Hello community, here is the log from the commit of package suse-module-tools for openSUSE:Factory checked in at 2019-02-19 13:54:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/suse-module-tools (Old) and /work/SRC/openSUSE:Factory/.suse-module-tools.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "suse-module-tools" Tue Feb 19 13:54:42 2019 rev:25 rq:674668 version:15.1.10 Changes: -------- --- /work/SRC/openSUSE:Factory/suse-module-tools/suse-module-tools.changes 2019-02-06 14:05:23.138671278 +0100 +++ /work/SRC/openSUSE:Factory/.suse-module-tools.new.28833/suse-module-tools.changes 2019-02-19 13:54:45.100731436 +0100 @@ -1,0 +2,6 @@ +Fri Feb 08 10:44:56 UTC 2019 - [email protected] + +- Update to version 15.1.10 (git b28b13d): +- implemented fs blacklisting logic (jsc#SLES-4085, fate#326832) + +------------------------------------------------------------------- Old: ---- suse-module-tools-15.1.0.tar.xz New: ---- suse-module-tools-15.1.10.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ suse-module-tools.spec ++++++ --- /var/tmp/diff_new_pack.kTOvyu/_old 2019-02-19 13:54:45.864730889 +0100 +++ /var/tmp/diff_new_pack.kTOvyu/_new 2019-02-19 13:54:45.888730872 +0100 @@ -16,8 +16,16 @@ # +# List of legacy file systems to be blacklisted by default +%if 0%{?is_opensuse} +%global fs_blacklist adfs affs bfs befs cramfs efs erofs exofs freevxfs f2fs hfs hpfs jffs2 jfs minix nilfs2 ntfs omfs qnx4 qnx6 sysv ubifs ufs +%else +# SLE only ships a few of them +%global fs_blacklist cramfs ufs +%endif + Name: suse-module-tools -Version: 15.1.0 +Version: 15.1.10 Release: 0 Summary: Configuration for module loading and SUSE-specific utilities for KMPs License: GPL-2.0-or-later @@ -112,6 +120,25 @@ mkdir -p %{buildroot}%{_defaultlicensedir} +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150100 +for mod in %{fs_blacklist}; do + echo "\ +# The $mod file system is blacklisted by default because it isn't actively +# supported by SUSE, not well maintained, and may have security vulnerabilites. +# To enable autoloading the $mod file system module, comment out the +# \"blacklist $mod\" statement below. ENABLE AT YOUR OWN RISK. +# +# File system modules loaded at installation time of the %{name} package +# are not blacklisted. This is achieved by commenting out the blacklist +# line in the post-installation script. To prevent the post-installation +# script from modifying this file, delete the line containing \"THIS FILE MAY +# BE MODIFIED\" at the bottom. +blacklist $mod +# __THIS FILE MAY BE MODIFIED__" \ + >%{buildroot}%{_sysconfdir}/modprobe.d/60-blacklist_fs-"$mod".conf +done +%endif + %post %if 0%{?sle_version} >= 150000 # Delete obsolete unsupported-modules file from SLE11 @@ -180,6 +207,26 @@ %{_sysconfdir}/modprobe.d/99-local.conf fi +# Avoid systems becoming unbootable by blacklisting filesystem +# modules. Modules loaded at installation time will not be +# blacklisted (the blacklist statement is commented out). +# config(noreplace) makes sure that this is not overwritten by rpm. +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150100 +for mod in %{fs_blacklist}; do + conf=%{_sysconfdir}/modprobe.d/60-blacklist_fs-"$mod".conf + if [ -f "$conf" ] && \ + grep -q '^# __THIS FILE MAY BE MODIFIED__$' "$conf" && \ + sed '/^nodev/d;' /proc/filesystems | grep -q "\<$mod\>"; then + sed -i ' +/^# next line was commented out by postinstall script of %{name}$/d +/^blacklist '"$mod"'/{i\ +# next line was commented out by postinstall script of %{name} +s/^/# / +}' "$conf" + fi +done +%endif + %files %defattr(-,root,root) @@ -193,6 +240,7 @@ %config(noreplace) %{_sysconfdir}/modprobe.d/10-unsupported-modules.conf %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150100 %config(noreplace) %{_sysconfdir}/modprobe.d/50-blacklist.conf +%config(noreplace) %{_sysconfdir}/modprobe.d/60-blacklist_fs-*.conf %endif %config(noreplace) %{_sysconfdir}/modprobe.d/99-local.conf %dir %{_sysconfdir}/depmod.d ++++++ _service ++++++ --- /var/tmp/diff_new_pack.kTOvyu/_old 2019-02-19 13:54:45.960730820 +0100 +++ /var/tmp/diff_new_pack.kTOvyu/_new 2019-02-19 13:54:45.960730820 +0100 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="changesgenerate">enable</param> <param name="filename">suse-module-tools</param> - <param name="version">15.1.0</param> + <param name="version">15.1.10</param> <param name="revision">master</param> <param name="exclude">*.spec</param> <param name="exclude">*.rpmlintrc</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.kTOvyu/_old 2019-02-19 13:54:45.976730809 +0100 +++ /var/tmp/diff_new_pack.kTOvyu/_new 2019-02-19 13:54:45.976730809 +0100 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/openSUSE/suse-module-tools.git</param> - <param name="changesrevision">6b07b8840b0e26b7f4fcaf5c5ddf17f6a3b97810</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">b28b13d83209ebdbbb30fe3881462ff86bc46428</param></service></servicedata> \ No newline at end of file ++++++ suse-module-tools-15.1.0.tar.xz -> suse-module-tools-15.1.10.tar.xz ++++++
