Hello community, here is the log from the commit of package libuser.3939 for openSUSE:13.2:Update checked in at 2015-08-03 09:17:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/libuser.3939 (Old) and /work/SRC/openSUSE:13.2:Update/.libuser.3939.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libuser.3939" Changes: -------- New Changes file: --- /dev/null 2015-07-22 21:25:44.928025004 +0200 +++ /work/SRC/openSUSE:13.2:Update/.libuser.3939.new/libuser.changes 2015-08-03 09:17:43.000000000 +0200 @@ -0,0 +1,150 @@ +------------------------------------------------------------------- +Fri Jul 17 07:17:02 UTC 2015 - [email protected] + +- Refuse to write field value which contain \n + bsc#937533 CVE-2015-3246 + Add 0001-Refuse-to-write-field-values-which-contain-n.-bsc-93.patch + +------------------------------------------------------------------- +Wed Jan 15 08:50:48 UTC 2014 - [email protected] + +- Split into libuser1 and libuser for shared lib policy + libuser-0.60.patch: adjust installation target. + +- Fix build for SLE11. Add g_malloc0_n.patch + +- Split off -lang subpackage. + +------------------------------------------------------------------- +Wed Jan 15 07:50:03 UTC 2014 - [email protected] + +- Updated to 0.60 + + 0.60: + * New functions lu_homedir_remove_for_user() and + lu_homedir_remove_for_user_if_owned(). + * libuser's pkg-config file no longer refers to internally-used libraries. + glib-2.0 and gobject-2.0 are still included because they are required to + use the API anyway. + * When setting dates in shadow fields, avoid the special value 0 if the clock is + incorrect. + * Miscellaneous cleanups. + +------------------------------------------------------------------- +Sat Jun 15 16:30:11 UTC 2013 - [email protected] + +- add suse-ldap.dif: fix path to slapd in SUSE + +- update to 0.59 + + 0.59: + * Fixed security vulnerabilities: + * Race conditions in copying and removing home directories (CVE-2012-5630) + * Information disclosure when moving users' home directory (CVE-2012-5644) + Related changes: + - INCOMPATIBLE API CHANGES: lu_homedir_move() and lu_homedir_populate() + will refuse to use a pre-existing directory as a destination. + - setuid/setgid bits are now preserved when copying regular files in home + directories (from /etc/skel or when moving a home directory) + * Empty fields in /etc/shadow are now treated as "missing", like libc does. + * Specific values of the attributes can be used to represent "missing data". + * lchage(1) now handles missing fields on both input and output. + * Refuse to build when secure_getenv() is not available. + * Miscellaneous bug fixes and cleanups. + + 0.58 + * API enhancements: + * New helpers for attribute access replace 4-5 function calls with 1: + lu_ent_get_first_{string,id,value_strdup}(), + lu_ent_set_{string,id,long}() + * New header <libuser/fs.h>, providing lu_homedir_{populate,move,remove}, + lu_nscd_flush_cache(), and lu_mail_spool_{create,remove}. + * lu_users_enumerate_by_group_full() and lu_groups_enumerate_by_user_full() + are now fully supported. + * New module-private function lu_util_append_values(). + * Documented that LU_*PASSWORD should not be manipulated directly. + * deleteUser in Python bindings now removes the mail spool instead of + creating it. + * New warning in libuser.conf.5 about storing a LDAP password in system-wide + configuration. + * Module interface ABI has changed. + * Miscellaneous bug fixes and cleanups, quite a few memory leaks fixed. + + 0.57.7 + * lu_users_enumerate_by_group_full() added, implemented ONLY for LDAP for now. + Related functions and functionality in other modules will be added later. + Applications are advised to NOT USE these functions yet. + * group/user list by name of a user/group now returns an error if the + user/group was not found. The Python bindings enumerateUsersFull and + enumerateGroupsFull no longer crash in this situation. + * Updated translations. + + 0.57.6 + * Make it possible to use ldapi: URLs by not trying to use TLS (based on + a patch by <[email protected]>). + * Hopefully fix races in test suite, causing failures on slower computers. + * Mark --help messages for translation and improve them a bit. + * Update translations. + + 0.57.5 + * Update translations. + + 0.57.4 + * Don't crash when a database file size is a multiple of page size. + * Miscellaneous bug fixes and cleanups. + + 0.57.3 + * Don't assume user/group IDs start at 500 in Python getFirstUnusedGid and + getFirstUnusedUid. + * Preserve S_ISGID and other bits when copying directories from /etc/skel. + * Deprecate lu_*_t typedefs: use {struct,enum} lu_* instead. + * Update to build with recent gtk-doc. + + 0.57.2 + * Fix adding LDAP users with empty gecos. + * Correctly preserve algorithm used to hash an LDAP password when changing it. + * Don't hard-code ports used in the test suite (to allow parallel development + and builds). + * Miscellaneous bug fixes. + + 0.57.1 + * Fix a crash when a module refuses to load with a warning (e.g. the "shadow" + module when /etc/shadow is not present) + + 0.57 + * Resolve an ambiguity about "password" value format that could cause setting + a known plaintext password in LDAP accounts: the "files"/"shadow" and LDAP + modules may not be used together any more, and the module interface ABI has + changed to support this. + * Don't authenticate the user (in lchfn, lchsh, lpasswd) if the application + is not set*id and it does not need elevated privileges. In particular, this + allows the above programs to be used for LDAP administration by unprivileged + users. + * Change default crypt_style to sha512. + * Don't abort on invalid ID values. + * Miscellaneous bug fixes. + + 0.56.18 + * Update translations. + + 0.56.17 + * New Python constant VALUE_INVALID_ID and function validateIdValue. + * Update translations. + + 0.56.16 + * Update translations. + + 0.56.15 + * Update translations. + +------------------------------------------------------------------- +Thu Feb 25 15:34:46 UTC 2010 - [email protected] + +- updated to 0.56.14 + +------------------------------------------------------------------- +Mon Dec 1 14:46:15 CET 2008 - [email protected] + +- created package (version 0.56.9) + * based on Fedora package + New: ---- 0001-Refuse-to-write-field-values-which-contain-n.-bsc-93.patch g_malloc0_n.patch libuser-0.60.patch libuser-0.60.tar.xz libuser.changes libuser.spec suse-ldap.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libuser.spec ++++++ # # spec file for package libuser # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: libuser %define libname %{name}1 Version: 0.60 Release: 0 Url: https://fedorahosted.org/libuser/ Summary: A user and group account administration library License: LGPL-2.0+ Group: System Environment/Base Source: %{name}-%{version}.tar.xz BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: cyrus-sasl-devel BuildRequires: glib2-devel BuildRequires: libselinux-devel BuildRequires: openldap2-devel BuildRequires: pam-devel BuildRequires: popt-devel BuildRequires: python-devel BuildRequires: sgmltool %if 0%{?suse_version} BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool # redefine pkglibdir to honor SUSE shared lib rules, [email protected] Patch1: libuser-0.60.patch # fix path to slapd for SUSE, [email protected] Patch2: suse-ldap.dif %if 0%{?suse_version} <= 1110 # fix SLE11 build, [email protected] Patch3: g_malloc0_n.patch BuildRequires: xz %endif %endif Patch4: 0001-Refuse-to-write-field-values-which-contain-n.-bsc-93.patch %description The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included. %package -n %libname Summary: A user and group account administration library Group: System/Libraries %description -n %libname The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. %lang_package -r %libname %package devel Summary: Files needed for developing applications which use libuser Group: Development/Libraries Requires: %{name} = %{version} Requires: glib2-devel %description devel The libuser-devel package contains header files, static libraries, and other files useful for developing applications with libuser. %package python Summary: Python bindings for the libuser library Group: Development/Libraries Requires: %{name} = %{version} %description python The libuser-python package contains the Python bindings for the libuser library, which provides a Python API for manipulating and administering user and group accounts. %prep %setup -q %if 0%{?suse_version} %patch1 -p1 %patch2 -p1 %if 0%{?suse_version} <= 1110 %patch3 -p1 %endif %endif %patch4 -p1 %build %if 0%{?suse_version} autoreconf -f -i %endif %configure --with-selinux --with-ldap --with-html-dir=%{_datadir}/gtk-doc/html make %{?_smp_mflags} %install make DESTDIR=$RPM_BUILD_ROOT install %find_lang %{name} rm -f $RPM_BUILD_ROOT%{_libdir}/*.la $RPM_BUILD_ROOT%{_libdir}/%{libname}/*.la $RPM_BUILD_ROOT%{py_sitedir}/*.la %post -n %{libname} -p /sbin/ldconfig %postun -n %{libname} -p /sbin/ldconfig %files %defattr(-,root,root) %doc AUTHORS COPYING NEWS README TODO docs/*.txt %attr(0755,root,root) %{_bindir}/* %attr(0755,root,root) %{_sbindir}/* %{_mandir}/man1/* %{_mandir}/man5/* %files -n %{libname} %defattr(-,root,root) %config(noreplace) %{_sysconfdir}/libuser.conf %{_libdir}/*.so.* %dir %{_libdir}/%{libname} %{_libdir}/%{libname}/*.so %files lang -f %{name}.lang %files python %defattr(-,root,root) %doc python/modules.txt %{py_sitedir}/*.so %files devel %defattr(-,root,root) %dir %{_datadir}/gtk-doc %dir %{_datadir}/gtk-doc/html %doc %{_datadir}/gtk-doc/html/* %{_includedir}/libuser %{_libdir}/*.so %{_libdir}/pkgconfig/* %changelog ++++++ 0001-Refuse-to-write-field-values-which-contain-n.-bsc-93.patch ++++++ ++++ 1558 lines (skipped) ++++++ g_malloc0_n.patch ++++++ diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs ../orig-libuser-0.59/lib/user.h ./lib/user.h --- ../orig-libuser-0.59/lib/user.h 2013-03-29 15:46:36.000000000 +0100 +++ ./lib/user.h 2013-09-27 09:10:40.776591577 +0200 @@ -21,6 +21,9 @@ #include <sys/types.h> #include <glib.h> +/* glib in SLE11 does not define g_malloc0_n or g_malloc_n */ +#define g_malloc0_n(blocks,bytes) g_malloc0((blocks)*(bytes)) +#define g_malloc_n(blocks,bytes) g_malloc((blocks)*(bytes)) #include "config.h" #include "entity.h" #include "error.h" ++++++ libuser-0.60.patch ++++++ diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs ../orig-libuser-0.60/Makefile.am ./Makefile.am --- ../orig-libuser-0.60/Makefile.am 2013-10-12 23:56:07.000000000 +0200 +++ ./Makefile.am 2014-01-15 09:40:19.713478232 +0100 @@ -3,6 +3,8 @@ ## Settings pkgconfigdir = $(libdir)/pkgconfig +pkglibdir = $(libdir)/$(PACKAGE)1 + ACLOCAL_AMFLAGS = -I m4 AM_DISTCHECK_CONFIGURE_FLAGS = --enable-gtk-doc --with-ldap ++++++ suse-ldap.dif ++++++ diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs ../orig-libuser-0.60/tests/default_pw_test ./tests/default_pw_test --- ../orig-libuser-0.60/tests/default_pw_test 2013-10-12 23:56:08.000000000 +0200 +++ ./tests/default_pw_test 2014-02-05 13:23:22.696034846 +0100 @@ -98,7 +98,7 @@ # This is racy, but much better than a static port [ -z "$ldap_port" ] && ldap_port=$(tests/alloc_port) # FIXME: path - /usr/sbin/slapd -h ldap://127.0.0.1:"$ldap_port"/ \ + /usr/lib/openldap/slapd -h ldap://127.0.0.1:"$ldap_port"/ \ -f "$workdir"/slapd.conf & tests/wait_for_slapd_start "$workdir"/slapd.pid "$ldap_port" slapd_pid=$(cat "$workdir"/slapd.pid) diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs ../orig-libuser-0.60/tests/ldap_test ./tests/ldap_test --- ../orig-libuser-0.60/tests/ldap_test 2013-10-12 23:56:08.000000000 +0200 +++ ./tests/ldap_test 2014-02-05 13:23:22.696034846 +0100 @@ -50,7 +50,7 @@ sed "s|@WORKDIR@|$workdir|g" < "$srcdir"/slapd.conf.in > "$workdir"/slapd.conf ldap_port=$(tests/alloc_port) # This is racy, but much better than a static port # FIXME: path -/usr/sbin/slapd -h ldap://127.0.0.1:"$ldap_port"/ -f "$workdir"/slapd.conf & +/usr/lib/openldap/slapd -h ldap://127.0.0.1:"$ldap_port"/ -f "$workdir"/slapd.conf & tests/wait_for_slapd_start "$workdir"/slapd.pid "$ldap_port" slapd_pid=$(cat "$workdir"/slapd.pid) trap 'status=$?; kill $slapd_pid
