diff --git a/SOURCES/0178-a-a-i-d-to-abrt-cache-make-own-random-temporary-dire.patch b/SOURCES/0178-a-a-i-d-to-abrt-cache-make-own-random-temporary-dire.patch
new file mode 100644
index 0000000..d6bc812
--- /dev/null
+++ b/SOURCES/0178-a-a-i-d-to-abrt-cache-make-own-random-temporary-dire.patch
@@ -0,0 +1,104 @@
+From e721bc775d9270ac8d9d8daf2fe3f83bffe5d761 Mon Sep 17 00:00:00 2001
+From: Jakub Filak <jfilak@redhat.com>
+Date: Wed, 30 Sep 2015 11:50:18 +0200
+Subject: [PATCH] a-a-i-d-to-abrt-cache: make own random temporary directory
+
+The set-user-ID wrapper must use own new temporary directory in order to
+avoid security issues with unpacking specially crafted debuginfo
+packages that might be used to create files or symlinks anywhere on the
+file system as the abrt user.
+
+Withot the forking code the temporary directory would remain on the
+filesystem in the case where all debuginfo data are already available.
+This is caused by the fact that the underlying libreport functionality
+accepts path to a desired temporary directory and creates it only if
+necessary. Otherwise, the directory is not touched at all.
+
+This commit addresses CVE-2015-5273
+Related: #1262252
+
+Signed-off-by: Jakub Filak <jfilak@redhat.com>
+---
+ src/plugins/Makefile.am | 1 +
+ .../abrt-action-install-debuginfo-to-abrt-cache.c | 41 +++++++++++++++++++---
+ 2 files changed, 38 insertions(+), 4 deletions(-)
+
+diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am
+index 326bb6e..6dde4b7 100644
+--- a/src/plugins/Makefile.am
++++ b/src/plugins/Makefile.am
+@@ -261,6 +261,7 @@ abrt_action_install_debuginfo_to_abrt_cache_CPPFLAGS = \
+ -D_GNU_SOURCE \
+ -DBIN_DIR=\"$(bindir)\" \
+ -DSBIN_DIR=\"$(sbindir)\" \
++ -DLARGE_DATA_TMP_DIR=\"$(LARGE_DATA_TMP_DIR)\" \
+ $(LIBREPORT_CFLAGS) \
+ -Wall -Wwrite-strings \
+ -fPIE
+diff --git a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
+index 81b1486..52d00de 100644
+--- a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
++++ b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
+@@ -108,8 +108,14 @@ int main(int argc, char **argv)
+ build_ids_self_fd = xasprintf("/proc/self/fd/%d", build_ids_fd);
+ }
+
+- /* name, -v, --ids, -, -y, -e, EXACT, -r, REPO, --, NULL */
+- const char *args[11];
++ char tmp_directory[] = LARGE_DATA_TMP_DIR"/abrt-tmp-debuginfo.XXXXXX";
++ if (mkdtemp(tmp_directory) == NULL)
++ perror_msg_and_die("Failed to create working directory");
++
++ log_info("Created working directory: %s", tmp_directory);
++
++ /* name, -v, --ids, -, -y, -e, EXACT, -r, REPO, -t, PATH, --, NULL */
++ const char *args[13];
+ {
+ const char *verbs[] = { "", "-v", "-vv", "-vvv" };
+ unsigned i = 0;
+@@ -130,6 +136,8 @@ int main(int argc, char **argv)
+ args[i++] = "--repo";
+ args[i++] = repo;
+ }
++ args[i++] = "--tmpdir";
++ args[i++] = tmp_directory;
+ args[i++] = "--";
+ args[i] = NULL;
+ }
+@@ -204,6 +212,31 @@ int main(int argc, char **argv)
+ umask(0022);
+ }
+
+- execvp(EXECUTABLE, (char **)args);
+- error_msg_and_die("Can't execute %s", EXECUTABLE);
++ pid_t pid = fork();
++ if (pid < 0)
++ perror_msg_and_die("fork");
++
++ if (pid == 0)
++ {
++ execvp(EXECUTABLE, (char **)args);
++ error_msg_and_die("Can't execute %s", EXECUTABLE);
++ }
++
++ int status;
++ if (safe_waitpid(pid, &status, 0) < 0)
++ perror_msg_and_die("waitpid");
++
++ if (rmdir(tmp_directory) >= 0)
++ log_info("Removed working directory: %s", tmp_directory);
++ else if (errno != ENOENT)
++ perror_msg("Failed to remove working directory");
++
++ /* Normal execution should exit here. */
++ if (WIFEXITED(status))
++ return WEXITSTATUS(status);
++
++ if (WIFSIGNALED(status))
++ error_msg_and_die("Child terminated with signal %d", WTERMSIG(status));
++
++ error_msg_and_die("Child exit failed");
+ }
+--
+1.8.3.1
+
diff --git a/SOURCES/0179-conf-introduce-DebugLevel.patch b/SOURCES/0179-conf-introduce-DebugLevel.patch
new file mode 100644
index 0000000..67a0bf8
--- /dev/null
+++ b/SOURCES/0179-conf-introduce-DebugLevel.patch
@@ -0,0 +1,102 @@
+From 373f5d38e3c8fbc4bc466312c659974d31a68ac4 Mon Sep 17 00:00:00 2001
+From: Jakub Filak <jfilak@redhat.com>
+Date: Wed, 30 Sep 2015 12:17:47 +0200
+Subject: [PATCH] conf: introduce DebugLevel
+
+ABRT should ignore problems caused by ABRT tools if DebugLevel == 0.
+DebugLevel is set to 0 by default.
+
+Related to CVE-2015-5287
+Related: #1262252
+
+Signed-off-by: Jakub Filak <jfilak@redhat.com>
+---
+ doc/abrt.conf.txt | 8 ++++++++
+ src/daemon/abrt.conf | 8 ++++++++
+ src/include/libabrt.h | 2 ++
+ src/lib/abrt_conf.c | 14 ++++++++++++++
+ 4 files changed, 32 insertions(+)
+
+diff --git a/doc/abrt.conf.txt b/doc/abrt.conf.txt
+index d782e3d..7ef78f0 100644
+--- a/doc/abrt.conf.txt
++++ b/doc/abrt.conf.txt
+@@ -36,6 +36,14 @@ DeleteUploaded = 'yes/no'::
+ or not.
+ The default value is 'no'.
+
++DebugLevel = '0-100':
++ Allows ABRT tools to detect problems in ABRT itself. By increasing the value
++ you can force ABRT to detect, process and report problems in ABRT. You have
++ to bare in mind that ABRT might fall into an infinite loop when handling
++ problems caused by itself.
++ The default is 0 (non debug mode).
++
++
+ SEE ALSO
+ --------
+ abrtd(8)
+diff --git a/src/daemon/abrt.conf b/src/daemon/abrt.conf
+index 2a83f8e..24df20b 100644
+--- a/src/daemon/abrt.conf
++++ b/src/daemon/abrt.conf
+@@ -51,3 +51,11 @@ AutoreportingEnabled = no
+ # THE PROBLEM DATA CONTAINS EXCERPTS OF /var/log/messages, dmesg AND sosreport
+ # data GENERATED BY abrtd UNDER THE USER root.
+ PrivateReports = yes
++
++# Allows ABRT tools to detect problems in ABRT itself. By increasing the value
++# you can force ABRT to detect, process and report problems in ABRT. You have
++# to bare in mind that ABRT might fall into an infinite loop when handling
++# problems caused by itself.
++# The default is 0 (non debug mode).
++#
++# DebugLevel = 0
+diff --git a/src/include/libabrt.h b/src/include/libabrt.h
+index 3b17a64..21ce440 100644
+--- a/src/include/libabrt.h
++++ b/src/include/libabrt.h
+@@ -70,6 +70,8 @@ extern char * g_settings_autoreporting_event;
+ extern bool g_settings_shortenedreporting;
+ #define g_settings_privatereports abrt_g_settings_privatereports
+ extern bool g_settings_privatereports;
++#define g_settings_debug_level abrt_g_settings_debug_level
++extern unsigned int g_settings_debug_level;
+
+
+ #define load_abrt_conf abrt_load_abrt_conf
+diff --git a/src/lib/abrt_conf.c b/src/lib/abrt_conf.c
+index c6aba58..4a49032 100644
+--- a/src/lib/abrt_conf.c
++++ b/src/lib/abrt_conf.c
+@@ -28,6 +28,7 @@ bool g_settings_autoreporting = 0;
+ char * g_settings_autoreporting_event = NULL;
+ bool g_settings_shortenedreporting = 0;
+ bool g_settings_privatereports = true;
++unsigned int g_settings_debug_level = 0;
+
+ void free_abrt_conf_data()
+ {
+@@ -110,6 +111,19 @@ static void ParseCommon(map_string_t *settings, const char *conf_filename)
+ remove_map_string_item(settings, "PrivateReports");
+ }
+
++ value = get_map_string_item_or_NULL(settings, "DebugLevel");
++ if (value)
++ {
++ char *end;
++ errno = 0;
++ unsigned long ul = strtoul(value, &end, 10);
++ if (errno || end == value || *end != '\0' || ul > INT_MAX)
++ error_msg("Error parsing %s setting: '%s'", "DebugLevel", value);
++ else
++ g_settings_debug_level = ul;
++ remove_map_string_item(settings, "DebugLevel");
++ }
++
+ GHashTableIter iter;
+ const char *name;
+ /*char *value; - already declared */
+--
+1.8.3.1
+
diff --git a/SOURCES/0180-ccpp-ignore-crashes-of-ABRT-binaries-if-DebugLevel-0.patch b/SOURCES/0180-ccpp-ignore-crashes-of-ABRT-binaries-if-DebugLevel-0.patch
new file mode 100644
index 0000000..3b0ab3d
--- /dev/null
+++ b/SOURCES/0180-ccpp-ignore-crashes-of-ABRT-binaries-if-DebugLevel-0.patch
@@ -0,0 +1,41 @@
+From ab4351808352e00d72a7fd948e3e923d08e1a0fc Mon Sep 17 00:00:00 2001
+From: Jakub Filak <jfilak@redhat.com>
+Date: Wed, 30 Sep 2015 12:19:48 +0200
+Subject: [PATCH] ccpp: ignore crashes of ABRT binaries if DebugLevel == 0
+
+Prior this commit abrt-hook-ccpp was saved core file of any
+crashed process executing program whose name starts with "abrt" in
+DUMP_LOCATION.
+
+ABRT does not check size constraints of these core files, so the files
+could consume an uncontrolled amount of disk space.
+
+Related to CVE-2015-5287
+Related: #1262252
+
+Signed-off-by: Jakub Filak <jfilak@redhat.com>
+---
+ src/hooks/abrt-hook-ccpp.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
+index 12b3f118..7a19cc2 100644
+--- a/src/hooks/abrt-hook-ccpp.c
++++ b/src/hooks/abrt-hook-ccpp.c
+@@ -842,6 +842,13 @@ int main(int argc, char** argv)
+ const char *last_slash = strrchr(executable, '/');
+ if (last_slash && strncmp(++last_slash, "abrt", 4) == 0)
+ {
++ if (g_settings_debug_level == 0)
++ {
++ log_warning("Ignoring crash of %s (SIG%s).",
++ executable, signame ? signame : signal_str);
++ goto finito;
++ }
++
+ /* If abrtd/abrt-foo crashes, we don't want to create a _directory_,
+ * since that can make new copy of abrtd to process it,
+ * and maybe crash again...
+--
+1.8.3.1
+
diff --git a/SOURCES/0181-ccpp-save-abrt-core-files-only-to-new-files.patch b/SOURCES/0181-ccpp-save-abrt-core-files-only-to-new-files.patch
new file mode 100644
index 0000000..397d0d8
--- /dev/null
+++ b/SOURCES/0181-ccpp-save-abrt-core-files-only-to-new-files.patch
@@ -0,0 +1,35 @@
+From f982995841607f06faaa055740310e0520c07c67 Mon Sep 17 00:00:00 2001
+From: Jakub Filak <jfilak@redhat.com>
+Date: Wed, 30 Sep 2015 12:24:32 +0200
+Subject: [PATCH] ccpp: save abrt core files only to new files
+
+Prior this commit abrt-hook-ccpp saved a core file generated by a
+process running a program whose name starts with "abrt" in
+DUMP_LOCATION/$(basename program)-coredump. If the file was a symlink,
+the hook followed and wrote core file to the symlink's target.
+
+This commit addresses CVE-2015-5287
+Related: #1262252
+
+Signed-off-by: Jakub Filak <jfilak@redhat.com>
+---
+ src/hooks/abrt-hook-ccpp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
+index 7a19cc2..9648b16 100644
+--- a/src/hooks/abrt-hook-ccpp.c
++++ b/src/hooks/abrt-hook-ccpp.c
+@@ -857,7 +857,8 @@ int main(int argc, char** argv)
+ if (snprintf(path, sizeof(path), "%s/%s-coredump", g_settings_dump_location, last_slash) >= sizeof(path))
+ error_msg_and_die("Error saving '%s': truncated long file path", path);
+
+- int abrt_core_fd = xopen3(path, O_WRONLY | O_CREAT | O_TRUNC, 0600);
++ unlink(path);
++ int abrt_core_fd = xopen3(path, O_WRONLY | O_CREAT | O_EXCL, 0600);
+ off_t core_size = copyfd_eof(STDIN_FILENO, abrt_core_fd, COPYFD_SPARSE);
+ if (core_size < 0 || fsync(abrt_core_fd) != 0)
+ {
+--
+1.8.3.1
+
diff --git a/SOURCES/0182-lib-add-convenient-wrappers-for-ensuring-writable-di.patch b/SOURCES/0182-lib-add-convenient-wrappers-for-ensuring-writable-di.patch
new file mode 100644
index 0000000..44d7f83
--- /dev/null
+++ b/SOURCES/0182-lib-add-convenient-wrappers-for-ensuring-writable-di.patch
@@ -0,0 +1,124 @@
+From 40826f4ed0b325961d23f1e5dda45215bdb120c0 Mon Sep 17 00:00:00 2001
+From: Jakub Filak <jfilak@redhat.com>
+Date: Wed, 30 Sep 2015 14:13:35 +0200
+Subject: [PATCH] lib: add convenient wrappers for ensuring writable dir
+
+Replace lchown with fchown and chmod with fchmod.
+
+Related to CVE-2015-5287
+Related: #1262252
+
+Signed-off-by: Jakub Filak <jfilak@redhat.com>
+---
+ src/daemon/abrtd.c | 19 -------------------
+ src/include/libabrt.h | 6 ++++++
+ src/lib/hooklib.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 52 insertions(+), 19 deletions(-)
+
+diff --git a/src/daemon/abrtd.c b/src/daemon/abrtd.c
+index b8426dd..b1252d2 100644
+--- a/src/daemon/abrtd.c
++++ b/src/daemon/abrtd.c
+@@ -158,25 +158,6 @@ static gboolean handle_signal_cb(GIOChannel *gio, GIOCondition condition, gpoint
+ return TRUE; /* "please don't remove this event" */
+ }
+
+-static void ensure_writable_dir(const char *dir, mode_t mode, const char *user)
+-{
+- struct stat sb;
+-
+- if (mkdir(dir, mode) != 0 && errno != EEXIST)
+- perror_msg_and_die("Can't create '%s'", dir);
+- if (stat(dir, &sb) != 0 || !S_ISDIR(sb.st_mode))
+- error_msg_and_die("'%s' is not a directory", dir);
+-
+- struct passwd *pw = getpwnam(user);
+- if (!pw)
+- perror_msg_and_die("Can't find user '%s'", user);
+-
+- if ((sb.st_uid != pw->pw_uid || sb.st_gid != pw->pw_gid) && lchown(dir, pw->pw_uid, pw->pw_gid) != 0)
+- perror_msg_and_die("Can't set owner %u:%u on '%s'", (unsigned int)pw->pw_uid, (unsigned int)pw->pw_gid, dir);
+- if ((sb.st_mode & 07777) != mode && chmod(dir, mode) != 0)
+- perror_msg_and_die("Can't set mode %o on '%s'", mode, dir);
+-}
+-
+ static void sanitize_dump_dir_rights(void)
+ {
+ /* We can't allow everyone to create dumps: otherwise users can flood
+diff --git a/src/include/libabrt.h b/src/include/libabrt.h
+index 21ce440..2510a77 100644
+--- a/src/include/libabrt.h
++++ b/src/include/libabrt.h
+@@ -42,6 +42,12 @@ int low_free_space(unsigned setting_MaxCrashReportsSize, const char *dump_locati
+
+ #define trim_problem_dirs abrt_trim_problem_dirs
+ void trim_problem_dirs(const char *dirname, double cap_size, const char *exclude_path);
++#define ensure_writable_dir_id abrt_ensure_writable_dir_uid_git
++void ensure_writable_dir_uid_gid(const char *dir, mode_t mode, uid_t uid, gid_t gid);
++#define ensure_writable_dir abrt_ensure_writable_dir
++void ensure_writable_dir(const char *dir, mode_t mode, const char *user);
++#define ensure_writable_dir_group abrt_ensure_writable_dir_group
++void ensure_writable_dir_group(const char *dir, mode_t mode, const char *user, const char *group);
+ #define run_unstrip_n abrt_run_unstrip_n
+ char *run_unstrip_n(const char *dump_dir_name, unsigned timeout_sec);
+ #define get_backtrace abrt_get_backtrace
+diff --git a/src/lib/hooklib.c b/src/lib/hooklib.c
+index 8e93663..160a011 100644
+--- a/src/lib/hooklib.c
++++ b/src/lib/hooklib.c
+@@ -428,6 +428,52 @@ char* problem_data_save(problem_data_t *pd)
+ return problem_id;
+ }
+
++void ensure_writable_dir_uid_gid(const char *dir, mode_t mode, uid_t uid, gid_t gid)
++{
++ struct stat sb;
++ int dir_fd;
++
++ if (mkdir(dir, mode) != 0 && errno != EEXIST)
++ perror_msg_and_die("Can't create '%s'", dir);
++
++ dir_fd = open(dir, O_DIRECTORY | O_NOFOLLOW);
++ if (dir_fd < 0)
++ perror_msg_and_die("Can't open directory '%s'", dir);
++
++ if (fstat(dir_fd, &sb) != 0)
++ perror_msg_and_die("Can't stat directory '%s'", dir);
++
++ if ((sb.st_uid != uid || sb.st_gid != gid) && fchown(dir_fd, uid, gid) != 0)
++ perror_msg_and_die("Can't set owner %u:%u on '%s'", (unsigned int)uid, (unsigned int)gid, dir);
++
++ if ((sb.st_mode & 07777) != mode && fchmod(dir_fd, mode) != 0)
++ perror_msg_and_die("Can't set mode %o on '%s'", mode, dir);
++
++ close(dir_fd);
++}
++
++void ensure_writable_dir(const char *dir, mode_t mode, const char *user)
++{
++ struct passwd *pw = getpwnam(user);
++ if (!pw)
++ perror_msg_and_die("Can't find user '%s'", user);
++
++ ensure_writable_dir_uid_gid(dir, mode, pw->pw_uid, pw->pw_gid);
++}
++
++void ensure_writable_dir_group(const char *dir, mode_t mode, const char *user, const char *group)
++{
++ struct passwd *pw = getpwnam(user);
++ if (!pw)
++ perror_msg_and_die("Can't find user '%s'", user);
++
++ struct group *gr = getgrnam(group);
++ if (!gr)
++ perror_msg_and_die("Can't find group '%s'", group);
++
++ ensure_writable_dir_uid_gid(dir, mode, pw->pw_uid, gr->gr_gid);
++}
++
+ bool dir_is_in_dump_location(const char *dir_name)
+ {
+ unsigned len = strlen(g_settings_dump_location);
+--
+1.8.3.1
+
diff --git a/SOURCES/0183-abrtd-switch-owner-of-the-dump-location-to-root.patch b/SOURCES/0183-abrtd-switch-owner-of-the-dump-location-to-root.patch
new file mode 100644
index 0000000..9930589
--- /dev/null
+++ b/SOURCES/0183-abrtd-switch-owner-of-the-dump-location-to-root.patch
@@ -0,0 +1,31 @@
+From 57bc5697db222c96cb3adbee635f072abeeff6ad Mon Sep 17 00:00:00 2001
+From: Jakub Filak <jfilak@redhat.com>
+Date: Wed, 30 Sep 2015 14:14:31 +0200
+Subject: [PATCH] abrtd: switch owner of the dump location to 'root'
+
+Additional hardening suggested by Florian Weimer <fweimer@redhat.com>
+
+Related to CVE-2015-5287
+Related: #1262252
+
+Signed-off-by: Jakub Filak <jfilak@redhat.com>
+---
+ src/daemon/abrtd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/daemon/abrtd.c b/src/daemon/abrtd.c
+index b1252d2..b79e940 100644
+--- a/src/daemon/abrtd.c
++++ b/src/daemon/abrtd.c
+@@ -164,7 +164,7 @@ static void sanitize_dump_dir_rights(void)
+ * us with thousands of bogus or malicious dumps */
+ /* 07000 bits are setuid, setgit, and sticky, and they must be unset */
+ /* 00777 bits are usual "rwxrwxrwx" access rights */
+- ensure_writable_dir(g_settings_dump_location, 0755, "abrt");
++ ensure_writable_dir_group(g_settings_dump_location, 0751, "root", "abrt");
+ /* temp dir */
+ ensure_writable_dir(VAR_RUN"/abrt", 0755, "root");
+ }
+--
+1.8.3.1
+
diff --git a/SOURCES/event-don-t-run-the-reporter-bugzilla-h-on-RHEL-and-.patch b/SOURCES/event-don-t-run-the-reporter-bugzilla-h-on-RHEL-and-.patch
deleted file mode 100644
index 334986f..0000000
--- a/SOURCES/event-don-t-run-the-reporter-bugzilla-h-on-RHEL-and-.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 6c95ae2bf1c80530442a516f23b7cd8e82dcae12 Mon Sep 17 00:00:00 2001
-From: Matej Habrnal <mhabrnal@redhat.com>
-Date: Thu, 22 Jan 2015 02:23:21 +0100
-Subject: [PATCH 88/91] event: don't run the 'reporter-bugzilla -h' on RHEL and
- CentOS
-
-Running the 'reporter-bugzilla -h' makes sense only on Fedora because of bodhi.
-
-Signed-off-by: Matej Habrnal <mhabrnal@redhat.com>
----
- src/plugins/ccpp_event.conf | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/plugins/ccpp_event.conf b/src/plugins/ccpp_event.conf
-index 62ff08a..cd75ee2 100644
---- a/src/plugins/ccpp_event.conf
-+++ b/src/plugins/ccpp_event.conf
-@@ -71,7 +71,7 @@ EVENT=analyze_LocalGDB analyzer=CCpp
- # Run GDB plugin to see if crash looks exploitable
- abrt-action-analyze-vulnerability
- # Run GDB to genereate backtrace
-- abrt-action-analyze-ccpp-local --without-bodhi
-+ abrt-action-analyze-ccpp-local --without-bz
-
-
- # Bugzilla requires nonempty duphash
---
-1.8.3.1
-
diff --git a/SOURCES/plugin-set-URL-to-retrace-server.patch b/SOURCES/plugin-set-URL-to-retrace-server.patch
deleted file mode 100644
index b2dc31a..0000000
--- a/SOURCES/plugin-set-URL-to-retrace-server.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 81181a893b91a229e05a5a915cc98347126e3834 Mon Sep 17 00:00:00 2001
-From: Matej Habrnal <mhabrnal@redhat.com>
-Date: Fri, 30 Jan 2015 17:52:25 +0100
-Subject: [PATCH 90/91] plugin: set URL to retrace server
-
-Changed default retrace server URL from localhost to retrace.fedoraproject.org.
-
-Signed-off-by: Matej Habrnal <mhabrnal@redhat.com>
----
- src/plugins/analyze_CCpp.xml.in | 2 +-
- src/plugins/analyze_RetraceServer.xml.in | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/plugins/analyze_CCpp.xml.in b/src/plugins/analyze_CCpp.xml.in
-index 6f02692..a7ce4dd 100644
---- a/src/plugins/analyze_CCpp.xml.in
-+++ b/src/plugins/analyze_CCpp.xml.in
-@@ -26,7 +26,7 @@
- <options>
- <option type="text" name="RETRACE_SERVER_URL">
- <_label>Retrace server URL</_label>
-- <default-value>localhost</default-value>
-+ <default-value>retrace.fedoraproject.org</default-value>
- <allow-empty>no</allow-empty>
- <_description>Address of the retrace server</_description>
- </option>
-diff --git a/src/plugins/analyze_RetraceServer.xml.in b/src/plugins/analyze_RetraceServer.xml.in
-index cf1d25a..e437cac 100644
---- a/src/plugins/analyze_RetraceServer.xml.in
-+++ b/src/plugins/analyze_RetraceServer.xml.in
-@@ -12,7 +12,7 @@
- <options>
- <option type="text" name="RETRACE_SERVER_URL">
- <_label>Retrace server URL</_label>
-- <default-value>localhost</default-value>
-+ <default-value>retrace.fedoraproject.org</default-value>
- <allow-empty>no</allow-empty>
- <_description>Address of the retrace server</_description>
- </option>
---
-1.8.3.1
-
diff --git a/SOURCES/turn-sosreport-off.patch b/SOURCES/turn-sosreport-off.patch
deleted file mode 100644
index e570138..0000000
--- a/SOURCES/turn-sosreport-off.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 2b02dc85753e4b11f10bfa2d660aa493ae80c52b Mon Sep 17 00:00:00 2001
-From: Jakub Filak <jfilak@redhat.com>
-Date: Thu, 20 Nov 2014 11:24:39 +0100
-Subject: [PATCH] turn sosreport off
-
----
- src/daemon/abrt_event.conf | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/daemon/abrt_event.conf b/src/daemon/abrt_event.conf
-index 380b312..eafee17 100644
---- a/src/daemon/abrt_event.conf
-+++ b/src/daemon/abrt_event.conf
-@@ -67,7 +67,7 @@ EVENT=post-create runlevel=
- # Example: if you want to save sosreport immediately at the moment of a crash:
- # (alternatively, you can add similar command to EVENT=analyze_foo's,
- # if you would rather perform this collection later):
--EVENT=post-create
-+#EVENT=post-create
- nice sosreport --tmp-dir "$DUMP_DIR" --batch \
- --only=anaconda --only=boot --only=devicemapper \
- --only=filesys --only=hardware --only=kernel --only=libraries \
---
-1.8.3.1
-
diff --git a/SPECS/abrt.spec b/SPECS/abrt.spec
index 08f9633..504c2ee 100644
--- a/SPECS/abrt.spec
+++ b/SPECS/abrt.spec
@@ -33,7 +33,7 @@
Summary: Automatic bug detection and reporting tool
Name: abrt
Version: 2.1.11
-Release: 34%{?dist}
+Release: 35%{?dist}
License: GPLv2+
Group: Applications/System
URL: https://fedorahosted.org/abrt/
@@ -54,6 +54,7 @@ Patch12: 0012-configui-show-Close-button-in-the-dialog.patch
Patch13: 0013-applet-do-not-say-the-report-is-anonymous-when-urepo.patch
#Patch14: 0014-spec-abrt-cli-requires-a-pkg-providing-workflows.patch
#Patch15: 0015-testsuite-encourage-users-to-create-a-case-in-RHTS.patch
+Patch16: 0016-cli-list-show-a-hint-about-creating-a-case-in-RHTS.patch
Patch17: 0017-harvest-vmcore-properly-handle-inaccessible-dir-erro.patch
Patch18: 0018-don-t-break-the-event-run-by-failures-of-abrt-action.patch
Patch19: 0019-Fix-handling-of-Machine-Check-Exceptions.patch
@@ -116,6 +117,7 @@ Patch75: 0075-Translation-updates.patch
Patch76: 0076-Revert-gdb-disable-loading-of-auto-loaded-files.patch
Patch77: 0077-gdb-make-gdb-aware-of-the-abrt-s-debuginfo-dir.patch
#Patch78: 0078-spec-update-the-required-gdb-version.patch
+Patch79: 0079-cli-mark-the-suggestion-text-for-translation.patch
Patch80: 0080-auto-reporting-add-options-to-specify-auth-type.patch
#Patch81: 0081-testsuite-abrt-auto-reporting-uReport-authentication.patch
Patch82: 0082-translations-pull-the-newest-PO-files.patch
@@ -230,9 +232,18 @@ Patch170: 0170-abrt-auto-reporting-add-example-into-the-help.patch
#Patch175: 0175-testsuite-new-test-dumpdir_completedness.patch
#Patch176: 0176-testsuite-upload-handling-fix-irrelevant-AVCs.patch
Patch177: 0177-sos-use-services-instead-of-startup.patch
-Patch178: event-don-t-run-the-reporter-bugzilla-h-on-RHEL-and-.patch
-Patch179: plugin-set-URL-to-retrace-server.patch
-Patch180: turn-sosreport-off.patch
+# git format-patch 2.1.11-34.el7 -N --start-number 178 --topo-order
+Patch178: 0178-a-a-i-d-to-abrt-cache-make-own-random-temporary-dire.patch
+Patch179: 0179-conf-introduce-DebugLevel.patch
+Patch180: 0180-ccpp-ignore-crashes-of-ABRT-binaries-if-DebugLevel-0.patch
+Patch181: 0181-ccpp-save-abrt-core-files-only-to-new-files.patch
+Patch182: 0182-lib-add-convenient-wrappers-for-ensuring-writable-di.patch
+Patch183: 0183-abrtd-switch-owner-of-the-dump-location-to-root.patch
+#Patch184: 0184-spec-switch-owner-of-the-dump-location-to-root.patch
+#Patch185: 0185-testsuite-ccpp-plugin-debug.patch
+#Patch186: 0186-testsuite-a-a-i-debuginfo-the-set-uid-wrapper-uses-s.patch
+#Patch187: 0187-testsuite-check-file-system-attributes-of-the-dump-l.patch
+# git format-patch 2.1.11-35.el7 -N --start-number 188 --topo-order
# git is need for '%%autosetup -S git' which automatically applies all the
@@ -345,8 +356,10 @@ Group: System Environment/Libraries
Requires: cpio
Requires: gdb >= 7.6.1-63
Requires: elfutils
+%if 0%{!?rhel:1}
# abrt-action-perform-ccpp-analysis wants to run analyze_RetraceServer:
Requires: %{name}-retrace-client
+%endif
Requires: %{name} = %{version}-%{release}
Requires: abrt-libs = %{version}-%{release}
Requires: libreport-python
@@ -460,13 +473,8 @@ Requires: abrt-addon-ccpp
Requires: abrt-addon-python
Requires: abrt-addon-xorg
%if 0%{?rhel}
-%if 0%{?centos_ver}
-Requires: libreport-centos >= %{libreport_ver}
-Requires: libreport-plugin-mantisbt >= %{libreport_ver}
-%else
Requires: libreport-rhel >= %{libreport_ver}
Requires: libreport-plugin-rhtsupport >= %{libreport_ver}
-%endif
%else
Requires: abrt-retrace-client
Requires: libreport-plugin-bugzilla >= %{libreport_ver}
@@ -499,13 +507,8 @@ Requires: elfutils
Requires: abrt-gui
Requires: gnome-abrt
%if 0%{?rhel}
-%if 0%{?centos_ver}
-Requires: libreport-centos >= %{libreport_ver}
-Requires: libreport-plugin-mantisbt >= %{libreport_ver}
-%else
Requires: libreport-rhel >= %{libreport_ver}
Requires: libreport-plugin-rhtsupport >= %{libreport_ver}
-%endif
%else
Requires: abrt-retrace-client
Requires: libreport-plugin-bugzilla >= %{libreport_ver}
@@ -802,7 +805,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%{_mandir}/man5/abrt_event.conf.5.gz
%config(noreplace) %{_sysconfdir}/libreport/events.d/smart_event.conf
%{_mandir}/man5/smart_event.conf.5.gz
-%dir %attr(0755, abrt, abrt) %{_localstatedir}/spool/%{name}
+%dir %attr(0751, root, abrt) %{_localstatedir}/spool/%{name}
%dir %attr(0700, abrt, abrt) %{_localstatedir}/spool/%{name}-upload
# abrtd runs as root
%dir %attr(0755, root, root) %{_localstatedir}/run/%{name}
@@ -1062,14 +1065,13 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%config(noreplace) %{_sysconfdir}/profile.d/abrt-console-notification.sh
%changelog
-* Thu Nov 19 2015 CentOS Sources <bugs@centos.org> - 2.1.11-34.el7.centos
-- Drop RHTS hint
-- Change by David Mansfield <david@orthanc.cobite.com>
-- Per http://bugs.centos.org/view.php?id=7192
-- Remove cli suggestion text patch
-- set URL to retrace server
-- update to not run sosreport
-- Per http://bugs.centos.org/view.php?id=7913
+* Fri Oct 30 2015 Jakub Filak <jfilak@redhat.com> - 2.1.11-35
+- make /var/spool/abrt owned by root
+- remove 'r' from /var/spool/abrt for other users
+- abrt-action-install-debug-info: use secure temporary directory
+- stop saving abrt's core files to /var/spool/abrt if DebugLevel < 1
+- Fixes for: CVE-2015-5273 and CVE-2015-5287
+- Resolves: #1266853
* Fri Oct 16 2015 Jakub Filak <jfilak@redhat.com> - 2.1.11-34
- sos: use 'services' instead of 'startup'