AUDIT_BUG_URL))
+Whitelisting.registerErrorDetails((
+ (
+ 'permissions-unauthorized-file',
+ """{review_needed_text}"""
+ ),
+ (
+ 'permissions-symlink',
+ """permissions handling for symlinks is useless. Please contact
+ security(a)suse.de to remove the entry. Please refer to {url} for more
+ information."""
+ ),
+ (
+ 'permissions-dir-without-slash',
+ """the entry in the permissions file refers to a directory. Please
+ contact security(a)suse.de to append a slash to the entry in order to
+ avoid security problems. Please refer to {url} for more information."""
+ ),
+ (
+ 'permissions-file-as-dir',
+ """the entry in the permissions file refers to a directory but the
+ package actually contains a file. Please contact security(a)suse.de to
+ remove the slash. Please refer to {url} for more information."""
+ ),
+ (
+ 'permissions-incorrect',
+ """please use the %attr macro to set the correct permissions."""
+ ),
+ (
+ 'permissions-incorrect-owner',
+ """please use the %attr macro to set the correct ownership."""
+ ),
+ (
+ 'permissions-file-setuid-bit',
+ """{review_needed_text}"""
+ ),
+ (
+ 'permissions-directory-setuid-bit',
+ """{review_needed_text}"""
+ ),
+ (
+ 'permissions-fscaps',
+ """Packaging file capabilities is currently not supported. Please
+ use normal permissions instead. You may contact the security team to
+ request an entry that sets capabilities in
+ /usr/share/permissions/permissions instead.""",
+ ),
+ (
+ 'permissions-missing-postin',
+ """Please add an appropriate %post section"""
+ ),
+ (
+ 'permissions-missing-requires',
+ """Please add 'PreReq: permissions'"""
+ ),
+ (
+ 'permissions-missing-verifyscript',
+ """Please add a %verifyscript section"""
+ ),
+ (
+ 'permissions-suseconfig-obsolete',
+ """The %run_permissions macro calls SuSEconfig which sets permissions for all
+ files in the system. Please use %set_permissions <filename> instead
+ to only set permissions for files contained in this package""",
+ ),
+ (
+ 'permissions-ghostfile',
+ """This package installs a permissions file as a %ghost file.
+ {ghost_encountered_text}"""
+ )
+))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/CheckWorldWritable.py new/rpmlint-checks-master/CheckWorldWritable.py
--- old/rpmlint-checks-master/CheckWorldWritable.py 1970-01-01 01:00:00.000000000 +0100
+++ new/rpmlint-checks-master/CheckWorldWritable.py 2020-07-31 10:46:46.000000000 +0200
@@ -0,0 +1,50 @@
+# vim: sw=4 ts=4 sts=4 et :
+#############################################################################
+# Author : Matthias Gerstner
+# Purpose : Enforce Whitelisting for world writable files
+#############################################################################
+
+import Whitelisting
+from WhitelistingCheckBase import WhitelistingCheckBase
+
+
+class WorldWritableCheck(WhitelistingCheckBase):
+
+ def __init__(self):
+ super().__init__("CheckWorldWritable", "world-writable-whitelist.json")
+
+ def setupChecker(self, whitelist_path):
+
+ parser = Whitelisting.MetaWhitelistParser(whitelist_path)
+ whitelist_entries = parser.parse()
+ return Whitelisting.MetaWhitelistChecker(
+ whitelist_entries,
+ error_map={
+ "unauthorized": "world-writable-unauthorized-file",
+ "mismatch": "world-writable-mismatched-attrs",
+ },
+ # we're only interested in directories, regular files, pipes or
+ # sockets.
+ # devices are handled by the DeviceFileChecker. Symlinks are
+ # always world-writable.
+ restricted_types=("-", "f", "d", "s", "p"),
+ # we're interested in any world-writable files
+ restricted_mode=0o0002,
+ )
+
+
+# needs to be instantiated for the check to be registered with rpmlint
+check = WorldWritableCheck()
+
+Whitelisting.registerErrorDetails((
+ (
+ 'world-writable-unauthorized-file',
+ """A world-writable file is installed by this package.
+ {review_needed_text}"""
+ ),
+ (
+ 'world-writable-mismatched-attrs',
+ """A world-writable file doesn't match the expected file
+ properties. {followup_needed_text}"""
+ )
+))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/Whitelisting.py new/rpmlint-checks-master/Whitelisting.py
--- old/rpmlint-checks-master/Whitelisting.py 2020-03-31 11:35:13.000000000 +0200
+++ new/rpmlint-checks-master/Whitelisting.py 2020-07-31 10:46:46.000000000 +0200
@@ -6,18 +6,43 @@
import os
import sys
-import json
import hashlib
+import json
+import stat
import traceback
-from Filter import printError
-
AUDIT_BUG_URL = "https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs"
+REVIEW_NEEDED_TEXT = """If the package is
+ intended for inclusion in any SUSE product please open a bug report to request
+ review of the package by the security team. Please refer to {url} for more
+ information.""".format(url=AUDIT_BUG_URL)
+FOLLOWUP_NEEDED_TEXT = """Please open a bug report to request follow-up review of the
+ introduced changes by the security team. Please refer to {url} for more
+ information."""
+GHOST_ENCOUNTERED_TEXT = """This is not allowed, since it is impossible to
+ review. Please refer to {url} for more information."""
+
+
+def registerErrorDetails(details):
+ """details is expected to be a sequence of (id, description) pairs, where
+ id is the error id like 'cronjob-unauthorized-file' and description is a
+ human readable text describing the situation. The text may contain
+ placeholders that will be replaced by the constants above."""
+ from Filter import addDetails
+
+ for _id, desc in details:
+ addDetails(
+ _id,
+ desc.format(
+ url=AUDIT_BUG_URL,
+ review_needed_text=REVIEW_NEEDED_TEXT,
+ followup_needed_text=FOLLOWUP_NEEDED_TEXT,
+ ghost_encountered_text=GHOST_ENCOUNTERED_TEXT))
class DigestVerificationResult(object):
"""This type represents the result of a digest verification as returned
- from AuditEntry.compareDigests()."""
+ from DigestAuditEntry.compareDigests()."""
def __init__(self, path, alg, expected, encountered):
@@ -44,7 +69,7 @@
return self.m_encountered
-class AuditEntry(object):
+class AuditEntryBase(object):
"""This object represents a single audit entry as found in a whitelisting
entry like:
@@ -63,7 +88,6 @@
self.m_bug = bug
self._verifyBugNr()
self.m_comment = ""
- self.m_digests = {}
def bug(self):
return self.m_bug
@@ -74,6 +98,29 @@
def comment(self):
return self.m_comment
+ def _verifyBugNr(self):
+ """Perform some sanity checks on the bug nr associated with this audit
+ entry."""
+
+ parts = self.m_bug.split('#')
+
+ if len(parts) != 2 or \
+ parts[0] not in ("bsc", "boo", "bnc") or \
+ not parts[1].isdigit():
+ raise Exception("Bad bug nr# '{}'".format(self.m_bug))
+
+ def _verifyPath(self, path):
+ if not path.startswith(os.path.sep):
+ raise Exception("Bad whitelisting path " + path)
+
+
+class DigestAuditEntry(AuditEntryBase):
+
+ def __init__(self, bug):
+
+ super().__init__(bug)
+ self.m_digests = {}
+
def setDigests(self, digests):
for path, digest in digests.items():
self._verifyPath(path)
@@ -81,6 +128,9 @@
self.m_digests = digests
+ def paths(self):
+ return self.digests().keys()
+
def digests(self):
"""Returns a dictionary specifying file paths and their whitelisted
digests. The digests are suitable for the
@@ -163,17 +213,6 @@
return (all([res.matches() for res in results]), results)
- def _verifyBugNr(self):
- """Perform some sanity checks on the bug nr associated with this audit
- entry."""
-
- parts = self.m_bug.split('#')
-
- if len(parts) != 2 or \
- parts[0] not in ("bsc", "boo", "bnc") or \
- not parts[1].isdigit():
- raise Exception("Bad bug nr# '{}'".format(self.m_bug))
-
def _verifyDigestSyntax(self, digest):
if self.isSkipDigest(digest):
return
@@ -189,9 +228,135 @@
except ValueError:
raise Exception("Bad digest algorithm in " + digest)
- def _verifyPath(self, path):
- if not path.startswith(os.path.sep):
- raise Exception("Bad whitelisting path " + path)
+
+class MetaAuditEntry(AuditEntryBase):
+
+ def __init__(self, bug):
+
+ super().__init__(bug)
+ self.m_meta = {}
+
+ def paths(self):
+ return self.meta().keys()
+
+ def setMeta(self, meta):
+ for path, data in meta.items():
+ self._verifyPath(path)
+ self._verifyMetaData(path, data)
+
+ self.m_meta = meta
+
+ def meta(self):
+ """Returns a dictionary specifying file paths and their whitelisted
+ metadata attributes:
+
+ "type": one of 'c', 'd', 's' or '-'
+ "mode": integer defining the file mode
+ "owner": tuple of (user, group) defining the ownership
+ "dev": tuple of (minor, major) integers defining device file numbers
+ """
+ return self.m_meta
+
+ def _verifyMetaData(self, path, data):
+ """Verify and CONVERT metadata."""
+
+ req_fields = ("type", "mode", "owner")
+
+ for field in req_fields:
+ if field not in data:
+ raise Exception("Missing required setting '{}' for path {}".format(field, path))
+
+ _type = data["type"]
+
+ if _type not in ("c", "d", "s", "-"):
+ raise Exception("Unexpected type '{}' for path {}".format(_type, path))
+
+ try:
+ data["mode"] = int(data["mode"], 8)
+
+ if data["mode"] > 0o7777:
+ raise ValueError("octal mode too large")
+ except ValueError:
+ raise Exception("Bad 'mode' for path " + path)
+
+ if _type == "c" and "dev" not in data:
+ raise Exception("Missing 'dev' for path " + path)
+ elif _type != "c" and "dev" in data:
+ raise Exception("Unsuitable 'dev' specification for path " + path)
+
+ if "dev" in data:
+ try:
+ major, minor = data["dev"].split(",")
+ data["dev"] = int(major), int(minor)
+ except Exception as e:
+ raise Exception("Bad 'dev' specification for path {}: {}".format(path, str(e)))
+
+ try:
+ user, group = data["owner"].split(":")
+ data["owner"] = user, group
+ except Exception as e:
+ raise Exception("Bad 'owner' specification for path {}: {}".format(path, str(e)))
+
+ def _isWeakerMode(self, ours, theirs):
+ """Checks whether the mode @theirs only grants less permissions than
+ what @ours would grant."""
+
+ if (ours & stat.S_ISVTX) and not (theirs & stat.S_ISVTX):
+ # if it's the sticky bit that's missing then we can't consider the
+ # encountered mode weaker. The sticky bit might be necessary to
+ # protect shared world-writable directories.
+ return False
+
+ # otherwise if there's no extra bit in their mode then it should be
+ # weaker or equal to ours, security wise
+ return (ours | theirs) == ours
+
+ def compareMeta(self, pkg, path, their_meta):
+ our_meta = self.m_meta.get(path)
+ warning = ""
+
+ their_mode_str = stat.filemode(their_meta.mode)
+ their_type = their_mode_str[0]
+
+ if their_type != our_meta["type"]:
+ msg = "type mismatch, expected type {} but encountered type {}".format(
+ our_meta["type"], their_type
+ )
+ return (False, msg)
+
+ their_mode = stat.S_IMODE(their_meta.mode)
+
+ if their_mode != our_meta["mode"]:
+
+ if self._isWeakerMode(our_meta["mode"], their_mode):
+ # if there are no extra bits set then we can accept it
+ # anyways, however we should still warn that something is
+ # unexpected.
+ warning = "mode doesn't match but grants less permissions than expected"
+ else:
+ msg = "mode mismatch, expected mode {} but encountered mode {}".format(
+ stat.filemode(our_meta["mode"])[1:], stat.filemode(their_meta.mode)[1:]
+ )
+ return (False, msg)
+
+ if their_meta.user != our_meta["owner"][0] or their_meta.group != our_meta["owner"][1]:
+ msg = "ownership mismatch, expected {} but encountered {}".format(
+ ':'.join(our_meta["owner"]), ':'.join(their_meta.user, their_meta.group)
+ )
+ return (False, msg)
+
+ if their_type in ("c", "b"):
+ their_rdev = their_meta.rdev
+ their_major, their_minor = os.major(their_rdev), os.minor(their_rdev)
+ our_major, our_minor = our_meta["dev"]
+
+ if their_major != our_major or their_minor != our_minor:
+ msg = "device node mismatch, expected {} but encountered {}".format(
+ ','.join(our_major, our_minor), ','.join(their_major, their_minor)
+ )
+ return (False, msg)
+
+ return (True, warning)
class WhitelistEntry(object):
@@ -257,7 +422,7 @@
# soft error, continue parsing
continue
for a in entry.audits():
- for path in a.digests():
+ for path in a.paths():
entries = ret.setdefault(path, [])
entries.append(entry)
except Exception as e:
@@ -294,12 +459,25 @@
return ret
+ def _getErrorPrefix(self):
+ return self.m_path + ": ERROR: "
+
+ def _getWarnPrefix(self):
+ return self.m_path + ": WARN: "
+
+
+class DigestWhitelistParser(WhitelistParser):
+
+ def __init__(self, wl_path):
+
+ super().__init__(wl_path)
+
def _parseAuditEntry(self, bug, data):
"""Parses a single JSON audit sub-entry returns an AuditEntry() object
for it. On non-critical error conditions None is returned, otherwise
an exception is raised"""
- ret = AuditEntry(bug)
+ ret = DigestAuditEntry(bug)
comment = data.get("comment", None)
if comment:
@@ -308,28 +486,49 @@
digests = data.get("digests", {})
if not digests:
- raise Exception(self._getErrorPrefix() + "no 'digests' entry for '{}'".format(bug))
+ raise Exception(self._getErrorPrefix() + "missing 'digests' for '{}'".format(bug))
ret.setDigests(digests)
return ret
- def _getErrorPrefix(self):
- return self.m_path + ": ERROR: "
- def _getWarnPrefix(self):
- return self.m_path + ": WARN: "
+class MetaWhitelistParser(WhitelistParser):
+ def __init__(self, wl_path):
-class WhitelistChecker(object):
- """This type actually compares files found in an RPM against whitelist
- entries."""
+ super().__init__(wl_path)
+
+ def _parseAuditEntry(self, bug, data):
+ """Parses a single JSON audit sub-entry returns an AuditEntry() object
+ for it. On non-critical error conditions None is returned, otherwise
+ an exception is raised"""
+
+ ret = MetaAuditEntry(bug)
+
+ comment = data.get("comment", None)
+ if comment:
+ ret.setComment(comment)
+
+ meta = data.get("meta", {})
+
+ if not meta:
+ raise Exception(self._getErrorPrefix() + "missing 'meta' entry for '{}'".format(bug))
+
+ ret.setMeta(meta)
+
+ return ret
+
+
+class DigestWhitelistChecker(object):
+ """This type actually compares files found in an RPM against digest
+ whitelist entries."""
def __init__(self, whitelist_entries, restricted_paths, error_map):
"""Instantiate a properly configured checker
:param whitelist_entries: is a dictionary data structure as returned
- from WhitelistParser.parse().
+ from DigestWhitelistParser.parse().
:param restricted_paths: a sequence of path prefixes that will trigger
the whitelisting check. All other paths will
be ignored.
@@ -352,6 +551,21 @@
if req_key not in self.m_error_map:
raise Exception("Missing {} error mapping".format(req_key))
+ def _isRestrictedPath(self, path):
+ for restricted in self.m_restricted_paths:
+ if path.startswith(restricted):
+ return True
+
+ return False
+
+ def _getWhitelist(self, pkg_name, path):
+ entries = self.m_whitelist_entries.get(path, [])
+ for entry in entries:
+ if entry.package() == pkg_name:
+ return entry
+
+ return None
+
def check(self, pkg):
"""Checks the given RPM pkg instance against the configured whitelist
restriction.
@@ -360,6 +574,8 @@
Nothing is returned from this function.
"""
+ from Filter import printError
+
if pkg.isSource():
return
@@ -367,24 +583,16 @@
already_tested = set()
for f in files:
- for restricted in self.m_restricted_paths:
- if f.startswith(restricted):
- break
- else:
- # no match
+ if not self._isRestrictedPath(f):
continue
if f in pkg.ghostFiles():
printError(pkg, self.m_error_map['ghost'], f)
continue
- entries = self.m_whitelist_entries.get(f, [])
- wl_match = None
- for entry in entries:
- if entry.package() == pkg.name:
- wl_match = entry
- break
- else:
+ wl_match = self._getWhitelist(pkg.name, f)
+
+ if not wl_match:
# no whitelist entry exists for this file
printError(pkg, self.m_error_map['unauthorized'], f)
continue
@@ -434,3 +642,110 @@
path=result.path(), alg=result.algorithm(),
expected=result.expected(), encountered=result.encountered()
), file=sys.stderr)
+
+
+class MetaWhitelistChecker(object):
+ """This type actually compares files found in an RPM against whitelist
+ entries."""
+
+ def __init__(self, whitelist_entries, error_map, restricted_mode, restricted_types):
+ """Instantiate a properly configured checker. For metadata
+ restrictions both `restricted_mode` and `restricted_types` need to
+ match for a check to be triggered.
+
+ :param whitelist_entries: is a dictionary data structure as returned
+ from MetaWhitelistParser.parse().
+ :param error_map: is a specification of rpmlint error labels for
+ files like "unauthorized" and "mismatch"
+ {
+ "unauthorized": "special-file-unauthorized",
+ "mismatch": "special-file-mismatch"
+ }
+ :param restricted_mode: an octal bit mask that specifies file mode
+ bits that are restricted by this whitelist.
+ e.g. 0o001 would trigger a check for all files
+ containing a world executable bit. 0o7777
+ would catch any mode.
+ :param restricted_types: a sequence of file types that are restricted
+ by this whitelist. E.g. ("f", "s") would
+ trigger a check for all regular files and
+ socket files. An entry of "*" will match all
+ file types.
+ """
+
+ self.m_whitelist_entries = whitelist_entries
+ self.m_error_map = error_map
+ self.m_restricted_mode = restricted_mode
+ self.m_restricted_types = restricted_types
+
+ req_error_keys = ("unauthorized", "mismatch")
+
+ for req_key in req_error_keys:
+ if req_key not in self.m_error_map:
+ raise Exception("Missing {} error mapping".format(req_key))
+
+ def _hasRestrictedMeta(self, meta):
+
+ if self.m_restricted_mode == 0o7777:
+ # all modes should match so ignore it
+ pass
+ elif (meta.mode & self.m_restricted_mode) == 0:
+ # none of the interesting mode bits matches
+ return False
+
+ if "*" in self.m_restricted_types:
+ # match all file types
+ return True
+ elif stat.filemode(meta.mode)[0] in self.m_restricted_types:
+ # filemode() returns an ls like string like `-rwx------`.
+ # we # inspect the type character and compare it against our list
+ # of restricted file types
+ return True
+
+ return False
+
+ def _getWhitelist(self, pkg_name, path):
+ entries = self.m_whitelist_entries.get(path, [])
+ for entry in entries:
+ if entry.package() == pkg_name:
+ return entry
+
+ return None
+
+ def check(self, pkg):
+ """Checks the given RPM pkg instance against the configured whitelist
+ restriction.
+
+ Each whitelist violation will be printed with the according error tag.
+ Nothing is returned from this function.
+ """
+
+ from Filter import printError
+
+ if pkg.isSource():
+ return
+
+ files = pkg.files()
+
+ for f, meta in files.items():
+ if not self._hasRestrictedMeta(meta):
+ continue
+
+ wl_match = self._getWhitelist(pkg.name, f)
+
+ if not wl_match:
+ # no whitelist entry exists for this file
+ printError(pkg, self.m_error_map['unauthorized'], f)
+ continue
+
+ for audit in wl_match.audits():
+ res, msg = audit.compareMeta(pkg, f, meta)
+
+ if res:
+ if msg:
+ # a warning only message
+ print("{}: {}".format(f, msg), file=sys.stderr)
+ break
+
+ print("{}: {}".format(f, msg), file=sys.stderr)
+ printError(pkg, self.m_error_map['mismatch'], f)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/WhitelistingCheckBase.py new/rpmlint-checks-master/WhitelistingCheckBase.py
--- old/rpmlint-checks-master/WhitelistingCheckBase.py 1970-01-01 01:00:00.000000000 +0100
+++ new/rpmlint-checks-master/WhitelistingCheckBase.py 2020-07-31 10:46:46.000000000 +0200
@@ -0,0 +1,42 @@
+# vim: sw=4 ts=4 sts=4 et :
+#############################################################################
+# Author : Matthias Gerstner
+# Purpose : Common base class for whitelisting related checks
+#############################################################################
+import AbstractCheck
+import Config
+
+import os
+
+
+class WhitelistingCheckBase(AbstractCheck.AbstractCheck):
+ """Base class for rpmlint checks that use the Whitelisting module."""
+
+ def __init__(self, check_name, whitelist_name):
+ AbstractCheck.AbstractCheck.__init__(self, check_name)
+ # this option is found in config files in /opt/testing/share/rpmlint/mini,
+ # installed there by the rpmlint-mini package.
+ WHITELIST_DIR = Config.getOption('WhitelistDataDir', [])
+
+ for wd in WHITELIST_DIR:
+ candidate = os.path.join(wd, whitelist_name)
+ if os.path.exists(candidate):
+ whitelist_path = candidate
+ self.m_check_configured = True
+ break
+ else:
+ self.m_check_configured = False
+
+ if self.m_check_configured:
+ self.m_wl_checker = self.setupChecker(whitelist_path)
+
+ def check(self, pkg):
+ """This is called by rpmlint to perform the cron check on the given
+ pkg."""
+
+ if not self.m_check_configured:
+ # don't ruin the whole run if this check is not configured, this
+ # was hopefully intended by the user.
+ return
+
+ self.m_wl_checker.check(pkg)
++++++ rpmlint-tests-84.87+git20200221.3ea152b.tar.xz -> rpmlint-tests-84.87+git20200724.ef05f7e.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-tests-84.87+git20200221.3ea152b/tests/permissions1.ref new/rpmlint-tests-84.87+git20200724.ef05f7e/tests/permissions1.ref
--- old/rpmlint-tests-84.87+git20200221.3ea152b/tests/permissions1.ref 2020-02-21 11:06:10.000000000 +0100
+++ new/rpmlint-tests-84.87+git20200724.ef05f7e/tests/permissions1.ref 2020-07-24 11:46:05.000000000 +0200
@@ -1,12 +1,14 @@
permissions1: W: non-position-independent-executable /bin/ls
-permissions1: W: permissions-incorrect /bin/su has mode 0755 but should be 04755
-permissions1: W: permissions-incorrect-owner /bin/su belongs to root:bin but should be root:root
+permissions1: W: non-position-independent-executable /usr/bin/su
+permissions1: W: non-position-independent-executable /usr/bin/su
+permissions1: W: permissions-incorrect /usr/bin/su has mode 0755 but should be 04755
+permissions1: W: permissions-incorrect-owner /usr/bin/su belongs to root:bin but should be root:root
permissions1: W: permissions-missing-postin missing %set_permissions /bin/ls in %post
-permissions1: W: permissions-missing-postin missing %set_permissions /bin/su in %post
+permissions1: W: permissions-missing-postin missing %set_permissions /usr/bin/su in %post
permissions1: W: permissions-missing-requires missing 'permissions' in PreReq
permissions1: W: permissions-missing-verifyscript missing %verify_permissions -e /bin/ls
-permissions1: W: permissions-missing-verifyscript missing %verify_permissions -e /bin/su
+permissions1: W: permissions-missing-verifyscript missing %verify_permissions -e /usr/bin/su
permissions1: E: permissions-file-setuid-bit (Badness: 10000) /bin/ls is packaged with setuid/setgid bits (04755)
permissions1: E: permissions-unauthorized-file (Badness: 10000) /etc/permissions.d/test
permissions1: E: permissions-unauthorized-file (Badness: 10000) /usr/share/permissions/permissions.d/test
-1 packages and 0 specfiles checked; 3 errors, 8 warnings.
+1 packages and 0 specfiles checked; 3 errors, 10 warnings.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-tests-84.87+git20200221.3ea152b/tests/permissions1.spec new/rpmlint-tests-84.87+git20200724.ef05f7e/tests/permissions1.spec
--- old/rpmlint-tests-84.87+git20200221.3ea152b/tests/permissions1.spec 2020-02-21 11:06:10.000000000 +0100
+++ new/rpmlint-tests-84.87+git20200724.ef05f7e/tests/permissions1.spec 2020-07-24 11:46:05.000000000 +0200
@@ -23,13 +23,14 @@
install -d -m 755 %buildroot/etc/permissions.d
install -d -m 755 %buildroot/usr/share/permissions/permissions.d
install -d -m 755 %buildroot/bin
+install -d -m 755 %buildroot/usr/bin
echo "/bin/foo root:root 4755" > %buildroot/etc/permissions.d/test
echo "/bin/foo root:root 4755" > %buildroot/usr/share/permissions/permissions.d/test
echo "int main() {}" > xx.c
gcc -fno-PIE -O2 xx.c -o %buildroot/bin/ls
strip %buildroot/bin/ls
-cp /bin/su %buildroot/bin
+cp %buildroot/bin/ls %buildroot/usr/bin/su
%clean
rm -rf %buildroot
@@ -39,7 +40,7 @@
%config /etc/permissions.d/test
%attr(0644,root,root) /usr/share/permissions/permissions.d/test
%attr(4755,root,root) /bin/ls
-%attr(0755,root,bin) /bin/su
+%attr(0755,root,bin) /usr/bin/su
%changelog
* Mon Apr 18 2011 lnussel(a)suse.de
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-tests-84.87+git20200221.3ea152b/tests/permissions2.spec new/rpmlint-tests-84.87+git20200724.ef05f7e/tests/permissions2.spec
--- old/rpmlint-tests-84.87+git20200221.3ea152b/tests/permissions2.spec 2020-02-21 11:06:10.000000000 +0100
+++ new/rpmlint-tests-84.87+git20200724.ef05f7e/tests/permissions2.spec 2020-07-24 11:46:05.000000000 +0200
@@ -21,35 +21,35 @@
%build
%install
-install -d -m 755 %buildroot/bin
-cp /bin/su %buildroot/bin
-cp /bin/su %buildroot/bin/foo
-printf '\0' >> %buildroot/bin/foo
-cp /bin/su %buildroot/bin/bar
-printf '\0\0' >> %buildroot/bin/bar
+install -d -m 755 %buildroot/usr/bin
+cp /bin/su %buildroot/usr/bin
+cp /bin/su %buildroot/usr/bin/foo
+printf '\0' >> %buildroot/usr/bin/foo
+cp /bin/su %buildroot/usr/bin/bar
+printf '\0\0' >> %buildroot/usr/bin/bar
# postfix and sendmail are allowed to install their own permissions file
mkdir -p %buildroot/etc/permissions.d %buildroot/usr/share/permissions/permissions.d
-echo "/bin/foo root:root 4755" > %buildroot/etc/permissions.d/postfix
-echo "/bin/bar root:root 4755" > %buildroot/usr/share/permissions/permissions.d/sendmail
+echo "/usr/bin/foo root:root 4755" > %buildroot/etc/permissions.d/postfix
+echo "/usr/bin/bar root:root 4755" > %buildroot/usr/share/permissions/permissions.d/sendmail
%clean
rm -rf %buildroot
%verifyscript
-%verify_permissions -e /bin/su
-%verify_permissions -e /bin/foo
-%verify_permissions -e /bin/bar
+%verify_permissions -e /usr/bin/su
+%verify_permissions -e /usr/bin/foo
+%verify_permissions -e /usr/bin/bar
%post
-%set_permissions /bin/su
-%set_permissions /bin/foo
-%set_permissions /bin/bar
+%set_permissions /usr/bin/su
+%set_permissions /usr/bin/foo
+%set_permissions /usr/bin/bar
%files
%defattr(-,root,root)
-%attr(4755,root,root) /bin/su
-%attr(4755,root,root) /bin/foo
-%attr(4755,root,root) /bin/bar
+%attr(4755,root,root) /usr/bin/su
+%attr(4755,root,root) /usr/bin/foo
+%attr(4755,root,root) /usr/bin/bar
%config /etc/permissions.d/postfix
%attr(0600,root,root) /etc/permissions.d/postfix
%attr(0600,root,root) /usr/share/permissions/permissions.d/sendmail
1
0
Hello community,
here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2020-08-03 14:12:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/haproxy (Old)
and /work/SRC/openSUSE:Factory/.haproxy.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy"
Mon Aug 3 14:12:25 2020 rev:90 rq:823717 version:2.2.2+git0.b8a2763d5
Changes:
--------
--- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2020-07-26 16:17:30.532705313 +0200
+++ /work/SRC/openSUSE:Factory/.haproxy.new.3592/haproxy.changes 2020-08-03 14:12:32.676328127 +0200
@@ -1,0 +2,22 @@
+Fri Jul 31 10:56:54 UTC 2020 - mrueckert(a)suse.de
+
+- Update to version 2.2.2+git0.b8a2763d5:
+ * [RELEASE] Released version 2.2.2
+ * BUG/MEDIUM: tcp-checks: always attach the transport before installing the mux
+ * BUG/MEDIUM: backend: always attach the transport before installing the mux
+ * SCRIPTS: announce-release: add the link to the wiki in the announce messages
+ * MINOR: stream-int: Be sure to have a mux to do sends and receives
+ * MINOR: connection: Preinstall the mux for non-ssl connect
+ * BUG/MEDIUM: connection: Be sure to always install a mux for sync connect
+ * BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields
+ * BUG/MINOR: tcp-rules: Preserve the right filter analyser on content eval abort
+ * BUG/MINOR: lua: Abort execution of actions that yield on a final evaluation
+ * BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation
+ * MEDIUM: lua: Add support for the Lua 5.4
+ * BUG/MAJOR: dns: don't treat Authority records as an error
+ * BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status
+ * BUG/MINOR: debug: Don't dump the lua stack if it is not initialized
+ * BUILD: tools: fix build with static only toolchains
+ * BUG/MINOR: mux-fcgi: Don't url-decode the QUERY_STRING parameter anymore
+
+-------------------------------------------------------------------
Old:
----
haproxy-2.2.1+git0.0ef71a557.tar.gz
New:
----
haproxy-2.2.2+git0.b8a2763d5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ haproxy.spec ++++++
--- /var/tmp/diff_new_pack.LDIKTz/_old 2020-08-03 14:12:33.728329182 +0200
+++ /var/tmp/diff_new_pack.LDIKTz/_new 2020-08-03 14:12:33.732329186 +0200
@@ -53,7 +53,7 @@
%endif
Name: haproxy
-Version: 2.2.1+git0.0ef71a557
+Version: 2.2.2+git0.b8a2763d5
Release: 0
#
#
++++++ _service ++++++
--- /var/tmp/diff_new_pack.LDIKTz/_old 2020-08-03 14:12:33.768329222 +0200
+++ /var/tmp/diff_new_pack.LDIKTz/_new 2020-08-03 14:12:33.768329222 +0200
@@ -6,7 +6,7 @@
<param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
- <param name="revision">v2.2.1</param>
+ <param name="revision">v2.2.2</param>
<param name="changesgenerate">enable</param>
</service>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.LDIKTz/_old 2020-08-03 14:12:33.788329242 +0200
+++ /var/tmp/diff_new_pack.LDIKTz/_new 2020-08-03 14:12:33.788329242 +0200
@@ -5,4 +5,4 @@
</service>
<service name="tar_scm">
<param name="url">http://git.haproxy.org/git/haproxy-2.2.git</param>
- <param name="changesrevision">0ef71a55769353c996166a747b77e0d311867639</param></service></servicedata>
\ No newline at end of file
+ <param name="changesrevision">b8a2763d59c412207c4838579abd594a9a110a7d</param></service></servicedata>
\ No newline at end of file
++++++ haproxy-2.2.1+git0.0ef71a557.tar.gz -> haproxy-2.2.2+git0.b8a2763d5.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/CHANGELOG new/haproxy-2.2.2+git0.b8a2763d5/CHANGELOG
--- old/haproxy-2.2.1+git0.0ef71a557/CHANGELOG 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/CHANGELOG 2020-07-31 11:54:32.000000000 +0200
@@ -1,6 +1,24 @@
ChangeLog :
===========
+2020/07/31 : 2.2.2
+ - BUG/MINOR: mux-fcgi: Don't url-decode the QUERY_STRING parameter anymore
+ - BUILD: tools: fix build with static only toolchains
+ - BUG/MINOR: debug: Don't dump the lua stack if it is not initialized
+ - BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status
+ - BUG/MAJOR: dns: don't treat Authority records as an error
+ - MEDIUM: lua: Add support for the Lua 5.4
+ - BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation
+ - BUG/MINOR: lua: Abort execution of actions that yield on a final evaluation
+ - BUG/MINOR: tcp-rules: Preserve the right filter analyser on content eval abort
+ - BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields
+ - BUG/MEDIUM: connection: Be sure to always install a mux for sync connect
+ - MINOR: connection: Preinstall the mux for non-ssl connect
+ - MINOR: stream-int: Be sure to have a mux to do sends and receives
+ - SCRIPTS: announce-release: add the link to the wiki in the announce messages
+ - BUG/MEDIUM: backend: always attach the transport before installing the mux
+ - BUG/MEDIUM: tcp-checks: always attach the transport before installing the mux
+
2020/07/23 : 2.2.1
- BUG/MINOR: sample: Free str.area in smp_check_const_bool
- BUG/MINOR: sample: Free str.area in smp_check_const_meth
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/VERDATE new/haproxy-2.2.2+git0.b8a2763d5/VERDATE
--- old/haproxy-2.2.1+git0.0ef71a557/VERDATE 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/VERDATE 2020-07-31 11:54:32.000000000 +0200
@@ -1,2 +1,2 @@
$Format:%ci$
-2020/07/23
+2020/07/31
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/VERSION new/haproxy-2.2.2+git0.b8a2763d5/VERSION
--- old/haproxy-2.2.1+git0.0ef71a557/VERSION 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/VERSION 2020-07-31 11:54:32.000000000 +0200
@@ -1 +1 @@
-2.2.1
+2.2.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/doc/configuration.txt new/haproxy-2.2.2+git0.b8a2763d5/doc/configuration.txt
--- old/haproxy-2.2.1+git0.0ef71a557/doc/configuration.txt 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/doc/configuration.txt 2020-07-31 11:54:32.000000000 +0200
@@ -4,7 +4,7 @@
----------------------
version 2.2
willy tarreau
- 2020/07/23
+ 2020/07/31
This document covers the configuration language as implemented in the version
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/scripts/announce-release new/haproxy-2.2.2+git0.b8a2763d5/scripts/announce-release
--- old/haproxy-2.2.1+git0.0ef71a557/scripts/announce-release 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/scripts/announce-release 2020-07-31 11:54:32.000000000 +0200
@@ -165,6 +165,7 @@
echo " Discourse : http://discourse.haproxy.org/"
echo " Slack channel : https://slack.haproxy.org/"
echo " Issue tracker : https://github.com/haproxy/haproxy/issues"
+ echo " Wiki : https://github.com/haproxy/wiki/wiki"
echo " Sources : http://www.haproxy.org/download/${BRANCH}/src/"
echo " Git repository : http://git.haproxy.org/git/${gitdir}/"
echo " Git Web browsing : http://git.haproxy.org/?p=${gitdir}"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/src/backend.c new/haproxy-2.2.2+git0.b8a2763d5/src/backend.c
--- old/haproxy-2.2.1+git0.0ef71a557/src/backend.c 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/src/backend.c 2020-07-31 11:54:32.000000000 +0200
@@ -1459,8 +1459,8 @@
srv_conn->ctx = srv_cs;
#if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
if (!srv ||
- ((!(srv->ssl_ctx.alpn_str) && !(srv->ssl_ctx.npn_str)) ||
- srv->mux_proto || s->be->mode != PR_MODE_HTTP))
+ (srv->use_ssl != 1 || (!(srv->ssl_ctx.alpn_str) && !(srv->ssl_ctx.npn_str)) ||
+ srv->mux_proto || s->be->mode != PR_MODE_HTTP))
#endif
init_mux = 1;
#if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
@@ -1519,6 +1519,16 @@
if (err != SF_ERR_NONE)
return err;
+ /* The CO_FL_SEND_PROXY flag may have been set by the connect method,
+ * if so, add our handshake pseudo-XPRT now.
+ */
+ if ((srv_conn->flags & CO_FL_HANDSHAKE)) {
+ if (xprt_add_hs(srv_conn) < 0) {
+ conn_full_close(srv_conn);
+ return SF_ERR_INTERNAL;
+ }
+ }
+
/* We have to defer the mux initialization until after si_connect()
* has been called, as we need the xprt to have been properly
* initialized, or any attempt to recv during the mux init may
@@ -1537,16 +1547,6 @@
!(srv_conn->flags & CO_FL_PRIVATE) && srv_conn->mux->avail_streams(srv_conn) > 0)
LIST_ADDQ(&srv->available_conns[tid], mt_list_to_list(&srv_conn->list));
}
- /* The CO_FL_SEND_PROXY flag may have been set by the connect method,
- * if so, add our handshake pseudo-XPRT now.
- */
- if ((srv_conn->flags & CO_FL_HANDSHAKE)) {
- if (xprt_add_hs(srv_conn) < 0) {
- conn_full_close(srv_conn);
- return SF_ERR_INTERNAL;
- }
- }
-
#if USE_OPENSSL && (defined(OPENSSL_IS_BORINGSSL) || (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L))
@@ -1627,6 +1627,14 @@
if ((srv_cs->flags & CS_FL_EOI) && !(si_ic(&s->si[1])->flags & CF_EOI))
si_ic(&s->si[1])->flags |= (CF_EOI|CF_READ_PARTIAL);
+ /* catch all sync connect while the mux is not already installed */
+ if (!srv_conn->mux && !(srv_conn->flags & CO_FL_WAIT_XPRT)) {
+ if (conn_create_mux(srv_conn) < 0) {
+ conn_full_close(srv_conn);
+ return SF_ERR_INTERNAL;
+ }
+ }
+
return SF_ERR_NONE; /* connection is OK */
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/src/debug.c new/haproxy-2.2.2+git0.b8a2763d5/src/debug.c
--- old/haproxy-2.2.1+git0.0ef71a557/src/debug.c 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/src/debug.c 2020-07-31 11:54:32.000000000 +0200
@@ -222,11 +222,13 @@
chunk_appendf(buf, "%sCurrent executing a Lua HTTP service -- ", pfx);
}
- if (hlua) {
+ if (hlua && hlua->T) {
luaL_traceback(hlua->T, hlua->T, NULL, 0);
if (!append_prefixed_str(buf, lua_tostring(hlua->T, -1), pfx, '\n', 1))
b_putchr(buf, '\n');
}
+ else
+ b_putchr(buf, '\n');
#endif
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/src/dns.c new/haproxy-2.2.2+git0.b8a2763d5/src/dns.c
--- old/haproxy-2.2.1+git0.0ef71a557/src/dns.c 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/src/dns.c 2020-07-31 11:54:32.000000000 +0200
@@ -1038,6 +1038,35 @@
/* now parsing additional records for SRV queries only */
if (dns_query->type != DNS_RTYPE_SRV)
goto skip_parsing_additional_records;
+
+ /* if we find Authority records, just skip them */
+ for (i = 0; i < dns_p->header.nscount; i++) {
+ offset = 0;
+ len = dns_read_name(resp, bufend, reader, tmpname, DNS_MAX_NAME_SIZE,
+ &offset, 0);
+ if (len == 0)
+ continue;
+
+ if (reader + offset + 10 >= bufend)
+ return DNS_RESP_INVALID;
+
+ reader += offset;
+ /* skip 2 bytes for class */
+ reader += 2;
+ /* skip 2 bytes for type */
+ reader += 2;
+ /* skip 4 bytes for ttl */
+ reader += 4;
+ /* read data len */
+ len = reader[0] * 256 + reader[1];
+ reader += 2;
+
+ if (reader + len >= bufend)
+ return DNS_RESP_INVALID;
+
+ reader += len;
+ }
+
nb_saved_records = 0;
for (i = 0; i < dns_p->header.arcount; i++) {
if (reader >= bufend)
@@ -2421,10 +2450,8 @@
locked = 1;
}
- if (resolution->step == RSLV_STEP_RUNNING) {
- ret = ACT_RET_YIELD;
- goto end;
- }
+ if (resolution->step == RSLV_STEP_RUNNING)
+ goto yield;
if (resolution->step == RSLV_STEP_NONE) {
/* We update the variable only if we have a valid response. */
if (resolution->status == RSLV_STATUS_VALID) {
@@ -2458,14 +2485,7 @@
}
}
- free(s->dns_ctx.hostname_dn); s->dns_ctx.hostname_dn = NULL;
- s->dns_ctx.hostname_dn_len = 0;
- dns_unlink_resolution(s->dns_ctx.dns_requester);
-
- pool_free(dns_requester_pool, s->dns_ctx.dns_requester);
- s->dns_ctx.dns_requester = NULL;
-
- goto end;
+ goto release_requester;
}
/* need to configure and start a new DNS resolution */
@@ -2486,26 +2506,38 @@
/* Check if there is a fresh enough response in the cache of our associated resolution */
req = s->dns_ctx.dns_requester;
- if (!req || !req->resolution) {
- dns_trigger_resolution(s->dns_ctx.dns_requester);
- ret = ACT_RET_YIELD;
- goto end;
- }
+ if (!req || !req->resolution)
+ goto release_requester; /* on error, ignore the action */
res = req->resolution;
exp = tick_add(res->last_resolution, resolvers->hold.valid);
if (resolvers->t && res->status == RSLV_STATUS_VALID && tick_isset(res->last_resolution)
- && !tick_is_expired(exp, now_ms)) {
+ && !tick_is_expired(exp, now_ms)) {
goto use_cache;
}
dns_trigger_resolution(s->dns_ctx.dns_requester);
+
+ yield:
+ if (flags & ACT_OPT_FINAL)
+ goto release_requester;
ret = ACT_RET_YIELD;
end:
if (locked)
HA_SPIN_UNLOCK(DNS_LOCK, &resolvers->lock);
return ret;
+
+ release_requester:
+ free(s->dns_ctx.hostname_dn);
+ s->dns_ctx.hostname_dn = NULL;
+ s->dns_ctx.hostname_dn_len = 0;
+ if (s->dns_ctx.dns_requester) {
+ dns_unlink_resolution(s->dns_ctx.dns_requester);
+ pool_free(dns_requester_pool, s->dns_ctx.dns_requester);
+ s->dns_ctx.dns_requester = NULL;
+ }
+ goto end;
}
static void release_dns_action(struct act_rule *rule)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/src/hlua.c new/haproxy-2.2.2+git0.b8a2763d5/src/hlua.c
--- old/haproxy-2.2.1+git0.0ef71a557/src/hlua.c 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/src/hlua.c 2020-07-31 11:54:32.000000000 +0200
@@ -1069,6 +1069,9 @@
*/
static enum hlua_exec hlua_ctx_resume(struct hlua *lua, int yield_allowed)
{
+#if defined(LUA_VERSION_NUM) && LUA_VERSION_NUM >= 504
+ int nres;
+#endif
int ret;
const char *msg;
const char *trace;
@@ -1100,7 +1103,11 @@
lua->wake_time = TICK_ETERNITY;
/* Call the function. */
+#if defined(LUA_VERSION_NUM) && LUA_VERSION_NUM >= 504
+ ret = lua_resume(lua->T, gL.T, lua->nargs, &nres);
+#else
ret = lua_resume(lua->T, gL.T, lua->nargs);
+#endif
switch (ret) {
case LUA_OK:
@@ -6642,11 +6649,16 @@
act_ret = lua_tointeger(s->hlua->T, -1);
/* Set timeout in the required channel. */
- if (act_ret == ACT_RET_YIELD && s->hlua->wake_time != TICK_ETERNITY) {
- if (dir == SMP_OPT_DIR_REQ)
- s->req.analyse_exp = s->hlua->wake_time;
- else
- s->res.analyse_exp = s->hlua->wake_time;
+ if (act_ret == ACT_RET_YIELD) {
+ if (flags & ACT_OPT_FINAL)
+ goto err_yield;
+
+ if (s->hlua->wake_time != TICK_ETERNITY) {
+ if (dir == SMP_OPT_DIR_REQ)
+ s->req.analyse_exp = s->hlua->wake_time;
+ else
+ s->res.analyse_exp = s->hlua->wake_time;
+ }
}
goto end;
@@ -6687,6 +6699,8 @@
goto end;
case HLUA_E_YIELD:
+ err_yield:
+ act_ret = ACT_RET_CONT;
SEND_ERR(px, "Lua function '%s': aborting Lua processing on expired timeout.\n",
rule->arg.hlua_rule->fcn.name);
goto end;
@@ -7845,10 +7859,12 @@
memprintf(err, "Lua message handler error: %s\n", lua_tostring(gL.T, -1));
lua_pop(gL.T, 1);
return -1;
+#if defined(LUA_VERSION_NUM) && LUA_VERSION_NUM <= 503
case LUA_ERRGCMM:
memprintf(err, "Lua garbage collector error: %s\n", lua_tostring(gL.T, -1));
lua_pop(gL.T, 1);
return -1;
+#endif
default:
memprintf(err, "Lua unknown error: %s\n", lua_tostring(gL.T, -1));
lua_pop(gL.T, 1);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/src/mux_fcgi.c new/haproxy-2.2.2+git0.b8a2763d5/src/mux_fcgi.c
--- old/haproxy-2.2.1+git0.0ef71a557/src/mux_fcgi.c 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/src/mux_fcgi.c 2020-07-31 11:54:32.000000000 +0200
@@ -1303,27 +1303,21 @@
struct ist path = http_get_path(params->uri);
int len;
- /* Decode the path. it must first be copied to keep the URI
- * untouched.
- */
- chunk_memcat(params->p, path.ptr, path.len);
- path.ptr = b_tail(params->p) - path.len;
- path.ptr[path.len] = '\0';
- len = url_decode(path.ptr, 0);
- if (len < 0)
- goto error;
- path.len = len;
-
/* No scrit_name set but no valid path ==> error */
if (!(params->mask & FCGI_SP_SCRIPT_NAME) && !istlen(path))
goto error;
- /* Find limit between the path and the query-string */
- for (len = 0; len < path.len && *(path.ptr + len) != '?'; len++);
-
/* If there is a query-string, Set it if not already set */
- if (!(params->mask & FCGI_SP_REQ_QS) && len < path.len)
- params->qs = ist2(path.ptr+len+1, path.len-len-1);
+ if (!(params->mask & FCGI_SP_REQ_QS)) {
+ struct ist qs = istfind(path, '?');
+
+ /* Update the path length */
+ path.len -= qs.len;
+
+ /* Set the query-string skipping the '?', if any */
+ if (istlen(qs))
+ params->qs = istnext(qs);
+ }
/* If the script_name is set, don't try to deduce the path_info
* too. The opposite is not true.
@@ -1333,8 +1327,18 @@
goto end;
}
+ /* Decode the path. it must first be copied to keep the URI
+ * untouched.
+ */
+ chunk_memcat(params->p, path.ptr, path.len);
+ path.ptr = b_tail(params->p) - path.len;
+ len = url_decode(ist0(path), 0);
+ if (len < 0)
+ goto error;
+ path.len = len;
+
/* script_name not set, preset it with the path for now */
- params->scriptname = ist2(path.ptr, len);
+ params->scriptname = path;
/* If there is no regex to match the pathinfo, just to the last
* part and see if the index must be used.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/src/server.c new/haproxy-2.2.2+git0.b8a2763d5/src/server.c
--- old/haproxy-2.2.1+git0.0ef71a557/src/server.c 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/src/server.c 2020-07-31 11:54:32.000000000 +0200
@@ -3731,6 +3731,15 @@
struct dns_resolution *resolution = s->dns_requester->resolution;
int exp;
+ /* If resolution is NULL we're dealing with SRV records Additional records */
+ if (resolution == NULL) {
+ if (s->next_admin & SRV_ADMF_RMAINT)
+ return 1;
+
+ srv_set_admin_flag(s, SRV_ADMF_RMAINT, "entry removed from SRV record");
+ return 0;
+ }
+
switch (resolution->status) {
case RSLV_STATUS_NONE:
/* status when HAProxy has just (re)started.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/src/stream_interface.c new/haproxy-2.2.2+git0.b8a2763d5/src/stream_interface.c
--- old/haproxy-2.2.1+git0.0ef71a557/src/stream_interface.c 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/src/stream_interface.c 2020-07-31 11:54:32.000000000 +0200
@@ -661,6 +661,10 @@
if (oc->flags & CF_SHUTW)
return 1;
+ /* we must wait because the mux is not installed yet */
+ if (!conn->mux)
+ return 0;
+
if (oc->pipe && conn->xprt->snd_pipe && conn->mux->snd_pipe) {
ret = conn->mux->snd_pipe(cs, oc->pipe);
if (ret > 0)
@@ -1220,6 +1224,10 @@
if (ic->flags & CF_SHUTR)
return 1;
+ /* we must wait because the mux is not installed yet */
+ if (!conn->mux)
+ return 0;
+
/* stop here if we reached the end of data */
if (cs->flags & CS_FL_EOS)
goto end_recv;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/src/tcp_rules.c new/haproxy-2.2.2+git0.b8a2763d5/src/tcp_rules.c
--- old/haproxy-2.2.1+git0.0ef71a557/src/tcp_rules.c 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/src/tcp_rules.c 2020-07-31 11:54:32.000000000 +0200
@@ -354,7 +354,9 @@
missing_data:
channel_dont_close(rep);
- s->current_rule = rule;
+ /* just set the analyser timeout once at the beginning of the response */
+ if (!tick_isset(rep->analyse_exp) && s->be->tcp_rep.inspect_delay)
+ rep->analyse_exp = tick_add(now_ms, s->be->tcp_rep.inspect_delay);
DBG_TRACE_DEVEL("waiting for more data", STRM_EV_STRM_ANA|STRM_EV_TCP_ANA, s);
return 0;
@@ -389,7 +391,7 @@
channel_abort(&s->req);
abort:
- rep->analysers &= AN_REQ_FLT_END;
+ rep->analysers &= AN_RES_FLT_END;
if (!(s->flags & SF_ERR_MASK))
s->flags |= SF_ERR_PRXCOND;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/src/tcpcheck.c new/haproxy-2.2.2+git0.b8a2763d5/src/tcpcheck.c
--- old/haproxy-2.2.1+git0.0ef71a557/src/tcpcheck.c 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/src/tcpcheck.c 2020-07-31 11:54:32.000000000 +0200
@@ -1096,31 +1096,6 @@
conn->flags |= CO_FL_PRIVATE;
conn->ctx = cs;
- /* The mux may be initialized now if there isn't server attached to the
- * check (email alerts) or if there is a mux proto specified or if there
- * is no alpn.
- */
- if (!s || ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && check->mux_proto) ||
- connect->mux_proto || (!connect->alpn && !check->alpn_str)) {
- const struct mux_ops *mux_ops;
-
- if (connect->mux_proto)
- mux_ops = connect->mux_proto->mux;
- else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && check->mux_proto)
- mux_ops = check->mux_proto->mux;
- else {
- int mode = ((check->tcpcheck_rules->flags & TCPCHK_RULES_PROTO_CHK) == TCPCHK_RULES_HTTP_CHK
- ? PROTO_MODE_HTTP
- : PROTO_MODE_TCP);
-
- mux_ops = conn_get_best_mux(conn, IST_NULL, PROTO_SIDE_BE, mode);
- }
- if (mux_ops && conn_install_mux(conn, mux_ops, cs, proxy, check->sess) < 0) {
- status = SF_ERR_INTERNAL;
- goto fail_check;
- }
- }
-
#ifdef USE_OPENSSL
if (connect->sni)
ssl_sock_set_servername(conn, connect->sni);
@@ -1160,6 +1135,31 @@
status = SF_ERR_RESOURCE;
}
+ /* The mux may be initialized now if there isn't server attached to the
+ * check (email alerts) or if there is a mux proto specified or if there
+ * is no alpn.
+ */
+ if (!s || ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && check->mux_proto) ||
+ connect->mux_proto || (!connect->alpn && !check->alpn_str)) {
+ const struct mux_ops *mux_ops;
+
+ if (connect->mux_proto)
+ mux_ops = connect->mux_proto->mux;
+ else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && check->mux_proto)
+ mux_ops = check->mux_proto->mux;
+ else {
+ int mode = ((check->tcpcheck_rules->flags & TCPCHK_RULES_PROTO_CHK) == TCPCHK_RULES_HTTP_CHK
+ ? PROTO_MODE_HTTP
+ : PROTO_MODE_TCP);
+
+ mux_ops = conn_get_best_mux(conn, IST_NULL, PROTO_SIDE_BE, mode);
+ }
+ if (mux_ops && conn_install_mux(conn, mux_ops, cs, proxy, check->sess) < 0) {
+ status = SF_ERR_INTERNAL;
+ goto fail_check;
+ }
+ }
+
fail_check:
/* It can return one of :
* - SF_ERR_NONE if everything's OK
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.1+git0.0ef71a557/src/tools.c new/haproxy-2.2.2+git0.b8a2763d5/src/tools.c
--- old/haproxy-2.2.1+git0.0ef71a557/src/tools.c 2020-07-23 09:04:24.000000000 +0200
+++ new/haproxy-2.2.2+git0.b8a2763d5/src/tools.c 2020-07-31 11:54:32.000000000 +0200
@@ -10,7 +10,7 @@
*
*/
-#ifdef __ELF__
+#if (defined(__ELF__) && !defined(__linux__)) || defined(USE_DL)
#define _GNU_SOURCE
#include <dlfcn.h>
#include <link.h>
@@ -4387,7 +4387,7 @@
return ret;
}
-#ifdef __ELF__
+#if (defined(__ELF__) && !defined(__linux__)) || defined(USE_DL)
/* calls dladdr() or dladdr1() on <addr> and <dli>. If dladdr1 is available,
* also returns the symbol size in <size>, otherwise returns 0 there.
*/
@@ -4421,7 +4421,7 @@
* The file name (lib or executable) is limited to what lies between the last
* '/' and the first following '.'. An optional prefix <pfx> is prepended before
* the output if not null. The file is not dumped when it's the same as the one
- * that contains the "main" symbol, or when __ELF__ is not set.
+ * that contains the "main" symbol, or when __ELF__ && USE_DL are not set.
*
* The symbol's base address is returned, or NULL when unresolved, in order to
* allow the caller to match it against known ones.
@@ -4449,7 +4449,7 @@
#endif
};
-#ifdef __ELF__
+#if (defined(__ELF__) && !defined(__linux__)) || defined(USE_DL)
Dl_info dli, dli_main;
size_t size;
const char *fname, *p;
@@ -4466,7 +4466,7 @@
}
}
-#ifdef __ELF__
+#if (defined(__ELF__) && !defined(__linux__)) || defined(USE_DL)
/* Now let's try to be smarter */
if (!dladdr_and_size(addr, &dli, &size))
goto unknown;
@@ -4506,7 +4506,7 @@
chunk_appendf(buf, "+%#lx", (long)(addr - dli.dli_fbase));
return NULL;
}
-#endif /* __ELF__ */
+#endif /* __ELF__ && !__linux__ || USE_DL */
unknown:
/* unresolved symbol from the main file, report relative offset to main */
if ((void*)addr < (void*)main)
1
0
Hello community,
here is the log from the commit of package llvm10 for openSUSE:Factory checked in at 2020-08-03 14:12:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/llvm10 (Old)
and /work/SRC/openSUSE:Factory/.llvm10.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "llvm10"
Mon Aug 3 14:12:12 2020 rev:5 rq:823638 version:10.0.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/llvm10/llvm10.changes 2020-07-29 17:15:05.024291184 +0200
+++ /work/SRC/openSUSE:Factory/.llvm10.new.3592/llvm10.changes 2020-08-03 14:12:18.084313494 +0200
@@ -1,0 +2,5 @@
+Thu Jul 30 21:20:08 UTC 2020 - Aaron Puchert <aaronpuchert(a)alice-dsl.net>
+
+- Add ld.lld as an alternative for ld. (boo#1174656)
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ llvm10.spec ++++++
--- /var/tmp/diff_new_pack.U4hmk9/_old 2020-08-03 14:12:20.664316081 +0200
+++ /var/tmp/diff_new_pack.U4hmk9/_new 2020-08-03 14:12:20.668316085 +0200
@@ -1274,11 +1274,15 @@
--slave %{_bindir}/ld64.lld ld64.lld %{_bindir}/ld64.lld-%{_relver} \
--slave %{_bindir}/lld-link lld-link %{_bindir}/lld-link-%{_relver} \
--slave %{_bindir}/wasm-ld wasm-ld %{_bindir}/wasm-ld-%{_relver}
+%{_sbindir}/update-alternatives --install %{_bindir}/ld ld %{_bindir}/ld.lld 1
%postun -n lld%{_sonum}
if [ ! -f %{_bindir}/lld-%{_relver} ] ; then
%{_sbindir}/update-alternatives --remove lld %{_bindir}/lld-%{_relver}
fi
+if [ ! -f %{_bindir}/lld ] ; then
+ %{_sbindir}/update-alternatives --remove ld %{_bindir}/ld.lld
+fi
%endif
%if %{with lldb}
1
0
Hello community,
here is the log from the commit of package libzbc for openSUSE:Factory checked in at 2020-08-03 14:12:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libzbc (Old)
and /work/SRC/openSUSE:Factory/.libzbc.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libzbc"
Mon Aug 3 14:12:06 2020 rev:17 rq:823629 version:5.9.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/libzbc/libzbc.changes 2020-03-19 19:48:39.424127233 +0100
+++ /work/SRC/openSUSE:Factory/.libzbc.new.3592/libzbc.changes 2020-08-03 14:12:11.856307248 +0200
@@ -1,0 +2,8 @@
+Thu Jul 30 15:53:24 UTC 2020 - Jan Engelhardt <jengelh(a)inai.de>
+
+- Update to release 5.9.0
+ * Compilation warning fixes
+- Drop 0001-build-avoid-double-definition-of-zbc_log_drv-etc.patch
+ (merged)
+
+-------------------------------------------------------------------
Old:
----
0001-build-avoid-double-definition-of-zbc_log_drv-etc.patch
v5.8.5.tar.gz
New:
----
v5.9.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libzbc.spec ++++++
--- /var/tmp/diff_new_pack.A8QXEj/_old 2020-08-03 14:12:12.736308131 +0200
+++ /var/tmp/diff_new_pack.A8QXEj/_new 2020-08-03 14:12:12.740308135 +0200
@@ -17,8 +17,8 @@
Name: libzbc
-%define lname libzbc-5_8_5
-Version: 5.8.5
+%define lname libzbc-5_9_0
+Version: 5.9.0
Release: 0
Summary: Library for manipulating ZBC and ZAC disks
License: BSD-2-Clause AND LGPL-3.0-or-later
@@ -26,7 +26,6 @@
URL: https://github.com/hgst/libzbc
Source: https://github.com/hgst/libzbc/archive/v%version.tar.gz
-Patch1: 0001-build-avoid-double-definition-of-zbc_log_drv-etc.patch
BuildRequires: autoconf-archive
BuildRequires: libtool >= 2
BuildRequires: pkg-config
++++++ v5.8.5.tar.gz -> v5.9.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/.gitignore new/libzbc-5.9.0/.gitignore
--- old/libzbc-5.8.5/.gitignore 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/.gitignore 2020-07-30 04:59:13.000000000 +0200
@@ -64,6 +64,15 @@
.depfile
.depend
+# rpm build temporary files
+rpmbuild/BUILD
+rpmbuild/RPMS
+rpmbuild/SOURCES
+rpmbuild/SPECS
+rpmbuild/SRPMS
+*.tar.gz
+*.rpm
+
# Windows-specific files
Thumbs.db
desktop.ini
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/Makefile.am new/libzbc-5.9.0/Makefile.am
--- old/libzbc-5.8.5/Makefile.am 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/Makefile.am 2020-07-30 04:59:13.000000000 +0200
@@ -12,12 +12,13 @@
exports
AM_CPPFLAGS = \
- -O2 \
+ $(CFLAGS) \
-Wall -Wextra -Wno-unused-parameter \
-I$(top_builddir)/include \
-I$(top_srcdir)/include
pkgconfdir = $(libdir)/pkgconfig
+rpmdir = $(abs_top_builddir)/rpmbuild
pkgconf_DATA = libzbc.pc
pkginclude_HEADERS =
@@ -60,3 +61,28 @@
include test/programs/write_zone/Makemodule.am
endif
+rpm: dist
+ @mkdir -p $(rpmdir)/BUILD
+ @mkdir -p $(rpmdir)/RPMS
+ @mkdir -p $(rpmdir)/SOURCES
+ @mkdir -p $(rpmdir)/SPECS
+ @mkdir -p $(rpmdir)/SRPMS
+ @mv libzbc-$(PACKAGE_VERSION).tar.gz $(rpmdir)/SOURCES
+ @echo "Version: $(PACKAGE_VERSION)" > $(rpmdir)/SPECS/libzbc.spec
+ @cat $(rpmdir)/libzbc.spec.in >> $(rpmdir)/SPECS/libzbc.spec
+ @rpmbuild -bs -v \
+ --target="$(build_cpu)" \
+ -D "_topdir $(rpmdir)" \
+ --nodebuginfo "$(rpmdir)/SPECS/libzbc.spec"
+ @mv -f $(rpmdir)/SRPMS/*.rpm $(abs_top_builddir)
+ @rpmbuild -bb -v \
+ --target="$(build_cpu)" \
+ -D "_topdir $(rpmdir)" \
+ --nodebuginfo "$(rpmdir)/SPECS/libzbc.spec"
+ @mv -f $(rpmdir)/RPMS/$(build_cpu)/*.rpm $(abs_top_builddir)
+ @rm -rf $(rpmdir)/SRPMS
+ @rm -rf $(rpmdir)/SPECS
+ @rm -rf $(rpmdir)/SOURCES
+ @rm -rf $(rpmdir)/RPMS
+ @rm -rf $(rpmdir)/BUILDROOT
+ @rm -rf $(rpmdir)/BUILD
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/README.md new/libzbc-5.9.0/README.md
--- old/libzbc-5.8.5/README.md 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/README.md 2020-07-30 04:59:13.000000000 +0200
@@ -1,9 +1,5 @@
-SPDX-License-Identifier: BSD-2-Clause
-SPDX-License-Identifier: LGPL-3.0-or-later
-
-SPDX-FileCopyrightText: 2009-2014, HGST, Inc.
-SPDX-FileCopyrightText: 2016, Western Digital.
-SPDX-FileCopyrightText: 2020 Western Digital Corporation or its affiliates.
+Copyright (C) 2016, Western Digital.<br>
+Copyright (C) 2020 Western Digital Corporation or its affiliates.
# libzbc
@@ -25,7 +21,7 @@
### Library version
*libzbc* current major version is 5. Due to interface changes, this version is
-not compatible with previous *libzbc+ versions (version 4.x). Overall, the
+not compatible with previous *libzbc* versions (version 4.x). Overall, the
library operation does not change, but applications written for previous
*libzbc* versions must be updated to use the new API.
@@ -37,10 +33,15 @@
### License
-*libzbc* is dual licensed and distributed under the terms of the BSD 2-clause
+*libzbc* source code is distributed under the terms of the BSD 2-clause
license ("Simplified BSD License" or "FreeBSD License", SPDX: *BSD-2-Clause*)
and under the terms of the GNU Lesser General Public License version 3, or any
later version (SPDX: *LGPL-3.0-or-later*).
+A copy of these licenses with *libzbc* copyright can be found in the files
+[LICENSES/BSD-2-Clause.txt] and [COPYING.BSD] for the BSD 2-clause license and
+[LICENSES/LGPL-3.0-or-later.txt] and [COPYING.LESSER] for the LGPL-v3 license.
+If not, please see
+http://opensource.org/licenses/BSD-2-Clause and http://www.gnu.org/licenses/.
All example applications under the tools directory are distributed under the
terms of the GNU Lesser General Public License version 3, or any later version
@@ -50,15 +51,29 @@
technical support, and WITHOUT ANY WARRANTY, without even the implied warranty
of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-Along with *libzbc*, you should have received a copy of the BSD 2-clause
-license in the file [COPYING.BSD] and of the GNU Lesser General Public License
-version 3 in the file [COPYING.LESSER]. If not, please see
-http://opensource.org/licenses/BSD-2-Clause and http://www.gnu.org/licenses/.
+All source files in *libzbc* contain the BSD 2-clause and LGPL v3 license SPDX
+short identifiers in place of the full license text.
+
+```
+SPDX-License-Identifier: BSD-2-Clause
+SPDX-License-Identifier: LGPL-3.0-or-later
+```
+
+Some files such as the `.gitignore` file are public domain specified by the
+CC0 1.0 Universal (CC0 1.0) Public Domain Dedication. These files are
+identified with the following SPDX header.
+
+```
+SPDX-License-Identifier: CC0-1.0
+```
+
+See [LICENSES/CC0-1.0.txt] for the full text of this license.
### Contributions and Bug Reports
Contributions are accepted as github pull requests. Any problem may also be
reported through github issue page or by contacting:
+
* Damien Le Moal (damien.lemoal(a)wdc.com)
* Dmitry Fomichev (dmitry.fomichev(a)wdc.com)
@@ -67,47 +82,54 @@
## Compilation and installation
-*libzbc* requires that the autoconf, automake and libtool development packages
-be installed on the host used for compilation. The GTK3 and GTK3 development
-packages are necessary to compile the *gzbc* application. Installing these
-packages will automatically enable the compilation of gzbc.
+*libzbc* requires the following packages for compilation:
+
+* autoconf
+* autoconf-archive
+* automake
+* libtool
+
+The GTK3 and GTK3 development packages must be installed to automatically enable
+compiling the *gzbc* and *gzviewer* applications.
To compile the library and all example applications under the tools directory,
execute the following commands.
```
-# sh ./autogen.sh
-# ./configure
-# make
+$ sh ./autogen.sh
+$ ./configure
+$ make
```
To install the library and all example applications compiled under the tools
directory, execute the following command.
```
-# sudo make install
+$ sudo make install
```
-The library file is by default installed under /usr/lib (or /usr/lib64). The
-library header file is installed in /usr/include/libzbc. The executable files
-for the example applications are installed under /usr/bin. These defaults can be
-changed using the configure script. Executing the following command displays the
-options used to control the installation paths.
+The library file is by default installed under `/usr/lib` (or `/usr/lib64`).
+The library header file is installed in `/usr/include/libzbc`. The executable
+files for the example applications are installed under `/usr/bin`.
+
+These default installation locations can be changed using the configure script.
+Executing the following command displays the options used to control the
+installation paths.
```
-# ./configure --help
+$ ./configure --help
```
## Compilation with GUI tools
The *gzbc* and *gzviewer* tools implement a graphical user interface (GUI) using
the GTK3 toolkit. The configure script will automatically detect the presence of
-GTK3 development headers and compile these tools if the header files are found.
-This behavior can be manually changed and the compilation of *gzbc* and
-*gzviewer* disabled using the `--disable-gui` configuration option.
+GTK3 and its development header files and compile these tools if the header
+files are found. This behavior can be manually changed and the compilation of
+*gzbc* and *gzviewer* disabled using the `--disable-gui` configuration option.
```
-# ./configure --disable-gui
+$ ./configure --disable-gui
```
## Compilation for device tests
@@ -120,17 +142,17 @@
To compile the test programs, *libzbc* must be configured as follows.
```
-# ./configure --with-test
+$ ./configure --with-test
```
The test programs and scripts are not affected by the execution of "make
install". All defined tests must be executed directly from the test directory
-using the zbc_test.sh script. To test the device /dev/<SG node>, the following
-can be executed.
+using the *zbc_test.sh* script. To test the device `/dev/<SG node>`, the
+following can be executed.
```
-# cd test
-# sudo ./zbc_test.sh /dev/<SG node>
+$ cd test
+$ sudo ./zbc_test.sh /dev/<SG node>
```
By default, the script will run through all the test cases. Detailed control
@@ -145,6 +167,24 @@
Each test outputs a log file in the `test/log` directory. These files can be
consulted in case of a failed test to identify the reason for the test failure.
+## Building rpm packages
+
+The following command will build redistributable rpm packages.
+
+```
+$ make rpm
+```
+
+Three rpm packages are built: a binary package providing the library and
+executable tools, a development package providing *libzbc* header files and a
+source package. The source package can be used to build the binary and
+development rpm packages outside of *libzbc* source tree using the following
+command.
+
+```
+$ rpmbuild --rebuild libzbc-<version>.src.rpm
+```
+
## Library Overview
*libzbc* functions operate using a device handle obtained by executing the
@@ -191,41 +231,40 @@
The main functions provided by *libzbc* are as follows.
-Function | Description
------------------------|---------------------------------------------
-zbc_open() | Open a zoned device
-zbc_close() | Close a zoned device
-zbc_get_device_info() | Get device information
-zbc_report_nr_zones() | Get the number of zones of the device
-zbc_report_zones()<br>
-zbc_list_zones() | Get zone information
-zbc_zone_operation() | Execute a zone operation
-zbc_open_zone() | Explicitely open a zone
-zbc_close_zone() | Close an open zone
-zbc_finish_zone() | Finish a zone
-zbc_reset_zone() | Reset a zone write pointer
-zbc_pread() | Read data from a zone
-zbc_preadv() | Read data from a zone using vectored buffer
-zbc_pwrite() | Write data to a zone
-zbc_pwritev() | Write data to a zone using vectored buffer
-zbc_flush() | Flush data to disk
+Function | Description
+-------------------------|---------------------------------------------
+*zbc_open()* | Open a zoned device
+*zbc_close()* | Close a zoned device
+*zbc_get_device_info()* | Get device information
+*zbc_report_nr_zones()* | Get the number of zones of the device
+*zbc_report_zones()* <br> *zbc_list_zones()* | Get zone information
+*zbc_zone_operation()* | Execute a zone operation
+*zbc_open_zone()* | Explicitely open a zone
+*zbc_close_zone()* | Close an open zone
+*zbc_finish_zone()* | Finish a zone
+*zbc_reset_zone()* | Reset a zone write pointer
+*zbc_pread()* | Read data from a zone
+*zbc_preadv()* | Read data from a zone using vectored buffer
+*zbc_pwrite()* | Write data to a zone
+*zbc_pwritev()* | Write data to a zone using vectored buffer
+*zbc_flush()* | Flush data to disk
Additionally, the following functions are also provided to facilitate
application development and tests.
-Function | Description
--------------------------|----------------------------
-zbc_map_iov() | Map a vectored buffer using a single buffer
-zbc_set_log_level() | Set the logging level of the library functions
-zbc_device_is_zoned() | Test if a device is a zoned block device
-zbc_print_device_info() | Print device information to a file (stream)
-zbc_device_type_str() | Get a string description of a device type
-zbc_device_model_str() | Get a string description of a device model
-zbc_zone_type_str() | Get a string description of a zone type
-zbc_zone_condition_str() | Get a string description of a zone condition
-zbc_errno() | Get the sense key and code of the last function call
-zbc_sk_str() | Get a string description of a sense key
-zbc_asc_ascq_str() | Get a string description of a sense code
+Function | Description
+---------------------------|---------------------------------------------------
+*zbc_map_iov()* | Map a vectored buffer using a single buffer
+*zbc_set_log_level()* | Set the logging level of the library functions
+*zbc_device_is_zoned()* | Test if a device is a zoned block device
+*zbc_print_device_info()* | Print device information to a file (stream)
+*zbc_device_type_str()* | Get a string description of a device type
+*zbc_device_model_str()* | Get a string description of a device model
+*zbc_zone_type_str()* | Get a string description of a zone type
+*zbc_zone_condition_str()* | Get a string description of a zone condition
+*zbc_errno()* | Get the sense key and code of the last function call
+*zbc_sk_str()* | Get a string description of a sense key
+*zbc_asc_ascq_str()* | Get a string description of a sense code
*libzbc* does not implement any synchronization mechanism for multiple threads
or processes to safely operate simultaneously on the same zone. In particular,
@@ -239,9 +278,9 @@
Linux kernels older than version 4.10 do not create a block device file for
host-managed ZBC and ZAC devices. As a result, these devices can only be
accessed through their associated SG node (/dev/sgx device file). For these
-older kernels, opening a ZBC or ZAC host managed disk with *libzbc* must thus be
-done using the device SG node. For kernel versions 4.10 and beyond compiled with
-zoned block device support, the device will be exposed also through a block
+older kernels, opening a ZBC or ZAC host managed disk with *libzbc* must thus
+be done using the device SG node. For kernel versions 4.10 and beyond compiled
+with zoned block device support, the device will be exposed also through a block
device file which can be used with *libzbc* to identify the device.
For host-aware devices, a block device file and an SG node file will exist and
@@ -269,8 +308,8 @@
be generated using the doxygen project file documentation/libzbc.doxygen.
```
-# cd documentation
-# doxygen libzbc.doxygen
+$ cd documentation
+$ doxygen libzbc.doxygen
```
## Tools
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/configure.ac new/libzbc-5.9.0/configure.ac
--- old/libzbc-5.8.5/configure.ac 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/configure.ac 2020-07-30 04:59:13.000000000 +0200
@@ -4,7 +4,7 @@
# Copyright (c) 2009-2014, HGST, Inc. All rights reserved.
# Copyright (c) 2020 Western Digital Corporation or its affiliates.
-AC_INIT([libzbc], [5.8.5],
+AC_INIT([libzbc], [5.9.0],
[damien.lemoal(a)wdc.com, dmitry.fomichev(a)wdc.com]
[libzbc], [https://github.com/hgst/libzbc]
AC_CONFIG_AUX_DIR([build-aux])
@@ -15,8 +15,19 @@
AM_INIT_AUTOMAKE([-Wall foreign subdir-objects])
AM_SILENT_RULES([yes])
+RPM_RELEASE=1
+AC_SUBST(RPM_RELEASE)
+AX_RPM_INIT
+
+AX_CHECK_ENABLE_DEBUG([no], [_DBG_])
AC_PROG_CC
AM_PROG_CC_C_O
+AC_PROG_INSTALL
+
+AC_CHECK_PROGS([DOXYGEN], [doxygen])
+if test -z "$DOXYGEN"; then
+ AC_MSG_WARN([Doxygen not found - continuing without Doxygen support])
+fi
AC_USE_SYSTEM_EXTENSIONS
AC_SYS_LARGEFILE
@@ -27,15 +38,29 @@
LT_INIT
ACX_PTHREAD
+CFLAGS="$CFLAGS --std=gnu90 $EXTRA_CFLAGS $PTHREAD_CFLAGS"
+if test "x$enable_debug" == "xno"; then
+ CFLAGS="-O2 $CFLAGS"
+fi
LIBS="$PTHREAD_LIBS $LIBS"
-CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
CC="$PTHREAD_CC"
# Checks for header files.
-AC_CHECK_HEADER(scsi/scsi.h, [], [AC_MSG_ERROR([Couldn't find scsi/scsi.h])])
-AC_CHECK_HEADER(scsi/sg.h, [], [AC_MSG_ERROR([Couldn't find scsi/sg.h])])
-AC_CHECK_HEADER(libgen.h, [], [AC_MSG_ERROR([Couldn't find libgen.h])])
-AC_CHECK_HEADERS([linux/fs.h linux/blkzoned.h])
+AC_CHECK_HEADERS([linux/fs.h], [],
+ [AC_MSG_ERROR([Couldn't find linux/fs.h])],
+ [[
+ #ifdef HAVE_LINUX_FS_H
+ #include <linux/fs.h>
+ int main(int argc, char **argv) { return 0; }
+ #endif
+ ]])
+AC_CHECK_HEADERS([linux/blkzoned.h], [], [],
+ [[
+ #ifdef HAVE_LINUX_BLKZONED_H
+ #include <linux/blkzoned.h>
+ int main(int argc, char **argv) { return 0; }
+ #endif
+ ]])
# Conditionals
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/include/libzbc/zbc.h new/libzbc-5.9.0/include/libzbc/zbc.h
--- old/libzbc-5.8.5/include/libzbc/zbc.h 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/include/libzbc/zbc.h 2020-07-30 04:59:13.000000000 +0200
@@ -14,6 +14,10 @@
#ifndef _LIBZBC_H_
#define _LIBZBC_H_
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#include <stdio.h>
#include <unistd.h>
#include <stdbool.h>
@@ -1160,4 +1164,8 @@
* @}
*/
+#ifdef __cplusplus
+}
+#endif
+
#endif /* _LIBZBC_H_ */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/lib/zbc.c new/libzbc-5.9.0/lib/zbc.c
--- old/libzbc-5.8.5/lib/zbc.c 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/lib/zbc.c 2020-07-30 04:59:13.000000000 +0200
@@ -276,8 +276,7 @@
/**
* zbc_device_is_zoned - Test if a physical device is zoned.
*/
-int zbc_device_is_zoned(const char *filename,
- bool fake,
+int zbc_device_is_zoned(const char *filename, bool allow_fake,
struct zbc_device_info *info)
{
struct zbc_device *dev = NULL;
@@ -290,6 +289,8 @@
/* Test all backends until one accepts the drive. */
for (i = 0; zbc_drv[i]; i++) {
+ if (!allow_fake && zbc_drv[i] == &zbc_fake_drv)
+ continue;
ret = zbc_drv[i]->zbd_open(path, O_RDONLY, &dev);
if (ret == 0) {
/* This backend accepted the device */
@@ -301,14 +302,10 @@
}
if (dev && dev->zbd_drv) {
- if (dev->zbd_drv == &zbc_fake_drv && !fake) {
- ret = 0;
- } else {
- ret = 1;
- if (info)
- memcpy(info, &dev->zbd_info,
- sizeof(struct zbc_device_info));
- }
+ ret = 1;
+ if (info)
+ memcpy(info, &dev->zbd_info,
+ sizeof(struct zbc_device_info));
dev->zbd_drv->zbd_close(dev);
} else {
if ((ret != -EPERM) && (ret != -EACCES))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/lib/zbc.h new/libzbc-5.9.0/lib/zbc.h
--- old/libzbc-5.8.5/lib/zbc.h 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/lib/zbc.h 2020-07-30 04:59:13.000000000 +0200
@@ -177,22 +177,22 @@
/**
* Block device driver (requires kernel support).
*/
-struct zbc_drv zbc_block_drv;
+extern struct zbc_drv zbc_block_drv;
/**
* ZAC (ATA) device driver (uses SG_IO).
*/
-struct zbc_drv zbc_ata_drv;
+extern struct zbc_drv zbc_ata_drv;
/**
* ZBC (SCSI) device driver (uses SG_IO).
*/
-struct zbc_drv zbc_scsi_drv;
+extern struct zbc_drv zbc_scsi_drv;
/**
* ZBC emulation driver (file or block device).
*/
-struct zbc_drv zbc_fake_drv;
+extern struct zbc_drv zbc_fake_drv;
#define container_of(ptr, type, member) \
((type *)((char *)(ptr)-(unsigned long)(&((type *)0)->member)))
@@ -266,7 +266,7 @@
/**
* Library log level.
*/
-int zbc_log_level;
+extern int zbc_log_level;
#define zbc_print(stream,format,args...) \
do { \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/lib/zbc_ata.c new/libzbc-5.9.0/lib/zbc_ata.c
--- old/libzbc-5.8.5/lib/zbc_ata.c 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/lib/zbc_ata.c 2020-07-30 04:59:13.000000000 +0200
@@ -459,7 +459,7 @@
int ret;
if (!zbc_dev_is_zoned(dev))
- return 0;
+ return -ENXIO;
/* Get zoned block device information */
ret = zbc_ata_read_log(dev,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/lib/zbc_block.c new/libzbc-5.9.0/lib/zbc_block.c
--- old/libzbc-5.8.5/lib/zbc_block.c 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/lib/zbc_block.c 2020-07-30 04:59:13.000000000 +0200
@@ -116,6 +116,7 @@
struct zbc_block_device *zbd = zbc_dev_to_block(dev);
char str[128];
FILE *file;
+ int ret;
/* Open the start offset file of the partition */
snprintf(str, sizeof(str),
@@ -132,7 +133,12 @@
return ret;
}
- fscanf(file, "%llu", &zbd->part_offset);
+ ret = fscanf(file, "%llu", &zbd->part_offset);
+ if (ret <= 0) {
+ zbc_error("%s: can't read partition offset from %s\n",
+ zbd->part_name, str);
+ return ret;
+ }
fclose(file);
zbc_debug("%s: Partition of %s, start sector offset %llu\n",
@@ -239,6 +245,7 @@
struct zbc_block_device *zbd = zbc_dev_to_block(dev);
char str[128];
FILE *file;
+ int ret;
/* Check that this is a zoned block device */
snprintf(str, sizeof(str),
@@ -253,7 +260,12 @@
return -ENXIO;
memset(str, 0, sizeof(str));
- fscanf(file, "%s", str);
+ ret = fscanf(file, "%s", str);
+ if (ret <= 0) {
+ zbc_error("%s: can't read zoned model from %s\n",
+ zbd->part_name, str);
+ return ret;
+ }
fclose(file);
if (strcmp(str, "host-aware") == 0) {
@@ -359,6 +371,7 @@
struct zbc_block_device *zbd = zbc_dev_to_block(dev);
char str[128];
FILE *file;
+ int ret;
/* Open the chunk_sectors file */
snprintf(str, sizeof(str),
@@ -374,7 +387,12 @@
return ret;
}
- fscanf(file, "%llu", &zbd->zone_sectors);
+ ret = fscanf(file, "%llu", &zbd->zone_sectors);
+ if (ret <= 0) {
+ zbc_error("%s: can't read zone sectors from %s\n",
+ zbd->part_name, str);
+ return ret;
+ }
fclose(file);
zbc_debug("%s: Zones of %llu sectors\n",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/lib/zbc_scsi.c new/libzbc-5.9.0/lib/zbc_scsi.c
--- old/libzbc-5.8.5/lib/zbc_scsi.c 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/lib/zbc_scsi.c 2020-07-30 04:59:13.000000000 +0200
@@ -708,7 +708,7 @@
int ret;
if (!zbc_dev_is_zoned(dev))
- return 0;
+ return -ENXIO;
ret = zbc_scsi_inquiry(dev, 0xB6, buf, ZBC_SCSI_VPD_PAGE_B6_LEN);
if (ret != 0) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/rpmbuild/libzbc.spec.in new/libzbc-5.9.0/rpmbuild/libzbc.spec.in
--- old/libzbc-5.8.5/rpmbuild/libzbc.spec.in 1970-01-01 01:00:00.000000000 +0100
+++ new/libzbc-5.9.0/rpmbuild/libzbc.spec.in 2020-07-30 04:59:13.000000000 +0200
@@ -0,0 +1,52 @@
+Name: libzbc
+Release: 1%{?dist}
+Summary: A library to control zoned SCSI/ATA devices
+Group: System Environment/Libraries
+License: BSD-2-Clause
+URL: https://github.com/hgst/libzbc
+Source: %{name}-%{version}.tar.gz
+
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: libtool
+BuildRequires: gcc
+
+%description
+libzbc is a simple library providing functions for manipulating SCSI and ATA
+devices supporting the Zoned Block Command (ZBC) and Zoned-device ATA command
+set (ZAC) specifications.
+libzbc implementation is compliant with the latest drafts of the ZBC and ZAC
+standards defined by INCITS technical committee T10 and T13 (respectively).
+
+%package devel
+Summary: Development header files for libzbc
+Group: Development/System
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description devel
+This package provides development header files for libzbc.
+
+%prep
+%setup
+rm -rf $RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT
+
+%build
+sh autogen.sh
+%configure --libdir="%{_libdir}" --includedir="%{_includedir}"
+%make_build
+
+%install
+make install PREFIX=%{_prefix} DESTDIR=$RPM_BUILD_ROOT
+
+find $RPM_BUILD_ROOT -name '*.la' -delete
+
+%ldconfig_scriptlets
+
+%files
+%{_bindir}/*
+%{_libdir}/*
+
+%files devel
+%{_includedir}/*
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/test/zbc_test.sh new/libzbc-5.9.0/test/zbc_test.sh
--- old/libzbc-5.8.5/test/zbc_test.sh 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/test/zbc_test.sh 2020-07-30 04:59:13.000000000 +0200
@@ -41,6 +41,17 @@
exit 1
}
+is_scsi_device()
+{
+ local d f
+
+ d=$(basename "$dev")
+ for f in /sys/class/scsi_device/*/device/block/"$d"; do
+ [ -e "$f" ] && return 0
+ done
+ return 1
+}
+
if [ $# -lt 1 ]; then
zbc_print_usage
fi
@@ -157,7 +168,6 @@
# Check device path if one was specified
if [ ! -z ${device} ]; then
-
# Resolve symbolic links
device="`readlink -e -n ${device}`"
if [ ! -e ${device} ]; then
@@ -165,15 +175,8 @@
exit 1
fi
- # Only SG nodes (character device files of SCSI or ATA disks) are
- # allowed
- if [ ! -c ${device} ]; then
- echo "Device \"${device}\" is not an SG node"
- exit 1
- fi
-
dev_name=`basename "${device}"`
- if [ ! -e /sys/class/scsi_generic/${dev_name} ]; then
+ if ! is_scsi_device "$dev_name"; then
echo "Device \"${device}\" is not a SCSI/ATA device"
exit 1
fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/tools/gzbc/gzbc_if_dev.c new/libzbc-5.9.0/tools/gzbc/gzbc_if_dev.c
--- old/libzbc-5.8.5/tools/gzbc/gzbc_if_dev.c 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/tools/gzbc/gzbc_if_dev.c 2020-07-30 04:59:13.000000000 +0200
@@ -1421,7 +1421,6 @@
char *op_name, char *msg)
{
GtkWidget *dialog;
- char str[128];
int ret;
dzd->zone_no = dzd->zlist_selection;
@@ -1431,17 +1430,20 @@
if (ret != 0) {
if (dzd->zone_no == -1)
- sprintf(str, "%s all zones failed\n",
- op_name);
+ dialog = gtk_message_dialog_new(GTK_WINDOW(dz.window),
+ GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_OK,
+ "%s all zones failed\n",
+ op_name);
else
- sprintf(str, "%s zone %d failed\n",
- op_name, dzd->zone_no);
+ dialog = gtk_message_dialog_new(GTK_WINDOW(dz.window),
+ GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_OK,
+ "%s zone %d failed\n",
+ op_name, dzd->zone_no);
- dialog = gtk_message_dialog_new(GTK_WINDOW(dz.window),
- GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_MESSAGE_ERROR,
- GTK_BUTTONS_OK,
- str);
gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog),
"Error %d (%s)",
ret, strerror(ret));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/tools/report_zones/zbc_report_zones.c new/libzbc-5.9.0/tools/report_zones/zbc_report_zones.c
--- old/libzbc-5.8.5/tools/report_zones/zbc_report_zones.c 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/tools/report_zones/zbc_report_zones.c 2020-07-30 04:59:13.000000000 +0200
@@ -91,7 +91,7 @@
unsigned long long start = 0;
int i, ret = 1;
int num = 0;
- char *path;
+ char *path, *end;
/* Check command line */
if (argc < 2) {
@@ -131,8 +131,8 @@
goto usage;
i++;
- nz = strtol(argv[i], NULL, 10);
- if (nz <= 0)
+ nz = strtol(argv[i], &end, 10);
+ if (*end != '\0' || nz == 0)
goto usage;
} else if (strcmp(argv[i], "-lba") == 0) {
@@ -141,11 +141,18 @@
} else if (strcmp(argv[i], "-start") == 0) {
- if (i >= (argc - 1))
+ if (i >= (argc - 1)) {
+ printf("Missing -start value\n");
goto usage;
+ }
i++;
- start = strtoll(argv[i], NULL, 10);
+ start = strtoll(argv[i], &end, 10);
+ if (*end != '\0') {
+ printf("Invalid start offset \"%s\"\n",
+ argv[i]);
+ goto usage;
+ }
} else if (strcmp(argv[i], "-ro") == 0) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/tools/zone_op/Makemodule.am new/libzbc-5.9.0/tools/zone_op/Makemodule.am
--- old/libzbc-5.8.5/tools/zone_op/Makemodule.am 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/tools/zone_op/Makemodule.am 2020-07-30 04:59:13.000000000 +0200
@@ -4,6 +4,7 @@
# Copyright (c) 2020 Western Digital Corporation or its affiliates.
noinst_LTLIBRARIES = libzone_op.la
-libzone_op_la_SOURCES = tools/zone_op/zbc_zone_op.c
+libzone_op_la_SOURCES = tools/zone_op/zbc_zone_op.c \
+ tools/zone_op/zbc_zone_op.h
libzone_op_la_LIBADD = $(libzbc_ldadd)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzbc-5.8.5/tools/zone_op/zbc_zone_op.c new/libzbc-5.9.0/tools/zone_op/zbc_zone_op.c
--- old/libzbc-5.8.5/tools/zone_op/zbc_zone_op.c 2020-03-09 06:44:41.000000000 +0100
+++ new/libzbc-5.9.0/tools/zone_op/zbc_zone_op.c 2020-07-30 04:59:13.000000000 +0200
@@ -37,15 +37,15 @@
{
struct zbc_device_info info;
struct zbc_device *dev;
- struct zbc_zone *zones = NULL, *tgt = NULL;;
- long long start = -1LL;
- unsigned long long start_sector = -1ULL;
+ struct zbc_zone *zones = NULL, *tgt = NULL;
+ long long start = 0;
+ unsigned long long start_sector = 0, zone_start;
unsigned int flags = 0;
int i, ret = 1;
unsigned int nr_zones, tgt_idx;
bool sector_unit = false;
bool lba_unit = false;
- char *path;
+ char *path, *end;
/* Check command line */
if (!argc) {
@@ -147,26 +147,19 @@
if (flags & ZBC_OP_ALL_ZONES) {
printf("Operating on all zones...\n");
- start_sector = 0;
} else {
/* Get target zone */
- start = strtoll(argv[i + 1], NULL, 10);
- if (start < 0) {
+ start = strtoll(argv[i + 1], &end, 10);
+ if (*end != '\0' || start < 0) {
fprintf(stderr, "Invalid zone\n");
ret = 1;
goto out;
}
- if (lba_unit)
- start_sector = zbc_lba2sect(&info, start);
- else if (sector_unit)
- start_sector = start;
- else
- start_sector = 0;
/* Get zone list */
- ret = zbc_list_zones(dev, start, ZBC_RO_ALL, &zones, &nr_zones);
+ ret = zbc_list_zones(dev, 0, ZBC_RO_ALL, &zones, &nr_zones);
if ( ret != 0 ) {
fprintf(stderr, "zbc_list_zones failed\n");
ret = 1;
@@ -174,18 +167,25 @@
}
if (lba_unit || sector_unit) {
+ struct zbc_zone *z;
+
/* Search target zone */
- for (i = 0; i < (int)nr_zones; i++) {
- if (start_sector >= zbc_zone_start(&zones[i]) &&
- start_sector < zbc_zone_start(&zones[i]) + zbc_zone_length(&zones[i])) {
- tgt = &zones[i];
- tgt_idx = i;
+ if (lba_unit)
+ start_sector = zbc_lba2sect(&info, start);
+ else
+ start_sector = start;
+ z = &zones[0];
+ for (tgt_idx = 0; tgt_idx < nr_zones; tgt_idx++, z++) {
+ if (start_sector >= zbc_zone_start(z) &&
+ start_sector < zbc_zone_start(z) + zbc_zone_length(z)) {
+ tgt = z;
break;
}
}
} else if (start < nr_zones) {
tgt = &zones[start];
tgt_idx = start;
+ start_sector = zbc_zone_start(tgt);
}
if (!tgt) {
fprintf(stderr, "Target zone not found\n");
@@ -193,19 +193,12 @@
goto out;
}
+ zone_start = zbc_sect2lba(&info, zbc_zone_start(tgt));
if (lba_unit)
- printf("%s zone %d/%d, LBA %llu...\n",
- zbc_zone_op_name(op),
- tgt_idx, nr_zones,
- (unsigned long long)zbc_sect2lba(&info, zbc_zone_start(tgt)));
- else
- printf("%s zone %d/%d, sector %llu...\n",
- zbc_zone_op_name(op),
- tgt_idx, nr_zones,
- (unsigned long long)zbc_zone_start(tgt));
-
- start_sector = zbc_zone_start(tgt);
-
+ zone_start = zbc_sect2lba(&info, zone_start);
+ printf("%s zone %d/%d, %s %llu...\n",
+ zbc_zone_op_name(op), tgt_idx, nr_zones,
+ lba_unit ? "LBA" : "sector", zone_start);
}
switch (op) {
1
0