diff --git a/.gitignore b/.gitignore index d6c38c9..aea146d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/man-pages-overrides-7.2.4.tar.xz +SOURCES/man-pages-overrides-7.3.2.tar.xz diff --git a/.man-pages-overrides.metadata b/.man-pages-overrides.metadata index 2d878a8..9e7c618 100644 --- a/.man-pages-overrides.metadata +++ b/.man-pages-overrides.metadata @@ -1 +1 @@ -7362836c75a6642e1f734390c9eb1508d6457055 SOURCES/man-pages-overrides-7.2.4.tar.xz +84f8c9534ffca920566274aba0e21680771368da SOURCES/man-pages-overrides-7.3.2.tar.xz diff --git a/SOURCES/1040023-mpo-7.1.0-vsftpd.conf.5.patch b/SOURCES/1040023-mpo-7.1.0-vsftpd.conf.5.patch deleted file mode 100644 index 0ca5889..0000000 --- a/SOURCES/1040023-mpo-7.1.0-vsftpd.conf.5.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 4791555e8a50922a5599658ca2afb6a2cf37d2f3 Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Tue, 30 Sep 2014 14:44:11 +0200 -Subject: [PATCH] vsftpd.conf.5 typo ssl_request_cert - ---- - vsftpd/man5/vsftpd.conf.5 | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/vsftpd/man5/vsftpd.conf.5 b/vsftpd/man5/vsftpd.conf.5 -index 72bb86f..08aaf81 100644 ---- a/vsftpd/man5/vsftpd.conf.5 -+++ b/vsftpd/man5/vsftpd.conf.5 -@@ -486,7 +486,8 @@ Default: NO - .TP - .B ssl_request_cert - If enabled, vsftpd will request (but not necessarily require; see --.BR require_cert) a certificate on incoming SSL connections. Normally this -+.BR require_cert ) -+a certificate on incoming SSL connections. Normally this - should not cause any trouble at all, but IBM zOS seems to have issues. - (New in v2.0.7). - --- -1.9.3 - diff --git a/SOURCES/1104994-mpo-7.1.0-vsfptd.conf.5-missing-isolate-options.patch b/SOURCES/1104994-mpo-7.1.0-vsfptd.conf.5-missing-isolate-options.patch deleted file mode 100644 index 2292201..0000000 --- a/SOURCES/1104994-mpo-7.1.0-vsfptd.conf.5-missing-isolate-options.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 0ea5c7fdb4be3d2f5cc45253dcafd29856fd9e33 Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Mon, 29 Sep 2014 21:35:56 +0200 -Subject: [PATCH] vsftpd.5 isolate_* options - ---- - vsftpd/man5/vsftpd.conf.5 | 22 +++++++++++++++++++--- - 1 file changed, 19 insertions(+), 3 deletions(-) - -diff --git a/vsftpd/man5/vsftpd.conf.5 b/vsftpd/man5/vsftpd.conf.5 -index 08aaf81..3aed7fc 100644 ---- a/vsftpd/man5/vsftpd.conf.5 -+++ b/vsftpd/man5/vsftpd.conf.5 -@@ -644,6 +644,21 @@ change it with the setting - .BR xferlog_file . - - Default: NO -+.TP -+.B isolate_network -+If enabled, use CLONE_NEWNET to isolate the untrusted processes so that -+they can't do arbitrary connect() and instead have to ask the privileged -+process for sockets ( -+.BR port_promiscuous -+have to be disabled). -+ -+Default: YES -+.TP -+.B isolate -+If enabled, use CLONE_NEWPID and CLONE_NEWIPC to isolate processes to their -+ipc and pid namespaces. So separated processes can not interact with each other. -+ -+Default: YES - - .SH NUMERIC OPTIONS - Below is a list of numeric options. A numeric option must be set to a non -@@ -741,8 +756,9 @@ Default: 077 - .B max_clients - If vsftpd is in standalone mode, this is the maximum number of clients which - may be connected. Any additional clients connecting will get an error message. -+The value 0 switches off the limit. - --Default: 0 (unlimited) -+Default: 2000 - .TP - .B max_login_fails - After this many login failures, the session is killed. -@@ -752,9 +768,9 @@ Default: 3 - .B max_per_ip - If vsftpd is in standalone mode, this is the maximum number of clients which - may be connected from the same source internet address. A client will get an --error message if they go over this limit. -+error message if they go over this limit. The value 0 switches off the limit. - --Default: 0 (unlimited) -+Default: 50 - .TP - .B pasv_max_port - The maximum port to allocate for PASV style data connections. Can be used to --- -1.9.3 - diff --git a/SOURCES/1112307-mpo-7.3.0-cciss.4.patch b/SOURCES/1112307-mpo-7.3.0-cciss.4.patch new file mode 100644 index 0000000..34fed1b --- /dev/null +++ b/SOURCES/1112307-mpo-7.3.0-cciss.4.patch @@ -0,0 +1,378 @@ +From 25067420ac8b316f3cd3710bb57e85c5e3bd7c62 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 10:57:31 +0200 +Subject: [PATCH 01/17] cciss.4: replace man page content with notice about + driver removal + +--- + man-pages/man4/cciss.4 | 347 +------------------------------------------------ + 1 file changed, 6 insertions(+), 341 deletions(-) + +diff --git a/man-pages/man4/cciss.4 b/man-pages/man4/cciss.4 +index e9d64ee..a2320de 100644 +--- a/man-pages/man4/cciss.4 ++++ b/man-pages/man4/cciss.4 +@@ -10,354 +10,19 @@ + .TH CCISS 4 2012-08-05 "Linux" "Linux Programmer's Manual" + .SH NAME + cciss \- HP Smart Array block driver +-.SH SYNOPSIS +-.nf +-modprobe cciss [ cciss_allow_hpsa=1 ] +-.fi + .SH DESCRIPTION +-.B cciss +-is a block driver for older HP Smart Array RAID controllers. +-.SS Options +-.IR "cciss_allow_hpsa=1" : +-This option prevents the +-.B cciss +-driver from attempting to drive any controllers that the +-.BR hpsa (4) +-driver is capable of controlling, which is to say, the +-.B cciss +-driver is restricted by this option to the following controllers: +-.nf +- +- Smart Array 5300 +- Smart Array 5i +- Smart Array 532 +- Smart Array 5312 +- Smart Array 641 +- Smart Array 642 +- Smart Array 6400 +- Smart Array 6400 EM +- Smart Array 6i +- Smart Array P600 +- Smart Array P400i +- Smart Array E200i +- Smart Array E200 +- Smart Array E200i +- Smart Array E200i +- Smart Array E200i +- Smart Array E500 +-.fi +-.SS Supported hardware + The + .B cciss +-driver supports the following Smart Array boards: +-.nf +- +- Smart Array 5300 +- Smart Array 5i +- Smart Array 532 +- Smart Array 5312 +- Smart Array 641 +- Smart Array 642 +- Smart Array 6400 +- Smart Array 6400 U320 Expansion Module +- Smart Array 6i +- Smart Array P600 +- Smart Array P800 +- Smart Array E400 +- Smart Array P400i +- Smart Array E200 +- Smart Array E200i +- Smart Array E500 +- Smart Array P700m +- Smart Array P212 +- Smart Array P410 +- Smart Array P410i +- Smart Array P411 +- Smart Array P812 +- Smart Array P712m +- Smart Array P711m +-.fi +-.SS Configuration details +-To configure HP Smart Array controllers, +-use the HP Array Configuration Utility +-(either +-.BR hpacuxe (8) +-or +-.BR hpacucli (8)) +-or the Offline ROM-based Configuration Utility (ORCA) +-run from the Smart Array's option ROM at boot time. +-.SH FILES +-.SS Device nodes +-The device naming scheme is as follows: +-.nf +- +-Major numbers: +- +- 104 cciss0 +- 105 cciss1 +- 106 cciss2 +- 105 cciss3 +- 108 cciss4 +- 109 cciss5 +- 110 cciss6 +- 111 cciss7 +- +-Minor numbers: +- +- b7 b6 b5 b4 b3 b2 b1 b0 +- |----+----| |----+----| +- | | +- | +-------- Partition ID (0=wholedev, 1-15 partition) +- | +- +-------------------- Logical Volume number +- +-The device naming scheme is: +- +- /dev/cciss/c0d0 Controller 0, disk 0, whole device +- /dev/cciss/c0d0p1 Controller 0, disk 0, partition 1 +- /dev/cciss/c0d0p2 Controller 0, disk 0, partition 2 +- /dev/cciss/c0d0p3 Controller 0, disk 0, partition 3 +- +- /dev/cciss/c1d1 Controller 1, disk 1, whole device +- /dev/cciss/c1d1p1 Controller 1, disk 1, partition 1 +- /dev/cciss/c1d1p2 Controller 1, disk 1, partition 2 +- /dev/cciss/c1d1p3 Controller 1, disk 1, partition 3 +-.fi +-.SS Files in /proc +-The files +-.I /proc/driver/cciss/cciss[0-9]+ +-contain information about +-the configuration of each controller. +-For example: +-.nf +- +- $ \fBcd /proc/driver/cciss\fP +- $ \fBls -l\fP +- total 0 +- -rw-r--r-- 1 root root 0 2010-09-10 10:38 cciss0 +- -rw-r--r-- 1 root root 0 2010-09-10 10:38 cciss1 +- -rw-r--r-- 1 root root 0 2010-09-10 10:38 cciss2 +- $ \fBcat cciss2\fP +- cciss2: HP Smart Array P800 Controller +- Board ID: 0x3223103c +- Firmware Version: 7.14 +- IRQ: 16 +- Logical drives: 1 +- Current Q depth: 0 +- Current # commands on controller: 0 +- Max Q depth since init: 1 +- Max # commands on controller since init: 2 +- Max SG entries since init: 32 +- Sequential access devices: 0 +- +- cciss/c2d0: 36.38GB RAID 0 +-.fi +-.SS Files in /sys +-.TP +-.I /sys/bus/pci/devices//ccissX/cXdY/model +-Displays the SCSI INQUIRY page 0 model for logical drive +-.I Y +-of controller +-.IR X . +-.TP +-.I /sys/bus/pci/devices//ccissX/cXdY/rev +-Displays the SCSI INQUIRY page 0 revision for logical drive +-.I Y +-of controller +-.IR X . +-.TP +-.I /sys/bus/pci/devices//ccissX/cXdY/unique_id +-Displays the SCSI INQUIRY page 83 serial number for logical drive +-.I Y +-of controller +-.IR X . +-.TP +-.I /sys/bus/pci/devices//ccissX/cXdY/vendor +-Displays the SCSI INQUIRY page 0 vendor for logical drive +-.I Y +-of controller +-.IR X . +-.TP +-.I /sys/bus/pci/devices//ccissX/cXdY/block:cciss!cXdY +-A symbolic link to +-.IR /sys/block/cciss!cXdY . +-.TP +-.I /sys/bus/pci/devices//ccissX/rescan +-When this file is written to, the driver rescans the controller +-to discover any new, removed, or modified logical drives. +-.TP +-.I /sys/bus/pci/devices//ccissX/resettable +-A value of 1 displayed in this file indicates that +-the "reset_devices=1" kernel parameter (used by +-.BR kdump ) +-is honored by this controller. +-A value of 0 indicates that the +-"reset_devices=1" kernel parameter will not be honored. +-Some models of Smart Array are not able to honor this parameter. +-.TP +-.I /sys/bus/pci/devices//ccissX/cXdY/lunid +-Displays the 8-byte LUN ID used to address logical drive +-.I Y +-of controller +-.IR X . +-.TP +-.I /sys/bus/pci/devices//ccissX/cXdY/raid_level +-Displays the RAID level of logical drive +-.I Y +-of controller +-.IR X . +-.TP +-.I /sys/bus/pci/devices//ccissX/cXdY/usage_count +-Displays the usage count (number of opens) of logical drive +-.I Y +-of controller +-.IR X . +-.SS SCSI tape drive and medium changer support +-SCSI sequential access devices and medium changer devices are supported and +-appropriate device nodes are automatically created (e.g., +-.IR /dev/st0 , +-.IR /dev/st1 , +-etc.; see +-.BR st (4) +-for more details.) +-You must enable "SCSI tape drive support for Smart Array 5xxx" and +-"SCSI support" in your kernel configuration to be able to use SCSI +-tape drives with your Smart Array 5xxx controller. +- +-Additionally, note that the driver will not engage the SCSI core at +-init time. +-The driver must be directed to dynamically engage the SCSI core via +-the /proc file-system entry, +-which the "block" side of the driver creates as +-.I /proc/driver/cciss/cciss* +-at run time. +-This is because at driver init time, +-the SCSI core may not yet be initialized (because the driver is a block +-driver) and attempting to register it with the SCSI core in such a case +-would cause a hang. +-This is best done via an initialization script +-(typically in +-.IR /etc/init.d , +-but could vary depending on distribution). +-For example: +-.nf +- +- for x in /proc/driver/cciss/cciss[0-9]* +- do +- echo "engage scsi" > $x +- done +- +-.fi +-Once the SCSI core is engaged by the driver, it cannot be disengaged +-(except by unloading the driver, if it happens to be linked as a module.) +- +-Note also that if no sequential access devices or medium changers are +-detected, the SCSI core will not be engaged by the action of the above +-script. +-.SS Hot plug support for SCSI tape drives +-Hot plugging of SCSI tape drives is supported, with some caveats. +-The +-.B cciss +-driver must be informed that changes to the SCSI bus +-have been made. +-This may be done via the /proc file system. +-For example: +- +- echo "rescan" > /proc/scsi/cciss0/1 +- +-This causes the driver to: +-.RS +-.IP 1. 3 +-query the adapter about changes to the +-physical SCSI buses and/or fibre channel arbitrated loop, and +-.IP 2. +-make note of any new or removed sequential access devices +-or medium changers. +-.RE +-.LP +-The driver will output messages indicating which +-devices have been added or removed and the controller, bus, target and +-lun used to address each device. +-The driver then notifies the SCSI midlayer +-of these changes. +- +-Note that the naming convention of the /proc file-system entries +-contains a number in addition to the driver name +-(e.g., "cciss0" +-instead of just "cciss", which you might expect). +- +-Note: +-.I Only +-sequential access devices and medium changers are presented +-as SCSI devices to the SCSI midlayer by the +-.B cciss +-driver. +-Specifically, physical SCSI disk drives are +-.I not +-presented to the SCSI midlayer. +-The only disk devices that are presented to the kernel are logical +-drives that the array controller constructs from regions on +-the physical drives. +-The logical drives are presented to the block layer +-(not to the SCSI midlayer). +-It is important for the driver to prevent the kernel from accessing the +-physical drives directly, since these drives are used by the array +-controller to construct the logical drives. +-.SS SCSI error handling for tape drives and medium changers +-The Linux SCSI midlayer provides an error-handling protocol that +-is initiated whenever a SCSI command fails to complete within a +-certain amount of time (which can vary depending on the command). +-The +-.B cciss +-driver participates in this protocol to some extent. +-The normal protocol is a four-step process: +-.IP * 3 +-First, the device is told to abort the command. +-.IP * +-If that doesn't work, the device is reset. +-.IP * +-If that doesn't work, the SCSI bus is reset. +-.IP * +-If that doesn't work the host bus adapter is reset. +-.LP +-The +-.B cciss +-driver is a block +-driver as well as a SCSI driver and only the tape drives and medium +-changers are presented to the SCSI midlayer +-Furthermore, unlike more +-straightforward SCSI drivers, disk I/O continues through the block +-side during the SCSI error-recovery process +-Therefore, the +-.B cciss +-driver implements only the first two of these actions, +-aborting the command, and resetting the device. +-Note also that most tape drives will not oblige +-in aborting commands, and sometimes it appears they will not even +-obey a reset command, though in most circumstances they will. +-If the command cannot be aborted and the device cannot be +-reset, the device will be set offline. +- +-In the event that the error-handling code is triggered and a tape drive is +-successfully reset or the tardy command is successfully aborted, the +-tape drive may still not allow I/O to continue until some command +-is issued that positions the tape to a known position. +-Typically you must rewind the tape (by issuing +-.I "mt -f /dev/st0 rewind" +-for example) before I/O can proceed again to a tape drive that was reset. ++driver has been removed from RHEL-7. ++Details can be found in RHEL-7.0 Release Notes. ++Please use ++.BR hpsa (4) ++instead. + .SH SEE ALSO + .BR cciss_vol_status (8), + .BR hpsa (4), + .BR hpacucli (8), +-.BR hpacuxe (8), +- +-.UR http://cciss.sf.net +-.UE , +-and +-.I Documentation/blockdev/cciss.txt +-and +-.I Documentation/ABI/testing/sysfs-bus-pci-devices-cciss +-in the Linux kernel source tree ++.BR hpacuxe (8) + .\" .SH AUTHORS + .\" Don Brace, Steve Cameron, Chase Maupin, Mike Miller, Michael Ni, + .\" Charles White, Francis Wiran +-- +2.7.4 + diff --git a/SOURCES/1131939-mpo-7.1.0-charsets.7-nl_langinfo.3.patch b/SOURCES/1131939-mpo-7.1.0-charsets.7-nl_langinfo.3.patch index d116115..b43b091 100644 --- a/SOURCES/1131939-mpo-7.1.0-charsets.7-nl_langinfo.3.patch +++ b/SOURCES/1131939-mpo-7.1.0-charsets.7-nl_langinfo.3.patch @@ -30,10 +30,10 @@ diff --git a/man-pages/man7/charsets.7 b/man-pages/man7/charsets.7 index 05ff56c..45fd5ad 100644 --- a/man-pages/man7/charsets.7 +++ b/man-pages/man7/charsets.7 -@@ -37,6 +37,8 @@ A complete list of charsets used in an officially supported locale in glibc - KOI8-{R,U}, GB2312, GB18030, GBK, BIG5, BIG5-HKSCS and TIS-620 (in no - particular order.) - (Romanian may be switching to ISO-8859-16.) +@@ -29,6 +29,8 @@ ASCII, GB 2312, ISO 8859, JIS, KOI8-R, KS, and Unicode. + The primary emphasis is on character sets that were actually used by + locale character sets, not the myriad others that could be found in data + from other systems. +.LP +The recommended encoding in all settings and locales is UTF-8. .SS ASCII diff --git a/SOURCES/1140589-mpo-7.1.0-wget.1.patch b/SOURCES/1140589-mpo-7.1.0-wget.1.patch deleted file mode 100644 index 570012c..0000000 --- a/SOURCES/1140589-mpo-7.1.0-wget.1.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 7205b4c6e6c65e1363ed920162e2f00d28c03a73 Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Mon, 29 Sep 2014 23:30:25 +0200 -Subject: [PATCH] remove -nv option from --report-speed - ---- - wget/man1/wget.1 | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/wget/man1/wget.1 b/wget/man1/wget.1 -index 010344c..f33512a 100644 ---- a/wget/man1/wget.1 -+++ b/wget/man1/wget.1 -@@ -329,9 +329,6 @@ is verbose. - Turn off verbose without being completely quiet (use \fB\-q\fR for - that), which means that error messages and basic information still get - printed. --.IP "\fB\-nv\fR" 4 --.IX Item "-nv" --.PD 0 - .IP "\fB\-\-report\-speed=\fR\fItype\fR" 4 - .IX Item "--report-speed=type" - .PD --- -1.9.3 - diff --git a/SOURCES/1146259-mpo-7.1.0-xinetd.8.patch b/SOURCES/1146259-mpo-7.1.0-xinetd.8.patch deleted file mode 100644 index 8cc4135..0000000 --- a/SOURCES/1146259-mpo-7.1.0-xinetd.8.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0c22d198fb32b2d516d0dfa05874f046a06f4659 Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Mon, 29 Sep 2014 20:48:26 +0200 -Subject: [PATCH] xinetd.8 reload termination handling - ---- - xinetd/man8/xinetd.8 | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/xinetd/man8/xinetd.8 b/xinetd/man8/xinetd.8 -index d3b900d..c367f9c 100644 ---- a/xinetd/man8/xinetd.8 -+++ b/xinetd/man8/xinetd.8 -@@ -45,6 +45,12 @@ provide features such as access control and logging. Furthermore, - .I /etc/services. - Therefore, anybody can use \fBxinetd\fP to start special-purpose - servers. -+.LP -+BEWARE of xinetd reload termination handling. -+For services with type = INTERNAL, SIGTERM signal will be sent. -+For services without type = INTERNAL, SIGKILL signall will be sent. -+Take this into an account when dealing with proper handling of the SIGTERM and SIGKILL. -+It is important to be aware of this as your xinetd service could be killed on a xinetd reload. - .\" *************************** OPTIONS ********************************* - .SH OPTIONS - .TP --- -1.9.3 - diff --git a/SOURCES/1155977-mpo-7.2-stunnel.8.patch b/SOURCES/1155977-mpo-7.2-stunnel.8.patch deleted file mode 100644 index 12ff12b..0000000 --- a/SOURCES/1155977-mpo-7.2-stunnel.8.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 0428dd1df983e9f3e454262f449d25f04143f492 Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Tue, 26 May 2015 15:24:52 +0200 -Subject: [PATCH] fix wrong usage of the accept/connect options in stunnel.8 - ---- - stunnel/man8/stunnel.8 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/stunnel/man8/stunnel.8 b/stunnel/man8/stunnel.8 -index 80befd9..c92b7a3 100644 ---- a/stunnel/man8/stunnel.8 -+++ b/stunnel/man8/stunnel.8 -@@ -345,7 +345,7 @@ If no host specified, defaults to all IPv4 addresses for the local host. - To listen on all IPv6 addresses use: - .Sp - .Vb 1 --\& connect = :::port -+\& accept = :::port - .Ve - .IP "\fBCApath\fR = directory" 4 - .IX Item "CApath = directory" --- -1.9.3 - diff --git a/SOURCES/1164846-mpo-7.2.1-fix-dump-utmp-name-in-dump-utmp.8.patch b/SOURCES/1164846-mpo-7.2.1-fix-dump-utmp-name-in-dump-utmp.8.patch deleted file mode 100644 index 1641248..0000000 --- a/SOURCES/1164846-mpo-7.2.1-fix-dump-utmp-name-in-dump-utmp.8.patch +++ /dev/null @@ -1,34 +0,0 @@ -From ea27dd4467c1e57a7128f99a94c22380a0303fbf Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Wed, 8 Jul 2015 10:40:21 +0200 -Subject: [PATCH] fix dump-utmp name in dump-utmp.8 - ---- - psacct/man8/dump-utmp.8 | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/psacct/man8/dump-utmp.8 b/psacct/man8/dump-utmp.8 -index 829031f..fc4fad2 100644 ---- a/psacct/man8/dump-utmp.8 -+++ b/psacct/man8/dump-utmp.8 -@@ -4,7 +4,7 @@ - dump-utmp \- print an utmp file in human-readable format. - - .SH SYNOPSIS --.B dump-acct -+.B dump-utmp - .RB [\| \-r \||\| \-\-reverse \|] - .RB [\| \-R \||\| \-\-raw \|] - .RB [\| \-n \||\| \-\-num -@@ -14,7 +14,7 @@ dump-utmp \- print an utmp file in human-readable format. - .IR files \|] - - .SH DESCRIPTION --.B dump-acct -+.B dump-utmp - .I filename - prints a list of all logins. This list is usually written in - .IR /var/log/wtmp . --- -1.9.3 - diff --git a/SOURCES/1181670-mpo-7.3.0-libpaf-dsc.3-libpaf-ebb.3.patch b/SOURCES/1181670-mpo-7.3.0-libpaf-dsc.3-libpaf-ebb.3.patch new file mode 100644 index 0000000..ddcfad6 --- /dev/null +++ b/SOURCES/1181670-mpo-7.3.0-libpaf-dsc.3-libpaf-ebb.3.patch @@ -0,0 +1,100 @@ +From 489df948529168392fcf990c68724c03fb9164f2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 11:10:13 +0200 +Subject: [PATCH 02/17] libpaf-dsc.3, libpaf-ebb.3: fix formatting and examples + +--- + paflib/man3/libpaf-dsc.3 | 18 ++++++------------ + paflib/man3/libpaf-ebb.3 | 4 ++-- + 2 files changed, 8 insertions(+), 14 deletions(-) + +diff --git a/paflib/man3/libpaf-dsc.3 b/paflib/man3/libpaf-dsc.3 +index 201441f..e1c4ae4 100644 +--- a/paflib/man3/libpaf-dsc.3 ++++ b/paflib/man3/libpaf-dsc.3 +@@ -52,47 +52,40 @@ available on Power Architecture. This register follows the layout specified in + the corresponding Power ISA, with the following defined flags. + + These are features supported by Power ISA 2.05: +-.TP ++.LP + .IP \[bu] 2 + .BR DSCR_SSE + Store Stream Enable. + +-.PP ++.LP + These features were added on Power ISA 2.06: +-.TP + .IP \[bu] 2 + .BR DSCR_SNSE + Stride-N Stream Enable. +-.PP ++ ++.LP + These features were added on Power ISA 2.06+: +-.TP + .IP \[bu] 2 + .BR DSCR_LSD + Load Stream Disable. + +-.PP ++.LP + These are supported only on Power ISA 2.07: +-.TP + .IP \[bu] 2 + .BR DSCR_HWUE + Hardware Unit count Enable. +-.TP + .IP \[bu] 2 + .BR DSCR_SWUE + Software Unit count Enable. +-.TP + .IP \[bu] + .BR DSCR_LTE + Load Transient Enable. +-.TP + .IP \[bu] + .BR DSCR_STE + Software Transient Enable. +-.TP + .IP \[bu] + .BR DSCR_HTE + Hardware Transient Enable. +-.TP + .IP \[bu] + .BR DSCR_SWTE + Software Transient Enable. +@@ -201,6 +194,7 @@ if the system does not support DSCR facility. + .nf + #include + #include ++#include + + int main(void) + { +diff --git a/paflib/man3/libpaf-ebb.3 b/paflib/man3/libpaf-ebb.3 +index eb6cd2e..87460a6 100644 +--- a/paflib/man3/libpaf-ebb.3 ++++ b/paflib/man3/libpaf-ebb.3 +@@ -200,7 +200,7 @@ void do_work (void) + } + } + +-int _do_ebb(void) ++int do_ebb(void) + { + ebbhandler_t handler; + ebb_handler_triggered = 0; +@@ -223,7 +223,7 @@ int _do_ebb(void) + + paf_ebb_disable_branches (); + +- printf ("Done; %d EBB interrupts handled\n", ebb_handler_triggered); ++ printf ("Done; %d EBB interrupts handled\\n", ebb_handler_triggered); + + close (ebb_fd); + +-- +2.7.4 + diff --git a/SOURCES/1255283-mpo-7.3.0-captest.8.patch b/SOURCES/1255283-mpo-7.3.0-captest.8.patch new file mode 100644 index 0000000..425d9f9 --- /dev/null +++ b/SOURCES/1255283-mpo-7.3.0-captest.8.patch @@ -0,0 +1,35 @@ +From 720dec93c72d9a493ee768e9d892c19d5485a19a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 11:32:03 +0200 +Subject: [PATCH 03/17] captest.8: describe --init-grp option + +--- + libcap-ng/man8/captest.8 | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libcap-ng/man8/captest.8 b/libcap-ng/man8/captest.8 +index b7a89f4..e6351a4 100644 +--- a/libcap-ng/man8/captest.8 ++++ b/libcap-ng/man8/captest.8 +@@ -2,7 +2,7 @@ + .SH NAME + captest \- a program to demonstrate capabilities + .SH SYNOPSIS +-.B captest [ \-\-drop-all | \-\-drop-caps | \-\-id ] [ \-\-lock ] [ \-\-text ] ++.B captest [ \-\-drop-all | \-\-drop-caps | \-\-id ] [ \-\-init-grp ] [ \-\-lock ] [ \-\-text ] + .SH DESCRIPTION + \fBcaptest\fP is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have. + +@@ -19,6 +19,9 @@ This drops just traditional capabilities. + .B \-\-id + This changes to uid and gid 99, drops supplemental groups, and clears the bounding set. + .TP ++.B \-\-init-grp ++This changes to uid and gid 99 and then adds any supplemental groups that comes with that account. You would have add them prior to testing because by default there are no supplemental groups on account 99. ++.TP + .B \-\-text + This option outputs the effective capabilities in text rather than numerically. + .TP +-- +2.7.4 + diff --git a/SOURCES/1263575-mpo-7.3.1-libpng.3-png.5.patch b/SOURCES/1263575-mpo-7.3.1-libpng.3-png.5.patch new file mode 100644 index 0000000..0eb34ad --- /dev/null +++ b/SOURCES/1263575-mpo-7.3.1-libpng.3-png.5.patch @@ -0,0 +1,39 @@ +From 0fef929fe46265410a489ef1045295ceb21028e2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 12:11:10 +0200 +Subject: [PATCH 04/19] libpng.3, png.5: fix invalid RFC URL + +--- + libpng/man3/libpng.3 | 2 +- + libpng/man5/png.5 | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libpng/man3/libpng.3 b/libpng/man3/libpng.3 +index 6cfd7c6..cc081cd 100644 +--- a/libpng/man3/libpng.3 ++++ b/libpng/man3/libpng.3 +@@ -5848,7 +5848,7 @@ ftp://ftp.info-zip.org/pub/infozip/zlib + .I libpng + or at + .br +-ftp://ds.internic.net/rfc/rfc2083.txt ++ftp://ftp.rfc-editor.org:/in-notes/rfc2083.txt + .br + or (as a W3C Recommendation) at + .br +diff --git a/libpng/man5/png.5 b/libpng/man5/png.5 +index 8898820..fa18342 100644 +--- a/libpng/man5/png.5 ++++ b/libpng/man5/png.5 +@@ -35,7 +35,7 @@ PNG 1.0 specification, October 1996: + RFC 2083 + .IP + .br +-ftp://ds.internic.net/rfc/rfc2083.txt ++http://www.ietf.org/rfc/rfc2083.txt + .br + or (as a W3C Recommendation) at + .br +-- +2.7.4 + diff --git a/SOURCES/1263629-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch b/SOURCES/1263629-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch new file mode 100644 index 0000000..f97440c --- /dev/null +++ b/SOURCES/1263629-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch @@ -0,0 +1,112 @@ +From 1700005f9f6c090e6f0e2cfab1ed7c2f9e7e5203 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 12:39:50 +0200 +Subject: [PATCH 05/17] cp.1, install.1, mkdir.1, mkfifo.1, mknod.1: update + security context options to reflect coreutils change + +--- + man-pages-cs/cs/man1/cp.1 | 7 +++++++ + man-pages-cs/cs/man1/install.1 | 7 ++++++- + man-pages-cs/cs/man1/mkdir.1 | 8 ++++++-- + man-pages-cs/cs/man1/mkfifo.1 | 8 ++++++-- + man-pages-cs/cs/man1/mknod.1 | 8 ++++++-- + 5 files changed, 31 insertions(+), 7 deletions(-) + +diff --git a/man-pages-cs/cs/man1/cp.1 b/man-pages-cs/cs/man1/cp.1 +index 3ab7199..c6abe6d 100644 +--- a/man-pages-cs/cs/man1/cp.1 ++++ b/man-pages-cs/cs/man1/cp.1 +@@ -105,6 +105,13 @@ vypisuje prováděné operace + nebude kopírovat podadresáře z jiného svazku než + na kterém kopírování začalo + .TP ++\fB\-Z\fP ++nastaví cílovému souboru bezpečnostní kontext SELinuxu na výchozí ++.TP ++\fB\-\-context\fP[=\fIKONTEXT\fP] ++jako \fB\-Z\fP; pokud je udán KONTEXT, nastaví ++bezpečnostní kontext SELinuxu nebo SMACKu na KONTEXT ++.TP + \fB\-\-help\fP + vypíše tuto nápovědu a skončí + .TP +diff --git a/man-pages-cs/cs/man1/install.1 b/man-pages-cs/cs/man1/install.1 +index 2bf1d69..ea6a31d 100644 +--- a/man-pages-cs/cs/man1/install.1 ++++ b/man-pages-cs/cs/man1/install.1 +@@ -76,8 +76,13 @@ vypisuje název každáho vytvářeného adresáře + \fB\-\-preserve\-context\fP + zachová bezpečnostní kontext SELinuxu + .TP +-\fB\-Z\fP, \fB\-\-context\fP=\fIKONTEXT\fP ++\fB\-Z\fP + nastaví souborům a adresářům bezpečnostní kontext SELinuxu ++na výchozí ++.TP ++\fB\-\-context\fP[=\fIKONTEXT\fP] ++jako \fB\-Z\fP; pokud je udán KONTEXT, nastaví ++bezpečnostní kontext SELinuxu nebo SMACKu na KONTEXT + .TP + \fB\-\-help\fP + vypíše tuto nápovědu a skončí +diff --git a/man-pages-cs/cs/man1/mkdir.1 b/man-pages-cs/cs/man1/mkdir.1 +index 262adf9..9f38116 100644 +--- a/man-pages-cs/cs/man1/mkdir.1 ++++ b/man-pages-cs/cs/man1/mkdir.1 +@@ -26,9 +26,13 @@ nadřazené adresáře + \fB\-v\fP, \fB\-\-verbose\fP + s každým vytvořeným adresářem vytiskne zprávu + .TP +-\fB\-Z\fP, \fB\-\-context\fP=\fIKONTEXT\fP ++\fB\-Z\fP + nastaví každému vytvořenému adresáři bezpečnostní kontext SELinuxu +-na KONTEXT ++na výchozí ++.TP ++\fB\-\-context\fP[=\fIKONTEXT\fP] ++jako \fB\-Z\fP; pokud je udán KONTEXT, nastaví ++bezpečnostní kontext SELinuxu nebo SMACKu na KONTEXT + .TP + \fB\-\-help\fP + vypíše tuto nápovědu a skončí +diff --git a/man-pages-cs/cs/man1/mkfifo.1 b/man-pages-cs/cs/man1/mkfifo.1 +index 4c92fd5..e83579c 100644 +--- a/man-pages-cs/cs/man1/mkfifo.1 ++++ b/man-pages-cs/cs/man1/mkfifo.1 +@@ -19,8 +19,12 @@ Argumenty povinné pro dlouhé volby jsou pro krátké volby také povinné. + \fB\-m\fP, \fB\-\-mode\fP=\fIPRÁVA\fP + nastaví přístupová PRÁVA, namísto umask a=rw + .TP +-\fB\-Z\fP, \fB\-\-context\fP=\fIKONTEXT\fP +-nastaví každému JMÉNU bezpečnostní kontext SELinuxu na KONTEXT ++\fB\-Z\fP ++nastaví každému JMÉNU bezpečnostní kontext SELinuxu na výchozí ++.TP ++\fB\-\-context\fP[=\fIKONTEXT\fP] ++jako \fB\-Z\fP; pokud je udán KONTEXT, nastaví ++bezpečnostní kontext SELinuxu nebo SMACKu na KONTEXT + .TP + \fB\-\-help\fP + vypíše tuto nápovědu a skončí +diff --git a/man-pages-cs/cs/man1/mknod.1 b/man-pages-cs/cs/man1/mknod.1 +index dbde08f..8e27d8f 100644 +--- a/man-pages-cs/cs/man1/mknod.1 ++++ b/man-pages-cs/cs/man1/mknod.1 +@@ -19,8 +19,12 @@ Argumenty povinné pro dlouhé volby jsou pro krátké volby také povinné. + \fB\-m\fP, \fB\-\-mode\fP=\fIPRÁVA\fP + nastaví přístupová PRÁVA, namísto umask a=rw + .TP +-\fB\-Z\fP, \fB\-\-context\fP=\fIKONTEXT\fP +-nastaví JMÉNU bezpečnostní kontext SELinuxu na KONTEXT ++\fB\-Z\fP ++nastaví JMÉNU bezpečnostní kontext SELinuxu na výchozí ++.TP ++\fB\-\-context\fP[=\fIKONTEXT\fP] ++jako \fB\-Z\fP; pokud je udán KONTEXT, nastaví ++bezpečnostní kontext SELinuxu nebo SMACKu na KONTEXT + .TP + \fB\-\-help\fP + vypíše tuto nápovědu a skončí +-- +2.7.4 + diff --git a/SOURCES/1263632-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch b/SOURCES/1263632-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch new file mode 100644 index 0000000..ab7f946 --- /dev/null +++ b/SOURCES/1263632-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch @@ -0,0 +1,113 @@ +From d5df946c7c46ac5474e7ceff6188a95bf1fc0426 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 12:51:21 +0200 +Subject: [PATCH 06/17] cp.1, install.1, mkdir.1, mkfifo.1, mknod.1: update + security context options to reflect coreutils change + +--- + man-pages-pl/pl/man1/cp.1 | 7 +++++++ + man-pages-pl/pl/man1/install.1 | 8 ++++++-- + man-pages-pl/pl/man1/mkdir.1 | 8 ++++++-- + man-pages-pl/pl/man1/mkfifo.1 | 9 ++++++--- + man-pages-pl/pl/man1/mknod.1 | 8 ++++++-- + 5 files changed, 31 insertions(+), 9 deletions(-) + +diff --git a/man-pages-pl/pl/man1/cp.1 b/man-pages-pl/pl/man1/cp.1 +index 24392f4..82af3a3 100644 +--- a/man-pages-pl/pl/man1/cp.1 ++++ b/man-pages-pl/pl/man1/cp.1 +@@ -122,6 +122,13 @@ wypisuje bieżące działania + \fB\-x\fP, \fB\-\-one\-file\-system\fP + pozostaje na tym systemie plików + .TP ++\fB\-Z\fP ++ustawia kontekst bezpieczeństwa SELinux pliku docelowego na domyślny ++.TP ++\fB\-\-context\fP=\fIKONTEKST\fP ++jak \fB\-Z\fP lub jeśli poda się \fIKONTEKST\fP \- ustawia kontekst bezpieczeństwa ++SELinux lub SMACK na \fIKONTEKST\fP ++.TP + \fB\-\-help\fP + wyświetla ten tekst i kończy pracę + .TP +diff --git a/man-pages-pl/pl/man1/install.1 b/man-pages-pl/pl/man1/install.1 +index 389b275..37d3c52 100644 +--- a/man-pages-pl/pl/man1/install.1 ++++ b/man-pages-pl/pl/man1/install.1 +@@ -94,8 +94,12 @@ wyświetla nazwę każdego tworzonego katalogu + \fB\-\-preserve\-context\fP + zachowuje kontekst bezpieczeństwa SELinux + .TP +-\fB\-Z\fP, \fB\-\-context\fP=\fIKONTEKST\fP +-ustawia kontekst bezpieczeństwa SELinux plików i katalogów ++\fB\-Z\fP ++ustawia kontekst bezpieczeństwa SELinux pliku docelowego na domyślny ++.TP ++\fB\-\-context\fP=\fIKONTEKST\fP ++jak \fB\-Z\fP lub jeśli poda się \fIKONTEKST\fP \- ustawia kontekst bezpieczeństwa ++SELinux lub SMACK na \fIKONTEKST\fP + .TP + \fB\-\-help\fP + wyświetla ten tekst i kończy pracę +diff --git a/man-pages-pl/pl/man1/mkdir.1 b/man-pages-pl/pl/man1/mkdir.1 +index e8b43d4..9e84f1b 100644 +--- a/man-pages-pl/pl/man1/mkdir.1 ++++ b/man-pages-pl/pl/man1/mkdir.1 +@@ -35,9 +35,13 @@ nadrzędne + \fB\-v\fP, \fB\-\-verbose\fP + wyświetla komunikat o każdym utworzonym katalogu + .TP +-\fB\-Z\fP, \fB\-\-context\fP=\fIKONTEKST\fP ++\fB\-Z\fP + ustawia kontekst bezpieczeństwa SELinux każdego tworzonego katalogu na +-\fIKONTEKST\fP ++domyślny ++.TP ++\fB\-\-context\fP[=\fIKONTEKST\fP] ++jak \fB\-Z\fP lub jeśli poda się \fIKONTEKST\fP \- ustawia kontekst bezpieczeństwa ++SELinux lub SMACK na \fIKONTEKST\fP + .TP + \fB\-\-help\fP + wyświetla ten tekst i kończy pracę +diff --git a/man-pages-pl/pl/man1/mkfifo.1 b/man-pages-pl/pl/man1/mkfifo.1 +index 39cd379..97f07d5 100644 +--- a/man-pages-pl/pl/man1/mkfifo.1 ++++ b/man-pages-pl/pl/man1/mkfifo.1 +@@ -26,9 +26,12 @@ dla krótkich. + ustawia \fITRYB\fP uprawnień, zamiast domyślnego \fBa=rw\fP minus bity ustawione w + \fBumask\fP + .TP +-\fB\-Z\fP, \fB\-\-context\fP=\fIKONTEKST\fP +-ustawia kontekst bezpieczeństwa SELinux każdego tworzonego potoku nazwanego +-na \fIKONTEKST\fP ++\fB\-Z\fP ++ustawia kontekst bezpieczeństwa SELinux na domyślny ++.TP ++\fB\-\-context\fP[=\fIKONTEKST\fP] ++jak \fB\-Z\fP lub jeśli poda się \fIKONTEKST\fP \- ustawia kontekst bezpieczeństwa ++SELinux lub SMACK na \fIKONTEKST\fP + .TP + \fB\-\-help\fP + wyświetla ten tekst i kończy pracę +diff --git a/man-pages-pl/pl/man1/mknod.1 b/man-pages-pl/pl/man1/mknod.1 +index 986f6ad..f73ecf8 100644 +--- a/man-pages-pl/pl/man1/mknod.1 ++++ b/man-pages-pl/pl/man1/mknod.1 +@@ -28,8 +28,12 @@ dla krótkich. + ustawia \fITRYB\fP uprawnień, zamiast domyślnego \fBa=rw\fP minus bity ustawione w + \fBumask\fP + .TP +-\fB\-Z\fP, \fB\-\-context\fP=\fIKONTEKST\fP +-ustawia kontekst bezpieczeństwa SELinux \fINAZWY\fP na \fIKONTEKST\fP ++\fB\-Z\fP ++ustawia kontekst bezpieczeństwa SELinux na domyślny ++.TP ++\fB\-\-context\fP[=\fIKONTEKST\fP] ++jak \fB\-Z\fP lub jeśli poda się \fIKONTEKST\fP \- ustawia kontekst bezpieczeństwa ++SELinux lub SMACK na \fIKONTEKST\fP + .TP + \fB\-\-help\fP + wyświetla ten tekst i kończy pracę +-- +2.7.4 + diff --git a/SOURCES/1263635-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch b/SOURCES/1263635-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch new file mode 100644 index 0000000..ed2fd10 --- /dev/null +++ b/SOURCES/1263635-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch @@ -0,0 +1,155 @@ +From ccb6cba4970f6ed30a62e984fb8ed6ed2fe251a9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Thu, 30 Jun 2016 13:51:27 +0200 +Subject: [PATCH] cp.1, install.1, mkdir.1, mkfifo.1, mknod.1: update security + context options to reflect coreutils change + +bz1263635 +--- + man-pages-fr/fr/man1/cp.1 | 8 ++++++++ + man-pages-fr/fr/man1/install.1 | 8 ++++++++ + man-pages-fr/fr/man1/mkdir.1 | 12 ++++++++++-- + man-pages-fr/fr/man1/mkfifo.1 | 12 ++++++++++-- + man-pages-fr/fr/man1/mknod.1 | 16 ++++++++++++---- + 5 files changed, 48 insertions(+), 8 deletions(-) + +diff --git a/man-pages-fr/fr/man1/cp.1 b/man-pages-fr/fr/man1/cp.1 +index 251c87a..e450b2e 100644 +--- a/man-pages-fr/fr/man1/cp.1 ++++ b/man-pages-fr/fr/man1/cp.1 +@@ -330,6 +330,14 @@ Afficher le nom de chaque fichier avant de le copier. + .B "\-x, \-\-one-file-system" + Ignorer les sous-répertoires se trouvant sur un système de fichiers + différent de celui du départ de la copie. ++.TP ++.B "\-Z" ++Fixez le contexte de sécurité SELinux du fichier de destination ++au type par défaut. ++.TP ++.BI "\-\-context" "[=CTX]" ++Comme \fB\-Z\fR ou, si CTX est spécifié, fixez le contexte ++de sécurité SELinux ou SMACK à CTX. + .SH OPTIONS DE SAUVEGARDE GNU + Les versions GNU des programmes comme + .BR cp , +diff --git a/man-pages-fr/fr/man1/install.1 b/man-pages-fr/fr/man1/install.1 +index 0c80537..68c1b52 100644 +--- a/man-pages-fr/fr/man1/install.1 ++++ b/man-pages-fr/fr/man1/install.1 +@@ -125,6 +125,14 @@ peut être mentionné sous forme numérique ou par son nom. + .TP + .B "\-s, \-\-strip" + Réduire la table des symboles des exécutables binaires installés. ++.TP ++.B "\-Z" ++Fixez le contexte de sécurité SELinux du fichier de destination ++au type par défaut. ++.TP ++.BI "\-\-context" "[=CTX]" ++Comme \fB\-Z\fR ou, si CTX est spécifié, fixez le contexte ++de sécurité SELinux ou SMACK à CTX. + .SH OPTIONS DE SAUVEGARDE GNU + Les versions GNU des programmes comme + .BR cp , +diff --git a/man-pages-fr/fr/man1/mkdir.1 b/man-pages-fr/fr/man1/mkdir.1 +index 252449b..31b2f47 100644 +--- a/man-pages-fr/fr/man1/mkdir.1 ++++ b/man-pages-fr/fr/man1/mkdir.1 +@@ -52,8 +52,13 @@ Afficher un message pour chaque répertoire créé. Ceci est essentiellement + utile en conjonction avec l'option + .BR "\-\-parents" . + .TP +-.B "\-\-" +-Fin explicite de la liste des options. ++.B "\-Z" ++Fixez le contexte de sécurité SELinux de chaque répertoire créé ++au type par défaut. ++.TP ++.BI "\-\-context" "[=CTX]" ++Comme \fB\-Z\fR ou, si CTX est spécifié, fixez le contexte ++de sécurité SELinux ou SMACK à CTX. + .SH OPTIONS STANDARDS GNU + .TP + .B "\-\-help" +@@ -62,6 +67,9 @@ Afficher un message d'aide sur la sortie standard, et se terminer normalement. + .B "\-\-version" + Afficher un numéro de version sur la sortie standard, et se terminer + normalement. ++.TP ++.B "\-\-" ++Fin explicite de la liste des options. + .SH ENVIRONNEMENT + Les variables d'environnement LANG, LC_ALL, LC_CTYPE et LC_MESSAGES ont + leur signification habituelle. +diff --git a/man-pages-fr/fr/man1/mkfifo.1 b/man-pages-fr/fr/man1/mkfifo.1 +index 4be114e..b4916cf 100644 +--- a/man-pages-fr/fr/man1/mkfifo.1 ++++ b/man-pages-fr/fr/man1/mkfifo.1 +@@ -45,8 +45,13 @@ est fourni de manière symbolique, comme pour + en utilisant + l'autorisation par défaut comme valeur de départ. + .TP +-.B "\-\-" +-Fin explicite de la liste des options. ++.B "\-Z" ++Fixez le contexte de sécurité SELinux ++au type par défaut. ++.TP ++.BI "\-\-context" "[=CTX]" ++Comme \fB\-Z\fR ou, si CTX est spécifié, fixez le contexte ++de sécurité SELinux ou SMACK à CTX. + .SH OPTIONS STANDARDS GNU + .TP + .B "\-\-help" +@@ -54,6 +59,9 @@ Afficher un message d'aide sur la sortie standard, et se terminer normalement. + .TP + .B "\-\-version" + Afficher un numéro de version sur la sortie standard, et se terminer normalement. ++.TP ++.B "\-\-" ++Fin explicite de la liste des options. + .SH ENVIRONNEMENT + Les variables d'environnement LANG, LC_ALL, LC_TYPE et LC_MESSAGES ont leur + significations habituelles. +diff --git a/man-pages-fr/fr/man1/mknod.1 b/man-pages-fr/fr/man1/mknod.1 +index d46d0a4..dafb8a6 100644 +--- a/man-pages-fr/fr/man1/mknod.1 ++++ b/man-pages-fr/fr/man1/mknod.1 +@@ -82,22 +82,30 @@ Par défaut le mode de création est 0666 («\ a+rw\ ») moins les bits se trouv + dans le umask. + .SS OPTIONS + .TP +-.I "\-m, \-\-mode mode" ++.BI "\-m " mode ", \-\-mode=" mode + Indique les autorisations d'accès au fichier, + .I mode + étant fourni sous forme symbolique, comme pour + .BR chmod (1), + les permissions par défaut étant utilisées comme valeur de départ. ++.TP ++.B "\-Z" ++Fixez le contexte de sécurité SELinux ++au type par défaut. ++.TP ++.BI "\-\-context" "[=CTX]" ++Comme \fB\-Z\fR ou, si CTX est spécifié, fixez le contexte ++de sécurité SELinux ou SMACK à CTX. + .SH OPTIONS STANDARDS GNU + .TP +-.I "\-\-help" ++.B "\-\-help" + Afficher un message d'aide sur la sortie standard, et se terminer normalement. + .TP +-.I "\-\-version" ++.B "\-\-version" + Afficher un numéro de version sur la sortie standard, et se terminer + normalement. + .TP +-.I "\-\-" ++.B "\-\-" + Terminer la liste des options. + .SH CONFORMITÉ + POSIX ne décrit pas cette commande, considérée comme non portable, et +-- +2.7.4 + diff --git a/SOURCES/1263637-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch b/SOURCES/1263637-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch new file mode 100644 index 0000000..b3a573e --- /dev/null +++ b/SOURCES/1263637-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch @@ -0,0 +1,112 @@ +From 0c89a04f410b13e6bf1b67980cf37c82294a62e7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Wed, 29 Jun 2016 10:06:41 +0200 +Subject: [PATCH 20/20] cp.1, install.1, mkdir.1, mkfifo.1, mknod.1: update + security context options to reflect coreutils change + +--- + man-pages-es/es/man1/cp.1 | 8 ++++++++ + man-pages-es/es/man1/install.1 | 8 ++++++++ + man-pages-es/es/man1/mkdir.1 | 8 ++++++++ + man-pages-es/es/man1/mkfifo.1 | 8 ++++++++ + man-pages-es/es/man1/mknod.1 | 8 ++++++++ + 5 files changed, 40 insertions(+) + +diff --git a/man-pages-es/es/man1/cp.1 b/man-pages-es/es/man1/cp.1 +index d1bcb75..95a89aa 100644 +--- a/man-pages-es/es/man1/cp.1 ++++ b/man-pages-es/es/man1/cp.1 +@@ -230,6 +230,14 @@ Muestra el nombre de cada fichero antes de copiarlo. + .B "\-x, \-\-one\-file\-system" + Se salta subdirectorios que estén en sistemas de ficheros diferentes + de aquél en el que empezó la copia. ++.TP ++.B "\-Z" ++Establece el contexto de seguridad de SELinux del fichero de destino ++al tipo predeterminado. ++.TP ++.BI "\-\-context" "[=CTX]" ++Al igual que \fB\-Z\fR o, si se especifica CTX, ++establece el contexto de seguridad SELinux o SMACK a CTX. + .SH "OPCIONES DE RESPALDO DE GNU" + Las versiones de GNU de programas como + .BR cp , +diff --git a/man-pages-es/es/man1/install.1 b/man-pages-es/es/man1/install.1 +index 18a8acc..8e04ccc 100644 +--- a/man-pages-es/es/man1/install.1 ++++ b/man-pages-es/es/man1/install.1 +@@ -178,6 +178,14 @@ copias simples de los otros. + .BR never ", " simple + Siempre hace copias de respaldo simples. + .RE ++.TP ++.B "\-Z" ++Establece el contexto de seguridad de SELinux del fichero de destino ++al tipo predeterminado. ++.TP ++.BI "\-\-context" "[=CTX]" ++Al igual que \fB\-Z\fR o, si se especifica CTX, ++establece el contexto de seguridad SELinux o SMACK a CTX. + .SH "OPCIONES ESTÁNDARES DE GNU" + .TP + .B "\-\-help" +diff --git a/man-pages-es/es/man1/mkdir.1 b/man-pages-es/es/man1/mkdir.1 +index 9943b91..542c3fd 100644 +--- a/man-pages-es/es/man1/mkdir.1 ++++ b/man-pages-es/es/man1/mkdir.1 +@@ -47,6 +47,14 @@ un error, pero `mkdir \-p /a' no lo es.) + .B "\-\-verbose" + Muestra un mensaje para cada directorio creado. Esto es más útil con + .BR "\-\-parents" . ++.TP ++.B "\-Z" ++Establece el contexto de seguridad de SELinux de cada directorio creado ++al tipo predeterminado. ++.TP ++.BI "\-\-context" "[=CTX]" ++Al igual que \fB\-Z\fR o, si se especifica CTX, ++establece el contexto de seguridad SELinux o SMACK a CTX. + .SH "OPCIONES ESTÁNDARES DE GNU" + .TP + .B "\-\-help" +diff --git a/man-pages-es/es/man1/mkfifo.1 b/man-pages-es/es/man1/mkfifo.1 +index d1c5156..da7c659 100644 +--- a/man-pages-es/es/man1/mkfifo.1 ++++ b/man-pages-es/es/man1/mkfifo.1 +@@ -39,6 +39,14 @@ Establece los permisos de los FIFOs creados a + que puede ser simbólico como en + .BR chmod (1) + y emplea el modo predeterminado como punto de partida. ++.TP ++.B "\-Z" ++Establece el contexto de seguridad de SELinux ++al tipo predeterminado. ++.TP ++.BI "\-\-context" "[=CTX]" ++Al igual que \fB\-Z\fR o, si se especifica CTX, ++establece el contexto de seguridad SELinux o SMACK a CTX. + .SH "OPCIONES ESTÁNDARES DE GNU" + .TP + .B "\-\-help" +diff --git a/man-pages-es/es/man1/mknod.1 b/man-pages-es/es/man1/mknod.1 +index 3eaebd4..41bd090 100644 +--- a/man-pages-es/es/man1/mknod.1 ++++ b/man-pages-es/es/man1/mknod.1 +@@ -86,6 +86,14 @@ Establece los permisos de los ficheros creados a + que es simbólico como en + .BR chmod (1) + y emplea el modo predeterminado como punto de partida. ++.TP ++.B "\-Z" ++Establece el contexto de seguridad de SELinux ++al tipo predeterminado. ++.TP ++.BI "\-\-context" "[=CTX]" ++Al igual que \fB\-Z\fR o, si se especifica CTX, ++establece el contexto de seguridad SELinux o SMACK a CTX. + .SH "OPCIONES ESTÁNDARES DE GNU" + .TP + .B "\-\-help" +-- +2.7.4 + diff --git a/SOURCES/1269549-mpo-7.3.0-socket.7.patch b/SOURCES/1269549-mpo-7.3.0-socket.7.patch new file mode 100644 index 0000000..6108377 --- /dev/null +++ b/SOURCES/1269549-mpo-7.3.0-socket.7.patch @@ -0,0 +1,56 @@ +From 9dcfa5bda8c03d0acecd87953ebfc78372bb9755 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 13:02:45 +0200 +Subject: [PATCH 07/17] socket.7: document SO_REUSEPORT option + +--- + man-pages/man7/socket.7 | 33 +++++++++++++++++++++++++++++++++ + 1 file changed, 33 insertions(+) + +diff --git a/man-pages/man7/socket.7 b/man-pages/man7/socket.7 +index 17bd0c3..94c98b6 100644 +--- a/man-pages/man7/socket.7 ++++ b/man-pages/man7/socket.7 +@@ -649,6 +649,39 @@ with a specific port then it is not possible + to bind to this port for any local address. + Argument is an integer boolean flag. + .TP ++.BR SO_REUSEPORT ++Permits multiple ++.B AF_INET ++or ++.B AF_INET6 ++sockets to be bound to an identical socket address. ++This option must be set on each socket (including the first socket) ++prior to calling ++.BR bind (2) ++on the socket. ++To prevent port hijacking, ++all of the processes binding to the same address must have the same ++effective UID. ++This option can be employed with both TCP and UDP sockets. ++ ++For TCP sockets, this option allows ++.BR accept (2) ++load distribution in a multi-threaded server to be improved by ++using a distinct listener socket for each thread. ++This provides improved load distribution as compared ++to traditional techniques such using a single ++.BR accept (2)ing ++thread that distributes connections, ++or having multiple threads that compete to ++.BR accept (2) ++from the same socket. ++ ++For UDP sockets, ++the use of this option can provide better distribution ++of incoming datagrams to multiple processes (or threads) as compared ++to the traditional technique of having multiple processes ++compete to receive datagrams on the same socket. ++.TP + .B SO_SNDBUF + Sets or gets the maximum socket send buffer in bytes. + The kernel doubles this value (to allow space for bookkeeping overhead) +-- +2.7.4 + diff --git a/SOURCES/1274949-mpo-7.3.0-userhelper.8.patch b/SOURCES/1274949-mpo-7.3.0-userhelper.8.patch new file mode 100644 index 0000000..beadc4a --- /dev/null +++ b/SOURCES/1274949-mpo-7.3.0-userhelper.8.patch @@ -0,0 +1,30 @@ +From be31bf431ad2a8c13c55412a2667e0593b7f45ca Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 13:08:08 +0200 +Subject: [PATCH 08/17] userhelper.8: fix up exit status description and + consistency + +--- + usermode/man8/userhelper.8 | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/usermode/man8/userhelper.8 b/usermode/man8/userhelper.8 +index 1a136c6..690806e 100644 +--- a/usermode/man8/userhelper.8 ++++ b/usermode/man8/userhelper.8 +@@ -279,10 +279,10 @@ Ran out of memory. + Could not find the program. + .TP + 11 +-exec failed even though program exists. ++Executing the program failed even though it exists. + .TP + 12 +-the user canceled the operation. ++The user canceled the operation. + .TP + 255 + Unknown error. +-- +2.7.4 + diff --git a/SOURCES/1278492-mpo-7.3.1-recv.2.patch b/SOURCES/1278492-mpo-7.3.1-recv.2.patch new file mode 100644 index 0000000..b5ae5f1 --- /dev/null +++ b/SOURCES/1278492-mpo-7.3.1-recv.2.patch @@ -0,0 +1,44 @@ +From cabfb553c7a039af44d976585266022c6210b7c4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 13:15:18 +0200 +Subject: [PATCH 07/19] recv.2: change description of flags argument to apply + also to recvfrom and recvmsg + +--- + man-pages/man2/____recv.2 | 4 +--- + man-pages/man2/recv.2 | 4 +--- + 2 files changed, 2 insertions(+), 6 deletions(-) + +diff --git a/man-pages/man2/____recv.2 b/man-pages/man2/____recv.2 +index 7b93c09..3ac8ef4 100644 +--- a/man-pages/man2/____recv.2 ++++ b/man-pages/man2/____recv.2 +@@ -129,9 +129,7 @@ call may be used to determine when more data arrives. + .PP + The + .I flags +-argument to a +-.BR recv () +-call is formed by ORing one or more of the following values: ++argument is formed by ORing one or more of the following values: + .TP + .BR MSG_CMSG_CLOEXEC " (" recvmsg "() only; since Linux 2.6.23)" + Set the close-on-exec flag for the file descriptor received +diff --git a/man-pages/man2/recv.2 b/man-pages/man2/recv.2 +index 7b93c09..3ac8ef4 100644 +--- a/man-pages/man2/recv.2 ++++ b/man-pages/man2/recv.2 +@@ -129,9 +129,7 @@ call may be used to determine when more data arrives. + .PP + The + .I flags +-argument to a +-.BR recv () +-call is formed by ORing one or more of the following values: ++argument is formed by ORing one or more of the following values: + .TP + .BR MSG_CMSG_CLOEXEC " (" recvmsg "() only; since Linux 2.6.23)" + Set the close-on-exec flag for the file descriptor received +-- +2.7.4 + diff --git a/SOURCES/1289915-mpo-7.3.0-nsswitch.conf.5.patch b/SOURCES/1289915-mpo-7.3.0-nsswitch.conf.5.patch new file mode 100644 index 0000000..a9b7ce1 --- /dev/null +++ b/SOURCES/1289915-mpo-7.3.0-nsswitch.conf.5.patch @@ -0,0 +1,70 @@ +From b6c1528d166cee848f226b0e85c8a9583c2a269d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 13:24:03 +0200 +Subject: [PATCH 10/17] nsswitch.conf.5: add list of files being read when + "files" service is used + +--- + man-pages/man5/nsswitch.conf.5 | 46 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 46 insertions(+) + +diff --git a/man-pages/man5/nsswitch.conf.5 b/man-pages/man5/nsswitch.conf.5 +index 72c459e..f808874 100644 +--- a/man-pages/man5/nsswitch.conf.5 ++++ b/man-pages/man5/nsswitch.conf.5 +@@ -330,6 +330,52 @@ implements "nis" source. + implements "nisplus" source. + .PD + .RE ++.LP ++The following files are read when "files" source is specified ++for respective databases: ++.RS 4 ++.TP 12 ++.PD 0 ++.B aliases ++.I /etc/aliases ++.TP ++.B ethers ++.I /etc/ethers ++.TP ++.B group ++.I /etc/group ++.TP ++.B hosts ++.I /etc/hosts ++.TP ++.B initgroups ++.I /etc/group ++.TP ++.B netgroup ++.I /etc/netgroup ++.TP ++.B networks ++.I /etc/networks ++.TP ++.B passwd ++.I /etc/passwd ++.TP ++.B protocols ++.I /etc/protocols ++.TP ++.B publickey ++.I /etc/publickey ++.TP ++.B rpc ++.I /etc/rpc ++.TP ++.B services ++.I /etc/services ++.TP ++.B shadow ++.I /etc/shadow ++.PD ++.RE + .SH NOTES + Within each process that uses + .BR nsswitch.conf , +-- +2.7.4 + diff --git a/SOURCES/1297898-mpo-7.3.0-prctl.2.patch b/SOURCES/1297898-mpo-7.3.0-prctl.2.patch new file mode 100644 index 0000000..9d06c9d --- /dev/null +++ b/SOURCES/1297898-mpo-7.3.0-prctl.2.patch @@ -0,0 +1,118 @@ +From 26057cba30205ed659094a2816557b439c651286 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 13:28:29 +0200 +Subject: [PATCH 11/17] prctl.2: add description of Intel MPX calls + +--- + man-pages/man2/prctl.2 | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 81 insertions(+) + +diff --git a/man-pages/man2/prctl.2 b/man-pages/man2/prctl.2 +index 24e56d2..92eecf9 100644 +--- a/man-pages/man2/prctl.2 ++++ b/man-pages/man2/prctl.2 +@@ -47,6 +47,7 @@ + .\" PR_GET_TIMERSLACK + .\" 2013-01-10 Kees Cook, document PR_SET_PTRACER + .\" 2012-02-04 Michael kerrisk, document PR_{SET,GET}_CHILD_SUBREAPER ++.\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT + .\" + .\" + .TH PRCTL 2 2013-05-21 "Linux" "Linux Programmer's Manual" +@@ -771,6 +772,77 @@ option. + .\" symbolic-link transitions over all process running in a system. + .\" ========== END FIXME + .RE ++.TP ++.BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19) " ++.\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c ++.\" See also http://lwn.net/Articles/582712/ ++.\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler ++Enable or disable kernel management of Memory Protection eXtensions (MPX) ++bounds tables. ++The ++.IR arg2 , ++.IR arg3 , ++.IR arg4 , ++and ++.IR arg5 ++.\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88 ++arguments must be zero. ++ ++MPX is a hardware-assisted mechanism for performing bounds checking on ++pointers. ++It consists of a set of registers storing bounds information ++and a set of special instruction prefixes that tell the CPU on which ++instructions it should do bounds enforcement. ++There is a limited number of these registers and ++when there are more pointers than registers, ++their contents must be "spilled" into a set of tables. ++These tables are called "bounds tables" and the MPX ++.BR prctl () ++operations control ++whether the kernel manages their allocation and freeing. ++ ++When management is enabled, the kernel will take over allocation ++and freeing of the bounds tables. ++It does this by trapping the #BR exceptions that result ++at first use of missing bounds tables and ++instead of delivering the exception to user space, ++it allocates the table and populates the bounds directory ++with the location of the new table. ++For freeing, the kernel checks to see if bounds tables are ++present for memory which is not allocated, and frees them if so. ++ ++Before enabling MPX management using ++.BR PR_MPX_ENABLE_MANAGEMENT , ++the application must first have allocated a user-space buffer for ++the bounds directory and placed the location of that directory in the ++.I bndcfgu ++register. ++ ++These calls will fail if the CPU or kernel does not support MPX. ++Kernel support for MPX is enabled via the ++.BR CONFIG_X86_INTEL_MPX ++configuration option. ++You can check whether the CPU supports MPX by looking for the 'mpx' ++CPUID bit, like with the following command: ++ ++ cat /proc/cpuinfo | grep ' mpx ' ++ ++A thread may not switch in or out of long (64-bit) mode while MPX is ++enabled. ++ ++All threads in a process are affected by these calls. ++ ++The child of a ++.BR fork (2) ++inherits the state of MPX management. ++During ++.BR execve (2), ++MPX management is reset to a state as if ++.BR PR_MPX_DISABLE_MANAGEMENT ++had been called. ++ ++For further information on Intel MPX, see the kernel source file ++.IR Documentation/x86/intel_mpx.txt . + .\" + .SH RETURN VALUE + On success, +@@ -957,6 +1029,15 @@ capability. + .\" is + .\" .BR PR_SET_SECCOMP , + .\" and secure computing mode is already 1. ++.TP ++.B ENXIO ++.I option ++was ++.BR PR_MPX_ENABLE_MANAGEMENT ++or ++.BR PR_MPX_DISABLE_MANAGEMENT ++and the kernel or the CPU does not support MPX management. ++Check that the kernel and processor have MPX support. + .SH VERSIONS + The + .BR prctl () +-- +2.7.4 + diff --git a/SOURCES/1312875-mpo-7.3.0-tcp.7.patch b/SOURCES/1312875-mpo-7.3.0-tcp.7.patch new file mode 100644 index 0000000..b4208a7 --- /dev/null +++ b/SOURCES/1312875-mpo-7.3.0-tcp.7.patch @@ -0,0 +1,78 @@ +From 14336b7b4c70b3def333ae78e654e8919107176b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 13:50:57 +0200 +Subject: [PATCH 13/17] tcp.7: document TCP_USER_TIMEOUT + +--- + man-pages/man7/tcp.7 | 48 +++++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 45 insertions(+), 3 deletions(-) + +diff --git a/man-pages/man7/tcp.7 b/man-pages/man7/tcp.7 +index 93b4148..98ccf27 100644 +--- a/man-pages/man7/tcp.7 ++++ b/man-pages/man7/tcp.7 +@@ -46,9 +46,6 @@ + .\" TCP_THIN_DUPACK (2..6.34) + .\" commit 7e38017557bc0b87434d184f8804cadb102bb903 + .\" Author: Andreas Petlund +-.\" TCP_USER_TIMEOUT (new in 2.6.37) +-.\" Author: Jerry Chu +-.\" commit dca43c75e7e545694a9dd6288553f55c53e2a3a3 + .\" TCP_REPAIR (3.5) + .\" commit ee9952831cfd0bbe834f4a26489d7dce74582e37 + .\" Author: Pavel Emelyanov +@@ -1038,6 +1035,51 @@ aborting the attempt to connect. + It cannot exceed 255. + This option should not be used in code intended to be portable. + .TP ++.BR TCP_USER_TIMEOUT " (since Linux 2.6.37)" ++.\" commit dca43c75e7e545694a9dd6288553f55c53e2a3a3 ++.\" Author: Jerry Chu ++.\" The following text taken nearly verbatim from Jerry Chu's (excellent) ++.\" commit message. ++.\" ++This option takes an ++.IR "unsigned int" ++as an argument. ++When the value is greater than 0, ++it specifies the maximum amount of time in milliseconds that transmitted ++data may remain unacknowledged before TCP will forcibly close the ++corresponding connection and return ++.B ETIMEDOUT ++to the application. ++If the option value is specified as 0, ++TCP will to use the system default. ++ ++Increasing user timeouts allows a TCP connection to survive extended ++periods without end-to-end connectivity. ++Decreasing user timeouts ++allows applications to "fail fast", if so desired. ++Otherwise, failure may take up to 20 minutes with ++the current system defaults in a normal WAN environment. ++ ++This option can be set during any state of a TCP connection, ++but is effective only during the synchronized states of a connection ++(ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, and LAST-ACK). ++Moreover, when used with the TCP keepalive ++.RB ( SO_KEEPALIVE ) ++option, ++.B TCP_USER_TIMEOUT ++will override keepalive to determine when to close a ++connection due to keepalive failure. ++ ++The option has no effect on when TCP retransmits a packet, ++nor when a keepalive probe is sent. ++ ++This option, like many others, will be inherited by the socket returned by ++.BR accept (2), ++if it was set on the listening socket. ++ ++Further details on the user timeout feature can be found in ++RFC\ 793 and RFC\ 5482 ("TCP User Timeout Option"). ++.TP + .BR TCP_WINDOW_CLAMP " (since Linux 2.4)" + .\" Precisely: since 2.3.41 + Bound the size of the advertised window to this value. +-- +2.7.4 + diff --git a/SOURCES/1315605-mpo-7.3.1-recv.2-cmsg.3.patch b/SOURCES/1315605-mpo-7.3.1-recv.2-cmsg.3.patch new file mode 100644 index 0000000..80f7752 --- /dev/null +++ b/SOURCES/1315605-mpo-7.3.1-recv.2-cmsg.3.patch @@ -0,0 +1,72 @@ +From 111803a7b99abd01d487b00f7cce5b6d142a755c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 14:00:16 +0200 +Subject: [PATCH 11/19] recv.2, cmsg.3: fix type of cmsg_len member of cmsghdr + structure + +--- + man-pages/man2/____recv.2 | 7 ++++--- + man-pages/man2/recv.2 | 7 ++++--- + man-pages/man3/cmsg.3 | 10 ++++++---- + 3 files changed, 14 insertions(+), 10 deletions(-) + +diff --git a/man-pages/man2/____recv.2 b/man-pages/man2/____recv.2 +index 3ac8ef4..7056eb2 100644 +--- a/man-pages/man2/____recv.2 ++++ b/man-pages/man2/____recv.2 +@@ -341,9 +341,10 @@ The messages are of the form: + .nf + + struct cmsghdr { +- socklen_t cmsg_len; /* data byte count, including hdr */ +- int cmsg_level; /* originating protocol */ +- int cmsg_type; /* protocol-specific type */ ++ size_t cmsg_len; /* Data byte count, including header ++ (type is socklen_t in POSIX) */ ++ int cmsg_level; /* Originating protocol */ ++ int cmsg_type; /* Protocol-specific type */ + /* followed by + unsigned char cmsg_data[]; */ + }; +diff --git a/man-pages/man2/recv.2 b/man-pages/man2/recv.2 +index 3ac8ef4..7056eb2 100644 +--- a/man-pages/man2/recv.2 ++++ b/man-pages/man2/recv.2 +@@ -341,9 +341,10 @@ The messages are of the form: + .nf + + struct cmsghdr { +- socklen_t cmsg_len; /* data byte count, including hdr */ +- int cmsg_level; /* originating protocol */ +- int cmsg_type; /* protocol-specific type */ ++ size_t cmsg_len; /* Data byte count, including header ++ (type is socklen_t in POSIX) */ ++ int cmsg_level; /* Originating protocol */ ++ int cmsg_type; /* Protocol-specific type */ + /* followed by + unsigned char cmsg_data[]; */ + }; +diff --git a/man-pages/man3/cmsg.3 b/man-pages/man3/cmsg.3 +index 2713c09..8fe3d5d 100644 +--- a/man-pages/man3/cmsg.3 ++++ b/man-pages/man3/cmsg.3 +@@ -28,10 +28,12 @@ CMSG_ALIGN, CMSG_SPACE, CMSG_NXTHDR, CMSG_FIRSTHDR \- access ancillary data + .sp + .nf + struct cmsghdr { +- socklen_t cmsg_len; /* data byte count, including header */ +- int cmsg_level; /* originating protocol */ +- int cmsg_type; /* protocol-specific type */ +- /* followed by unsigned char cmsg_data[]; */ ++ size_t cmsg_len; /* Data byte count, including header ++ (type is socklen_t in POSIX) */ ++ int cmsg_level; /* Originating protocol */ ++ int cmsg_type; /* Protocol-specific type */ ++/* followed by ++ unsigned char cmsg_data[]; */ + }; + .fi + .SH DESCRIPTION +-- +2.7.4 + diff --git a/SOURCES/1330661-mpo-7.3.1-clone.2-fork.2.patch b/SOURCES/1330661-mpo-7.3.1-clone.2-fork.2.patch new file mode 100644 index 0000000..2ae0b53 --- /dev/null +++ b/SOURCES/1330661-mpo-7.3.1-clone.2-fork.2.patch @@ -0,0 +1,59 @@ +From 97978b3f5eae5700a12cdfc1fb37e55a7460e1f1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 14:13:48 +0200 +Subject: [PATCH 12/19] clone.2, fork.2: document ERESTARTNOINTR error code + +--- + man-pages/man2/____clone.2 | 4 ++++ + man-pages/man2/clone.2 | 4 ++++ + man-pages/man2/fork.2 | 4 ++++ + 3 files changed, 12 insertions(+) + +diff --git a/man-pages/man2/____clone.2 b/man-pages/man2/____clone.2 +index 1baad11..d9ffe3e 100644 +--- a/man-pages/man2/____clone.2 ++++ b/man-pages/man2/____clone.2 +@@ -988,6 +988,10 @@ was specified by an unprivileged process (process without \fBCAP_SYS_ADMIN\fP). + .B EPERM + .B CLONE_PID + was specified by a process other than process 0. ++.TP ++.BR ERESTARTNOINTR " (since Linux 2.6.17)" ++System call was interrupted by a signal and will be restarted. ++(This can be seen only during a trace.) + .SH VERSIONS + There is no entry for + .BR clone () +diff --git a/man-pages/man2/clone.2 b/man-pages/man2/clone.2 +index 1baad11..d9ffe3e 100644 +--- a/man-pages/man2/clone.2 ++++ b/man-pages/man2/clone.2 +@@ -988,6 +988,10 @@ was specified by an unprivileged process (process without \fBCAP_SYS_ADMIN\fP). + .B EPERM + .B CLONE_PID + was specified by a process other than process 0. ++.TP ++.BR ERESTARTNOINTR " (since Linux 2.6.17)" ++System call was interrupted by a signal and will be restarted. ++(This can be seen only during a trace.) + .SH VERSIONS + There is no entry for + .BR clone () +diff --git a/man-pages/man2/fork.2 b/man-pages/man2/fork.2 +index 6a327a3..a1664e4 100644 +--- a/man-pages/man2/fork.2 ++++ b/man-pages/man2/fork.2 +@@ -203,6 +203,10 @@ failed to allocate the necessary kernel structures because memory is tight. + is not supported on this platform (for example, + .\" e.g., arm (optionally), blackfin, c6x, frv, h8300, microblaze, xtensa + hardware without a Memory-Management Unit). ++.TP ++.BR ERESTARTNOINTR " (since Linux 2.6.17)" ++System call was interrupted by a signal and will be restarted. ++(This can be seen only during a trace.) + .SH CONFORMING TO + SVr4, 4.3BSD, POSIX.1-2001. + .SH NOTES +-- +2.7.4 + diff --git a/SOURCES/1337039-mpo-7.3.0-setfacl.1.patch b/SOURCES/1337039-mpo-7.3.0-setfacl.1.patch new file mode 100644 index 0000000..6c59348 --- /dev/null +++ b/SOURCES/1337039-mpo-7.3.0-setfacl.1.patch @@ -0,0 +1,56 @@ +From 1d3077cf7690317161b9c3e183d54fb8107a80d4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 28 Jun 2016 14:44:50 +0200 +Subject: [PATCH 17/17] setfacl.1: document the meaning of '-' in perms + +--- + acl/man1/setfacl.1 | 28 +++++++++++++++++++++------- + 1 file changed, 21 insertions(+), 7 deletions(-) + +diff --git a/acl/man1/setfacl.1 b/acl/man1/setfacl.1 +index 0c7c046..e092e51 100644 +--- a/acl/man1/setfacl.1 ++++ b/acl/man1/setfacl.1 +@@ -194,18 +194,32 @@ you can specify either a name or a number. + .PP + The + .I perms +-field is a combination of characters that indicate the permissions: read ++field is a combination of characters that indicate the read + .IR (r) , + write + .IR (w) , + execute +-.IR (x) , +-execute only if the file is a directory or already has execute permission +-for some user +-.IR (X) . +-Alternatively, the ++.IR (x) ++permissions. Dash characters in the + .I perms +-field can be an octal digit (0\-7). ++field ++.IR (\-) ++are ignored. The character ++.I X ++stands for the execute permission if the file is a directory or already has ++execute permission for some user. Alternatively, the ++.I perms ++field can define the permissions numerically, as a bit-wise combination of read ++.IR (4) , ++write ++.IR (2) , ++and execute ++.IR (1) . ++Zero ++.I perms ++fields or ++.I perms ++fields that only consist of dashes indicate no permissions. + .PP + .SS AUTOMATICALLY CREATED ENTRIES + Initially, files and directories contain only the three base ACL entries +-- +2.7.4 + diff --git a/SOURCES/1360898-mpo-7.3.2-prctl.2-capabilities.7.patch b/SOURCES/1360898-mpo-7.3.2-prctl.2-capabilities.7.patch new file mode 100644 index 0000000..b029a65 --- /dev/null +++ b/SOURCES/1360898-mpo-7.3.2-prctl.2-capabilities.7.patch @@ -0,0 +1,219 @@ +From 7a536207483e677f1075e529cbd396dd649b2cdc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Wed, 3 Aug 2016 12:58:59 +0200 +Subject: [PATCH] prctl.2, capabilities.7: document ambient capabilities + +--- + man-pages/man2/prctl.2 | 77 +++++++++++++++++++++++++++++++++++++++++++ + man-pages/man7/capabilities.7 | 51 ++++++++++++++++++++++++---- + 2 files changed, 122 insertions(+), 6 deletions(-) + +diff --git a/man-pages/man2/prctl.2 b/man-pages/man2/prctl.2 +index 92eecf9..cd6daef 100644 +--- a/man-pages/man2/prctl.2 ++++ b/man-pages/man2/prctl.2 +@@ -844,6 +844,42 @@ had been called. + For further information on Intel MPX, see the kernel source file + .IR Documentation/x86/intel_mpx.txt . + .\" ++.TP ++.BR PR_CAP_AMBIENT " (since Linux 4.3)" ++.\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08 ++Reads or changes the ambient capability set, according to the value of ++.IR arg2 , ++which must be one of the following: ++.RS ++.TP ++.B PR_CAP_AMBIENT_RAISE ++The capability specified in ++.I arg3 ++is added to the ambient set. ++The specified capability must already be present in ++both the permitted and the inheritable sets of the process. ++This operation is not permitted if the ++.B SECBIT_NO_CAP_AMBIENT_RAISE ++securebit is set. ++.TP ++.B PR_CAP_AMBIENT_LOWER ++The capability specified in ++.I arg3 ++is removed from the ambient set. ++.TP ++.B PR_CAP_AMBIENT_IS_SET ++The ++.BR prctl (2) ++call returns 1 if the capability in ++.I arg3 ++is in the ambient set and 0 if it is not. ++.TP ++.BR PR_CAP_AMBIENT_CLEAR_ALL ++All capabilities will be removed from the ambient set. ++This operation requires setting ++.I arg3 ++to zero. ++.RE + .SH RETURN VALUE + On success, + .BR PR_GET_DUMPABLE , +@@ -853,6 +889,7 @@ On success, + .BR PR_GET_TIMING , + .BR PR_GET_SECUREBITS , + .BR PR_MCE_KILL_GET , ++.BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET , + and (if it returns) + .BR PR_GET_SECCOMP + return the nonnegative values described above. +@@ -949,6 +986,31 @@ is not 0, + .BR PR_SET_PTRACER_ANY , + or the PID of an existing process. + .TP ++.B EINVAL ++.I option ++is ++.B PR_CAP_AMBIENT ++and an unused argument ++.RI ( arg4 , ++.IR arg5 , ++or, ++in the case of ++.BR PR_CAP_AMBIENT_CLEAR_ALL , ++.IR arg3 ) ++is nonzero; or ++.IR arg2 ++has an invalid value; ++or ++.IR arg2 ++is ++.BR PR_CAP_AMBIENT_LOWER , ++.BR PR_CAP_AMBIENT_RAISE , ++or ++.BR PR_CAP_AMBIENT_IS_SET ++and ++.IR arg3 ++does not specify a valid capability. ++.TP + .B EPERM + .I option + is +@@ -1030,6 +1092,21 @@ capability. + .\" .BR PR_SET_SECCOMP , + .\" and secure computing mode is already 1. + .TP ++.B EPERM ++.IR option ++is ++.BR PR_CAP_AMBIENT ++and ++.IR arg2 ++is ++.BR PR_CAP_AMBIENT_RAISE , ++but either the capability specified in ++.IR arg3 ++is not present in the process's permitted and inheritable capability sets, ++or the ++.B PR_CAP_AMBIENT_LOWER ++securebit has been set. ++.TP + .B ENXIO + .I option + was +diff --git a/man-pages/man7/capabilities.7 b/man-pages/man7/capabilities.7 +index 2c3377e..c340245 100644 +--- a/man-pages/man7/capabilities.7 ++++ b/man-pages/man7/capabilities.7 +@@ -659,13 +659,40 @@ a program whose associated file capabilities grant that capability). + .IR Inheritable : + This is a set of capabilities preserved across an + .BR execve (2). +-It provides a mechanism for a process to assign capabilities +-to the permitted set of the new program during an +-.BR execve (2). ++Inheritable capabilities remain inheritable when executing any program, ++and inheritable capabilities are added to the permitted set when executing ++a program that has the corresponding bits set in the file inheritable set. ++.IP ++Because inheritable capabilities are not generally preserved across ++.BR execve (2) ++when running as a non-root user, applications that wish to run helper ++programs with elevated capabilities should consider using ++ambient capabilities, described below. + .TP + .IR Effective : + This is the set of capabilities used by the kernel to + perform permission checks for the thread. ++.TP ++.IR Ambient " (since Linux 4.3):" ++.\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08 ++This is a set of capabilities that are preserved across an ++.BR execve (2) ++of a program that is not privileged. ++The ambient capability set obeys the invariant that no capability ++can ever be ambient if it is not both permitted and inheritable. ++ ++The ambient capability set can be directly modified using ++.BR prctl (2). ++Ambient capabilities are automatically lowered if either of ++the corresponding permitted or inheritable capabilities is lowered. ++ ++Executing a program that changes UID or GID due to the ++set-user-ID or set-group-ID bits or executing a program that has ++any file capabilities set will clear the ambient set. ++Ambient capabilities are added to the permitted set and ++assigned to the effective set when ++.BR execve (2) ++is called. + .PP + A child created via + .BR fork (2) +@@ -747,10 +774,12 @@ the process using the following algorithm: + .in +4n + .nf + ++P'(ambient) = (file is privileged) ? 0 : P(ambient) ++ + P'(permitted) = (P(inheritable) & F(inheritable)) | +- (F(permitted) & cap_bset) ++ (F(permitted) & cap_bset) | P'(ambient) + +-P'(effective) = F(effective) ? P'(permitted) : 0 ++P'(effective) = F(effective) ? P'(permitted) : P'(ambient) + + P'(inheritable) = P(inheritable) [i.e., unchanged] + +@@ -769,6 +798,9 @@ denotes a file capability set + .IP cap_bset + is the value of the capability bounding set (described below). + .RE ++.PP ++A privileged file is one that has capabilities or ++has the set-user-ID or set-group-ID bit set. + .\" + .SS Capabilities and execution of programs by root + In order to provide an all-powerful +@@ -1029,6 +1061,12 @@ an effective or real UID of 0 calls + .BR execve (2). + (See the subsection + .IR "Capabilities and execution of programs by root" .) ++.TP ++.B SECBIT_NO_CAP_AMBIENT_RAISE ++Setting this flag disallows raising ambient capabilities via the ++.BR prctl (2) ++.BR PR_CAP_AMBIENT_RAISE ++operation. + .PP + Each of the above "base" flags has a companion "locked" flag. + Setting any of the "locked" flags is irreversible, +@@ -1037,8 +1075,9 @@ corresponding "base" flag. + The locked flags are: + .BR SECBIT_KEEP_CAPS_LOCKED , + .BR SECBIT_NO_SETUID_FIXUP_LOCKED , ++.BR SECBIT_NOROOT_LOCKED , + and +-.BR SECBIT_NOROOT_LOCKED . ++.BR SECBIT_NO_CAP_AMBIENT_RAISE . + .PP + The + .I securebits +-- +2.7.4 + diff --git a/SOURCES/1361588-recv-for-aarch64.patch b/SOURCES/1361588-recv-for-aarch64.patch new file mode 100644 index 0000000..a11c121 --- /dev/null +++ b/SOURCES/1361588-recv-for-aarch64.patch @@ -0,0 +1,30 @@ +From 8777be0e850672270d50d31ab8d417c27af71389 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Fri, 29 Jul 2016 15:34:53 +0200 +Subject: [PATCH 19/19] recv.2: add deprecation note about recv() syscall + +--- + man-pages/man2/____recv.2 | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/man-pages/man2/____recv.2 b/man-pages/man2/____recv.2 +index 7056eb2..8a948ab 100644 +--- a/man-pages/man2/____recv.2 ++++ b/man-pages/man2/____recv.2 +@@ -57,6 +57,13 @@ recv, recvfrom, recvmsg \- receive a message from a socket + .BI "ssize_t recvmsg(int " sockfd ", struct msghdr *" msg ", int " flags ); + .fi + .SH DESCRIPTION ++.BR recv () ++system call is DEPRECATED, use ++.BR recvfrom () ++with a NULL ++.I src_addr ++argument! ++.PP + The + .BR recvfrom () + and +-- +2.7.4 + diff --git a/SOURCES/948487-mc.1-fixing-typos.patch b/SOURCES/948487-mc.1-fixing-typos.patch deleted file mode 100644 index 6a699ab..0000000 --- a/SOURCES/948487-mc.1-fixing-typos.patch +++ /dev/null @@ -1,27 +0,0 @@ -From c7b383e0c83d7d07738e4e1f9c10614e652abc58 Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Mon, 27 Oct 2014 10:50:54 +0100 -Subject: [PATCH] mc.1 fixing typos - ---- - mc/man1/mc.1 | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/mc/man1/mc.1 b/mc/man1/mc.1 -index 5387927..415d233 100644 ---- a/mc/man1/mc.1 -+++ b/mc/man1/mc.1 -@@ -2090,8 +2090,8 @@ You can specify how the - .\"LINK2" - Quick search - .\"Quick search" --mode should works: case insensitively, case sensitively or be matched --to the the panel sort order: case sensitive or not. -+mode should work: case insensitively, case sensitively or be matched -+to the panel sort order: case sensitive or not. - .\"NODE " Confirmation" - .SH " Confirmation" - In this dialog you configure the confirmation options for file deletion, --- -1.9.3 - diff --git a/SOURCES/948599-mpo-7.1.0-edac-ctl.patch b/SOURCES/948599-mpo-7.1.0-edac-ctl.patch deleted file mode 100644 index acb68c0..0000000 --- a/SOURCES/948599-mpo-7.1.0-edac-ctl.patch +++ /dev/null @@ -1,38 +0,0 @@ -From d048b76f748432fcb31615a4d40c00b1feb0885b Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Mon, 29 Sep 2014 22:04:58 +0200 -Subject: [PATCH] edac-ctl missing options - ---- - edac-utils/man8/edac-ctl.8 | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/edac-utils/man8/edac-ctl.8 b/edac-utils/man8/edac-ctl.8 -index c656951..5a07e2b 100644 ---- a/edac-utils/man8/edac-ctl.8 -+++ b/edac-utils/man8/edac-ctl.8 -@@ -43,6 +43,9 @@ drivers. - .BI "--help" - Display a brief usage message. - .TP -+.BI "--quiet" -+Quiet operation. -+.TP - .BI "--mainboard" - Print mainboard vendor and model for this hardware, if available. - This option requires that the \fBdmidecode\fR(8) utility be installed, -@@ -61,7 +64,10 @@ exist in the labels database for this option to do anything. - .TP - .BI "--print-labels" - Display the configured labels for the current hardware, as --well as the current labels registered with EDAC. -+well as the current labels registered with EDAC. -+.TP -+.BI "--delay=N" -+Delay N seconds before writing DIMM labels. - .TP - .BI "--labeldb="DB - Specify an alternate location for the labels database. --- -1.9.3 - diff --git a/SOURCES/964302-mpo-7.1.0-pam_krb5.8.patch b/SOURCES/964302-mpo-7.1.0-pam_krb5.8.patch deleted file mode 100644 index 63d3a51..0000000 --- a/SOURCES/964302-mpo-7.1.0-pam_krb5.8.patch +++ /dev/null @@ -1,27 +0,0 @@ -From a4e1113d4b7013dabb2b6dcedf4500256d18d533 Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Mon, 29 Sep 2014 23:20:26 +0200 -Subject: [PATCH] pam_krb5.8 missing ignore_afs options - ---- - pam_krb5/man8/pam_krb5.8 | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/pam_krb5/man8/pam_krb5.8 b/pam_krb5/man8/pam_krb5.8 -index fca5e22..ac3676d 100644 ---- a/pam_krb5/man8/pam_krb5.8 -+++ b/pam_krb5/man8/pam_krb5.8 -@@ -130,6 +130,10 @@ tells pam_krb5.so to use Kerberos credentials provided by the calling - application during session setup. - This is most often useful for obtaining AFS tokens. - -+.IP "ignore_afs=\fItrue\fR|\fIfalse\fR|\fIservice [...]\fR" -+tells pam_krb5.so to completely ignore the presence of AFS, preventing -+any attempts to obtain new tokens on behalf of the calling application. -+ - .IP ignore_k5login - specifies that pam_krb5 should skip checking the user's .k5login - file to verify that the principal name of the client being authenticated is --- -1.9.3 - diff --git a/SPECS/man-pages-overrides.spec b/SPECS/man-pages-overrides.spec index 8d611aa..9d892ad 100644 --- a/SPECS/man-pages-overrides.spec +++ b/SPECS/man-pages-overrides.spec @@ -2,8 +2,8 @@ Summary: Complementary and updated manual pages Name: man-pages-overrides -Version: 7.2.4 -Release: 1%{?dist} +Version: 7.3.2 +Release: 2%{?dist} # license is the same as for the man-pages package License: GPL+ and GPLv2+ and BSD and MIT and Copyright only and IEEE Group: Documentation @@ -12,30 +12,41 @@ Source: man-pages-overrides-%{version}.tar.xz Patch0: 1073718-mpo-7.1.0-open.2.patch Patch1: 1086994-mpo-7.1.0-proc.5.patch -Patch2: 1040023-mpo-7.1.0-vsftpd.conf.5.patch +Patch2: 1112307-mpo-7.3.0-cciss.4.patch Patch3: 1021967-mpo-7.1.0-socat.1.patch Patch4: 1131853-mpo-7.1.0-proc.5-proc-fs-not-empty.patch -Patch5: 1146259-mpo-7.1.0-xinetd.8.patch -Patch6: 1104994-mpo-7.1.0-vsfptd.conf.5-missing-isolate-options.patch +Patch5: 1181670-mpo-7.3.0-libpaf-dsc.3-libpaf-ebb.3.patch +Patch6: 1255283-mpo-7.3.0-captest.8.patch Patch7: 1129235-mpo-7.1.0-flock.2.patch -Patch8: 1164846-mpo-7.2.1-fix-dump-utmp-name-in-dump-utmp.8.patch -Patch9: 948599-mpo-7.1.0-edac-ctl.patch +# aarch64 specific patch +Patch8: 1361588-recv-for-aarch64.patch +Patch9: 1263575-mpo-7.3.1-libpng.3-png.5.patch Patch10: 1109291-mpo-7.1.0-mailx.1.patch Patch11: 1109294-mpo-7.1.0-mailx.1.environment-variables.patch Patch12: 1131939-mpo-7.1.0-charsets.7-nl_langinfo.3.patch Patch13: 1131859-mpo-7.1.0-host.conf.5.patch -Patch15: 964302-mpo-7.1.0-pam_krb5.8.patch -Patch16: 1140589-mpo-7.1.0-wget.1.patch +Patch14: 1269549-mpo-7.3.0-socket.7.patch +Patch15: 1274949-mpo-7.3.0-userhelper.8.patch +Patch16: 1278492-mpo-7.3.1-recv.2.patch # aarch64 specific patch Patch17: 1095371-clone-and-open-for-aarch64.patch Patch18: 1197850-mpo-7.2.0-backport-thread-safety-information.patch Patch19: 1120294-madvise.2-MADV_REMOVE-supports-more-filesystems.patch Patch20: 1147718-resolv.conf.5-add-missing-no-tld-query.patch -Patch21: 948487-mc.1-fixing-typos.patch +Patch21: 1289915-mpo-7.3.0-nsswitch.conf.5.patch Patch22: 1064756-mpo-7.1.2-netstat.8.patch Patch23: 1141874-mpo-7.2.0-mgetty-fix-typos-in-mgetty-s-man-pages.patch -Patch24: 1155977-mpo-7.2-stunnel.8.patch +Patch24: 1297898-mpo-7.3.0-prctl.2.patch Patch25: 1222720-mpo-7.2.0-rtld-audit.7.patch +Patch26: 1312875-mpo-7.3.0-tcp.7.patch +Patch27: 1315605-mpo-7.3.1-recv.2-cmsg.3.patch +Patch28: 1330661-mpo-7.3.1-clone.2-fork.2.patch +Patch30: 1337039-mpo-7.3.0-setfacl.1.patch +Patch31: 1263629-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch +Patch32: 1263632-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch +Patch33: 1263635-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch +Patch34: 1263637-mpo-7.3.0-cp.1-install.1-mkdir.1-mkfifo.1-mknod.1.patch +Patch35: 1360898-mpo-7.3.2-prctl.2-capabilities.7.patch %description A collection of manual ("man") pages to complement other packages or update @@ -47,17 +58,19 @@ installed. %build %ifarch aarch64 - deprecated_pages="access alarm bdflush chmod chown creat dup2 epoll_create epoll_wait eventfd fork futimesat getdents getpgrp inotify_init lchown link mkdir mknod pause pipe poll readlink recv rename rmdir select send signalfd symlink sysctl time umount unlink uselib ustat utime utimes vfork wait4" + deprecated_pages="access alarm bdflush chmod chown creat dup2 epoll_create epoll_wait eventfd fork futimesat getdents getpgrp inotify_init lchown link mkdir mknod pause pipe poll readlink rename rmdir select send signalfd symlink sysctl time umount unlink uselib ustat utime utimes vfork wait4" cd man-pages/man2 for page in $deprecated_pages; do cp deprecated.2 $page.2 done mv ____clone.2 clone.2 mv ____open.2 open.2 + mv ____recv.2 recv.2 %else rm man-pages/man2/deprecated.2 rm man-pages/man2/____clone.2 rm man-pages/man2/____open.2 + rm man-pages/man2/____recv.2 %endif @@ -90,6 +103,92 @@ done %{_mandir}/overrides/ %changelog +* Thu Sep 22 2016 Nikola Forró - 7.3.2-2 +- open.2: revert documenting O_TMPFILE option + related: #1330740 + +* Wed Aug 03 2016 Nikola Forró - 7.3.2-1 +- Upload new tarball + related: #1343004 +- prctl.2, capabilities.7: document ambient capabilities + resolves: #1360898 + +* Thu Jul 28 2016 Nikola Forró - 7.3.1-1 +- Upload new tarball + related: #1343004 +- remove bug fixed in original component: #1240948 (psacct) +- recv.2: add deprecation note about recv() syscall on aarch64 + resolves: #1361588 +- libpng.3: fix invalid RFC URL + related: #1263575 +- recv.2: change description of flags argument also on aarch64 + related: #1278492 +- localedef.1: add missing --old-style option + related: #1301661 +- recv.2: fix type of cmsg_len member of cmsghdr structure also on aarch64 + related: #1315605 +- clone.2: document ERESTARTNOINTR error code also on aarch64 + related: #1330661 +- open.2: document O_TMPFILE option also on aarch64 + related: #1330740 + +* Fri Jun 24 2016 Nikola Forró - 7.3.0-1 +- Upload new tarball + resolves: #1343004 +- remove bug fixed in original component: #1147538 (xinetd) +- remove bug fixed in original component: #1147550 (vsftpd) +- remove bug fixed in original component: #1147551 (vsftpd) +- remove bug fixed in original component: #1147552 (pam_krb5) +- remove bug fixed in original component: #1147572 (wget) +- remove bug fixed in original component: #1155006 (mc) +- remove bug fixed in original component: #1218284 (stunnel) +- remove bug fixed in original component: #1147564 (edac-utils) +- __fpurge.3: add missing man page + resolves: #1267657 +- cciss.4: replace man page content with notice about driver removal + resolves: #1112307 +- libpaf-dsc.3, libpaf-ebb.3: fix formatting and examples + resolves: #1181670 +- captest.8: describe --init-grp option + resolves: #1255283 +- png.5: fix invalid RFC URL + resolves: #1263575 +- socket.7: document SO_REUSEPORT option + resolves: #1269549 +- userhelper.8: fix up exit status description and consistency + resolves: #1274949 +- recv.2: change description of flags argument to apply also to recvfrom and recvmsg + resolves: #1278492 +- nsswitch.conf.5: add list of files being read when "files" service is used + resolves: #1289915 +- prctl.2: add description of Intel MPX calls + resolves: #1297898 +- iconv.1, locale.1, localedef.1, repertoiremap.5, iconvconfig.8: add new man pages +- charmap.5, locale.5, charsets.7, locale.7: sync with upstream + resolves: #1301661 +- tcp.7: document TCP_USER_TIMEOUT + resolves: #1312875 +- recv.2, cmsg.3: fix type of cmsg_len member of cmsghdr structure + resolves: #1315605 +- clone.2, fork.2: document ERESTARTNOINTR error code + resolves: #1330661 +- open.2: document O_TMPFILE option + resolves: #1330740 +- setfacl.1: document the meaning of '-' in perms + resolves: #1337039 +- cp.1, install.1, mkdir.1, mkfifo.1, mknod.1: update security context options + to reflect coreutils change + resolves: #1263629 +- cp.1, install.1, mkdir.1, mkfifo.1, mknod.1: update security context options + to reflect coreutils change + resolves: #1263632 +- cp.1, install.1, mkdir.1, mkfifo.1, mknod.1: update security context options + to reflect coreutils change + resolves: #1263635 +- cp.1, install.1, mkdir.1, mkfifo.1, mknod.1: update security context options + to reflect coreutils change + resolves: #1263637 + * Fri Sep 25 2015 jchaloup - 7.2.4-1 - New patch for fpurge with MT introduced since the first evaluation - Remove mkfifoat.3 man page