diff --git a/SOURCES/0178-a-a-i-d-to-abrt-cache-make-own-random-temporary-dire.patch b/SOURCES/0178-a-a-i-d-to-abrt-cache-make-own-random-temporary-dire.patch new file mode 100644 index 0000000..d6bc812 --- /dev/null +++ b/SOURCES/0178-a-a-i-d-to-abrt-cache-make-own-random-temporary-dire.patch @@ -0,0 +1,104 @@ +From e721bc775d9270ac8d9d8daf2fe3f83bffe5d761 Mon Sep 17 00:00:00 2001 +From: Jakub Filak +Date: Wed, 30 Sep 2015 11:50:18 +0200 +Subject: [PATCH] a-a-i-d-to-abrt-cache: make own random temporary directory + +The set-user-ID wrapper must use own new temporary directory in order to +avoid security issues with unpacking specially crafted debuginfo +packages that might be used to create files or symlinks anywhere on the +file system as the abrt user. + +Withot the forking code the temporary directory would remain on the +filesystem in the case where all debuginfo data are already available. +This is caused by the fact that the underlying libreport functionality +accepts path to a desired temporary directory and creates it only if +necessary. Otherwise, the directory is not touched at all. + +This commit addresses CVE-2015-5273 +Related: #1262252 + +Signed-off-by: Jakub Filak +--- + src/plugins/Makefile.am | 1 + + .../abrt-action-install-debuginfo-to-abrt-cache.c | 41 +++++++++++++++++++--- + 2 files changed, 38 insertions(+), 4 deletions(-) + +diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am +index 326bb6e..6dde4b7 100644 +--- a/src/plugins/Makefile.am ++++ b/src/plugins/Makefile.am +@@ -261,6 +261,7 @@ abrt_action_install_debuginfo_to_abrt_cache_CPPFLAGS = \ + -D_GNU_SOURCE \ + -DBIN_DIR=\"$(bindir)\" \ + -DSBIN_DIR=\"$(sbindir)\" \ ++ -DLARGE_DATA_TMP_DIR=\"$(LARGE_DATA_TMP_DIR)\" \ + $(LIBREPORT_CFLAGS) \ + -Wall -Wwrite-strings \ + -fPIE +diff --git a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c +index 81b1486..52d00de 100644 +--- a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c ++++ b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c +@@ -108,8 +108,14 @@ int main(int argc, char **argv) + build_ids_self_fd = xasprintf("/proc/self/fd/%d", build_ids_fd); + } + +- /* name, -v, --ids, -, -y, -e, EXACT, -r, REPO, --, NULL */ +- const char *args[11]; ++ char tmp_directory[] = LARGE_DATA_TMP_DIR"/abrt-tmp-debuginfo.XXXXXX"; ++ if (mkdtemp(tmp_directory) == NULL) ++ perror_msg_and_die("Failed to create working directory"); ++ ++ log_info("Created working directory: %s", tmp_directory); ++ ++ /* name, -v, --ids, -, -y, -e, EXACT, -r, REPO, -t, PATH, --, NULL */ ++ const char *args[13]; + { + const char *verbs[] = { "", "-v", "-vv", "-vvv" }; + unsigned i = 0; +@@ -130,6 +136,8 @@ int main(int argc, char **argv) + args[i++] = "--repo"; + args[i++] = repo; + } ++ args[i++] = "--tmpdir"; ++ args[i++] = tmp_directory; + args[i++] = "--"; + args[i] = NULL; + } +@@ -204,6 +212,31 @@ int main(int argc, char **argv) + umask(0022); + } + +- execvp(EXECUTABLE, (char **)args); +- error_msg_and_die("Can't execute %s", EXECUTABLE); ++ pid_t pid = fork(); ++ if (pid < 0) ++ perror_msg_and_die("fork"); ++ ++ if (pid == 0) ++ { ++ execvp(EXECUTABLE, (char **)args); ++ error_msg_and_die("Can't execute %s", EXECUTABLE); ++ } ++ ++ int status; ++ if (safe_waitpid(pid, &status, 0) < 0) ++ perror_msg_and_die("waitpid"); ++ ++ if (rmdir(tmp_directory) >= 0) ++ log_info("Removed working directory: %s", tmp_directory); ++ else if (errno != ENOENT) ++ perror_msg("Failed to remove working directory"); ++ ++ /* Normal execution should exit here. */ ++ if (WIFEXITED(status)) ++ return WEXITSTATUS(status); ++ ++ if (WIFSIGNALED(status)) ++ error_msg_and_die("Child terminated with signal %d", WTERMSIG(status)); ++ ++ error_msg_and_die("Child exit failed"); + } +-- +1.8.3.1 + diff --git a/SOURCES/0179-conf-introduce-DebugLevel.patch b/SOURCES/0179-conf-introduce-DebugLevel.patch new file mode 100644 index 0000000..67a0bf8 --- /dev/null +++ b/SOURCES/0179-conf-introduce-DebugLevel.patch @@ -0,0 +1,102 @@ +From 373f5d38e3c8fbc4bc466312c659974d31a68ac4 Mon Sep 17 00:00:00 2001 +From: Jakub Filak +Date: Wed, 30 Sep 2015 12:17:47 +0200 +Subject: [PATCH] conf: introduce DebugLevel + +ABRT should ignore problems caused by ABRT tools if DebugLevel == 0. +DebugLevel is set to 0 by default. + +Related to CVE-2015-5287 +Related: #1262252 + +Signed-off-by: Jakub Filak +--- + doc/abrt.conf.txt | 8 ++++++++ + src/daemon/abrt.conf | 8 ++++++++ + src/include/libabrt.h | 2 ++ + src/lib/abrt_conf.c | 14 ++++++++++++++ + 4 files changed, 32 insertions(+) + +diff --git a/doc/abrt.conf.txt b/doc/abrt.conf.txt +index d782e3d..7ef78f0 100644 +--- a/doc/abrt.conf.txt ++++ b/doc/abrt.conf.txt +@@ -36,6 +36,14 @@ DeleteUploaded = 'yes/no':: + or not. + The default value is 'no'. + ++DebugLevel = '0-100': ++ Allows ABRT tools to detect problems in ABRT itself. By increasing the value ++ you can force ABRT to detect, process and report problems in ABRT. You have ++ to bare in mind that ABRT might fall into an infinite loop when handling ++ problems caused by itself. ++ The default is 0 (non debug mode). ++ ++ + SEE ALSO + -------- + abrtd(8) +diff --git a/src/daemon/abrt.conf b/src/daemon/abrt.conf +index 2a83f8e..24df20b 100644 +--- a/src/daemon/abrt.conf ++++ b/src/daemon/abrt.conf +@@ -51,3 +51,11 @@ AutoreportingEnabled = no + # THE PROBLEM DATA CONTAINS EXCERPTS OF /var/log/messages, dmesg AND sosreport + # data GENERATED BY abrtd UNDER THE USER root. + PrivateReports = yes ++ ++# Allows ABRT tools to detect problems in ABRT itself. By increasing the value ++# you can force ABRT to detect, process and report problems in ABRT. You have ++# to bare in mind that ABRT might fall into an infinite loop when handling ++# problems caused by itself. ++# The default is 0 (non debug mode). ++# ++# DebugLevel = 0 +diff --git a/src/include/libabrt.h b/src/include/libabrt.h +index 3b17a64..21ce440 100644 +--- a/src/include/libabrt.h ++++ b/src/include/libabrt.h +@@ -70,6 +70,8 @@ extern char * g_settings_autoreporting_event; + extern bool g_settings_shortenedreporting; + #define g_settings_privatereports abrt_g_settings_privatereports + extern bool g_settings_privatereports; ++#define g_settings_debug_level abrt_g_settings_debug_level ++extern unsigned int g_settings_debug_level; + + + #define load_abrt_conf abrt_load_abrt_conf +diff --git a/src/lib/abrt_conf.c b/src/lib/abrt_conf.c +index c6aba58..4a49032 100644 +--- a/src/lib/abrt_conf.c ++++ b/src/lib/abrt_conf.c +@@ -28,6 +28,7 @@ bool g_settings_autoreporting = 0; + char * g_settings_autoreporting_event = NULL; + bool g_settings_shortenedreporting = 0; + bool g_settings_privatereports = true; ++unsigned int g_settings_debug_level = 0; + + void free_abrt_conf_data() + { +@@ -110,6 +111,19 @@ static void ParseCommon(map_string_t *settings, const char *conf_filename) + remove_map_string_item(settings, "PrivateReports"); + } + ++ value = get_map_string_item_or_NULL(settings, "DebugLevel"); ++ if (value) ++ { ++ char *end; ++ errno = 0; ++ unsigned long ul = strtoul(value, &end, 10); ++ if (errno || end == value || *end != '\0' || ul > INT_MAX) ++ error_msg("Error parsing %s setting: '%s'", "DebugLevel", value); ++ else ++ g_settings_debug_level = ul; ++ remove_map_string_item(settings, "DebugLevel"); ++ } ++ + GHashTableIter iter; + const char *name; + /*char *value; - already declared */ +-- +1.8.3.1 + diff --git a/SOURCES/0180-ccpp-ignore-crashes-of-ABRT-binaries-if-DebugLevel-0.patch b/SOURCES/0180-ccpp-ignore-crashes-of-ABRT-binaries-if-DebugLevel-0.patch new file mode 100644 index 0000000..3b0ab3d --- /dev/null +++ b/SOURCES/0180-ccpp-ignore-crashes-of-ABRT-binaries-if-DebugLevel-0.patch @@ -0,0 +1,41 @@ +From ab4351808352e00d72a7fd948e3e923d08e1a0fc Mon Sep 17 00:00:00 2001 +From: Jakub Filak +Date: Wed, 30 Sep 2015 12:19:48 +0200 +Subject: [PATCH] ccpp: ignore crashes of ABRT binaries if DebugLevel == 0 + +Prior this commit abrt-hook-ccpp was saved core file of any +crashed process executing program whose name starts with "abrt" in +DUMP_LOCATION. + +ABRT does not check size constraints of these core files, so the files +could consume an uncontrolled amount of disk space. + +Related to CVE-2015-5287 +Related: #1262252 + +Signed-off-by: Jakub Filak +--- + src/hooks/abrt-hook-ccpp.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c +index 12b3f118..7a19cc2 100644 +--- a/src/hooks/abrt-hook-ccpp.c ++++ b/src/hooks/abrt-hook-ccpp.c +@@ -842,6 +842,13 @@ int main(int argc, char** argv) + const char *last_slash = strrchr(executable, '/'); + if (last_slash && strncmp(++last_slash, "abrt", 4) == 0) + { ++ if (g_settings_debug_level == 0) ++ { ++ log_warning("Ignoring crash of %s (SIG%s).", ++ executable, signame ? signame : signal_str); ++ goto finito; ++ } ++ + /* If abrtd/abrt-foo crashes, we don't want to create a _directory_, + * since that can make new copy of abrtd to process it, + * and maybe crash again... +-- +1.8.3.1 + diff --git a/SOURCES/0181-ccpp-save-abrt-core-files-only-to-new-files.patch b/SOURCES/0181-ccpp-save-abrt-core-files-only-to-new-files.patch new file mode 100644 index 0000000..397d0d8 --- /dev/null +++ b/SOURCES/0181-ccpp-save-abrt-core-files-only-to-new-files.patch @@ -0,0 +1,35 @@ +From f982995841607f06faaa055740310e0520c07c67 Mon Sep 17 00:00:00 2001 +From: Jakub Filak +Date: Wed, 30 Sep 2015 12:24:32 +0200 +Subject: [PATCH] ccpp: save abrt core files only to new files + +Prior this commit abrt-hook-ccpp saved a core file generated by a +process running a program whose name starts with "abrt" in +DUMP_LOCATION/$(basename program)-coredump. If the file was a symlink, +the hook followed and wrote core file to the symlink's target. + +This commit addresses CVE-2015-5287 +Related: #1262252 + +Signed-off-by: Jakub Filak +--- + src/hooks/abrt-hook-ccpp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c +index 7a19cc2..9648b16 100644 +--- a/src/hooks/abrt-hook-ccpp.c ++++ b/src/hooks/abrt-hook-ccpp.c +@@ -857,7 +857,8 @@ int main(int argc, char** argv) + if (snprintf(path, sizeof(path), "%s/%s-coredump", g_settings_dump_location, last_slash) >= sizeof(path)) + error_msg_and_die("Error saving '%s': truncated long file path", path); + +- int abrt_core_fd = xopen3(path, O_WRONLY | O_CREAT | O_TRUNC, 0600); ++ unlink(path); ++ int abrt_core_fd = xopen3(path, O_WRONLY | O_CREAT | O_EXCL, 0600); + off_t core_size = copyfd_eof(STDIN_FILENO, abrt_core_fd, COPYFD_SPARSE); + if (core_size < 0 || fsync(abrt_core_fd) != 0) + { +-- +1.8.3.1 + diff --git a/SOURCES/0182-lib-add-convenient-wrappers-for-ensuring-writable-di.patch b/SOURCES/0182-lib-add-convenient-wrappers-for-ensuring-writable-di.patch new file mode 100644 index 0000000..44d7f83 --- /dev/null +++ b/SOURCES/0182-lib-add-convenient-wrappers-for-ensuring-writable-di.patch @@ -0,0 +1,124 @@ +From 40826f4ed0b325961d23f1e5dda45215bdb120c0 Mon Sep 17 00:00:00 2001 +From: Jakub Filak +Date: Wed, 30 Sep 2015 14:13:35 +0200 +Subject: [PATCH] lib: add convenient wrappers for ensuring writable dir + +Replace lchown with fchown and chmod with fchmod. + +Related to CVE-2015-5287 +Related: #1262252 + +Signed-off-by: Jakub Filak +--- + src/daemon/abrtd.c | 19 ------------------- + src/include/libabrt.h | 6 ++++++ + src/lib/hooklib.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 52 insertions(+), 19 deletions(-) + +diff --git a/src/daemon/abrtd.c b/src/daemon/abrtd.c +index b8426dd..b1252d2 100644 +--- a/src/daemon/abrtd.c ++++ b/src/daemon/abrtd.c +@@ -158,25 +158,6 @@ static gboolean handle_signal_cb(GIOChannel *gio, GIOCondition condition, gpoint + return TRUE; /* "please don't remove this event" */ + } + +-static void ensure_writable_dir(const char *dir, mode_t mode, const char *user) +-{ +- struct stat sb; +- +- if (mkdir(dir, mode) != 0 && errno != EEXIST) +- perror_msg_and_die("Can't create '%s'", dir); +- if (stat(dir, &sb) != 0 || !S_ISDIR(sb.st_mode)) +- error_msg_and_die("'%s' is not a directory", dir); +- +- struct passwd *pw = getpwnam(user); +- if (!pw) +- perror_msg_and_die("Can't find user '%s'", user); +- +- if ((sb.st_uid != pw->pw_uid || sb.st_gid != pw->pw_gid) && lchown(dir, pw->pw_uid, pw->pw_gid) != 0) +- perror_msg_and_die("Can't set owner %u:%u on '%s'", (unsigned int)pw->pw_uid, (unsigned int)pw->pw_gid, dir); +- if ((sb.st_mode & 07777) != mode && chmod(dir, mode) != 0) +- perror_msg_and_die("Can't set mode %o on '%s'", mode, dir); +-} +- + static void sanitize_dump_dir_rights(void) + { + /* We can't allow everyone to create dumps: otherwise users can flood +diff --git a/src/include/libabrt.h b/src/include/libabrt.h +index 21ce440..2510a77 100644 +--- a/src/include/libabrt.h ++++ b/src/include/libabrt.h +@@ -42,6 +42,12 @@ int low_free_space(unsigned setting_MaxCrashReportsSize, const char *dump_locati + + #define trim_problem_dirs abrt_trim_problem_dirs + void trim_problem_dirs(const char *dirname, double cap_size, const char *exclude_path); ++#define ensure_writable_dir_id abrt_ensure_writable_dir_uid_git ++void ensure_writable_dir_uid_gid(const char *dir, mode_t mode, uid_t uid, gid_t gid); ++#define ensure_writable_dir abrt_ensure_writable_dir ++void ensure_writable_dir(const char *dir, mode_t mode, const char *user); ++#define ensure_writable_dir_group abrt_ensure_writable_dir_group ++void ensure_writable_dir_group(const char *dir, mode_t mode, const char *user, const char *group); + #define run_unstrip_n abrt_run_unstrip_n + char *run_unstrip_n(const char *dump_dir_name, unsigned timeout_sec); + #define get_backtrace abrt_get_backtrace +diff --git a/src/lib/hooklib.c b/src/lib/hooklib.c +index 8e93663..160a011 100644 +--- a/src/lib/hooklib.c ++++ b/src/lib/hooklib.c +@@ -428,6 +428,52 @@ char* problem_data_save(problem_data_t *pd) + return problem_id; + } + ++void ensure_writable_dir_uid_gid(const char *dir, mode_t mode, uid_t uid, gid_t gid) ++{ ++ struct stat sb; ++ int dir_fd; ++ ++ if (mkdir(dir, mode) != 0 && errno != EEXIST) ++ perror_msg_and_die("Can't create '%s'", dir); ++ ++ dir_fd = open(dir, O_DIRECTORY | O_NOFOLLOW); ++ if (dir_fd < 0) ++ perror_msg_and_die("Can't open directory '%s'", dir); ++ ++ if (fstat(dir_fd, &sb) != 0) ++ perror_msg_and_die("Can't stat directory '%s'", dir); ++ ++ if ((sb.st_uid != uid || sb.st_gid != gid) && fchown(dir_fd, uid, gid) != 0) ++ perror_msg_and_die("Can't set owner %u:%u on '%s'", (unsigned int)uid, (unsigned int)gid, dir); ++ ++ if ((sb.st_mode & 07777) != mode && fchmod(dir_fd, mode) != 0) ++ perror_msg_and_die("Can't set mode %o on '%s'", mode, dir); ++ ++ close(dir_fd); ++} ++ ++void ensure_writable_dir(const char *dir, mode_t mode, const char *user) ++{ ++ struct passwd *pw = getpwnam(user); ++ if (!pw) ++ perror_msg_and_die("Can't find user '%s'", user); ++ ++ ensure_writable_dir_uid_gid(dir, mode, pw->pw_uid, pw->pw_gid); ++} ++ ++void ensure_writable_dir_group(const char *dir, mode_t mode, const char *user, const char *group) ++{ ++ struct passwd *pw = getpwnam(user); ++ if (!pw) ++ perror_msg_and_die("Can't find user '%s'", user); ++ ++ struct group *gr = getgrnam(group); ++ if (!gr) ++ perror_msg_and_die("Can't find group '%s'", group); ++ ++ ensure_writable_dir_uid_gid(dir, mode, pw->pw_uid, gr->gr_gid); ++} ++ + bool dir_is_in_dump_location(const char *dir_name) + { + unsigned len = strlen(g_settings_dump_location); +-- +1.8.3.1 + diff --git a/SOURCES/0183-abrtd-switch-owner-of-the-dump-location-to-root.patch b/SOURCES/0183-abrtd-switch-owner-of-the-dump-location-to-root.patch new file mode 100644 index 0000000..9930589 --- /dev/null +++ b/SOURCES/0183-abrtd-switch-owner-of-the-dump-location-to-root.patch @@ -0,0 +1,31 @@ +From 57bc5697db222c96cb3adbee635f072abeeff6ad Mon Sep 17 00:00:00 2001 +From: Jakub Filak +Date: Wed, 30 Sep 2015 14:14:31 +0200 +Subject: [PATCH] abrtd: switch owner of the dump location to 'root' + +Additional hardening suggested by Florian Weimer + +Related to CVE-2015-5287 +Related: #1262252 + +Signed-off-by: Jakub Filak +--- + src/daemon/abrtd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/daemon/abrtd.c b/src/daemon/abrtd.c +index b1252d2..b79e940 100644 +--- a/src/daemon/abrtd.c ++++ b/src/daemon/abrtd.c +@@ -164,7 +164,7 @@ static void sanitize_dump_dir_rights(void) + * us with thousands of bogus or malicious dumps */ + /* 07000 bits are setuid, setgit, and sticky, and they must be unset */ + /* 00777 bits are usual "rwxrwxrwx" access rights */ +- ensure_writable_dir(g_settings_dump_location, 0755, "abrt"); ++ ensure_writable_dir_group(g_settings_dump_location, 0751, "root", "abrt"); + /* temp dir */ + ensure_writable_dir(VAR_RUN"/abrt", 0755, "root"); + } +-- +1.8.3.1 + diff --git a/SOURCES/event-don-t-run-the-reporter-bugzilla-h-on-RHEL-and-.patch b/SOURCES/event-don-t-run-the-reporter-bugzilla-h-on-RHEL-and-.patch deleted file mode 100644 index 334986f..0000000 --- a/SOURCES/event-don-t-run-the-reporter-bugzilla-h-on-RHEL-and-.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 6c95ae2bf1c80530442a516f23b7cd8e82dcae12 Mon Sep 17 00:00:00 2001 -From: Matej Habrnal -Date: Thu, 22 Jan 2015 02:23:21 +0100 -Subject: [PATCH 88/91] event: don't run the 'reporter-bugzilla -h' on RHEL and - CentOS - -Running the 'reporter-bugzilla -h' makes sense only on Fedora because of bodhi. - -Signed-off-by: Matej Habrnal ---- - src/plugins/ccpp_event.conf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/plugins/ccpp_event.conf b/src/plugins/ccpp_event.conf -index 62ff08a..cd75ee2 100644 ---- a/src/plugins/ccpp_event.conf -+++ b/src/plugins/ccpp_event.conf -@@ -71,7 +71,7 @@ EVENT=analyze_LocalGDB analyzer=CCpp - # Run GDB plugin to see if crash looks exploitable - abrt-action-analyze-vulnerability - # Run GDB to genereate backtrace -- abrt-action-analyze-ccpp-local --without-bodhi -+ abrt-action-analyze-ccpp-local --without-bz - - - # Bugzilla requires nonempty duphash --- -1.8.3.1 - diff --git a/SOURCES/plugin-set-URL-to-retrace-server.patch b/SOURCES/plugin-set-URL-to-retrace-server.patch deleted file mode 100644 index b2dc31a..0000000 --- a/SOURCES/plugin-set-URL-to-retrace-server.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 81181a893b91a229e05a5a915cc98347126e3834 Mon Sep 17 00:00:00 2001 -From: Matej Habrnal -Date: Fri, 30 Jan 2015 17:52:25 +0100 -Subject: [PATCH 90/91] plugin: set URL to retrace server - -Changed default retrace server URL from localhost to retrace.fedoraproject.org. - -Signed-off-by: Matej Habrnal ---- - src/plugins/analyze_CCpp.xml.in | 2 +- - src/plugins/analyze_RetraceServer.xml.in | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/plugins/analyze_CCpp.xml.in b/src/plugins/analyze_CCpp.xml.in -index 6f02692..a7ce4dd 100644 ---- a/src/plugins/analyze_CCpp.xml.in -+++ b/src/plugins/analyze_CCpp.xml.in -@@ -26,7 +26,7 @@ - - -diff --git a/src/plugins/analyze_RetraceServer.xml.in b/src/plugins/analyze_RetraceServer.xml.in -index cf1d25a..e437cac 100644 ---- a/src/plugins/analyze_RetraceServer.xml.in -+++ b/src/plugins/analyze_RetraceServer.xml.in -@@ -12,7 +12,7 @@ - - --- -1.8.3.1 - diff --git a/SOURCES/turn-sosreport-off.patch b/SOURCES/turn-sosreport-off.patch deleted file mode 100644 index e570138..0000000 --- a/SOURCES/turn-sosreport-off.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 2b02dc85753e4b11f10bfa2d660aa493ae80c52b Mon Sep 17 00:00:00 2001 -From: Jakub Filak -Date: Thu, 20 Nov 2014 11:24:39 +0100 -Subject: [PATCH] turn sosreport off - ---- - src/daemon/abrt_event.conf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/daemon/abrt_event.conf b/src/daemon/abrt_event.conf -index 380b312..eafee17 100644 ---- a/src/daemon/abrt_event.conf -+++ b/src/daemon/abrt_event.conf -@@ -67,7 +67,7 @@ EVENT=post-create runlevel= - # Example: if you want to save sosreport immediately at the moment of a crash: - # (alternatively, you can add similar command to EVENT=analyze_foo's, - # if you would rather perform this collection later): --EVENT=post-create -+#EVENT=post-create - nice sosreport --tmp-dir "$DUMP_DIR" --batch \ - --only=anaconda --only=boot --only=devicemapper \ - --only=filesys --only=hardware --only=kernel --only=libraries \ --- -1.8.3.1 - diff --git a/SPECS/abrt.spec b/SPECS/abrt.spec index 08f9633..504c2ee 100644 --- a/SPECS/abrt.spec +++ b/SPECS/abrt.spec @@ -33,7 +33,7 @@ Summary: Automatic bug detection and reporting tool Name: abrt Version: 2.1.11 -Release: 34%{?dist} +Release: 35%{?dist} License: GPLv2+ Group: Applications/System URL: https://fedorahosted.org/abrt/ @@ -54,6 +54,7 @@ Patch12: 0012-configui-show-Close-button-in-the-dialog.patch Patch13: 0013-applet-do-not-say-the-report-is-anonymous-when-urepo.patch #Patch14: 0014-spec-abrt-cli-requires-a-pkg-providing-workflows.patch #Patch15: 0015-testsuite-encourage-users-to-create-a-case-in-RHTS.patch +Patch16: 0016-cli-list-show-a-hint-about-creating-a-case-in-RHTS.patch Patch17: 0017-harvest-vmcore-properly-handle-inaccessible-dir-erro.patch Patch18: 0018-don-t-break-the-event-run-by-failures-of-abrt-action.patch Patch19: 0019-Fix-handling-of-Machine-Check-Exceptions.patch @@ -116,6 +117,7 @@ Patch75: 0075-Translation-updates.patch Patch76: 0076-Revert-gdb-disable-loading-of-auto-loaded-files.patch Patch77: 0077-gdb-make-gdb-aware-of-the-abrt-s-debuginfo-dir.patch #Patch78: 0078-spec-update-the-required-gdb-version.patch +Patch79: 0079-cli-mark-the-suggestion-text-for-translation.patch Patch80: 0080-auto-reporting-add-options-to-specify-auth-type.patch #Patch81: 0081-testsuite-abrt-auto-reporting-uReport-authentication.patch Patch82: 0082-translations-pull-the-newest-PO-files.patch @@ -230,9 +232,18 @@ Patch170: 0170-abrt-auto-reporting-add-example-into-the-help.patch #Patch175: 0175-testsuite-new-test-dumpdir_completedness.patch #Patch176: 0176-testsuite-upload-handling-fix-irrelevant-AVCs.patch Patch177: 0177-sos-use-services-instead-of-startup.patch -Patch178: event-don-t-run-the-reporter-bugzilla-h-on-RHEL-and-.patch -Patch179: plugin-set-URL-to-retrace-server.patch -Patch180: turn-sosreport-off.patch +# git format-patch 2.1.11-34.el7 -N --start-number 178 --topo-order +Patch178: 0178-a-a-i-d-to-abrt-cache-make-own-random-temporary-dire.patch +Patch179: 0179-conf-introduce-DebugLevel.patch +Patch180: 0180-ccpp-ignore-crashes-of-ABRT-binaries-if-DebugLevel-0.patch +Patch181: 0181-ccpp-save-abrt-core-files-only-to-new-files.patch +Patch182: 0182-lib-add-convenient-wrappers-for-ensuring-writable-di.patch +Patch183: 0183-abrtd-switch-owner-of-the-dump-location-to-root.patch +#Patch184: 0184-spec-switch-owner-of-the-dump-location-to-root.patch +#Patch185: 0185-testsuite-ccpp-plugin-debug.patch +#Patch186: 0186-testsuite-a-a-i-debuginfo-the-set-uid-wrapper-uses-s.patch +#Patch187: 0187-testsuite-check-file-system-attributes-of-the-dump-l.patch +# git format-patch 2.1.11-35.el7 -N --start-number 188 --topo-order # git is need for '%%autosetup -S git' which automatically applies all the @@ -345,8 +356,10 @@ Group: System Environment/Libraries Requires: cpio Requires: gdb >= 7.6.1-63 Requires: elfutils +%if 0%{!?rhel:1} # abrt-action-perform-ccpp-analysis wants to run analyze_RetraceServer: Requires: %{name}-retrace-client +%endif Requires: %{name} = %{version}-%{release} Requires: abrt-libs = %{version}-%{release} Requires: libreport-python @@ -460,13 +473,8 @@ Requires: abrt-addon-ccpp Requires: abrt-addon-python Requires: abrt-addon-xorg %if 0%{?rhel} -%if 0%{?centos_ver} -Requires: libreport-centos >= %{libreport_ver} -Requires: libreport-plugin-mantisbt >= %{libreport_ver} -%else Requires: libreport-rhel >= %{libreport_ver} Requires: libreport-plugin-rhtsupport >= %{libreport_ver} -%endif %else Requires: abrt-retrace-client Requires: libreport-plugin-bugzilla >= %{libreport_ver} @@ -499,13 +507,8 @@ Requires: elfutils Requires: abrt-gui Requires: gnome-abrt %if 0%{?rhel} -%if 0%{?centos_ver} -Requires: libreport-centos >= %{libreport_ver} -Requires: libreport-plugin-mantisbt >= %{libreport_ver} -%else Requires: libreport-rhel >= %{libreport_ver} Requires: libreport-plugin-rhtsupport >= %{libreport_ver} -%endif %else Requires: abrt-retrace-client Requires: libreport-plugin-bugzilla >= %{libreport_ver} @@ -802,7 +805,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %{_mandir}/man5/abrt_event.conf.5.gz %config(noreplace) %{_sysconfdir}/libreport/events.d/smart_event.conf %{_mandir}/man5/smart_event.conf.5.gz -%dir %attr(0755, abrt, abrt) %{_localstatedir}/spool/%{name} +%dir %attr(0751, root, abrt) %{_localstatedir}/spool/%{name} %dir %attr(0700, abrt, abrt) %{_localstatedir}/spool/%{name}-upload # abrtd runs as root %dir %attr(0755, root, root) %{_localstatedir}/run/%{name} @@ -1062,14 +1065,13 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %config(noreplace) %{_sysconfdir}/profile.d/abrt-console-notification.sh %changelog -* Thu Nov 19 2015 CentOS Sources - 2.1.11-34.el7.centos -- Drop RHTS hint -- Change by David Mansfield -- Per http://bugs.centos.org/view.php?id=7192 -- Remove cli suggestion text patch -- set URL to retrace server -- update to not run sosreport -- Per http://bugs.centos.org/view.php?id=7913 +* Fri Oct 30 2015 Jakub Filak - 2.1.11-35 +- make /var/spool/abrt owned by root +- remove 'r' from /var/spool/abrt for other users +- abrt-action-install-debug-info: use secure temporary directory +- stop saving abrt's core files to /var/spool/abrt if DebugLevel < 1 +- Fixes for: CVE-2015-5273 and CVE-2015-5287 +- Resolves: #1266853 * Fri Oct 16 2015 Jakub Filak - 2.1.11-34 - sos: use 'services' instead of 'startup'