Compare commits
7 Commits
Author | SHA1 | Date |
---|---|---|
Petr Lautrbach | 376d277656 | |
Dan Walsh | cce7cd78d6 | |
Dan Walsh | 9689713120 | |
Dan Walsh | 1d34205ddf | |
Dan Walsh | 7e6b557780 | |
Dan Walsh | 88b34cc35a | |
Dan Walsh | c68fd2a45f |
|
@ -175,3 +175,7 @@ setroubleshoot-2.2.93.tar.gz
|
|||
/setroubleshoot-3.2.11.tar.gz
|
||||
/setroubleshoot-3.2.12.tar.gz
|
||||
/setroubleshoot-3.2.13.tar.gz
|
||||
/setroubleshoot-3.2.14.tar.gz
|
||||
/setroubleshoot-3.2.15.tar.gz
|
||||
/setroubleshoot-3.2.16.tar.gz
|
||||
/setroubleshoot-3.2.17.tar.gz
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
From d78a46d19ad3001fb3e3a44bd6b4bb507f2017f4 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 23 Mar 2015 13:58:08 +0100
|
||||
Subject: [PATCH 1/2] Fix get_rpm_nvr_*_temporary functions - rhbz#1203977
|
||||
|
||||
- use subprocess.check_output() instead of commands.getstatusoutput()
|
||||
- use os.path.abspath() to get a normalized absolutized version of the name
|
||||
---
|
||||
framework/src/setroubleshoot/util.py | 18 +++++++++---------
|
||||
1 file changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
|
||||
index 2dffb80..906735b 100755
|
||||
--- a/framework/src/setroubleshoot/util.py
|
||||
+++ b/framework/src/setroubleshoot/util.py
|
||||
@@ -263,25 +263,25 @@ def get_rpm_nvr_by_name_temporary(name):
|
||||
|
||||
nvr = None
|
||||
try:
|
||||
- import commands
|
||||
- rc, output = commands.getstatusoutput("rpm -q %s" % name)
|
||||
- if rc == 0:
|
||||
- nvr = output
|
||||
+ import subprocess
|
||||
+ nvr = subprocess.check_output(["rpm", "-q", name]).rstrip()
|
||||
except:
|
||||
syslog.syslog(syslog.LOG_ERR, "failed to retrieve rpm info for %s" % name)
|
||||
return nvr
|
||||
|
||||
|
||||
def get_rpm_nvr_by_file_path_temporary(name):
|
||||
- if name is None or not os.path.exists(name):
|
||||
+ if name is None:
|
||||
+ return None
|
||||
+
|
||||
+ name = os.path.abspath(name)
|
||||
+ if not os.path.exists(name):
|
||||
return None
|
||||
|
||||
nvr = None
|
||||
try:
|
||||
- import commands
|
||||
- rc, output = commands.getstatusoutput("rpm -qf '%s'" % name)
|
||||
- if rc == 0:
|
||||
- nvr = output
|
||||
+ import subprocess
|
||||
+ nvr = subprocess.check_output(["rpm", "-qf", name]).rstrip()
|
||||
except:
|
||||
syslog.syslog(syslog.LOG_ERR, "failed to retrieve rpm info for %s" % name)
|
||||
return nvr
|
||||
--
|
||||
2.3.3
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
diff -up setroubleshoot-3.2.14/po/bn_IN.po~ setroubleshoot-3.2.14/po/bn_IN.po
|
||||
--- setroubleshoot-3.2.14/po/bn_IN.po~ 2013-11-20 10:01:40.717181224 -0500
|
||||
+++ setroubleshoot-3.2.14/po/bn_IN.po 2013-11-20 10:02:47.154195170 -0500
|
||||
@@ -165,9 +165,7 @@ msgstr "উৎসের পà§<C3A0>রকà§<C3A0>à
|
||||
|
||||
#: ../src/browser.py:269
|
||||
msgid "Attempted Access"
|
||||
-msgstr ""
|
||||
-"\n"
|
||||
-"বà§<C3A0>যবহারের পà§<C3A0>রয়াস\n"
|
||||
+msgstr "বà§<C3A0>যবহারের পà§<C3A0>রয়াস"
|
||||
|
||||
#: ../src/browser.py:269
|
||||
msgid "On this"
|
||||
@@ -222,9 +220,8 @@ msgstr ""
|
||||
msgid ""
|
||||
"Report\n"
|
||||
"Bug"
|
||||
-msgstr ""
|
||||
-"বাগ সমà§<C3A0>পরà§<C3A0>কে\n"
|
||||
-"সূচিত করà§<C3A0>ন\n"
|
||||
+msgstr "বাগ সমà§<C3A0>পরà§<C3A0>কে\n"
|
||||
+"সূচিত করà§<C3A0>ন"
|
||||
|
||||
#: ../src/browser.py:543
|
||||
#, python-format
|
|
@ -1,13 +1,16 @@
|
|||
Summary: Helps troubleshoot SELinux problems
|
||||
Name: setroubleshoot
|
||||
Version: 3.2.13
|
||||
Release: 1%{?dist}
|
||||
Version: 3.2.17
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2+
|
||||
Group: Applications/System
|
||||
URL: https://fedorahosted.org/setroubleshoot
|
||||
# git clone git://git.fedorahosted.org/git/setroubleshoot.git; cd setroubleshoot
|
||||
# git archive --prefix setroubleshoot-3.0.10/426cf8ea7a38e8c5179981219d831368161b65f2 > setroubleshoot-3.0.10.tar.gz
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1203352
|
||||
# CVE-2015-1815
|
||||
Patch0: 0001-Fix-get_rpm_nvr_-_temporary-functions-rhbz-1203977.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: perl-XML-Parser
|
||||
BuildRequires: libcap-ng-devel
|
||||
|
@ -16,24 +19,16 @@ BuildRequires: desktop-file-utils dbus-glib-devel gtk2-devel libnotify-devel aud
|
|||
Requires: %{name}-server = %{version}-%{release}
|
||||
Requires: pygtk2-libglade >= 2.9.2
|
||||
Requires: gtk2
|
||||
Requires: dbus
|
||||
Requires: dbus-python
|
||||
Requires: pygobject2
|
||||
Requires: libreport-gtk
|
||||
Requires: polkit
|
||||
Requires: yum
|
||||
Requires: libreport-gtk, libreport-python
|
||||
Requires(post): desktop-file-utils
|
||||
Requires(post): dbus
|
||||
Requires(postun): desktop-file-utils
|
||||
Requires(postun): dbus
|
||||
Requires: notify-python
|
||||
|
||||
BuildRequires: xdg-utils
|
||||
Requires: xdg-utils
|
||||
|
||||
%global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")
|
||||
|
||||
%global pkgpythondir %{python_sitelib}/%{name}
|
||||
%global pkgpythondir %{python_sitearch}/%{name}
|
||||
%define pkgguidir %{_datadir}/%{name}/gui
|
||||
%define pkgdatadir %{_datadir}/%{name}
|
||||
%define pkglibexecdir %{_prefix}/libexec/%{name}
|
||||
|
@ -79,6 +74,7 @@ fi
|
|||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p 2 -b .CVE-2015-1815
|
||||
|
||||
%build
|
||||
%configure
|
||||
|
@ -108,9 +104,10 @@ Requires: policycoreutils-python
|
|||
BuildRequires: intltool gettext python
|
||||
BuildRequires: python-devel
|
||||
Requires: python-slip-dbus systemd-python >= 206-1
|
||||
|
||||
Requires(post): /sbin/service
|
||||
Requires(preun): /sbin/service
|
||||
Requires: pygobject2
|
||||
Requires: dbus
|
||||
Requires: dbus-python
|
||||
Requires: polkit
|
||||
|
||||
%description server
|
||||
Provides tools to help diagnose SELinux problems. When AVC messages
|
||||
|
@ -125,9 +122,8 @@ to user preference. The same tools can be run on existing log files.
|
|||
%systemd_postun_with_restart auditd.service
|
||||
|
||||
%triggerun server -- %{name}-server < 2.1.1
|
||||
/sbin/service %{name} stop >/dev/null 2>&1 || :
|
||||
chkconfig --del %{name} || :
|
||||
|
||||
/usr/bin/systemctl --no-reload disable %{name} >/dev/null 2>&1 || :
|
||||
/usr/bin/systemctl stop %{name} >/dev/null 2>&1 || :
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
|
||||
|
@ -136,7 +132,7 @@ rm -rf %{buildroot}
|
|||
%{_bindir}/sealert
|
||||
%{_sbindir}/sedispatch
|
||||
%{_sbindir}/setroubleshootd
|
||||
%{python_sitelib}/setroubleshoot*.egg-info
|
||||
%{python_sitearch}/setroubleshoot*.egg-info
|
||||
%dir %attr(0755,root,root) %{pkgconfigdir}
|
||||
%dir %attr(0755,root,root) %{pkgpythondir}
|
||||
%{pkgpythondir}/Plugin.py*
|
||||
|
@ -176,6 +172,36 @@ rm -rf %{buildroot}
|
|||
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
|
||||
|
||||
%changelog
|
||||
* Thu Mar 26 2015 Petr Lautrbach <plautrba@redhat.com> 3.2.17-2
|
||||
- Fix get_rpm_nvr_*_temporary functions - CVE-2015-1815 (#1203352)
|
||||
|
||||
* Mon Jan 20 2014 Dan Walsh <dwalsh@redhat.com> - 3.2.17-1
|
||||
- Fix unicode settings
|
||||
|
||||
* Tue Jan 7 2014 Dan Walsh <dwalsh@redhat.com> - 3.2.16-2
|
||||
- Remove requires for notify-python and yum
|
||||
|
||||
* Thu Jan 2 2014 Dan Walsh <dwalsh@redhat.com> - 3.2.16-1
|
||||
- Don't error out on no policy installed
|
||||
- Update translations.
|
||||
|
||||
* Thu Jan 2 2014 Dan Walsh <dwalsh@redhat.com> - 3.2.15-2
|
||||
- Eliminate requirement on service script.
|
||||
|
||||
* Tue Dec 3 2013 Dan Walsh <dwalsh@redhat.com> - 3.2.15-1
|
||||
- Update Lanquages
|
||||
- Use setup.py in Makefile for setroubleshoot dir
|
||||
|
||||
* Wed Nov 20 2013 Dan Walsh <dwalsh@redhat.com> - 3.2.14-2
|
||||
- Add requires for libreport-python
|
||||
|
||||
* Mon Sep 16 2013 Dan Walsh <dwalsh@redhat.com> - 3.2.14-1
|
||||
- Remove "the the" typo from code.
|
||||
- Update Translations
|
||||
|
||||
* Tue Sep 10 2013 Dan Walsh <dwalsh@redhat.com> - 3.2.13-2
|
||||
- Move some of the Requires block down to -server package
|
||||
|
||||
* Thu Aug 1 2013 Dan Walsh <dwalsh@redhat.com> - 3.2.13-1
|
||||
- Fix typo again in audit_data.py
|
||||
- Make setroubleshoot less noicy in logs
|
||||
|
|
Loading…
Reference in New Issue