diff --git a/SOURCES/augeas-1.1.0-cve-2013-6412-umask.patch b/SOURCES/augeas-1.1.0-cve-2013-6412-umask.patch new file mode 100644 index 0000000..1496bc0 --- /dev/null +++ b/SOURCES/augeas-1.1.0-cve-2013-6412-umask.patch @@ -0,0 +1,113 @@ +From 0f7c1ef8e06413679928746c7206786210d3df1e Mon Sep 17 00:00:00 2001 +From: Dominic Cleal +Date: Mon, 2 Dec 2013 17:49:35 +0000 +Subject: [PATCH] Fix umask handling when creating new files + + * src/transform.c (transform_save): faulty umask arithmetic would cause + overly-open file modes when the umask contains "7", as the umask was + incorrectly subtracted from the target file mode + +Fixes CVE-2013-6412, RHBZ#1034261 + +(cherry picked from commit f5b4fc0ceb0e5a2be5f3a19f63ad936897a3ac26) +--- + src/transform.c | 2 +- + tests/test-save.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 49 insertions(+), 1 deletion(-) + +diff --git a/src/transform.c b/src/transform.c +index ccbe422..b0288fc 100644 +--- a/src/transform.c ++++ b/src/transform.c +@@ -1144,7 +1144,7 @@ int transform_save(struct augeas *aug, struct tree *xfm, + mode_t curumsk = umask(022); + umask(curumsk); + +- if (fchmod(fileno(fp), 0666 - curumsk) < 0) { ++ if (fchmod(fileno(fp), 0666 & ~curumsk) < 0) { + err_status = "create_chmod"; + return -1; + } +diff --git a/tests/test-save.c b/tests/test-save.c +index 617ef31..f28f626 100644 +--- a/tests/test-save.c ++++ b/tests/test-save.c +@@ -26,6 +26,7 @@ + #include "cutest.h" + + #include ++#include + #include + #include + +@@ -51,6 +52,7 @@ static void setup(CuTest *tc) { + if (asprintf(&lensdir, "%s/lenses", abs_top_srcdir) < 0) + CuFail(tc, "asprintf lensdir failed"); + ++ umask(0022); + run(tc, "test -d %s && chmod -R u+w %s || :", root, root); + run(tc, "rm -rf %s", root); + run(tc, "mkdir -p %s", root); +@@ -221,6 +223,49 @@ static void testDoubleSlashPath(CuTest *tc) { + CuAssertIntEquals(tc, 1, r); + } + ++/* Check the umask is followed when creating files ++ */ ++static void testUmask(CuTest *tc, int tumask, mode_t expected_mode) { ++ int r; ++ struct stat buf; ++ char* fpath = NULL; ++ ++ if (asprintf(&fpath, "%s/etc/test", root) < 0) { ++ CuFail(tc, "failed to set root"); ++ } ++ ++ umask(tumask); ++ ++ r = aug_rm(aug, "/augeas/load/*"); ++ CuAssertPositive(tc, r); ++ ++ r = aug_set(aug, "/augeas/load/Test/lens", "Simplelines.lns"); ++ CuAssertRetSuccess(tc, r); ++ r = aug_set(aug, "/augeas/load/Test/incl", "/etc/test"); ++ CuAssertRetSuccess(tc, r); ++ r = aug_load(aug); ++ CuAssertRetSuccess(tc, r); ++ r = aug_set(aug, "/files/etc/test/1", "test"); ++ CuAssertRetSuccess(tc, r); ++ ++ r = aug_save(aug); ++ CuAssertRetSuccess(tc, r); ++ r = aug_match(aug, "/augeas//error", NULL); ++ CuAssertIntEquals(tc, 0, r); ++ ++ CuAssertIntEquals(tc, 0, stat(fpath, &buf)); ++ CuAssertIntEquals(tc, expected_mode, buf.st_mode & 0777); ++} ++static void testUmask077(CuTest *tc) { ++ testUmask(tc, 0077, 0600); ++} ++static void testUmask027(CuTest *tc) { ++ testUmask(tc, 0027, 0640); ++} ++static void testUmask022(CuTest *tc) { ++ testUmask(tc, 0022, 0644); ++} ++ + int main(void) { + char *output = NULL; + CuSuite* suite = CuSuiteNew(); +@@ -245,6 +290,9 @@ int main(void) { + SUITE_ADD_TEST(suite, testMtime); + SUITE_ADD_TEST(suite, testRelPath); + SUITE_ADD_TEST(suite, testDoubleSlashPath); ++ SUITE_ADD_TEST(suite, testUmask077); ++ SUITE_ADD_TEST(suite, testUmask027); ++ SUITE_ADD_TEST(suite, testUmask022); + + CuSuiteRun(suite); + CuSuiteSummary(suite, &output); +-- +1.8.4.2 + diff --git a/SOURCES/augeas-1.1.0-dovecot-mailbox.patch b/SOURCES/augeas-1.1.0-dovecot-mailbox.patch new file mode 100644 index 0000000..136102e --- /dev/null +++ b/SOURCES/augeas-1.1.0-dovecot-mailbox.patch @@ -0,0 +1,111 @@ +From 24364f9c9955ea10b094d6892e8c91d6b308ffe2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michael=20Haslgr=C3=BCbler?= +Date: Wed, 21 Aug 2013 23:19:04 +0200 +Subject: [PATCH 1/3] dovecot enchancement and bug fixes + +* add mailbox to block_names +* fix for block_args in quotes +* fix for block's brackets upon write +* fixes broken tests for mailbox +* fixes indention +* test case for block_args with " +* fixes broken indention + +(cherry picked from commit e6ff9449e5af1759d6b7828ceb118882e955dca4) + +Use Quote module in dovecot + +* use Quote.dquote_spaces for quoting + +(cherry picked from commit 735caf587959019d214a51a7c0cce57da9bb88f6) +--- + lenses/dovecot.aug | 37 +++++++++++++++++++++++++++++++++---- + lenses/tests/test_dovecot.aug | 6 ++++++ + 2 files changed, 39 insertions(+), 4 deletions(-) + +diff --git a/lenses/dovecot.aug b/lenses/dovecot.aug +index 6e5ccc9..e3558d0 100644 +--- a/lenses/dovecot.aug ++++ b/lenses/dovecot.aug +@@ -56,9 +56,6 @@ let value = any . (Rx.space . any)* + (* View: command_start *) + let command_start = Util.del_str "!" + +-(* View: block_args +-Map block arguments after block name and before "{" *) +-let block_args = Sep.space . store /[A-Za-z0-9\/\\_-]+/ + + (****************************************************************** + * Group: ENTRIES +@@ -82,11 +79,43 @@ let entry = [ indent . key keys. eq . (Sep.opt_space . store value)? . eol ] + Map commands started with "!". *) + let command = [ command_start . key commands . Sep.space . store Rx.fspath . eol ] + ++(* ++View: dquote_spaces ++ Make double quotes mandatory if value contains spaces, ++ and optional if value doesn't contain spaces. ++ ++Based off Quote.dquote_spaces ++ ++Parameters: ++ lns1:lens - the lens before ++ lns2:lens - the lens after ++*) ++let dquote_spaces (lns1:lens) (lns2:lens) = ++ (* bare has no spaces, and is optionally quoted *) ++ let bare = Quote.do_dquote_opt (store /[^" \t\n]+/) ++ (* quoted has at least one space, and must be quoted *) ++ in let quoted = Quote.do_dquote (store /[^"\n]*[ \t]+[^"\n]*/) ++ in [ lns1 . bare . lns2 ] | [ lns1 . quoted . lns2 ] ++ ++let mailbox = indent ++ . dquote_spaces ++ (key /mailbox/ . Sep.space) ++ (Build.block_newlines (entry) comment . eol) ++ ++let block_ldelim_newlines_re = /[ \t]+\{([ \t\n]*\n)?/ ++ ++let block_newlines (entry:lens) (comment:lens) = ++ let indent = del Rx.opt_space "\t" ++ in del block_ldelim_newlines_re Build.block_ldelim_default ++ . ((entry | comment) . (Util.empty | entry | comment)*)? ++ . del Build.block_rdelim_newlines_re Build.block_rdelim_newlines_default ++ + (* View: block + Map block enclosed in brackets recursively. + Block may be indented and have optional argument. + Block body may have entries, comments, empty lines, and nested blocks recursively. *) +-let rec block = [ indent . key block_names . block_args? . Build.block_newlines (entry|block) comment . eol ] ++let rec block = [ indent . key block_names . (Sep.space . Quote.do_dquote_opt (store /[\/A-Za-z0-9_-]+/))? . block_newlines (entry|block|mailbox) comment . eol ] ++ + + (****************************************************************** + * Group: LENS AND FILTER +diff --git a/lenses/tests/test_dovecot.aug b/lenses/tests/test_dovecot.aug +index 2201735..33ea16f 100644 +--- a/lenses/tests/test_dovecot.aug ++++ b/lenses/tests/test_dovecot.aug +@@ -465,6 +465,9 @@ namespace { + hidden = no + list = yes + subscriptions = yes ++ mailbox \"Sent Messages\" { ++ special_use = \Sent ++ } + } + + # Example shared namespace configuration +@@ -533,6 +536,9 @@ test Dovecot.lns get mail_conf = + { "hidden" = "no" } + { "list" = "yes" } + { "subscriptions" = "yes" } ++ { "mailbox" = "Sent Messages" ++ { "special_use" = "\Sent" } ++ } + } + { } + { "#comment" = "Example shared namespace configuration" } +-- +1.8.5.3 + diff --git a/SOURCES/augeas-1.1.0-grub-foreground.patch b/SOURCES/augeas-1.1.0-grub-foreground.patch new file mode 100644 index 0000000..cebb6dc --- /dev/null +++ b/SOURCES/augeas-1.1.0-grub-foreground.patch @@ -0,0 +1,27 @@ +From 2556648fdd45887246658579dd576b25e7af874d Mon Sep 17 00:00:00 2001 +From: Miguel Armas +Date: Thu, 30 Jan 2014 09:23:27 +0000 +Subject: [PATCH 3/5] Grub: handle "foreground" option + +Fixes RHBZ#1059383 + +(cherry picked from commit a370d9ccfbd0b6b6f927880014b29569c58b03c0) +--- + lenses/grub.aug | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lenses/grub.aug b/lenses/grub.aug +index 9f8d6af..81fb9d3 100644 +--- a/lenses/grub.aug ++++ b/lenses/grub.aug +@@ -145,6 +145,7 @@ module Grub = + | kw_menu_arg "timeout" + | kw_menu_arg "splashimage" + | kw_menu_arg "gfxmenu" ++ | kw_menu_arg "foreground" + | kw_menu_arg "background" + | serial + | terminal +-- +1.8.5.3 + diff --git a/SOURCES/augeas-1.1.0-incl-double-slash.patch b/SOURCES/augeas-1.1.0-incl-double-slash.patch new file mode 100644 index 0000000..58c9b54 --- /dev/null +++ b/SOURCES/augeas-1.1.0-incl-double-slash.patch @@ -0,0 +1,143 @@ +From 361adbf9e520d695ae13efe6084cbcdebe4779e2 Mon Sep 17 00:00:00 2001 +From: Dominic Cleal +Date: Tue, 19 Nov 2013 09:39:23 +0000 +Subject: [PATCH] * src/transform.c (filter_matches): wrap fnmatch to ensure + that an incl pattern containing "//" matches file paths + +Fixes RHBZ#1031084 +--- + src/transform.c | 38 ++++++++++++++++++++++++++++++++++---- + tests/test-save.c | 39 +++++++++++++++++++++++++++++++++++++++ + 2 files changed, 73 insertions(+), 4 deletions(-) + +diff --git a/src/transform.c b/src/transform.c +index 1ee8da8..ccbe422 100644 +--- a/src/transform.c ++++ b/src/transform.c +@@ -142,6 +142,33 @@ static char *mtime_as_string(struct augeas *aug, const char *fname) { + return NULL; + } + ++/* fnmatch(3) which will match // in a pattern to a path, like glob(3) does */ ++static int fnmatch_normalize(const char *pattern, const char *string, int flags) { ++ int i, j, r; ++ char *pattern_norm = NULL; ++ ++ r = ALLOC_N(pattern_norm, strlen(pattern) + 1); ++ if (r < 0) ++ goto error; ++ ++ for (i = 0, j = 0; i < strlen(pattern); i++) { ++ if (pattern[i] != '/' || pattern[i+1] != '/') { ++ pattern_norm[j] = pattern[i]; ++ j++; ++ } ++ } ++ pattern_norm[j] = 0; ++ ++ r = fnmatch(pattern_norm, string, flags); ++ FREE(pattern_norm); ++ return r; ++ ++ error: ++ if (pattern_norm != NULL) ++ FREE(pattern_norm); ++ return -1; ++} ++ + static bool file_current(struct augeas *aug, const char *fname, + struct tree *finfo) { + struct tree *mtime = tree_child(finfo, s_mtime); +@@ -217,9 +244,12 @@ static int filter_generate(struct tree *xfm, const char *root, + + if (strchr(e->value, SEP) == NULL) + path = pathbase(path); +- if ((r = fnmatch(e->value, path, fnm_flags)) == 0) { ++ ++ r = fnmatch_normalize(e->value, path, fnm_flags); ++ if (r < 0) ++ goto error; ++ else if (r == 0) + include = false; +- } + } + + if (include) +@@ -254,7 +284,7 @@ static int filter_generate(struct tree *xfm, const char *root, + static int filter_matches(struct tree *xfm, const char *path) { + int found = 0; + list_for_each(f, xfm->children) { +- if (is_incl(f) && fnmatch(f->value, path, fnm_flags) == 0) { ++ if (is_incl(f) && fnmatch_normalize(f->value, path, fnm_flags) == 0) { + found = 1; + break; + } +@@ -262,7 +292,7 @@ static int filter_matches(struct tree *xfm, const char *path) { + if (! found) + return 0; + list_for_each(f, xfm->children) { +- if (is_excl(f) && (fnmatch(f->value, path, fnm_flags) == 0)) ++ if (is_excl(f) && (fnmatch_normalize(f->value, path, fnm_flags) == 0)) + return 0; + } + return 1; +diff --git a/tests/test-save.c b/tests/test-save.c +index 04b86f7..617ef31 100644 +--- a/tests/test-save.c ++++ b/tests/test-save.c +@@ -183,6 +183,44 @@ static void testRelPath(CuTest *tc) { + CuAssertIntEquals(tc, 1, r); + } + ++/* Check that loading and saving a file with // in the incl pattern works. ++ * RHBZ#1031084 ++ */ ++static void testDoubleSlashPath(CuTest *tc) { ++ int r; ++ ++ r = aug_rm(aug, "/augeas/load/*"); ++ CuAssertPositive(tc, r); ++ ++ r = aug_set(aug, "/augeas/load/Hosts/lens", "Hosts.lns"); ++ CuAssertRetSuccess(tc, r); ++ r = aug_set(aug, "/augeas/load/Hosts/incl", "/etc//hosts"); ++ CuAssertRetSuccess(tc, r); ++ r = aug_load(aug); ++ CuAssertRetSuccess(tc, r); ++ ++ r = aug_match(aug, "/files/etc/hosts/1/alias[ . = 'new']", NULL); ++ CuAssertIntEquals(tc, 0, r); ++ ++ r = aug_set(aug, "/files/etc/hosts/1/alias[last() + 1]", "new"); ++ CuAssertRetSuccess(tc, r); ++ ++ r = aug_save(aug); ++ CuAssertRetSuccess(tc, r); ++ r = aug_match(aug, "/augeas//error", NULL); ++ CuAssertIntEquals(tc, 0, r); ++ ++ /* Force reloading the file */ ++ r = aug_rm(aug, "/augeas/files//mtime"); ++ CuAssertPositive(tc, r); ++ ++ r = aug_load(aug); ++ CuAssertRetSuccess(tc, r); ++ ++ r = aug_match(aug, "/files/etc/hosts/1/alias[. = 'new']", NULL); ++ CuAssertIntEquals(tc, 1, r); ++} ++ + int main(void) { + char *output = NULL; + CuSuite* suite = CuSuiteNew(); +@@ -206,6 +244,7 @@ int main(void) { + SUITE_ADD_TEST(suite, testMultipleXfm); + SUITE_ADD_TEST(suite, testMtime); + SUITE_ADD_TEST(suite, testRelPath); ++ SUITE_ADD_TEST(suite, testDoubleSlashPath); + + CuSuiteRun(suite); + CuSuiteSummary(suite, &output); +-- +1.8.3.1 + diff --git a/SOURCES/augeas-1.1.0-iproute2-dsfield-hex.patch b/SOURCES/augeas-1.1.0-iproute2-dsfield-hex.patch new file mode 100644 index 0000000..1cf85e1 --- /dev/null +++ b/SOURCES/augeas-1.1.0-iproute2-dsfield-hex.patch @@ -0,0 +1,59 @@ +From e27a4f34800d8420a01ee3e7d4182c1d48489182 Mon Sep 17 00:00:00 2001 +From: Dominic Cleal +Date: Wed, 12 Feb 2014 09:49:03 +0000 +Subject: [PATCH 1/2] IPRoute2: handle hex IDs and hyphens in names, as present + in rt_dsfield + +Fixes RHBZ#1063961 + +(cherry picked from commit 2686edf4bcc0a2110ef5a2e8c01045ab0081b04e) + +Conflicts: + NEWS +--- + lenses/iproute2.aug | 3 ++- + lenses/tests/test_iproute2.aug | 10 ++++++++++ + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/lenses/iproute2.aug b/lenses/iproute2.aug +index 66b4a2c..6f6b1ba 100644 +--- a/lenses/iproute2.aug ++++ b/lenses/iproute2.aug +@@ -2,7 +2,8 @@ module IPRoute2 = + autoload xfm + + let empty = [ del /[ \t]*#?[ \t]*\n/ "\n" ] +- let record = [ store /[0-9]+/ . del /[ \t]+/ "\t" . key /[a-zA-Z0-9]+/ . Util.comment_or_eol ] ++ let id = Rx.hex | Rx.integer ++ let record = [ store id . del /[ \t]+/ "\t" . key /[a-zA-Z0-9-]+/ . Util.comment_or_eol ] + + let lns = ( empty | Util.comment | record ) * + +diff --git a/lenses/tests/test_iproute2.aug b/lenses/tests/test_iproute2.aug +index cbd7802..cc24efe 100644 +--- a/lenses/tests/test_iproute2.aug ++++ b/lenses/tests/test_iproute2.aug +@@ -19,6 +19,11 @@ let conf = " + 203 adsl3 + 204 adsl4 + 205 wifi0 ++# ++# From rt_dsfield ++# ++0x00 default ++0x80 flash-override + " + + test IPRoute2.lns get conf = +@@ -41,3 +46,8 @@ test IPRoute2.lns get conf = + { "adsl3" = "203" } + { "adsl4" = "204" } + { "wifi0" = "205" } ++ { } ++ { "#comment" = "From rt_dsfield" } ++ { } ++ { "default" = "0x00" } ++ { "flash-override" = "0x80" } +-- +1.8.5.3 + diff --git a/SOURCES/augeas-1.1.0-iproute2-protos-slash.patch b/SOURCES/augeas-1.1.0-iproute2-protos-slash.patch new file mode 100644 index 0000000..2756eae --- /dev/null +++ b/SOURCES/augeas-1.1.0-iproute2-protos-slash.patch @@ -0,0 +1,91 @@ +From 13a5a36d4da2cb456b338b94025150d8e3847a5f Mon Sep 17 00:00:00 2001 +From: Dominic Cleal +Date: Wed, 12 Feb 2014 10:19:21 +0000 +Subject: [PATCH 2/2] IPRoute2: handle "/" in protocol names, swap ID and name + fields + +This is an incompatible change. + +Fixes RHBZ#1063968 + +(cherry picked from commit bd6c783dc05ccf66af02fe24af703737823a99ad) + +Conflicts: + NEWS +--- + lenses/iproute2.aug | 2 +- + lenses/tests/test_iproute2.aug | 34 ++++++++++++++++++++++------------ + 2 files changed, 23 insertions(+), 13 deletions(-) + +diff --git a/lenses/iproute2.aug b/lenses/iproute2.aug +index 6f6b1ba..fa3dcb7 100644 +--- a/lenses/iproute2.aug ++++ b/lenses/iproute2.aug +@@ -3,7 +3,7 @@ module IPRoute2 = + + let empty = [ del /[ \t]*#?[ \t]*\n/ "\n" ] + let id = Rx.hex | Rx.integer +- let record = [ store id . del /[ \t]+/ "\t" . key /[a-zA-Z0-9-]+/ . Util.comment_or_eol ] ++ let record = [ key id . del /[ \t]+/ "\t" . store /[a-zA-Z0-9\/-]+/ . Util.comment_or_eol ] + + let lns = ( empty | Util.comment | record ) * + +diff --git a/lenses/tests/test_iproute2.aug b/lenses/tests/test_iproute2.aug +index cc24efe..2acd367 100644 +--- a/lenses/tests/test_iproute2.aug ++++ b/lenses/tests/test_iproute2.aug +@@ -24,6 +24,11 @@ let conf = " + # + 0x00 default + 0x80 flash-override ++ ++# From rt_protos ++# ++254 gated/aggr ++253 gated/bgp + " + + test IPRoute2.lns get conf = +@@ -32,22 +37,27 @@ test IPRoute2.lns get conf = + { } + { "#comment" = "reserved values" } + { } +- { "local" = "255" } +- { "main" = "254" } +- { "default" = "253" } +- { "unspec" = "0" } ++ { "255" = "local" } ++ { "254" = "main" } ++ { "253" = "default" } ++ { "0" = "unspec" } + { } + { "#comment" = "local" } + { } + { "#comment" = "1 inr.ruhep" } +- { "h3g0" = "200" } +- { "adsl1" = "201" } +- { "adsl2" = "202" } +- { "adsl3" = "203" } +- { "adsl4" = "204" } +- { "wifi0" = "205" } ++ { "200" = "h3g0" } ++ { "201" = "adsl1" } ++ { "202" = "adsl2" } ++ { "203" = "adsl3" } ++ { "204" = "adsl4" } ++ { "205" = "wifi0" } + { } + { "#comment" = "From rt_dsfield" } + { } +- { "default" = "0x00" } +- { "flash-override" = "0x80" } ++ { "0x00" = "default" } ++ { "0x80" = "flash-override" } ++ { } ++ { "#comment" = "From rt_protos" } ++ { } ++ { "254" = "gated/aggr" } ++ { "253" = "gated/bgp" } +-- +1.8.5.3 + diff --git a/SOURCES/augeas-1.1.0-keepalived-virtual-servers.patch b/SOURCES/augeas-1.1.0-keepalived-virtual-servers.patch new file mode 100644 index 0000000..a5d046d --- /dev/null +++ b/SOURCES/augeas-1.1.0-keepalived-virtual-servers.patch @@ -0,0 +1,279 @@ +From 6eba1a21df59cc1638a2047f24080ebe657b497e Mon Sep 17 00:00:00 2001 +From: Dominic Cleal +Date: Fri, 21 Feb 2014 10:56:57 +0000 +Subject: [PATCH 2/3] Keepalived: add more virtual/real server settings and + checks + +Fixes RHBZ#1064388 + +(cherry picked from commit 1f6ec69ffcd46a5b6937025973a2f2337df2727d) + +Conflicts: + NEWS +--- + lenses/keepalived.aug | 81 +++++++++++++++++++++++-- + lenses/tests/test_keepalived.aug | 128 +++++++++++++++++++++++++++++++++++++++ + 2 files changed, 203 insertions(+), 6 deletions(-) + +diff --git a/lenses/keepalived.aug b/lenses/keepalived.aug +index 1fe3aa2..9fd02ff 100644 +--- a/lenses/keepalived.aug ++++ b/lenses/keepalived.aug +@@ -83,6 +83,10 @@ let field (kw:regexp) (sto:lens) = indent . Build.key_value_line_comment kw sep_ + A single word *) + let flag (kw:regexp) = [ indent . key kw . comment_or_eol ] + ++(* View: ip_port ++ An IP port pair *) ++let ip_port = [ label "ip" . sto_word ] . sep_spc . [ label "port" . sto_num ] ++ + (* View: lens_block + A generic block with a title lens. + The definition is very similar to Build.block_newlines +@@ -220,22 +224,87 @@ let vrrpd_conf = vrrp_sync_group | vrrp_instance | vrrp_script + + + (************************************************************************ +- * Group: LVS CONFIGURATION ++ * Group: REAL SERVER CHECKS CONFIGURATION + *************************************************************************) + + (* View: tcp_check_field *) +-let tcp_check_field = field /connect_(timeout|port)/ sto_num ++let tcp_check_field = ++ let word_re = "bindto" ++ in let num_re = /connect_(timeout|port)/ ++ in field word_re sto_word ++ | field num_re sto_num ++ ++(* View: misc_check_field *) ++let misc_check_field = ++ let flag_re = "misc_dynamic" ++ in let num_re = "misc_timeout" ++ in let to_eol_re = "misc_path" ++ in field num_re sto_num ++ | flag flag_re ++ | field to_eol_re sto_to_eol ++ ++(* View: smtp_host_check_field *) ++let smtp_host_check_field = ++ let word_re = "connect_ip" | "bindto" ++ in let num_re = "connect_port" ++ in field word_re sto_word ++ | field num_re sto_num ++ ++(* View: smtp_check_field *) ++let smtp_check_field = ++ let word_re = "connect_ip" | "bindto" ++ in let num_re = "connect_timeout" | "retry" | "delay_before_retry" ++ in let to_eol_re = "helo_name" ++ in field word_re sto_word ++ | field num_re sto_num ++ | field to_eol_re sto_to_eol ++ | block "host" smtp_host_check_field ++ ++(* View: http_url_check_field *) ++let http_url_check_field = ++ let word_re = "digest" ++ in let num_re = "status_code" ++ in let to_eol_re = "path" ++ in field word_re sto_word ++ | field num_re sto_num ++ | field to_eol_re sto_to_eol ++ ++(* View: http_check_field *) ++let http_check_field = ++ let num_re = /connect_(timeout|port)/ | "nb_get_retry" | "delay_before_retry" ++ in field num_re sto_num ++ | block "url" http_url_check_field + + (* View: real_server_field *) +-let real_server_field = field "weight" sto_num +- | block "TCP_CHECK" tcp_check_field ++let real_server_field = ++ let num_re = "weight" ++ in let flag_re = "inhibit_on_failure" ++ in let to_eol_re = /notify_(up|down)/ ++ in field num_re sto_num ++ | flag flag_re ++ | field to_eol_re sto_to_eol ++ | block "TCP_CHECK" tcp_check_field ++ | block "MISC_CHECK" misc_check_field ++ | block "SMTP_CHECK" smtp_check_field ++ | block /(HTTP|SSL)_GET/ http_check_field ++ ++(************************************************************************ ++ * Group: LVS CONFIGURATION ++ *************************************************************************) + + (* View: virtual_server_field *) + let virtual_server_field = +- let num_re = "delay_loop" +- in let word_re = /lb_(algo|kind)/ | "nat_mask" | "protocol" ++ let num_re = "delay_loop" | "persistence_timeout" | "quorum" | "hysteresis" ++ in let word_re = /lb_(algo|kind)/ | "nat_mask" | "protocol" | "persistence_granularity" ++ | "virtualhost" ++ in let flag_re = "ops" | "ha_suspend" | "alpha" | "omega" ++ in let to_eol_re = /quorum_(up|down)/ ++ in let ip_port_re = "sorry_server" + in field num_re sto_num + | field word_re sto_word ++ | flag flag_re ++ | field to_eol_re sto_to_eol ++ | field ip_port_re ip_port + | named_block_arg "real_server" "ip" "port" real_server_field + + (* View: virtual_server *) +diff --git a/lenses/tests/test_keepalived.aug b/lenses/tests/test_keepalived.aug +index 615509e..371df25 100644 +--- a/lenses/tests/test_keepalived.aug ++++ b/lenses/tests/test_keepalived.aug +@@ -118,6 +118,8 @@ virtual_server 192.168.1.11 22 { + + protocol TCP + ++ sorry_server 10.20.40.30 22 ++ + ! there can be as many real_server blocks as you need + + real_server 10.20.40.10 22 { +@@ -269,6 +271,10 @@ weight 2 # add 2 points of prio if OK + { } + { "protocol" = "TCP" } + { } ++ { "sorry_server" ++ { "ip" = "10.20.40.30" } ++ { "port" = "22" } } ++ { } + { "#comment" = "there can be as many real_server blocks as you need" } + { } + { "real_server" +@@ -312,3 +318,125 @@ weight 2 # add 2 points of prio if OK + { } + { "#comment" = "that's all" } + ++(* Variable: tcp_check ++ An example of a TCP health checker *) ++let tcp_check = "virtual_server 192.168.1.11 22 { ++ real_server 10.20.40.10 22 { ++ TCP_CHECK { ++ connect_timeout 3 ++ connect_port 22 ++ bindto 192.168.1.1 ++ } ++ } ++} ++" ++test Keepalived.lns get tcp_check = ++ { "virtual_server" ++ { "ip" = "192.168.1.11" } ++ { "port" = "22" } ++ { "real_server" ++ { "ip" = "10.20.40.10" } ++ { "port" = "22" } ++ { "TCP_CHECK" ++ { "connect_timeout" = "3" } ++ { "connect_port" = "22" } ++ { "bindto" = "192.168.1.1" } } } } ++ ++(* Variable: misc_check ++ An example of a MISC health checker *) ++let misc_check = "virtual_server 192.168.1.11 22 { ++ real_server 10.20.40.10 22 { ++ MISC_CHECK { ++ misc_path /usr/local/bin/server_test ++ misc_timeout 3 ++ misc_dynamic ++ } ++ } ++} ++" ++test Keepalived.lns get misc_check = ++ { "virtual_server" ++ { "ip" = "192.168.1.11" } ++ { "port" = "22" } ++ { "real_server" ++ { "ip" = "10.20.40.10" } ++ { "port" = "22" } ++ { "MISC_CHECK" ++ { "misc_path" = "/usr/local/bin/server_test" } ++ { "misc_timeout" = "3" } ++ { "misc_dynamic" } } } } ++ ++(* Variable: smtp_check ++ An example of an SMTP health checker *) ++let smtp_check = "virtual_server 192.168.1.11 22 { ++ real_server 10.20.40.10 22 { ++ SMTP_CHECK { ++ host { ++ connect_ip 10.20.40.11 ++ connect_port 587 ++ bindto 192.168.1.1 ++ } ++ connect_timeout 3 ++ retry 5 ++ delay_before_retry 10 ++ helo_name \"Testing Augeas\" ++ } ++ } ++} ++" ++test Keepalived.lns get smtp_check = ++ { "virtual_server" ++ { "ip" = "192.168.1.11" } ++ { "port" = "22" } ++ { "real_server" ++ { "ip" = "10.20.40.10" } ++ { "port" = "22" } ++ { "SMTP_CHECK" ++ { "host" ++ { "connect_ip" = "10.20.40.11" } ++ { "connect_port" = "587" } ++ { "bindto" = "192.168.1.1" } } ++ { "connect_timeout" = "3" } ++ { "retry" = "5" } ++ { "delay_before_retry" = "10" } ++ { "helo_name" = "\"Testing Augeas\"" } } } } ++ ++(* Variable: http_check ++ An example of an HTTP health checker *) ++let http_check = "virtual_server 192.168.1.11 22 { ++ real_server 10.20.40.10 22 { ++ HTTP_GET { ++ url { ++ path /mrtg2/ ++ digest 9b3a0c85a887a256d6939da88aabd8cd ++ status_code 200 ++ } ++ connect_timeout 3 ++ connect_port 8080 ++ nb_get_retry 5 ++ delay_before_retry 10 ++ } ++ SSL_GET { ++ connect_port 8443 ++ } ++ } ++} ++" ++test Keepalived.lns get http_check = ++ { "virtual_server" ++ { "ip" = "192.168.1.11" } ++ { "port" = "22" } ++ { "real_server" ++ { "ip" = "10.20.40.10" } ++ { "port" = "22" } ++ { "HTTP_GET" ++ { "url" ++ { "path" = "/mrtg2/" } ++ { "digest" = "9b3a0c85a887a256d6939da88aabd8cd" } ++ { "status_code" = "200" } } ++ { "connect_timeout" = "3" } ++ { "connect_port" = "8080" } ++ { "nb_get_retry" = "5" } ++ { "delay_before_retry" = "10" } } ++ { "SSL_GET" ++ { "connect_port" = "8443" } } } } +-- +1.8.5.3 + diff --git a/SOURCES/augeas-1.1.0-krb5-braces.patch b/SOURCES/augeas-1.1.0-krb5-braces.patch new file mode 100644 index 0000000..1d54714 --- /dev/null +++ b/SOURCES/augeas-1.1.0-krb5-braces.patch @@ -0,0 +1,87 @@ +From 1ac63d941a60816799b7c70941fefbafdb4d79de Mon Sep 17 00:00:00 2001 +From: Dominic Cleal +Date: Tue, 25 Feb 2014 16:19:51 +0000 +Subject: [PATCH 3/3] Krb5: permit braces in values when not in sub-section + +Fixes RHBZ#1066419 + +(cherry picked from commit d9465ab8e88f91cb5a29eb9f04044876ce45a2d9) + +Conflicts: + NEWS +--- + lenses/krb5.aug | 15 ++++++++------- + lenses/tests/test_krb5.aug | 7 +++++++ + 2 files changed, 15 insertions(+), 7 deletions(-) + +diff --git a/lenses/krb5.aug b/lenses/krb5.aug +index 8d26cfe..8b4ebe4 100644 +--- a/lenses/krb5.aug ++++ b/lenses/krb5.aug +@@ -25,16 +25,17 @@ let realm_re = /[A-Z][.a-zA-Z0-9-]*/ + let app_re = /[a-z][a-zA-Z0-9_]*/ + let name_re = /[.a-zA-Z0-9_-]+/ + +-let value = store /[^;# \t\r\n{}]+/ +-let entry (kw:regexp) (sep:lens) (comment:lens) ++let value_br = store /[^;# \t\r\n{}]+/ ++let value = store /[^;# \t\r\n]+/ ++let entry (kw:regexp) (sep:lens) (value:lens) (comment:lens) + = [ indent . key kw . sep . value . (comment|eol) ] | comment + + let subsec_entry (kw:regexp) (sep:lens) (comment:lens) +- = ( entry kw sep comment ) | empty ++ = ( entry kw sep value_br comment ) | empty + + let simple_section (n:string) (k:regexp) = + let title = Inifile.indented_title n in +- let entry = entry k eq comment in ++ let entry = entry k eq value comment in + Inifile.record title entry + + let record (t:string) (e:lens) = +@@ -59,7 +60,7 @@ let enctype_list (nr:regexp) (ns:string) = + . (comment|eol) . [ label "#eol" ] + + let libdefaults = +- let option = entry (name_re - ("v4_name_convert" |enctypes)) eq comment in ++ let option = entry (name_re - ("v4_name_convert" |enctypes)) eq value comment in + let enctype_lists = enctype_list /permitted_enctypes/i "permitted_enctypes" + | enctype_list /default_tgs_enctypes/i "default_tgs_enctypes" + | enctype_list /default_tkt_enctypes/i "default_tkt_enctypes" in +@@ -73,7 +74,7 @@ let login = + simple_section "login" keys + + let appdefaults = +- let option = entry (name_re - ("realm" | "application")) eq comment in ++ let option = entry (name_re - ("realm" | "application")) eq value_br comment in + let realm = [ indent . label "realm" . store realm_re . + eq_openbr . (option|empty)* . closebr . eol ] in + let app = [ indent . label "application" . store app_re . +@@ -117,7 +118,7 @@ let logging = + let capaths = + let realm = [ indent . key realm_re . + eq_openbr . +- (entry realm_re eq comment)* . closebr . eol ] in ++ (entry realm_re eq value_br comment)* . closebr . eol ] in + record "capaths" (realm|comment) + + let dbdefaults = +diff --git a/lenses/tests/test_krb5.aug b/lenses/tests/test_krb5.aug +index 0547b65..b0ec6d6 100644 +--- a/lenses/tests/test_krb5.aug ++++ b/lenses/tests/test_krb5.aug +@@ -995,3 +995,10 @@ test Krb5.lns get v4_name_convert = + (* Ticket #288: semicolons for comments *) + test Krb5.lns get "; AD : This Kerberos configuration is for CERN's Active Directory realm.\n" = + { "#comment" = "AD : This Kerberos configuration is for CERN's Active Directory realm." } ++ ++(* RHBZ#1066419: braces in values *) ++test Krb5.lns get "[libdefaults]\n ++default_ccache_name = KEYRING:persistent:%{uid}\n" = ++ { "libdefaults" ++ { } ++ { "default_ccache_name" = "KEYRING:persistent:%{uid}" } } +-- +1.8.5.3 + diff --git a/SOURCES/augeas-1.1.0-shellvars-case-semicolons.patch b/SOURCES/augeas-1.1.0-shellvars-case-semicolons.patch new file mode 100644 index 0000000..eb87110 --- /dev/null +++ b/SOURCES/augeas-1.1.0-shellvars-case-semicolons.patch @@ -0,0 +1,180 @@ +From 0cce971fabef13af3a9592ef93a505378f73338a Mon Sep 17 00:00:00 2001 +From: Dominic Cleal +Date: Wed, 29 Jan 2014 22:57:02 +0000 +Subject: [PATCH 5/5] Shellvars: handle case statements with same-line ;; + tokens + +Fixes RHBZ#1033799 + +(cherry picked from commit a1b9831d14f22f81cf7dc840160c08cc14234ee9) + +Conflicts: + NEWS + lenses/shellvars.aug +--- + lenses/shellvars.aug | 65 +++++++++++++++++++++++++---------------- + lenses/sysconfig.aug | 6 ++-- + lenses/tests/test_shellvars.aug | 11 +++++++ + 3 files changed, 54 insertions(+), 28 deletions(-) + +diff --git a/lenses/shellvars.aug b/lenses/shellvars.aug +index 4111ee6..eff933a 100644 +--- a/lenses/shellvars.aug ++++ b/lenses/shellvars.aug +@@ -59,40 +59,37 @@ module Shellvars = + | bquot | dbquot | dollar_assign | empty_array) + + let export = [ key "export" . Util.del_ws_spc ] +- let kv = [ Util.indent . export? . key key_re +- . eq . (simple_value | array) . comment_or_eol ] ++ let kv = Util.indent . export? . key key_re ++ . eq . (simple_value | array) + + let var_action (name:string) = +- Util.indent . del name name . Util.del_ws_spc . +- [ label ("@" . name) . counter "var_action" +- . Build.opt_list [ seq "var_action" . store (key_re | matching_re) ] Util.del_ws_spc +- . comment_or_eol ] ++ Util.indent . del name name . Util.del_ws_spc ++ . label ("@" . name) . counter "var_action" ++ . Build.opt_list [ seq "var_action" . store (key_re | matching_re) ] Util.del_ws_spc + + let unset = var_action "unset" + let bare_export = var_action "export" + + let source = +- [ Util.indent +- . del /\.|source/ "." . label ".source" +- . Util.del_ws_spc . store /[^;=# \t\n]+/ . comment_or_eol ] ++ Util.indent ++ . del /\.|source/ "." . label ".source" ++ . Util.del_ws_spc . store /[^;=# \t\n]+/ + + let shell_builtin_cmds = "ulimit" | "shift" | "exit" + + let builtin = +- [ Util.indent . label "@builtin" +- . store shell_builtin_cmds +- . (Util.del_ws_spc +- . [ label "args" . sto_to_semicol ])? +- . comment_or_eol ] ++ Util.indent . label "@builtin" ++ . store shell_builtin_cmds ++ . (Util.del_ws_spc ++ . [ label "args" . sto_to_semicol ])? + + let keyword (kw:string) = Util.indent . Util.del_str kw + let keyword_label (kw:string) (lbl:string) = keyword kw . label lbl + + let return = +- [ Util.indent . label "@return" +- . Util.del_str "return" +- . ( Util.del_ws_spc . store Rx.integer )? +- . comment_or_eol ] ++ Util.indent . label "@return" ++ . Util.del_str "return" ++ . ( Util.del_ws_spc . store Rx.integer )? + + + (************************************************************************ +@@ -128,11 +125,11 @@ module Shellvars = + let loop_select (entry:lens) = + generic_cond "select" "@select" "do" entry+ "done" + +- let case (entry:lens) = ++ let case (entry:lens) (entry_noeol:lens) = + let case_entry = [ label "@case_entry" + . Util.indent . store /[^ \t\n\)]+/ + . Util.del_str ")" . eol +- . entry* ++ . ( entry+ | entry_noeol )? + . Util.indent . Util.del_str ";;" . eol ] in + [ keyword_label "case" "@case" . Sep.space + . store (char+ | ("\"" . char+ . "\"")) +@@ -149,20 +146,38 @@ module Shellvars = + . entry+ + . Util.indent . Util.del_str "}" . eol ] + ++ let entry_eol = ++ let entry_eol_item (item:lens) = ++ [ item . comment_or_eol ] in ++ entry_eol_item source ++ | entry_eol_item kv ++ | entry_eol_item unset ++ | entry_eol_item bare_export ++ | entry_eol_item builtin ++ | entry_eol_item return ++ ++ let entry_noeol = ++ let entry_item (item:lens) = [ item ] in ++ entry_item source ++ | entry_item kv ++ | entry_item unset ++ | entry_item bare_export ++ | entry_item builtin ++ | entry_item return ++ + let rec rec_entry = +- let entry = comment | source | kv +- | unset | bare_export | builtin | return | rec_entry in ++ let entry = comment | entry_eol | rec_entry in + cond_if entry + | loop_for entry + | loop_select entry + | loop_while entry + | loop_until entry +- | case entry ++ | case entry entry_noeol + | function entry + +- let lns_norec = empty* . (comment | source | kv | unset | bare_export | builtin | return) * ++ let lns_norec = empty* . (comment | entry_eol) * + +- let lns = empty* . (comment | source | kv | unset | bare_export | builtin | return | rec_entry) * ++ let lns = empty* . (comment | entry_eol | rec_entry) * + + let sc_incl (n:string) = (incl ("/etc/sysconfig/" . n)) + let sc_excl (n:string) = (excl ("/etc/sysconfig/" . n)) +diff --git a/lenses/sysconfig.aug b/lenses/sysconfig.aug +index ee83af1..8c505b3 100644 +--- a/lenses/sysconfig.aug ++++ b/lenses/sysconfig.aug +@@ -55,10 +55,10 @@ module Sysconfig = + + let var_action = Shellvars.var_action + +- let unset = var_action "unset" +- let bare_export = var_action "export" ++ let unset = [ var_action "unset" . comment_or_eol ] ++ let bare_export = [ var_action "export" . comment_or_eol ] + +- let source = Shellvars.source ++ let source = [ Shellvars.source . comment_or_eol ] + + let lns = empty* . (comment | source | assign | unset | bare_export)* + +diff --git a/lenses/tests/test_shellvars.aug b/lenses/tests/test_shellvars.aug +index 79a5a4e..18fd361 100644 +--- a/lenses/tests/test_shellvars.aug ++++ b/lenses/tests/test_shellvars.aug +@@ -446,6 +446,17 @@ esac\n" = + { "1" = "TestVar1" } + { "2" = "TestVar2" } } + ++ (* Support ;; on same line as a case statement entry, RHBZ#1033799 *) ++ test lns get "case $ARG in ++ 0) TestVar=\"test0\" ;; ++ 1) TestVar=\"test1\" ;; ++esac\n" = ++ { "@case" = "$ARG" ++ { "@case_entry" = "0" ++ { "TestVar" = "\"test0\"" } } ++ { "@case_entry" = "1" ++ { "TestVar" = "\"test1\"" } } } ++ + (* Local Variables: *) + (* mode: caml *) + (* End: *) +-- +1.8.5.3 + diff --git a/SOURCES/augeas-1.1.0-shellvars-firewalld.patch b/SOURCES/augeas-1.1.0-shellvars-firewalld.patch new file mode 100644 index 0000000..1d75bab --- /dev/null +++ b/SOURCES/augeas-1.1.0-shellvars-firewalld.patch @@ -0,0 +1,27 @@ +From 620d73fdec0aa82f2d04d9d3263e036f2bd6d9e2 Mon Sep 17 00:00:00 2001 +From: David Lutterkort +Date: Tue, 27 Aug 2013 10:39:45 -0700 +Subject: [PATCH 2/5] Shellvars: read /etc/firewalld/firewalld.conf + +Fixes https://fedorahosted.org/augeas/ticket/363 + +(cherry picked from commit 63e322699272dd26fc9014c672ea5ce9e4fb21e8) +--- + lenses/shellvars.aug | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lenses/shellvars.aug b/lenses/shellvars.aug +index da19379..4111ee6 100644 +--- a/lenses/shellvars.aug ++++ b/lenses/shellvars.aug +@@ -205,6 +205,7 @@ module Shellvars = + let filter_misc = incl "/etc/arno-iptables-firewall/debconf.cfg" + . incl "/etc/cron-apt/config" + . incl "/etc/environment" ++ . incl "/etc/firewalld/firewalld.conf" + . incl "/etc/blkid.conf" + . incl "/etc/adduser.conf" + . incl "/etc/cowpoke.conf" +-- +1.8.5.3 + diff --git a/SOURCES/augeas-1.1.0-shellvars-multi-export.patch b/SOURCES/augeas-1.1.0-shellvars-multi-export.patch new file mode 100644 index 0000000..7ce0fad --- /dev/null +++ b/SOURCES/augeas-1.1.0-shellvars-multi-export.patch @@ -0,0 +1,132 @@ +From c40fc2b24f9f3b104603e3d19ff2b0975b1af9cc Mon Sep 17 00:00:00 2001 +From: Dominic Cleal +Date: Thu, 2 Jan 2014 13:50:41 +0000 +Subject: [PATCH] Shellvars, Sysconfig: map "bare" export and unset lines using + seq to handle multiple variables + +Fixes RHBZ#1033795 + +(cherry picked from commit 15ec3753b0ba82e155426288572f6b92c3cafc59) + +Conflicts: + NEWS + lenses/tests/test_shellvars.aug +--- + lenses/shellvars.aug | 6 ++++-- + lenses/tests/test_shellvars.aug | 21 ++++++++++++++++----- + lenses/tests/test_sysconfig.aug | 8 +++++--- + 3 files changed, 25 insertions(+), 10 deletions(-) + +diff --git a/lenses/shellvars.aug b/lenses/shellvars.aug +index a88ad83..da19379 100644 +--- a/lenses/shellvars.aug ++++ b/lenses/shellvars.aug +@@ -63,8 +63,10 @@ module Shellvars = + . eq . (simple_value | array) . comment_or_eol ] + + let var_action (name:string) = +- [ Util.indent . xchgs name ("@" . name) . Util.del_ws_spc +- . store (key_re | matching_re) . comment_or_eol ] ++ Util.indent . del name name . Util.del_ws_spc . ++ [ label ("@" . name) . counter "var_action" ++ . Build.opt_list [ seq "var_action" . store (key_re | matching_re) ] Util.del_ws_spc ++ . comment_or_eol ] + + let unset = var_action "unset" + let bare_export = var_action "export" +diff --git a/lenses/tests/test_shellvars.aug b/lenses/tests/test_shellvars.aug +index 9aea433..79a5a4e 100644 +--- a/lenses/tests/test_shellvars.aug ++++ b/lenses/tests/test_shellvars.aug +@@ -30,7 +30,8 @@ unset ONBOOT # We do not want this var + { "#comment" = "DHCP_HOSTNAME=host.example.com" } + { "NETMASK" = "255.255.255.0" } + { "NETWORK" = "172.31.0.0" } +- { "@unset" = "ONBOOT" ++ { "@unset" ++ { "1" = "ONBOOT" } + { "#comment" = "We do not want this var" } } + + test lns put eth_static after +@@ -147,7 +148,8 @@ unset ONBOOT # We do not want this var + + (* Bug 109: allow a bare export *) + test lns get "export FOO\n" = +- { "@export" = "FOO" } ++ { "@export" ++ { "1" = "FOO" } } + + (* Bug 73: allow ulimit builtin *) + test lns get "ulimit -c unlimited\n" = +@@ -259,7 +261,8 @@ esac\n" = + { "@case_entry" = "/tmp/file2" + { ".source" = "/tmp/file2" } } + { "@case_entry" = "*" +- { "@unset" = "f" } } } ++ { "@unset" ++ { "1" = "f" } } } } + + (* Select *) + test lns get "select i in a b c; do . /tmp/file$i +@@ -346,7 +349,8 @@ esac\n" = + { "#comment" = "comment before 2" } + { "@case_entry" = "*" + { "#comment" = "comment in 2" } +- { "@unset" = "f" } } ++ { "@unset" ++ { "1" = "f" } } } + { "#comment" = "comment after" } } + + (* Empty case *) +@@ -397,7 +401,8 @@ esac\n" = + + (* unset can be used on wildcard variables *) + test Shellvars.lns get "unset ${!LC_*}\n" = +- { "@unset" = "${!LC_*}" } ++ { "@unset" ++ { "1" = "${!LC_*}" } } + + (* Empty comment before entries *) + test Shellvars.lns get "# \nfoo=bar\n" = +@@ -435,6 +440,12 @@ esac\n" = + { "#comment" = "foo" } + { "foo" = "bar" } + ++ (* Export of multiple variables, RHBZ#1033795 *) ++ test lns get "export TestVar1 TestVar2\n" = ++ { "@export" ++ { "1" = "TestVar1" } ++ { "2" = "TestVar2" } } ++ + (* Local Variables: *) + (* mode: caml *) + (* End: *) +diff --git a/lenses/tests/test_sysconfig.aug b/lenses/tests/test_sysconfig.aug +index 539ad99..fa1601a 100644 +--- a/lenses/tests/test_sysconfig.aug ++++ b/lenses/tests/test_sysconfig.aug +@@ -30,8 +30,9 @@ unset ONBOOT # We do not want this var + { "#comment" = "DHCP_HOSTNAME=host.example.com" } + { "NETMASK" = "255.255.255.0" } + { "NETWORK" = "172.31.0.0" } +- { "@unset" = "ONBOOT" +- { "#comment" = "We do not want this var" } } ++ { "@unset" ++ { "1" = "ONBOOT" } ++ { "#comment" = "We do not want this var" } } + + test lns put eth_static after + set "BOOTPROTO" "dhcp" ; +@@ -124,7 +125,8 @@ unset ONBOOT # We do not want this var + + (* Bug 109: allow a bare export *) + test lns get "export FOO\n" = +- { "@export" = "FOO" } ++ { "@export" ++ { "1" = "FOO" } } + + (* Check we put quotes in when changes require them *) + test lns put "var=\"v\"\n" after rm "/foo" = +-- +1.8.4.2 + diff --git a/SOURCES/augeas-1.1.0-sysconfig-comments.patch b/SOURCES/augeas-1.1.0-sysconfig-comments.patch new file mode 100644 index 0000000..acd63ce --- /dev/null +++ b/SOURCES/augeas-1.1.0-sysconfig-comments.patch @@ -0,0 +1,43 @@ +From 92274bd3ff47d3cc4511d934dae06f16b59db7ad Mon Sep 17 00:00:00 2001 +From: Dominic Cleal +Date: Mon, 16 Dec 2013 20:45:36 +0000 +Subject: [PATCH] Sysconfig: permit empty comments after comment lines + +Fixes RHBZ#1043636 +--- + lenses/sysconfig.aug | 3 ++- + lenses/tests/test_sysconfig.aug | 4 ++++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lenses/sysconfig.aug b/lenses/sysconfig.aug +index a39d7f3..ee83af1 100644 +--- a/lenses/sysconfig.aug ++++ b/lenses/sysconfig.aug +@@ -11,7 +11,8 @@ module Sysconfig = + let key_re = Shellvars.key_re + let eq = Util.del_str "=" + +- let comment = Util.comment ++ let eol_for_comment = del /([ \t]*\n)([ \t]*(#[ \t]*)?\n)*/ "\n" ++ let comment = Util.comment_generic_seteol /[ \t]*#[ \t]*/ "# " eol_for_comment + let comment_or_eol = Shellvars.comment_or_eol + + let empty = Util.empty +diff --git a/lenses/tests/test_sysconfig.aug b/lenses/tests/test_sysconfig.aug +index 3e9356d..539ad99 100644 +--- a/lenses/tests/test_sysconfig.aug ++++ b/lenses/tests/test_sysconfig.aug +@@ -142,6 +142,10 @@ unset ONBOOT # We do not want this var + test lns put "var=v\n" after set "/var" "v\"w"= + "var='v\"w'\n" + ++ (* RHBZ#1043636: empty comment lines after comments *) ++ test lns get "#MOUNTD_NFS_V3\n#\n" = ++ { "#comment" = "MOUNTD_NFS_V3" } ++ + (* Local Variables: *) + (* mode: caml *) + (* End: *) +-- +1.8.4.2 + diff --git a/SOURCES/augeas-1.1.0-testPermsErrorReported-root.patch b/SOURCES/augeas-1.1.0-testPermsErrorReported-root.patch new file mode 100644 index 0000000..97f65a7 --- /dev/null +++ b/SOURCES/augeas-1.1.0-testPermsErrorReported-root.patch @@ -0,0 +1,38 @@ +From b0fa354ecada84f7a4fdf586c08ae99ca2dd9a65 Mon Sep 17 00:00:00 2001 +From: Dominic Cleal +Date: Mon, 2 Sep 2013 18:29:49 +0100 +Subject: [PATCH] * tests/test-load.c (testPermsErrorReported): skip + permissions test when root + +--- + tests/test-load.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/tests/test-load.c b/tests/test-load.c +index ef6c01a..fb63a62 100644 +--- a/tests/test-load.c ++++ b/tests/test-load.c +@@ -21,6 +21,8 @@ + */ + + #include ++#include ++#include + + #include "augeas.h" + +@@ -529,6 +531,11 @@ static void testParseErrorReported(CuTest *tc) { + + /* Test failed file opening is reported, e.g. EACCES */ + static void testPermsErrorReported(CuTest *tc) { ++ if (getuid() == 0) { ++ puts("pending (testPermsErrorReported): can't test permissions under root account"); ++ return; ++ } ++ + augeas *aug = NULL; + int r; + const char *s; +-- +1.8.4.2 + diff --git a/SOURCES/augeas-1.1.0-yum-cron.patch b/SOURCES/augeas-1.1.0-yum-cron.patch new file mode 100644 index 0000000..4bd183e --- /dev/null +++ b/SOURCES/augeas-1.1.0-yum-cron.patch @@ -0,0 +1,25 @@ +From f1cad0ba3df9d8231cc0651302c7b638d6fdfcb7 Mon Sep 17 00:00:00 2001 +From: Pat Riehecky +Date: Tue, 27 Aug 2013 20:03:31 +0100 +Subject: [PATCH 1/5] Yum: add yum-cron*.conf files + +(cherry picked from commit 148330ac79660e35b8726c7ec6fc8b6916c8a23e) +--- + lenses/yum.aug | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lenses/yum.aug b/lenses/yum.aug +index 31d4776..585695f 100644 +--- a/lenses/yum.aug ++++ b/lenses/yum.aug +@@ -50,6 +50,7 @@ let lns = (empty | comment)* . record* + + let filter = (incl "/etc/yum.conf") + . (incl "/etc/yum.repos.d/*") ++ . (incl "/etc/yum/yum-cron*.conf") + . (incl "/etc/yum/pluginconf.d/*") + . (excl "/etc/yum/pluginconf.d/versionlock.list") + . Util.stdexcl +-- +1.8.5.3 + diff --git a/SOURCES/augeas-1.1.0-yum-equals-space.patch b/SOURCES/augeas-1.1.0-yum-equals-space.patch new file mode 100644 index 0000000..52a2045 --- /dev/null +++ b/SOURCES/augeas-1.1.0-yum-equals-space.patch @@ -0,0 +1,50 @@ +From 897c3c97b6d70bc739eb58cee2c5430c9619ce56 Mon Sep 17 00:00:00 2001 +From: Dominic Cleal +Date: Sat, 9 Nov 2013 12:33:00 +0000 +Subject: [PATCH 4/5] Yum: permit spaces after equals sign in list options + +Fixes GitHub issue #45 + +(cherry picked from commit deb73b5f284db09e3c63f2d7698ab140e2337a3d) +--- + lenses/tests/test_yum.aug | 10 ++++++++++ + lenses/yum.aug | 2 +- + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/lenses/tests/test_yum.aug b/lenses/tests/test_yum.aug +index 660a46c..17d4ea2 100644 +--- a/lenses/tests/test_yum.aug ++++ b/lenses/tests/test_yum.aug +@@ -201,6 +201,16 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi + Check that we can parse an empty line, to fix test-save *) + test Yum.lns get "\n" = { } + ++ (* Test: Yum.lns ++ Issue #45: allow spaces around equals sign *) ++ test Yum.lns get "[rpmforge] ++name = RHEL $releasever - RPMforge.net - dag ++baseurl = http://apt.sw.be/redhat/el6/en/$basearch/rpmforge\n" = ++ { "rpmforge" ++ { "name" = "RHEL $releasever - RPMforge.net - dag" } ++ { "baseurl" = "http://apt.sw.be/redhat/el6/en/$basearch/rpmforge" } ++ } ++ + (* Local Variables: *) + (* mode: caml *) + (* End: *) +diff --git a/lenses/yum.aug b/lenses/yum.aug +index 585695f..1b13833 100644 +--- a/lenses/yum.aug ++++ b/lenses/yum.aug +@@ -19,7 +19,7 @@ let eol = IniFile.eol + let list_entry (list_key:string) = + let list_value = store /[^# \t\r\n,][^ \t\r\n,]*[^# \t\r\n,]|[^# \t\r\n,]/ in + let list_sep = del /([ \t]*(,[ \t]*|\r?\n[ \t]+))|[ \t]+/ "\n\t" in +- [ key list_key . sep . list_value ] ++ [ key list_key . sep . Sep.opt_space . list_value ] + . (list_sep . Build.opt_list [ label list_key . list_value ] list_sep)? + . eol + +-- +1.8.5.3 + diff --git a/SOURCES/augeas-1.1.0-yum-exclude.patch b/SOURCES/augeas-1.1.0-yum-exclude.patch new file mode 100644 index 0000000..89c94b7 --- /dev/null +++ b/SOURCES/augeas-1.1.0-yum-exclude.patch @@ -0,0 +1,231 @@ +From 50792ee989e81b52ed886be967843d85433f0ce5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Rapha=C3=ABl=20Pinson?= +Date: Tue, 3 Dec 2013 10:11:38 +0100 +Subject: [PATCH] Yum.lns: simplify code for combinatory logic of list_entry + elements + +(cherry picked from commit 9c645afbde88a2bdb5f8b139fde44968b019234c) + +Build: Add combinatorics group + +(cherry picked from commit 3f57641d8df3ed1edf89cd7641c4c6e84c3a3429) + +Yum.lns: split excludes as lists (ticket #275) + +(cherry picked from commit c16ccfd64045cb5f9c8793bc7589fc80fc027064) +--- + lenses/build.aug | 57 +++++++++++++++++++++++++++++++++++ + lenses/tests/test_build.aug | 73 +++++++++++++++++++++++++++++++++++++++++++++ + lenses/tests/test_yum.aug | 11 +++++++ + lenses/yum.aug | 16 +++++----- + 4 files changed, 149 insertions(+), 8 deletions(-) + +diff --git a/lenses/build.aug b/lenses/build.aug +index 2e57356..efc8814 100644 +--- a/lenses/build.aug ++++ b/lenses/build.aug +@@ -298,3 +298,60 @@ let block_newlines (entry:lens) (comment:lens) = + ************************************************************************) + let named_block (kw:regexp) (entry:lens) = [ key kw . block entry . eol ] + ++ ++(************************************************************************ ++ * Group: COMBINATORICS ++ ************************************************************************) ++ ++(************************************************************************ ++ * View: combine_two_opt_ord ++ * Combine two lenses optionally, ensuring first lens is first ++ * (a, and optionally b) ++ * ++ * Parameters: ++ * a:lens - the first lens ++ * b:lens - the second lens ++ ************************************************************************) ++let combine_two_opt_ord (a:lens) (b:lens) = a . b? ++ ++(************************************************************************ ++ * View: combine_two_opt ++ * Combine two lenses optionally ++ * (either a, b, or both, in any order) ++ * ++ * Parameters: ++ * a:lens - the first lens ++ * b:lens - the second lens ++ ************************************************************************) ++let combine_two_opt (a:lens) (b:lens) = ++ combine_two_opt_ord a b | combine_two_opt_ord b a ++ ++ ++(************************************************************************ ++ * View: combine_three_opt_ord ++ * Combine three lenses optionally, ensuring first lens is first ++ * (a followed by either b, c, or any of them, in any order) ++ * ++ * Parameters: ++ * a:lens - the first lens ++ * b:lens - the second lens ++ * c:lens - the third lens ++ ************************************************************************) ++let combine_three_opt_ord (a:lens) (b:lens) (c:lens) = ++ combine_two_opt_ord a (combine_two_opt b c) ++ ++(************************************************************************ ++ * View: combine_three_opt ++ * Combine three lenses optionally ++ * (either a, b, c, or any of them, in any order) ++ * ++ * Parameters: ++ * a:lens - the first lens ++ * b:lens - the second lens ++ * c:lens - the third lens ++ ************************************************************************) ++let combine_three_opt (a:lens) (b:lens) (c:lens) = ++ combine_three_opt_ord a b c ++ | combine_three_opt_ord b a c ++ | combine_three_opt_ord c b a ++ +diff --git a/lenses/tests/test_build.aug b/lenses/tests/test_build.aug +index b9b09fa..bc565f3 100644 +--- a/lenses/tests/test_build.aug ++++ b/lenses/tests/test_build.aug +@@ -174,3 +174,76 @@ test logrotate_block get "/var/log/wtmp\n/var/log/wtmp2\n{ + { "monthly" } + } + ++ ++(************************************************************************ ++ * Group: COMBINATORICS ++ ************************************************************************) ++ ++(* View: combine_two_opt ++ A minimalistic optional combination lens *) ++let combine_two_opt = ++ let entry (k:string) = [ key k ] ++ in Build.combine_two_opt (entry "a") (entry "b") ++ ++(* Test: combine_two_opt ++ Should parse ab *) ++test combine_two_opt get "ab" = { "a" } { "b" } ++ ++(* Test: combine_two_opt ++ Should parse ba *) ++test combine_two_opt get "ba" = { "b" } { "a" } ++ ++(* Test: combine_two_opt ++ Should parse a *) ++test combine_two_opt get "a" = { "a" } ++ ++(* Test: combine_two_opt ++ Should parse b *) ++test combine_two_opt get "b" = { "b" } ++ ++(* Test: combine_two_opt ++ Should not parse aa *) ++test combine_two_opt get "aa" = * ++ ++(* Test: combine_two_opt ++ Should not parse bb *) ++test combine_two_opt get "bb" = * ++ ++ ++(* View: combine_three_opt ++ A minimalistic optional combination lens *) ++let combine_three_opt = ++ let entry (k:string) = [ key k ] ++ in Build.combine_three_opt (entry "a") (entry "b") (entry "c") ++ ++(* Test: combine_three_opt ++ Should parse ab *) ++test combine_three_opt get "ab" = { "a" } { "b" } ++ ++(* Test: combine_three_opt ++ Should parse ba *) ++test combine_three_opt get "ba" = { "b" } { "a" } ++ ++(* Test: combine_three_opt ++ Should parse a *) ++test combine_three_opt get "a" = { "a" } ++ ++(* Test: combine_three_opt ++ Should parse b *) ++test combine_three_opt get "b" = { "b" } ++ ++(* Test: combine_three_opt ++ Should not parse aa *) ++test combine_three_opt get "aa" = * ++ ++(* Test: combine_three_opt ++ Should not parse bbc *) ++test combine_three_opt get "bbc" = * ++ ++(* Test: combine_three_opt ++ Should parse abc *) ++test combine_three_opt get "abc" = { "a" } { "b" } { "c" } ++ ++(* Test: combine_three_opt ++ Should parse cab *) ++test combine_three_opt get "cab" = { "c" } { "a" } { "b" } +diff --git a/lenses/tests/test_yum.aug b/lenses/tests/test_yum.aug +index 17d4ea2..2688182 100644 +--- a/lenses/tests/test_yum.aug ++++ b/lenses/tests/test_yum.aug +@@ -211,6 +211,17 @@ baseurl = http://apt.sw.be/redhat/el6/en/$basearch/rpmforge\n" = + { "baseurl" = "http://apt.sw.be/redhat/el6/en/$basearch/rpmforge" } + } + ++ (* Test: Yum.lns ++ Issue #275: parse excludes as a list *) ++ test Yum.lns get "[epel] ++name=Extra Packages for Enterprise Linux 6 - $basearch ++exclude=ocs* clamav* ++" = ++ { "epel" ++ { "name" = "Extra Packages for Enterprise Linux 6 - $basearch" } ++ { "exclude" = "ocs*" } ++ { "exclude" = "clamav*" } } ++ + (* Local Variables: *) + (* mode: caml *) + (* End: *) +diff --git a/lenses/yum.aug b/lenses/yum.aug +index 1b13833..030d944 100644 +--- a/lenses/yum.aug ++++ b/lenses/yum.aug +@@ -11,7 +11,6 @@ let sep = IniFile.sep "=" "=" + let empty = Util.empty + let eol = IniFile.eol + +- + (************************************************************************ + * ENTRY + *************************************************************************) +@@ -23,17 +22,18 @@ let list_entry (list_key:string) = + . (list_sep . Build.opt_list [ label list_key . list_value ] list_sep)? + . eol + +-let entry_re = IniFile.entry_re - ("baseurl" | "gpgkey") ++let entry_re = IniFile.entry_re - ("baseurl" | "gpgkey" | "exclude") + + let entry = IniFile.entry entry_re sep comment + | empty + +-let entries = entry* +- | entry* . list_entry "baseurl" . entry* +- | entry* . list_entry "gpgkey" . entry* +- | entry* . list_entry "baseurl" . entry* . list_entry "gpgkey" . entry* +- | entry* . list_entry "gpgkey" . entry* . list_entry "baseurl" . entry* +- ++let entries = ++ let list_entry_elem (k:string) = list_entry k . entry* ++ in entry* ++ | entry* . Build.combine_three_opt ++ (list_entry_elem "baseurl") ++ (list_entry_elem "gpgkey") ++ (list_entry_elem "exclude") + + + (***********************************************************************a +-- +1.8.5.3 + diff --git a/SPECS/augeas.spec b/SPECS/augeas.spec index e60ac47..5babf0e 100644 --- a/SPECS/augeas.spec +++ b/SPECS/augeas.spec @@ -1,6 +1,6 @@ Name: augeas Version: 1.1.0 -Release: 3%{?dist} +Release: 12%{?dist} Summary: A library for changing configuration files Group: System Environment/Libraries @@ -11,6 +11,54 @@ Source0: http://download.augeas.net/%{name}-%{version}.tar.gz # RHBZ#1019485: Grub module setkey/lock support Patch1: augeas-1.1.0-grub-setkey.patch +# RHBZ#1031084: transform.c, save files with // in incl path +Patch2: augeas-1.1.0-incl-double-slash.patch + +# RHBZ#1043665: Sysconfig module empty comment support +Patch3: augeas-1.1.0-sysconfig-comments.patch + +# RHBZ#1043666: testPermsErrorReported, fix when running as root +Patch4: augeas-1.1.0-testPermsErrorReported-root.patch + +# RHBZ#1043815: Shellvars module multivariable exports +Patch5: augeas-1.1.0-shellvars-multi-export.patch + +# RHBZ#1036081: CVE-2013-6412, fix strict umask handling, f5b4fc0c +Patch6: augeas-1.1.0-cve-2013-6412-umask.patch + +# RHBZ#1058409: Yum module, yum-cron incl entry +Patch7: augeas-1.1.0-yum-cron.patch + +# RHBZ#1058411: Shellvars, firewalld.conf incl entry +Patch8: augeas-1.1.0-shellvars-firewalld.patch + +# RHBZ#1059426: Grub module foreground option +Patch9: augeas-1.1.0-grub-foreground.patch + +# RHBZ#1062614: Yum module, spaces around equals +Patch10: augeas-1.1.0-yum-equals-space.patch + +# RHBZ#1056541: Shellvars module, case and same-line ;; +Patch11: augeas-1.1.0-shellvars-case-semicolons.patch + +# RHBZ#1063961: IPRoute2 module, hex IDs and hyphens in protocols +Patch12: augeas-1.1.0-iproute2-dsfield-hex.patch + +# RHBZ#1063968: IPRoute2 module, slash in protocols +Patch13: augeas-1.1.0-iproute2-protos-slash.patch + +# RHBZ#1067039: Yum module, slash in protocols +Patch14: augeas-1.1.0-yum-exclude.patch + +# RHBZ#1064387: Dovecot module, mailbox and quote support +Patch15: augeas-1.1.0-dovecot-mailbox.patch + +# RHBZ#1064388: Keepalived module, virtual server fixes +Patch16: augeas-1.1.0-keepalived-virtual-servers.patch + +# RHBZ#1066419: Krb5 module, parse braces in values +Patch17: augeas-1.1.0-krb5-braces.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: readline-devel libselinux-devel libxml2-devel @@ -48,11 +96,41 @@ The libraries for %{name}. %prep %setup -q %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 %build %configure --disable-static make %{?_smp_mflags} +%check +# Disable test-preserve.sh. This fails when run under mock due to differing +# SELinux labelling. +cat > tests/test-preserve.sh < - +* Tue Feb 25 2014 Dominic Cleal - 1.1.0-12 +- Add patch for Dovecot, mailbox and quote support (RHBZ#1064387) +- Add patch for Keepalived, virtual server fixes (RHBZ#1064388) +- Add patch for Krb5, parse braces in values (RHBZ#1066419) + +* Thu Feb 20 2014 Dominic Cleal - 1.1.0-11 +- Add patch for Yum, split exclude lines (RHBZ#1067039) + +* Tue Feb 18 2014 Dominic Cleal - 1.1.0-10 +- Add patch for IPRoute2, hex and hyphen protocols (RHBZ#1063961) +- Add patch for IPRoute2, slashes in protocols (RHBZ#1063968) + +* Mon Feb 10 2014 Dominic Cleal - 1.1.0-9 +- Add patch for yum-cron.conf incl entry (RHBZ#1058409) +- Add patch for firewalld.conf incl entry (RHBZ#1058411) +- Add patch for Grub, foreground option (RHBZ#1059426) +- Add patch for Yum, spaces around equals (RHBZ#1062614) +- Add patch for Shellvars, case and same-line ;; (RHBZ#1056541) + +* Fri Jan 24 2014 Daniel Mach - 1.1.0-8 +- Mass rebuild 2014-01-24 + +* Tue Jan 14 2014 Dominic Cleal - 1.1.0-7 +- Fix CVE-2013-6412, incorrect permissions under strict umask (RHBZ#1036081) + +* Thu Jan 02 2014 Dominic Cleal - 1.1.0-6 +- Add patch for Sysconfig module, empty comment lines (RHBZ#1043665) +- Add check section to run test suite +- Add patch for testPermsErrorReported test, when root (RHBZ#1043666) +- Add patch for Shellvars, multivariable exports (RHBZ#1043815) + +* Fri Dec 27 2013 Daniel Mach - 1.1.0-5 +- Mass rebuild 2013-12-27 + +* Tue Nov 19 2013 Dominic Cleal - 1.1.0-4 +- Add patch for saving files with // in incl path (RHBZ#1031084) + +* Tue Oct 22 2013 Dominic Cleal - 1.1.0-3 - Add patch for Grub module, setkey/lock support (RHBZ#1019485) * Mon Aug 12 2013 Dominic Cleal - 1.1.0-2