diff options
| author |   Alexandre Rostovtsev <tetromino@gentoo.org> | 2012-03-07 07:21:37 +0000 |
|---|---|---|
| committer | Alexandre Rostovtsev <tetromino@gentoo.org> | 2012-03-07 07:21:37 +0000 |
| commit | 45a2fe47d2a8b6b6330113d6f193d8630a7192f9 (patch) | |
| tree | e07ecafc94ffb2df04b2ae43737546266e6007c9 /app-admin | |
| parent | Version bump with assorted bugfixes. (diff) | |
| download | gentoo-2-45a2fe47d2a8b6b6330113d6f193d8630a7192f9.tar.gz gentoo-2-45a2fe47d2a8b6b6330113d6f193d8630a7192f9.tar.bz2 gentoo-2-45a2fe47d2a8b6b6330113d6f193d8630a7192f9.zip | |
Version bump. Fixes permissions on dumps of setuid processes (bug #407011, CVE-2012-1106, thanks to Michael Harrison for reporting).
(Portage version: 2.2.0_alpha90/cvs/Linux x86_64)
Diffstat (limited to 'app-admin')
| -rw-r--r-- | app-admin/abrt/ChangeLog | 9 | ||||
| -rw-r--r-- | app-admin/abrt/abrt-2.0.8.ebuild | 119 | ||||
| -rw-r--r-- | app-admin/abrt/files/abrt-2.0.8-gentoo.patch | 275 |
3 files changed, 402 insertions, 1 deletions
diff --git a/app-admin/abrt/ChangeLog b/app-admin/abrt/ChangeLog index 374d7b543a42..3eeb705596ec 100644 --- a/app-admin/abrt/ChangeLog +++ b/app-admin/abrt/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for app-admin/abrt # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/abrt/ChangeLog,v 1.5 2012/01/14 15:56:16 maekke Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/abrt/ChangeLog,v 1.6 2012/03/07 07:21:37 tetromino Exp $ + +*abrt-2.0.8 (07 Mar 2012) + + 07 Mar 2012; Alexandre Rostovtsev <tetromino@gentoo.org> +abrt-2.0.8.ebuild, + +files/abrt-2.0.8-gentoo.patch: + Version bump. Fixes permissions on dumps of setuid processes (bug #407011, + CVE-2012-1106, thanks to Michael Harrison for reporting). 14 Jan 2012; Markus Meier <maekke@gentoo.org> abrt-2.0.6.ebuild: x86 stable, bug #393007 diff --git a/app-admin/abrt/abrt-2.0.8.ebuild b/app-admin/abrt/abrt-2.0.8.ebuild new file mode 100644 index 000000000000..85dd57936f20 --- /dev/null +++ b/app-admin/abrt/abrt-2.0.8.ebuild @@ -0,0 +1,119 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/abrt/abrt-2.0.8.ebuild,v 1.1 2012/03/07 07:21:37 tetromino Exp $ + +PYTHON_DEPEND="2:2.6" +EAPI="4" + +# Need gnome2-utils for gnome2_icon_cache_update +inherit autotools eutils gnome2-utils python systemd + +DESCRIPTION="Automatic bug detection and reporting tool" +HOMEPAGE="https://fedorahosted.org/abrt/" +SRC_URI="https://fedorahosted.org/released/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="debug" + +COMMON_DEPEND="dev-libs/btparser + >=dev-libs/glib-2.21:2 + >=dev-libs/libreport-2.0.9 + dev-libs/libxml2 + dev-libs/nss + sys-apps/dbus + sys-fs/inotify-tools + x11-libs/gtk+:2 + x11-libs/libnotify" +RDEPEND="${COMMON_DEPEND} + app-arch/cpio + dev-libs/elfutils + >=sys-devel/gdb-7" +DEPEND="${COMMON_DEPEND} + app-text/asciidoc + app-text/xmlto + >=dev-util/intltool-0.35.0 + >=dev-util/pkgconfig-0.9.0 + >=sys-devel/gettext-0.17" + +pkg_setup() { + python_set_active_version 2 + python_pkg_setup + + enewgroup abrt + enewuser abrt -1 -1 -1 abrt +} + +src_prepare() { + # Disable redhat-specific code not usable in gentoo, or that requires + # bugs.gentoo.org infra support. + epatch "${FILESDIR}/${PN}-2.0.8-gentoo.patch" + + # Using a server response as a format string is a bad idea + epatch "${FILESDIR}/${PN}-2.0.6-format-security.patch" + + # -Werror should not be used by default + sed -e 's/^[ \t]*-Werror[ \t]*$/\t$(NULL)/' \ + -e 's/-Werror\( \|$\)//g' \ + -i src/applet/Makefile.* src/cli/Makefile.* src/daemon/Makefile.* \ + src/gui-gtk/Makefile.* src/hooks/Makefile.* src/lib/Makefile.* \ + src/plugins/Makefile.* || die "sed failed" + + # pyhook test is sensitive to the format of python's error messages, and + # fails with certain python versions + sed -e '/pyhook.at/ d' \ + -i tests/Makefile.* tests/testsuite.at || die "sed 2 failed" + + eautoreconf + + python_clean_py-compile_files + python_convert_shebangs -r 2 src +} + +src_configure() { + # Configure checks for python.pc; our python-2.7 installs python-2.7.pc, + # while python-2.6 does not install any pkgconfig file. + export PYTHON_CFLAGS=$(python-config --includes) + export PYTHON_LIBS=$(python-config --libs) + + myeconfargs=( "--localstatedir=${EPREFIX}/var" ) + # --disable-debug enables debug! + use debug && myeconfargs=( "${myeconfargs[@]}" --enable-debug ) + systemd_to_myeconfargs + econf "${myeconfargs[@]}" +} + +src_install() { + default + + keepdir /var/run/abrt + # /var/spool/abrt is created by dev-libs/libreport + + diropts -m 700 -o abrt -g abrt + keepdir /var/spool/abrt-upload + + diropts -m 775 -o abrt -g abrt + keepdir /var/cache/abrt-di + + find "${D}" -name '*.la' -exec rm -f {} + || die + + newinitd "${FILESDIR}/${PN}-2.0.5-init" abrt + newconfd "${FILESDIR}/${PN}-2.0.5-conf" abrt +} + +pkg_preinst() { + gnome2_icon_savelist +} + +pkg_postinst() { + gnome2_icon_cache_update + python_mod_optimize abrt_exception_handler.py + elog "To start the bug detection service on an openrc-based system, do" + elog "# /etc/init.d/abrt start" +} + +pkg_postrm() { + gnome2_icon_cache_update + python_mod_cleanup abrt_exception_handler.py +} diff --git a/app-admin/abrt/files/abrt-2.0.8-gentoo.patch b/app-admin/abrt/files/abrt-2.0.8-gentoo.patch new file mode 100644 index 000000000000..b7c8ad9a7720 --- /dev/null +++ b/app-admin/abrt/files/abrt-2.0.8-gentoo.patch @@ -0,0 +1,275 @@ +commit fcb24c0966f53dc52d9bad6158ab8290a72ed69e +Author: Alexandre Rostovtsev <tetromino@gmail.com> +Date: Sat Oct 8 03:31:56 2011 -0400 + + Disable code not relevant for Gentoo + + Disable code that is only relevant for an RPM-based distro or that + requires additional bugs.gentoo.org infrastructure support. Ensure that + crashes still get analyzed even if they cannot be assigned to any + package (since we lack any way of doing that at the moment). + +diff --git a/configure.ac b/configure.ac +index 4391239..1a78ca9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -65,7 +65,6 @@ PKG_CHECK_MODULES([GTK], [$GTK_VER]) + PKG_CHECK_MODULES([GLIB], [glib-2.0 >= 2.21]) + PKG_CHECK_MODULES([DBUS], [dbus-1]) + PKG_CHECK_MODULES([LIBXML], [libxml-2.0]) +-PKG_CHECK_MODULES([RPM], [rpm]) + PKG_CHECK_MODULES([LIBNOTIFY], [libnotify]) + PKG_CHECK_MODULES([NSS], [nss]) + PKG_CHECK_MODULES([BTPARSER], [btparser]) +diff --git a/doc/Makefile.am b/doc/Makefile.am +index 5025f93..721fbaa 100644 +--- a/doc/Makefile.am ++++ b/doc/Makefile.am +@@ -17,7 +17,6 @@ MAN1_TXT += abrt-install-ccpp-hook.txt + + MAN5_TXT = + MAN5_TXT += abrt.conf.txt +-MAN5_TXT += abrt-action-save-package-data.conf.txt + + MAN8_TXT = + MAN8_TXT += abrtd.txt abrt-dbus.txt +diff --git a/src/daemon/Makefile.am b/src/daemon/Makefile.am +index bed3c44..7697f50 100644 +--- a/src/daemon/Makefile.am ++++ b/src/daemon/Makefile.am +@@ -6,9 +6,6 @@ dist_eventsconf_DATA = \ + bin_SCRIPTS = \ + abrt-handle-upload + +-bin_PROGRAMS = \ +- abrt-action-save-package-data +- + sbin_PROGRAMS = \ + abrtd \ + abrt-server \ +@@ -77,30 +74,12 @@ abrt_handle_event_LDADD = \ + $(LIBREPORT_LIBS) \ + $(BTPARSER_LIBS) + +-abrt_action_save_package_data_SOURCES = \ +- rpm.h rpm.c \ +- abrt-action-save-package-data.c +-abrt_action_save_package_data_CPPFLAGS = \ +- -I$(srcdir)/../include \ +- -I$(srcdir)/../lib \ +- -DCONF_DIR=\"$(CONF_DIR)\" \ +- $(GLIB_CFLAGS) \ +- $(LIBREPORT_CFLAGS) \ +- -D_GNU_SOURCE \ +- -Wall -Wwrite-strings -Werror +-abrt_action_save_package_data_LDADD = \ +- $(RPM_LIBS) \ +- $(LIBREPORT_LIBS) \ +- ../lib/libabrt.la +- + dbusabrtconfdir = ${sysconfdir}/dbus-1/system.d/ + dist_dbusabrtconf_DATA = dbus-abrt.conf + + daemonconfdir = $(CONF_DIR) + dist_daemonconf_DATA = \ +- abrt.conf \ +- abrt-action-save-package-data.conf \ +- gpg_keys ++ abrt.conf + + comredhatabrtservicedir = ${datadir}/dbus-1/system-services + dist_comredhatabrtservice_DATA = com.redhat.abrt.service +diff --git a/src/daemon/abrt_event.conf b/src/daemon/abrt_event.conf +index 9b67034..db133e1 100644 +--- a/src/daemon/abrt_event.conf ++++ b/src/daemon/abrt_event.conf +@@ -44,7 +44,7 @@ + + + # Determine in which package/component the crash happened (if not yet done): +-EVENT=post-create component= remote!=1 ++#EVENT=post-create component= remote!=1 + abrt-action-save-package-data + + +@@ -60,19 +60,19 @@ EVENT=post-create + if [ -f uid ]; then getent passwd "`cat uid`" | cut -d: -f1 >username; fi + + +-EVENT=notify package!= uid!= ++EVENT=notify uid!= + dbus-send --system --type=signal /com/redhat/abrt com.redhat.abrt.Crash \ + string:"`cat package`" string:"$DUMP_DIR" string:"`cat uid`" + +-EVENT=notify package!= uid= ++EVENT=notify uid= + dbus-send --system --type=signal /com/redhat/abrt com.redhat.abrt.Crash \ + string:"`cat package`" string:"$DUMP_DIR" + +-EVENT=notify_dup package!= uid!= ++EVENT=notify_dup uid!= + dbus-send --system --type=signal /com/redhat/abrt com.redhat.abrt.Crash \ + string:"`cat package`" string:"$DUMP_DIR" string:"`cat uid`" + +-EVENT=notify_dup package!= uid= ++EVENT=notify_dup uid= + dbus-send --system --type=signal /com/redhat/abrt com.redhat.abrt.Crash \ + string:"`cat package`" string:"$DUMP_DIR" + +diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am +index 5edbd3e..4f01fac 100644 +--- a/src/plugins/Makefile.am ++++ b/src/plugins/Makefile.am +@@ -1,7 +1,6 @@ + -include ../../config.mak + + bin_SCRIPTS = \ +- abrt-action-install-debuginfo \ + abrt-action-analyze-core \ + abrt-action-analyze-vmcore \ + abrt-action-list-dsos +@@ -18,8 +17,6 @@ bin_PROGRAMS = \ + abrt-retrace-client \ + abrt-dedup-client + +-libexec_PROGRAMS = abrt-action-install-debuginfo-to-abrt-cache +- + #dist_pluginsconf_DATA = Python.conf + + eventsdir = $(EVENTS_DIR) +@@ -51,7 +48,6 @@ dist_eventsconf_DATA = \ + + + PYTHON_FILES = \ +- abrt-action-install-debuginfo.in \ + abrt-action-list-dsos \ + abrt-action-analyze-core \ + abrt-action-analyze-vmcore.in +@@ -186,18 +182,6 @@ abrt_action_analyze_backtrace_LDADD = \ + $(LIBREPORT_LIBS) \ + $(BTPARSER_LIBS) + +-abrt_action_install_debuginfo_to_abrt_cache_SOURCES = \ +- abrt-action-install-debuginfo-to-abrt-cache.c +-abrt_action_install_debuginfo_to_abrt_cache_CPPFLAGS = \ +- -I$(srcdir)/../include \ +- -I$(srcdir)/../lib \ +- -D_GNU_SOURCE \ +- $(LIBREPORT_CFLAGS) \ +- -Wall -Wwrite-strings +-abrt_action_install_debuginfo_to_abrt_cache_LDADD = \ +- $(LIBREPORT_LIBS) \ +- ../lib/libabrt.la +- + abrt_retrace_client_SOURCES = \ + abrt-retrace-client.c \ + https-utils.c +diff --git a/src/plugins/abrt-action-list-dsos b/src/plugins/abrt-action-list-dsos +index 81a9927..bf1491c 100644 +--- a/src/plugins/abrt-action-list-dsos ++++ b/src/plugins/abrt-action-list-dsos +@@ -5,7 +5,6 @@ + import sys + import os + import getopt +-import rpm + + def log(s): + sys.stderr.write("%s\n" % s) +@@ -68,19 +67,10 @@ if __name__ == "__main__": + try: + dso_paths = parse_maps(memfile) + for path in dso_paths: +- ts = rpm.TransactionSet() +- mi = ts.dbMatch('basenames', path) +- if len(mi): +- for h in mi: +- if outname: +- outfile = xopen(outname, "w") +- outname = None +- outfile.write("%s %s (%s) %s\n" % +- (path, +- h[rpm.RPMTAG_NEVRA], +- h[rpm.RPMTAG_VENDOR], +- h[rpm.RPMTAG_INSTALLTIME]) +- ) ++ if outname: ++ outfile = xopen(outname, "w") ++ outname = None ++ outfile.write(path) + + except Exception, ex: + error_msg_and_die("Can't get the DSO list: %s" % ex) +diff --git a/src/plugins/ccpp_event.conf b/src/plugins/ccpp_event.conf +index 0e17389..2abd5ce 100644 +--- a/src/plugins/ccpp_event.conf ++++ b/src/plugins/ccpp_event.conf +@@ -31,18 +31,11 @@ EVENT=collect_xsession_errors analyzer=CCpp dso_list~=.*/libX11.* + # or was this ability lost with move to python installer? + EVENT=analyze_LocalGDB analyzer=CCpp + abrt-action-analyze-core --core=coredump -o build_ids && +- /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache --size_mb=4096 && + abrt-action-generate-backtrace && +- abrt-action-analyze-backtrace && +- ( +- bug_id=$(reporter-bugzilla -h `cat duphash`) && +- if test -n "$bug_id"; then +- abrt-bodhi -r -b $bug_id +- fi +- ) ++ abrt-action-analyze-backtrace + + + # Bugzilla requires nonempty duphash +-EVENT=report_Bugzilla analyzer=CCpp duphash!= +- test -f component || abrt-action-save-package-data +- reporter-bugzilla -b -c /etc/libreport/plugins/bugzilla.conf ++# EVENT=report_Bugzilla analyzer=CCpp duphash!= ++# test -f component || abrt-action-save-package-data ++# reporter-bugzilla -b -c /etc/libreport/plugins/bugzilla.conf +diff --git a/src/plugins/ccpp_retrace_event.conf b/src/plugins/ccpp_retrace_event.conf +index 60e53d7..893502f 100644 +--- a/src/plugins/ccpp_retrace_event.conf ++++ b/src/plugins/ccpp_retrace_event.conf +@@ -1,9 +1,3 @@ + EVENT=analyze_RetraceServer analyzer=CCpp + abrt-retrace-client batch --dir "$DUMP_DIR" --status-delay 10 && +- abrt-action-analyze-backtrace && +- ( +- bug_id=$(reporter-bugzilla -h `cat duphash`) && +- if test -n "$bug_id"; then +- abrt-bodhi -r -b $bug_id +- fi +- ) ++ abrt-action-analyze-backtrace +diff --git a/src/plugins/koops_event.conf b/src/plugins/koops_event.conf +index 2fdccda..6cc14ae 100644 +--- a/src/plugins/koops_event.conf ++++ b/src/plugins/koops_event.conf +@@ -10,8 +10,8 @@ EVENT=post-create analyzer=Kerneloops + reporter-kerneloops + + # report +-#EVENT=report_Kerneloops analyzer=Kerneloops +- reporter-kerneloops ++# EVENT=report_Kerneloops analyzer=Kerneloops ++# reporter-kerneloops + +-EVENT=report_Bugzilla analyzer=Kerneloops +- reporter-bugzilla -b ++# EVENT=report_Bugzilla analyzer=Kerneloops ++# reporter-bugzilla -b +diff --git a/src/plugins/python_event.conf b/src/plugins/python_event.conf +index bbd9517..ad5f40d 100644 +--- a/src/plugins/python_event.conf ++++ b/src/plugins/python_event.conf +@@ -1,6 +1,6 @@ + EVENT=post-create analyzer=Python + abrt-action-analyze-python + +-EVENT=report_Bugzilla analyzer=Python +- test -f component || abrt-action-save-package-data +- reporter-bugzilla -b -c /etc/libreport/plugins/bugzilla.conf ++# EVENT=report_Bugzilla analyzer=Python ++# test -f component || abrt-action-save-package-data ++# reporter-bugzilla -b -c /etc/libreport/plugins/bugzilla.conf |