From 58e9517596d8dd41fd041823f3179421201267a4 Mon Sep 17 00:00:00 2001 From: fche Date: Mon, 22 Mar 2010 22:34:39 +0000 Subject: [PATCH] upstream release --- .cvsignore | 2 +- sources | 2 +- systemtap-1.1-cfi-cfa_ops-fixes.patch | 283 ---------------------- systemtap-1.1-get_argv.patch | 183 -------------- systemtap-1.1-tighten-server-params.patch | 262 -------------------- systemtap.spec | 79 +++--- 6 files changed, 43 insertions(+), 768 deletions(-) delete mode 100644 systemtap-1.1-cfi-cfa_ops-fixes.patch delete mode 100644 systemtap-1.1-get_argv.patch delete mode 100644 systemtap-1.1-tighten-server-params.patch diff --git a/.cvsignore b/.cvsignore index 9726faa..9b23fe5 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -systemtap-1.1.tar.gz +systemtap-1.2.tar.gz diff --git a/sources b/sources index 4a5d6e0..6b527aa 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -bb760f76ecc400ed4d44a1399a06ca33 systemtap-1.1.tar.gz +8761f9a55f9de6fa4020f52f15ece39b systemtap-1.2.tar.gz diff --git a/systemtap-1.1-cfi-cfa_ops-fixes.patch b/systemtap-1.1-cfi-cfa_ops-fixes.patch deleted file mode 100644 index ed22ea0..0000000 --- a/systemtap-1.1-cfi-cfa_ops-fixes.patch +++ /dev/null @@ -1,283 +0,0 @@ -commit 08d1d520616557f6ff7dd023e260ad6577e9e0e8 -Author: Mark Wielaard -Date: Mon Jan 18 09:13:30 2010 +0100 - - PR11173 Markers get a bad address in prelinked libraries. - - Our literal_addr_to_sym_addr() function was just wrong. To compensate for - raw addresses read from elf (either given by the user or through a mark - transformation) we need to know what the elf_bias is (as returned by - dwfl_module_getelf) before feeding them to any libdwfl functions. - - * tapsets.cxx (query_module_dwarf): Always add elf_bias to raw function or - statement addresses before calling query_addr(). - (query_addr): Don't call literal_addr_to_sym_addr(). - * dwflpp.h (literal_addr_to_sym_addr): Removed. - * dwflpp.cxx (literal_addr_to_sym_addr): Likewise. - -diff --git a/dwflpp.cxx b/dwflpp.cxx -index 7dd31d0..e6fe017 100644 ---- a/dwflpp.cxx -+++ b/dwflpp.cxx -@@ -2771,45 +2771,6 @@ dwflpp::relocate_address(Dwarf_Addr dw_addr, string& reloc_section) - return reloc_addr; - } - --/* Converts a "global" literal address to the module symbol address -- * space. If necessary (not for kernel and executables using absolute -- * addresses), this adjust the address for the current module symbol -- * bias. Literal addresses are provided by the user (or contained on -- * the .probes section) based on the "on disk" layout of the module. -- */ --Dwarf_Addr --dwflpp::literal_addr_to_sym_addr(Dwarf_Addr lit_addr) --{ -- if (sess.verbose > 2) -- clog << "literal_addr_to_sym_addr 0x" << hex << lit_addr << dec << endl; -- -- // Assume the address came from the symbol list. -- // If we cannot get the symbol bias fall back on the dw bias. -- // The kernel (and other absolute executable modules) is special though. -- if (module_name != TOK_KERNEL -- && dwfl_module_relocations (module) > 0) -- { -- Dwarf_Addr symbias = ~0; -- if (dwfl_module_getsymtab (module) != -1) -- dwfl_module_info (module, NULL, NULL, NULL, NULL, -- &symbias, NULL, NULL); -- -- if (sess.verbose > 3) -- clog << "symbias 0x" << hex << symbias << dec -- << ", dwbias 0x" << hex << module_bias << dec << endl; -- -- if (symbias == (Dwarf_Addr) ~0) -- symbias = module_bias; -- -- lit_addr += symbias; -- } -- -- if (sess.verbose > 2) -- clog << "literal_addr_to_sym_addr ret 0x" << hex << lit_addr << dec << endl; -- -- return lit_addr; --} -- - /* Returns the call frame address operations for the given program counter - * in the libdw address space. - */ -diff --git a/dwflpp.h b/dwflpp.h -index cdc6ad9..523dd88 100644 ---- a/dwflpp.h -+++ b/dwflpp.h -@@ -284,8 +284,6 @@ struct dwflpp - - Dwarf_Addr relocate_address(Dwarf_Addr addr, std::string& reloc_section); - -- Dwarf_Addr literal_addr_to_sym_addr(Dwarf_Addr lit_addr); -- - - private: - DwflPtr dwfl_ptr; -diff --git a/tapsets.cxx b/tapsets.cxx -index 071f92d..d5c6b25 100644 ---- a/tapsets.cxx -+++ b/tapsets.cxx -@@ -761,6 +761,13 @@ dwarf_query::query_module_dwarf() - // number plus the module's bias. - Dwarf_Addr addr = has_function_num ? - function_num_val : statement_num_val; -+ -+ // These are raw addresses, we need to know what the elf_bias -+ // is to feed it to libdwfl based functions. -+ Dwarf_Addr elf_bias; -+ Elf *elf = dwfl_module_getelf (dw.module, &elf_bias); -+ assert(elf); -+ addr += elf_bias; - query_addr(addr, this); - } - else -@@ -1168,8 +1175,8 @@ query_addr(Dwarf_Addr addr, dwarf_query *q) - { - dwflpp &dw = q->dw; - -- // Translate to and actual sumbol address. -- addr = dw.literal_addr_to_sym_addr(addr); -+ if (q->sess.verbose > 2) -+ clog << "query_addr 0x" << hex << addr << dec << endl; - - // First pick which CU contains this address - Dwarf_Die* cudie = dw.query_cu_containing_address(addr); - -commit 87748e2b87e574d3c83866ccd0d83678c3c68d93 -Author: Mark Wielaard -Date: Tue Feb 2 13:47:19 2010 +0100 - - Make sure cfa_ops are always retrieved through dwfl global address. - - dwflpp::translate_location() works on the dw address space, but - get_cfa_ops() starts out with dwfl calls (only dwarf_cfi_addrframe() - needs to be adjusted for bias). - - * dwflpp.cxx (translate_location): Pass pc plus module bias through to - get_cfa_ops. - (get_cfa_ops): Adjust for bias when calling dwarf_cfi_addrframe(), - add frame start/end address when found if verbose logging. - * testsuite/systemtap.exelib/lib.stp: Add $foo and $bar variables to - process.function probes. - * testsuite/systemtap.exelib/libmarkunamestack.stp: Likewise. - * testsuite/systemtap.exelib/lib.tcl: Expect correct values for - process.function probe variables. - * testsuite/systemtap.exelib/libmarkunamestack.tcl: Likewise. - -diff --git a/dwflpp.cxx b/dwflpp.cxx -index e6fe017..d16411c 100644 ---- a/dwflpp.cxx -+++ b/dwflpp.cxx -@@ -1726,9 +1726,10 @@ dwflpp::translate_location(struct obstack *pool, - e->tok); - } - -- // pc is relative to current module, which is what get_cfa_ops -- // and c_translate_location expects. -- Dwarf_Op *cfa_ops = get_cfa_ops (pc); -+ // pc is in the dw address space of the current module, which is what -+ // c_translate_location expects. get_cfa_ops wants the global dwfl address. -+ Dwarf_Addr addr = pc + module_bias; -+ Dwarf_Op *cfa_ops = get_cfa_ops (addr); - return c_translate_location (pool, &loc2c_error, this, - &loc2c_emit_address, - 1, 0 /* PR9768 */, -@@ -2783,17 +2784,17 @@ dwflpp::get_cfa_ops (Dwarf_Addr pc) - clog << "get_cfa_ops @0x" << hex << pc << dec - << ", module_start @0x" << hex << module_start << dec << endl; - --#if _ELFUTILS_PREREQ(0,142) - // Try debug_frame first, then fall back on eh_frame. -- size_t cfa_nops; -- Dwarf_Addr bias; -+ size_t cfa_nops = 0; -+ Dwarf_Addr bias = 0; -+ Dwarf_Frame *frame = NULL; -+#if _ELFUTILS_PREREQ(0,142) - Dwarf_CFI *cfi = dwfl_module_dwarf_cfi (module, &bias); - if (cfi != NULL) - { - if (sess.verbose > 3) - clog << "got dwarf cfi bias: 0x" << hex << bias << dec << endl; -- Dwarf_Frame *frame = NULL; -- if (dwarf_cfi_addrframe (cfi, pc, &frame) == 0) -+ if (dwarf_cfi_addrframe (cfi, pc - bias, &frame) == 0) - dwarf_frame_cfa (frame, &cfa_ops, &cfa_nops); - else if (sess.verbose > 3) - clog << "dwarf_cfi_addrframe failed: " << dwarf_errmsg(-1) << endl; -@@ -2809,7 +2810,7 @@ dwflpp::get_cfa_ops (Dwarf_Addr pc) - if (sess.verbose > 3) - clog << "got eh cfi bias: 0x" << hex << bias << dec << endl; - Dwarf_Frame *frame = NULL; -- if (dwarf_cfi_addrframe (cfi, pc, &frame) == 0) -+ if (dwarf_cfi_addrframe (cfi, pc - bias, &frame) == 0) - dwarf_frame_cfa (frame, &cfa_ops, &cfa_nops); - else if (sess.verbose > 3) - clog << "dwarf_cfi_addrframe failed: " << dwarf_errmsg(-1) << endl; -@@ -2821,7 +2822,20 @@ dwflpp::get_cfa_ops (Dwarf_Addr pc) - #endif - - if (sess.verbose > 2) -- clog << (cfa_ops == NULL ? "not " : " ") << "found cfa" << endl; -+ { -+ if (cfa_ops == NULL) -+ clog << "not found cfa" << endl; -+ else -+ { -+ Dwarf_Addr frame_start, frame_end; -+ bool frame_signalp; -+ int info = dwarf_frame_info (frame, &frame_start, &frame_end, -+ &frame_signalp); -+ clog << "found cfa, info:" << info << " [start: 0x" << hex -+ << frame_start << dec << ", end: 0x" << hex << frame_end -+ << dec << "), nops: " << cfa_nops << endl; -+ } -+ } - - return cfa_ops; - } -diff --git a/testsuite/systemtap.exelib/lib.stp b/testsuite/systemtap.exelib/lib.stp -index 0151282..3fdc6db 100644 ---- a/testsuite/systemtap.exelib/lib.stp -+++ b/testsuite/systemtap.exelib/lib.stp -@@ -6,7 +6,7 @@ probe process(@1).function("main") { - } - - probe process(@1).function("main_func") { -- printf("main_func\n"); -+ printf("main_func %d\n", $foo); - } - - probe process(@2).function("lib_main") { -@@ -14,5 +14,5 @@ probe process(@2).function("lib_main") { - } - - probe process(@2).function("lib_func") { -- printf("lib_func\n"); -+ printf("lib_func %d\n", $bar); - } -diff --git a/testsuite/systemtap.exelib/lib.tcl b/testsuite/systemtap.exelib/lib.tcl -index c5b7402..a33290b 100644 ---- a/testsuite/systemtap.exelib/lib.tcl -+++ b/testsuite/systemtap.exelib/lib.tcl -@@ -1,11 +1,11 @@ - set ::result_string {main --main_func --main_func --main_func -+main_func 3 -+main_func 2 -+main_func 1 - lib_main --lib_func --lib_func --lib_func} -+lib_func 3 -+lib_func 2 -+lib_func 1} - - # Only run on make installcheck - if {! [installtest_p]} { untested "lib-$testname"; return } -diff --git a/testsuite/systemtap.exelib/libmarkunamestack.stp b/testsuite/systemtap.exelib/libmarkunamestack.stp -index 0efbae0..5ee229d 100644 ---- a/testsuite/systemtap.exelib/libmarkunamestack.stp -+++ b/testsuite/systemtap.exelib/libmarkunamestack.stp -@@ -7,7 +7,7 @@ probe process(@1).function("main") { - } - - probe process(@1).function("main_func") { -- printf("main_func\n"); -+ printf("main_func: %d\n", $foo); - } - - probe process(@2).function("lib_main") { -@@ -15,7 +15,7 @@ probe process(@2).function("lib_main") { - } - - probe process(@2).function("lib_func") { -- printf("lib_func\n"); -+ printf("lib_func: %d\n", $bar); - } - - #mark -diff --git a/testsuite/systemtap.exelib/libmarkunamestack.tcl b/testsuite/systemtap.exelib/libmarkunamestack.tcl -index 55dc10e..20111b3 100644 ---- a/testsuite/systemtap.exelib/libmarkunamestack.tcl -+++ b/testsuite/systemtap.exelib/libmarkunamestack.tcl -@@ -47,9 +47,9 @@ expect { - - # lib - -re {^main\r\n} {incr lib; exp_continue} -- -re {^main_func\r\n} {incr lib; exp_continue} -+ -re {^main_func: [1-3]\r\n} {incr lib; exp_continue} - -re {^lib_main\r\n} {incr lib; exp_continue} -- -re {^lib_func\r\n} {incr lib; exp_continue} -+ -re {^lib_func: [1-3]\r\n} {incr lib; exp_continue} - - # mark - -re {^main_count: [1-3]\r\n} {incr mark; exp_continue} diff --git a/systemtap-1.1-get_argv.patch b/systemtap-1.1-get_argv.patch deleted file mode 100644 index 2f755b0..0000000 --- a/systemtap-1.1-get_argv.patch +++ /dev/null @@ -1,183 +0,0 @@ -commit a2d399c87a642190f08ede63dc6fc434a5a8363a -Author: Josh Stone -Date: Thu Feb 4 17:47:31 2010 -0800 - - PR11234: Rewrite __get_argv without embedded-C - - We now implement __get_argv's string building in pure stap script. - Also, every argument is now quoted, which is different than before, but - it's much more robust about handling special characters. - -diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp -index bab0f64..e762b37 100644 ---- a/tapset/aux_syscalls.stp -+++ b/tapset/aux_syscalls.stp -@@ -399,124 +399,53 @@ function __sem_flags:string(semflg:long) - - - /* This function copies an argv from userspace. */ --function __get_argv:string(a:long, first:long) --%{ /* pure */ -- char __user *__user *argv = (char __user *__user *)(long)THIS->a; -- char __user *vstr; -- int space, rc, len = MAXSTRINGLEN; -- char *str = THIS->__retvalue; -- char buf[80]; -- char *ptr = buf; -- -- -- if (THIS->first && argv) -- argv++; -- -- while (argv != NULL) { -- if (__stp_get_user (vstr, argv)) -- break; -- -- if (vstr == NULL) -- break; -- -- rc = _stp_strncpy_from_user(buf, vstr, 79); -- if (rc <= 0) -- break; -- -- /* check for whitespace in string */ -- buf[rc] = 0; -- ptr = buf; -- space = 0; -- while (*ptr && rc--) { -- if (isspace(*ptr++)) { -- space = 1; -- break; -- } -- } -- -- if (len != MAXSTRINGLEN && len) { -- *str++=' '; -- len--; -- } -- -- if (space && len) { -- *str++='\"'; -- len--; -- } -- -- rc = strlcpy (str, buf, len); -- str += rc; -- len -= rc; -- -- if (space && len) { -- *str++='\"'; -- len--; -- } -- -- argv++; -+function __get_argv:string(argv:long, first:long) -+{ -+%( CONFIG_64BIT == "y" %? -+ if (first && argv) -+ argv += 8 -+ while (argv) { -+ vstr = user_long(argv) -+ if (!vstr) -+ break -+ if (len) -+ str .= " " -+ str .= user_string_quoted(vstr) -+ -+ newlen = strlen(str) -+ if (newlen == len) -+ break -+ len = newlen -+ argv += 8 - } -- *str = 0; --%} --/* This function copies an argv from userspace. */ --function __get_compat_argv:string(a:long, first:long) --%{ /* pure */ --#ifdef CONFIG_COMPAT -- compat_uptr_t __user *__user *argv = (compat_uptr_t __user *__user *)(long)THIS->a; -- compat_uptr_t __user *vstr; -- int space, rc, len = MAXSTRINGLEN; -- char *str = THIS->__retvalue; -- char buf[80]; -- char *ptr = buf; -- -- if (THIS->first && argv) -- argv++; -- -- while (argv != NULL) { -- if (__stp_get_user (vstr, argv)) -- break; -- -- if (vstr == NULL) -- break; -- -- rc = _stp_strncpy_from_user(buf, (char *)vstr, 79); -- if (rc <= 0) -- break; -- -- /* check for whitespace in string */ -- buf[rc] = 0; -- ptr = buf; -- space = 0; -- while (*ptr && rc--) { -- if (isspace(*ptr++)) { -- space = 1; -- break; -- } -- } -- -- if (len != MAXSTRINGLEN && len) { -- *str++=' '; -- len--; -- } -- -- if (space && len) { -- *str++='\"'; -- len--; -- } -- -- rc = strlcpy (str, buf, len); -- str += rc; -- len -= rc; -- -- if (space && len) { -- *str++='\"'; -- len--; -- } - -- argv++; -+ return str -+%: -+ return __get_compat_argv(argv, first) -+%) -+} -+/* This function copies an argv from userspace. */ -+function __get_compat_argv:string(argv:long, first:long) -+{ -+ if (first && argv) -+ argv += 4 -+ while (argv) { -+ vstr = user_int(argv) & 0xffffffff -+ if (!vstr) -+ break -+ if (len) -+ str .= " " -+ str .= user_string_quoted(vstr) -+ -+ newlen = strlen(str) -+ if (newlen == len) -+ break -+ len = newlen -+ argv += 4 - } -- *str = 0; --#endif --%} -+ -+ return str -+} - - /* - * Return the symbolic string representation diff --git a/systemtap-1.1-tighten-server-params.patch b/systemtap-1.1-tighten-server-params.patch deleted file mode 100644 index ee0c286..0000000 --- a/systemtap-1.1-tighten-server-params.patch +++ /dev/null @@ -1,262 +0,0 @@ -Note: Not including testsuite part. - -commit c0d1b5a004b9949bb455b7dbe17b335b7cab9ead -Author: Frank Ch. Eigler -Date: Fri Feb 12 10:25:43 2010 -0500 - - PR11105 part 2: tighten constraints on stap-server parameters passed to make - - * util.h, util.cxx (assert_match_regexp): New function. - * main.cxx (main): Constrain -R, -r, -a, -D, -S, -q, -B flags. - * stap-serverd (listen): Harden stap-server-connect with ulimit/loop. - -diff --git a/main.cxx b/main.cxx -index 8f5ee72..2dba179 100644 ---- a/main.cxx -+++ b/main.cxx -@@ -57,7 +57,7 @@ version () - << "SystemTap translator/driver " - << "(version " << VERSION << "/" << dwfl_version (NULL) - << " " << GIT_MESSAGE << ")" << endl -- << "Copyright (C) 2005-2009 Red Hat, Inc. and others" << endl -+ << "Copyright (C) 2005-2010 Red Hat, Inc. and others" << endl - << "This is free software; see the source for copying conditions." << endl; - } - -@@ -708,12 +708,12 @@ main (int argc, char * const argv []) - break; - - case 'o': -+ // NB: client_options not a problem, since pass 1-4 does not use output_file. - s.output_file = string (optarg); - break; - - case 'R': -- if (client_options) -- client_options_disallowed += client_options_disallowed.empty () ? "-R" : ", -R"; -+ if (client_options) { cerr << "ERROR: -R invalid with --client-options" << endl; usage(s,1); } - s.runtime_path = string (optarg); - break; - -@@ -722,6 +722,7 @@ main (int argc, char * const argv []) - client_options_disallowed += client_options_disallowed.empty () ? "-m" : ", -m"; - s.module_name = string (optarg); - save_module = true; -+ // XXX: convert to assert_regexp_match() - { - string::size_type len = s.module_name.length(); - -@@ -766,15 +767,14 @@ main (int argc, char * const argv []) - break; - - case 'r': -- if (client_options) -- client_options_disallowed += client_options_disallowed.empty () ? "-r" : ", -r"; -+ if (client_options) // NB: no paths! -+ assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_\\.-]+$"); - setup_kernel_release(s, optarg); - break; - - case 'a': -- if (client_options) -- client_options_disallowed += client_options_disallowed.empty () ? "-a" : ", -a"; -- s.architecture = string(optarg); -+ assert_regexp_match("-a parameter", optarg, "^[a-z0-9_-]+$"); -+ s.architecture = string(optarg); - break; - - case 'k': -@@ -821,16 +821,19 @@ main (int argc, char * const argv []) - break; - - case 'D': -+ assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=[a-z_0-9]+)?$"); - if (client_options) - client_options_disallowed += client_options_disallowed.empty () ? "-D" : ", -D"; - s.macros.push_back (string (optarg)); - break; - - case 'S': -+ assert_regexp_match ("-S parameter", optarg, "^[0-9]+(,[0-9]+)?$"); - s.size_option = string (optarg); - break; - - case 'q': -+ if (client_options) { cerr << "ERROR: -q invalid with --client-options" << endl; usage(s,1); } - s.tapset_compile_coverage = true; - break; - -@@ -861,9 +864,8 @@ main (int argc, char * const argv []) - break; - - case 'B': -- if (client_options) -- client_options_disallowed += client_options_disallowed.empty () ? "-B" : ", -B"; -- s.kbuildflags.push_back (string (optarg)); -+ if (client_options) { cerr << "ERROR: -B invalid with --client-options" << endl; usage(s,1); } -+ s.kbuildflags.push_back (string (optarg)); - break; - - case 0: -diff --git a/stap-serverd b/stap-serverd -index eda9711..5820286 100755 ---- a/stap-serverd -+++ b/stap-serverd -@@ -360,11 +360,19 @@ function advertise_presence { - function listen { - # The stap-server-connect program will listen forever - # accepting requests. -- ${stap_pkglibexecdir}stap-server-connect \ -- -p $port -n $nss_cert -d $ssl_db -w $nss_pw \ -- -s "$stap_options" \ -- >> $logfile 2>&1 & -- wait '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 -+ # CVE-2009-4273 ... or at least, until resource limits fire -+ while true; do # NB: loop to avoid DoS by deliberate rlimit-induced halt -+ # NB: impose resource limits in case of mischevious data inducing -+ # too much / long computation -+ (ulimit -f 50000 -s 1000 -t 60 -u 20 -v 500000; -+ exec ${stap_pkglibexecdir}stap-server-connect \ -+ -p $port -n $nss_cert -d $ssl_db -w $nss_pw \ -+ -s "$stap_options") & -+ stap_server_connect_pid=$! -+ wait -+ # NB: avoid superfast spinning in case of a ulimit or other failure -+ sleep 1 -+ done >> $logfile 2>&1 - } - - # function: warning [ MESSAGE ] -@@ -396,8 +404,8 @@ function terminate { - wait '%avahi-publish-service' >> $logfile 2>&1 - - # Kill any running 'stap-server-connect' job. -- kill -s SIGTERM '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 -- wait '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 -+ kill -s SIGTERM $stap_server_connect_pid >> $logfile 2>&1 -+ wait $stap_server_connect_pid >> $logfile 2>&1 - - exit - } -diff --git a/util.cxx b/util.cxx -index 736e5a3..73ba167 100644 ---- a/util.cxx -+++ b/util.cxx -@@ -1,5 +1,5 @@ - // Copyright (C) Andrew Tridgell 2002 (original file) --// Copyright (C) 2006, 2009 Red Hat Inc. (systemtap changes) -+// Copyright (C) 2006-2010 Red Hat Inc. (systemtap changes) - // - // This program is free software; you can redistribute it and/or - // modify it under the terms of the GNU General Public License as -@@ -19,6 +19,8 @@ - #include "sys/sdt.h" - #include - #include -+#include -+#include - - extern "C" { - #include -@@ -31,6 +33,7 @@ extern "C" { - #include - #include - #include -+#include - } - - using namespace std; -@@ -413,4 +416,35 @@ kill_stap_spawn(int sig) - return spawned_pid ? kill(spawned_pid, sig) : 0; - } - -+ -+void assert_regexp_match (const string& name, const string& value, const string& re) -+{ -+ typedef map cache; -+ static cache compiled; -+ cache::iterator it = compiled.find (re); -+ regex_t* r = 0; -+ if (it == compiled.end()) -+ { -+ r = new regex_t; -+ int rc = regcomp (r, re.c_str(), REG_ICASE|REG_NOSUB|REG_EXTENDED); -+ if (rc) { -+ cerr << "regcomp " << re << " (" << name << ") error rc=" << rc << endl; -+ exit(1); -+ } -+ compiled[re] = r; -+ } -+ else -+ r = it->second; -+ -+ // run regexec -+ int rc = regexec (r, value.c_str(), 0, 0, 0); -+ if (rc) -+ { -+ cerr << "ERROR: Safety pattern mismatch for " << name -+ << " ('" << value << "' vs. '" << re << "') rc=" << rc << endl; -+ exit(1); -+ } -+} -+ -+ - /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ -diff --git a/util.h b/util.h -index 8fc64cb..75e198c 100644 ---- a/util.h -+++ b/util.h -@@ -21,7 +21,7 @@ const std::string cmdstr_quoted(const std::string& cmd); - std::string git_revision(const std::string& path); - int stap_system(int verbose, const std::string& command); - int kill_stap_spawn(int sig); -- -+void assert_regexp_match (const std::string& name, const std::string& value, const std::string& re); - - // stringification generics - - -commit cc9e5488d82b728e568bca1f8d6094856fc8e641 -Author: Frank Ch. Eigler -Date: Fri Feb 12 10:39:58 2010 -0500 - - PR11105 part 2a, fix buggy \\. in -r option regexp - -diff --git a/main.cxx b/main.cxx -index 2dba179..b5fdbc0 100644 ---- a/main.cxx -+++ b/main.cxx -@@ -768,7 +768,7 @@ main (int argc, char * const argv []) - - case 'r': - if (client_options) // NB: no paths! -- assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_\\.-]+$"); -+ assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_.-]+$"); - setup_kernel_release(s, optarg); - break; - - -commit c8408b459b88a5aa5f4325e690aef95b5da7c2eb -Author: Mark Wielaard -Date: Sun Feb 14 21:42:06 2010 +0100 - - PR11281 Allow negative values for -D argument. - - Change regexp match to "^[a-z_][a-z_0-9]*(=-?[a-z_0-9]+)?$". - - * main.cxx (main): case 'D' allow optional single minus sign after equal - in assert_regexp_match(). - -diff --git a/main.cxx b/main.cxx -index b5fdbc0..faac7f8 100644 ---- a/main.cxx -+++ b/main.cxx -@@ -821,7 +821,7 @@ main (int argc, char * const argv []) - break; - - case 'D': -- assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=[a-z_0-9]+)?$"); -+ assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=-?[a-z_0-9]+)?$"); - if (client_options) - client_options_disallowed += client_options_disallowed.empty () ? "-D" : ", -D"; - s.macros.push_back (string (optarg)); diff --git a/systemtap.spec b/systemtap.spec index 9cd1926..059a47b 100644 --- a/systemtap.spec +++ b/systemtap.spec @@ -11,8 +11,8 @@ %{!?publican_brand: %global publican_brand fedora} Name: systemtap -Version: 1.1 -Release: 2%{?dist} +Version: 1.2 +Release: 1%{?dist} # for version, see also configure.ac Summary: Instrumentation System Group: Development/System @@ -56,10 +56,6 @@ BuildRequires: elfutils-devel >= %{elfutils_version} Requires: crash %endif -Patch10: systemtap-1.1-cfi-cfa_ops-fixes.patch -Patch11: systemtap-1.1-get_argv.patch -Patch12: systemtap-1.1-tighten-server-params.patch - %if %{with_docs} BuildRequires: /usr/bin/latex /usr/bin/dvips /usr/bin/ps2pdf latex2html # On F10, xmlto's pdf support was broken off into a sub-package, @@ -193,10 +189,6 @@ find . \( -name configure -o -name config.h.in \) -print | xargs touch cd .. %endif -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 - %build %if %{with_bundled_elfutils} @@ -283,6 +275,9 @@ find examples testsuite -type f -name '*.stp' -print0 | xargs -0 sed -i -r -e '1 # permissions back to 04111 in the %files section below. chmod 755 $RPM_BUILD_ROOT%{_bindir}/staprun +#install the useful stap-prep script +install -c -m 755 stap-prep $RPM_BUILD_ROOT%{_bindir}/stap-prep + # Copy over the testsuite cp -rp testsuite $RPM_BUILD_ROOT%{_datadir}/systemtap @@ -313,37 +308,44 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/stap-server mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/stap-server/conf.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig install -m 644 initscript/config.stap-server $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/stap-server -mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log -touch $RPM_BUILD_ROOT%{_localstatedir}/log/stap-server.log +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/stap-server +touch $RPM_BUILD_ROOT%{_localstatedir}/log/stap-server/log +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d +install -m 644 initscript/logrotate.stap-server $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/stap-server %clean rm -rf ${RPM_BUILD_ROOT} +%pre +getent group stap-server >/dev/null || groupadd -g 155 -r stap-server || groupadd -r stap-server + %pre runtime getent group stapdev >/dev/null || groupadd -r stapdev getent group stapusr >/dev/null || groupadd -r stapusr exit 0 %pre server -getent group stap-server >/dev/null || groupadd -r stap-server -getent passwd stap-server >/dev/null || useradd -c "Systemtap Compile Server" -g stap-server -d %{_localstatedir}/lib/stap-server -m -r -s /sbin/nologin stap-server -chmod 755 %{_localstatedir}/lib/stap-server +getent passwd stap-server >/dev/null || \ + useradd -c "Systemtap Compile Server" -u 155 -g stap-server -d %{_localstatedir}/lib/stap-server -m -r -s /sbin/nologin stap-server || \ + useradd -c "Systemtap Compile Server" -g stap-server -d %{_localstatedir}/lib/stap-server -m -r -s /sbin/nologin stap-server +test -e ~stap-server && chmod 755 ~stap-server exit 0 %post server -chmod 664 %{_localstatedir}/log/stap-server.log -chown stap-server %{_localstatedir}/log/stap-server.log -chgrp stap-server %{_localstatedir}/log/stap-server.log -# Make sure that the uprobes module can be built by the server -test -e /usr/share/systemtap/runtime/uprobes || mkdir -p /usr/share/systemtap/runtime/uprobes -chgrp stap-server /usr/share/systemtap/runtime/uprobes -chmod 775 /usr/share/systemtap/runtime/uprobes -# As stap-server, generate the certificate used for signing and for ssl. -runuser -s /bin/sh - stap-server -c %{_libexecdir}/%{name}/stap-gen-cert >/dev/null -# Authorize the certificate as a trusted ssl peer and as a trusted signer -# local host. -%{_bindir}/stap-authorize-server-cert %{_localstatedir}/lib/stap-server/.systemtap/ssl/server/stap.cert -%{_bindir}/stap-authorize-signing-cert %{_localstatedir}/lib/stap-server/.systemtap/ssl/server/stap.cert +test -e %{_localstatedir}/log/stap-server/log || { + touch %{_localstatedir}/log/stap-server/log + chmod 664 %{_localstatedir}/log/stap-server/log + chown stap-server:stap-server %{_localstatedir}/log/stap-server/log +} +# If it does not already exit, as stap-server, generate the certificate +# used for signing and for ssl. +if test ! -e ~stap-server/.systemtap/ssl/server/stap.cert; then + runuser -s /bin/sh - stap-server -c %{_libexecdir}/%{name}/stap-gen-cert >/dev/null + # Authorize the certificate as a trusted ssl peer and as a trusted signer + # on the local host. + %{_bindir}/stap-authorize-server-cert ~stap-server/.systemtap/ssl/server/stap.cert + %{_bindir}/stap-authorize-signing-cert ~stap-server/.systemtap/ssl/server/stap.cert +fi # Activate the service /sbin/chkconfig --add stap-server @@ -389,12 +391,12 @@ exit 0 %post # Remove any previously-built uprobes.ko materials -(make -C /usr/share/systemtap/runtime/uprobes clean) >/dev/null 2>&1 || true +(make -C %{_datadir}/%{name}/runtime/uprobes clean) >/dev/null 2>&1 || true (/sbin/rmmod uprobes) >/dev/null 2>&1 || true %preun # Ditto -(make -C /usr/share/systemtap/runtime/uprobes clean) >/dev/null 2>&1 || true +(make -C %{_datadir}/%{name}/runtime/uprobes clean) >/dev/null 2>&1 || true (/sbin/rmmod uprobes) >/dev/null 2>&1 || true %files @@ -410,6 +412,7 @@ exit 0 %endif %{_bindir}/stap +%{_bindir}/stap-prep %{_bindir}/stap-report %{_mandir}/man1/* %{_mandir}/man3/* @@ -428,6 +431,9 @@ exit 0 %{_libdir}/%{name}/staplog.so* %endif +# Make sure that the uprobes module can be built by root and by the server +%dir %attr(0775,root,stap-server) %{_datadir}/%{name}/runtime/uprobes + %files runtime %defattr(-,root,root) %attr(4111,root,root) %{_bindir}/staprun @@ -469,10 +475,12 @@ exit 0 %{_mandir}/man8/stap-server.8* %{_mandir}/man8/stap-authorize-server-cert.8* %{_sysconfdir}/rc.d/init.d/stap-server +%config(noreplace) %{_sysconfdir}/logrotate.d/stap-server %dir %{_sysconfdir}/stap-server %dir %{_sysconfdir}/stap-server/conf.d %config(noreplace) %{_sysconfdir}/sysconfig/stap-server -%{_localstatedir}/log/stap-server.log +%dir %attr(0755,stap-server,stap-server) %{_localstatedir}/log/stap-server +%ghost %config %attr(0644,stap-server,stap-server) %{_localstatedir}/log/stap-server/log %doc initscript/README.stap-server %files sdt-devel @@ -500,13 +508,8 @@ exit 0 %changelog -* Mon Feb 15 2010 Mark Wielaard - 1.1-2 -- Add systemtap-1.1-cfi-cfa_ops-fixes.patch - - Resolves RHBZ #564429 -- Add systemtap-1.1-get_argv.patch - - Resolves CVE-2010-0411 -- Add systemtap-1.1-tighten-server-params.patch (excluding testsuite) - - Resolves CVE-2010-0412, CVE-2009-4273 +* Mon Mar 22 2010 Frank Ch. Eigler - 1.2-1 +- Upstream release. * Mon Dec 21 2009 David Smith - 1.1-1 - Upstream release.