dist-git conversion

#2781)

.cvsignore

@@ -1 +0,0 @@
-systemtap-0.7.tar.gz

.gitignore

@@ -0,0 +1 @@
+systemtap-1.0.tar.gz

Makefile

@@ -1,93 +0,0 @@
-# Makefile for source rpm: systemtap
-# $Id: Makefile,v 1.2 2006/07/19 22:31:35 roland Exp $
-NAME := systemtap
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attempt a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)
-
-tarball = systemtap-$(VERSION).tar.gz
-
-ifeq ($(clobber),t)
-commit-check = :
-else
-commit-check = cvs -Q diff --brief > /dev/null 2>&1
-endif
-
-elfutils-version := $(shell awk '$$2 == "elfutils_version" { print $$3 }' \
-				systemtap.spec)
-eu-dir = ../../elfutils/devel
-$(eu-dir)/elfutils.spec: FORCE
-	cd $(@D) && cvs -Q update && $(commit-check)
-$(eu-dir)/%.tar.gz: $(eu-dir)/elfutils.spec
-	$(MAKE) -C $(@D) sources
-$(eu-dir)/%.patch: $(eu-dir)/elfutils.spec ;
-
-import-systemtap: $(tarball)
-	$(commit-check) systemtap.spec
-	tar -zf $(tarball) -xO '*.spec' > systemtap.spec
-	$(MAKE) upload-systemtap
-	touch $@
-
-upload-systemtap: $(tarball) \
-		  $(addprefix $(eu-dir)/,\
-					 elfutils-$(elfutils-version).tar.gz \
-					 elfutils-portability.patch)
-	ln -f $(filter $(eu-dir)/%.tar.gz,$^) .
-	ln -f $(filter $(eu-dir)/%.patch,$^) .
-	$(MAKE) new-source FILES='$(filter-out %.patch,$^)'
-
-copy-sources-%: import-systemtap
-	cd ../$* && $(commit-check)
-	cp -f sources elfutils-portability.patch ../$*
-	ln -f elfutils-*.tar.gz $(tarball) ../$*
-
-propagate-%: copy-sources-%
-	cp -f systemtap.spec ../$*
-	touch $@
-
-# No automagic macros in beehive, only brew.
-propagate-RHEL-4: copy-sources-RHEL-4 ../RHEL-4/systemtap.spec
-	touch $@
-propagate-FC-4: copy-sources-FC-4 ../FC-4/systemtap.spec
-	touch $@
-
-../RHEL-4/systemtap.spec: systemtap.spec import-systemtap
-	@rm -f $@.new
-	(echo '%define dist .el4'; \
-	 echo '%define rhel 4'; \
-	 cat systemtap.spec) > $@.new
-	mv -f $@.new $@
-../FC-4/systemtap.spec: systemtap.spec import-systemtap
-	@rm -f $@.new
-	(echo '%define dist .fc4'; \
-	 echo '%define fedora 4'; \
-	 cat systemtap.spec) > $@.new
-	mv -f $@.new $@
-
-.PRECIOUS: propagate-% tag-%
-
-commit-%: propagate-%
-	cd ../$* && cvs commit -m'Automatic update to $(VERSION)'
-	touch $@
-
-tag-%: commit-%
-	cd ../$* && $(MAKE) tag
-	touch $@
-
-build-%: tag-%
-	cd ../$* && $(MAKE) build

SystemTap-1.0-limit-dwarf-expression-stack-size.patch

@@ -0,0 +1,123 @@
+diff --git a/dwflpp.cxx b/dwflpp.cxx
+index 636cd38..c31548d 100644
+--- a/dwflpp.cxx
++++ b/dwflpp.cxx
+@@ -2272,7 +2272,15 @@ dwflpp::express_as_string (string prelude,
+ 
+   fprintf(memstream, "{\n");
+   fprintf(memstream, "%s", prelude.c_str());
+-  bool deref = c_emit_location (memstream, head, 1);
++
++  unsigned int stack_depth;
++  bool deref = c_emit_location (memstream, head, 1, &stack_depth);
++
++  // Ensure that DWARF keeps loc2c to a "reasonable" stack size
++  // 32 intptr_t leads to max 256 bytes on the stack
++  if (stack_depth > 32)
++    throw semantic_error("oversized DWARF stack");
++
+   fprintf(memstream, "%s", postlude.c_str());
+   fprintf(memstream, "  goto out;\n");
+ 
+diff --git a/loc2c-test.c b/loc2c-test.c
+index 495a95f..ed7aa4b 100644
+--- a/loc2c-test.c
++++ b/loc2c-test.c
+@@ -329,11 +329,14 @@ handle_variable (Dwarf_Die *lscopes, int lnscopes, int out,
+ 	"{\n"
+ 	"  intptr_t value;");
+ 
+-  bool deref = c_emit_location (stdout, head, 1);
++  unsigned int stack_depth;
++  bool deref = c_emit_location (stdout, head, 1, &stack_depth);
+ 
+   obstack_free (&pool, NULL);
+ 
+-  puts (store ? " return;" :
++  printf ("  /* max expression stack depth %u */\n", stack_depth);
++
++  puts (store ? "  return;" :
+ 	"  printk (\" ---> %ld\\n\", (unsigned long) value);\n"
+ 	"  return;");
+ 
+diff --git a/loc2c.c b/loc2c.c
+index 5d6b549..0716c7d 100644
+--- a/loc2c.c
++++ b/loc2c.c
+@@ -2071,7 +2071,8 @@ emit_loc_address (FILE *out, struct location *loc, unsigned int indent,
+    assign it to an address-sized value.  */
+ static void
+ emit_loc_value (FILE *out, struct location *loc, unsigned int indent,
+-		const char *target, bool declare)
++		const char *target, bool declare,
++		bool *used_deref, unsigned int *max_stack)
+ {
+   if (declare)
+     emit ("%*s%s %s;\n", indent * 2, "", STACK_TYPE, target);
+@@ -2091,6 +2092,9 @@ emit_loc_value (FILE *out, struct location *loc, unsigned int indent,
+     case loc_address:
+     case loc_value:
+       emit_loc_address (out, loc, indent, target);
++      *used_deref = *used_deref || loc->address.used_deref;
++      if (loc->address.stack_depth > *max_stack)
++	*max_stack = loc->address.stack_depth;
+       break;
+     }
+ 
+@@ -2098,7 +2102,8 @@ emit_loc_value (FILE *out, struct location *loc, unsigned int indent,
+ }
+ 
+ bool
+-c_emit_location (FILE *out, struct location *loc, int indent)
++c_emit_location (FILE *out, struct location *loc, int indent,
++		 unsigned int *max_stack)
+ {
+   emit ("%*s{\n", indent * 2, "");
+ 
+@@ -2134,9 +2139,11 @@ c_emit_location (FILE *out, struct location *loc, int indent)
+       }
+ 
+   bool deref = false;
++  *max_stack = 0;
+ 
+   if (loc->frame_base != NULL)
+-    emit_loc_value (out, loc->frame_base, indent, "frame_base", true);
++    emit_loc_value (out, loc->frame_base, indent, "frame_base", true,
++		    &deref, max_stack);
+ 
+   for (; loc->next != NULL; loc = loc->next)
+     switch (loc->type)
+@@ -2144,8 +2151,7 @@ c_emit_location (FILE *out, struct location *loc, int indent)
+       case loc_address:
+       case loc_value:
+ 	/* Emit the program fragment to calculate the address.  */
+-	emit_loc_value (out, loc, indent + 1, "addr", false);
+-	deref = deref || loc->address.used_deref;
++	emit_loc_value (out, loc, indent + 1, "addr", false, &deref, max_stack);
+ 	break;
+ 
+       case loc_fragment:
+@@ -2172,6 +2178,9 @@ c_emit_location (FILE *out, struct location *loc, int indent)
+ 
+   emit ("%s%*s}\n", loc->address.program, indent * 2, "");
+ 
++  if (loc->address.stack_depth > *max_stack)
++    *max_stack = loc->address.stack_depth;
++
+   return deref || loc->address.used_deref;
+ }
+ 
+diff --git a/loc2c.h b/loc2c.h
+index becf2d8..45d9382 100644
+--- a/loc2c.h
++++ b/loc2c.h
+@@ -112,6 +112,7 @@ struct location *c_translate_argument (struct obstack *,
+ 
+    Writes complete lines of C99, code forming a complete C block, to STREAM.
+    Return value is true iff that code uses the `deref' runtime macros.  */
+-bool c_emit_location (FILE *stream, struct location *loc, int indent);
++bool c_emit_location (FILE *stream, struct location *loc, int indent,
++		      unsigned int *max_stack);
+ 
+ /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */
+

SystemTap-1.0-limit-printf-arguments.patch

@@ -0,0 +1,62 @@
+diff --git a/buildrun.cxx b/buildrun.cxx
+index 100cbc4..c86a442 100644
+--- a/buildrun.cxx
++++ b/buildrun.cxx
+@@ -200,6 +200,9 @@ compile_pass (systemtap_session& s)
+ 
+   // o << "CFLAGS += -fno-unit-at-a-time" << endl;
+ 
++  // 600 bytes should be enough for anybody
++  o << "EXTRA_CFLAGS += $(call cc-option,-Wframe-larger-than=600)" << endl;
++
+   // Assumes linux 2.6 kbuild
+   o << "EXTRA_CFLAGS += -Wno-unused -Werror" << endl;
+   #if CHECK_POINTER_ARITH_PR5947
+diff --git a/testsuite/transko/varargs.stp b/testsuite/transko/varargs.stp
+new file mode 100755
+index 0000000..f38309a
+--- /dev/null
++++ b/testsuite/transko/varargs.stp
+@@ -0,0 +1,10 @@
++#! stap -p3
++
++probe begin {
++    // PR10750 enforces at most 32 print args
++    println(1, 2, 3, 4, 5, 6, 7, 8,
++            9, 10, 11, 12, 13, 14, 15, 16,
++            17, 18, 19, 20, 21, 22, 23, 24,
++            25, 26, 27, 28, 29, 30, 31, 32,
++            33)
++}
+diff --git a/testsuite/transok/varargs.stp b/testsuite/transok/varargs.stp
+new file mode 100755
+index 0000000..216166f
+--- /dev/null
++++ b/testsuite/transok/varargs.stp
+@@ -0,0 +1,9 @@
++#! stap -p3
++
++probe begin {
++    // PR10750 enforces at most 32 print args
++    println(1, 2, 3, 4, 5, 6, 7, 8,
++            9, 10, 11, 12, 13, 14, 15, 16,
++            17, 18, 19, 20, 21, 22, 23, 24,
++            25, 26, 27, 28, 29, 30, 31, 32)
++}
+diff --git a/translate.cxx b/translate.cxx
+index 04a9247..c73a5bd 100644
+--- a/translate.cxx
++++ b/translate.cxx
+@@ -4151,6 +4151,11 @@ c_unparser::visit_print_format (print_format* e)
+     {
+       stmt_expr block(*this);
+ 
++      // PR10750: Enforce a reasonable limit on # of varargs
++      // 32 varargs leads to max 256 bytes on the stack
++      if (e->args.size() > 32)
++        throw semantic_error("too many arguments to print", e->tok);
++
+       // Compute actual arguments
+       vector<tmpvar> tmp;
+ 
+

SystemTap-1.0-unwind-table-size-checks.patch

@@ -0,0 +1,180 @@
+diff --git a/runtime/unwind.c b/runtime/unwind.c
+index 00108a3..7607770 100644
+--- a/runtime/unwind.c
++++ b/runtime/unwind.c
+@@ -88,7 +88,7 @@ static sleb128_t get_sleb128(const u8 **pcur, const u8 *end)
+ 
+ /* given an FDE, find its CIE */
+ static const u32 *cie_for_fde(const u32 *fde, void *unwind_data,
+-			      int is_ehframe)
++			      uint32_t table_len, int is_ehframe)
+ {
+ 	const u32 *cie;
+ 
+@@ -118,6 +118,11 @@ static const u32 *cie_for_fde(const u32 *fde, void *unwind_data,
+ 	else
+ 		cie = unwind_data + fde[1];
+ 
++	/* Make sure address falls in the table */
++	if (((void *)cie) < ((void*)unwind_data)
++	    || ((void*)cie) > ((void*)(unwind_data + table_len)))
++	  return NULL;
++
+ 	if (*cie <= sizeof(*cie) + 4 || *cie >= fde[1] - sizeof(*fde)
+ 	    || (*cie & (sizeof(*cie) - 1))
+ 	    || (cie[1] != 0xffffffff && cie[1] != 0)) {
+@@ -200,7 +205,8 @@ static unsigned long read_pointer(const u8 **pLoc, const void *end, signed ptrTy
+ 	return value;
+ }
+ 
+-static signed fde_pointer_type(const u32 *cie)
++static signed fde_pointer_type(const u32 *cie, void *unwind_data,
++			       uint32_t table_len)
+ {
+ 	const u8 *ptr = (const u8 *)(cie + 2);
+ 	unsigned version = *ptr;
+@@ -212,11 +218,16 @@ static signed fde_pointer_type(const u32 *cie)
+ 		const u8 *end = (const u8 *)(cie + 1) + *cie;
+ 		uleb128_t len;
+ 
++		/* end of cie should fall within unwind table. */
++		if (((void*)end) < ((void *)unwind_data)
++		    || ((void *)end) > ((void *)(unwind_data + table_len)))
++		  return -1;
++
+ 		/* check if augmentation size is first (and thus present) */
+ 		if (*ptr != 'z')
+ 			return -1;
+ 		/* check if augmentation string is nul-terminated */
+-		if ((ptr = memchr(aug = (const void *)ptr, 0, end - ptr)) == NULL)
++		if ((ptr = memchr(aug = (const void *)ptr, 0, end - ptr)) == NULL) 
+ 			return -1;
+ 		++ptr;		/* skip terminator */
+ 		get_uleb128(&ptr, end);	/* skip code alignment */
+@@ -267,6 +278,10 @@ static void set_rule(uleb128_t reg, enum item_location where, uleb128_t value, s
+ 	}
+ }
+ 
++/* Limit the number of instructions we process. Arbitrary limit.
++   512 should be enough for anybody... */
++#define MAX_CFI 512
++
+ static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc, signed ptrType, struct unwind_state *state)
+ {
+ 	union {
+@@ -276,6 +291,9 @@ static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc, s
+ 	} ptr;
+ 	int result = 1;
+ 
++	if (end - start > MAX_CFI)
++	  return 0;
++
+ 	dbug_unwind(1, "targetLoc=%lx state->loc=%lx\n", targetLoc, state->loc);
+ 	if (start != state->cieStart) {
+ 		state->loc = state->org;
+@@ -606,10 +624,10 @@ static int unwind_frame(struct unwind_frame_info *frame,
+ 
+ 	/* found the fde, now set startLoc and endLoc */
+ 	if (fde != NULL) {
+-		cie = cie_for_fde(fde, table, is_ehframe);
++		cie = cie_for_fde(fde, table, table_len, is_ehframe);
+ 		if (likely(cie != NULL && cie != &bad_cie && cie != &not_fde)) {
+ 			ptr = (const u8 *)(fde + 2);
+-			ptrType = fde_pointer_type(cie);
++			ptrType = fde_pointer_type(cie, table, table_len);
+ 			startLoc = read_pointer(&ptr, (const u8 *)(fde + 1) + *fde, ptrType);
+ 			startLoc = adjustStartLoc(startLoc, m, s, ptrType, is_ehframe);
+ 
+@@ -632,12 +650,12 @@ static int unwind_frame(struct unwind_frame_info *frame,
+ 	    for (fde = table, tableSize = table_len; cie = NULL, tableSize > sizeof(*fde)
+ 		 && tableSize - sizeof(*fde) >= *fde; tableSize -= sizeof(*fde) + *fde, fde += 1 + *fde / sizeof(*fde)) {
+ 			dbug_unwind(3, "fde=%lx tableSize=%d\n", (long)*fde, (int)tableSize);
+-			cie = cie_for_fde(fde, table, is_ehframe);
++			cie = cie_for_fde(fde, table, table_len, is_ehframe);
+ 			if (cie == &bad_cie) {
+ 				cie = NULL;
+ 				break;
+ 			}
+-			if (cie == NULL || cie == &not_fde || (ptrType = fde_pointer_type(cie)) < 0)
++			if (cie == NULL || cie == &not_fde || (ptrType = fde_pointer_type(cie, table, table_len)) < 0)
+ 				continue;
+ 
+ 			ptr = (const u8 *)(fde + 2);
+@@ -666,6 +684,12 @@ static int unwind_frame(struct unwind_frame_info *frame,
+ 	state.cieEnd = ptr;	/* keep here temporarily */
+ 	ptr = (const u8 *)(cie + 2);
+ 	end = (const u8 *)(cie + 1) + *cie;
++
++	/* end should fall within unwind table. */
++	if (((void *)end) < table
++	    || ((void *)end) > ((void *)(table + table_len)))
++	  goto err;
++
+ 	frame->call_frame = 1;
+ 	if ((state.version = *ptr) != 1) {
+ 		dbug_unwind(1, "CIE version number is %d.  1 is supported.\n", state.version);
+@@ -723,6 +747,11 @@ static int unwind_frame(struct unwind_frame_info *frame,
+ 	state.cieEnd = end;
+ 	end = (const u8 *)(fde + 1) + *fde;
+ 
++	/* end should fall within unwind table. */
++	if (((void*)end) < table
++	    || ((void *)end) > ((void *)(table + table_len)))
++	  goto err;
++
+ 	/* skip augmentation */
+ 	if (((const char *)(cie + 2))[1] == 'z') {
+ 		uleb128_t augSize = get_uleb128(&ptr, end);
+diff --git a/runtime/unwind/unwind.h b/runtime/unwind/unwind.h
+index 285a3a3..023ea60 100644
+--- a/runtime/unwind/unwind.h
++++ b/runtime/unwind/unwind.h
+@@ -143,8 +143,10 @@ static unsigned long read_pointer(const u8 **pLoc,
+                                   const void *end,
+                                   signed ptrType);
+ static const u32 bad_cie, not_fde;
+-static const u32 *cie_for_fde(const u32 *fde, void *table, int is_ehframe);
+-static signed fde_pointer_type(const u32 *cie);
++static const u32 *cie_for_fde(const u32 *fde, void *table,
++			      uint32_t table_len, int is_ehframe);
++static signed fde_pointer_type(const u32 *cie,
++			       void *table, uint32_t table_len);
+ 
+ 
+ #endif /* STP_USE_DWARF_UNWINDER */
+diff --git a/translate.cxx b/translate.cxx
+index bc5d615..9d456bc 100644
+--- a/translate.cxx
++++ b/translate.cxx
+@@ -29,6 +29,11 @@ extern "C" {
+ #include <elfutils/libdwfl.h>
+ }
+ 
++// Max unwind table size (debug or eh) per module. Somewhat arbitrary
++// limit (a bit more than twice the .debug_frame size of my local
++// vmlinux for 2.6.31.4-83.fc12.x86_64)
++#define MAX_UNWIND_TABLE_SIZE (3 * 1024 * 1024)
++
+ using namespace std;
+ 
+ struct var;
+@@ -4785,6 +4790,9 @@ dump_unwindsyms (Dwfl_Module *m,
+   get_unwind_data (m, &debug_frame, &eh_frame, &debug_len, &eh_len, &eh_addr);
+   if (debug_frame != NULL && debug_len > 0)
+     {
++      if (debug_len > MAX_UNWIND_TABLE_SIZE)
++	throw semantic_error ("module debug unwind table size too big");
++
+       c->output << "#if defined(STP_USE_DWARF_UNWINDER) && defined(STP_NEED_UNWIND_DATA)\n";
+       c->output << "static uint8_t _stp_module_" << stpmod_idx
+ 		<< "_debug_frame[] = \n";
+@@ -4802,6 +4810,9 @@ dump_unwindsyms (Dwfl_Module *m,
+ 
+   if (eh_frame != NULL && eh_len > 0)
+     {
++      if (eh_len > MAX_UNWIND_TABLE_SIZE)
++	throw semantic_error ("module eh unwind table size too big");
++
+       c->output << "#if defined(STP_USE_DWARF_UNWINDER) && defined(STP_NEED_UNWIND_DATA)\n";
+       c->output << "static uint8_t _stp_module_" << stpmod_idx
+ 		<< "_eh_frame[] = \n";

sources

@@ -1 +1 @@
-ca34da0111256d5d03367e84f92d520b  systemtap-0.7.tar.gz
+e11c9ec18f3b269b846054e9ca33011a  systemtap-1.0.tar.gz

systemtap.spec

@@ -1,13 +1,16 @@
-%define release 1
-%define with_sqlite 1
-%define with_docs 1
-%define with_crash 0
-%define with_bundled_elfutils 0
-%define elfutils_version 0.127
+%{!?with_sqlite: %define with_sqlite 1}
+%{!?with_docs: %define with_docs 1}
+%{!?with_crash: %define with_crash 0}
+%{!?with_rpm: %define with_rpm 1}
+%{!?with_bundled_elfutils: %define with_bundled_elfutils 0}
+%{!?elfutils_version: %define elfutils_version 0.127}
+%{!?pie_supported: %define pie_supported 1}
+%{!?with_grapher: %define with_grapher 1}
 
 Name: systemtap
-Version: 0.7
-Release: %{release}%{?dist}
+Version: 1.0
+Release: 2%{?dist}
+# for version, see also configure.ac
 Summary: Instrumentation System
 Group: Development/System
 License: GPLv2+
@@ -17,23 +20,27 @@ Source: ftp://sourceware.org/pub/%{name}/releases/%{name}-%{version}.tar.gz
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 Requires: kernel >= 2.6.9-11
-BuildRequires: libcap-devel
 %if %{with_sqlite}
 BuildRequires: sqlite-devel
-Requires: sqlite
 %endif
 %if %{with_crash}
 BuildRequires: crash-devel zlib-devel
 %endif
-# Requires: kernel-devel
-# or is that kernel-smp-devel?  kernel-hugemem-devel?
+%if %{with_rpm}
+BuildRequires: rpm-devel glibc-headers
+%endif
+# Alternate kernel packages kernel-PAE-devel et al have a virtual
+# provide for kernel-devel, so this requirement does the right thing.
+Requires: kernel-devel
 Requires: gcc make
 # Suggest: kernel-debuginfo
 Requires: systemtap-runtime = %{version}-%{release}
+BuildRequires: nss-devel nss-tools pkgconfig
 
 %if %{with_bundled_elfutils}
 Source1: elfutils-%{elfutils_version}.tar.gz
 Patch1: elfutils-portability.patch
+BuildRequires: m4
 %define setup_elfutils -a1
 %else
 BuildRequires: elfutils-devel >= %{elfutils_version}
@@ -44,8 +51,21 @@ Requires: crash
 
 %if %{with_docs}
 BuildRequires: /usr/bin/latex /usr/bin/dvips /usr/bin/ps2pdf latex2html
+# On F10, xmlto's pdf support was broken off into a sub-package,
+# called 'xmlto-tex'.  To avoid a specific F10 BuildReq, we'll do a
+# file-based buildreq on '/usr/share/xmlto/format/fo/pdf'.
+BuildRequires: xmlto /usr/share/xmlto/format/fo/pdf
 %endif
 
+%if %{with_grapher}
+BuildRequires: gtkmm24-devel >= 2.8
+%endif
+
+# Fix three --unprivileged DOS issues (CVE-2009-2911)
+Patch10: SystemTap-1.0-limit-printf-arguments.patch
+Patch11: SystemTap-1.0-limit-dwarf-expression-stack-size.patch
+Patch12: SystemTap-1.0-unwind-table-size-checks.patch
+
 %description
 SystemTap is an instrumentation system for systems running Linux 2.6.
 Developers can write instrumentation to collect data on the operation
@@ -69,12 +89,73 @@ Summary: Instrumentation System Testsuite
 Group: Development/System
 License: GPLv2+
 URL: http://sourceware.org/systemtap/
-Requires: systemtap dejagnu
+Requires: systemtap systemtap-sdt-devel dejagnu which
 
 %description testsuite
 The testsuite allows testing of the entire SystemTap toolchain
 without having to rebuild from sources.
 
+%package client
+Summary: Instrumentation System Client
+Group: Development/System
+License: GPLv2+
+URL: http://sourceware.org/systemtap/
+Requires: systemtap-runtime = %{version}-%{release}
+Requires: avahi avahi-tools nss nss-tools mktemp
+Requires: zip unzip
+
+%description client
+This is the remote script compilation client component of systemtap.
+It relies on a nearby compilation server to translate systemtap
+scripts to kernel objects, so a client workstation only needs the
+runtime, and not the compiler/etc toolchain.
+
+%package server
+Summary: Instrumentation System Server
+Group: Development/System
+License: GPLv2+
+URL: http://sourceware.org/systemtap/
+Requires: systemtap
+Requires: avahi avahi-tools nss nss-tools mktemp
+Requires: zip unzip
+
+%description server
+This is the remote script compilation server component of systemtap.
+It announces itself to local clients with avahi, and compiles systemtap
+scripts to kernel objects on their demand.
+
+%package sdt-devel
+Summary: Static probe support tools
+Group: Development/System
+License: GPLv2+
+URL: http://sourceware.org/systemtap/
+
+%description sdt-devel
+Support tools to allow applications to use static probes.
+
+%package initscript
+Summary: Systemtap Initscript
+Group: Development/System
+License: GPLv2+
+URL: http://sourceware.org/systemtap/
+Requires: systemtap-runtime, initscripts
+
+%description initscript
+Initscript for Systemtap scripts.
+
+%if %{with_grapher}
+%package grapher
+Summary: Instrumentation System Grapher
+Group: Development/System
+License: GPLv2+
+URL: http://sourceware.org/systemtap/
+Requires: systemtap-runtime
+
+%description grapher
+SystemTap grapher is a utility for real-time visualization of
+data from SystemTap instrumentation scripts.
+%endif
+
 %prep
 %setup -q %{?setup_elfutils}
 
@@ -88,6 +169,11 @@ find . \( -name configure -o -name config.h.in \) -print | xargs touch
 cd ..
 %endif
 
+# Fix three --unprivileged DOS issues (CVE-2009-2911)
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+
 %build
 
 %if %{with_bundled_elfutils}
@@ -119,30 +205,49 @@ cd ..
 %define crash_config --disable-crash
 %endif
 
+# Enable/disable the code to find and suggest needed rpms
+%if %{with_rpm}
+%define rpm_config --with-rpm
+%else
+%define rpm_config --without-rpm
+%endif
+
 %if %{with_docs}
 %define docs_config --enable-docs
 %else
 %define docs_config --disable-docs
 %endif
 
+# Enable pie as configure defaults to disabling it
+%if %{pie_supported}
+%define pie_config --enable-pie
+%else
+%define pie_config --disable-pie
+%endif
+
+%if %{with_grapher}
+%define grapher_config --enable-grapher
+%else
+%define grapher_config --disable-grapher
+%endif
 
 
-%configure %{?elfutils_config} %{sqlite_config} %{crash_config} %{docs_config}
+%configure %{?elfutils_config} %{sqlite_config} %{crash_config} %{docs_config} %{pie_config} %{grapher_config} %{rpm_config}
 make %{?_smp_mflags}
 
 %install
 rm -rf ${RPM_BUILD_ROOT}
 make DESTDIR=$RPM_BUILD_ROOT install
 
-# We want the examples in the special doc dir, not the generoc doc install dir.
+# We want the examples in the special doc dir, not the build install dir.
+# We build it in place and then move it away so it doesn't get installed
+# twice. rpm can specify itself where the (versioned) docs go with the
+# %doc directive.
 mv $RPM_BUILD_ROOT%{_datadir}/doc/systemtap/examples examples
 
 # Fix paths in the example & testsuite scripts
 find examples testsuite -type f -name '*.stp' -print0 | xargs -0 sed -i -r -e '1s@^#!.+stap@#!%{_bindir}/stap@'
 
-# To avoid perl dependency, make perl sample script non-executable
-chmod -x examples/samples/kmalloc-top
-
 # Because "make install" may install staprun with mode 04111, the
 # post-processing programs rpmbuild runs won't be able to read it.
 # So, we change permissions so that they can read it.  We'll set the
@@ -152,11 +257,24 @@ chmod 755 $RPM_BUILD_ROOT%{_bindir}/staprun
 # Copy over the testsuite
 cp -rp testsuite $RPM_BUILD_ROOT%{_datadir}/systemtap
 
-#%if %{with_docs}
+%if %{with_docs}
 # We want the manuals in the special doc dir, not the generic doc install dir.
+# We build it in place and then move it away so it doesn't get installed
+# twice. rpm can specify itself where the (versioned) docs go with the
+# %doc directive.
 mkdir docs.installed
 mv $RPM_BUILD_ROOT%{_datadir}/doc/systemtap/*.pdf docs.installed/
-#%endif
+mv $RPM_BUILD_ROOT%{_datadir}/doc/systemtap/tapsets docs.installed/
+%endif
+
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/init.d/
+install -m 755 initscript/systemtap $RPM_BUILD_ROOT%{_sysconfdir}/init.d/
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemtap
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemtap/conf.d
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemtap/script.d
+install -m 644 initscript/config $RPM_BUILD_ROOT%{_sysconfdir}/systemtap
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/systemtap
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/systemtap
 
 %clean
 rm -rf ${RPM_BUILD_ROOT}
@@ -166,17 +284,41 @@ getent group stapdev >/dev/null || groupadd -r stapdev
 getent group stapusr >/dev/null || groupadd -r stapusr
 exit 0
 
+%post initscript
+chkconfig --add systemtap
+exit 0
+
+%preun initscript
+chkconfig --del systemtap
+exit 0
+
+%post
+# Remove any previously-built uprobes.ko materials
+(make -C /usr/share/systemtap/runtime/uprobes clean) >/dev/null 2>&1 || true
+(/sbin/rmmod uprobes) >/dev/null 2>&1 || true
+
+%preun
+# Ditto
+(make -C /usr/share/systemtap/runtime/uprobes clean) >/dev/null 2>&1 || true
+(/sbin/rmmod uprobes) >/dev/null 2>&1 || true
+
 %files
 %defattr(-,root,root)
 
 %doc README AUTHORS NEWS COPYING examples
 %if %{with_docs}
 %doc docs.installed/*.pdf
+%doc docs.installed/tapsets
 %endif
 
 %{_bindir}/stap
+%{_bindir}/stap-report
+%{_bindir}/stap-env
+%{_bindir}/stap-gen-cert
+%{_bindir}/stap-authorize-cert
+%{_bindir}/stap-authorize-signing-cert
 %{_mandir}/man1/*
-%{_mandir}/man5/*
+%{_mandir}/man3/*
 
 %dir %{_datadir}/%{name}
 %{_datadir}/%{name}/runtime
@@ -195,8 +337,9 @@ exit 0
 %files runtime
 %defattr(-,root,root)
 %attr(4111,root,root) %{_bindir}/staprun
+%{_bindir}/stap-report
 %{_libexecdir}/%{name}
-%{_mandir}/man8/*
+%{_mandir}/man8/staprun.8*
 
 %doc README AUTHORS NEWS COPYING
 
@@ -204,8 +347,83 @@ exit 0
 %defattr(-,root,root)
 %{_datadir}/%{name}/testsuite
 
+%files client
+%defattr(-,root,root)
+%{_bindir}/stap-client
+%{_bindir}/stap-env
+%{_bindir}/stap-find-servers
+%{_bindir}/stap-authorize-cert
+%{_bindir}/stap-authorize-server-cert
+%{_bindir}/stap-client-connect
+%{_mandir}/man8/stap-server.8*
+
+%files server
+%defattr(-,root,root)
+%{_bindir}/stap-server
+%{_bindir}/stap-serverd
+%{_bindir}/stap-env
+%{_bindir}/stap-start-server
+%{_bindir}/stap-find-servers
+%{_bindir}/stap-find-or-start-server
+%{_bindir}/stap-stop-server
+%{_bindir}/stap-gen-cert
+%{_bindir}/stap-authorize-cert
+%{_bindir}/stap-authorize-server-cert
+%{_bindir}/stap-server-connect
+%{_bindir}/stap-sign-module
+%{_mandir}/man8/stap-server.8*
+
+%files sdt-devel
+%defattr(-,root,root)
+%{_bindir}/dtrace
+%{_includedir}/sys/sdt.h
+
+%files initscript
+%defattr(-,root,root)
+%{_sysconfdir}/init.d/systemtap
+%dir %{_sysconfdir}/systemtap
+%dir %{_sysconfdir}/systemtap/conf.d
+%dir %{_sysconfdir}/systemtap/script.d
+%config(noreplace) %{_sysconfdir}/systemtap/config
+%dir %{_localstatedir}/cache/systemtap
+%dir %{_localstatedir}/run/systemtap
+%doc initscript/README.initscript
+
+%if %{with_grapher}
+%files grapher
+%defattr(-,root,root)
+%{_bindir}/stapgraph
+%endif
+
 
 %changelog
+* Wed Oct 21 2009 Josh Stone <jistone@redhat.com> - 1.0-2
+- Fix three --unprivileged DOS issues (CVE-2009-2911)
+
+* Tue Sep 22 2009 Josh Stone <jistone@redhat.com> - 1.0-1
+- Upstream release.
+
+* Tue Aug  4 2009 Josh Stone <jistone@redhat.com> - 0.9.9-1
+- Upstream release.
+
+* Thu Jun 11 2009 Josh Stone <jistone@redhat.com> - 0.9.8-1
+- Upstream release.
+
+* Thu Apr 23 2009 Josh Stone <jistone@redhat.com> - 0.9.7-1
+- Upstream release.
+
+* Fri Mar 27 2009 Josh Stone <jistone@redhat.com> - 0.9.5-1
+- Upstream release.
+
+* Wed Mar 18 2009 Will Cohen <wcohen@redhat.com> - 0.9-2
+- Add location of man pages.
+
+* Tue Feb 17 2009 Frank Ch. Eigler <fche@redhat.com> - 0.9-1
+- Upstream release.
+
+* Thu Nov 13 2008 Frank Ch. Eigler <fche@redhat.com> - 0.8-1
+- Upstream release.
+
 * Tue Jul 15 2008 Frank Ch. Eigler <fche@redhat.com> - 0.7-1
 - Upstream release.