openSUSE Commits
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
July 2022
- 1 participants
- 1863 discussions
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libuv for openSUSE:Factory checked in at 2022-07-31 23:00:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libuv (Old)
and /work/SRC/openSUSE:Factory/.libuv.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libuv"
Sun Jul 31 23:00:47 2022 rev:29 rq:991602 version:1.44.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/libuv/libuv.changes 2022-03-15 19:05:08.860957379 +0100
+++ /work/SRC/openSUSE:Factory/.libuv.new.1533/libuv.changes 2022-07-31 23:01:01.995707308 +0200
@@ -1,0 +2,44 @@
+Mon Jul 18 10:28:17 UTC 2022 - Dirk M��ller <dmueller(a)suse.com>
+
+- update to 1.44.2:
+ * Add SHA to ChangeLog
+ * aix, ibmi: handle server hang when remote sends TCP RST
+ * process: reset the signal mask if the fork fails
+ * zos: implement cmpxchgi() using assembly
+ * ibmi: Implement UDP disconnect
+ * unix: simplify getpwuid call
+ * process,iOS: fix build breakage in process.c
+ * test: remove unused declarations in tcp_rst test
+ * core: add thread-safe strtok implementation
+ * test: fix flaky file watcher test
+ * unix,win: fix UV_RUN_ONCE + uv_idle_stop loop hang
+ * win: fix unexpected ECONNRESET error on TCP socket
+ * doc: make sample cross-platform build
+ * test: separate some static variables by test cases
+ * sunos: fs-event callback can be called after uv_close()
+ * uv: re-register interest in a file after change
+ * uv: register UV_RENAME event for _RFIM_UNLINK
+ * uv: register __rfim_event 156 as UV_RENAME
+ * release: check versions of autogen scripts are newer
+ * test: rewrite embed test
+ * unix: use MSG_CMSG_CLOEXEC where supported
+ * test: remove disabled callback_order test
+ * kqueue: skip EVFILT_PROC when invalidating fds
+ * zos: don't err when killing a zombie process
+ * zos: avoid fs event callbacks after uv_close()
+ * zos: correctly format interface addresses names
+ * zos: add uv_interface_addresses() netmask support
+ * zos: improve memory management of ip addresses
+ * tcp,pipe: fail `bind` or `listen` after `close`
+ * zos: implement uv_available_parallelism()
+ * udp,win: fix UDP compiler warning
+ * zos: fix early exit of epoll_wait()
+ * unix,tcp: fix errno handling in uv__tcp_bind()
+ * shutdown,unix: reduce code duplication
+ * unix: fix c99 comments
+ * unix: retry tcgetattr/tcsetattr() on EINTR
+ * unix,stream: optimize uv_shutdown() codepath
+ * unix,tcp: allow EINVAL errno from setsockopt in uv_tcp_close_reset()
+ * win,shutdown: improve how shutdown is dispatched
+
+-------------------------------------------------------------------
Old:
----
libuv-v1.44.1.tar.gz
libuv-v1.44.1.tar.gz.sign
New:
----
libuv-v1.44.2.tar.gz
libuv-v1.44.2.tar.gz.sign
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libuv.spec ++++++
--- /var/tmp/diff_new_pack.gCEybH/_old 2022-07-31 23:01:02.591709039 +0200
+++ /var/tmp/diff_new_pack.gCEybH/_new 2022-07-31 23:01:02.595709051 +0200
@@ -18,7 +18,7 @@
%define somajor 1
Name: libuv
-Version: 1.44.1
+Version: 1.44.2
Release: 0
Summary: Asychronous I/O support library
License: MIT
++++++ libuv-v1.44.1.tar.gz -> libuv-v1.44.2.tar.gz ++++++
++++ 5120 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package jing-trang for openSUSE:Factory checked in at 2022-07-31 23:00:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/jing-trang (Old)
and /work/SRC/openSUSE:Factory/.jing-trang.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jing-trang"
Sun Jul 31 23:00:46 2022 rev:6 rq:991591 version:20220510
Changes:
--------
--- /work/SRC/openSUSE:Factory/jing-trang/jing-trang.changes 2021-07-04 22:10:43.673236016 +0200
+++ /work/SRC/openSUSE:Factory/.jing-trang.new.1533/jing-trang.changes 2022-07-31 23:01:00.907704146 +0200
@@ -1,0 +2,9 @@
+Mon Jul 25 17:12:32 UTC 2022 - Thomas Schraitle <thomas.schraitle(a)suse.com>
+
+- Update to 20220510
+- Removed patch:
+ * 0002-Use-Xalan-instead-of-Saxon-for-the-build-655601.patch
+ Use Saxon9 instead of Xalan
+- Recreated patch files
+
+-------------------------------------------------------------------
Old:
----
0002-Use-Xalan-instead-of-Saxon-for-the-build-655601.patch
V20181222.tar.gz
jing-20181222.pom
trang-20181222.pom
New:
----
V20220510.tar.gz
jing-20220510.pom
trang-20220510.pom
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ jing-trang.spec ++++++
--- /var/tmp/diff_new_pack.6AFnmx/_old 2022-07-31 23:01:01.707706471 +0200
+++ /var/tmp/diff_new_pack.6AFnmx/_new 2022-07-31 23:01:01.711706483 +0200
@@ -1,7 +1,7 @@
#
# spec file for package jing-trang
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,8 +17,9 @@
%global relaxng_hash 1fc8c8d337c2c75b6b15b281f2c69e86110e475f
+#
Name: jing-trang
-Version: 20181222
+Version: 20220510
Release: 0
Summary: Schema validation and conversion based on RELAX NG
License: BSD-3-Clause
@@ -31,7 +32,6 @@
Source10: dtdinst.1
#
Patch0: 0000-Various-build-fixes.patch
-Patch1: 0002-Use-Xalan-instead-of-Saxon-for-the-build-655601.patch
Patch2: no-tests.patch
Patch3: old-saxon.patch
BuildRequires: ant >= 1.8.2
@@ -126,7 +126,7 @@
rm -r gcj mod/datatype/src/main/org $(find . -name "*.jar")
%patch0 -p1
-%patch1 -p1
+# %%patch1 -p1
%patch2 -p1
%patch3 -p1
rm -f \
++++++ 0000-Various-build-fixes.patch ++++++
--- /var/tmp/diff_new_pack.6AFnmx/_old 2022-07-31 23:01:01.743706576 +0200
+++ /var/tmp/diff_new_pack.6AFnmx/_new 2022-07-31 23:01:01.747706588 +0200
@@ -1,21 +1,44 @@
-diff -up jing-trang-20181222/build.xml.fix jing-trang-20181222/build.xml
---- jing-trang-20181222/build.xml.fix 2021-06-27 13:22:19.392361564 +0300
-+++ jing-trang-20181222/build.xml 2021-06-27 14:52:11.847571826 +0300
-@@ -152,7 +152,8 @@
+From 62ad89204c223441bf540fb8b4cb5b7b0beba29b Mon Sep 17 00:00:00 2001
+From: Tom Schraitle <tom_schr(a)web.de>
+Date: Mon, 25 Jul 2022 18:30:18 +0200
+Subject: [PATCH] Various build fixes
+
+---
+ build.xml | 15 ++-------------
+ build.xsl | 17 +++++++----------
+ datatype-sample/build.xml | 3 ++-
+ mod/catalog/mod.xml | 2 +-
+ mod/datatype/mod.xml | 1 +
+ mod/jing/mod.xml | 2 --
+ mod/pattern/mod.xml | 1 +
+ mod/regex/mod.xml | 6 +++---
+ mod/rng-jaxp/mod.xml | 1 +
+ mod/rng-validate/mod.xml | 2 +-
+ mod/schematron/mod.xml | 2 +-
+ mod/trang/mod.xml | 3 +--
+ mod/xerces/mod.xml | 2 +-
+ mod/xsd-datatype/mod.xml | 1 +
+ 14 files changed, 23 insertions(+), 35 deletions(-)
+
+diff --git a/build.xml b/build.xml
+index 31c0b64..51c695f 100644
+--- a/build.xml
++++ b/build.xml
+@@ -161,8 +161,7 @@
+ <mkdir dir="${build.dir}/api/regex"/>
<javadoc sourcepath="mod/datatype/src/main" destdir="${build.dir}/api/datatype"
additionalparam="-html5 -Xdoclint:none"
- doctitle="RELAX NG Datatype API" windowtitle="RELAX NG Datatype API"
+- doctitle="RELAX NG Datatype API" windowtitle="RELAX NG Datatype API"
- packagenames="org.relaxng.datatype,org.relaxng.datatype.helpers">
-+ >
-+ <!--packagenames="org.relaxng.datatype,org.relaxng.datatype.helpers"> -->
++ doctitle="RELAX NG Datatype API" windowtitle="RELAX NG Datatype API">
<link offline="true" href="http://java.sun.com/j2se/1.5.0/docs/api/"
packagelistLoc="extapidoc/jdk/1.5"/>
<classpath>
-@@ -428,18 +429,7 @@
+@@ -453,18 +452,8 @@
labels="Type-Archive, OpSys-All, Version-${version}"/>
</target>
--<target name="clean"
+-<target name="ant-clean"
- description="Remove almost all files created during the build process">
- <delete dir="${build.dir}"/>
- <exec executable="git">
@@ -25,15 +48,25 @@
- <arg value="${doc.dir}"/>
- </exec>
-</target>
--
--<target name="realclean" depends="clean"
+
+-<target name="realclean" depends="ant-clean"
+<target name="realclean"
description="Remove all files created during the build process">
<delete>
<fileset dir="mod" includes="*/*.iml"/>
-diff -up jing-trang-20181222/build.xsl.fix jing-trang-20181222/build.xsl
---- jing-trang-20181222/build.xsl.fix 2021-06-27 13:36:13.594166963 +0300
-+++ jing-trang-20181222/build.xsl 2021-06-27 19:53:56.176573385 +0300
+diff --git a/build.xsl b/build.xsl
+index 1703937..e45acf6 100644
+--- a/build.xsl
++++ b/build.xsl
+@@ -4,7 +4,7 @@
+
+ <xsl:output indent="yes"
+ encoding="utf-8"/>
+-
++
+ <xsl:variable name="build" select="'${build.dir}'"/>
+ <xsl:variable name="doc" select="'${doc.dir}'"/>
+ <xsl:template match="/">
@@ -23,12 +23,6 @@
<target name="dummy"/>
<target name="init">
@@ -70,19 +103,20 @@
</xsl:if>
</classpath>
</java>
-@@ -415,6 +409,9 @@
+@@ -397,6 +391,9 @@
<xsl:for-each select="../depends[@lib]">
<pathelement location="${{lib.dir}}/{(a)lib}.jar"/>
</xsl:for-each>
+ <!-- Upstream testng.jar includes bsh and qdox -->
-+ <pathelement location="${{lib.dir}}/bsh.jar"/>
-+ <pathelement location="${{lib.dir}}/qdox.jar"/>
++ <pathelement location="${{lib.dir}}/bsh.jar"/>
++ <pathelement location="${{lib.dir}}/qdox.jar"/>
</classpath>
- </testng>
+ </java>
</target>
-diff -up jing-trang-20181222/datatype-sample/build.xml.fix jing-trang-20181222/datatype-sample/build.xml
---- jing-trang-20181222/datatype-sample/build.xml.fix 2021-06-27 20:51:29.945542964 +0300
-+++ jing-trang-20181222/datatype-sample/build.xml 2021-06-27 20:51:59.946177241 +0300
+diff --git a/datatype-sample/build.xml b/datatype-sample/build.xml
+index 1bc068a..5ec4dd8 100644
+--- a/datatype-sample/build.xml
++++ b/datatype-sample/build.xml
@@ -2,6 +2,7 @@
<property name="build.dir" value="build"/>
@@ -99,10 +133,11 @@
+ <javac srcdir="src" destdir="${build.dir}/classes" classpath="${datatype.jar}"/>
</target>
- <target name="jar" depends="compile">
-diff -up jing-trang-20181222/mod/catalog/mod.xml.fix jing-trang-20181222/mod/catalog/mod.xml
---- jing-trang-20181222/mod/catalog/mod.xml.fix 2021-06-27 19:39:16.877996996 +0300
-+++ jing-trang-20181222/mod/catalog/mod.xml 2021-06-27 19:39:41.998527709 +0300
+ <target name="ant-jar" depends="compile">
+diff --git a/mod/catalog/mod.xml b/mod/catalog/mod.xml
+index c8e2feb..5398646 100644
+--- a/mod/catalog/mod.xml
++++ b/mod/catalog/mod.xml
@@ -3,5 +3,5 @@
<test name="unit" type="testng"/>
<depends module="util"/>
@@ -110,30 +145,33 @@
- <depends lib="resolver"/>
+ <depends lib="xml-commons-resolver"/>
</module>
-diff -up jing-trang-20181222/mod/datatype/mod.xml.fix jing-trang-20181222/mod/datatype/mod.xml
---- jing-trang-20181222/mod/datatype/mod.xml.fix 2021-06-27 19:38:37.897173469 +0300
-+++ jing-trang-20181222/mod/datatype/mod.xml 2021-06-27 19:38:56.329562870 +0300
+diff --git a/mod/datatype/mod.xml b/mod/datatype/mod.xml
+index cd79499..cdb420a 100644
+--- a/mod/datatype/mod.xml
++++ b/mod/datatype/mod.xml
@@ -1,4 +1,5 @@
<module>
<depends module="util"/>
+ <depends lib="relaxngDatatype"/>
<compile/>
</module>
-diff -up jing-trang-20181222/mod/jing/mod.xml.fix jing-trang-20181222/mod/jing/mod.xml
---- jing-trang-20181222/mod/jing/mod.xml.fix 2021-06-27 15:35:37.171239266 +0300
-+++ jing-trang-20181222/mod/jing/mod.xml 2021-06-27 15:35:57.163667091 +0300
+diff --git a/mod/jing/mod.xml b/mod/jing/mod.xml
+index 8d304f8..8b2ec82 100644
+--- a/mod/jing/mod.xml
++++ b/mod/jing/mod.xml
@@ -21,8 +21,6 @@
<jar>
<manifest>
<attribute name="Main-Class" value="com/thaiopensource/relaxng/util/Driver"/>
- <attribute name="Class-Path"
-- value="xercesImpl.jar xml-apis.jar saxon.jar saxon9.jar xalan.jar isorelax.jar resolver.jar"/>
+- value="xercesImpl.jar xml-apis.jar saxon9.jar xalan.jar isorelax.jar resolver.jar"/>
</manifest>
<service type="com.thaiopensource.datatype.xsd.regex.RegexEngine"/>
<service type="org.relaxng.datatype.DatatypeLibraryFactory"/>
-diff -up jing-trang-20181222/mod/pattern/mod.xml.fix jing-trang-20181222/mod/pattern/mod.xml
---- jing-trang-20181222/mod/pattern/mod.xml.fix 2021-06-27 19:37:53.488235284 +0300
-+++ jing-trang-20181222/mod/pattern/mod.xml 2021-06-27 19:38:11.800622151 +0300
+diff --git a/mod/pattern/mod.xml b/mod/pattern/mod.xml
+index 777f484..875f1cb 100644
+--- a/mod/pattern/mod.xml
++++ b/mod/pattern/mod.xml
@@ -3,6 +3,7 @@
<depends module="resolver"/>
<depends module="datatype"/>
@@ -142,9 +180,10 @@
<compile test="yes"/>
<test name="unit" type="testng"/>
</module>
-diff -up jing-trang-20181222/mod/regex/mod.xml.fix jing-trang-20181222/mod/regex/mod.xml
---- jing-trang-20181222/mod/regex/mod.xml.fix 2021-06-27 14:31:19.700847624 +0300
-+++ jing-trang-20181222/mod/regex/mod.xml 2021-06-27 19:37:25.491643818 +0300
+diff --git a/mod/regex/mod.xml b/mod/regex/mod.xml
+index 1b10caa..f1bc0a4 100644
+--- a/mod/regex/mod.xml
++++ b/mod/regex/mod.xml
@@ -1,6 +1,6 @@
<module>
<depends module="util"/>
@@ -153,19 +192,27 @@
<compile test="yes"/>
<test name="xerces" type="java"
class="com.thaiopensource.datatype.xsd.regex.test.TestDriver">
-@@ -46,7 +46,8 @@
+@@ -46,14 +46,14 @@
failonerror="yes">
<arg value="com.thaiopensource.datatype.xsd.regex.java.Categories"/>
<arg value="${build.dir}/mod/regex/gensrc/main"/>
- <arg value="${lib.dir}/UnicodeData-3.1.0.txt"/>
-+ <!--arg value="${lib.dir}/UnicodeData-3.1.0.txt"/-->
+ <arg value="lib/UnicodeData-3.1.0.txt"/>
<classpath>
<pathelement location="${build.dir}/mod/regex-gen/classes/main"/>
<pathelement location="${build.dir}/mod/util/classes/main"/>
-diff -up jing-trang-20181222/mod/rng-jaxp/mod.xml.fix jing-trang-20181222/mod/rng-jaxp/mod.xml
---- jing-trang-20181222/mod/rng-jaxp/mod.xml.fix 2021-06-27 19:36:17.810211941 +0300
-+++ jing-trang-20181222/mod/rng-jaxp/mod.xml 2021-06-27 19:36:39.150663808 +0300
+ </classpath>
+ </java>
+ </target>
+-
++
+ <target name="mod.regex.check-gen" depends="mod.regex-gen.compile-main">
+ <uptodate property="mod.regex.gen-ok"
+ targetfile="${build.dir}/mod/regex/gensrc/main/com/thaiopensource/datatype/xsd/regex/java/Categories.java">
+diff --git a/mod/rng-jaxp/mod.xml b/mod/rng-jaxp/mod.xml
+index 10a8c6d..48c5d8c 100644
+--- a/mod/rng-jaxp/mod.xml
++++ b/mod/rng-jaxp/mod.xml
@@ -7,6 +7,7 @@
<depends module="rng-parse"/>
<depends module="pattern"/>
@@ -174,9 +221,10 @@
<compile test="yes"/>
<test name="unit" type="testng"/>
</module>
-diff -up jing-trang-20181222/mod/rng-validate/mod.xml.fix jing-trang-20181222/mod/rng-validate/mod.xml
---- jing-trang-20181222/mod/rng-validate/mod.xml.fix 2021-06-27 19:35:27.297142380 +0300
-+++ jing-trang-20181222/mod/rng-validate/mod.xml 2021-06-27 19:35:47.453569174 +0300
+diff --git a/mod/rng-validate/mod.xml b/mod/rng-validate/mod.xml
+index 109543b..b05b996 100644
+--- a/mod/rng-validate/mod.xml
++++ b/mod/rng-validate/mod.xml
@@ -7,7 +7,7 @@
<depends module="pattern"/>
<depends module="validate"/>
@@ -186,9 +234,10 @@
<test name="spec" type="validate" schema="eg/testSuite.rng"/>
<compile/>
<version package="com/thaiopensource/relaxng/util"/>
-diff -up jing-trang-20181222/mod/schematron/mod.xml.fix jing-trang-20181222/mod/schematron/mod.xml
---- jing-trang-20181222/mod/schematron/mod.xml.fix 2021-06-27 18:47:59.700956461 +0300
-+++ jing-trang-20181222/mod/schematron/mod.xml 2021-06-27 19:34:28.267892497 +0300
+diff --git a/mod/schematron/mod.xml b/mod/schematron/mod.xml
+index 1e370c7..773b375 100644
+--- a/mod/schematron/mod.xml
++++ b/mod/schematron/mod.xml
@@ -3,7 +3,7 @@
<depends module="resolver"/>
<depends module="validate"/>
@@ -198,9 +247,10 @@
<depends lib="saxon"/>
<depends lib="saxon9"/>
<test name="old-saxon" in="mod/schematron/test/schematrontest.xml"
-diff -up jing-trang-20181222/mod/trang/mod.xml.fix jing-trang-20181222/mod/trang/mod.xml
---- jing-trang-20181222/mod/trang/mod.xml.fix 2021-06-27 18:47:17.064117947 +0300
-+++ jing-trang-20181222/mod/trang/mod.xml 2021-06-27 18:47:26.984313043 +0300
+diff --git a/mod/trang/mod.xml b/mod/trang/mod.xml
+index 69b5cc0..fa2d6d0 100644
+--- a/mod/trang/mod.xml
++++ b/mod/trang/mod.xml
@@ -13,13 +13,12 @@
<depends module="convert-to-xsd"/>
<depends module="convert-from-dtd"/>
@@ -216,9 +266,10 @@
</manifest>
<service type="com.thaiopensource.datatype.xsd.regex.RegexEngine">
<provider classname="com.thaiopensource.datatype.xsd.regex.xerces2.RegexEngineImpl"/>
-diff -up jing-trang-20181222/mod/xerces/mod.xml.fix jing-trang-20181222/mod/xerces/mod.xml
---- jing-trang-20181222/mod/xerces/mod.xml.fix 2021-06-27 18:45:15.669730591 +0300
-+++ jing-trang-20181222/mod/xerces/mod.xml 2021-06-27 18:45:44.434296268 +0300
+diff --git a/mod/xerces/mod.xml b/mod/xerces/mod.xml
+index b7dc603..56bc85f 100644
+--- a/mod/xerces/mod.xml
++++ b/mod/xerces/mod.xml
@@ -1,7 +1,7 @@
<module>
<depends module="util"/>
@@ -228,9 +279,10 @@
<compile/>
<service type="com.thaiopensource.validate.SchemaReaderFactory">
<provider classname="com.thaiopensource.validate.xerces.XsdSchemaReaderFactory"/>
-diff -up jing-trang-20181222/mod/xsd-datatype/mod.xml.fix jing-trang-20181222/mod/xsd-datatype/mod.xml
---- jing-trang-20181222/mod/xsd-datatype/mod.xml.fix 2021-06-27 18:43:59.364107956 +0300
-+++ jing-trang-20181222/mod/xsd-datatype/mod.xml 2021-06-27 18:44:44.349067255 +0300
+diff --git a/mod/xsd-datatype/mod.xml b/mod/xsd-datatype/mod.xml
+index f81eb3c..cc7645b 100644
+--- a/mod/xsd-datatype/mod.xml
++++ b/mod/xsd-datatype/mod.xml
@@ -2,6 +2,7 @@
<depends module="util"/>
<depends module="datatype"/>
@@ -239,4 +291,7 @@
<test name="xsd" type="validate" transform="xsdtest.xsl" schema="test/xsdtest.rnc"/>
<test name="unit" type="testng"/>
<compile test="yes"/>
+--
+2.35.3
+
++++++ V20181222.tar.gz -> V20220510.tar.gz ++++++
/work/SRC/openSUSE:Factory/jing-trang/V20181222.tar.gz /work/SRC/openSUSE:Factory/.jing-trang.new.1533/V20220510.tar.gz differ: char 13, line 1
++++++ jing-20181222.pom -> jing-20220510.pom ++++++
--- /work/SRC/openSUSE:Factory/jing-trang/jing-20181222.pom 2021-07-04 22:10:43.645236232 +0200
+++ /work/SRC/openSUSE:Factory/.jing-trang.new.1533/jing-20220510.pom 2022-07-31 23:01:00.891704100 +0200
@@ -4,7 +4,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.relaxng</groupId>
<artifactId>jing</artifactId>
- <version>20181222</version>
+ <version>20220510</version>
<name>Jing</name>
<description>Jing, a tool for validating documents against RelaxNG schemas.</description>
<url>http://www.thaiopensource.com/relaxng/jing.html</url>
++++++ no-tests.patch ++++++
--- /var/tmp/diff_new_pack.6AFnmx/_old 2022-07-31 23:01:01.827706820 +0200
+++ /var/tmp/diff_new_pack.6AFnmx/_new 2022-07-31 23:01:01.831706832 +0200
@@ -1,30 +1,53 @@
---- jing-trang-20181222/build.xml 2021-07-01 11:39:52.944475295 +0200
-+++ jing-trang-20181222/build.xml 2021-07-01 11:41:13.792611378 +0200
-@@ -386,7 +386,7 @@
+From 1c6338f2640ed9e7a93f84986d3019a22450515a Mon Sep 17 00:00:00 2001
+From: Tom Schraitle <tom_schr(a)web.de>
+Date: Mon, 25 Jul 2022 19:08:57 +0200
+Subject: [PATCH] No tests
+
+---
+ build.xml | 2 +-
+ build.xsl | 6 +-----
+ mod/catalog/mod.xml | 3 +--
+ mod/infer/mod.xml | 3 +--
+ mod/pattern/mod.xml | 3 +--
+ mod/rng-jaxp/mod.xml | 3 +--
+ mod/util/mod.xml | 3 +--
+ mod/xsd-datatype/mod.xml | 4 +---
+ 8 files changed, 8 insertions(+), 19 deletions(-)
+
+diff --git a/build.xml b/build.xml
+index 51c695f..b88d420 100644
+--- a/build.xml
++++ b/build.xml
+@@ -409,7 +409,7 @@
<gzip zipfile="${build.dir}/dist/relaxng.tar.gz" src="${build.dir}/relaxng.tar"/>
</target>
--<target name="dist" depends="test,validate,jing-dist,trang-dist,dtdinst-dist,website"
+-<target name="dist" depends="ant-test,validate,jing-dist,trang-dist,dtdinst-dist,website"
+<target name="dist" depends="validate,jing-dist,trang-dist,dtdinst-dist,website"
description="Make a distribution, leaving artifacts in ${build.dir}/dist"/>
<target name="googlecode.properties.available">
---- jing-trang-20181222/build.xsl 2021-07-01 11:39:52.944475295 +0200
-+++ jing-trang-20181222/build.xsl 2021-07-01 11:45:58.721090950 +0200
-@@ -15,11 +15,6 @@
+diff --git a/build.xsl b/build.xsl
+index e45acf6..334b1a6 100644
+--- a/build.xsl
++++ b/build.xsl
+@@ -15,11 +15,7 @@
<property name="javacc.dir" value="${{lib.dir}}"/>
- <property name="ant.build.javac.source" value="7"/>
- <property name="ant.build.javac.target" value="1.7"/>
+ <property name="ant.build.javac.source" value="8"/>
+ <property name="ant.build.javac.target" value="1.8"/>
- <taskdef name="testng" classname="org.testng.TestNGAntTask">
- <classpath>
- <pathelement location="${{lib.dir}}/testng.jar"/>
- </classpath>
- </taskdef>
++
<target name="dummy"/>
<target name="init">
<mkdir dir="{$build}"/>
---- jing-trang-20181222/mod/catalog/mod.xml 2021-07-01 11:39:52.948475302 +0200
-+++ jing-trang-20181222/mod/catalog/mod.xml 2021-07-01 11:42:11.328708210 +0200
+diff --git a/mod/catalog/mod.xml b/mod/catalog/mod.xml
+index 5398646..ae21910 100644
+--- a/mod/catalog/mod.xml
++++ b/mod/catalog/mod.xml
@@ -1,6 +1,5 @@
<module>
- <compile test="yes"/>
@@ -33,8 +56,10 @@
<depends module="util"/>
<depends module="resolver"/>
<depends lib="xml-commons-resolver"/>
---- jing-trang-20181222/mod/infer/mod.xml 2021-07-01 11:39:52.960475322 +0200
-+++ jing-trang-20181222/mod/infer/mod.xml 2021-07-01 11:42:17.348718337 +0200
+diff --git a/mod/infer/mod.xml b/mod/infer/mod.xml
+index 8a781e9..e997d69 100644
+--- a/mod/infer/mod.xml
++++ b/mod/infer/mod.xml
@@ -4,6 +4,5 @@
<depends module="datatype"/>
<depends module="xsd-datatype"/>
@@ -43,8 +68,10 @@
- <test name="unit" type="testng"/>
+ <compile test="no"/>
</module>
---- jing-trang-20181222/mod/pattern/mod.xml 2021-07-01 11:39:52.960475322 +0200
-+++ jing-trang-20181222/mod/pattern/mod.xml 2021-07-01 11:42:23.344728421 +0200
+diff --git a/mod/pattern/mod.xml b/mod/pattern/mod.xml
+index 875f1cb..1f1f199 100644
+--- a/mod/pattern/mod.xml
++++ b/mod/pattern/mod.xml
@@ -4,6 +4,5 @@
<depends module="datatype"/>
<depends module="rng-parse"/>
@@ -53,8 +80,10 @@
- <test name="unit" type="testng"/>
+ <compile test="no"/>
</module>
---- jing-trang-20181222/mod/rng-jaxp/mod.xml 2021-07-01 11:39:52.964475329 +0200
-+++ jing-trang-20181222/mod/rng-jaxp/mod.xml 2021-07-01 11:42:29.884739430 +0200
+diff --git a/mod/rng-jaxp/mod.xml b/mod/rng-jaxp/mod.xml
+index 48c5d8c..c387216 100644
+--- a/mod/rng-jaxp/mod.xml
++++ b/mod/rng-jaxp/mod.xml
@@ -8,6 +8,5 @@
<depends module="pattern"/>
<depends module="jaxp"/>
@@ -63,8 +92,10 @@
- <test name="unit" type="testng"/>
+ <compile test="no"/>
</module>
---- jing-trang-20181222/mod/util/mod.xml 2021-07-01 11:39:52.972475342 +0200
-+++ jing-trang-20181222/mod/util/mod.xml 2021-07-01 11:42:35.516748907 +0200
+diff --git a/mod/util/mod.xml b/mod/util/mod.xml
+index d9e1853..5317816 100644
+--- a/mod/util/mod.xml
++++ b/mod/util/mod.xml
@@ -1,5 +1,4 @@
<module>
- <compile test="yes"/>
@@ -72,8 +103,10 @@
+ <compile test="no"/>
</module>
---- jing-trang-20181222/mod/xsd-datatype/mod.xml 2021-07-01 11:39:52.972475342 +0200
-+++ jing-trang-20181222/mod/xsd-datatype/mod.xml 2021-07-01 11:42:48.676771055 +0200
+diff --git a/mod/xsd-datatype/mod.xml b/mod/xsd-datatype/mod.xml
+index cc7645b..2d717b3 100644
+--- a/mod/xsd-datatype/mod.xml
++++ b/mod/xsd-datatype/mod.xml
@@ -3,9 +3,7 @@
<depends module="datatype"/>
<depends module="regex"/>
@@ -85,4 +118,7 @@
<service type="org.relaxng.datatype.DatatypeLibraryFactory">
<provider classname="com.thaiopensource.datatype.xsd.DatatypeLibraryFactoryImpl"/>
</service>
+--
+2.35.3
+
++++++ trang-20181222.pom -> trang-20220510.pom ++++++
--- /work/SRC/openSUSE:Factory/jing-trang/trang-20181222.pom 2021-07-04 22:10:43.765235304 +0200
+++ /work/SRC/openSUSE:Factory/.jing-trang.new.1533/trang-20220510.pom 2022-07-31 23:01:00.987704379 +0200
@@ -4,7 +4,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.relaxng</groupId>
<artifactId>trang</artifactId>
- <version>20181222</version>
+ <version>20220510</version>
<name>Trang</name>
<description>Trang, a multi-format schema converter based on RELAX NG.</description>
<url>http://www.thaiopensource.com/relaxng/trang.html</url>
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package yast2-auth-client for openSUSE:Factory checked in at 2022-07-31 23:00:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-auth-client (Old)
and /work/SRC/openSUSE:Factory/.yast2-auth-client.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-auth-client"
Sun Jul 31 23:00:45 2022 rev:45 rq:991571 version:4.5.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-auth-client/yast2-auth-client.changes 2022-04-14 17:23:59.591160140 +0200
+++ /work/SRC/openSUSE:Factory/.yast2-auth-client.new.1533/yast2-auth-client.changes 2022-07-31 23:00:59.811700962 +0200
@@ -1,0 +2,7 @@
+Wed Jul 27 00:50:39 UTC 2022 - William Brown <william.brown(a)suse.com>
+
+- Remove nss_ldap and pam_ldap support in favour of SSSD
+ (gh#yast/yast-auth-client#82)
+- 4.5.1
+
+-------------------------------------------------------------------
Old:
----
yast2-auth-client-4.5.0.tar.bz2
New:
----
yast2-auth-client-4.5.1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-auth-client.spec ++++++
--- /var/tmp/diff_new_pack.ImO2Rr/_old 2022-07-31 23:01:00.207702113 +0200
+++ /var/tmp/diff_new_pack.ImO2Rr/_new 2022-07-31 23:01:00.211702125 +0200
@@ -17,7 +17,7 @@
Name: yast2-auth-client
-Version: 4.5.0
+Version: 4.5.1
Release: 0
URL: https://github.com/yast/yast-auth-client
Summary: YaST2 - Centralised System Authentication Configuration
++++++ yast2-auth-client-4.5.0.tar.bz2 -> yast2-auth-client-4.5.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.5.0/README.md new/yast2-auth-client-4.5.1/README.md
--- old/yast2-auth-client-4.5.0/README.md 2022-04-12 13:32:42.000000000 +0200
+++ new/yast2-auth-client-4.5.1/README.md 2022-07-28 15:52:19.000000000 +0200
@@ -14,8 +14,7 @@
* Configure single or multi-domain authentication via SSSD
* Enroll a host at Microsoft Active Directory
- * Configure PAM/NSS for LDAP
- * Configure Kerberos client
+ * Configure PAM/NSS for LDAP or Kerberos via SSSD
Installation
------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.5.0/package/yast2-auth-client.changes new/yast2-auth-client-4.5.1/package/yast2-auth-client.changes
--- old/yast2-auth-client-4.5.0/package/yast2-auth-client.changes 2022-04-12 13:32:42.000000000 +0200
+++ new/yast2-auth-client-4.5.1/package/yast2-auth-client.changes 2022-07-28 15:52:19.000000000 +0200
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Wed Jul 27 00:50:39 UTC 2022 - William Brown <william.brown(a)suse.com>
+
+- Remove nss_ldap and pam_ldap support in favour of SSSD
+ (gh#yast/yast-auth-client#82)
+- 4.5.1
+
+-------------------------------------------------------------------
Wed Apr 06 13:24:58 UTC 2022 - Ladislav Slez��k <lslezak(a)suse.cz>
- Bump version to 4.5.0 (bsc#1198109)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.5.0/package/yast2-auth-client.spec new/yast2-auth-client-4.5.1/package/yast2-auth-client.spec
--- old/yast2-auth-client-4.5.0/package/yast2-auth-client.spec 2022-04-12 13:32:42.000000000 +0200
+++ new/yast2-auth-client-4.5.1/package/yast2-auth-client.spec 2022-07-28 15:52:19.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-auth-client
-Version: 4.5.0
+Version: 4.5.1
Release: 0
Url: https://github.com/yast/yast-auth-client
Summary: YaST2 - Centralised System Authentication Configuration
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.5.0/src/clients/ldapkrb.rb new/yast2-auth-client-4.5.1/src/clients/ldapkrb.rb
--- old/yast2-auth-client-4.5.0/src/clients/ldapkrb.rb 2022-04-12 13:32:42.000000000 +0200
+++ new/yast2-auth-client-4.5.1/src/clients/ldapkrb.rb 1970-01-01 01:00:00.000000000 +0100
@@ -1,32 +0,0 @@
-# encoding: utf-8
-
-# ------------------------------------------------------------------------------
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
-#
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of version 2 of the GNU General Public License as published by the
-# Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, contact SUSE Linux GmbH.
-#
-# ------------------------------------------------------------------------------
-
-# Module: Configure system-wide authentication mechanisms via LDAP and Kerberos
-# Summary: Invoke main dialog and allow configuring LDAP and Kerberos
-# Authors: Howard Guo <hguo(a)suse.com>
-
-require 'auth/authconf'
-require 'auth/auth-cli'
-require 'authui/main_dialog'
-
-if Yast::WFM.Args.empty?
- Auth::AuthConfInst.read_all
- Auth::MainDialog.new(:ldapkrb).run
-else
- Auth::CLI.run("ldapkrb")
-end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.5.0/src/lib/auth/authconf.rb new/yast2-auth-client-4.5.1/src/lib/auth/authconf.rb
--- old/yast2-auth-client-4.5.0/src/lib/auth/authconf.rb 2022-04-12 13:32:42.000000000 +0200
+++ new/yast2-auth-client-4.5.1/src/lib/auth/authconf.rb 2022-07-28 15:52:19.000000000 +0200
@@ -34,7 +34,7 @@
include Yast::Logger
include Yast::UIShortcuts
- attr_accessor(:krb_conf, :krb_pam, :ldap_conf, :ldap_pam, :ldap_nss, :sssd_conf, :sssd_pam, :sssd_nss, :sssd_enabled)
+ attr_accessor(:krb_conf, :krb_pam, :ldap_pam, :ldap_nss, :sssd_conf, :sssd_pam, :sssd_nss, :sssd_enabled)
attr_accessor(:autofs_enabled, :nscd_enabled, :mkhomedir_pam)
attr_accessor(:ad_domain, :ad_user, :ad_ou, :ad_pass, :ad_overwrite_smb_conf, :ad_update_dns, :autoyast_editor_mode, :autoyast_modified)
@@ -44,7 +44,6 @@
@krb_conf = {'include' => [], 'libdefaults' => {}, 'realms' => {}, 'domain_realm' => {}, 'logging' => {}}
@krb_pam = false
# LDAP configuration (/etc/ldap.conf)
- @ldap_conf = {}
@ldap_pam = false
@ldap_nss = []
# SSSD configuration (/etc/sssd/sssd.conf)
@@ -439,25 +438,6 @@
# Load LDAP configuration.
def ldap_read
- @ldap_conf = {}
- # Destruct ldap.conf file
- Yast::SCR.UnmountAgent(Yast::Path.new('.etc.ldap_conf'))
- Yast::SCR.Read(Yast::Path.new('.etc.ldap_conf.all')).fetch('value', []).each { |entry|
- if entry['kind'] != 'value'
- skip
- end
- entry_name = entry['name'].strip
- entry_value = entry['value'].strip
- # Store values from duplicate keys in the original order
- existing_value = @ldap_conf[entry_name]
- if existing_value && existing_value.kind_of?(::String)
- @ldap_conf[entry_name] = [existing_value, entry_value]
- elsif existing_value && existing_value.kind_of?(::Array)
- @ldap_conf[entry_name] = existing_value + [entry_value]
- else
- @ldap_conf[entry_name] = entry_value
- end
- }
# Read PAM/NSS
@ldap_pam = Yast::Pam.Enabled('ldap')
@ldap_nss = []
@@ -470,18 +450,15 @@
# Return LDAP configuration.
def ldap_export
- return {'conf' => @ldap_conf, 'pam' => @ldap_pam, 'nss' => @ldap_nss}
+ return {'pam' => @ldap_pam, 'nss' => @ldap_nss}
end
# Set configuration for LDAP from exported objects.
def ldap_import(exported_conf)
if exported_conf.nil?
- @ldap_conf = {}
@ldap_pam = false
@ldap_nss = []
else
- @ldap_conf = exported_conf['conf']
- @ldap_conf = {} if @ldap_conf.nil?
@ldap_pam = exported_conf['pam']
@ldap_pam = false if @ldap_pam.nil?
@ldap_nss = exported_conf['nss']
@@ -506,93 +483,6 @@
return content
end
- # Immediately apply LDAP configuration, including PAM/NSS configuration.
- def ldap_apply
- if @autoyast_editor_mode
- return
- end
- # Calculate package requirements
- pkgs = []
- if @ldap_pam
- pkgs += ['pam_ldap']
- end
- if @ldap_nss.any?
- pkgs += ['nss_ldap']
- if @ldap_nss.include?('automount')
- pkgs += ['openldap2-client'] # provides /etc/openldap/ldap.conf
- end
- end
- pkgs.delete_if { |name| Yast::Package.Installed(name) }
- if pkgs.any?
- if !Yast::Package.DoInstall(pkgs)
- Yast::Report.Error(_('Failed to install software packages required for LDAP.'))
- end
- end
- # Write LDAP config file and correct its permission and ownerships
- ldap_conf = File.new('/etc/ldap.conf', 'w')
- ldap_conf.chmod(0600)
- ldap_conf.chown(0, 0)
- ldap_conf.write(ldap_make_conf)
- ldap_conf.close
- # If automount is enabled, overwrite openldap's ldap.conf as well.
- if @ldap_nss.include?('automount')
- ldap_conf = File.new('/etc/openldap/ldap.conf', 'w')
- ldap_conf.chmod(0644)
- ldap_conf.chown(0, 0)
- ldap_conf.write(ldap_make_conf)
- ldap_conf.close
- end
- # Save PAM/NSS/daemon status
- if @ldap_pam
- Yast::Pam.Add('ldap')
- else
- Yast::Pam.Remove('ldap')
- end
- fix_pam
- LDAP_CAPABLE_NSS_DBS.each { |db| nss_disable_module(db, 'ldap') }
- if @ldap_nss.any?
- @ldap_nss.each { |db| nss_enable_module(db, 'ldap') }
- end
- end
-
- # Run ldapsearch to test the parameters. Return empty string if test is successful, otherwise return ldapsearch error output.
- def ldap_test_bind(uri, start_tls, dn, password, base_dn)
- # Make sure openldap client is installed
- if !Yast::Package.Installed('openldap2-client')
- if !Yast::Package.DoInstall(['openldap2-client'])
- return 'Failed to install openldap2-client package'
- end
- end
- # Create a temporary file to hold the password
- pwd_filename = "yastauthclient-ldaptestbind-#{Time.now.strftime('%Y%m%d%I%M%S')}"
- pwd_file = File.open(pwd_filename, 'w', 0600)
- pwd_file.write(password)
- pwd_file.close
- # Run ldapsearch with password bind
- cmd = "ldapsearch -o nettimeout=5 -s one -x -H '#{uri}' "
- if start_tls
- cmd += '-ZZ '
- end
- if dn.to_s != ''
- cmd += "-D '#{dn}' -y '#{pwd_filename}' "
- end
- cmd += "-b #{base_dn}"
- out = ''
- errout = ''
- exitstatus = 0
- Open3.popen3(cmd){ |stdin, stdout, stderr, control|
- stdin.close
- out = stdout.read
- errout = stderr.read
- exitstatus = control.value
- }
- File.unlink(pwd_file)
- if exitstatus == 0
- return ''
- end
- return _("ERROR: ") + "#{out}\n#{errout}"
- end
-
# Parse and set Kerberos configuration
def krb_parse_set(content)
@krb_conf = KrbParse.parse(content)
@@ -772,32 +662,14 @@
if @autoyast_editor_mode
return
end
- # Calculate package requirements
- pkgs = []
- if @krb_pam
- pkgs += ['pam_krb5', 'krb5', 'krb5-client']
- end
- pkgs.delete_if { |name| Yast::Package.Installed(name) }
- if pkgs.any?
- if !Yast::Package.DoInstall(pkgs)
- Yast::Report.Error(_('Failed to install software packages required for Kerberos.'))
- end
- end
# Write LDAP config file and correct its permission and ownerships
krb_conf = File.new('/etc/krb5.conf', 'w')
krb_conf.chmod(0644)
krb_conf.chown(0, 0)
krb_conf.write(krb_make_conf)
krb_conf.close
- # Save PAM/NSS/daemon status
- if @krb_pam
- Yast::Pam.Add('krb5')
- else
- Yast::Pam.Remove('krb5')
- end
- fix_pam
end
-
+
# Create a Kerberos realm if it does not yet exist. If it already exists, update the configuration. All parameters are required.
def krb_add_update_realm(realm_name, kdc_addr, admin_addr, make_domain_realms, make_default)
realm_name = realm_name.upcase.strip
@@ -1070,18 +942,6 @@
end
}
end
- if @ldap_pam
- pkgs += ['pam_ldap']
- end
- if @krb_pam
- pkgs += ['pam_krb5', 'krb5', 'krb5-client']
- end
- if @ldap_nss.any?
- pkgs += ['nss_ldap']
- if @ldap_nss.include?('automount')
- pkgs += ['openldap2-client'] # provides /etc/openldap/ldap.conf
- end
- end
if @autofs_enabled || @sssd_nss.include?('automount') || @ldap_nss.include?('automount')
pkgs += ['autofs']
end
@@ -1108,26 +968,25 @@
auth_doms_caption += ' ' + _('(daemon is inactive)')
end
else
- # LDAP and/or Kerberos is configured
- if @ldap_nss.any? || @ldap_pam
- if @ldap_conf['base'].to_s == ''
- auth_doms_caption = _('LDAP is enabled but the setup is incomplete')
+ list_of_providers = ''
+ if @ldap_nss.any?
+ list_of_providers = _('NSS LDAP')
+ end
+ if @ldap_pam
+ if list_of_providers != ''
+ list_of_providers = _('PAM + NSS LDAP')
else
- auth_doms_caption = _('via LDAP on %s') % [@ldap_conf['base']]
+ list_of_providers = _('PAM LDAP')
end
end
if @krb_pam
- if auth_doms_caption != ''
- # 'and' as in "authenticate via LDAP and Kerberos"
- auth_doms_caption += _(' and ')
- end
- realms = @krb_conf.fetch('realms', {})
- if realms.length == 0
- auth_doms_caption += _('via Kerberos')
+ if list_of_providers != ''
+ list_of_providers += _('and PAM KRB5')
else
- auth_doms_caption += _('via Kerberos on %s') % [realms.keys.join(', ')]
+ list_of_providers = _('PAM KRB5')
end
end
+ auth_doms_caption = _('������ Use of %s detected. These modules can no longer be configured and you MUST migrate to SSSD') % [list_of_providers]
end
return auth_doms_caption
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.5.0/src/lib/authui/ldapkrb/edit_realm_dialog.rb new/yast2-auth-client-4.5.1/src/lib/authui/ldapkrb/edit_realm_dialog.rb
--- old/yast2-auth-client-4.5.0/src/lib/authui/ldapkrb/edit_realm_dialog.rb 2022-04-12 13:32:42.000000000 +0200
+++ new/yast2-auth-client-4.5.1/src/lib/authui/ldapkrb/edit_realm_dialog.rb 1970-01-01 01:00:00.000000000 +0100
@@ -1,178 +0,0 @@
-# encoding: utf-8
-
-# ------------------------------------------------------------------------------
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
-#
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of version 2 of the GNU General Public License as published by the
-# Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, contact SUSE Linux GmbH.
-#
-# ------------------------------------------------------------------------------
-
-require 'yast'
-require 'auth/authconf'
-require 'authui/ldapkrb/generic_input_dialog'
-Yast.import 'UI'
-Yast.import 'Icon'
-Yast.import 'Label'
-
-module LdapKrb
- # Edit Kerberos realm configuration
- class EditRealmDialog < UI::Dialog
- include Yast
- include Auth
- include UIShortcuts
- include I18n
- include Logger
-
- def initialize(realm_name)
- super()
- @realm_name = realm_name
- textdomain "auth-client"
- end
-
- def create_dialog
- return false unless super
- return true
- end
-
- def dialog_options
- Opt(:decorated)
- end
-
- def dialog_content
- VBox(
- InputField(Id(:realm_name), Opt(:hstretch), _('Realm name'), @realm_name.to_s),
- CheckBox(Id(:map_domain), Opt(:hstretch), _('Map Domain Name to the Realm (example.com -> EXAMPLE.COM)'),
- !(a)realm_name.nil? && !AuthConfInst.krb_conf_get(['domain_realm', @realm_name.downcase], nil).nil?),
- CheckBox(Id(:map_wildcard_domain), Opt(:hstretch), _('Map Wild Card Domain Name to the Realm (*.example.com -> EXAMPLE.COM)'),
- !(a)realm_name.nil? && !AuthConfInst.krb_conf_get(['domain_realm', ".#{(a)realm_name.downcase}"], nil).nil?),
- VSpacing(1.0),
- InputField(Id(:admin_server), Opt(:hstretch), _('Host Name of Administration Server (Optional)'),
- AuthConfInst.krb_conf_get(['realms', @realm_name, 'admin_server'], '')),
- InputField(Id(:master_kdc), Opt(:hstretch), _('Host Name of Master Key Distribution Center (Optional)'),
- AuthConfInst.krb_conf_get(['realms', @realm_name, 'master_kdc'], '')),
- SelectionBox(Id(:kdc), Opt(:hstretch), _('Key Distribution Centers (Optional If Auto-Discovery via DNS is Enabled)'),
- AuthConfInst.krb_conf_get(['realms', @realm_name, 'kdc'], [])),
- Left(HBox(PushButton(Id(:kdc_add), Label.AddButton), PushButton(Id(:kdc_remove), Label.DeleteButton))),
- VSpacing(1.0),
- HBox(
- VBox(
- Left(Label(_('Custom Mappings of Principal Names to User Names'))),
- Table(Id(:auth_to_local_names), Header(_('Principal Name'), _('User Name')),
- AuthConfInst.krb_conf_get(['realms', @realm_name, 'auth_to_local_names'], []).map {|princ_name, user_name| Item(princ_name, user_name)}),
- Left(HBox(PushButton(Id(:a2ln_add), Label.AddButton), PushButton(Id(:a2ln_remove), Label.DeleteButton))),
- ),
- VBox(
- SelectionBox(Id(:auth_to_local), _('Custom Rules for Mapping Principal Names to User Names'),
- AuthConfInst.krb_conf_get(['realms', @realm_name, 'auth_to_local'], [])),
- Left(HBox(PushButton(Id(:a2l_add), Label.AddButton), PushButton(Id(:a2l_remove), Label.DeleteButton))),
- )
- ),
- VSpacing(1.0),
- ButtonBox(
- PushButton(Id(:ok), Label.OKButton),
- PushButton(Id(:cancel), Label.CancelButton),
- )
- )
- end
-
- # Add a KDC
- def kdc_add_handler
- new_kdc = GenericInputDialog.new(_('Please type in the host name of Key Distribution Centre:'), '').run
- if !new_kdc.nil?
- UI.ChangeWidget(Id(:kdc), :Items, UI.QueryWidget(Id(:kdc), :Items) + [new_kdc])
- end
- end
-
- # Remove a KDC
- def kdc_remove_handler
- UI.ChangeWidget(Id(:kdc), :Items, UI.QueryWidget(Id(:kdc), :Items).map{|item| item[1]} - [UI.QueryWidget(Id(:kdc), :CurrentItem)])
- end
-
- # Add an auth_to_local
- def a2l_add_handler
- new_a2l = GenericInputDialog.new(_('Please type the new rule string (e.g. "RULE:[2:$1](johndoe)s/^.*$/guest/")'), '').run
- if !new_a2l.nil?
- UI.ChangeWidget(Id(:auth_to_local), :Items, UI.QueryWidget(Id(:auth_to_local), :Items) + [new_a2l])
- end
- end
-
- # Remove an auth_to_local
- def a2l_remove_handler
- UI.ChangeWidget(Id(:auth_to_local), :Items, UI.QueryWidget(Id(:auth_to_local), :Items).map{|item| item[1]} - [UI.QueryWidget(Id(:auth_to_local), :CurrentItem)])
- end
-
- # Add an auth_to_local_names
- def a2ln_add_handler
- new_a2ln = GenericInputDialog.new(_('Please type in the principal name and user name in the format of "princ_name = user_name":'), '').run
- if !new_a2ln.nil?
- new_a2ln = new_a2ln.split(/\s*=\s*/)
- if new_a2ln.length == 2
- UI.ChangeWidget(Id(:auth_to_local_names), :Items, UI.QueryWidget(Id(:auth_to_local_names), :Items) + [Item(new_a2ln[0], new_a2ln[1])])
- end
- end
- end
-
- # Remove an auth_to_local_names
- def a2ln_remove_handler
- current_key = UI.QueryWidget(Id(:auth_to_local_names), :CurrentItem)
- new_items = UI.QueryWidget(Id(:auth_to_local_names), :Items).select{ |item| item[1] != current_key}
- UI.ChangeWidget(Id(:auth_to_local_names), :Items, new_items)
- end
-
- # Save realm settings
- def ok_handler
- input_realm_name = UI.QueryWidget(Id(:realm_name), :Value).upcase
- if input_realm_name == ''
- Popup.Error(_('Please enter realm name.'))
- return
- end
- # Move configuration from one realm to another
- if !(a)realm_name.nil? && @realm_name != input_realm_name
- AuthConfInst.krb_conf['realms'][input_realm_name] = AuthConfInst.krb_conf['realms'][@realm_name]
- AuthConfInst.krb_conf['realms'].delete(@realm_name)
- if AuthConfInst.krb_conf['libdefaults']['default_realm'] == @realm_name
- AuthConfInst.krb_conf['libdefaults']['default_realm'] = input_realm_name
- end
- domains = AuthConfInst.krb_conf['domain_realm'].select{ |_, realm| realm == @realm_name}.keys
- domains.each {|domain| AuthConfInst.krb_conf['domain_realm'].delete(domain)}
- domains.each {|domain| AuthConfInst.krb_conf['domain_realm'][domain] = input_realm_name}
- end
- # Create new realm
- if !AuthConfInst.krb_conf['realms'].include?(input_realm_name)
- AuthConfInst.krb_conf['realms'][input_realm_name] = {}
- end
- # Set settings
- realm_conf = AuthConfInst.krb_conf['realms'][input_realm_name]
- realm_conf['admin_server'] = UI.QueryWidget(Id(:admin_server), :Value)
- realm_conf['master_kdc'] = UI.QueryWidget(Id(:master_kdc), :Value)
- realm_conf['kdc'] = UI.QueryWidget(Id(:kdc), :Items).map{|item| item[1]}
- if UI.QueryWidget(Id(:map_domain), :Value)
- AuthConfInst.krb_conf['domain_realm'][input_realm_name.downcase] = input_realm_name
- else
- AuthConfInst.krb_conf['domain_realm'].delete(input_realm_name.downcase)
- end
- if UI.QueryWidget(Id(:map_wildcard_domain), :Value)
- AuthConfInst.krb_conf['domain_realm'][".#{input_realm_name.downcase}"] = input_realm_name
- else
- AuthConfInst.krb_conf['domain_realm'].delete(".#{input_realm_name.downcase}")
- end
- realm_conf['auth_to_local'] = UI.QueryWidget(Id(:auth_to_local), :Items).map{|item| item[1]}
- realm_conf['auth_to_local_names'] = Hash[*UI.QueryWidget(Id(:auth_to_local_names), :Items).map{|item| [item[1], item[2]]}.flatten]
- finish_dialog(:finish)
- end
-
- # Close the dialog
- def finish_handler
- finish_dialog(:finish)
- end
- end
-end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.5.0/src/lib/authui/ldapkrb/generic_input_dialog.rb new/yast2-auth-client-4.5.1/src/lib/authui/ldapkrb/generic_input_dialog.rb
--- old/yast2-auth-client-4.5.0/src/lib/authui/ldapkrb/generic_input_dialog.rb 2022-04-12 13:32:42.000000000 +0200
+++ new/yast2-auth-client-4.5.1/src/lib/authui/ldapkrb/generic_input_dialog.rb 1970-01-01 01:00:00.000000000 +0100
@@ -1,74 +0,0 @@
-# encoding: utf-8
-
-# ------------------------------------------------------------------------------
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
-#
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of version 2 of the GNU General Public License as published by the
-# Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, contact SUSE Linux GmbH.
-#
-# ------------------------------------------------------------------------------
-
-require 'yast'
-require 'auth/authconf'
-Yast.import 'UI'
-Yast.import 'Icon'
-Yast.import 'Label'
-
-module LdapKrb
- # A generic text input dialog.
- class GenericInputDialog
- include Yast
- include Auth
- include UIShortcuts
- include I18n
- include Logger
-
- def initialize(caption, default_text)
- @caption = caption
- @default_text = default_text
- textdomain "auth-client"
- end
-
- def run
- return if !render_all
- begin
- return ui_event_loop
- ensure
- UI.CloseDialog()
- end
- end
-
- def render_all
- UI.OpenDialog(
- VBox(
- Left(Label(@caption)),
- InputField(Id(:input), Opt(:hstretch), @default_text),
- ButtonBox(
- PushButton(Id(:ok), Label.OKButton),
- PushButton(Id(:cancel), Label.CancelButton),
- )
- )
- )
- end
-
- # Return text in the input field, or nil if the dialog is cancelled.
- def ui_event_loop
- loop do
- case UI.UserInput
- when :ok
- return UI.QueryWidget(Id(:input), :Value)
- else
- return nil
- end
- end
- end
- end
-end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.5.0/src/lib/authui/ldapkrb/krb_extended_opts_dialog.rb new/yast2-auth-client-4.5.1/src/lib/authui/ldapkrb/krb_extended_opts_dialog.rb
--- old/yast2-auth-client-4.5.0/src/lib/authui/ldapkrb/krb_extended_opts_dialog.rb 2022-04-12 13:32:42.000000000 +0200
+++ new/yast2-auth-client-4.5.1/src/lib/authui/ldapkrb/krb_extended_opts_dialog.rb 1970-01-01 01:00:00.000000000 +0100
@@ -1,78 +0,0 @@
-# encoding: utf-8
-
-# ------------------------------------------------------------------------------
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
-#
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of version 2 of the GNU General Public License as published by the
-# Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, contact SUSE Linux GmbH.
-#
-# ------------------------------------------------------------------------------
-
-require 'yast'
-require 'ui/dialog'
-require 'auth/authconf'
-Yast.import 'UI'
-Yast.import 'Label'
-
-module LdapKrb
- # Edit more configuration items for Kerberos.
- class KrbExtendedOptsDialog < UI::Dialog
- include Yast
- include Auth
- include UIShortcuts
- include I18n
-
- def initialize
- super()
- textdomain "auth-client"
- end
-
- def create_dialog
- return super
- end
-
- def dialog_options
- Opt(:decorated)
- end
-
- def dialog_content
- MinWidth(80, VBox(
- InputField(Id(:default_keytab_name), Opt(:hstretch), _('Default Location of Keytab File'),
- AuthConfInst.krb_conf_get(['libdefaults', 'default_keytab_name'], '/etc/krb5.keytab')),
- InputField(Id(:default_tgs_enctypes), Opt(:hstretch), _('Encryption Types for TGS (Space separated)'),
- AuthConfInst.krb_conf_get(['libdefaults', 'default_tgs_enctypes'], AuthConfInst.krb_get_default(:default_tgs_enctypes))),
- InputField(Id(:default_tkt_enctypes), Opt(:hstretch), _('Encryption Types for Ticket (Space separated)'),
- AuthConfInst.krb_conf_get(['libdefaults', 'default_tkt_enctypes'], AuthConfInst.krb_get_default(:default_tkt_enctypes))),
- InputField(Id(:permitted_enctypes), Opt(:hstretch), _('Encryption Types for Sessions (Space separated)'),
- AuthConfInst.krb_conf_get(['libdefaults', 'permitted_enctypes'], AuthConfInst.krb_get_default(:permitted_enctypes))),
- InputField(Id(:extra_addresses), Opt(:hstretch), _('Additional Addresses to be put in Ticket (Comma separated)'),
- AuthConfInst.krb_conf_get(['libdefaults', 'extra_addresses'], '')),
- VSpacing(1.0),
- HBox(PushButton(Id(:reset), _('Reset')), PushButton(Id(:finish), Label.OKButton)),
- ))
- end
-
- def reset_handler
- [:default_keytab_name, :default_tgs_enctypes, :default_tkt_enctypes, :permitted_enctypes].each { |key|
- UI.ChangeWidget(Id(key), :Value, AuthConfInst.krb_get_default(key))
- }
- end
-
- def finish_handler
- AuthConfInst.krb_conf['libdefaults']['default_keytab_name'] = UI.QueryWidget(Id(:default_keytab_name), :Value)
- AuthConfInst.krb_conf['libdefaults']['default_tgs_enctypes'] = UI.QueryWidget(Id(:default_tgs_enctypes), :Value)
- AuthConfInst.krb_conf['libdefaults']['default_tkt_enctypes'] = UI.QueryWidget(Id(:default_tkt_enctypes), :Value)
- AuthConfInst.krb_conf['libdefaults']['permitted_enctypes'] = UI.QueryWidget(Id(:permitted_enctypes), :Value)
- AuthConfInst.krb_conf['libdefaults']['extra_addresses'] = UI.QueryWidget(Id(:extra_addresses), :Value)
- finish_dialog(:finish)
- end
- end
-end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.5.0/src/lib/authui/ldapkrb/ldap_extended_opts_dialog.rb new/yast2-auth-client-4.5.1/src/lib/authui/ldapkrb/ldap_extended_opts_dialog.rb
--- old/yast2-auth-client-4.5.0/src/lib/authui/ldapkrb/ldap_extended_opts_dialog.rb 2022-04-12 13:32:42.000000000 +0200
+++ new/yast2-auth-client-4.5.1/src/lib/authui/ldapkrb/ldap_extended_opts_dialog.rb 1970-01-01 01:00:00.000000000 +0100
@@ -1,66 +0,0 @@
-# encoding: utf-8
-
-# ------------------------------------------------------------------------------
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
-#
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of version 2 of the GNU General Public License as published by the
-# Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, contact SUSE Linux GmbH.
-#
-# ------------------------------------------------------------------------------
-
-require 'yast'
-require 'ui/dialog'
-require 'auth/authconf'
-Yast.import 'UI'
-Yast.import 'Label'
-
-module LdapKrb
- # Edit more configuration items for LDAP.
- class LdapExtendedOptsDialog < UI::Dialog
- include Yast
- include Auth
- include UIShortcuts
- include I18n
-
- def initialize
- super()
- textdomain "auth-client"
- end
-
- def create_dialog
- super
- end
-
- def dialog_options
- Opt(:decorated)
- end
-
- def dialog_content
- # The user cannot possibly understand the implication of 0 in search timeout if the user uses YaST
- MinWidth(80, VBox(
- IntField(Id(:ldap_bind_timelimit), Opt(:hstretch), _('Timeout for Bind Operations in Seconds'), 1, 600,
- (AuthConfInst.ldap_conf['bind_timelimit'].to_s == '' ? '30' : AuthConfInst.ldap_conf['bind_timelimit']).to_i),
- IntField(Id(:ldap_timelimit), Opt(:hstretch), _('Timeout for Search Operations in Seconds'), 1, 600,
- (AuthConfInst.ldap_conf['timelimit'].to_s == '' ? '30' : AuthConfInst.ldap_conf['timelimit']).to_i),
- VSpacing(1.0),
- PushButton(Id(:finish), Label.OKButton)
- ))
- end
-
- def finish_handler
- # The user cannot possibly understand the implication of 'hard' policy if the user uses YaST
- AuthConfInst.ldap_conf['bind_policy'] = 'soft'
- AuthConfInst.ldap_conf['bind_timelimit'] = UI.QueryWidget(Id(:ldap_bind_timelimit), :Value)
- AuthConfInst.ldap_conf['timelimit'] = UI.QueryWidget(Id(:ldap_timelimit), :Value)
- finish_dialog(:finish)
- end
- end
-end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.5.0/src/lib/authui/ldapkrb/main_dialog.rb new/yast2-auth-client-4.5.1/src/lib/authui/ldapkrb/main_dialog.rb
--- old/yast2-auth-client-4.5.0/src/lib/authui/ldapkrb/main_dialog.rb 2022-04-12 13:32:42.000000000 +0200
+++ new/yast2-auth-client-4.5.1/src/lib/authui/ldapkrb/main_dialog.rb 1970-01-01 01:00:00.000000000 +0100
@@ -1,441 +0,0 @@
-# encoding: utf-8
-
-# ------------------------------------------------------------------------------
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
-#
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of version 2 of the GNU General Public License as published by the
-# Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, contact SUSE Linux GmbH.
-#
-# ------------------------------------------------------------------------------
-
-require 'yast'
-require 'auth/authconf.rb'
-require 'authui/ldapkrb/edit_realm_dialog'
-require 'authui/ldapkrb/krb_extended_opts_dialog'
-require 'authui/ldapkrb/ldap_extended_opts_dialog'
-Yast.import 'UI'
-Yast.import 'Label'
-
-module LdapKrb
- # Main dialog shows three tabs, one for Kerberos, one for LDAP, and one for auxiliary daemons.
- class MainDialog
- include Yast
- include Auth
- include UIShortcuts
- include I18n
- include Logger
-
- def initialize
- @tab = :ldap # the last saved tab
- textdomain 'auth-client'
- end
-
- def run
- return if !UI.OpenDialog(Opt(:decorated, :defaultsize),
- VBox(Opt(:hstretch),
- DumbTab([_('Use a Directory as Identity Provider (LDAP)'), _('Authentication via Kerberos')],
- ReplacePoint(Id(:tab), Empty())),
- ButtonBox(
- PushButton(Id(:ok), Label.OKButton),
- PushButton(Id(:cancel), Label.CancelButton),
- ),
- ),
- )
- render_ldap
- begin
- return ui_event_loop
- ensure
- UI.CloseDialog()
- end
- end
-
- def ui_event_loop
- loop do
- case UI.UserInput
- when _('Use a Directory as Identity Provider (LDAP)')
- save_tab
- render_ldap
- @tab = :ldap
- when _('Authentication via Kerberos')
- save_tab
- render_krb
- @tab = :krb
-
- # LDAP tab events
- when :ldap_pam
- if UI.QueryWidget(Id(:ldap_pam), :Value)
- if AuthConfInst.sssd_pam || AuthConfInst.sssd_enabled
- Popup.Error(_("This computer is currently using SSSD to authenticate users.\n" +
- "Before you may use legacy LDAP authentication (pam_ldap), please disable SSSD from \"User Logon Management\"."))
- UI.ChangeWidget(Id(:ldap_pam), :Value, false)
- end
- end
- when :ldap_nss_passwd
- if UI.QueryWidget(Id(:ldap_nss_passwd), :Value)
- if AuthConfInst.sssd_nss.include?('passwd')
- Popup.Error(_("This computer is currently reading user database from SSSD identity provider.\n" +
- "Before you may use LDAP user database (nss_ldap), please disable SSSD user database from \"User Logon Management\"."))
- UI.ChangeWidget(Id(:ldap_nss_passwd), :Value, false)
- end
- end
- when :ldap_nss_group
- if UI.QueryWidget(Id(:ldap_nss_group), :Value)
- if AuthConfInst.sssd_nss.include?('group')
- Popup.Error(_("This computer is currently reading group database from SSSD identity provider.\n" +
- "Before you may use LDAP group database (nss_ldap), please disable SSSD group database from \"User Logon Management\"."))
- UI.ChangeWidget(Id(:ldap_nss_group), :Value, false)
- end
- end
- when :ldap_nss_sudoers
- if UI.QueryWidget(Id(:ldap_nss_sudoers), :Value)
- if AuthConfInst.sssd_nss.include?('sudoers')
- Popup.Error(_("This computer is currently reading sudoers database from SSSD identity provider.\n" +
- "Before you may use LDAP sudoers database (nss_ldap), please disable SSSD sudo database from \"User Logon Management\"."))
- UI.ChangeWidget(Id(:ldap_nss_sudoers), :Value, false)
- end
- end
- when :ldap_nss_automount
- if UI.QueryWidget(Id(:ldap_nss_automount), :Value)
- if AuthConfInst.sssd_nss.include?('automount')
- Popup.Error(_("This computer is currently reading automount database from SSSD identity provider.\n" +
- "Before you may use LDAP automount database (nss_ldap), please disable SSSD automount database from \"User Logon Management\"."))
- UI.ChangeWidget(Id(:ldap_nss_automount), :Value, false)
- redo
- end
- end
- AuthConfInst.autofs_enabled = UI.QueryWidget(Id(:ldap_nss_automount), :Value)
- when :ldap_test
- uris, hosts = get_ldap_uri_and_hosts
- if uris.empty? && hosts.empty?
- Popup.Error(_('Please enter server URI.'))
- redo
- end
- start_tls = UI.QueryWidget(Id(:ldap_tls_method), :CurrentButton) == :ldap_tls_method_starttls
- dn = UI.QueryWidget(Id(:ldap_binddn), :Value)
- password = UI.QueryWidget(Id(:ldap_bindpw), :Value)
- base_dn = UI.QueryWidget(Id(:ldap_base), :Value)
- if base_dn == ''
- Popup.Error(_('Please enter DN of search base.'))
- redo
- end
- # Test URI input
- uris.each {|uri|
- result = AuthConfInst.ldap_test_bind(uri, start_tls, dn, password, base_dn)
- if result == ''
- Popup.Message(_('Successfully contacted LDAP server on URI %s!') % [uri])
- else
- Popup.LongError(_("Connection check has failed on URI %s.\n\n%s") % [uri, result])
- end
- }
- # Test host address input, construct URI for each one.
- host_uri_prefix = ''
- if UI.QueryWidget(Id(:ldap_tls_method), :CurrentButton) == :ldap_tls_method_yes
- host_uri_prefix = 'ldaps://'
- else
- host_uri_prefix = 'ldap://'
- end
- hosts.each {|host|
- splitted = host.split(':')
- if splitted.length == 1
- host_uri = "#{host_uri_prefix}#{host}:389"
- else
- host_uri = "#{host_uri_prefix}#{splitted[0]}:#{splitted[1]}"
- end
- result = AuthConfInst.ldap_test_bind(host_uri, start_tls, dn, password, base_dn)
- if result == ''
- Popup.Message(_('Successfully contacted LDAP server on host %s') % [host_uri])
- else
- Popup.LongError(_("Connection check has failed on host %s.\n\n%s") % [host_uri, result])
- end
- }
- when :ldap_extended_opts
- LdapExtendedOptsDialog.new.run
- when :nscd_enable
- if AuthConfInst.sssd_enabled && UI.QueryWidget(Id(:nscd_enable), :Value)
- if !Popup.YesNo(_("The name service cache is should only used with legacy LDAP identity provider,\n" +
- "but your system currently has authentication domain enabled, which is not compatible with the cache.\n\n" +
- "Do you still wish to enable the cache?"))
- UI.ChangeWidget(Id(:nscd_enable), :Value, false)
- end
- end
- when :ldap_extended_opts
- LdapExtendedOptsDialog.new.run
-
- # Kerberos tab events
- when :krb_pam
- if UI.QueryWidget(Id(:krb_pam), :Value)
- if AuthConfInst.sssd_pam || AuthConfInst.sssd_enabled
- Popup.Error(_("This computer is currently using SSSD to authenticate users.\n" +
- "Before you may use Kerberos authentication (pam_krb5), please disable SSSD from \"User Logon Management\"."))
- UI.ChangeWidget(Id(:krb_pam), :Value, false)
- end
- end
- when :krb_realm_new
- LdapKrb::EditRealmDialog.new(nil).run
- curr_def = UI.QueryWidget(Id(:krb_default_realm), :Value)
- UI.ChangeWidget(Id(:krb_default_realm), :Items, [_('(not specified)')] + AuthConfInst.krb_conf['realms'].keys.sort)
- UI.ChangeWidget(Id(:krb_default_realm), :Value, curr_def)
- UI.ChangeWidget(Id(:krb_realms), :Items, AuthConfInst.krb_conf['realms'].keys.sort)
- when :krb_realm_edit
- realm = UI.QueryWidget(Id(:krb_realms), :CurrentItem)
- if realm.nil?
- redo
- end
- LdapKrb::EditRealmDialog.new(realm).run
- curr_def = UI.QueryWidget(Id(:krb_default_realm), :Value)
- UI.ChangeWidget(Id(:krb_default_realm), :Items, [_('(not specified)')] + AuthConfInst.krb_conf['realms'].keys.sort)
- UI.ChangeWidget(Id(:krb_default_realm), :Value, curr_def)
- UI.ChangeWidget(Id(:krb_realms), :Items, AuthConfInst.krb_conf['realms'].keys.sort)
- when :krb_realm_del
- realm_name = UI.QueryWidget(Id(:krb_realms), :CurrentItem)
- if realm_name.nil?
- redo
- end
- if Popup.YesNo(_('Are you sure to delete realm %s?') % [realm_name])
- AuthConfInst.krb_conf['domain_realm'].delete_if{ |_, domain_realm| domain_realm == realm_name}
- if UI.QueryWidget(Id(:krb_default_realm), :Value) == realm_name
- UI.ChangeWidget(Id(:krb_default_realm), :Value, _('(not specified)'))
- end
- AuthConfInst.krb_conf['realms'].delete(realm_name)
- UI.ChangeWidget(Id(:krb_realms), :Items, AuthConfInst.krb_conf['realms'].keys.sort)
- curr_def = UI.QueryWidget(Id(:krb_default_realm), :Value)
- UI.ChangeWidget(Id(:krb_default_realm), :Items, [_('(not specified)')] + AuthConfInst.krb_conf['realms'].keys.sort)
- UI.ChangeWidget(Id(:krb_default_realm), :Value, curr_def)
- if AuthConfInst.krb_conf_get(['libdefaults', 'default_realm'], nil) == realm_name
- AuthConfInst.krb_conf['libdefaults'].delete('default_realm')
- end
- end
- when :krb_extended_opts
- KrbExtendedOptsDialog.new.run
-
- # Save ALL
- when :ok
- save_tab
- AuthConfInst.ldap_apply
- AuthConfInst.krb_apply
- AuthConfInst.aux_apply
- break
- else
- break
- end
- end
- end
-
- # Save the content of current tab.
- def save_tab
- case @tab
- when :ldap
- save_ldap
- when :krb
- save_krb
- when :aux
- save_aux
- end
- end
-
- # Return a tuple of ldap URIs (array) and ldap host:port combinations (array).
- def get_ldap_uri_and_hosts
- uris = []
- hosts = []
- UI.QueryWidget(Id(:ldap_host_or_uri), :Value).split(/\s+/).each {|entry|
- if /ldap.*:\/\//.match(entry)
- uris += [entry]
- else
- hosts += [entry]
- end
- }
- return [uris, hosts]
- end
-
- def save_ldap
- AuthConfInst.nscd_enabled = UI.QueryWidget(Id(:nscd_enable), :Value)
- AuthConfInst.ldap_pam = UI.QueryWidget(Id(:ldap_pam), :Value)
- ['passwd', 'group', 'sudoers', 'automount'].each{ |db|
- symbol = ('ldap_nss_' + db).to_sym
- if UI.QueryWidget(Id(symbol), :Value)
- AuthConfInst.ldap_nss += [db] if !AuthConfInst.ldap_nss.include?(db)
- else
- AuthConfInst.ldap_nss.delete_if{ |n| n == db}
- end
- }
- # Split URI/host entry into two attributes, remove port attribute
- AuthConfInst.ldap_conf.delete('port')
- uris, hosts = get_ldap_uri_and_hosts
- if hosts.any?
- AuthConfInst.ldap_conf['host'] = hosts.join(' ')
- else
- AuthConfInst.ldap_conf.delete('host')
- end
- if uris.any?
- AuthConfInst.ldap_conf['uri'] = uris.join(' ')
- else
- AuthConfInst.ldap_conf.delete('uri')
- end
- AuthConfInst.ldap_conf['base'] = UI.QueryWidget(Id(:ldap_base), :Value)
- AuthConfInst.ldap_conf['binddn'] = UI.QueryWidget(Id(:ldap_binddn), :Value)
- if AuthConfInst.ldap_conf['binddn'] == ''
- AuthConfInst.ldap_conf.delete('binddn')
- end
- AuthConfInst.ldap_conf['bindpw'] = UI.QueryWidget(Id(:ldap_bindpw), :Value)
- if AuthConfInst.ldap_conf['bindpw'] == ''
- AuthConfInst.ldap_conf.delete('bindpw')
- end
- if UI.QueryWidget(Id(:ldap_rfc2307bis), :Value)
- AuthConfInst.ldap_conf['nss_schema'] = 'rfc2307bis'
- else
- AuthConfInst.ldap_conf.delete('nss_schema')
- end
- if UI.QueryWidget(Id(:ldap_persist), :Value)
- AuthConfInst.ldap_conf['nss_connect_policy'] = 'persist'
- else
- AuthConfInst.ldap_conf['nss_connect_policy'] = 'oneshot'
- end
- case UI.QueryWidget(Id(:ldap_tls_method), :CurrentButton)
- when :ldap_tls_method_no
- AuthConfInst.ldap_conf['ssl'] = 'no'
- when :ldap_tls_method_yes
- AuthConfInst.ldap_conf['ssl'] = 'yes'
- when :ldap_tls_method_starttls
- AuthConfInst.ldap_conf['ssl'] = 'start_tls'
- end
-
- # bsc#1162025: Default bind_policy to soft if not present.
- if not AuthConfInst.ldap_conf.key?('bind_policy')
- AuthConfInst.ldap_conf['bind_policy'] = 'soft'
- end
-
- AuthConfInst.mkhomedir_pam = UI.QueryWidget(Id(:mkhomedir_enable), :Value)
- end
-
- # Save Kerberos
- def save_krb
- AuthConfInst.krb_pam = UI.QueryWidget(Id(:krb_pam), :Value)
- default_realm_choice = UI.QueryWidget(Id(:krb_default_realm), :Value)
- if default_realm_choice == _('(not specified)')
- AuthConfInst.krb_conf['libdefaults']['default_realm'] = nil
- else
- AuthConfInst.krb_conf['libdefaults']['default_realm'] = default_realm_choice
- end
- AuthConfInst.krb_conf['libdefaults']['forwardable'] = UI.QueryWidget(Id(:krb_forwardable), :Value)
- AuthConfInst.krb_conf['libdefaults']['proxiable'] = UI.QueryWidget(Id(:krb_proxiable), :Value)
- AuthConfInst.krb_conf['libdefaults']['noaddresses'] = UI.QueryWidget(Id(:krb_noaddresses), :Value)
- AuthConfInst.krb_conf['libdefaults']['dns_lookup_realm'] = UI.QueryWidget(Id(:krb_dns_lookup_realm), :Value)
- AuthConfInst.krb_conf['libdefaults']['dns_lookup_kdc'] = UI.QueryWidget(Id(:krb_dns_lookup_kdc), :Value)
- AuthConfInst.krb_conf['libdefaults']['allow_weak_crypto'] = UI.QueryWidget(Id(:krb_allow_weak_crypto), :Value)
- AuthConfInst.mkhomedir_pam = UI.QueryWidget(Id(:mkhomedir_enable), :Value)
- end
-
- def render_ldap
- UI.ReplaceWidget(Id(:tab), VBox(
- HBox(
- Top(VBox(
- Left(CheckBox(Id(:ldap_pam), Opt(:notify), _('Allow LDAP Users To Authenticate (pam_ldap)'), AuthConfInst.ldap_pam)),
- Left(CheckBox(Id(:nscd_enable), Opt(:notify), _('Cache LDAP Entries For Faster Response (nscd)'), AuthConfInst.nscd_enabled)),
- Left(CheckBox(Id(:mkhomedir_enable), _('Automatically Create Home Directory'), AuthConfInst.mkhomedir_pam)),
- VSpacing(1.0),
- Left(Label(_('Read the following items from LDAP data source:'))),
- Left(CheckBox(Id(:ldap_nss_passwd), Opt(:notify), _("Users"), AuthConfInst.ldap_nss.include?('passwd'))),
- Left(CheckBox(Id(:ldap_nss_group), Opt(:notify), _("Groups"), AuthConfInst.ldap_nss.include?('group'))),
- Left(CheckBox(Id(:ldap_nss_sudoers), Opt(:notify), _("Super-User Commands (sudo)"), AuthConfInst.ldap_nss.include?('sudoers'))),
- Left(CheckBox(Id(:ldap_nss_automount), Opt(:notify), _("Network Disk Locations (automount)"), AuthConfInst.ldap_nss.include?('automount'))),
- VSpacing(1.0),
- Left(Label(_('Enter LDAP server locations (space separated), in either format:'))),
- Left(Label(_('- Host name or IP and port number (ip:port)'))),
- Left(Label(_('- URI (ldap://server:port, ldaps://server:port)'))),
- InputField(Id(:ldap_host_or_uri), Opt(:hstretch), ''),
- InputField(Id(:ldap_base), Opt(:hstretch), _('DN of Search Base (e.g. dc=example,dc=com)'),
- AuthConfInst.ldap_conf['base'].to_s),
- )),
- Top(VBox(
- InputField(Id(:ldap_binddn), Opt(:hstretch), _('DN of Bind User (Leave Empty for Anonymous Bind)'),
- AuthConfInst.ldap_conf['binddn'].to_s),
- InputField(Id(:ldap_bindpw), Opt(:hstretch), _('Password of the Bind User (Leave Empty for Anonymous Bind)'),
- AuthConfInst.ldap_conf['bindpw'].to_s),
- VSpacing(1.0),
- CheckBox(Id(:ldap_rfc2307bis), Opt(:hstretch), _('Identify Group Members by Their DNs (RFC2307bis)'),
- AuthConfInst.ldap_conf['nss_schema'] == 'rfc2307bis'),
- CheckBox(Id(:ldap_persist), Opt(:hstretch), _('Leave LDAP Connections Open for Consecutive Requests'),
- AuthConfInst.ldap_conf['nss_connect_policy'] != 'oneshot'),
- VSpacing(1.0),
- Frame(_('Secure LDAP communication'), RadioButtonGroup(Id(:ldap_tls_method), VBox(
- Left(RadioButton(Id(:ldap_tls_method_no), _('Do Not Use Security'))),
- Left(RadioButton(Id(:ldap_tls_method_yes), _('Secure Communication via TLS'))),
- Left(RadioButton(Id(:ldap_tls_method_starttls), _('Secure Communication via StartTLS'))),
- ))),
- VSpacing(1.0),
- Left(HBox(PushButton(Id(:ldap_test), _('Test Connection')), PushButton(Id(:ldap_extended_opts), _('Extended Options')))),
- )),
- ),
- ))
- # Combine host/port/uri into one
- default_port_str = AuthConfInst.ldap_conf['port'] ? AuthConfInst.ldap_conf['port'] : '389'
- hosts = AuthConfInst.ldap_conf['host'].to_s.split(/\s+/).map{|a_host|
- # If not specified, append the default port number
- if a_host.split(':').length == 1
- a_host + ':' + default_port_str
- else
- a_host
- end
- }
- uris = AuthConfInst.ldap_conf['uri'].to_s.split(/\s+/)
- UI.ChangeWidget(Id(:ldap_host_or_uri), :Value, (uris + hosts).join(' '))
-
- if AuthConfInst.ldap_conf['bind_policy'] == 'soft'
- UI.ChangeWidget(Id(:ldap_bind_policy), :CurrentButton, :ldap_bind_policy_soft)
- else
- UI.ChangeWidget(Id(:ldap_bind_policy), :CurrentButton, :ldap_bind_policy_hard)
- end
- if AuthConfInst.ldap_conf['ssl'] == 'yes'
- UI.ChangeWidget(Id(:ldap_tls_method), :CurrentButton, :ldap_tls_method_yes)
- elsif AuthConfInst.ldap_conf['ssl'] == 'start_tls'
- UI.ChangeWidget(Id(:ldap_tls_method), :CurrentButton, :ldap_tls_method_starttls)
- else
- UI.ChangeWidget(Id(:ldap_tls_method), :CurrentButton, :ldap_tls_method_no)
- end
- end
-
- def render_krb
- UI.ReplaceWidget(Id(:tab), VBox(
- HBox(
- Top(VBox(
- Left(CheckBox(Id(:krb_pam), Opt(:notify), _('Allow Kerberos Users To Authenticate (pam_krb5)'),
- AuthConfInst.krb_pam)),
- Left(HBox(CheckBox(Id(:mkhomedir_enable), _('Automatically Create Home Directory'), AuthConfInst.mkhomedir_pam))),
- VSpacing(1.0),
- Left(ComboBox(Id(:krb_default_realm), _('Default Realm For User Login:'),
- [_('(not specified)')] + AuthConfInst.krb_conf['realms'].keys.sort)),
- Left(SelectionBox(Id(:krb_realms), _('All Authentication Realms'),
- AuthConfInst.krb_conf['realms'].keys.sort)),
- Left(HBox(PushButton(Id(:krb_realm_new), _('Add Realm')), PushButton(Id(:krb_realm_edit), _('Edit Realm')), PushButton(Id(:krb_realm_del), _('Delete Realm')))),
- )),
- Top(VBox(
- Left(CheckBox(Id(:krb_dns_lookup_realm), _('Use DNS TXT Record to Discover Realms'),
- AuthConfInst.krb_conf_get_bool(['libdefaults', 'dns_lookup_realm'], false))),
- Left(CheckBox(Id(:krb_dns_lookup_kdc), _('Use DNS SRV record to Discover KDC servers'),
- AuthConfInst.krb_conf_get_bool(['libdefaults', 'dns_lookup_kdc'], false))),
- VSpacing(1.0),
- Left(CheckBox(Id(:krb_allow_weak_crypto), _('Allow Insecure Encryption (Windows NT)'),
- AuthConfInst.krb_conf_get_bool(['libdefaults', 'allow_weak_crypto'], false))),
- Left(CheckBox(Id(:krb_forwardable), _('Allow KDC on Other Networks to Issue Authentication Tickets'),
- AuthConfInst.krb_conf_get_bool(['libdefaults', 'forwardable'], false))),
- Left(CheckBox(Id(:krb_proxiable), _('Allow Kerberos-Enabled Services to Take on The Identity Of a User'),
- AuthConfInst.krb_conf_get_bool(['libdefaults', 'proxiable'], false))),
- Left(CheckBox(Id(:krb_noaddresses), _('Issue Address-Less Tickets for Computers Behind NAT'),
- AuthConfInst.krb_conf_get_bool(['libdefaults', 'noaddresses'], false))),
- VSpacing(1.0),
- Left(PushButton(Id(:krb_extended_opts), _('Extended Options'))),
- )),
- ),
- ))
- UI.ChangeWidget(Id(:krb_default_realm), :Value, AuthConfInst.krb_conf_get(['libdefaults', 'default_realm'], _('(not specified)')))
- end
- end
-end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.5.0/test/authconf_chroot/etc/ldap.conf new/yast2-auth-client-4.5.1/test/authconf_chroot/etc/ldap.conf
--- old/yast2-auth-client-4.5.0/test/authconf_chroot/etc/ldap.conf 2022-04-12 13:32:42.000000000 +0200
+++ new/yast2-auth-client-4.5.1/test/authconf_chroot/etc/ldap.conf 1970-01-01 01:00:00.000000000 +0100
@@ -1,315 +0,0 @@
-#
-# This is the configuration file for the LDAP nameservice
-# switch library and the LDAP PAM module.
-#
-
-# Your LDAP server. Must be resolvable without using LDAP.
-# Multiple hosts may be specified, each separated by a
-# space. How long nss_ldap takes to failover depends on
-# whether your LDAP client library supports configurable
-# network or connect timeouts (see bind_timelimit).
-host 127.0.0.1
-
-# The distinguished name of the search base.
-base dc=example,dc=com
-
-# Another way to specify your LDAP server is to provide an
-# uri with the server name. This allows to use
-# Unix Domain Sockets to connect to a local LDAP Server.
-#uri ldap://127.0.0.1/
-#uri ldaps://127.0.0.1/
-#uri ldapi://%2fvar%2frun%2fldapi_sock/
-# Note: %2f encodes the '/' used as directory separator
-
-# The LDAP version to use (defaults to 3
-# if supported by client library)
-#ldap_version 3
-
-# The distinguished name to bind to the server with.
-# Optional: default is to bind anonymously.
-#binddn cn=proxyuser,dc=example,dc=com
-
-# The credentials to bind with.
-# Optional: default is no credential.
-#bindpw secret
-
-# The distinguished name to bind to the server with
-# if the effective user ID is root. Password is
-# stored in /etc/ldap.secret (mode 600)
-#rootbinddn cn=manager,dc=example,dc=com
-
-# The port.
-# Optional: default is 389.
-#port 389
-
-# The search scope.
-#scope sub
-#scope one
-#scope base
-
-# Search timelimit
-#timelimit 30
-
-# Bind/connect timelimit
-#bind_timelimit 30
-
-# Reconnect policy:
-# hard_open: reconnect to DSA with exponential backoff if
-# opening connection failed
-# hard_init: reconnect to DSA with exponential backoff if
-# initializing connection failed
-# hard: alias for hard_open
-# soft: return immediately on server failure
-bind_policy soft
-
-# Connection policy:
-# persist: DSA connections are kept open (default)
-# oneshot: DSA connections destroyed after request
-#nss_connect_policy persist
-
-# Idle timelimit; client will close connections
-# (nss_ldap only) if the server has not been contacted
-# for the number of seconds specified below.
-#idle_timelimit 3600
-
-# Use paged rseults
-#nss_paged_results yes
-
-# Pagesize: when paged results enable, used to set the
-# pagesize to a custom value
-#pagesize 1000
-
-# Filter to AND with uid=%s
-#pam_filter objectclass=account
-
-# The user ID attribute (defaults to uid)
-#pam_login_attribute uid
-
-# Search the root DSE for the password policy (works
-# with Netscape Directory Server). Make use of
-# Password Policy LDAP Control (as in OpenLDAP)
-pam_lookup_policy yes
-
-# Check the 'host' attribute for access control
-# Default is no; if set to yes, and user has no
-# value for the host attribute, and pam_ldap is
-# configured for account management (authorization)
-# then the user will not be allowed to login.
-#pam_check_host_attr yes
-
-# Check the 'authorizedService' attribute for access
-# control
-# Default is no; if set to yes, and the user has no
-# value for the authorizedService attribute, and
-# pam_ldap is configured for account management
-# (authorization) then the user will not be allowed
-# to login.
-#pam_check_service_attr yes
-
-# Group to enforce membership of
-#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com
-
-# Group member attribute
-#pam_member_attribute uniquemember
-
-# Specify a minium or maximum UID number allowed
-#pam_min_uid 0
-#pam_max_uid 0
-
-# Template login attribute, default template user
-# (can be overriden by value of former attribute
-# in user's entry)
-#pam_login_attribute userPrincipalName
-#pam_template_login_attribute uid
-#pam_template_login nobody
-
-# HEADS UP: the pam_crypt, pam_nds_passwd,
-# and pam_ad_passwd options are no
-# longer supported.
-#
-# Do not hash the password at all; presume
-# the directory server will do it, if
-# necessary. This is the default.
-#pam_password clear
-
-# Hash password locally; required for University of
-# Michigan LDAP server, and works with Netscape
-# Directory Server if you're using the UNIX-Crypt
-# hash mechanism and not using the NT Synchronization
-# service.
-#pam_password crypt
-
-# Remove old password first, then update in
-# cleartext. Necessary for use with Novell
-# Directory Services (NDS)
-#pam_password nds
-
-# RACF is an alias for the above. For use with
-# IBM RACF
-#pam_password racf
-
-# Update Active Directory password, by
-# creating Unicode password and updating
-# unicodePwd attribute.
-#pam_password ad
-
-# Use the OpenLDAP password change
-# extended operation to update the password.
-pam_password exop
-
-# Redirect users to a URL or somesuch on password
-# changes.
-#pam_password_prohibit_message Please visit http://internal to change your password.
-
-# Use backlinks for answering initgroups()
-#nss_initgroups backlink
-
-# returns NOTFOUND if nss_ldap's initgroups() is called
-# for users specified in nss_initgroups_ignoreusers
-# (comma separated)
-nss_initgroups_ignoreusers root,ldap
-
-# Enable support for RFC2307bis (distinguished names in group
-# members)
-nss_schema rfc2307bis
-
-# RFC2307bis naming contexts
-# Syntax:
-# nss_base_XXX base?scope?filter
-# where scope is {base,one,sub}
-# and filter is a filter to be &'d with the
-# default filter.
-# You can omit the suffix eg:
-# nss_base_passwd ou=People,
-# to append the default base DN but this
-# may incur a small performance impact.
-#nss_base_passwd ou=People,dc=example,dc=com?one
-#nss_base_shadow ou=People,dc=example,dc=com?one
-#nss_base_group ou=Group,dc=example,dc=com?one
-#nss_base_hosts ou=Hosts,dc=example,dc=com?one
-#nss_base_services ou=Services,dc=example,dc=com?one
-#nss_base_networks ou=Networks,dc=example,dc=com?one
-#nss_base_protocols ou=Protocols,dc=example,dc=com?one
-#nss_base_rpc ou=Rpc,dc=example,dc=com?one
-#nss_base_ethers ou=Ethers,dc=example,dc=com?one
-#nss_base_netmasks ou=Networks,dc=example,dc=com?ne
-#nss_base_bootparams ou=Ethers,dc=example,dc=com?one
-#nss_base_aliases ou=Aliases,dc=example,dc=com?one
-#nss_base_netgroup ou=Netgroup,dc=example,dc=com?one
-
-# attribute/objectclass mapping
-# Syntax:
-#nss_map_attribute rfc2307attribute mapped_attribute
-#nss_map_objectclass rfc2307objectclass mapped_objectclass
-
-# configure --enable-nds is no longer supported.
-# NDS mappings
-nss_map_attribute uniqueMember member
-
-# Services for UNIX 3.5 mappings
-#nss_map_objectclass posixAccount User
-#nss_map_objectclass shadowAccount User
-#nss_map_attribute uid msSFU30Name
-#nss_map_attribute uniqueMember msSFU30PosixMember
-#nss_map_attribute userPassword msSFU30Password
-#nss_map_attribute homeDirectory msSFU30HomeDirectory
-#nss_map_attribute homeDirectory msSFUHomeDirectory
-#nss_map_objectclass posixGroup Group
-#pam_login_attribute msSFU30Name
-#pam_filter objectclass=User
-#pam_password ad
-
-# configure --enable-mssfu-schema is no longer supported.
-# Services for UNIX 2.0 mappings
-#nss_map_objectclass posixAccount User
-#nss_map_objectclass shadowAccount user
-#nss_map_attribute uid msSFUName
-#nss_map_attribute uniqueMember posixMember
-#nss_map_attribute userPassword msSFUPassword
-#nss_map_attribute homeDirectory msSFUHomeDirectory
-#nss_map_attribute shadowLastChange pwdLastSet
-#nss_map_objectclass posixGroup Group
-#nss_map_attribute cn msSFUName
-#pam_login_attribute msSFUName
-#pam_filter objectclass=User
-#pam_password ad
-
-# RFC 2307 (AD) mappings
-#nss_map_objectclass posixAccount user
-#nss_map_objectclass shadowAccount user
-#nss_map_attribute uid sAMAccountName
-#nss_map_attribute homeDirectory unixHomeDirectory
-#nss_map_attribute shadowLastChange pwdLastSet
-#nss_map_objectclass posixGroup group
-#nss_map_attribute uniqueMember member
-#pam_login_attribute sAMAccountName
-#pam_filter objectclass=User
-#pam_password ad
-
-# configure --enable-authpassword is no longer supported
-# AuthPassword mappings
-#nss_map_attribute userPassword authPassword
-
-# AIX SecureWay mappings
-#nss_map_objectclass posixAccount aixAccount
-#nss_base_passwd ou=aixaccount,?one
-#nss_map_attribute uid userName
-#nss_map_attribute gidNumber gid
-#nss_map_attribute uidNumber uid
-#nss_map_attribute userPassword passwordChar
-#nss_map_objectclass posixGroup aixAccessGroup
-#nss_base_group ou=aixgroup,?one
-#nss_map_attribute cn groupName
-#nss_map_attribute uniqueMember member
-#pam_login_attribute userName
-#pam_filter objectclass=aixAccount
-#pam_password clear
-
-# For pre-RFC2307bis automount schema
-#nss_map_objectclass automountMap nisMap
-#nss_map_attribute automountMapName nisMapName
-#nss_map_objectclass automount nisObject
-#nss_map_attribute automountKey cn
-#nss_map_attribute automountInformation nisMapEntry
-
-# Netscape SDK LDAPS
-#ssl on
-
-# Netscape SDK SSL options
-#sslpath /etc/ssl/certs
-
-# OpenLDAP SSL mechanism
-# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
-ssl start_tls
-#ssl on
-
-# OpenLDAP SSL options
-# Require and verify server certificate (yes/no)
-# Default is to use libldap's default behavior, which can be configured in
-# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
-# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
-#tls_checkpeer yes
-
-# CA certificates for server certificate verification
-# At least one of these are required if tls_checkpeer is "yes"
-#tls_cacertfile /etc/ssl/ca.cert
-#tls_cacertdir /etc/ssl/certs
-
-# Seed the PRNG if /dev/urandom is not provided
-#tls_randfile /var/run/egd-pool
-
-# SSL cipher suite
-# See man ciphers for syntax
-#tls_ciphers TLSv1
-
-# Client certificate and key
-# Use these, if your server requires client authentication.
-#tls_cert
-#tls_key
-
-# Disable SASL security layers. This is needed for AD.
-#sasl_secprops maxssf=0
-
-# Override the default Kerberos ticket cache location.
-#krb5_ccname FILE:/etc/.ldapcache
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.5.0/test/authconf_test.rb new/yast2-auth-client-4.5.1/test/authconf_test.rb
--- old/yast2-auth-client-4.5.0/test/authconf_test.rb 2022-04-12 13:32:42.000000000 +0200
+++ new/yast2-auth-client-4.5.1/test/authconf_test.rb 2022-07-28 15:52:19.000000000 +0200
@@ -110,53 +110,6 @@
end
end
- describe 'LDAP' do
- it 'Read, lint, and export LDAP configuration' do
- authconf.ldap_read
- expect(authconf.ldap_export).to eq(
- 'conf'=>{
- 'host'=>'127.0.0.1',
- 'base'=>'dc=example,dc=com',
- 'bind_policy'=>'soft',
- 'pam_lookup_policy'=>'yes',
- 'pam_password'=>'exop',
- 'nss_initgroups_ignoreusers'=>'root,ldap',
- 'nss_schema'=>'rfc2307bis',
- 'nss_map_attribute'=>'uniqueMember member',
- 'ssl'=>'start_tls'},
- 'pam'=>false,
- 'nss'=>[])
- end
- it 'Create LDAP configuration file' do
- expect(authconf.ldap_make_conf).to eq('host 127.0.0.1
-base dc=example,dc=com
-bind_policy soft
-pam_lookup_policy yes
-pam_password exop
-nss_initgroups_ignoreusers root,ldap
-nss_schema rfc2307bis
-nss_map_attribute uniqueMember member
-ssl start_tls
-')
- end
- it 'Import and recreate the same configuration' do
- conf = {'conf'=>{
- 'host'=>'127.0.0.1',
- 'base'=>'dc=example,dc=com',
- 'bind_policy'=>'soft',
- 'pam_lookup_policy'=>'yes',
- 'pam_password'=>'exop',
- 'nss_initgroups_ignoreusers'=>'root,ldap',
- 'nss_schema'=>'rfc2307bis',
- 'nss_map_attribute'=>'uniqueMember member',
- 'ssl'=>'start_tls'},
- 'pam'=>true,
- 'nss'=>['passwd', 'group']}
- authconf.ldap_import(conf)
- expect(authconf.ldap_export).to eq(conf)
- end
- end
-
describe 'Kerberos' do
it 'Read, lint, and export Kerberos configuration' do
# The first example is very simple
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package cockpit for openSUSE:Factory checked in at 2022-07-31 23:00:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cockpit (Old)
and /work/SRC/openSUSE:Factory/.cockpit.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cockpit"
Sun Jul 31 23:00:41 2022 rev:22 rq:991570 version:271
Changes:
--------
--- /work/SRC/openSUSE:Factory/cockpit/cockpit.changes 2022-07-01 13:43:57.634808513 +0200
+++ /work/SRC/openSUSE:Factory/.cockpit.new.1533/cockpit.changes 2022-07-31 23:00:58.311696605 +0200
@@ -1,0 +2,6 @@
+Thu Jul 28 08:41:13 UTC 2022 - Jacek Tomasiak <jtomasiak(a)suse.com>
+
+- Update suse-microos-branding.patch for new /etc/os-release ID.
+- Add storage-btrfs.patch to enable BTRFS use in cockpit-storage.
+
+-------------------------------------------------------------------
New:
----
storage-btrfs.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cockpit.spec ++++++
--- /var/tmp/diff_new_pack.1saJ8g/_old 2022-07-31 23:00:59.475699986 +0200
+++ /var/tmp/diff_new_pack.1saJ8g/_new 2022-07-31 23:00:59.483700010 +0200
@@ -63,6 +63,7 @@
Patch2: hide-docs.patch
Patch3: suse-microos-branding.patch
Patch4: css-overrides.patch
+Patch5: storage-btrfs.patch
# SLE Micro specific patches
Patch100: remove-pwscore.patch
Patch101: hide-pcp.patch
@@ -183,6 +184,7 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%if 0%{?sle_version}
%patch100 -p1
++++++ storage-btrfs.patch ++++++
diff --git a/pkg/storaged/format-dialog.jsx b/pkg/storaged/format-dialog.jsx
index 05b1096..22db61b 100644
--- a/pkg/storaged/format-dialog.jsx
+++ b/pkg/storaged/format-dialog.jsx
@@ -162,7 +162,8 @@ export function format_dialog(client, path, start, size, enable_dos_extended) {
}
const filesystem_options = [];
- add_fsys("xfs", { value: "xfs", title: "XFS " + _("(recommended)") });
+ add_fsys("btrfs", { value: "btrfs", title: "BTRFS " + _("(recommended)") });
+ add_fsys("xfs", { value: "xfs", title: "XFS" });
add_fsys("ext4", { value: "ext4", title: "EXT4" });
add_fsys("vfat", { value: "vfat", title: "VFAT" });
add_fsys("ntfs", { value: "ntfs", title: "NTFS" });
++++++ suse-microos-branding.patch ++++++
--- /var/tmp/diff_new_pack.1saJ8g/_old 2022-07-31 23:00:59.675700568 +0200
+++ /var/tmp/diff_new_pack.1saJ8g/_new 2022-07-31 23:00:59.679700579 +0200
@@ -8,11 +8,11 @@
properly.
---
Makefile.am | 1 +
- src/branding/suse-microos/Makefile.am | 11 ++++
- src/branding/suse-microos/branding.css | 87 ++++++++++++++++++++++++++
+ src/branding/sle-micro/Makefile.am | 11 ++++
+ src/branding/sle-micro/branding.css | 87 ++++++++++++++++++++++++++
3 files changed, 99 insertions(+)
- create mode 100644 src/branding/suse-microos/Makefile.am
- create mode 100644 src/branding/suse-microos/branding.css
+ create mode 100644 src/branding/sle-micro/Makefile.am
+ create mode 100644 src/branding/sle-micro/branding.css
diff --git a/Makefile.am b/Makefile.am
index fb619f3f253..ec761210a52 100644
@@ -22,32 +22,32 @@
include src/branding/fedora/Makefile.am
include src/branding/kubernetes/Makefile.am
include src/branding/opensuse/Makefile.am
-+include src/branding/suse-microos/Makefile.am
++include src/branding/sle-micro/Makefile.am
include src/branding/registry/Makefile.am
include src/branding/rhel/Makefile.am
include src/branding/scientific/Makefile.am
-diff --git a/src/branding/suse-microos/Makefile.am b/src/branding/suse-microos/Makefile.am
+diff --git a/src/branding/sle-micro/Makefile.am b/src/branding/sle-micro/Makefile.am
new file mode 100644
index 00000000000..3f4b762afa5
--- /dev/null
-+++ b/src/branding/suse-microos/Makefile.am
++++ b/src/branding/sle-micro/Makefile.am
@@ -0,0 +1,11 @@
-+susemicroosbrandingdir = $(datadir)/cockpit/branding/suse-microos
++slemicrobrandingdir = $(datadir)/cockpit/branding/sle-micro
+
-+dist_susemicroosbranding_DATA = \
-+ src/branding/suse-microos/branding.css \
++dist_slemicrobranding_DATA = \
++ src/branding/sle-micro/branding.css \
+ $(NULL)
+
+install-data-hook::
-+ $(LN_S) -f /usr/share/wallpapers/SLEdefault/contents/images/1920x1200.png $(DESTDIR)$(susemicroosbrandingdir)/default-1920x1200.png
-+ $(LN_S) -f /usr/share/pixmaps/distribution-logos/square-hicolor.svg $(DESTDIR)$(susemicroosbrandingdir)/square-hicolor.svg
-+ $(LN_S) -f /usr/share/pixmaps/distribution-logos/favicon.ico $(DESTDIR)$(susemicroosbrandingdir)/favicon.ico
-+ $(LN_S) -f /usr/share/pixmaps/distribution-logos/apple-touch-icon.png $(DESTDIR)$(susemicroosbrandingdir)/apple-touch-icon.png
-diff --git a/src/branding/suse-microos/branding.css b/src/branding/suse-microos/branding.css
++ $(LN_S) -f /usr/share/wallpapers/SLEdefault/contents/images/1920x1200.png $(DESTDIR)$(slemicrobrandingdir)/default-1920x1200.png
++ $(LN_S) -f /usr/share/pixmaps/distribution-logos/square-hicolor.svg $(DESTDIR)$(slemicrobrandingdir)/square-hicolor.svg
++ $(LN_S) -f /usr/share/pixmaps/distribution-logos/favicon.ico $(DESTDIR)$(slemicrobrandingdir)/favicon.ico
++ $(LN_S) -f /usr/share/pixmaps/distribution-logos/apple-touch-icon.png $(DESTDIR)$(slemicrobrandingdir)/apple-touch-icon.png
+diff --git a/src/branding/sle-micro/branding.css b/src/branding/sle-micro/branding.css
new file mode 100644
index 00000000000..e3c7939c464
--- /dev/null
-+++ b/src/branding/suse-microos/branding.css
++++ b/src/branding/sle-micro/branding.css
@@ -0,0 +1,87 @@
+/* Extra overrides */
+:root {
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package yast2-bootloader for openSUSE:Factory checked in at 2022-07-31 23:00:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-bootloader (Old)
and /work/SRC/openSUSE:Factory/.yast2-bootloader.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-bootloader"
Sun Jul 31 23:00:41 2022 rev:322 rq:991562 version:4.5.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-bootloader/yast2-bootloader.changes 2022-04-09 01:44:12.146626390 +0200
+++ /work/SRC/openSUSE:Factory/.yast2-bootloader.new.1533/yast2-bootloader.changes 2022-07-31 23:00:55.571688644 +0200
@@ -1,0 +2,7 @@
+Mon Jul 25 15:26:05 UTC 2022 - Ancor Gonzalez Sosa <ancor(a)suse.com>
+
+- Execute the command grub2-mkpasswd-pbkdf2 in the target system
+ so the module can run in a minimal container (bsc#1199840).
+- 4.5.2
+
+-------------------------------------------------------------------
@@ -12 +19 @@
-- Bump version to 4.5.0 (#bsc1198109)
+- Bump version to 4.5.0 (bsc#1198109)
Old:
----
yast2-bootloader-4.5.1.tar.bz2
New:
----
yast2-bootloader-4.5.2.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-bootloader.spec ++++++
--- /var/tmp/diff_new_pack.3cyuP9/_old 2022-07-31 23:00:57.863695303 +0200
+++ /var/tmp/diff_new_pack.3cyuP9/_new 2022-07-31 23:00:57.867695314 +0200
@@ -17,7 +17,7 @@
Name: yast2-bootloader
-Version: 4.5.1
+Version: 4.5.2
Release: 0
Summary: YaST2 - Bootloader Configuration
License: GPL-2.0-or-later
++++++ yast2-bootloader-4.5.1.tar.bz2 -> yast2-bootloader-4.5.2.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-4.5.1/package/yast2-bootloader.changes new/yast2-bootloader-4.5.2/package/yast2-bootloader.changes
--- old/yast2-bootloader-4.5.1/package/yast2-bootloader.changes 2022-04-07 20:08:05.000000000 +0200
+++ new/yast2-bootloader-4.5.2/package/yast2-bootloader.changes 2022-07-28 15:22:56.000000000 +0200
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Mon Jul 25 15:26:05 UTC 2022 - Ancor Gonzalez Sosa <ancor(a)suse.com>
+
+- Execute the command grub2-mkpasswd-pbkdf2 in the target system
+ so the module can run in a minimal container (bsc#1199840).
+- 4.5.2
+
+-------------------------------------------------------------------
Thu Apr 7 13:21:58 UTC 2022 - Josef Reidinger <jreidinger(a)suse.com>
- AutoYaST: do not clone device for hibernation and also check
@@ -9,7 +16,7 @@
-------------------------------------------------------------------
Wed Apr 06 13:24:58 UTC 2022 - Ladislav Slez��k <lslezak(a)suse.cz>
-- Bump version to 4.5.0 (#bsc1198109)
+- Bump version to 4.5.0 (bsc#1198109)
-------------------------------------------------------------------
Fri Jan 28 22:37:00 UTC 2022 - Josef Reidinger <jreidinger(a)suse.com>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-4.5.1/package/yast2-bootloader.spec new/yast2-bootloader-4.5.2/package/yast2-bootloader.spec
--- old/yast2-bootloader-4.5.1/package/yast2-bootloader.spec 2022-04-07 20:08:05.000000000 +0200
+++ new/yast2-bootloader-4.5.2/package/yast2-bootloader.spec 2022-07-28 15:22:56.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-bootloader
-Version: 4.5.1
+Version: 4.5.2
Release: 0
Summary: YaST2 - Bootloader Configuration
License: GPL-2.0-or-later
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-4.5.1/src/lib/bootloader/grub2pwd.rb new/yast2-bootloader-4.5.2/src/lib/bootloader/grub2pwd.rb
--- old/yast2-bootloader-4.5.1/src/lib/bootloader/grub2pwd.rb 2022-04-07 20:08:05.000000000 +0200
+++ new/yast2-bootloader-4.5.2/src/lib/bootloader/grub2pwd.rb 2022-07-28 15:22:56.000000000 +0200
@@ -131,7 +131,7 @@
end
def encrypt(password)
- result = Yast::Execute.locally("/usr/bin/grub2-mkpasswd-pbkdf2",
+ result = Yast::Execute.on_target("/usr/bin/grub2-mkpasswd-pbkdf2",
env: { "LANG" => "C" },
stdin: "#{password}\n#{password}\n",
stdout: :capture)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-4.5.1/test/grub2pwd_test.rb new/yast2-bootloader-4.5.2/test/grub2pwd_test.rb
--- old/yast2-bootloader-4.5.1/test/grub2pwd_test.rb 2022-04-07 20:08:05.000000000 +0200
+++ new/yast2-bootloader-4.5.2/test/grub2pwd_test.rb 2022-07-28 15:22:56.000000000 +0200
@@ -221,7 +221,7 @@
PBKDF2 hash of your password is #{ENCRYPTED_PASSWORD}
OUTPUT
- expect(Yast::Execute).to receive(:locally)
+ expect(Yast::Execute).to receive(:on_target)
.with(/grub2-mkpasswd/, anything)
.and_return(success_stdout)
subject.password = "really strong password"
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package socket_wrapper for openSUSE:Factory checked in at 2022-07-31 23:00:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/socket_wrapper (Old)
and /work/SRC/openSUSE:Factory/.socket_wrapper.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "socket_wrapper"
Sun Jul 31 23:00:39 2022 rev:18 rq:991556 version:1.3.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/socket_wrapper/socket_wrapper.changes 2021-03-19 16:40:19.125884246 +0100
+++ /work/SRC/openSUSE:Factory/.socket_wrapper.new.1533/socket_wrapper.changes 2022-07-31 23:00:54.507685552 +0200
@@ -1,0 +2,7 @@
+Thu Jul 21 12:53:16 UTC 2022 - Andreas Schneider <asn(a)cryptomilk.org>
+
+- Update to version 1.3.4
+ * Fixed TOCTOU issue with udp auto binding
+ * Fixed running on FreeBSD
+
+-------------------------------------------------------------------
Old:
----
socket_wrapper-1.3.3.tar.gz
socket_wrapper-1.3.3.tar.gz.asc
New:
----
socket_wrapper-1.3.4.tar.gz
socket_wrapper-1.3.4.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ socket_wrapper.spec ++++++
--- /var/tmp/diff_new_pack.2iLXcs/_old 2022-07-31 23:00:54.943686819 +0200
+++ /var/tmp/diff_new_pack.2iLXcs/_new 2022-07-31 23:00:54.947686830 +0200
@@ -1,7 +1,7 @@
#
# spec file for package socket_wrapper
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
############################# NOTE ##################################
Name: socket_wrapper
-Version: 1.3.3
+Version: 1.3.4
Release: 0
Summary: A library passing all socket communications through Unix sockets
License: BSD-3-Clause
++++++ socket_wrapper-1.3.3.tar.gz -> socket_wrapper-1.3.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socket_wrapper-1.3.3/.editorconfig new/socket_wrapper-1.3.4/.editorconfig
--- old/socket_wrapper-1.3.3/.editorconfig 1970-01-01 01:00:00.000000000 +0100
+++ new/socket_wrapper-1.3.4/.editorconfig 2022-07-21 14:50:10.000000000 +0200
@@ -0,0 +1,23 @@
+root = true
+
+[*]
+charset = utf-8
+max_line_length = 80
+end_of_line = lf
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{c,h}]
+indent_style = tab
+indent_size = 8
+tab_width = 8
+
+[*.cmake]
+indent_style = space
+indent_size = 4
+tab_width = 4
+
+[CMake*]
+indent_style = space
+indent_size = 4
+tab_width = 4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socket_wrapper-1.3.3/.gitlab-ci.yml new/socket_wrapper-1.3.4/.gitlab-ci.yml
--- old/socket_wrapper-1.3.3/.gitlab-ci.yml 2021-02-05 14:11:25.000000000 +0100
+++ new/socket_wrapper-1.3.4/.gitlab-ci.yml 2022-07-21 14:50:10.000000000 +0200
@@ -1,3 +1,4 @@
+---
variables:
BUILD_IMAGES_PROJECT: cmocka/gitlab-build-images
FEDORA_BUILD: buildenv-fedora
@@ -6,18 +7,24 @@
MINGW_BUILD: buildenv-mingw
UBUNTU_BUILD: buildenv-ubuntu
+stages:
+ - build
+ - test
+ - analysis
+
centos7/x86_64:
+ stage: test
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
script:
- - mkdir -p obj && cd obj && cmake3
- -DCMAKE_BUILD_TYPE=RelWithDebInfo
- -DPICKY_DEVELOPER=ON
- -DUNIT_TESTING=ON .. &&
- make -j$(nproc) && ctest --output-on-failure
+ - mkdir -p obj && cd obj && cmake3
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+ -DPICKY_DEVELOPER=ON
+ -DUNIT_TESTING=ON .. &&
+ make -j$(nproc) && ctest --output-on-failure
tags:
- - shared
+ - shared
except:
- - tags
+ - tags
artifacts:
expire_in: 1 week
when: on_failure
@@ -25,17 +32,18 @@
- obj/
fedora/x86_64:
+ stage: test
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- - mkdir -p obj && cd obj && cmake
- -DCMAKE_BUILD_TYPE=RelWithDebInfo
- -DPICKY_DEVELOPER=ON
- -DUNIT_TESTING=ON .. &&
- make -j$(nproc) && ctest --output-on-failure
+ - mkdir -p obj && cd obj && cmake
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+ -DPICKY_DEVELOPER=ON
+ -DUNIT_TESTING=ON .. &&
+ make -j$(nproc) && ctest --output-on-failure
tags:
- - shared
+ - shared
except:
- - tags
+ - tags
artifacts:
expire_in: 1 week
when: on_failure
@@ -43,17 +51,18 @@
- obj/
fedora/address-sanitizer:
+ stage: build
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- - mkdir -p obj && cd obj && cmake
- -DCMAKE_BUILD_TYPE=AddressSanitizer
- -DPICKY_DEVELOPER=ON
- -DUNIT_TESTING=ON .. &&
- make -j$(nproc) && ctest --output-on-failure
+ - mkdir -p obj && cd obj && cmake
+ -DCMAKE_BUILD_TYPE=AddressSanitizer
+ -DPICKY_DEVELOPER=ON
+ -DUNIT_TESTING=ON .. &&
+ make -j$(nproc) && ctest --output-on-failure
tags:
- - shared
+ - shared
except:
- - tags
+ - tags
artifacts:
expire_in: 1 week
when: on_failure
@@ -61,16 +70,17 @@
- obj/
fedora/undefined-sanitizer:
+ stage: analysis
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- - mkdir -p obj && cd obj && cmake
- -DCMAKE_BUILD_TYPE=UndefinedSanitizer
- -DUNIT_TESTING=ON ..
- && make -j$(nproc) && ctest --output-on-failure
+ - mkdir -p obj && cd obj && cmake
+ -DCMAKE_BUILD_TYPE=UndefinedSanitizer
+ -DUNIT_TESTING=ON ..
+ && make -j$(nproc) && ctest --output-on-failure
tags:
- - shared
+ - shared
except:
- - tags
+ - tags
artifacts:
expire_in: 1 week
when: on_failure
@@ -81,17 +91,18 @@
#
# fedora/thread-sanitizer:
tumbleweed/thread-sanitizer:
+ stage: analysis
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
script:
- - mkdir -p obj && cd obj && cmake
- -DCMAKE_BUILD_TYPE=ThreadSanitizer
- -DPICKY_DEVELOPER=ON
- -DUNIT_TESTING=ON .. &&
- make -j$(nproc) && ctest --output-on-failure
+ - mkdir -p obj && cd obj && cmake
+ -DCMAKE_BUILD_TYPE=ThreadSanitizer
+ -DPICKY_DEVELOPER=ON
+ -DUNIT_TESTING=ON .. &&
+ make -j$(nproc) && ctest --output-on-failure
tags:
- - shared
+ - shared
except:
- - tags
+ - tags
artifacts:
expire_in: 1 week
when: on_failure
@@ -99,30 +110,32 @@
- obj/
fedora/csbuild:
+ stage: analysis
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- - |
- if [[ -z "$CI_COMMIT_BEFORE_SHA" ]]; then
+ - |
+ if [[ -z "$CI_COMMIT_BEFORE_SHA" ]]; then
+ export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20")
+ fi
+
+ # Check if the commit exists in this branch
+ # This is not the case for a force push
+ git branch --contains $CI_COMMIT_BEFORE_SHA 2>/dev/null ||
export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20")
- fi
-
- # Check if the commit exists in this branch
- # This is not the case for a force push
- git branch --contains $CI_COMMIT_BEFORE_SHA 2>/dev/null || export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20")
- export CI_COMMIT_RANGE="$CI_COMMIT_BEFORE_SHA..$CI_COMMIT_SHA"
+ export CI_COMMIT_RANGE="$CI_COMMIT_BEFORE_SHA..$CI_COMMIT_SHA"
- - csbuild
- --build-dir=obj-csbuild
- --prep-cmd="cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON @SRCDIR@"
- --build-cmd "make clean && make -j$(nproc)"
- --git-commit-range $CI_COMMIT_RANGE
- --color
- --print-current --print-fixed
+ - csbuild
+ --build-dir=obj-csbuild
+ --prep-cmd="cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON @SRCDIR@"
+ --build-cmd "make clean && make -j$(nproc)"
+ --git-commit-range $CI_COMMIT_RANGE
+ --color
+ --print-current --print-fixed
tags:
- - shared
+ - shared
except:
- - tags
+ - tags
artifacts:
expire_in: 1 week
when: on_failure
@@ -130,21 +143,22 @@
- obj-csbuild/
freebsd/x86_64:
+ stage: test
image:
script:
- - mkdir -p obj && cd obj && cmake
- -DCMAKE_BUILD_TYPE=RelWithDebInfo
- -DPICKY_DEVELOPER=ON
- -DUNIT_TESTING=ON .. &&
- make && ctest --output-on-failure
+ - mkdir -p obj && cd obj && cmake
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+ -DPICKY_DEVELOPER=ON
+ -DUNIT_TESTING=ON .. &&
+ make && ctest --output-on-failure
tags:
- - freebsd
+ - freebsd
except:
- - tags
+ - tags
only:
- - branches@cwrap/socket_wrapper
- - branches@cryptomilk/socket_wrapper
- - branches@metze/socket_wrapper
+ - branches@cwrap/socket_wrapper
+ - branches@cryptomilk/socket_wrapper
+ - branches@metze/socket_wrapper
artifacts:
expire_in: 1 week
when: on_failure
@@ -152,17 +166,18 @@
- obj/
tumbleweed/x86_64/gcc:
+ stage: test
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
script:
- - mkdir -p obj && cd obj && cmake
- -DCMAKE_BUILD_TYPE=RelWithDebInfo
- -DPICKY_DEVELOPER=ON
- -DUNIT_TESTING=ON .. &&
- make -j$(nproc) && ctest --output-on-failure
+ - mkdir -p obj && cd obj && cmake
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+ -DPICKY_DEVELOPER=ON
+ -DUNIT_TESTING=ON .. &&
+ make -j$(nproc) && ctest --output-on-failure
tags:
- - shared
+ - shared
except:
- - tags
+ - tags
artifacts:
expire_in: 1 week
when: on_failure
@@ -170,18 +185,19 @@
- obj/
tumbleweed/x86_64/gcc7:
+ stage: test
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
script:
- - mkdir -p obj && cd obj && cmake
- -DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7
- -DCMAKE_BUILD_TYPE=RelWithDebInfo
- -DPICKY_DEVELOPER=ON
- -DUNIT_TESTING=ON .. &&
- make -j$(nproc) && ctest --output-on-failure
+ - mkdir -p obj && cd obj && cmake
+ -DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+ -DPICKY_DEVELOPER=ON
+ -DUNIT_TESTING=ON .. &&
+ make -j$(nproc) && ctest --output-on-failure
tags:
- - shared
+ - shared
except:
- - tags
+ - tags
artifacts:
expire_in: 1 week
when: on_failure
@@ -189,18 +205,19 @@
- obj/
tumbleweed/x86_64/clang:
+ stage: test
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
script:
- - mkdir -p obj && cd obj && cmake
- -DCMAKE_BUILD_TYPE=RelWithDebInfo
- -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
- -DPICKY_DEVELOPER=ON
- -DUNIT_TESTING=ON .. &&
- make -j$(nproc) && ctest --output-on-failure
+ - mkdir -p obj && cd obj && cmake
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+ -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
+ -DPICKY_DEVELOPER=ON
+ -DUNIT_TESTING=ON .. &&
+ make -j$(nproc) && ctest --output-on-failure
tags:
- - shared
+ - shared
except:
- - tags
+ - tags
artifacts:
expire_in: 1 week
when: on_failure
@@ -208,20 +225,21 @@
- obj/
tumbleweed/static-analysis:
+ stage: analysis
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
script:
- - export CCC_CC=clang
- - export CCC_CXX=clang++
- - mkdir -p obj && cd obj && scan-build cmake
- -DCMAKE_BUILD_TYPE=Debug
- -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
- -DPICKY_DEVELOPER=ON
- -DUNIT_TESTING=ON .. &&
- scan-build --status-bugs -o scan make -j$(nproc)
+ - export CCC_CC=clang
+ - export CCC_CXX=clang++
+ - mkdir -p obj && cd obj && scan-build cmake
+ -DCMAKE_BUILD_TYPE=Debug
+ -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
+ -DPICKY_DEVELOPER=ON
+ -DUNIT_TESTING=ON .. &&
+ scan-build --status-bugs -o scan make -j$(nproc)
tags:
- - shared
+ - shared
except:
- - tags
+ - tags
artifacts:
expire_in: 1 week
when: on_failure
@@ -229,18 +247,19 @@
- obj/scan
tumbleweed/helgrind:
+ stage: analysis
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
script:
- - mkdir -p obj && cd obj && cmake
- -DCMAKE_BUILD_TYPE=Debug
- -DPICKY_DEVELOPER=ON
- -DUNIT_TESTING=ON
- -DHELGRIND_TESTING=ON .. &&
- make -j$(nproc) && ctest --output-on-failure
+ - mkdir -p obj && cd obj && cmake
+ -DCMAKE_BUILD_TYPE=Debug
+ -DPICKY_DEVELOPER=ON
+ -DUNIT_TESTING=ON
+ -DHELGRIND_TESTING=ON .. &&
+ make -j$(nproc) && ctest --output-on-failure
tags:
- - shared
+ - shared
except:
- - tags
+ - tags
artifacts:
expire_in: 1 week
when: on_failure
@@ -251,17 +270,18 @@
- $VALGRIND_SUPPORTS_FORKED_MUTEXES == "yes"
ubuntu/x86_64:
+ stage: test
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU_BUILD
script:
- - mkdir -p obj && cd obj && cmake
- -DCMAKE_BUILD_TYPE=RelWithDebInfo
- -DPICKY_DEVELOPER=ON
- -DUNIT_TESTING=ON .. &&
- make -j$(nproc) && ctest --output-on-failure
+ - mkdir -p obj && cd obj && cmake
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+ -DPICKY_DEVELOPER=ON
+ -DUNIT_TESTING=ON .. &&
+ make -j$(nproc) && ctest --output-on-failure
tags:
- - shared
+ - shared
except:
- - tags
+ - tags
artifacts:
expire_in: 1 week
when: on_failure
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socket_wrapper-1.3.3/CHANGELOG new/socket_wrapper-1.3.4/CHANGELOG
--- old/socket_wrapper-1.3.3/CHANGELOG 2021-03-17 09:53:45.000000000 +0100
+++ new/socket_wrapper-1.3.4/CHANGELOG 2022-07-21 14:50:10.000000000 +0200
@@ -1,6 +1,10 @@
ChangeLog
==========
+version 1.3.4 (released 2022-07-21)
+ * Fixed TOCTOU issue with udp auto binding
+ * Fixed running on FreeBSD
+
version 1.3.3 (released 2021-03-17)
* Added public libsocket_wrapper_noop library
* Added wrapper for wrap __close_nocancel()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socket_wrapper-1.3.3/CMakeLists.txt new/socket_wrapper-1.3.4/CMakeLists.txt
--- old/socket_wrapper-1.3.3/CMakeLists.txt 2021-03-17 09:53:45.000000000 +0100
+++ new/socket_wrapper-1.3.4/CMakeLists.txt 2022-07-21 14:50:10.000000000 +0200
@@ -2,7 +2,7 @@
cmake_minimum_required(VERSION 3.5.0)
cmake_policy(SET CMP0048 NEW)
-# Specify search path for CMake modules to be loaded by include()
+# Specify search path for CMake modules to be loaded by include()
# and find_package()
list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
@@ -11,7 +11,7 @@
include(DefineCMakeDefaults)
include(DefineCompilerFlags)
-project(socket_wrapper VERSION 1.3.3 LANGUAGES C)
+project(socket_wrapper VERSION 1.3.4 LANGUAGES C)
# global needed variables
set(APPLICATION_NAME ${PROJECT_NAME})
@@ -25,7 +25,7 @@
# Increment PATCH.
set(LIBRARY_VERSION_MAJOR 0)
set(LIBRARY_VERSION_MINOR 3)
-set(LIBRARY_VERSION_PATCH 0)
+set(LIBRARY_VERSION_PATCH 1)
set(LIBRARY_VERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}")
set(LIBRARY_SOVERSION ${LIBRARY_VERSION_MAJOR})
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socket_wrapper-1.3.3/CompilerChecks.cmake new/socket_wrapper-1.3.4/CompilerChecks.cmake
--- old/socket_wrapper-1.3.3/CompilerChecks.cmake 2019-03-21 13:50:53.000000000 +0100
+++ new/socket_wrapper-1.3.4/CompilerChecks.cmake 2022-07-21 14:50:10.000000000 +0200
@@ -38,8 +38,11 @@
add_c_compiler_flag("-Wuninitialized" SUPPORTED_COMPILER_FLAGS)
add_c_compiler_flag("-Werror=uninitialized" SUPPORTED_COMPILER_FLAGS)
add_c_compiler_flag("-Wimplicit-fallthrough" SUPPORTED_COMPILER_FLAGS)
- add_c_compiler_flag("-Werror=strict-overflow" SUPPORTED_COMPILER_FLAGS)
- add_c_compiler_flag("-Wstrict-overflow=2" SUPPORTED_COMPILER_FLAGS)
+ # FIXME: We can't use this as there is a glibc bug in socket.h
+ # https://bugzilla.redhat.com/show_bug.cgi?id=2047022
+ # https://sourceware.org/bugzilla/show_bug.cgi?id=28846
+ #add_c_compiler_flag("-Werror=strict-overflow" SUPPORTED_COMPILER_FLAGS)
+ #add_c_compiler_flag("-Wstrict-overflow=2" SUPPORTED_COMPILER_FLAGS)
add_c_compiler_flag("-Wno-format-zero-length" SUPPORTED_COMPILER_FLAGS)
check_c_compiler_flag("-Wformat" REQUIRED_FLAGS_WFORMAT)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socket_wrapper-1.3.3/src/socket_wrapper.c new/socket_wrapper-1.3.4/src/socket_wrapper.c
--- old/socket_wrapper-1.3.3/src/socket_wrapper.c 2021-03-17 09:53:42.000000000 +0100
+++ new/socket_wrapper-1.3.4/src/socket_wrapper.c 2022-07-21 14:50:10.000000000 +0200
@@ -3815,7 +3815,6 @@
char type;
int ret;
int port;
- struct stat st;
char *swrap_dir = NULL;
swrap_mutex_lock(&autobind_start_mutex);
@@ -3916,10 +3915,12 @@
type,
socket_wrapper_default_iface(),
port);
- if (stat(un_addr.sa.un.sun_path, &st) == 0) continue;
ret = libc_bind(fd, &un_addr.sa.s, un_addr.sa_socklen);
if (ret == -1) {
+ if (errno == EALREADY || errno == EADDRINUSE) {
+ continue;
+ }
goto done;
}
@@ -6285,9 +6286,11 @@
for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
size_t this_time = MIN(remain, (size_t)msg->msg_iov[i].iov_len);
- memcpy(buf + ofs,
- msg->msg_iov[i].iov_base,
- this_time);
+ if (this_time > 0) {
+ memcpy(buf + ofs,
+ msg->msg_iov[i].iov_base,
+ this_time);
+ }
ofs += this_time;
remain -= this_time;
}
@@ -7849,8 +7852,8 @@
* related syscalls also with the '_' prefix.
*
* This is tested in Samba's 'make test',
- * there we noticed that providing '_read'
- * and '_open' would cause errors, which
+ * there we noticed that providing '_read',
+ * '_open' and '_close' would cause errors, which
* means we skip '_read', '_write' and
* all non socket related calls without
* further analyzing the problem.
@@ -7863,7 +7866,6 @@
#endif
SWRAP_SYMBOL_ALIAS(accept, _accept);
SWRAP_SYMBOL_ALIAS(bind, _bind);
-SWRAP_SYMBOL_ALIAS(close, _close);
SWRAP_SYMBOL_ALIAS(connect, _connect);
SWRAP_SYMBOL_ALIAS(dup, _dup);
SWRAP_SYMBOL_ALIAS(dup2, _dup2);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socket_wrapper-1.3.3/tests/test_echo_tcp_sendmsg_recvmsg_fd.c new/socket_wrapper-1.3.4/tests/test_echo_tcp_sendmsg_recvmsg_fd.c
--- old/socket_wrapper-1.3.3/tests/test_echo_tcp_sendmsg_recvmsg_fd.c 2021-02-09 16:53:36.000000000 +0100
+++ new/socket_wrapper-1.3.4/tests/test_echo_tcp_sendmsg_recvmsg_fd.c 2022-07-21 14:50:10.000000000 +0200
@@ -320,6 +320,9 @@
int fd_array[num_fds];
size_t idx;
+ assert_int_not_equal(num_fds, 0);
+ memset(fd_array, -1, sizeof(fd_array));
+
for (idx = 0; idx < num_fds; idx++) {
struct torture_address addr = {
.sa_socklen = sizeof(struct sockaddr_in),
@@ -388,10 +391,10 @@
int close_array[num_fds];
size_t idx;
- for (idx = 0; idx < num_fds; idx++) {
- fd_array[idx] = -1;
- close_array[idx] = -1;
- }
+ assert_int_not_equal(num_fds, 0);
+
+ memset(fd_array, -1, sizeof(fd_array));
+ memset(close_array, -1, sizeof(fd_array));
/*
* We send
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-WWW-Mechanize for openSUSE:Factory checked in at 2022-07-31 23:00:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-WWW-Mechanize (Old)
and /work/SRC/openSUSE:Factory/.perl-WWW-Mechanize.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-WWW-Mechanize"
Sun Jul 31 23:00:38 2022 rev:41 rq:991545 version:2.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-WWW-Mechanize/perl-WWW-Mechanize.changes 2022-07-14 16:33:29.044583531 +0200
+++ /work/SRC/openSUSE:Factory/.perl-WWW-Mechanize.new.1533/perl-WWW-Mechanize.changes 2022-07-31 23:00:52.811680625 +0200
@@ -1,0 +2,25 @@
+Thu Jul 21 03:07:07 UTC 2022 - Tina M��ller <timueller+perl(a)suse.de>
+
+- updated to 2.12
+ see /usr/share/doc/packages/perl-WWW-Mechanize/Changes
+
+ 2.12 2022-07-20 06:45:40Z
+ [ENHANCEMENTS]
+ - form_name(), form_id(), form_with() and form_with_fields() can now all
+ return the nth instance of a form instead of always returning the first
+ instance (GH#110) (Jeff Culverhouse and Julien Fiegehenn)
+ [TESTS]
+ - Tests using a local temporary server are now safe to use with HTTP/1.1
+ and keep-alive (GH #14) (Stanislaw Pusep and Julien Fiegehenn)
+ - We now use Test::Pod::LinkCheck to ensure there are no broken links in
+ our documentation (GH #337) (Julien Fiegehenn)
+ 2.11 2022-07-17 17:25:39Z
+ [FIXED]
+ - tick() can now handle checkboxes without a value (GH#331) (Jordan M Adler
+ and Julien Fiegehenn)
+ [ENHANCEMENTS]
+ - set_fields() and submit_form(with_fields => ...) can now set multiple
+ choice inputs (e.g. select and radio) to the nth value (GH29) (Alastair
+ Douglas and Julien Fiegehenn)
+
+-------------------------------------------------------------------
Old:
----
WWW-Mechanize-2.10.tar.gz
New:
----
WWW-Mechanize-2.12.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-WWW-Mechanize.spec ++++++
--- /var/tmp/diff_new_pack.OohHwu/_old 2022-07-31 23:00:54.199684657 +0200
+++ /var/tmp/diff_new_pack.OohHwu/_new 2022-07-31 23:00:54.203684669 +0200
@@ -18,12 +18,12 @@
%define cpan_name WWW-Mechanize
Name: perl-WWW-Mechanize
-Version: 2.10
+Version: 2.12
Release: 0
License: Artistic-1.0 OR GPL-1.0-or-later
Summary: Handy web browsing in a Perl object
URL: https://metacpan.org/release/%{cpan_name}
-Source0: https://cpan.metacpan.org/authors/id/O/OA/OALDERS/%{cpan_name}-%{version}.t…
+Source0: https://cpan.metacpan.org/authors/id/S/SI/SIMBABQUE/%{cpan_name}-%{version}…
Source1: cpanspec.yml
BuildArch: noarch
BuildRequires: perl
++++++ WWW-Mechanize-2.10.tar.gz -> WWW-Mechanize-2.12.tar.gz ++++++
++++ 1852 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rust for openSUSE:Factory checked in at 2022-07-31 23:00:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rust (Old)
and /work/SRC/openSUSE:Factory/.rust.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rust"
Sun Jul 31 23:00:37 2022 rev:78 rq:987768 version:1.62.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/rust/rust.changes 2022-05-23 15:51:31.314633724 +0200
+++ /work/SRC/openSUSE:Factory/.rust.new.1533/rust.changes 2022-07-31 23:00:50.963675255 +0200
@@ -1,0 +2,5 @@
+Mon Jul 4 04:58:15 UTC 2022 - William Brown <william.brown(a)suse.com>
+
+- Update to version 1.62.0 - for details see the rust1.62 package
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rust.spec ++++++
--- /var/tmp/diff_new_pack.LdHoTG/_old 2022-07-31 23:00:52.479679660 +0200
+++ /var/tmp/diff_new_pack.LdHoTG/_new 2022-07-31 23:00:52.483679672 +0200
@@ -17,15 +17,15 @@
#
-%global version_suffix 1.61
-%global version_current 1.61.0
+%global version_suffix 1.62
+%global version_current 1.62.0
%define obsolete_rust_versioned() \
+Obsoletes: %{1}1.61%{?2:-%{2}} \
Obsoletes: %{1}1.60%{?2:-%{2}} \
Obsoletes: %{1}1.59%{?2:-%{2}} \
Obsoletes: %{1}1.58%{?2:-%{2}} \
-Obsoletes: %{1}1.57%{?2:-%{2}} \
-Obsoletes: %{1}1.56%{?2:-%{2}}
+Obsoletes: %{1}1.57%{?2:-%{2}}
# === rust arch support tiers ===
# https://doc.rust-lang.org/nightly/rustc/platform-support.html
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ImageMagick for openSUSE:Factory checked in at 2022-07-31 23:00:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ImageMagick (Old)
and /work/SRC/openSUSE:Factory/.ImageMagick.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ImageMagick"
Sun Jul 31 23:00:35 2022 rev:253 rq:991214 version:7.1.0.44
Changes:
--------
--- /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick.changes 2022-06-08 14:24:45.892490759 +0200
+++ /work/SRC/openSUSE:Factory/.ImageMagick.new.1533/ImageMagick.changes 2022-07-31 23:00:49.803671885 +0200
@@ -1,0 +2,130 @@
+Tue Jul 26 07:53:29 UTC 2022 - pgajdos(a)suse.com
+
+- version update to 7.1.0.44
+ upstream changelog:
+ https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
+- modified patches
+ % ImageMagick-library-installable-in-parallel.patch (refreshed)
+
+-------------------------------------------------------------------
+Mon Jul 11 11:36:34 UTC 2022 - Dirk M��ller <dmueller(a)suse.com>
+
+- update to 7.1.0.42:
+ * incorrect pointer update when computing median @ ImageMagick/ImageMagick#5298
+ * Added extra check because the flag was removed in 0.21-Beta1.
+ * the -transparent-color option accepts colornames @ ImageMagick/ImageMagick#5297
+ * fix MVG stroke-opacity issues
+ * map channel parameter to pixel channel offset @ ImageMagick/ImageMagick#5308
+ * beta release
+ * preserve input depth @ ImageMagick/ImageMagick6#188
+ * update to latest automake/autoconf release
+ * recognize SVG file if it starts with whitespace @ ImageMagick/ImageMagick#5294
+ * Removed unused stealth flag.
+ * Removed used path field.
+ * Removed unused target field.
+ * Removed unused exempt field.
+ * Added extra option to the skip spaces to the MagicInfo.
+ * Always start at the start of the string when comparing the magic value.
+ * cosmetic
+ * avoid OMP deadlock @ ImageMagick/ImageMagick#5301
+ * prevent undefined shift
+ * prevent possible buffer overflow
+ * correct copy/paste error
+ * We need to free the stream ourselves when the call to FT_Open_Face fails.
+ * Added missing call to DestroyString.
+ * MVG requires seekable stream
+ * Added extra malloc method to avoid early calls to the policy checks on Windows.
+ * Removed defines.
+ * Only check for dll's in non static build.
+ * Set the client name and path earlier.
+ * fix background opacity rounding @ ImageMagick/ImageMagick#5264
+ * empty result on conversion from tiff to pdf @ ImageMagick/ImageMagick#5256
+ * Corrected patch that was made for #5256.
+ * Pass negative interline_spacing to pango
+ * Also check extension to fix possible stack overflow.
+ * eliminate possible buffer overflow
+ * set group 4 photometric to min-is-white
+ * dasharray requires non-zero values
+ * eliminate compiler warning
+ * only permit one rows/columns keyword
+ * Moved allocation back to the correct spot to avoid bypassing SetImageExtent.
+ * Also restore setting quantum_info to null.
+ * eliminate uninitialized value warning
+ * Make sure all text strings are freed when realloc fails.
+ * Reset primitive_info inside RenderMVGContent because this address could point to another address.
+ * Always check if .text is set instead.
+ * eliminate uninitialized alpha pixel
+ * recognize read-mask & write-mask for -channel option
+ * eliminate compiler warning
+ * fix scrambled image @ ImageMagick/ImageMagick#5291
+ * yikes, misspelled 'level'
+ * Fixed possible memory leak.
+ * support floating point formats
+ * initialize date:precision in private TimerComponentGenesis() method
+ * check for -1 is not required
+ * refactor date:precision flow
+ * eliminate compiler warning
+ * correct formulation of the phash normalization
+ * phash normalization is conventional RMS calculation
+ * only check shread count once
+ * add private ShredMagickMemory() method to hide contents of memory buffers
+ before they are relinquished
+ * system:shred value has precedence over MAGICK_SHRED_PASSES
+ * support shredding memory pools
+ * update memory pointer
+ * Silenced warning.
+ * Corrected documentation.
+ * first pass is fast for performance, second is crytographically strong
+ * recommend shred value of 1 for performance reasons
+ * only set the # of shred passes one time
+ * if enabled, shred streams
+ * unmap mapped pixels
+ * default mapped member to false
+ * don't shred streaming pixels
+ * rework shred passes
+ * optimize performance
+ * change per lint advisement
+ * typecast per lint advisement
+ * eliminate compiler warning
+ * eliminate lint warnings
+ * eliminate lint warnings
+ * support date:timestamp property
+ * eliminate lint warnings
+ * set timestamp from image->timestamp member
+ * eliminate lint warnings
+ * support MAGICK_DATE_PRECISION and registrydateprecision defines
+ * support registry:precision define
+ * need at least one policy defined
+ * eliminate lint warnings
+ * note, system:precision is deprecated
+ * eliminate icc compiler warnings
+ * eliminate icc compiler warnings
+ * eliminate compiler warning
+ * Reverted incorrect patch when doing auto-orient of an image that is
+ right-top or left-bottom.#
+ * Corrected conversion from flip to Orientation.
+ * Only close the file blob when gzopen is successful (#5233).
+ * Added method to add utf8 support for gzopen on Windows.
+ * Only parse SOURCE_DATE_EPOCH once.
+ * Restored check that did not seem to be necessary.
+ * Whitespace
+ * Limit the value of min_channels in the PSDInfo inside the tiff coder to
+ make it possible to read images with a lot of meta channels
+ * Make sure that the creation and modification date have the same value in
+ both places and added option to override this (pdf:create-epoch and
+ pdf:modify-epoch)
+ * Added option to specify the creator (pdf:creator) and use that as
+ xap:CreatorTool instead.
+ * Added WritePDFValue method that can be reused to write other values.
+ * Use the new method to write the other values.
+ * Added option to specify the keywords (pdf:keywords) and use that as
+ pdf:Keywords in the xmp profile.
+ * Only check if magick is PDFA once.
+ * Added option to specify the subject (pdf:subject).
+ * Also fix incorrect fclose for bzlib.
+ * collect VICAR properties
+ * fix improper close when opening zipped file
+ * Restored setting the file to NULL
+ * Also remove date:timestamp when stripping the image.
+
+-------------------------------------------------------------------
Old:
----
ImageMagick-7.1.0-37.tar.bz2
ImageMagick-7.1.0-37.tar.bz2.asc
New:
----
ImageMagick-7.1.0-44.tar.xz
ImageMagick-7.1.0-44.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ImageMagick.spec ++++++
--- /var/tmp/diff_new_pack.IUAIbD/_old 2022-07-31 23:00:50.651674348 +0200
+++ /var/tmp/diff_new_pack.IUAIbD/_new 2022-07-31 23:00:50.659674372 +0200
@@ -20,7 +20,7 @@
%define asan_build 0
%define maj 7
%define mfr_version %{maj}.1.0
-%define mfr_revision 37
+%define mfr_revision 44
%define quantum_depth 16
%define source_version %{mfr_version}-%{mfr_revision}
%define clibver 10
@@ -39,9 +39,9 @@
License: ImageMagick
Group: Productivity/Graphics/Other
URL: https://imagemagick.org/
-Source0: https://imagemagick.org/download/releases/ImageMagick-%{mfr_version}-%{mfr_…
+Source0: https://imagemagick.org/archive/releases/ImageMagick-%{mfr_version}-%{mfr_r…
Source1: baselibs.conf
-Source2: https://imagemagick.org/download/releases/ImageMagick-%{mfr_version}-%{mfr_…
+Source2: https://imagemagick.org/archive/releases/ImageMagick-%{mfr_version}-%{mfr_r…
Source3: ImageMagick.keyring
# suse specific patches
Patch0: ImageMagick-configuration-SUSE.patch
@@ -63,7 +63,6 @@
BuildRequires: xdg-utils
BuildRequires: xz-devel
BuildRequires: zip
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} >= 1315
BuildRequires: dejavu-fonts
%endif
++++++ ImageMagick-configuration-SUSE.patch ++++++
--- /var/tmp/diff_new_pack.IUAIbD/_old 2022-07-31 23:00:50.691674465 +0200
+++ /var/tmp/diff_new_pack.IUAIbD/_new 2022-07-31 23:00:50.695674477 +0200
@@ -1,9 +1,10 @@
---- policy.xml.orig 2022-05-10 16:11:56.932732627 +0200
-+++ policy.xml 2022-05-10 16:13:26.797307512 +0200
-@@ -78,5 +78,26 @@
- <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
- <!-- <policy domain="system" name="shred" value="2"/> -->
+--- ImageMagick-7.1.0-43/config/policy.xml
++++ ImageMagick-7.1.0-43/config/policy.xml
+@@ -79,5 +79,26 @@
+ <!-- <policy domain="cache" name="synchronize" value="true"/> -->
+ <!-- <policy domain="system" name="shred" value="1"/> -->
<!-- <policy domain="system" name="font" value="/path/to/unicode-font.ttf"/> -->
++
+ <!-- Disable insecure coders by default -->
+ <!-- https://bugzilla.suse.com/show_bug.cgi?id=978061 -->
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
@@ -24,7 +25,6 @@
+ <policy domain="coder" rights="write" pattern="EPS" />
+ <policy domain="coder" rights="write" pattern="PCL" />
+ <policy domain="path" rights="none" pattern="@*"/>
-+
- <policy domain="system" name="precision" value="6"/>
+ <policy domain="Undefined" rights="none"/>
</policymap>
++++++ ImageMagick-library-installable-in-parallel.patch ++++++
--- /var/tmp/diff_new_pack.IUAIbD/_old 2022-07-31 23:00:50.711674523 +0200
+++ /var/tmp/diff_new_pack.IUAIbD/_new 2022-07-31 23:00:50.715674534 +0200
@@ -1,8 +1,8 @@
-Index: ImageMagick-7.1.0-33/configure
+Index: ImageMagick-7.1.0-44/configure
===================================================================
---- ImageMagick-7.1.0-33.orig/configure
-+++ ImageMagick-7.1.0-33/configure
-@@ -33042,7 +33042,9 @@ fi
+--- ImageMagick-7.1.0-44.orig/configure
++++ ImageMagick-7.1.0-44/configure
+@@ -35262,7 +35262,9 @@ fi
# Subdirectory to place architecture-dependent configuration files
@@ -11,6 +11,6 @@
+ CONFIGURE_RELATIVE_PATH="${PACKAGE_NAME}-${MAGICK_MAJOR_VERSION}"
+fi
- cat >>confdefs.h <<_ACEOF
- #define CONFIGURE_RELATIVE_PATH "$CONFIGURE_RELATIVE_PATH"
+ printf "%s\n" "#define CONFIGURE_RELATIVE_PATH \"$CONFIGURE_RELATIVE_PATH\"" >>confdefs.h
+
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-HTTP-Daemon for openSUSE:Factory checked in at 2022-07-31 23:00:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-HTTP-Daemon (Old)
and /work/SRC/openSUSE:Factory/.perl-HTTP-Daemon.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-HTTP-Daemon"
Sun Jul 31 23:00:35 2022 rev:17 rq:991013 version:6.14
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-HTTP-Daemon/perl-HTTP-Daemon.changes 2022-03-11 11:49:46.746873801 +0100
+++ /work/SRC/openSUSE:Factory/.perl-HTTP-Daemon.new.1533/perl-HTTP-Daemon.changes 2022-07-31 23:00:48.847669107 +0200
@@ -1,0 +2,9 @@
+Wed Jul 13 09:04:49 UTC 2022 - Otto Hollmann <otto.hollmann(a)suse.com>
+
+- Fix request smuggling in HTTP::Daemon
+ (CVE-2022-31081, bsc#1201157)
+ * CVE-2022-31081.patch
+ * CVE-2022-31081-2.patch
+ * CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch
+
+-------------------------------------------------------------------
New:
----
CVE-2022-31081-2.patch
CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch
CVE-2022-31081.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-HTTP-Daemon.spec ++++++
--- /var/tmp/diff_new_pack.z8GnTO/_old 2022-07-31 23:00:49.427670792 +0200
+++ /var/tmp/diff_new_pack.z8GnTO/_new 2022-07-31 23:00:49.427670792 +0200
@@ -20,11 +20,16 @@
Name: perl-HTTP-Daemon
Version: 6.14
Release: 0
-License: Artistic-1.0 OR GPL-1.0-or-later
Summary: Simple http server class
+License: Artistic-1.0 OR GPL-1.0-or-later
URL: https://metacpan.org/release/%{cpan_name}
Source0: https://cpan.metacpan.org/authors/id/O/OA/OALDERS/%{cpan_name}-%{version}.t…
Source1: cpanspec.yml
+# PATCH-FIX-SECURITY bsc#1201157 otto.hollmann(a)suse.com
+# Fix request smuggling in HTTP::Daemon
+Patch0: CVE-2022-31081.patch
+Patch1: CVE-2022-31081-2.patch
+Patch2: CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch
BuildArch: noarch
BuildRequires: perl
BuildRequires: perl-macros
@@ -65,7 +70,7 @@
back various responses.
%prep
-%autosetup -n %{cpan_name}-%{version}
+%autosetup -n %{cpan_name}-%{version} -p1
find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path "*/script/*" ! -name "configure" -print0 | xargs -0 chmod 644
%build
++++++ CVE-2022-31081-2.patch ++++++
From 8dc5269d59e2d5d9eb1647d82c449ccd880f7fd0 Mon Sep 17 00:00:00 2001
From: Theo van Hoesel <tvanhoesel(a)perceptyx.com>
Date: Tue, 21 Jun 2022 20:00:47 +0000
Subject: [PATCH] Include reason in response body content
---
lib/HTTP/Daemon.pm | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/lib/HTTP/Daemon.pm b/lib/HTTP/Daemon.pm
index a5112b3..2d022ae 100644
--- a/lib/HTTP/Daemon.pm
+++ b/lib/HTTP/Daemon.pm
@@ -299,16 +299,18 @@ READ_HEADER:
# check that they are all numbers (RFC: Content-Length = 1*DIGIT)
my @nums = grep { /^[0-9]+$/} @vals;
unless (@vals == @nums) {
- $self->send_error(400);
- $self->reason("Content-Length value must be a unsigned integer");
+ my $reason = "Content-Length value must be an unsigned integer";
+ $self->send_error(400, $reason);
+ $self->reason($reason);
return;
}
# check they are all the same
my $len = shift @nums;
foreach (@nums) {
next if $_ == $len;
- $self->send_error(400);
- $self->reason("Content-Length values are not the same");
+ my $reason = "Content-Length values are not the same";
+ $self->send_error(400, $reason);
+ $self->reason($reason);
return;
}
# ensure we have now a fixed header, with only 1 value
++++++ CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch ++++++
From faebad54455c2c2919e234202362570925fb99d1 Mon Sep 17 00:00:00 2001
From: Theo van Hoesel <tvanhoesel(a)perceptyx.com>
Date: Tue, 21 Jun 2022 20:30:36 +0000
Subject: [PATCH] Add new test for Content-Length issues
prove we fixed CVE-2022-31081
From 211a29732760c9887c15e8dc344e15cf8cdf2807 Mon Sep 17 00:00:00 2001
From: Theo van Hoesel <tvanhoesel(a)perceptyx.com>
Date: Mon, 27 Jun 2022 22:42:31 +0200
Subject: [PATCH 1/3] Fix tests to match with correct grammar in error message
From 2b7fd55a55313b6f04c92fbfee6458d1f7b908fd Mon Sep 17 00:00:00 2001
From: Theo van Hoesel <tvanhoesel(a)perceptyx.com>
Date: Mon, 27 Jun 2022 22:44:11 +0200
Subject: [PATCH 2/3] Remove warnings about Subroutine write_content_body
redefined
From cfa63717a3aeedf6aaec16c4091098c05c2d7e01 Mon Sep 17 00:00:00 2001
From: Theo van Hoesel <tvanhoesel(a)perceptyx.com>
Date: Mon, 27 Jun 2022 23:33:05 +0200
Subject: [PATCH 3/3] Send some body to see what we get returned
---
t/content_length.t | 282 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 282 insertions(+)
create mode 100644 t/content_length.t
--- /dev/null
+++ b/t/content_length.t
@@ -0,0 +1,282 @@
+use strict;
+use warnings;
+
+use Test::More 0.98;
+
+use Config;
+
+use HTTP::Daemon;
+use HTTP::Response;
+use HTTP::Status;
+use HTTP::Tiny 0.042;
+
+patch_http_tiny(); # do not fix Content-Length, we want to forge something bad
+
+plan skip_all => "This system cannot fork" unless can_fork();
+
+my $BASE_URL;
+my @TESTS = get_tests();
+
+for my $test (@TESTS) {
+
+ my $http_daemon = HTTP::Daemon->new() or die "HTTP::Daemon->new: $!";
+ $BASE_URL = $http_daemon->url;
+
+ my $pid = fork;
+ die "fork: $!" if !defined $pid;
+ if ($pid == 0) {
+ accept_requests($http_daemon);
+ }
+
+ my $resp = http_test_request($test);
+
+ ok $resp, $test->{title};
+
+ is $resp->{status}, $test->{status},
+ "... and has expected status";
+
+ like $resp->{content}, $test->{like},
+ "... and body does match"
+ if $test->{like};
+
+}
+
+done_testing;
+
+
+
+sub get_tests{
+ {
+ title => "Hello World Request ... it works as expected",
+ path => "hello-world",
+ status => 200,
+ like => qr/^Hello World$/,
+ },
+ {
+ title => "Positive Content Length",
+ method => "POST",
+ body => "ABCDEFGH",
+ headers => {
+ 'Content-Length' => '+6', # quotes are needed to retain plus-sign
+ },
+ status => 400,
+ like => qr/value must be an unsigned integer/,
+ },
+ {
+ title => "Negative Content Length",
+ method => "POST",
+ body => "ABCDEFGH",
+ headers => {
+ 'Content-Length' => '-5',
+ },
+ status => 400,
+ like => qr/value must be an unsigned integer/,
+ },
+ {
+ title => "Non Integer Content Length",
+ method => "POST",
+ body => "ABCDEFGH",
+ headers => {
+ 'Content-Length' => '3.14',
+ },
+ status => 400,
+ like => qr/value must be an unsigned integer/,
+ },
+ {
+ title => "Explicit Content Length ... with exact length",
+ method => "POST",
+ headers => {
+ 'Content-Length' => '8',
+ },
+ body => "ABCDEFGH",
+ status => 200,
+ like => qr/^ABCDEFGH$/,
+ },
+ {
+ title => "Implicit Content Length ... will always pass",
+ method => "POST",
+ body => "ABCDEFGH",
+ status => 200,
+ like => qr/^ABCDEFGH$/,
+ },
+ {
+ title => "Shorter Content Length ... gets truncated",
+ method => "POST",
+ headers => {
+ 'Content-Length' => '4',
+ },
+ body => "ABCDEFGH",
+ status => 200,
+ like => qr/^ABCD$/,
+ },
+ {
+ title => "Different Content Length ... must fail",
+ method => "POST",
+ headers => {
+ 'Content-Length' => ['8', '4'],
+ },
+ body => "ABCDEFGH",
+ status => 400,
+ like => qr/values are not the same/,
+ },
+ {
+ title => "Underscore Content Length ... must match",
+ method => "POST",
+ headers => {
+ 'Content_Length' => '4',
+ },
+ body => "ABCDEFGH",
+ status => 400,
+ like => qr/values are not the same/,
+ },
+ {
+ title => "Longer Content Length ... gets timeout",
+ method => "POST",
+ headers => {
+ 'Content-Length' => '9',
+ },
+ body => "ABCDEFGH",
+ status => 599, # silly code !!!
+ like => qr/^Timeout/,
+ },
+
+}
+
+
+
+sub router_table {
+ {
+ '/hello-world' => {
+ 'GET' => sub {
+ my $resp = HTTP::Response->new(200);
+ $resp->content('Hello World');
+ return $resp;
+ },
+ },
+
+ '/' => {
+ 'POST' => sub {
+ my $rqst = shift;
+
+ my $body = $rqst->content();
+
+ my $resp = HTTP::Response->new(200);
+ $resp->content($body);
+
+ return $resp
+ },
+ },
+ }
+}
+
+
+
+sub can_fork {
+ $Config{d_fork} || (($^O eq 'MSWin32' || $^O eq 'NetWare')
+ and $Config{useithreads}
+ and $Config{ccflags} =~ /-DPERL_IMPLICIT_SYS/);
+}
+
+
+
+# run the mini HTTP dispatcher that can handle various routes / methods
+sub accept_requests{
+ my $http_daemon = shift;
+ while (my $conn = $http_daemon->accept) {
+ while (my $rqst = $conn->get_request) {
+ if (my $resp = dispatch_request($rqst)) {
+ $conn->send_response($resp);
+ }
+ }
+ $conn->close;
+ undef($conn);
+ $http_daemon->close;
+ exit 1;
+ }
+}
+
+
+
+sub dispatch_request{
+ my $rqst = shift
+ or return;
+ my $path = $rqst->uri->path
+ or return;
+ my $meth = $rqst->method
+ or return;
+ my $code = router_table()->{$path}{$meth}
+ or return HTTP::Response->new(RC_NOT_FOUND);
+ my $resp = $code->($rqst);
+ return $resp;
+}
+
+
+
+sub http_test_request {
+ my $test = shift;
+ my $http_client = HTTP::Tiny->new(
+ timeout => 5,
+ proxy => undef,
+ http_proxy => undef,
+ https_proxy => undef,
+ );
+ my $resp;
+ eval {
+ local $SIG{ALRM} = sub { die "Timeout\n" };
+ alarm 2;
+ $resp = $http_client->request(
+ $test->{method} || "GET",
+ $BASE_URL . ($test->{path} || ""),
+ {
+ headers => $test->{headers},
+ content => $test->{body}
+ },
+ );
+ };
+ my $err = $@;
+ alarm 0;
+ diag $err if $err;
+
+ return $resp
+}
+
+
+
+sub patch_http_tiny {
+
+ # we need to patch write_content_body
+ # this is part of HTTP::Tiny internal module HTTP::Tiny::Handle
+ #
+ # the below code is from the original HTTP::Tiny module, where just two lines
+ # have been commented out
+
+ no strict 'refs';
+ no warnings;
+
+ *HTTP::Tiny::Handle::write_content_body = sub {
+ @_ == 2 || die(q/Usage: $handle->write_content_body(request)/ . "\n");
+ my ($self, $request) = @_;
+
+ my ($len, $content_length) = (0, $request->{headers}{'content-length'});
+ while () {
+ my $data = $request->{cb}->();
+
+ defined $data && length $data
+ or last;
+
+ if ( $] ge '5.008' ) {
+ utf8::downgrade($data, 1)
+ or die(qq/Wide character in write_content()\n/);
+ }
+
+ $len += $self->write($data);
+ }
+
+# this should not be checked during our tests, we want to forge bad requests
+#
+# $len == $content_length
+# or die(qq/Content-Length mismatch (got: $len expected: $content_length)\n/);
+
+ return $len;
+ };
+}
++++++ CVE-2022-31081.patch ++++++
From e84475de51d6fd7b29354a997413472a99db70b2 Mon Sep 17 00:00:00 2001
From: Theo van Hoesel <tvanhoesel(a)perceptyx.com>
Date: Thu, 16 Jun 2022 08:28:30 +0000
Subject: [PATCH] Fix Content-Length ', '-separated string issues
After a security issue, we ensure we comply to
RFC-7230 -- HTTP/1.1 Message Syntax and Routing
- section 3.3.2 -- Content-Length
- section 3.3.3 -- Message Body Length
---
lib/HTTP/Daemon.pm | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/lib/HTTP/Daemon.pm b/lib/HTTP/Daemon.pm
index c0cdf76..a5112b3 100644
--- a/lib/HTTP/Daemon.pm
+++ b/lib/HTTP/Daemon.pm
@@ -288,6 +288,32 @@ READ_HEADER:
}
elsif ($len) {
+ # After a security issue, we ensure we comply to
+ # RFC-7230 -- HTTP/1.1 Message Syntax and Routing
+ # section 3.3.2 -- Content-Length
+ # section 3.3.3 -- Message Body Length
+
+ # split and clean up Content-Length ', ' separated string
+ my @vals = map {my $str = $_; $str =~ s/^\s+//; $str =~ s/\s+$//; $str }
+ split ',', $len;
+ # check that they are all numbers (RFC: Content-Length = 1*DIGIT)
+ my @nums = grep { /^[0-9]+$/} @vals;
+ unless (@vals == @nums) {
+ $self->send_error(400);
+ $self->reason("Content-Length value must be a unsigned integer");
+ return;
+ }
+ # check they are all the same
+ my $len = shift @nums;
+ foreach (@nums) {
+ next if $_ == $len;
+ $self->send_error(400);
+ $self->reason("Content-Length values are not the same");
+ return;
+ }
+ # ensure we have now a fixed header, with only 1 value
+ $r->header('Content-Length' => $len);
+
# Plain body specified by "Content-Length"
my $missing = $len - length($buf);
while ($missing > 0) {
1
0