diff --git a/.gitignore b/.gitignore index a5a0047..407ae3c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/nuxwdog-1.0.3.tar.gz +SOURCES/nuxwdog-1.0.5.tar.gz diff --git a/.nuxwdog.metadata b/.nuxwdog.metadata index 00601e5..6ce01fc 100644 --- a/.nuxwdog.metadata +++ b/.nuxwdog.metadata @@ -1 +1 @@ -6e9a0dc4687fb8f3c239a4970caa8042e25b6ea1 SOURCES/nuxwdog-1.0.3.tar.gz +127cde7055e9a8d1d7efa672eba23d68ab6146a2 SOURCES/nuxwdog-1.0.5.tar.gz diff --git a/SOURCES/nuxwdog-Allow-unlimited-conf-line-length.patch b/SOURCES/nuxwdog-Allow-unlimited-conf-line-length.patch deleted file mode 100644 index 513c483..0000000 --- a/SOURCES/nuxwdog-Allow-unlimited-conf-line-length.patch +++ /dev/null @@ -1,127 +0,0 @@ -From f4b47d21560fd57c7d2e326ebfae66f42b66864f Mon Sep 17 00:00:00 2001 -From: Ade Lee -Date: Mon, 30 Oct 2017 22:47:15 -0400 -Subject: [PATCH] Allow unlimited conf line length - -Errors occurred because the line length was being truncated, -especially for long lines like JVM args. Now the line length -will be allocated correctly. - -Change-Id: I77553817931883e05180a1082d45a20e3a6afe4c ---- - src/com/redhat/nuxwdog/wdconf.cpp | 45 ++++++++++++++++++++++----------------- - 1 file changed, 26 insertions(+), 19 deletions(-) - -diff --git a/src/com/redhat/nuxwdog/wdconf.cpp b/src/com/redhat/nuxwdog/wdconf.cpp -index 086bc5ae36c79ff3570ba0e39da10a42d8ab9687..95603c96dbd021289b60a001ee6fba0b15f9f540 100644 ---- a/src/com/redhat/nuxwdog/wdconf.cpp -+++ b/src/com/redhat/nuxwdog/wdconf.cpp -@@ -29,24 +29,23 @@ - #include "wdconf.h" - #include "wdlog.h" - --#define MAX_CONF_LINE_LENGTH 1024 -+#define CHUNK 1024 - - /* Read config file line like util_getline() */ --static int _watchdog_readconf_line(char *line, int maxlen, FILE *file) -+static char * _watchdog_readconf_line(FILE *file) - { - int len = 0; - int nlseen = 0; -- int src; -- int dst; -- char *bufp = line; -+ int src = 0; -+ int dst = 0; -+ char bufp[CHUNK]; - -- if (feof(file)) { -- return -1; -- } -+ char *line = (char *) malloc(1); -+ line[0] = '\0'; - -- while (!nlseen && (len < maxlen - 1)) { -+ while (!nlseen && !feof(file)) { - -- if (!fgets(bufp, maxlen - len, file)) -+ if (!fgets(bufp, CHUNK, file)) - break; - - /* Scan what was just read */ -@@ -68,26 +67,31 @@ static int _watchdog_readconf_line(char *line, int maxlen, FILE *file) - ++dst; - } - } -+ bufp[dst] = '\0'; - - if (dst > 0) { - /* Check for continuation */ - if (nlseen && (bufp[dst-1] == '\\')) { -+ bufp[dst-1] = '\0'; - dst -= 1; - nlseen = 0; - } - - len += dst; -- bufp += dst; -+ -+ line = (char *) realloc(line, len+1); -+ strcat(line, bufp); - } - } - - if ((len <= 0) && !nlseen) { -- return -1; -+ if (line) { -+ free(line); -+ } -+ return NULL; - } - -- line[len] = '\0'; -- -- return len; -+ return line; - } - - static int -@@ -95,8 +99,7 @@ _watchdog_parse_conffile(char *conffile, - watchdog_conf_info_t *info) - { - FILE *cfile; -- char line[MAX_CONF_LINE_LENGTH]; -- char *name, *value; -+ char *line, *name, *value; - int len; - - cfile = fopen(conffile, "r"); -@@ -110,7 +113,8 @@ _watchdog_parse_conffile(char *conffile, - return -1; - } - -- while ((len = _watchdog_readconf_line(line, MAX_CONF_LINE_LENGTH, cfile)) >= 0) { -+ while ((line = _watchdog_readconf_line(cfile)) != NULL) { -+ len = strlen(line); - name = line; - if ((*name) == '#') - continue; -@@ -154,10 +158,13 @@ _watchdog_parse_conffile(char *conffile, - if (!strcasecmp(name, "ChildSecurity")) { - info->childSecurity = atoi(value); - } -+ if (line != NULL) { -+ free(line); -+ line = NULL; -+ } - } - - fclose(cfile); -- - return 0; - } - --- -2.9.5 - diff --git a/SOURCES/nuxwdog-heisen-memory-bug.patch b/SOURCES/nuxwdog-heisen-memory-bug.patch deleted file mode 100644 index 381b6e7..0000000 --- a/SOURCES/nuxwdog-heisen-memory-bug.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 63d0cb4948d240068be52c5b0f701a9524320d4d Mon Sep 17 00:00:00 2001 -From: Dinesh Prasanth M K -Date: Thu, 16 Aug 2018 12:23:31 -0400 -Subject: [PATCH] Fixing memory issue in NHSM-OCS - -This fixes the heisen memory bug -https://pagure.io/nuxwdog/issue/8 - -Signed-off-by: Dinesh Prasanth M K ---- - src/com/redhat/nuxwdog/wdpwd.cpp | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/com/redhat/nuxwdog/wdpwd.cpp b/src/com/redhat/nuxwdog/wdpwd.cpp -index 1ff7829..09191fc 100644 ---- a/src/com/redhat/nuxwdog/wdpwd.cpp -+++ b/src/com/redhat/nuxwdog/wdpwd.cpp -@@ -111,7 +111,7 @@ watchdog_pwd_encrypt(char *pwdvalue, pwdenc_t *pwdcrypt) - - int len = strlen(pwdvalue); - { -- if ((pwdcrypt->ptr = (void *)malloc(len)) == NULL) -+ if ((pwdcrypt->ptr = (void *)malloc(len + 1)) == NULL) - return; - - pwdcrypt->len = len; -@@ -247,7 +247,7 @@ int watchdog_pwd_save(char *pwdname, int serial, char *pwdvalue) - * Already have this password saved, so server must be - * reprompting. Replace the old value with the new value. - */ -- char *keyname = (char *) malloc(strlen(pwdname) + strlen(KEY_PREFIX)); -+ char *keyname = (char *) malloc(strlen(pwdname) + strlen(KEY_PREFIX) + 1); - sprintf(keyname, "%s%s", KEY_PREFIX, pwdname); - pwdp->pwdserial = add_key("user", keyname, (void *) pwdvalue, - strlen(pwdvalue), KEY_SPEC_PROCESS_KEYRING); -@@ -270,7 +270,7 @@ int watchdog_pwd_save(char *pwdname, int serial, char *pwdvalue) - pwdp->pwdname = strdup(pwdname); - pwdp->serial = serial; - -- char *keyname = (char *) malloc(strlen(pwdname) + strlen(KEY_PREFIX)); -+ char *keyname = (char *) malloc(strlen(pwdname) + strlen(KEY_PREFIX) + 1); - sprintf(keyname, "%s%s", KEY_PREFIX, pwdname); - pwdp->pwdserial = add_key("user", keyname, (void *) pwdvalue, - strlen(pwdvalue), KEY_SPEC_PROCESS_KEYRING); --- -2.14.4 - diff --git a/SOURCES/nuxwdog-set-uid.patch b/SOURCES/nuxwdog-set-uid.patch deleted file mode 100644 index 9f725fe..0000000 --- a/SOURCES/nuxwdog-set-uid.patch +++ /dev/null @@ -1,145 +0,0 @@ -From 3d7adfbe0788f33a67c3ed65e12ba9d32074a674 Mon Sep 17 00:00:00 2001 -From: Ade Lee -Date: Mon, 15 Jan 2018 15:25:36 -0500 -Subject: [PATCH] Add parameter to set the uid of the invoked process - ---- - src/com/redhat/nuxwdog/watchdog.cpp | 36 ++++++++++++++++++++++++++++++++++-- - src/com/redhat/nuxwdog/wdconf.cpp | 7 +++++++ - src/com/redhat/nuxwdog/wdconf.h | 3 ++- - 3 files changed, 43 insertions(+), 3 deletions(-) - -diff --git a/src/com/redhat/nuxwdog/watchdog.cpp b/src/com/redhat/nuxwdog/watchdog.cpp -index a4d6a77..36b13e4 100644 ---- a/src/com/redhat/nuxwdog/watchdog.cpp -+++ b/src/com/redhat/nuxwdog/watchdog.cpp -@@ -33,6 +33,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -280,7 +281,7 @@ watchdog_exit(int status) - - int - _watchdog_exec(int server_starts, char *server_exe, char *args[], -- char * envp[], int *spid) -+ char * envp[], int *spid, int uid) - { - int server_background = 0; - char *server_out = NULL; -@@ -412,6 +413,14 @@ _watchdog_exec(int server_starts, char *server_exe, char *args[], - free(server_context); - } - -+ if (uid >= 0) { -+ rv = setuid(uid); -+ if (rv != 0) { -+ watchdog_error("unable to setuid"); -+ watchdog_exit(1); -+ } -+ } -+ - rv = execv(server_exe, args); - if (rv < 0) { - watchdog_error("could not execute server binary"); -@@ -757,10 +766,12 @@ int main(int argc, char **argv, char **envp) - int ver=0; - int server_starts; - int server_stat; -+ int uid=-1; - char *server_exe = NULL; - char *server_args = NULL; - char *conffile = NULL; - char *pch; -+ char *user = NULL; - char *args[100]; - struct stat statbuf; - UDS_NAME[0]=0; -@@ -833,6 +844,11 @@ int main(int argc, char **argv, char **envp) - watchdog_exit(1); - } - -+ /* user */ -+ if (confinfo->user) { -+ user = strdup(confinfo->user); -+ } -+ - if (detach) { - parent_watchdog_create_signal_handlers(); - -@@ -883,6 +899,22 @@ int main(int argc, char **argv, char **envp) - watchdog_exit(1); - } - -+ if (user != NULL) { -+ struct passwd *pw = getpwnam(user); -+ if (pw == NULL) { -+ sprintf(errmsgstr, "user %s does not exist", user); -+ watchdog_error(errmsgstr); -+ watchdog_exit(1); -+ } -+ -+ if (chown(UDS_NAME, pw->pw_uid, pw->pw_gid) != 0) { -+ sprintf(errmsgstr, "chown failed errno %d %s", errno, strerror(errno)); -+ watchdog_error(errmsgstr); -+ watchdog_exit(1); -+ } -+ uid = pw->pw_uid; -+ } -+ - for (server_starts = 0;; ++server_starts) { - - _watchdog_death = 0; -@@ -895,7 +927,7 @@ int main(int argc, char **argv, char **envp) - - watchdog_create_signal_handlers(); - -- rv = _watchdog_exec(server_starts, server_exe, args, envp, &server_pid); -+ rv = _watchdog_exec(server_starts, server_exe, args, envp, &server_pid, uid); - - if (server_pid < 0) { - // exec failed: kill parent if it's still waiting -diff --git a/src/com/redhat/nuxwdog/wdconf.cpp b/src/com/redhat/nuxwdog/wdconf.cpp -index 95603c9..2d50575 100644 ---- a/src/com/redhat/nuxwdog/wdconf.cpp -+++ b/src/com/redhat/nuxwdog/wdconf.cpp -@@ -158,6 +158,9 @@ _watchdog_parse_conffile(char *conffile, - if (!strcasecmp(name, "ChildSecurity")) { - info->childSecurity = atoi(value); - } -+ if (!strcasecmp(name, "User")) { -+ info->user = strdup(value); -+ } - if (line != NULL) { - free(line); - line = NULL; -@@ -227,5 +230,9 @@ watchdog_confinfo_free(watchdog_conf_info_t *info) - free(info->childPidFile); - } - -+ if (info->user) { -+ free(info->user); -+ } -+ - free(info); - } -diff --git a/src/com/redhat/nuxwdog/wdconf.h b/src/com/redhat/nuxwdog/wdconf.h -index bb2e7b1..94f02e3 100644 ---- a/src/com/redhat/nuxwdog/wdconf.h -+++ b/src/com/redhat/nuxwdog/wdconf.h -@@ -36,7 +36,8 @@ typedef struct watchdog_conf_info_t { - char *exeContext; /* selinux type context */ - char *pidFile; /* pidFile */ - char *childPidFile; /* child pid file */ -- int childSecurity; /* enforce child security */ -+ int childSecurity; /* enforce child security */ -+ char *user; /* user to execute the process as */ - } watchdog_conf_info_t; - - watchdog_conf_info_t *watchdog_parse(char *conf_file); --- -2.14.3 - diff --git a/SPECS/nuxwdog.spec b/SPECS/nuxwdog.spec index 4d917ae..c916e7f 100644 --- a/SPECS/nuxwdog.spec +++ b/SPECS/nuxwdog.spec @@ -1,6 +1,6 @@ Name: nuxwdog -Version: 1.0.3 -Release: 8%{?dist} +Version: 1.0.5 +Release: 1%{?dist} Summary: Watchdog server to start and stop processes, and prompt for passwords # The entire source code is LGPLv2 except for the perl module, which is GPL+ or Artistic License: LGPLv2 and (GPL+ or Artistic) @@ -22,10 +22,7 @@ Requires: nss Requires: keyutils-libs Obsoletes: nuxwdog-client -Source0: https://fedorahosted.org/released/nuxwdog/%{name}-%{version}.tar.gz -Patch0: nuxwdog-Allow-unlimited-conf-line-length.patch -Patch1: nuxwdog-set-uid.patch -Patch2: nuxwdog-heisen-memory-bug.patch +Source0: https://github.com/dogtagpki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz # Note: there is an rpmlint warning about Nuxwdogclient.so being a private-shared-object-provide # This would ordinarily be fixed by calling the macro perl_default_filter, but @@ -71,9 +68,6 @@ The nuxwdog-client-perl package contains a perl interface to nuxwdog. %prep %setup -q -n %{name}-%{version} -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 %build ant \ @@ -144,6 +138,11 @@ rm -rf %{buildroot} %exclude %dir %{perl_vendorarch}/auto/ %changelog +* Mon Aug 05 2019 Dogtag Team 1.0.5-1 +- Resolves: rhbz #1509040 - nuxwdog spec file has outdated + source for tarballs (dmoluguw) +- Rebase to upstream nuxwdog 1.0.5-1 + * Mon Aug 20 2018 Dogtag Team 1.0.3-8 - Resolves: rhbz #1615617 - nuxwdog systemd - memory error when starting subCA (dmoluguw)