rpms/abrt-addon-python3
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:f33
rpms:main
rpms:epel7
rpms:f27
rpms:f28
rpms:f29
rpms:f30
rpms:f31
rpms:f32
...
pull from: rpms:epel7
Branches Tags
rpms:f33
rpms:main
rpms:rawhide
rpms:epel7
rpms:f27
rpms:f28
rpms:f29
rpms:f30
rpms:f31
rpms:f32
This repository has been archived on 2026-01-16. You can view files and clone it, but you cannot make any changes to its state, such as pushing and creating new issues, pull requests or comments.

3 commits
rawhide ... epel7

Author SHA1 Message Date
Troy Dawson
7789153b48 Use python3_pkgversion instead of 34 or 36 2019-03-07 11:08:30 -08:00
Troy Dawson
08cb95e30c Rebuilt to change main python from 3.4 to 3.6 2019-03-07 11:03:53 -08:00
Matej Habrnal
69165ba9cc Introduce abrt-addon-python3 package 
Signed-off-by: Matej Habrnal <mhabrnal@redhat.com>
 2017-07-04 09:22:28 +02:00
187 changed files with 360363 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -0,0 +1 @@
/abrt-2.1.11.tar.gz

32
0001-Do-not-enabled-Shortened-reporting-in-GNOME.patch Normal file
View file

@ -0,0 +1,32 @@
From 815de5d1c1c230600fdf63ee1c95fae9fe7d49a2 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 8 Jan 2014 20:32:40 +0100
Subject: [ABRT PATCH 1/6] Do not enabled Shortened reporting in GNOME
Related to #918041
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/lib/abrt_conf.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/lib/abrt_conf.c b/src/lib/abrt_conf.c
index f7fdc6d..5eb69e2 100644
--- a/src/lib/abrt_conf.c
+++ b/src/lib/abrt_conf.c
@@ -100,11 +100,7 @@ static void ParseCommon(map_string_t *settings, const char *conf_filename)
remove_map_string_item(settings, "ShortenedReporting");
}
else
- {
- /* Default: enabled for GNOME desktop, else disabled */
- const char *desktop_env = getenv("DESKTOP_SESSION");
- g_settings_shortenedreporting = (desktop_env && strcasestr(desktop_env, "gnome") != NULL);
- }
+ g_settings_shortenedreporting = 0;
GHashTableIter iter;
const char *name;
--
1.8.3.1

44
0002-remove-abrt-bodhi-from-configuration.patch Normal file
View file

@ -0,0 +1,44 @@
From b257656e599e785164bbc5e72706a02f925ff942 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 8 Jan 2014 20:39:09 +0100
Subject: [ABRT PATCH 2/6] remove abrt-bodhi from configuration
Related to rhbz#1038923
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/ccpp_event.conf | 2 +-
src/plugins/ccpp_retrace_event.conf | 8 +-------
2 files changed, 2 insertions(+), 8 deletions(-)
diff --git a/src/plugins/ccpp_event.conf b/src/plugins/ccpp_event.conf
index 9fbe760..79b9a8a 100644
--- a/src/plugins/ccpp_event.conf
+++ b/src/plugins/ccpp_event.conf
@@ -70,7 +70,7 @@ EVENT=collect_xsession_errors analyzer=CCpp dso_list~=.*/libX11.*
# TODO: can we still specify additional directories to search for debuginfos,
# or was this ability lost with move to python installer?
EVENT=analyze_LocalGDB analyzer=CCpp
- abrt-action-analyze-ccpp-local
+ abrt-action-analyze-ccpp-local --without-bodhi
# Bugzilla requires nonempty duphash
diff --git a/src/plugins/ccpp_retrace_event.conf b/src/plugins/ccpp_retrace_event.conf
index 60e53d7..893502f 100644
--- a/src/plugins/ccpp_retrace_event.conf
+++ b/src/plugins/ccpp_retrace_event.conf
@@ -1,9 +1,3 @@
EVENT=analyze_RetraceServer analyzer=CCpp
abrt-retrace-client batch --dir "$DUMP_DIR" --status-delay 10 &&
- abrt-action-analyze-backtrace &&
- (
- bug_id=$(reporter-bugzilla -h `cat duphash`) &&
- if test -n "$bug_id"; then
- abrt-bodhi -r -b $bug_id
- fi
- )
+ abrt-action-analyze-backtrace
--
1.8.3.1

55
0003-replace-all-Fedora-URLs-by-corresponding-values-for-.patch Normal file
View file

@ -0,0 +1,55 @@
From 30c70b7dd18681017b4b5277a324f04063be96c7 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 8 Jan 2014 20:45:08 +0100
Subject: [ABRT PATCH 3/6] replace all Fedora URLs by corresponding values for
RHEL
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/abrt-retrace-client.c | 2 +-
src/plugins/analyze_CCpp.xml.in | 2 +-
src/plugins/analyze_RetraceServer.xml.in | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/plugins/abrt-retrace-client.c b/src/plugins/abrt-retrace-client.c
index 60bbbc2..3b6c247 100644
--- a/src/plugins/abrt-retrace-client.c
+++ b/src/plugins/abrt-retrace-client.c
@@ -60,7 +60,7 @@ static bool no_pkgcheck;
static struct https_cfg cfg =
{
- .url = "retrace.fedoraproject.org",
+ .url = "localhost",
.port = 443,
.ssl_allow_insecure = false,
};
diff --git a/src/plugins/analyze_CCpp.xml.in b/src/plugins/analyze_CCpp.xml.in
index a7ce4dd..6f02692 100644
--- a/src/plugins/analyze_CCpp.xml.in
+++ b/src/plugins/analyze_CCpp.xml.in
@@ -26,7 +26,7 @@
<options>
<option type="text" name="RETRACE_SERVER_URL">
<_label>Retrace server URL</_label>
- <default-value>retrace.fedoraproject.org</default-value>
+ <default-value>localhost</default-value>
<allow-empty>no</allow-empty>
<_description>Address of the retrace server</_description>
</option>
diff --git a/src/plugins/analyze_RetraceServer.xml.in b/src/plugins/analyze_RetraceServer.xml.in
index e437cac..cf1d25a 100644
--- a/src/plugins/analyze_RetraceServer.xml.in
+++ b/src/plugins/analyze_RetraceServer.xml.in
@@ -12,7 +12,7 @@
<options>
<option type="text" name="RETRACE_SERVER_URL">
<_label>Retrace server URL</_label>
- <default-value>retrace.fedoraproject.org</default-value>
+ <default-value>localhost</default-value>
<allow-empty>no</allow-empty>
<_description>Address of the retrace server</_description>
</option>
--
1.8.3.1

28
0004-have-AutoreportingEnabled-by-default.patch Normal file
View file

@ -0,0 +1,28 @@
From d6d8014e1a9a748a732897c449b7de757c1a56c9 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 8 Jan 2014 20:46:37 +0100
Subject: [ABRT PATCH 4/6] have AutoreportingEnabled by default
Related to rhbz#1031572
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/abrt.conf b/src/daemon/abrt.conf
index 59d1831..403b93d 100644
--- a/src/daemon/abrt.conf
+++ b/src/daemon/abrt.conf
@@ -34,7 +34,7 @@ AutoreportingEvent = report_uReport
# Enables automatic running of the event configured in AutoreportingEvent option.
#
-AutoreportingEnabled = no
+AutoreportingEnabled = yes
# Enables shortened GUI reporting where the reporting is interrupted after
# AutoreportingEvent is done.
--
1.8.3.1

35
0005-Enable-sosreport.patch Normal file
View file

@ -0,0 +1,35 @@
From c5211c6542dd7168c2b63bd8f28051215a5dcc32 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 8 Jan 2014 20:49:58 +0100
Subject: [ABRT PATCH 5/6] Enable sosreport
Related to rhbz#1032585
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt_event.conf | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/daemon/abrt_event.conf b/src/daemon/abrt_event.conf
index a53001a..2aecb2a 100644
--- a/src/daemon/abrt_event.conf
+++ b/src/daemon/abrt_event.conf
@@ -67,12 +67,12 @@ EVENT=post-create runlevel=
# Example: if you want to save sosreport immediately at the moment of a crash:
# (alternatively, you can add similar command to EVENT=analyze_foo's,
# if you would rather perform this collection later):
-#EVENT=post-create
+EVENT=post-create
nice sosreport --tmp-dir "$DUMP_DIR" --batch \
- --only=anaconda --only=bootloader --only=devicemapper \
+ --only=anaconda --only=boot --only=devicemapper \
--only=filesys --only=hardware --only=kernel --only=libraries \
--only=memory --only=networking --only=nfsserver --only=pam \
- --only=process --only=rpm -k rpm.rpmva=off --only=ssh \
+ --only=process --only=ssh \
--only=startup --only=yum --only=general --only=x11 \
>sosreport.log 2>&1 \
&& {
--
1.8.3.1

64
0006-post_report-always-exit-silenty.patch Normal file
View file

@ -0,0 +1,64 @@
From 0e84b466b067c9db945de3ca08780e67148a20eb Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 8 Jan 2014 20:54:48 +0100
Subject: [ABRT PATCH 6/6] post_report: always exit silenty
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/ccpp_event.conf | 1 +
src/plugins/koops_event.conf | 1 +
src/plugins/python_event.conf | 1 +
src/plugins/vmcore_event.conf | 1 +
4 files changed, 4 insertions(+)
diff --git a/src/plugins/ccpp_event.conf b/src/plugins/ccpp_event.conf
index 79b9a8a..ccc9e83 100644
--- a/src/plugins/ccpp_event.conf
+++ b/src/plugins/ccpp_event.conf
@@ -95,6 +95,7 @@ EVENT=report_uReport analyzer=CCpp
# update ABRT database after successful report to bugzilla
EVENT=post_report analyzer=CCpp
reporter-ureport -A -B
+ exit 0
EVENT=analyze_CCpp analyzer=CCpp
abrt-action-perform-ccpp-analysis
diff --git a/src/plugins/koops_event.conf b/src/plugins/koops_event.conf
index 278d2a7..c0277c8 100644
--- a/src/plugins/koops_event.conf
+++ b/src/plugins/koops_event.conf
@@ -27,6 +27,7 @@ EVENT=report_uReport analyzer=Kerneloops
# Update ABRT database after successful report to bugzilla
EVENT=post_report analyzer=Kerneloops
reporter-ureport -A -B
+ exit 0
# Automatic/simple GUI-based kernel oopses reporting will do this:
EVENT=report-gui analyzer=Kerneloops
diff --git a/src/plugins/python_event.conf b/src/plugins/python_event.conf
index d872dfc..6a58252 100644
--- a/src/plugins/python_event.conf
+++ b/src/plugins/python_event.conf
@@ -23,6 +23,7 @@ EVENT=report_uReport analyzer=Python
# update ABRT database after successful report to bugzilla
EVENT=post_report analyzer=Python
reporter-ureport -A -B
+ exit 0
# Reporting of python exceptions
EVENT=report-gui analyzer=Python component!=anaconda
diff --git a/src/plugins/vmcore_event.conf b/src/plugins/vmcore_event.conf
index 04eb3db..f8de3c5 100644
--- a/src/plugins/vmcore_event.conf
+++ b/src/plugins/vmcore_event.conf
@@ -22,6 +22,7 @@ EVENT=report_Bugzilla analyzer=vmcore
# update ABRT database after successful report to bugzilla
EVENT=post_report analyzer=vmcore
reporter-ureport -A -B
+ exit 0
# Send micro report
EVENT=report_uReport analyzer=vmcore
--
1.8.3.1

28
0007-collect-installed-RPM-details-in-sosreport.patch Normal file
View file

@ -0,0 +1,28 @@
From ff1247985a71c7f3313e73177ba28a88abf0591b Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Tue, 14 Jan 2014 08:32:48 +0100
Subject: [ABRT PATCH 7/7] collect installed RPM details in sosreport
Closes rhbz#1048210
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt_event.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/abrt_event.conf b/src/daemon/abrt_event.conf
index 2aecb2a..8a8e862 100644
--- a/src/daemon/abrt_event.conf
+++ b/src/daemon/abrt_event.conf
@@ -72,7 +72,7 @@ EVENT=post-create
--only=anaconda --only=boot --only=devicemapper \
--only=filesys --only=hardware --only=kernel --only=libraries \
--only=memory --only=networking --only=nfsserver --only=pam \
- --only=process --only=ssh \
+ --only=process --only=rpm -k rpm.rpmva=off --only=ssh \
--only=startup --only=yum --only=general --only=x11 \
>sosreport.log 2>&1 \
&& {
--
1.8.3.1

55
0009-fix-a-double-free-error-in-abrt-applet.patch Normal file
View file

@ -0,0 +1,55 @@
From 3942edc6d48cf9946a190d6e81b5b122b90a1b72 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 15 Jan 2014 12:58:03 +0100
Subject: [ABRT PATCH 09/12] fix a double free error in abrt-applet
Closes rhbz#1053534
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/applet/applet.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/applet/applet.c b/src/applet/applet.c
index 17e1cfb..9971e04 100644
--- a/src/applet/applet.c
+++ b/src/applet/applet.c
@@ -890,7 +890,6 @@ static void notify_problem_list(GList *problems, int flags)
NOTIFY_ACTION_CALLBACK(action_ignore),
pi, NULL);
- free(notify_body);
notify_body = build_message(pi);
pi->was_announced = true;
@@ -950,7 +949,7 @@ static void notify_problem_list(GList *problems, int flags)
{
problem_info_free(pi);
g_object_unref(notification);
- continue;
+ goto next_problem_to_notify;
}
notify_notification_update(notification, _("A Problem has been Reported"), notify_body, NULL);
@@ -965,7 +964,6 @@ static void notify_problem_list(GList *problems, int flags)
}
}
}
- free(notify_body);
GError *err = NULL;
log_debug("Showing a notification");
@@ -975,6 +973,10 @@ static void notify_problem_list(GList *problems, int flags)
error_msg(_("Can't show notification: %s"), err->message);
g_error_free(err);
}
+
+next_problem_to_notify:
+ free(notify_body);
+ notify_body = NULL;
}
g_list_free(problems);
--
1.8.3.1

60
0010-vmcore-properly-configure-Augeas.patch Normal file
View file

@ -0,0 +1,60 @@
From 4c754657a3581b996ae540fbcbc261efd1f65ca2 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 16 Jan 2014 12:20:40 +0100
Subject: [ABRT PATCH 10/12] vmcore: properly configure Augeas
Configure Augeas to parse only required configuration files:
- /etc/mtab
- /ect/kdump.conf
Related to rhbz#1054158
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt_harvest_vmcore.py.in | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/hooks/abrt_harvest_vmcore.py.in b/src/hooks/abrt_harvest_vmcore.py.in
index 64d6777..ecfb32d 100644
--- a/src/hooks/abrt_harvest_vmcore.py.in
+++ b/src/hooks/abrt_harvest_vmcore.py.in
@@ -17,6 +17,18 @@ import augeas
import problem
+def get_augeas(module, file_path):
+ """
+ A function for efficient configuration of Augeas.
+ Augeas modules are placed in /usr/share/augeas/lenses/dist
+ """
+
+ aug_obj = augeas.Augeas(flags=augeas.Augeas.NO_MODL_AUTOLOAD)
+ aug_obj.set("/augeas/load/{0}/lens".format(module), "{0}.lns".format(module))
+ aug_obj.set("/augeas/load/{0}/incl".format(module), file_path)
+ aug_obj.load()
+ return aug_obj
+
def get_mount_point(part_id):
"""
A function used to look up a mount point in mtab using
@@ -26,7 +38,7 @@ def get_mount_point(part_id):
"""
# look up the identifier in /etc/mtab
- result = augeas.Augeas().get("/files/etc/mtab/*"
+ result = get_augeas("Fstab", "/etc/mtab").get("/files/etc/mtab/*"
"[spec=\"" + part_id + "\"]/file")
if result:
return result
@@ -53,7 +65,7 @@ def parse_kdump():
"default path '%s'\n" % dump_path)
return dump_path
- aug_obj = augeas.Augeas()
+ aug_obj = get_augeas("Kdump", "/etc/kdump.conf")
# check for path variable in kdump.conf
kdump_path = aug_obj.get("/files/etc/kdump.conf/path")
if kdump_path:
--
1.8.3.1

29
0011-applet-don-t-notify-missing-ignored_problems-file.patch Normal file
View file

@ -0,0 +1,29 @@
From 85913f428fc4195dc26e1789c44985be718b2c7a Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 16 Jan 2014 10:54:27 +0100
Subject: [ABRT PATCH 11/12] applet: don't notify missing ignored_problems file
Closes rhbz#1054291
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/lib/ignored_problems.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/lib/ignored_problems.c b/src/lib/ignored_problems.c
index 7ea84b4..df138d8 100644
--- a/src/lib/ignored_problems.c
+++ b/src/lib/ignored_problems.c
@@ -97,7 +97,8 @@ static bool ignored_problems_file_contains(ignored_problems_t *set,
FILE *fp = fopen(set->ign_set_file_path, mode);
if (!fp)
{
- pwarn_msg("Can't open ignored problems '%s' in mode '%s'", set->ign_set_file_path, mode);
+ if (errno != ENOENT)
+ pwarn_msg("Can't open ignored problems '%s' in mode '%s'", set->ign_set_file_path, mode);
goto ret_contains_end;
}
--
1.8.3.1

129
0012-configui-show-Close-button-in-the-dialog.patch Normal file
View file

@ -0,0 +1,129 @@
From 8e31dd5a50c0236ea5853892d05e3376f061ee23 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 9 Jan 2014 21:18:37 +0100
Subject: [ABRT PATCH 12/12] configui: show 'Close' button in the dialog
Closes rhbz#1050167
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/configuration-gui/main.c | 10 ++++++-
src/configuration-gui/system-config-abrt.c | 45 +++++++++++++++++++++++++++++-
2 files changed, 53 insertions(+), 2 deletions(-)
diff --git a/src/configuration-gui/main.c b/src/configuration-gui/main.c
index b07b852..bd37ef9 100644
--- a/src/configuration-gui/main.c
+++ b/src/configuration-gui/main.c
@@ -22,6 +22,12 @@
#define APP_NAME "System Config ABRT"
+static void
+system_config_abrt_window_close_cb(gpointer user_data)
+{
+ gtk_widget_destroy(GTK_WIDGET(user_data));
+}
+
static GtkWidget *
system_config_abrt_window_new(GApplication *app)
{
@@ -29,7 +35,9 @@ system_config_abrt_window_new(GApplication *app)
gtk_window_set_default_size(GTK_WINDOW(wnd), 500, 300);
gtk_window_set_title(GTK_WINDOW(wnd), _("Problem Reporting Configuration"));
- GtkWidget *sca = system_config_abrt_widget_new();
+ GtkWidget *sca = system_config_abrt_widget_new_with_close_button(
+ system_config_abrt_window_close_cb, wnd);
+
gtk_container_add(GTK_CONTAINER(wnd), sca);
return wnd;
diff --git a/src/configuration-gui/system-config-abrt.c b/src/configuration-gui/system-config-abrt.c
index 4638dd6..b15a5ef 100644
--- a/src/configuration-gui/system-config-abrt.c
+++ b/src/configuration-gui/system-config-abrt.c
@@ -24,6 +24,15 @@
#define CLOSE_BUTTON_DATA_NAME_USER_DATA "my-close-user-data"
static void
+system_config_abrt_close_btn_cb(GtkButton *button, gpointer user_data)
+{
+ system_config_abrt_widget_close_callback callback = g_object_get_data(G_OBJECT(button), CLOSE_BUTTON_DATA_NAME_CALLBACK);
+ gpointer callback_user_data = g_object_get_data(G_OBJECT(button), CLOSE_BUTTON_DATA_NAME_USER_DATA);
+
+ callback(callback_user_data);
+}
+
+static void
system_config_abrt_defaults_cb(GtkButton *button, gpointer user_data)
{
AbrtConfigWidget *config = ABRT_CONFIG_WIDGET(user_data);
@@ -32,6 +41,12 @@ system_config_abrt_defaults_cb(GtkButton *button, gpointer user_data)
GtkWidget *system_config_abrt_widget_new(void)
{
+ return system_config_abrt_widget_new_with_close_button(/*no close button*/NULL,
+ /*no user data*/NULL);
+}
+
+GtkWidget *system_config_abrt_widget_new_with_close_button(system_config_abrt_widget_close_callback close_cb, gpointer user_data)
+{
GtkBox *box = GTK_BOX(gtk_box_new(GTK_ORIENTATION_VERTICAL, /*spacing*/0));
AbrtConfigWidget *config = abrt_config_widget_new();
@@ -55,6 +70,17 @@ GtkWidget *system_config_abrt_widget_new(void)
gtk_widget_set_margin_top(buttons, 10);
gtk_widget_set_margin_bottom(buttons, 10);
+ if (close_cb != NULL)
+ {
+ GtkWidget *btn_close = gtk_button_new_with_mnemonic(_("_Close"));
+ gtk_box_pack_end(GTK_BOX(buttons), btn_close, /*expand*/FALSE, /*fill*/FALSE, /*padding*/0);
+
+ g_object_set_data(G_OBJECT(btn_close), CLOSE_BUTTON_DATA_NAME_CALLBACK, close_cb);
+ g_object_set_data(G_OBJECT(btn_close), CLOSE_BUTTON_DATA_NAME_USER_DATA, user_data);
+
+ g_signal_connect(btn_close, "clicked", G_CALLBACK(system_config_abrt_close_btn_cb), /*user_data*/NULL);
+ }
+
GtkWidget *btn_defaults = gtk_button_new_with_mnemonic(_("_Defaults"));
gtk_box_pack_start(GTK_BOX(buttons), btn_defaults, /*expand*/FALSE, /*fill*/FALSE, /*padding*/0);
g_signal_connect(btn_defaults, "clicked", G_CALLBACK(system_config_abrt_defaults_cb), config);
@@ -64,6 +90,19 @@ GtkWidget *system_config_abrt_widget_new(void)
return GTK_WIDGET(box);
}
+static void
+system_config_abrt_dialog_close_cb(gpointer user_data)
+{
+ gtk_widget_destroy(GTK_WIDGET(user_data));
+}
+
+static gboolean
+system_config_abrt_dialog_delete_event(GtkWidget *dialog, GdkEvent *event, gpointer user_data)
+{
+ system_config_abrt_dialog_close_cb(dialog);
+ return TRUE; /*do not propagate the event*/
+}
+
void show_system_config_abrt_dialog(GtkWindow *parent)
{
GtkWidget *dialog = gtk_dialog_new();
@@ -79,8 +118,12 @@ void show_system_config_abrt_dialog(GtkWindow *parent)
gtk_window_set_destroy_with_parent(GTK_WINDOW(dialog), TRUE);
}
+ /* Have to handle this signal, which is emitted on Esc or Alt+F4, otherwise */
+ /* the user must commit the action twice to take effect. */
+ g_signal_connect(dialog, "delete-event", G_CALLBACK(system_config_abrt_dialog_delete_event), /*user_data*/NULL);
+
GtkWidget *content = gtk_dialog_get_content_area(GTK_DIALOG(dialog));
- GtkWidget *sca = system_config_abrt_widget_new();
+ GtkWidget *sca = system_config_abrt_widget_new_with_close_button(system_config_abrt_dialog_close_cb, dialog);
gtk_box_pack_start(GTK_BOX(content), sca, /*expand*/TRUE, /*fill*/TRUE, /*padding*/0);
gtk_widget_show_all(content);
--
1.8.3.1

117
0013-applet-do-not-say-the-report-is-anonymous-when-urepo.patch Normal file
View file

@ -0,0 +1,117 @@
From cafb9545c0e251b8ece493a341e7b209bde00a11 Mon Sep 17 00:00:00 2001
From: Martin Milata <mmilata@redhat.com>
Date: Mon, 20 Jan 2014 15:24:31 +0100
Subject: [ABRT PATCH 13/13] applet: do not say the report is anonymous when
ureport auth is enabled
Depends on https://github.com/abrt/libreport/pull/232
Related to rhbz#1053042, rhbz#1055619.
Signed-off-by: Martin Milata <mmilata@redhat.com>
---
configure.ac | 2 ++
src/applet/Makefile.am | 1 +
src/applet/applet.c | 43 +++++++++++++++++++++++++++++++++++++++----
3 files changed, 42 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index a5f7a79..479289c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -139,6 +139,7 @@ EVENTS_DIR='${datadir}/libreport/events'
EVENTS_CONF_DIR='${sysconfdir}/libreport/events.d'
ENABLE_SOCKET_OR_DBUS='-DENABLE_DBUS=1'
DEFAULT_DUMP_DIR_MODE=$($PKG_CONFIG --variable=dd_mode libreport)
+LIBREPORT_PLUGINS_CONF_DIR=$($PKG_CONFIG --variable=plugins_conf_dir libreport)
PROBLEMS_CONFIG_INTERFACES_DIR=${dbusinterfacedir}
AC_ARG_WITH([defaultdumplocation],
@@ -226,6 +227,7 @@ AC_SUBST(EVENTS_CONF_DIR)
AC_SUBST(EVENTS_DIR)
AC_SUBST(DEFAULT_DUMP_LOCATION)
AC_SUBST(DEFAULT_DUMP_DIR_MODE)
+AC_SUBST(LIBREPORT_PLUGINS_CONF_DIR)
AC_SUBST(PROBLEMS_CONFIG_INTERFACES_DIR)
AC_ARG_WITH(bodhi,
diff --git a/src/applet/Makefile.am b/src/applet/Makefile.am
index ec50fcd..fe7ec98 100644
--- a/src/applet/Makefile.am
+++ b/src/applet/Makefile.am
@@ -9,6 +9,7 @@ abrt_applet_CPPFLAGS = \
-DBIN_DIR=\"$(bindir)\" \
-DLIBEXEC_DIR=\"$(libexecdir)\" \
-DICON_DIR=\"${datadir}/abrt/icons/hicolor/48x48/status\" \
+ -DLIBREPORT_PLUGINS_CONF_DIR=\"$(LIBREPORT_PLUGINS_CONF_DIR)\" \
$(XICE_CFLAGS) \
$(XSMP_CFLAGS) \
$(GTK_CFLAGS) \
diff --git a/src/applet/applet.c b/src/applet/applet.c
index 9971e04..131d2ab 100644
--- a/src/applet/applet.c
+++ b/src/applet/applet.c
@@ -90,6 +90,27 @@ static bool is_autoreporting_enabled(void)
return get_configured_bool_or_default("AutoreportingEnabled", g_settings_autoreporting);
}
+static bool is_ureport_auth_enabled(void)
+{
+ bool success, auth_enabled;
+ map_string_t *settings = new_map_string();
+ char *ureport_conf_path = concat_path_file(LIBREPORT_PLUGINS_CONF_DIR, "ureport.conf");
+
+ success = load_conf_file(ureport_conf_path, settings, /*skipKeysWithoutValue*/false);
+ if (success)
+ {
+ const char *value = get_map_string_item_or_NULL(settings, "SSLClientAuth");
+ auth_enabled = (value && value[0] != '\0');
+ }
+ else
+ auth_enabled = true; /* assume it is, do not claim the reporting is anonymous */
+
+ free(ureport_conf_path);
+ free_map_string(settings);
+
+ return auth_enabled;
+}
+
static const char *get_autoreport_event_name(void)
{
load_user_settings("abrt-applet");
@@ -99,14 +120,28 @@ static const char *get_autoreport_event_name(void)
static void ask_start_autoreporting()
{
+ struct strbuf *question = strbuf_new();
+ question = strbuf_append_str(question,
+ _("The report which will be sent does not contain any security sensitive data. "
+ "Therefore it is not necessary to bother you next time and require any further action by you. \n"));
+
+ if (is_ureport_auth_enabled())
+ {
+ question = strbuf_append_str(question,
+ _("Do you want to enable automatically submitted crash reports?"));
+ }
+ else
+ {
+ question = strbuf_append_str(question,
+ _("Do you want to enable automatically submitted anonymous crash reports?"));
+ }
+
/* The "Yes" response will be saved even if user don't check the
* "Don't ask me again" box.
*/
- const int ret = run_ask_yes_no_save_result_dialog("AutoreportingEnabled",
- _("The report which will be sent does not contain any security sensitive data. "
- "Therefore it is not necessary to bother you next time and require any further action by you. "
- "\nDo you want to enable automatically submitted anonymous crash reports?"),
+ const int ret = run_ask_yes_no_save_result_dialog("AutoreportingEnabled", question->buf,
/*parent wnd */ NULL);
+ strbuf_free(question);
load_user_settings("abrt-applet");
--
1.8.3.1

112
0016-cli-list-show-a-hint-about-creating-a-case-in-RHTS.patch Normal file
View file

@ -0,0 +1,112 @@
From 7966e5737e8d3af43b1ecdd6a823234b8d25931d Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 22 Jan 2014 22:16:22 +0100
Subject: [ABRT PATCH 16/16] cli list: show a hint about creating a case in
RHTS
Resolves rhbz#1055565
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
configure.ac | 2 ++
src/cli/Makefile.am | 3 ++-
src/cli/list.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 53 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 479289c..3bd13bc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -137,6 +137,7 @@ PLUGINS_CONF_DIR='${sysconfdir}/${PACKAGE_NAME}/plugins'
DEFAULT_PLUGINS_CONF_DIR='${datadir}/${PACKAGE_NAME}/conf.d/plugins'
EVENTS_DIR='${datadir}/libreport/events'
EVENTS_CONF_DIR='${sysconfdir}/libreport/events.d'
+WORKFLOWS_DIR='${datadir}/libreport/workflows'
ENABLE_SOCKET_OR_DBUS='-DENABLE_DBUS=1'
DEFAULT_DUMP_DIR_MODE=$($PKG_CONFIG --variable=dd_mode libreport)
LIBREPORT_PLUGINS_CONF_DIR=$($PKG_CONFIG --variable=plugins_conf_dir libreport)
@@ -224,6 +225,7 @@ AC_SUBST(VAR_RUN)
AC_SUBST(PLUGINS_CONF_DIR)
AC_SUBST(DEFAULT_PLUGINS_CONF_DIR)
AC_SUBST(EVENTS_CONF_DIR)
+AC_SUBST(WORKFLOWS_DIR)
AC_SUBST(EVENTS_DIR)
AC_SUBST(DEFAULT_DUMP_LOCATION)
AC_SUBST(DEFAULT_DUMP_DIR_MODE)
diff --git a/src/cli/Makefile.am b/src/cli/Makefile.am
index 5b840ee..75efac5 100644
--- a/src/cli/Makefile.am
+++ b/src/cli/Makefile.am
@@ -15,7 +15,8 @@ abrt_cli_SOURCES = $(CLI_C) $(BUILTIN_C) builtin-cmd.h abrt-cli-core.h
abrt_cli_CFLAGS = \
-I$(srcdir)/../include \
-I$(srcdir)/../lib \
- $(LIBREPORT_CFLAGS)
+ $(LIBREPORT_CFLAGS) \
+ -DWORKFLOWS_DIR=\"${WORKFLOWS_DIR}\"
if SUGGEST_AUTOREPORTING
abrt_cli_CFLAGS += -DSUGGEST_AUTOREPORTING=1
diff --git a/src/cli/list.c b/src/cli/list.c
index 2eefcfe..b6b4790 100644
--- a/src/cli/list.c
+++ b/src/cli/list.c
@@ -80,6 +80,55 @@ static void print_crash(problem_data_t *problem_data, int detailed, int text_siz
/*names_to_skip:*/ NULL,
/*max_text_size:*/ text_size,
MAKEDESC_SHOW_ONLY_LIST | MAKEDESC_SHOW_URLS);
+
+ /*
+ * If the problem is reportable and has not yet been reported into RHTS
+ * and there is at least one applicable Workflow which contains
+ * 'report_RHTSupport' event, then append a short message informing
+ * user that he can create a new case in Red Hat Customer Portal.
+ */
+ const char *const not_reportable = problem_data_get_content_or_NULL(problem_data, FILENAME_NOT_REPORTABLE);
+ const char *const reported_to = not_reportable ? NULL : problem_data_get_content_or_NULL(problem_data, FILENAME_REPORTED_TO);
+ report_result_t *const report = !reported_to ? NULL : find_in_reported_to_data(reported_to, "RHTSupport");
+
+ if (!not_reportable && !report)
+ {
+ /* The lines below should be replaced by something simpler, I'd
+ * like to see:
+ * GHashTable *possible_worfklows = load_applicable_workflows_for_dump();
+ *
+ * However, this feature (rhbz#1055565) is intended for RHEL only
+ * and I'm not sure whether it's worth to file another bug against
+ * libreport and try to improve libreport public API.
+ */
+ const char *const dump_dir_name = problem_data_get_content_or_NULL(problem_data, CD_DUMPDIR);
+ GList *const wf_names = list_possible_events_glist(dump_dir_name, "workflow");
+ GHashTable *const possible_workflows = load_workflow_config_data_from_list(wf_names, WORKFLOWS_DIR);
+ g_list_free_full(wf_names, free);
+
+ int event_found = 0;
+
+ GHashTableIter iter;
+ gpointer key = NULL;
+ gpointer value = NULL;
+
+ g_hash_table_iter_init(&iter, possible_workflows);
+ while (!event_found && g_hash_table_iter_next(&iter, &key, &value))
+ {
+ GList *const event_names = wf_get_event_names((workflow_t *)value);
+ event_found = !!g_list_find_custom(event_names, "report_RHTSupport", (GCompareFunc)g_strcmp0);
+ g_list_free_full(event_names, free);
+ }
+
+ g_hash_table_destroy(possible_workflows);
+
+ if (event_found)
+ {
+ char *tmp = xasprintf("%sRun 'abrt-cli report %s' for creating a case in Red Hat Customer Portal\n", desc, dump_dir_name);
+ free(desc);
+ desc = tmp;
+ }
+ }
}
fputs(desc, stdout);
free(desc);
--
1.8.3.1

63
0017-harvest-vmcore-properly-handle-inaccessible-dir-erro.patch Normal file
View file

@ -0,0 +1,63 @@
From f0f9bb1e9ab024da1ab4f9311164294404f536df Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 27 Jan 2014 10:29:32 +0100
Subject: [ABRT PATCH 17/27] harvest-vmcore: properly handle inaccessible dir
error
Related to rhbz#1032511
rmarko: added missing newlines to sys.stderr.write calls
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt_harvest_vmcore.py.in | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/src/hooks/abrt_harvest_vmcore.py.in b/src/hooks/abrt_harvest_vmcore.py.in
index ecfb32d..17e2be8 100644
--- a/src/hooks/abrt_harvest_vmcore.py.in
+++ b/src/hooks/abrt_harvest_vmcore.py.in
@@ -231,10 +231,19 @@ def harvest_vmcore():
f_full = os.path.join(dump_dir, cfile)
if not os.path.isdir(f_full):
continue
- files = [ff for ff in os.listdir(f_full)
- if os.path.isfile(os.path.join(f_full, ff))]
- if 'vmcore' not in files:
+
+ try:
+ vmcoredirfilelist = os.listdir(f_full)
+ except OSError as ex:
+ sys.stderr.write("VMCore dir '%s' not accessible.\n" % f_full)
continue
+ else:
+ if all(("vmcore" != ff
+ for ff in vmcoredirfilelist
+ if os.path.isfile(os.path.join(f_full, ff)))):
+ sys.stderr.write(
+ "VMCore dir '%s' doesn't contain 'vmcore' file.\n" % f_full)
+ continue
destdir = os.path.join(abrtdumpdir, ('vmcore-' + cfile))
destdirnew = destdir + '.new'
@@ -250,7 +259,7 @@ def harvest_vmcore():
try:
shutil.copytree(f_full, destdirnew)
except (OSError, shutil.Error):
- sys.stderr.write("Unable to copy '%s' to '%s'. Skipping"
+ sys.stderr.write("Unable to copy '%s' to '%s'. Skipping\n"
% (f_full, destdirnew))
# delete .new dir so we don't create mess
@@ -261,7 +270,7 @@ def harvest_vmcore():
try:
shutil.rmtree(f_full)
except OSError:
- sys.stderr.write("Unable to delete '%s'. Ignoring" % f_full)
+ sys.stderr.write("Unable to delete '%s'. Ignoring\n" % f_full)
# Let abrtd know what type of problem it is:
create_abrtd_info(destdirnew)
--
1.8.3.1

105
0018-don-t-break-the-event-run-by-failures-of-abrt-action.patch Normal file
View file

@ -0,0 +1,105 @@
From e6b19714485e72be99a9fcce62cd3a8a0e95808f Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 24 Jan 2014 14:26:02 +0100
Subject: [ABRT PATCH 18/27] don't break the event run by failures of
abrt-action-notify
Closes #789
Closes rhbz#1057710
rmarko: add newlines to sys.stderr.write calls
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt_event.conf | 2 ++
src/plugins/abrt-action-notify | 48 ++++++++++++++++++++++++------------------
2 files changed, 30 insertions(+), 20 deletions(-)
diff --git a/src/daemon/abrt_event.conf b/src/daemon/abrt_event.conf
index 8a8e862..fe9c3d5 100644
--- a/src/daemon/abrt_event.conf
+++ b/src/daemon/abrt_event.conf
@@ -104,7 +104,9 @@ EVENT=open-gui
# Notify a new crash
EVENT=notify package!=
abrt-action-notify -d $DUMP_DIR
+ true # ignore failures because we want to run all 'notify' events
# Notify a new occurrence of a single crash
EVENT=notify-dup package!=
abrt-action-notify -d $DUMP_DIR
+ true # ignore failures because we want to run all 'notify' events
diff --git a/src/plugins/abrt-action-notify b/src/plugins/abrt-action-notify
index 72bfbf8..cbabf74 100644
--- a/src/plugins/abrt-action-notify
+++ b/src/plugins/abrt-action-notify
@@ -216,17 +216,22 @@ if __name__ == "__main__":
format(DIR_PATH, ex.message))
sys.exit(RETURN_FAILURE)
+ # The execution must continue because we should try to notify via all
+ # configured channels. One of them might work properly.
+ return_status = RETURN_OK
try:
emit_crash_dbus_signal(PD)
except RuntimeError as ex:
- sys.stderr.write("Cannot notify '{0}': {1}\n".
+ sys.stderr.write("Cannot notify '{0}' via D-Bus: {1}\n".
format(DIR_PATH, ex.message))
- sys.exit(RETURN_FAILURE)
+ return_status = RETURN_FAILURE
except KeyError as ex:
# this is a bug in build_notification_problem_data()
sys.stderr.write("BUG: problem data misses required element '{0}'"
- .format(ex.message))
- sys.exit(RETURN_FAILURE)
+ " required for D-Bus notification\n"
+ .format(ex.message))
+
+ return_status = RETURN_FAILURE
if OPTIONS.autoreporting or conf.get("AutoreportingEnabled", "no") == "yes":
event_name = OPTIONS.autoreporting_event
@@ -234,20 +239,23 @@ if __name__ == "__main__":
if "AutoreportingEvent" in conf:
event_name = conf["AutoreportingEvent"]
else:
- sys.stderr.write("Autoreporting event is not configured")
- sys.exit(RETURN_FAILURE)
-
- try:
- run_autoreport(PD, event_name)
- except RuntimeError as ex:
- sys.stderr.write("Cannot notify '{0}': {1}\n".
- format(DIR_PATH, ex.message))
- sys.exit(RETURN_FAILURE)
- except KeyError as ex:
- # this is a bug in build_notification_problem_data()
- sys.stderr.write("BUG: problem data misses required element '{0}'"
- .format(ex.message))
- sys.exit(RETURN_FAILURE)
-
- sys.exit(RETURN_OK)
+ sys.stderr.write("Autoreporting event is not configured\n")
+ return_status = RETURN_FAILURE
+
+ if event_name:
+ try:
+ run_autoreport(PD, event_name)
+ except RuntimeError as ex:
+ sys.stderr.write("Cannot notify '{0}' via uReport: {1}\n".
+ format(DIR_PATH, ex.message))
+ return_status = RETURN_FAILURE
+ except KeyError as ex:
+ # this is a bug in build_notification_problem_data()
+ sys.stderr.write(
+ "BUG: problem data misses required element '{0}'"
+ " required for uReport notification\n".format(ex.message))
+
+ return_status = RETURN_FAILURE
+
+ sys.exit(return_status)
--
1.8.3.1

198
0019-Fix-handling-of-Machine-Check-Exceptions.patch Normal file
View file

@ -0,0 +1,198 @@
From 744e4c6a6cbbb9ba0569bf8e3ab50171e974b2e3 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Mon, 6 Jan 2014 17:18:31 +0100
Subject: [ABRT PATCH 19/27] Fix handling of Machine Check Exceptions.
Closes #764.
If non-fatal MCE is seen, abrt will detect it as an oops
and alert user in a usual manner. When user opens this
abrt problem for reporting, he will see that "comment"
field is pre-filled with a text.
What it says depends on whether mcelog tool is installed.
If mcelog is installed, the text will say that hardware errors
were detected, and will show the tail of either /var/log/mcelog
or syslog.
Otherwise the text will say that hardware errors
were detected, but they can't be usefully diagnosed,
and user is strongly advised to install mcelog tool.
If fatal MCE is encountered, kernel always panics,
(abrt has no chance of catching the oops),
kdump kicks in, and then after reboot abrt says that new vmcore
is found. When user generates backtrace, he will see oops text
which starts with
"Machine Check Exception: BANK nnn ..." and (hopefully)
is already explanatory enough.
(Yes, it's weird that kernel shows human-readable error messages
on fatal MCEs but doesn't do that for non-fatal ones.
This makes fetching MCE info significantly different...
I wish kernel would show human-readable MCEs in both cases,
we wouldn't need mcelog then... oh well.)
In order to generate meaningful hash for MCE's,
oops hashing was extended for oopses without backtraces.
Since MCEs, unlike regular oopses, don't contain kernel version,
additional magic is added to extract kernel version
in vmcore event handling.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Related to rhbz#1032077
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/lib/kernel.c | 31 +++++++++++++++++++++++++
src/plugins/koops_event.conf | 54 +++++++++++++++++++++++++++++++++++++++++++
src/plugins/vmcore_event.conf | 18 ++++++++++++++-
3 files changed, 102 insertions(+), 1 deletion(-)
diff --git a/src/lib/kernel.c b/src/lib/kernel.c
index ce8815b..340ec39 100644
--- a/src/lib/kernel.c
+++ b/src/lib/kernel.c
@@ -115,8 +115,29 @@ static const char *const s_koops_suspicious_strings[] = {
* arch/x86/kernel/cpu/mcheck/p5.c: "CPU#%d: Machine Check Exception: 0x%8X (type 0x%8X).\n",
* arch/x86/kernel/cpu/mcheck/mce.c: pr_emerg(HW_ERR "CPU %d: Machine Check Exception: %Lx Bank %d: %016Lx\n",
* drivers/edac/sb_edac.c: printk("CPU %d: Machine Check Exception: %Lx Bank %d: %016Lx\n",
+ *
+ * MCEs can be fatal (they panic kernel) or not.
+ * Fatal MCE are delivered as exception#18 to the CPU.
+ * Non-fatal ones sometimes are delivered as exception#18;
+ * other times they are silently recorded in magic MSRs, CPU is not alerted.
+ * Linux kernel periodically (up to 5 mins interval) reads those MSRs
+ * and if MCE is seen there, it is piped in binary form through
+ * /dev/mcelog to whoever listens on it. (Such as mcelog tool in --daemon
+ * mode; but cat </dev/mcelog would do too).
+ *
+ * "Machine Check Exception:" message is printed *only*
+ * by fatal MCEs (so far, future kernels may be different).
+ * It will be caught as vmcore if kdump is configured.
+ *
+ * Non-fatal MCEs have "[Hardware Error]: Machine check events logged"
+ * message in kernel log.
+ * When /dev/mcelog is read, *no additional kernel log messages appear*:
+ * if we want more readable data, we must rely on other tools
+ * (such as mcelog daemon consuming binary /dev/mcelog and writing
+ * human-readable /var/log/mcelog).
*/
"Machine Check Exception:",
+ "Machine check events logged",
/* X86 TRAPs */
"divide error:",
@@ -299,6 +320,16 @@ next_line:
if (strcasestr(curline, "Call Trace:")) /* yes, it must be case-insensitive */
inbacktrace = 1;
else
+ /* Fatal MCE's have a few lines of useful information between
+ * first "Machine check exception:" line and the final "Kernel panic"
+ * line. Such oops, of course, is only detectable in kdumps (tested)
+ * or possibly pstore-saved logs (I did not try this yet).
+ * In order to capture all these lines, we treat final line
+ * as "backtrace" (which is admittedly a hack):
+ */
+ if (strstr(curline, "Kernel panic - not syncing"))
+ inbacktrace = 1;
+ else
if (strnlen(curline, 9) > 8
&& ( (curline[0] == '(' && curline[1] == '[' && curline[2] == '<')
|| (curline[0] == '[' && curline[1] == '<'))
diff --git a/src/plugins/koops_event.conf b/src/plugins/koops_event.conf
index c0277c8..7dfbe36 100644
--- a/src/plugins/koops_event.conf
+++ b/src/plugins/koops_event.conf
@@ -4,6 +4,60 @@ EVENT=post-create analyzer=Kerneloops
abrt-action-analyze-oops &&
dmesg >>dmesg &&
abrt-action-save-kernel-data
+ abrt-action-save-kernel-data || exit $?
+ #
+ # If it exists, we can save a copy of MCE log here:
+ #test -f /var/log/mcelog && cp /var/log/mcelog .
+ # but in current config, sosreport already does that.
+ #
+ # See if MCEs were seen but mcelog isn't installed or running
+ grep -qFi 'Machine check events logged' dmesg || exit 0
+ #
+ # There was an MCE. IOW: it's not a bug, it's a HW error.
+ # Did mcelog logged it to /var/log/mcelog
+ # (RHEL6 by default does this)?
+ test -f /var/log/mcelog &&
+ {
+ # (Ab)use user comment field to inform user about it.
+ echo "The kernel log indicates that hardware errors were detected."
+ echo "/var/log/mcelog file may have more information."
+ echo "The last 20 lines of /var/log/mcelog are:"
+ echo "========================================="
+ # Redirecting sterr in case selinux makes it unreadable
+ # (annoying anyway, but at least user knows what's going on):
+ tail -n20 /var/log/mcelog 2>&1
+ exit 0
+ } >comment
+ #
+ # On RHEL7, mcelog is run so that its output ends up in syslog.
+ # Do we see that?
+ grep -qFi 'mcelog: Hardware event' /var/log/messages &&
+ {
+ echo "The kernel log indicates that hardware errors were detected."
+ echo "System log may have more information."
+ echo "The last 20 mcelog lines of system log are:"
+ echo "========================================="
+ # Redirecting sterr in case selinux makes it unreadable
+ # (annoying anyway, but at least user knows what's going on):
+ grep -Fi 'mcelog:' /var/log/messages | tail -n20 2>&1
+ exit 0
+ } >comment
+ #
+ # Apparently, there is no running mcelog daemon!
+ # Let user know that he needs one.
+ {
+ echo "The kernel log indicates that hardware errors were detected."
+ echo "The data was saved by kernel for processing by the mcelog tool."
+ echo "However, neither /var/log/mcelog nor system log contain mcelog messages."
+ echo "Most likely reason is that mcelog is not installed or not configured"
+ echo "to be started during boot."
+ echo "Without this tool running, the binary data saved by kernel"
+ echo "is of limited usefulness."
+ echo "(You can save this data anyway by running 'cat </dev/mcelog >FILE')."
+ echo "The recommended course of action is to install mcelog."
+ echo "If another hardware error would occur, a user-readable description"
+ echo "of it will be saved in system log or /var/log/mcelog."
+ } >comment
# If you want behavior similar to one provided by kerneloops daemon
# distributed by kerneloops.org - that is, if you want
diff --git a/src/plugins/vmcore_event.conf b/src/plugins/vmcore_event.conf
index f8de3c5..655d842 100644
--- a/src/plugins/vmcore_event.conf
+++ b/src/plugins/vmcore_event.conf
@@ -1,6 +1,22 @@
# analyze
EVENT=analyze_VMcore analyzer=vmcore
- abrt-action-analyze-vmcore &&
+ # If kdump machinery already extracted dmesg...
+ if test -f vmcore-dmesg.txt; then
+ # ...use that
+ abrt-dump-oops -o vmcore-dmesg.txt >backtrace || exit $?
+ #
+ # Does "kernel" element exist?
+ test -f kernel && exit 0
+ #
+ # Try creating it from vmcore-dmesg.txt:
+ # MCE oopses don't have kernel version in them,
+ # but it should be specified earlier in the log.
+ k=`sed -n '/Linux version/ s/.*Linux version \([^ ]*\) .*/\1/p' vmcore-dmesg.txt | tail -n1`
+ test "$k" != "" && printf "%s" "$k" >kernel
+ else
+ # No vmcore-dmesg.txt, do it the hard way:
+ abrt-action-analyze-vmcore
+ fi &&
abrt-action-analyze-oops &&
abrt-action-save-kernel-data
--
1.8.3.1

282
0020-move-MCE-handling-in-event-to-abrt-action-check-oops.patch Normal file
View file

@ -0,0 +1,282 @@
From d3ac6c888953d0bcd304d30dfa0f1c731987f358 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Mon, 6 Jan 2014 16:46:48 +0100
Subject: [ABRT PATCH 20/27] move MCE handling in event to
abrt-action-check-oops-for-hw-error
Having a separate tool should help with internationalization
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Related to rhbz#1032077
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
configure.ac | 1 +
doc/Makefile.am | 1 +
po/POTFILES.in | 1 +
src/plugins/Makefile.am | 3 +
src/plugins/abrt-action-check-oops-for-hw-error.in | 118 +++++++++++++++++++++
src/plugins/koops_event.conf | 57 +---------
8 files changed, 129 insertions(+), 55 deletions(-)
create mode 100644 src/plugins/abrt-action-check-oops-for-hw-error.in
diff --git a/configure.ac b/configure.ac
index 3bd13bc..346faa8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -279,6 +279,7 @@ AC_CONFIG_FILES([
src/dbus/Makefile
src/plugins/abrt-action-install-debuginfo
src/plugins/abrt-action-analyze-vmcore
+ src/plugins/abrt-action-check-oops-for-hw-error
src/python-problem/Makefile
src/python-problem/doc/Makefile
src/python-problem/tests/Makefile
diff --git a/doc/Makefile.am b/doc/Makefile.am
index f1abef8..e76abde 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -32,6 +32,7 @@ MAN1_TXT += abrt-action-save-package-data.txt
MAN1_TXT += abrt-action-save-kernel-data.txt
MAN1_TXT += abrt-install-ccpp-hook.txt
MAN1_TXT += abrt-action-analyze-vmcore.txt
+MAN1_TXT += abrt-action-check-oops-for-hw-error.txt
MAN1_TXT += abrt-action-analyze-ccpp-local.txt
MAN1_TXT += abrt-watch-log.txt
MAN1_TXT += abrt-upload-watch.txt
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 5f883c0..6d90162 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -25,6 +25,7 @@ src/plugins/abrt-action-analyze-oops.c
src/plugins/abrt-action-analyze-xorg.c
src/plugins/abrt-action-analyze-python.c
src/plugins/abrt-action-analyze-vmcore.in
+src/plugins/abrt-action-check-oops-for-hw-error.in
src/plugins/abrt-action-generate-backtrace.c
src/plugins/abrt-action-generate-core-backtrace.c
src/plugins/abrt-action-install-debuginfo.in
diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am
index 60246f2..dd32c7d 100644
--- a/src/plugins/Makefile.am
+++ b/src/plugins/Makefile.am
@@ -5,6 +5,7 @@ bin_SCRIPTS = \
abrt-action-analyze-core \
abrt-action-analyze-vulnerability \
abrt-action-analyze-vmcore \
+ abrt-action-check-oops-for-hw-error \
abrt-action-list-dsos \
abrt-action-perform-ccpp-analysis \
abrt-action-save-kernel-data \
@@ -74,6 +75,7 @@ PYTHON_FILES = \
abrt-action-analyze-core \
abrt-action-analyze-vulnerability \
abrt-action-analyze-vmcore.in \
+ abrt-action-check-oops-for-hw-error.in \
abrt-action-perform-ccpp-analysis.in \
abrt-action-notify
@@ -88,6 +90,7 @@ EXTRA_DIST = \
analyze_RetraceServer.xml.in \
analyze_VMcore.xml.in \
abrt-action-analyze-vmcore \
+ abrt-action-check-oops-for-hw-error \
abrt-action-save-kernel-data \
abrt-action-ureport \
abrt-gdb-exploitable \
diff --git a/src/plugins/abrt-action-check-oops-for-hw-error.in b/src/plugins/abrt-action-check-oops-for-hw-error.in
new file mode 100644
index 0000000..83c0f22
--- /dev/null
+++ b/src/plugins/abrt-action-check-oops-for-hw-error.in
@@ -0,0 +1,118 @@
+#!/usr/bin/python -u
+
+import sys
+import os
+import locale
+import gettext
+
+GETTEXT_PROGNAME = "abrt"
+
+_ = gettext.lgettext
+
+def file_has_string(filename, string):
+ try:
+ f = open(filename, "r")
+ except IOError as e:
+ #print e
+ return False
+ for line in f:
+ if string in line:
+ f.close()
+ return True
+ f.close()
+ return False
+
+
+def tail_with_search(filename, string, maxlen):
+ try:
+ f = open(filename, "r")
+ except IOError as e:
+ #print e
+ return []
+ l = []
+ for line in f:
+ if string in line:
+ l.append(line)
+ if len(l) > maxlen:
+ del l[0]
+ f.close()
+ return l
+
+
+if __name__ == "__main__":
+ try:
+ locale.setlocale(locale.LC_ALL, "")
+ except locale.Error:
+ os.environ['LC_ALL'] = 'C'
+ locale.setlocale(locale.LC_ALL, "")
+
+ # Defeat "AttributeError: 'module' object has no attribute 'nl_langinfo'"
+ try:
+ gettext.bind_textdomain_codeset(GETTEXT_PROGNAME,
+ locale.nl_langinfo(locale.CODESET))
+ except AttributeError:
+ pass
+
+ gettext.bindtextdomain(GETTEXT_PROGNAME, '/usr/share/locale')
+ gettext.textdomain(GETTEXT_PROGNAME)
+
+ #
+ # So far we only look for Machine Check Exceptions here.
+ #
+
+ # See if MCEs were seen
+ if not file_has_string("dmesg", "Machine check events logged"):
+ sys.exit(0)
+ #
+ # There was an MCE. IOW: it's not a bug, it's a HW error.
+ f = open("not-reportable", "w")
+ f.write("The kernel log indicates that hardware errors were detected.\n");
+ f.write("This is most likely not a software problem.\n");
+ f.close()
+
+ #
+ # Did mcelog logged it to /var/log/mcelog
+ # (RHEL6 by default does this)?
+ if os.path.exists("/var/log/mcelog"):
+ f = open("comment", "w")
+ f.write("The kernel log indicates that hardware errors were detected.\n")
+ f.write("/var/log/mcelog file may have more information.\n")
+ f.write("The last 20 lines of /var/log/mcelog are:\n")
+ f.write("=========================================\n")
+ #tail -n20 /var/log/mcelog 2>&1
+ l = tail_with_search("/var/log/mcelog", "", 20)
+ for line in l:
+ f.write(line)
+ f.close()
+ sys.exit(0)
+ #
+ # On RHEL7, mcelog is run so that its output ends up in syslog.
+ # Do we see that?
+ if file_has_string("/var/log/messages", "mcelog: Hardware event"):
+ f = open("comment", "w")
+ f.write("The kernel log indicates that hardware errors were detected.\n")
+ f.write("System log may have more information.\n")
+ f.write("The last 20 mcelog lines of system log are:\n")
+ f.write("==========================================\n")
+ #grep -Fi 'mcelog:' /var/log/messages | tail -n20 2>&1
+ l = tail_with_search("/var/log/messages", "mcelog:", 20)
+ for line in l:
+ f.write(line)
+ f.close()
+ sys.exit(0)
+ #
+ # Apparently, there is no running mcelog daemon!
+ # Let user know that he needs one.
+ f = open("comment", "w")
+ f.write("The kernel log indicates that hardware errors were detected.\n")
+ f.write("The data was saved by kernel for processing by the mcelog tool.\n")
+ f.write("However, neither /var/log/mcelog nor system log contain mcelog messages.\n")
+ f.write("Most likely reason is that mcelog is not installed or not configured\n")
+ f.write("to be started during boot.\n")
+ f.write("Without this tool running, the binary data saved by kernel\n")
+ f.write("is of limited usefulness.\n")
+ f.write("(You can save this data anyway by running 'cat </dev/mcelog >FILE').\n")
+ f.write("The recommended course of action is to install mcelog.\n")
+ f.write("If another hardware error would occur, a user-readable description\n")
+ f.write("of it will be saved in system log or /var/log/mcelog.\n")
+ f.close()
diff --git a/src/plugins/koops_event.conf b/src/plugins/koops_event.conf
index 7dfbe36..3740f65 100644
--- a/src/plugins/koops_event.conf
+++ b/src/plugins/koops_event.conf
@@ -3,61 +3,8 @@ EVENT=post-create analyzer=Kerneloops
# >> instead of > is due to bugzilla.redhat.com/show_bug.cgi?id=854266
abrt-action-analyze-oops &&
dmesg >>dmesg &&
- abrt-action-save-kernel-data
- abrt-action-save-kernel-data || exit $?
- #
- # If it exists, we can save a copy of MCE log here:
- #test -f /var/log/mcelog && cp /var/log/mcelog .
- # but in current config, sosreport already does that.
- #
- # See if MCEs were seen but mcelog isn't installed or running
- grep -qFi 'Machine check events logged' dmesg || exit 0
- #
- # There was an MCE. IOW: it's not a bug, it's a HW error.
- # Did mcelog logged it to /var/log/mcelog
- # (RHEL6 by default does this)?
- test -f /var/log/mcelog &&
- {
- # (Ab)use user comment field to inform user about it.
- echo "The kernel log indicates that hardware errors were detected."
- echo "/var/log/mcelog file may have more information."
- echo "The last 20 lines of /var/log/mcelog are:"
- echo "========================================="
- # Redirecting sterr in case selinux makes it unreadable
- # (annoying anyway, but at least user knows what's going on):
- tail -n20 /var/log/mcelog 2>&1
- exit 0
- } >comment
- #
- # On RHEL7, mcelog is run so that its output ends up in syslog.
- # Do we see that?
- grep -qFi 'mcelog: Hardware event' /var/log/messages &&
- {
- echo "The kernel log indicates that hardware errors were detected."
- echo "System log may have more information."
- echo "The last 20 mcelog lines of system log are:"
- echo "========================================="
- # Redirecting sterr in case selinux makes it unreadable
- # (annoying anyway, but at least user knows what's going on):
- grep -Fi 'mcelog:' /var/log/messages | tail -n20 2>&1
- exit 0
- } >comment
- #
- # Apparently, there is no running mcelog daemon!
- # Let user know that he needs one.
- {
- echo "The kernel log indicates that hardware errors were detected."
- echo "The data was saved by kernel for processing by the mcelog tool."
- echo "However, neither /var/log/mcelog nor system log contain mcelog messages."
- echo "Most likely reason is that mcelog is not installed or not configured"
- echo "to be started during boot."
- echo "Without this tool running, the binary data saved by kernel"
- echo "is of limited usefulness."
- echo "(You can save this data anyway by running 'cat </dev/mcelog >FILE')."
- echo "The recommended course of action is to install mcelog."
- echo "If another hardware error would occur, a user-readable description"
- echo "of it will be saved in system log or /var/log/mcelog."
- } >comment
+ abrt-action-save-kernel-data &&
+ abrt-action-check-oops-for-hw-error
# If you want behavior similar to one provided by kerneloops daemon
# distributed by kerneloops.org - that is, if you want
--
1.8.3.1

79
0021-abrt-action-check-oops-for-hw-error-i18n-add-error-c.patch Normal file
View file

@ -0,0 +1,79 @@
From 56c3d6950f300e98460fe196e0fe138f89ead83d Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Mon, 6 Jan 2014 16:47:52 +0100
Subject: [ABRT PATCH 21/27] abrt-action-check-oops-for-hw-error: i18n, add
error check on open()
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Related to rhbz#1032077
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/abrt-action-check-oops-for-hw-error.in | 23 ++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/src/plugins/abrt-action-check-oops-for-hw-error.in b/src/plugins/abrt-action-check-oops-for-hw-error.in
index 83c0f22..ce13caf 100644
--- a/src/plugins/abrt-action-check-oops-for-hw-error.in
+++ b/src/plugins/abrt-action-check-oops-for-hw-error.in
@@ -39,6 +39,15 @@ def tail_with_search(filename, string, maxlen):
return l
+def open_or_die(filename, mode):
+ try:
+ f = open(filename, mode)
+ except IOError as e:
+ sys.stderr.write(str(e) + "\n")
+ sys.exit(1)
+ return f
+
+
if __name__ == "__main__":
try:
locale.setlocale(locale.LC_ALL, "")
@@ -65,16 +74,18 @@ if __name__ == "__main__":
sys.exit(0)
#
# There was an MCE. IOW: it's not a bug, it's a HW error.
- f = open("not-reportable", "w")
- f.write("The kernel log indicates that hardware errors were detected.\n");
- f.write("This is most likely not a software problem.\n");
+ f = open_or_die("not-reportable", "w")
+ f.write(_(
+ "The kernel log indicates that hardware errors were detected.\n"
+ "This is most likely not a software problem.\n"
+ ))
f.close()
#
# Did mcelog logged it to /var/log/mcelog
# (RHEL6 by default does this)?
if os.path.exists("/var/log/mcelog"):
- f = open("comment", "w")
+ f = open_or_die("comment", "w")
f.write("The kernel log indicates that hardware errors were detected.\n")
f.write("/var/log/mcelog file may have more information.\n")
f.write("The last 20 lines of /var/log/mcelog are:\n")
@@ -89,7 +100,7 @@ if __name__ == "__main__":
# On RHEL7, mcelog is run so that its output ends up in syslog.
# Do we see that?
if file_has_string("/var/log/messages", "mcelog: Hardware event"):
- f = open("comment", "w")
+ f = open_or_die("comment", "w")
f.write("The kernel log indicates that hardware errors were detected.\n")
f.write("System log may have more information.\n")
f.write("The last 20 mcelog lines of system log are:\n")
@@ -103,7 +114,7 @@ if __name__ == "__main__":
#
# Apparently, there is no running mcelog daemon!
# Let user know that he needs one.
- f = open("comment", "w")
+ f = open_or_die("comment", "w")
f.write("The kernel log indicates that hardware errors were detected.\n")
f.write("The data was saved by kernel for processing by the mcelog tool.\n")
f.write("However, neither /var/log/mcelog nor system log contain mcelog messages.\n")
--
1.8.3.1

57
0022-Add-a-manpage-for-abrt-action-check-oops-for-hw-erro.patch Normal file
View file

@ -0,0 +1,57 @@
From 92f6776a2d4d2c4a7239e3721acd2df46f6dd7da Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Tue, 3 Dec 2013 12:19:27 +0100
Subject: [ABRT PATCH 22/27] Add a manpage for
abrt-action-check-oops-for-hw-error
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Related to rhbz#1032077
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
doc/abrt-action-check-oops-for-hw-error.txt | 32 +++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
create mode 100644 doc/abrt-action-check-oops-for-hw-error.txt
diff --git a/doc/abrt-action-check-oops-for-hw-error.txt b/doc/abrt-action-check-oops-for-hw-error.txt
new file mode 100644
index 0000000..c488e6f
--- /dev/null
+++ b/doc/abrt-action-check-oops-for-hw-error.txt
@@ -0,0 +1,32 @@
+abrt-action-check-oops-for-hw-error(1)
+======================================
+
+NAME
+----
+abrt-action-check-oops-for-hw-error - Checks dmesg element, marks problem as not-reportable
+if hardware error is detected
+
+SYNOPSIS
+--------
+'abrt-action-check-oops-for-hw-error'
+
+DESCRIPTION
+-----------
+The tool reads 'dmesg' element, and if it has a message which indicates hardware
+error, it creates 'not-reportable' and 'comment' elements which explain
+what this error is and how it can be diagnosed further.
+
+Integration with ABRT events
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+This tool can be used in event handling for kernel oopses. Example
+fragment for /etc/libreport/report_event.conf:
+
+------------
+# Determine in which package/component the crash happened (if not yet done):
+EVENT=post-create analyzer=Kerneloops
+ abrt-action-check-oops-for-hw-error
+------------
+
+AUTHORS
+-------
+* ABRT team
--
1.8.3.1

33
0023-oops-post-create-do-not-fail-the-event-if-check-oops.patch Normal file
View file

@ -0,0 +1,33 @@
From b75653c212a0d50e163e9a550a4c4b7e650402c2 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Wed, 4 Dec 2013 13:26:35 +0100
Subject: [ABRT PATCH 23/27] oops post-create: do not fail the event if
check-oops-for-hw-error exits nonzero
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Related to rhbz#1032077
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/koops_event.conf | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/plugins/koops_event.conf b/src/plugins/koops_event.conf
index 3740f65..37a79a9 100644
--- a/src/plugins/koops_event.conf
+++ b/src/plugins/koops_event.conf
@@ -4,7 +4,9 @@ EVENT=post-create analyzer=Kerneloops
abrt-action-analyze-oops &&
dmesg >>dmesg &&
abrt-action-save-kernel-data &&
- abrt-action-check-oops-for-hw-error
+ # Do not fail the event (->do not delete problem dir)
+ # if check-oops-for-hw-error exits nonzero:
+ { abrt-action-check-oops-for-hw-error || true; }
# If you want behavior similar to one provided by kerneloops daemon
# distributed by kerneloops.org - that is, if you want
--
1.8.3.1

111
0024-doc-MCE_readme.txt-new-file-documentation-about-MCE-.patch Normal file
View file

@ -0,0 +1,111 @@
From 95e9590bfee2df447c8f4c0fd799e8c514beca80 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Tue, 10 Dec 2013 13:07:35 +0100
Subject: [ABRT PATCH 24/27] doc/MCE_readme.txt: new file - documentation about
MCE handling
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Related to rhbz#1032077
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
doc/MCE_readme.txt | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 86 insertions(+)
create mode 100644 doc/MCE_readme.txt
diff --git a/doc/MCE_readme.txt b/doc/MCE_readme.txt
new file mode 100644
index 0000000..ed5b627
--- /dev/null
+++ b/doc/MCE_readme.txt
@@ -0,0 +1,86 @@
+ Background
+
+MCEs can be fatal (they panic kernel) or not.
+Fatal MCE are delivered as exception#18.
+Non-fatal ones sometimes are delivered as exception#18; other times
+they are silently recorded in magic MSRs, CPU is not alerted.
+Linux kernel periodically (up to 5 mins interval) reads those MSRs
+and if MCE is seen there, it is piped in binary form through
+/dev/mcelog to whoever listens on it. (Such as mcelog tool in
+--daemon mode; but cat </dev/mcelog would do too).
+
+"Machine Check Exception:" message is printed *only* by fatal MCEs.
+It will be caught as vmcore if kdump is configured.
+
+Non-fatal MCEs have "[Hardware Error]: Machine check events logged"
+message in kernel log.
+When /dev/mcelog is read, *no additional kernel log messages appear*.
+
+> Are those magic MSR registers cleared when read via /dev/mcelog?
+
+Yes.
+
+> Without mcelog utility, we can directly read only binary form, right?
+> Not nice, but still useful, right?
+> (could be transferred to nice text form on other machine).
+
+No, raw /dev/mcelog data is not easy to interpret on other machine.
+In fact, it can't be used by mcelog tool even on the same machine.
+Technical reason is that mcelog uses an obscure ioctl on /dev/mcelog
+in order to know the size of binary blob with MCE information.
+When run on a file, ioctl fails, and mcelog bombs out.
+
+Looks like without mcelog running and processing /dev/mcelog data,
+non-fatal MCE's can't be easily decoded with currently existing tools.
+
+mcelog tool can be configured to write log to /var/log/mcelog
+(RHEL6 does that) or to syslog (RHEL7 does that).
+
+
+ How ABRT catches MCEs
+
+Fatal MCEs are caught as any fatal kernel panic is caught - as a vmcore.
+The oops text, which goes to "backtrace" element, will be the decoded
+MCE message from kernel log buffer.
+
+Non-fatal MCEs are caught as kernel oopses.
+If "Machine check events logged" message is seen in "dmesg" element,
+we assume it's a MCE, and create "not-reportable" element with suitable
+explanation.
+Then we check whether /var/log/mcelog exists,
+or whether system log contains "mcelog: Hardware event",
+and create a "comment" element with explanatory text, followed by
+last 20 lines from either of those files.
+
+
+ How to test MCEs
+
+There is an MCE injection tool and a kernel module, both named mce-inject.
+(The tool comes from mce-test project, may be found in ras-utils RHEL7 package).
+The script I used is:
+
+modprobe mce-inject
+sync &
+sleep 1
+sync
+# This can crash the machine:
+echo "Injecting MCE from file $1"
+mce-inject "$1"
+echo "Exitcode:$?"
+
+It requires files which describe MCE to simulate. I grabbed a few examples
+from mce-test.tar.gz (source tarball of mce-test project).
+I used this this file to cause a non-fatal MCE:
+
+CPU 0 BANK 2
+STATUS VAL OVER EN
+
+And this one to cause a fatal one:
+
+CPU 0 BANK 4
+MCGSTATUS MCIP
+STATUS FATAL S
+RIP 12343434
+MISC 11
+
+(Not sure what failures exactly they imitate, maybe there are better examples).
--
1.8.3.1

49
0025-examples-mce2.test-an-example-of-non-fatal-MCE.patch Normal file
View file

@ -0,0 +1,49 @@
From bbb0d8390b4880c439f89fc8f40a623becee607f Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Tue, 10 Dec 2013 14:11:51 +0100
Subject: [ABRT PATCH 25/27] examples/mce2.test: an example of non-fatal MCE
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Related to rhbz#1032077
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
examples/mce2.right | 4 ++++
examples/mce2.test | 13 +++++++++++++
2 files changed, 17 insertions(+)
create mode 100644 examples/mce2.right
create mode 100644 examples/mce2.test
diff --git a/examples/mce2.right b/examples/mce2.right
new file mode 100644
index 0000000..358fbcf
--- /dev/null
+++ b/examples/mce2.right
@@ -0,0 +1,4 @@
+abrt-dump-oops: Found oopses: 1
+
+Version: undefined
+mce: [Hardware Error]: Machine check events logged
diff --git a/examples/mce2.test b/examples/mce2.test
new file mode 100644
index 0000000..c09ac88
--- /dev/null
+++ b/examples/mce2.test
@@ -0,0 +1,13 @@
+[ 0.000000] Initializing cgroup subsys cpuset
+[ 0.000000] Initializing cgroup subsys cpu
+[ 0.000000] Initializing cgroup subsys cpuacct
+[ 0.000000] Linux version 3.10.0-49.el7.x86_64 (mockbuild@x86-024.build.eng.bos.redhat.com) (gcc version 4.8.2 20131106 (Red Hat 4.8.2-3) (GCC) ) #1 SMP Tue Nov 12 16:19:27 EST 2013
+[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-49.el7.x86_64 root=/dev/mapper/rhel-root ro rd.lvm.lv=rhel/root vconsole.font=latarcyrheb-sun16 rd.lvm.lv=rhel/swap vconsole.keymap=us crashkernel=auto rhgb quiet LANG=en_US.UTF-8
+...
+[ 126.330988] SELinux: initialized (dev fuse, type fuse), uses genfs_contexts
+[ 126.362117] SELinux: initialized (dev fusectl, type fusectl), uses genfs_contexts
+[ 207.849710] Machine check injector initialized
+[ 207.992935] ICMPv6: RA: ndisc_router_discovery failed to add default route
+[ 209.024284] Starting machine check poll CPU 0
+[ 209.024295] mce: [Hardware Error]: Machine check events logged
+[ 209.024296] Machine check poll done on CPU 0
--
1.8.3.1

130
0026-MCE-cover-cases-where-kernel-version-isn-t-detected-.patch Normal file
View file

@ -0,0 +1,130 @@
From e30c24a5572c33f9ca5157bfb4e504897b1bb7c9 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Mon, 6 Jan 2014 16:04:37 +0100
Subject: [ABRT PATCH 26/27] MCE: cover cases where kernel version isn't
detected on Fedora 20.
With this change, both fata and non-fatal MCEs are caught on default
Fedora 20 installation.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Related to rhbz#1032077
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
doc/MCE_readme.txt | 9 ++++++++-
src/lib/kernel.c | 2 +-
src/plugins/abrt-dump-oops.c | 3 ++-
src/plugins/koops_event.conf | 11 +++++++++++
src/plugins/vmcore_event.conf | 14 ++++++++++++--
5 files changed, 34 insertions(+), 5 deletions(-)
diff --git a/doc/MCE_readme.txt b/doc/MCE_readme.txt
index ed5b627..5dff636 100644
--- a/doc/MCE_readme.txt
+++ b/doc/MCE_readme.txt
@@ -70,7 +70,7 @@ echo "Exitcode:$?"
It requires files which describe MCE to simulate. I grabbed a few examples
from mce-test.tar.gz (source tarball of mce-test project).
-I used this this file to cause a non-fatal MCE:
+I used this file to cause a non-fatal MCE:
CPU 0 BANK 2
STATUS VAL OVER EN
@@ -84,3 +84,10 @@ RIP 12343434
MISC 11
(Not sure what failures exactly they imitate, maybe there are better examples).
+
+
+For testing fatal MCEs you need to set up kdump. Mini-recipe:
+(1) yum install --enablerepo='*debuginfo*' kexec-tools crash kernel-debuginfo
+(2) add "crashkernel=128M" to the kernel's command line, reboot
+(3) before injecting fatal MCE, start kdump service:
+ systemctl start kdump.service
diff --git a/src/lib/kernel.c b/src/lib/kernel.c
index 340ec39..ad20c65 100644
--- a/src/lib/kernel.c
+++ b/src/lib/kernel.c
@@ -66,7 +66,7 @@ static void record_oops(GList **oops_list, struct line_info* lines_info, int oop
{
*oops_list = g_list_append(
*oops_list,
- xasprintf("%s\n%s", (version ? version : "undefined"), oops)
+ xasprintf("%s\n%s", (version ? version : ""), oops)
);
}
else
diff --git a/src/plugins/abrt-dump-oops.c b/src/plugins/abrt-dump-oops.c
index 5e33f0a..12291be 100644
--- a/src/plugins/abrt-dump-oops.c
+++ b/src/plugins/abrt-dump-oops.c
@@ -115,7 +115,8 @@ static void save_oops_data_in_dump_dir(struct dump_dir *dd, char *oops, const ch
char *second_line = (char*)strchr(first_line, '\n'); /* never NULL */
*second_line++ = '\0';
- dd_save_text(dd, FILENAME_KERNEL, first_line);
+ if (first_line[0])
+ dd_save_text(dd, FILENAME_KERNEL, first_line);
dd_save_text(dd, FILENAME_BACKTRACE, second_line);
/* check if trace doesn't have line: 'Your BIOS is broken' */
diff --git a/src/plugins/koops_event.conf b/src/plugins/koops_event.conf
index 37a79a9..b1472ce 100644
--- a/src/plugins/koops_event.conf
+++ b/src/plugins/koops_event.conf
@@ -3,6 +3,17 @@ EVENT=post-create analyzer=Kerneloops
# >> instead of > is due to bugzilla.redhat.com/show_bug.cgi?id=854266
abrt-action-analyze-oops &&
dmesg >>dmesg &&
+ {
+ # action-analyze-oops tries to save kernel version,
+ # but for some oopses it can't do that (e.g. MCEs).
+ # If it failed, try to extract version from dmesg:
+ test -f kernel ||
+ {
+ k=`sed -n '/Linux version/ s/.*Linux version \([^ ]*\) .*/\1/p' dmesg | tail -n1`
+ test "$k" != "" && printf "%s" "$k" >kernel
+ true # ignore possible failures in previous command
+ }
+ } &&
abrt-action-save-kernel-data &&
# Do not fail the event (->do not delete problem dir)
# if check-oops-for-hw-error exits nonzero:
diff --git a/src/plugins/vmcore_event.conf b/src/plugins/vmcore_event.conf
index 655d842..a525ec7 100644
--- a/src/plugins/vmcore_event.conf
+++ b/src/plugins/vmcore_event.conf
@@ -1,6 +1,7 @@
# analyze
EVENT=analyze_VMcore analyzer=vmcore
# If kdump machinery already extracted dmesg...
+ (
if test -f vmcore-dmesg.txt; then
# ...use that
abrt-dump-oops -o vmcore-dmesg.txt >backtrace || exit $?
@@ -15,8 +16,17 @@ EVENT=analyze_VMcore analyzer=vmcore
test "$k" != "" && printf "%s" "$k" >kernel
else
# No vmcore-dmesg.txt, do it the hard way:
- abrt-action-analyze-vmcore
- fi &&
+ abrt-action-analyze-vmcore || exit $?
+ #
+ # Does "kernel" element exist?
+ test -f kernel && exit 0
+ #
+ # Try creating it from dmesg_log (created by abrt-action-analyze-vmcore):
+ test -f dmesg_log || exit 0
+ k=`sed -n '/Linux version/ s/.*Linux version \([^ ]*\) .*/\1/p' dmesg_log | tail -n1`
+ test "$k" != "" && printf "%s" "$k" >kernel
+ fi
+ ) &&
abrt-action-analyze-oops &&
abrt-action-save-kernel-data
--
1.8.3.1

110
0027-MCE-make-oops-and-vmcore-MCEs-a-bit-more-similar.patch Normal file
View file

@ -0,0 +1,110 @@
From c86f483f58cc8e65030169965c2b4fe34911ef1d Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Thu, 16 Jan 2014 13:11:20 +0100
Subject: [ABRT PATCH 27/27] MCE: make oops and vmcore MCEs a bit more similar
For oops-MCEs, change abrt-action-check-oops-for-hw-error
to write MCE description to "backtrace" instead of "comment"
element.
Extend abrt-action-check-oops-for-hw-error to be able to
detect vmcore MCEs: it will create "not-reportable" element
for them too, as it was doing it for oops-MCEs.
Add post-create processing to vmcore_event.conf which
runs abrt-action-check-oops-for-hw-error on vmcores.
Since that needs dmesg, dmesg extraction also moved
to this event from analyze_VMcore.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Related to rhbz#1032077
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/abrt-action-check-oops-for-hw-error.in | 14 ++++++++++----
src/plugins/vmcore_event.conf | 13 +++++++++----
2 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/src/plugins/abrt-action-check-oops-for-hw-error.in b/src/plugins/abrt-action-check-oops-for-hw-error.in
index ce13caf..2333fa1 100644
--- a/src/plugins/abrt-action-check-oops-for-hw-error.in
+++ b/src/plugins/abrt-action-check-oops-for-hw-error.in
@@ -70,7 +70,9 @@ if __name__ == "__main__":
#
# See if MCEs were seen
- if not file_has_string("dmesg", "Machine check events logged"):
+ oops_mce = file_has_string("dmesg", "Machine check events logged");
+ vmcore_mce = file_has_string("backtrace", "Machine Check Exception:");
+ if not oops_mce and not vmcore_mce:
sys.exit(0)
#
# There was an MCE. IOW: it's not a bug, it's a HW error.
@@ -81,11 +83,15 @@ if __name__ == "__main__":
))
f.close()
+ # vmcore MCEs already have good backtrace element, nothing more to do
+ if vmcore_mce:
+ sys.exit(0)
+
#
# Did mcelog logged it to /var/log/mcelog
# (RHEL6 by default does this)?
if os.path.exists("/var/log/mcelog"):
- f = open_or_die("comment", "w")
+ f = open_or_die("backtrace", "w")
f.write("The kernel log indicates that hardware errors were detected.\n")
f.write("/var/log/mcelog file may have more information.\n")
f.write("The last 20 lines of /var/log/mcelog are:\n")
@@ -100,7 +106,7 @@ if __name__ == "__main__":
# On RHEL7, mcelog is run so that its output ends up in syslog.
# Do we see that?
if file_has_string("/var/log/messages", "mcelog: Hardware event"):
- f = open_or_die("comment", "w")
+ f = open_or_die("backtrace", "w")
f.write("The kernel log indicates that hardware errors were detected.\n")
f.write("System log may have more information.\n")
f.write("The last 20 mcelog lines of system log are:\n")
@@ -114,7 +120,7 @@ if __name__ == "__main__":
#
# Apparently, there is no running mcelog daemon!
# Let user know that he needs one.
- f = open_or_die("comment", "w")
+ f = open_or_die("backtrace", "w")
f.write("The kernel log indicates that hardware errors were detected.\n")
f.write("The data was saved by kernel for processing by the mcelog tool.\n")
f.write("However, neither /var/log/mcelog nor system log contain mcelog messages.\n")
diff --git a/src/plugins/vmcore_event.conf b/src/plugins/vmcore_event.conf
index a525ec7..34608d9 100644
--- a/src/plugins/vmcore_event.conf
+++ b/src/plugins/vmcore_event.conf
@@ -1,7 +1,6 @@
-# analyze
-EVENT=analyze_VMcore analyzer=vmcore
- # If kdump machinery already extracted dmesg...
+EVENT=post-create analyzer=vmcore
(
+ # If kdump machinery already extracted dmesg...
if test -f vmcore-dmesg.txt; then
# ...use that
abrt-dump-oops -o vmcore-dmesg.txt >backtrace || exit $?
@@ -26,7 +25,13 @@ EVENT=analyze_VMcore analyzer=vmcore
k=`sed -n '/Linux version/ s/.*Linux version \([^ ]*\) .*/\1/p' dmesg_log | tail -n1`
test "$k" != "" && printf "%s" "$k" >kernel
fi
- ) &&
+ )
+ # Do not fail the event (->do not delete problem dir)
+ # if check-oops-for-hw-error exits nonzero:
+ { abrt-action-check-oops-for-hw-error || true; }
+
+# analyze
+EVENT=analyze_VMcore analyzer=vmcore
abrt-action-analyze-oops &&
abrt-action-save-kernel-data
--
1.8.3.1

27
0028-python-install-modules-to-sitearch-directory.patch Normal file
View file

@ -0,0 +1,27 @@
From 6ada05045535af7a3960c5d7f4b6c7c7bdd7446c Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 31 Jan 2014 11:09:46 +0100
Subject: [ABRT PATCH 28/29] python: install modules to sitearch directory
Related to rhbz#881123
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/python-problem/problem/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/python-problem/problem/Makefile.am b/src/python-problem/problem/Makefile.am
index cd8f04e..c7d99cb 100644
--- a/src/python-problem/problem/Makefile.am
+++ b/src/python-problem/problem/Makefile.am
@@ -1,6 +1,6 @@
problem_PYTHON = __init__.py exception.py proxies.py tools.py watch.py config.py
-problemdir = $(pythondir)/problem
+problemdir = $(pyexecdir)/problem
pyabrtdir = $(problemdir)
pyabrt_LTLIBRARIES = _pyabrt.la
--
1.8.3.1

37
0030-retrace-client-stop-failing-on-SSL2.patch Normal file
View file

@ -0,0 +1,37 @@
From a0a65dcc1091dc5a1ad06f4e6b8eb90f47eef98f Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Tue, 4 Feb 2014 13:03:21 +0100
Subject: [ABRT PATCH 30/30] retrace-client: stop failing on SSL2
Closes rhbz#1060796
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/https-utils.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/plugins/https-utils.c b/src/plugins/https-utils.c
index cb3c606..f1fe825 100644
--- a/src/plugins/https-utils.c
+++ b/src/plugins/https-utils.c
@@ -213,12 +213,13 @@ void ssl_connect(struct https_cfg *cfg, PRFileDesc **tcp_sock, PRFileDesc **ssl_
error_msg_and_die(_("Failed to wrap TCP socket by SSL."));
if (SECSuccess != SSL_OptionSet(*ssl_sock, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE))
error_msg_and_die(_("Failed to enable client handshake to SSL socket."));
- if (SECSuccess != SSL_OptionSet(*ssl_sock, SSL_ENABLE_SSL2, PR_TRUE))
- error_msg_and_die(_("Failed to enable client handshake to SSL socket."));
+ // https://bugzilla.redhat.com/show_bug.cgi?id=1033024#c6
+ //if (SECSuccess != SSL_OptionSet(*ssl_sock, SSL_ENABLE_SSL2, PR_TRUE))
+ // error_msg_and_die(_("Failed to enable SSL2."));
if (SECSuccess != SSL_OptionSet(*ssl_sock, SSL_ENABLE_SSL3, PR_TRUE))
- error_msg_and_die(_("Failed to enable client handshake to SSL socket."));
+ error_msg_and_die(_("Failed to enable SSL3."));
if (SECSuccess != SSL_OptionSet(*ssl_sock, SSL_ENABLE_TLS, PR_TRUE))
- error_msg_and_die(_("Failed to enable client handshake to SSL socket."));
+ error_msg_and_die(_("Failed to enable TLS."));
if (SECSuccess != SSL_SetURL(*ssl_sock, cfg->url))
error_msg_and_die(_("Failed to set URL to SSL socket."));
--
1.8.3.1

114
0033-upload-watch-remove-busy-wait-for-SIGUSR1.patch Normal file
View file

@ -0,0 +1,114 @@
From b23cb1c47c7acb28a002162cd2dcf897e9f0f019 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 7 Feb 2014 17:54:14 +0100
Subject: [ABRT PATCH 33/34] upload-watch: remove busy-wait for SIGUSR1
Unconditional checking of SIGUSR1 flag in the idle source of main loop
causes 100% CPU usage.
hanle_sigusr() function and got_sigusr flag are not necessary because
abrt-upload-watch already implements signal handling based on usage of
GIO Channels.
Closes rhbz#1063317
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt-upload-watch.c | 37 +++++++++----------------------------
1 file changed, 9 insertions(+), 28 deletions(-)
diff --git a/src/daemon/abrt-upload-watch.c b/src/daemon/abrt-upload-watch.c
index 59bfbe4..a42b285 100644
--- a/src/daemon/abrt-upload-watch.c
+++ b/src/daemon/abrt-upload-watch.c
@@ -27,7 +27,6 @@
#define DEFAULT_CACHE_MIB_SIZE 4
static int g_signal_pipe[2];
-static sig_atomic_t got_sigusr;
struct queue
{
@@ -122,24 +121,11 @@ handle_new_path(struct process *proc, char *name)
}
}
-static gboolean
+static void
print_stats(struct process *proc)
{
- /* there is a race, because we run this function from 2 different places
- * 1st when a child dies
- * 2nd as idle source from mainloop
- * if it happens the stats will be printed twice, which I think
- * is not a big deal, because it's only for debug and tests
- */
- if (got_sigusr == 1)
- {
- got_sigusr = 0;
- /* this is meant only for debugging, so not marking it as translatable */
- fprintf(stderr, "%i archives to process, %i active workers\n", g_queue_get_length(&proc->queue.q), proc->children);
- }
-
- /* don't remove this source from glib */
- return true;
+ /* this is meant only for debugging, so not marking it as translatable */
+ fprintf(stderr, "%i archives to process, %i active workers\n", g_queue_get_length(&proc->queue.q), proc->children);
}
static void
@@ -157,13 +143,6 @@ process_next_in_queue(struct process *proc)
}
static void
-handle_sigusr(int signo)
-{
- /* just set the flag and process it synchronously */
- got_sigusr = 1;
-}
-
-static void
handle_signal(int signo)
{
int save_errno = errno;
@@ -200,7 +179,11 @@ handle_signal_pipe_cb(GIOChannel *gio, GIOCondition condition, gpointer user_dat
{
/* we did receive a signal */
log_debug("Got signal %d through signal pipe", signals[signo]);
- if (signals[signo] != SIGCHLD)
+ if (signals[signo] == SIGUSR1)
+ {
+ print_stats(proc);
+ }
+ else if (signals[signo] != SIGCHLD)
{
process_quit(proc);
return FALSE; /* remove this event */
@@ -363,7 +346,7 @@ main(int argc, char **argv)
close_on_exec_on(g_signal_pipe[1]);
ndelay_on(g_signal_pipe[0]);
ndelay_on(g_signal_pipe[1]);
- signal(SIGUSR1, handle_sigusr);
+ signal(SIGUSR1, handle_signal);
signal(SIGTERM, handle_signal);
signal(SIGINT, handle_signal);
signal(SIGCHLD, handle_signal);
@@ -373,7 +356,6 @@ main(int argc, char **argv)
handle_signal_pipe_cb,
&proc);
- int status_callback_source_id = g_idle_add((GSourceFunc)print_stats, &proc);
log_info("Starting glib main loop");
g_main_loop_run(proc.main_loop);
@@ -381,7 +363,6 @@ main(int argc, char **argv)
log_info("Glib main loop finished");
g_source_remove(channel_signal_source_id);
- g_source_remove(status_callback_source_id);
GError *error = NULL;
g_io_channel_shutdown(channel_signal, FALSE, &error);
--
1.8.3.1

28
0034-turn-off-Autoreporting.patch Normal file
View file

@ -0,0 +1,28 @@
From ff8acb9bb35ebcc0fc2541e245989afccc860671 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 10 Feb 2014 16:05:13 +0100
Subject: [ABRT PATCH 34/34] turn off Autoreporting
Closes rhbz#1051480
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/abrt.conf b/src/daemon/abrt.conf
index 403b93d..59d1831 100644
--- a/src/daemon/abrt.conf
+++ b/src/daemon/abrt.conf
@@ -34,7 +34,7 @@ AutoreportingEvent = report_uReport
# Enables automatic running of the event configured in AutoreportingEvent option.
#
-AutoreportingEnabled = yes
+AutoreportingEnabled = no
# Enables shortened GUI reporting where the reporting is interrupted after
# AutoreportingEvent is done.
--
1.8.3.1

34
0036-never-search-for-MCE-strings-in-dmesg.patch Normal file
View file

@ -0,0 +1,34 @@
From 6d22940abaeed562e3415fbad905243817a62c21 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 12 Feb 2014 17:51:40 +0100
Subject: [ABRT PATCH 36/36] never search for MCE strings in dmesg
'dmesg' element contains complete output of dmesg, therefore once kernel
log MCE all consecutive oopses has the MCE messages in 'dmesg' element.
'backtrace' element contains either oops's backtrace or the MCE message
whose scope is limited to a single oops.
Closes rhbz#1064458
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/abrt-action-check-oops-for-hw-error.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/plugins/abrt-action-check-oops-for-hw-error.in b/src/plugins/abrt-action-check-oops-for-hw-error.in
index 2333fa1..d74f89d 100644
--- a/src/plugins/abrt-action-check-oops-for-hw-error.in
+++ b/src/plugins/abrt-action-check-oops-for-hw-error.in
@@ -70,7 +70,7 @@ if __name__ == "__main__":
#
# See if MCEs were seen
- oops_mce = file_has_string("dmesg", "Machine check events logged");
+ oops_mce = file_has_string("backtrace", "Machine check events logged");
vmcore_mce = file_has_string("backtrace", "Machine Check Exception:");
if not oops_mce and not vmcore_mce:
sys.exit(0)
--
1.8.3.1

30
0037-sos-capture-all-necessary-data.patch Normal file
View file

@ -0,0 +1,30 @@
From b4fdb9cccbb6b9ea953e2a633d08ace920f84850 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 24 Feb 2014 17:53:29 +0100
Subject: [ABRT PATCH 37/40] sos: capture all necessary data
Thanks Deepu K S <dkochuka@redhat.com>
Closes rhbz#1069278
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt_event.conf | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/daemon/abrt_event.conf b/src/daemon/abrt_event.conf
index fe9c3d5..380b312 100644
--- a/src/daemon/abrt_event.conf
+++ b/src/daemon/abrt_event.conf
@@ -74,6 +74,8 @@ EVENT=post-create
--only=memory --only=networking --only=nfsserver --only=pam \
--only=process --only=rpm -k rpm.rpmva=off --only=ssh \
--only=startup --only=yum --only=general --only=x11 \
+ --only=cups --only=logs --only=grub2 --only=cron --only=pci \
+ --only=auditd --only=selinux --only=lvm2 --only=sar \
>sosreport.log 2>&1 \
&& {
rm sosreport.log
--
1.8.3.1

82
0038-stop-sending-ureports-from-abrt-applet.patch Normal file
View file

@ -0,0 +1,82 @@
From 9bc8bc16ca37d2e5c0caa20649a92dc1ae814051 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 24 Feb 2014 11:24:20 +0100
Subject: [ABRT PATCH 38/40] stop sending ureports from abrt-applet
Related to rhbz#1067114
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/applet/applet.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/applet/applet.c b/src/applet/applet.c
index 131d2ab..6ce400f 100644
--- a/src/applet/applet.c
+++ b/src/applet/applet.c
@@ -49,6 +49,8 @@
#define GUI_EXECUTABLE "gnome-abrt"
+#define RHBZ_1067114_NO_UREPORT
+
enum
{
/*
@@ -90,6 +92,7 @@ static bool is_autoreporting_enabled(void)
return get_configured_bool_or_default("AutoreportingEnabled", g_settings_autoreporting);
}
+#ifndef RHBZ_1067114_NO_UREPORT
static bool is_ureport_auth_enabled(void)
{
bool success, auth_enabled;
@@ -110,6 +113,7 @@ static bool is_ureport_auth_enabled(void)
return auth_enabled;
}
+#endif//RHBZ_1067114_NO_UREPORT
static const char *get_autoreport_event_name(void)
{
@@ -118,6 +122,7 @@ static const char *get_autoreport_event_name(void)
return configured ? configured : g_settings_autoreporting_event;
}
+#ifndef RHBZ_1067114_NO_UREPORT
static void ask_start_autoreporting()
{
struct strbuf *question = strbuf_new();
@@ -156,6 +161,7 @@ static void ask_start_autoreporting()
/* must be called immediately, otherwise the data could be lost in case of crash */
save_user_settings();
}
+#endif//RHBZ_1067114_NO_UREPORT
static bool is_shortened_reporting_enabled()
{
@@ -632,10 +638,13 @@ static void action_report(NotifyNotification *notification, gchar *action, gpoin
problem_info_t *pi = (problem_info_t *)user_data;
if (problem_info_get_dir(pi))
{
+#ifndef RHBZ_1067114_NO_UREPORT
if (strcmp(A_REPORT_REPORT, action) == 0)
{
+#endif//RHBZ_1067114_NO_UREPORT
run_report_from_applet(problem_info_get_dir(pi));
problem_info_free(pi);
+#ifndef RHBZ_1067114_NO_UREPORT
}
else
{
@@ -647,6 +656,7 @@ static void action_report(NotifyNotification *notification, gchar *action, gpoin
run_event_async(pi, get_autoreport_event_name(),
is_shortened_reporting_enabled() ? 0 : REPORT_UNKNOWN_PROBLEM_IMMEDIATELY);
}
+#endif//RHBZ_1067114_NO_UREPORT
}
else
problem_info_free(pi);
--
1.8.3.1

43
0039-ccpp-run-vulnerability-analysis-in-analyze_LocalGDB.patch Normal file
View file

@ -0,0 +1,43 @@
From f9b0c9a296453cd817cc5d9a2e54ec6b4e123967 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Tue, 25 Feb 2014 17:53:42 +0100
Subject: [ABRT PATCH 39/40] ccpp: run vulnerability analysis in
analyze_LocalGDB
The vulnerability analysis has been moved from 'post-create' to
'analyze_LocalGDB' because gdb should not be run for random coredump
under root user.
Closes rhbz#1069719
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/ccpp_event.conf | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/plugins/ccpp_event.conf b/src/plugins/ccpp_event.conf
index ccc9e83..62ff08a 100644
--- a/src/plugins/ccpp_event.conf
+++ b/src/plugins/ccpp_event.conf
@@ -19,8 +19,6 @@ EVENT=post-create analyzer=CCpp
##satyr migration:
#satyr abrt-create-core-stacktrace "$DUMP_DIR"
abrt-action-generate-core-backtrace
- # Run GDB plugin to see if crash looks exploitable
- abrt-action-analyze-vulnerability
# Generate hash
abrt-action-analyze-c &&
abrt-action-list-dsos -m maps -o dso_list &&
@@ -70,6 +68,9 @@ EVENT=collect_xsession_errors analyzer=CCpp dso_list~=.*/libX11.*
# TODO: can we still specify additional directories to search for debuginfos,
# or was this ability lost with move to python installer?
EVENT=analyze_LocalGDB analyzer=CCpp
+ # Run GDB plugin to see if crash looks exploitable
+ abrt-action-analyze-vulnerability
+ # Run GDB to genereate backtrace
abrt-action-analyze-ccpp-local --without-bodhi
--
1.8.3.1

4130
0040-Translation-updates.patch Normal file
View file

File diff suppressed because it is too large Load diff

67211
0041-Translation-updates.patch Normal file
View file

File diff suppressed because it is too large Load diff

30
0042-vmcore-start-the-service-after-kdump-service.patch Normal file
View file

@ -0,0 +1,30 @@
From aa0151e852994dc4ac27a20e49e0db3ddaf5aad3 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 17 Apr 2014 17:20:48 +0200
Subject: [ABRT PATCH 42/66] vmcore: start the service after kdump service
kdump must be started first because it has to relabel the vmcore
directories.
Resolves rhbz#1086642
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
init-scripts/abrt-vmcore.service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/init-scripts/abrt-vmcore.service b/init-scripts/abrt-vmcore.service
index 000f0e3..caa3134 100644
--- a/init-scripts/abrt-vmcore.service
+++ b/init-scripts/abrt-vmcore.service
@@ -1,6 +1,6 @@
[Unit]
Description=Harvest vmcores for ABRT
-After=abrtd.service
+After=abrtd.service kdump.service
Requisite=abrtd.service
ConditionDirectoryNotEmpty=/var/crash
--
1.8.3.1

791
0043-configu-UI-use-glade-file-extension-instead-of-ui.patch Normal file
View file

@ -0,0 +1,791 @@
From 88eebe6a15a640001795da35704e2a4cff9ddbc0 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Tue, 15 Apr 2014 09:18:47 +0200
Subject: [ABRT PATCH 43/66] configu UI: use glade file extension instead of ui
intltool recognizes translatable strings in XML UI files only if the
file has "glade" extension.
Resolves rhbz#1087777
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
po/POTFILES.in | 2 +-
src/configuration-gui/Makefile.am | 2 +-
src/configuration-gui/abrt-config-widget.c | 2 +-
src/configuration-gui/abrt-config-widget.glade | 358 +++++++++++++++++++++++++
src/configuration-gui/abrt-config-widget.ui | 358 -------------------------
5 files changed, 361 insertions(+), 361 deletions(-)
create mode 100644 src/configuration-gui/abrt-config-widget.glade
delete mode 100644 src/configuration-gui/abrt-config-widget.ui
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 6d90162..2c36802 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -3,7 +3,7 @@
# Please keep this file sorted alphabetically.
src/applet/abrt-applet.desktop.in
src/applet/applet.c
-src/configuration-gui/abrt-config-widget.ui
+src/configuration-gui/abrt-config-widget.glade
src/configuration-gui/system-config-abrt.c
src/configuration-gui/main.c
src/daemon/abrt-action-save-package-data.c
diff --git a/src/configuration-gui/Makefile.am b/src/configuration-gui/Makefile.am
index 67b010d..4d20318 100644
--- a/src/configuration-gui/Makefile.am
+++ b/src/configuration-gui/Makefile.am
@@ -56,7 +56,7 @@ system_config_abrt_LDADD = \
$(GTK_LIBS) \
$(LIBREPORT_LIBS)
-dist_ui_DATA = abrt-config-widget.ui
+dist_ui_DATA = abrt-config-widget.glade
uidir = $(pkgdatadir)/ui
EXTRA_DIST = abrt_gui.pc.in
diff --git a/src/configuration-gui/abrt-config-widget.c b/src/configuration-gui/abrt-config-widget.c
index 2c0ba9b..45eac95 100644
--- a/src/configuration-gui/abrt-config-widget.c
+++ b/src/configuration-gui/abrt-config-widget.c
@@ -30,7 +30,7 @@
#define WID(s) GTK_WIDGET(gtk_builder_get_object(self->priv->builder, s))
-#define UI_FILE_NAME "abrt-config-widget.ui"
+#define UI_FILE_NAME "abrt-config-widget.glade"
typedef struct {
char *app_name;
diff --git a/src/configuration-gui/abrt-config-widget.glade b/src/configuration-gui/abrt-config-widget.glade
new file mode 100644
index 0000000..e470011
--- /dev/null
+++ b/src/configuration-gui/abrt-config-widget.glade
@@ -0,0 +1,358 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<interface>
+ <!-- interface-requires gtk+ 3.0 -->
+ <object class="GtkWindow" id="window1">
+ <property name="can_focus">False</property>
+ <child>
+ <object class="GtkGrid" id="grid">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="margin_left">10</property>
+ <property name="margin_right">10</property>
+ <property name="margin_top">10</property>
+ <property name="margin_bottom">10</property>
+ <property name="row_homogeneous">True</property>
+ <child>
+ <object class="GtkLabel" id="label2">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="halign">start</property>
+ <property name="hexpand">True</property>
+ <property name="ypad">10</property>
+ <property name="label" translatable="yes">Ask before stealing directory</property>
+ <signal name="enter-notify-event" handler="label_enter_notify_event_cb" swapped="no"/>
+ <signal name="leave-notify-event" handler="label_leave_notify_event_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">1</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="label3">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="halign">start</property>
+ <property name="hexpand">True</property>
+ <property name="ypad">10</property>
+ <property name="label" translatable="yes">Automatically send uReport</property>
+ <signal name="enter-notify-event" handler="label_enter_notify_event_cb" swapped="no"/>
+ <signal name="leave-notify-event" handler="label_leave_notify_event_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">3</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkSwitch" id="switch_upload_coredump">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="halign">end</property>
+ <property name="valign">center</property>
+ <property name="margin_left">10</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">0</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkSwitch" id="switch_steal_directory">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="halign">end</property>
+ <property name="valign">center</property>
+ <property name="margin_left">10</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">1</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkSwitch" id="switch_send_ureport">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="halign">end</property>
+ <property name="valign">center</property>
+ <property name="margin_left">10</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">3</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="label4">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="halign">start</property>
+ <property name="hexpand">True</property>
+ <property name="ypad">10</property>
+ <property name="label" translatable="yes">Shortened reporting</property>
+ <signal name="enter-notify-event" handler="label_enter_notify_event_cb" swapped="no"/>
+ <signal name="leave-notify-event" handler="label_leave_notify_event_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">4</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkSwitch" id="switch_shortened_reporting">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="halign">end</property>
+ <property name="valign">center</property>
+ <property name="margin_left">10</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">4</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkSwitch" id="switch_silent_shortened_reporting">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="halign">end</property>
+ <property name="valign">center</property>
+ <property name="margin_left">10</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">5</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="label9">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="halign">start</property>
+ <property name="hexpand">True</property>
+ <property name="ypad">10</property>
+ <property name="label" translatable="yes">Silent shortened reporting</property>
+ <signal name="enter-notify-event" handler="label_enter_notify_event_cb" swapped="no"/>
+ <signal name="leave-notify-event" handler="label_leave_notify_event_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">5</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkImage" id="image1">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">The coredump file is necessary for generating stack trace which is time and space consuming operation. ABRT provides a service which generates the stack trace from the coredump but you have to upload the coredump to this service. With this option disabled ABRT will upload the coredump without asking.</property>
+ <property name="halign">end</property>
+ <property name="margin_left">5</property>
+ <property name="margin_right">1</property>
+ <property name="stock">gtk-dialog-question</property>
+ </object>
+ <packing>
+ <property name="left_attach">2</property>
+ <property name="top_attach">0</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkImage" id="image2">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">ABRT stores problem data in directories. Whenever ABRT needs writable directory, the directory is moved from the system location to your home directory. With this option disabled ABRT will move the problem directory without asking.</property>
+ <property name="halign">end</property>
+ <property name="margin_left">5</property>
+ <property name="stock">gtk-dialog-question</property>
+ </object>
+ <packing>
+ <property name="left_attach">2</property>
+ <property name="top_attach">1</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkImage" id="image3">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">uReport is short and completely anonymous description of a problem. ABRT uses uReports for fast global duplicate detection. In default configuration uReport is sent at beginning of reporting process. With this option enabled uReports are sent automatically immediately after problem detection.</property>
+ <property name="halign">end</property>
+ <property name="margin_left">5</property>
+ <property name="stock">gtk-dialog-question</property>
+ </object>
+ <packing>
+ <property name="left_attach">2</property>
+ <property name="top_attach">3</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkImage" id="image4">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">With this option enabled reporting process started by click on Report button in problem notification bubble will be interrupted after uReport is sent. You can always use the default problem browser to make complete report.</property>
+ <property name="halign">end</property>
+ <property name="margin_left">5</property>
+ <property name="stock">gtk-dialog-question</property>
+ </object>
+ <packing>
+ <property name="left_attach">2</property>
+ <property name="top_attach">4</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkImage" id="image5">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes"> With this option enabled ABRT never shows notifications of reported problems. Takes effect only if Shortened reporting is enabled.</property>
+ <property name="halign">end</property>
+ <property name="margin_left">5</property>
+ <property name="stock">gtk-dialog-question</property>
+ </object>
+ <packing>
+ <property name="left_attach">2</property>
+ <property name="top_attach">5</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="label1">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="halign">start</property>
+ <property name="hexpand">True</property>
+ <property name="ypad">10</property>
+ <property name="label" translatable="yes">Ask before uploading coredump</property>
+ <signal name="enter-notify-event" handler="label_enter_notify_event_cb" swapped="no"/>
+ <signal name="leave-notify-event" handler="label_leave_notify_event_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkImage" id="image6">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes"> With this option enabled ABRT always create bug ticket with restricted access if possibly sensitive data are dected.</property>
+ <property name="halign">end</property>
+ <property name="margin_left">5</property>
+ <property name="stock">gtk-dialog-question</property>
+ </object>
+ <packing>
+ <property name="left_attach">2</property>
+ <property name="top_attach">2</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="label5">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="halign">start</property>
+ <property name="hexpand">True</property>
+ <property name="ypad">10</property>
+ <property name="label" translatable="yes">Request private ticket for sensitive information</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">2</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkSwitch" id="switch_private_ticket">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="halign">end</property>
+ <property name="valign">center</property>
+ <property name="margin_left">10</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">2</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="label6">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="halign">start</property>
+ <property name="hexpand">True</property>
+ <property name="ypad">10</property>
+ <property name="label" translatable="yes">Notify incomplete problems</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">6</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkSwitch" id="switch_notify_incomplete_problems">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="halign">end</property>
+ <property name="valign">center</property>
+ <property name="margin_left">10</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">6</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkImage" id="image7">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">Incomplete problems are detected while computer is shutting down or user is logging out. In order to provide valuable problem reports, ABRT will not allow you to submit these problems.</property>
+ <property name="halign">end</property>
+ <property name="margin_left">5</property>
+ <property name="stock">gtk-dialog-question</property>
+ </object>
+ <packing>
+ <property name="left_attach">2</property>
+ <property name="top_attach">6</property>
+ <property name="width">1</property>
+ <property name="height">1</property>
+ </packing>
+ </child>
+ </object>
+ </child>
+ </object>
+</interface>
diff --git a/src/configuration-gui/abrt-config-widget.ui b/src/configuration-gui/abrt-config-widget.ui
deleted file mode 100644
index e470011..0000000
--- a/src/configuration-gui/abrt-config-widget.ui
+++ /dev/null
@@ -1,358 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<interface>
- <!-- interface-requires gtk+ 3.0 -->
- <object class="GtkWindow" id="window1">
- <property name="can_focus">False</property>
- <child>
- <object class="GtkGrid" id="grid">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="margin_left">10</property>
- <property name="margin_right">10</property>
- <property name="margin_top">10</property>
- <property name="margin_bottom">10</property>
- <property name="row_homogeneous">True</property>
- <child>
- <object class="GtkLabel" id="label2">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="halign">start</property>
- <property name="hexpand">True</property>
- <property name="ypad">10</property>
- <property name="label" translatable="yes">Ask before stealing directory</property>
- <signal name="enter-notify-event" handler="label_enter_notify_event_cb" swapped="no"/>
- <signal name="leave-notify-event" handler="label_leave_notify_event_cb" swapped="no"/>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">1</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkLabel" id="label3">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="halign">start</property>
- <property name="hexpand">True</property>
- <property name="ypad">10</property>
- <property name="label" translatable="yes">Automatically send uReport</property>
- <signal name="enter-notify-event" handler="label_enter_notify_event_cb" swapped="no"/>
- <signal name="leave-notify-event" handler="label_leave_notify_event_cb" swapped="no"/>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">3</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkSwitch" id="switch_upload_coredump">
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="halign">end</property>
- <property name="valign">center</property>
- <property name="margin_left">10</property>
- </object>
- <packing>
- <property name="left_attach">1</property>
- <property name="top_attach">0</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkSwitch" id="switch_steal_directory">
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="halign">end</property>
- <property name="valign">center</property>
- <property name="margin_left">10</property>
- </object>
- <packing>
- <property name="left_attach">1</property>
- <property name="top_attach">1</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkSwitch" id="switch_send_ureport">
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="halign">end</property>
- <property name="valign">center</property>
- <property name="margin_left">10</property>
- </object>
- <packing>
- <property name="left_attach">1</property>
- <property name="top_attach">3</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkLabel" id="label4">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="halign">start</property>
- <property name="hexpand">True</property>
- <property name="ypad">10</property>
- <property name="label" translatable="yes">Shortened reporting</property>
- <signal name="enter-notify-event" handler="label_enter_notify_event_cb" swapped="no"/>
- <signal name="leave-notify-event" handler="label_leave_notify_event_cb" swapped="no"/>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">4</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkSwitch" id="switch_shortened_reporting">
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="halign">end</property>
- <property name="valign">center</property>
- <property name="margin_left">10</property>
- </object>
- <packing>
- <property name="left_attach">1</property>
- <property name="top_attach">4</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkSwitch" id="switch_silent_shortened_reporting">
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="halign">end</property>
- <property name="valign">center</property>
- <property name="margin_left">10</property>
- </object>
- <packing>
- <property name="left_attach">1</property>
- <property name="top_attach">5</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkLabel" id="label9">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="halign">start</property>
- <property name="hexpand">True</property>
- <property name="ypad">10</property>
- <property name="label" translatable="yes">Silent shortened reporting</property>
- <signal name="enter-notify-event" handler="label_enter_notify_event_cb" swapped="no"/>
- <signal name="leave-notify-event" handler="label_leave_notify_event_cb" swapped="no"/>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">5</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkImage" id="image1">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="tooltip_text" translatable="yes">The coredump file is necessary for generating stack trace which is time and space consuming operation. ABRT provides a service which generates the stack trace from the coredump but you have to upload the coredump to this service. With this option disabled ABRT will upload the coredump without asking.</property>
- <property name="halign">end</property>
- <property name="margin_left">5</property>
- <property name="margin_right">1</property>
- <property name="stock">gtk-dialog-question</property>
- </object>
- <packing>
- <property name="left_attach">2</property>
- <property name="top_attach">0</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkImage" id="image2">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="tooltip_text" translatable="yes">ABRT stores problem data in directories. Whenever ABRT needs writable directory, the directory is moved from the system location to your home directory. With this option disabled ABRT will move the problem directory without asking.</property>
- <property name="halign">end</property>
- <property name="margin_left">5</property>
- <property name="stock">gtk-dialog-question</property>
- </object>
- <packing>
- <property name="left_attach">2</property>
- <property name="top_attach">1</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkImage" id="image3">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="tooltip_text" translatable="yes">uReport is short and completely anonymous description of a problem. ABRT uses uReports for fast global duplicate detection. In default configuration uReport is sent at beginning of reporting process. With this option enabled uReports are sent automatically immediately after problem detection.</property>
- <property name="halign">end</property>
- <property name="margin_left">5</property>
- <property name="stock">gtk-dialog-question</property>
- </object>
- <packing>
- <property name="left_attach">2</property>
- <property name="top_attach">3</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkImage" id="image4">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="tooltip_text" translatable="yes">With this option enabled reporting process started by click on Report button in problem notification bubble will be interrupted after uReport is sent. You can always use the default problem browser to make complete report.</property>
- <property name="halign">end</property>
- <property name="margin_left">5</property>
- <property name="stock">gtk-dialog-question</property>
- </object>
- <packing>
- <property name="left_attach">2</property>
- <property name="top_attach">4</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkImage" id="image5">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="tooltip_text" translatable="yes"> With this option enabled ABRT never shows notifications of reported problems. Takes effect only if Shortened reporting is enabled.</property>
- <property name="halign">end</property>
- <property name="margin_left">5</property>
- <property name="stock">gtk-dialog-question</property>
- </object>
- <packing>
- <property name="left_attach">2</property>
- <property name="top_attach">5</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkLabel" id="label1">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="halign">start</property>
- <property name="hexpand">True</property>
- <property name="ypad">10</property>
- <property name="label" translatable="yes">Ask before uploading coredump</property>
- <signal name="enter-notify-event" handler="label_enter_notify_event_cb" swapped="no"/>
- <signal name="leave-notify-event" handler="label_leave_notify_event_cb" swapped="no"/>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">0</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkImage" id="image6">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="tooltip_text" translatable="yes"> With this option enabled ABRT always create bug ticket with restricted access if possibly sensitive data are dected.</property>
- <property name="halign">end</property>
- <property name="margin_left">5</property>
- <property name="stock">gtk-dialog-question</property>
- </object>
- <packing>
- <property name="left_attach">2</property>
- <property name="top_attach">2</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkLabel" id="label5">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="halign">start</property>
- <property name="hexpand">True</property>
- <property name="ypad">10</property>
- <property name="label" translatable="yes">Request private ticket for sensitive information</property>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">2</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkSwitch" id="switch_private_ticket">
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="halign">end</property>
- <property name="valign">center</property>
- <property name="margin_left">10</property>
- </object>
- <packing>
- <property name="left_attach">1</property>
- <property name="top_attach">2</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkLabel" id="label6">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="halign">start</property>
- <property name="hexpand">True</property>
- <property name="ypad">10</property>
- <property name="label" translatable="yes">Notify incomplete problems</property>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">6</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkSwitch" id="switch_notify_incomplete_problems">
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="halign">end</property>
- <property name="valign">center</property>
- <property name="margin_left">10</property>
- </object>
- <packing>
- <property name="left_attach">1</property>
- <property name="top_attach">6</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkImage" id="image7">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="tooltip_text" translatable="yes">Incomplete problems are detected while computer is shutting down or user is logging out. In order to provide valuable problem reports, ABRT will not allow you to submit these problems.</property>
- <property name="halign">end</property>
- <property name="margin_left">5</property>
- <property name="stock">gtk-dialog-question</property>
- </object>
- <packing>
- <property name="left_attach">2</property>
- <property name="top_attach">6</property>
- <property name="width">1</property>
- <property name="height">1</property>
- </packing>
- </child>
- </object>
- </child>
- </object>
-</interface>
--
1.8.3.1

756
0044-localization-fixes.patch Normal file
View file

@ -0,0 +1,756 @@
From 40823feb83cc2a7ad7aac8fb0da1ff7c0773eb2a Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 14 Jul 2014 16:06:17 +0200
Subject: [ABRT PATCH 44/66] localization fixes
commit fc0f32d878bb93e7498340224281fa526b4aeaf7
Author: Jakub Filak <jfilak@redhat.com>
Date: Wed Apr 16 12:03:31 2014 +0200
localization: fix gettext
https://www.gnu.org/software/gettext/manual/html_node/Libraries.html
commit f8533576b349f346acafdc7c0182a995a569a443
Author: Jakub Filak <jfilak@redhat.com>
Date: Wed Apr 16 21:08:29 2014 +0200
do not clear LANG env variable
abrt-action-install-debuginfo-to-abrt-cache
commit d05e231eaf05dc6680be031741d1d7593445f70d
Author: Jakub Filak <jfilak@redhat.com>
Date: Wed Apr 16 21:13:44 2014 +0200
a-a-a-core: fix localization
The strings of that file are not translated at all because
the file was not included in POTFILES.in
Resolves rhbz#1087880
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
po/POTFILES.in | 1 +
src/configuration-gui/system-config-abrt.c | 4 +-
src/include/Makefile.am | 3 +
src/include/internal_libabrt.h | 50 ++++++
src/include/libabrt.h | 15 --
src/lib/Makefile.am | 3 +
src/lib/hooklib.c | 4 +-
src/lib/ignored_problems.c | 4 +-
src/lib/libabrt_init.c | 28 ++++
src/lib/problem_api_dbus.c | 10 +-
src/plugins/Makefile.am | 8 +-
src/plugins/abrt-action-analyze-core | 186 ---------------------
src/plugins/abrt-action-analyze-core.in | 186 +++++++++++++++++++++
.../abrt-action-install-debuginfo-to-abrt-cache.c | 3 +-
14 files changed, 298 insertions(+), 207 deletions(-)
create mode 100644 src/include/internal_libabrt.h
create mode 100644 src/lib/libabrt_init.c
delete mode 100644 src/plugins/abrt-action-analyze-core
create mode 100644 src/plugins/abrt-action-analyze-core.in
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 2c36802..ff9b97a 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -21,6 +21,7 @@ src/lib/problem_api_dbus.c
src/lib/ignored_problems.c
src/plugins/abrt-action-analyze-backtrace.c
src/plugins/abrt-action-analyze-c.c
+src/plugins/abrt-action-analyze-core.in
src/plugins/abrt-action-analyze-oops.c
src/plugins/abrt-action-analyze-xorg.c
src/plugins/abrt-action-analyze-python.c
diff --git a/src/configuration-gui/system-config-abrt.c b/src/configuration-gui/system-config-abrt.c
index b15a5ef..bd9f13f 100644
--- a/src/configuration-gui/system-config-abrt.c
+++ b/src/configuration-gui/system-config-abrt.c
@@ -18,7 +18,7 @@
#include "system-config-abrt.h"
#include "abrt-config-widget.h"
-#include <libabrt.h>
+#include "internal_libabrt.h"
#define CLOSE_BUTTON_DATA_NAME_CALLBACK "my-close-callback"
#define CLOSE_BUTTON_DATA_NAME_USER_DATA "my-close-user-data"
@@ -105,6 +105,8 @@ system_config_abrt_dialog_delete_event(GtkWidget *dialog, GdkEvent *event, gpoin
void show_system_config_abrt_dialog(GtkWindow *parent)
{
+ INITIALIZE_LIBABRT();
+
GtkWidget *dialog = gtk_dialog_new();
gtk_window_set_title(GTK_WINDOW(dialog), _("Problem Reporting Configuration"));
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index 49a6f5c..c1952cb 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -6,3 +6,6 @@ libabrt_include_HEADERS = \
abrt-dbus.h \
hooklib.h \
problem_api.h
+
+EXTRA_DIST = \
+ internal_libabrt.h
diff --git a/src/include/internal_libabrt.h b/src/include/internal_libabrt.h
new file mode 100644
index 0000000..3ad22fc
--- /dev/null
+++ b/src/include/internal_libabrt.h
@@ -0,0 +1,50 @@
+/*
+ Copyright (C) 2014 ABRT team
+ Copyright (C) 2014 RedHat Inc
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#include "libabrt.h"
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#undef NORETURN
+#define NORETURN __attribute__ ((noreturn))
+
+/* Must be after #include "config.h" */
+#if ENABLE_NLS
+# include <libintl.h>
+# define _(S) dgettext(PACKAGE, S)
+#else
+# define _(S) (S)
+#endif
+
+extern int g_libabrt_inited;
+void libabrt_init(void);
+
+#define INITIALIZE_LIBABRT() \
+ do \
+ { \
+ if (!g_libabrt_inited) \
+ { \
+ g_libabrt_inited = 1; \
+ libabrt_init(); \
+ } \
+ } \
+ while (0)
+
diff --git a/src/include/libabrt.h b/src/include/libabrt.h
index d5911e7..3e42a09 100644
--- a/src/include/libabrt.h
+++ b/src/include/libabrt.h
@@ -15,21 +15,6 @@
#include <libreport/internal_libreport.h>
#include "hooklib.h"
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-/* Must be after #include "config.h" */
-#if ENABLE_NLS
-# include <libintl.h>
-# define _(S) gettext(S)
-#else
-# define _(S) (S)
-#endif
-
-#undef NORETURN
-#define NORETURN __attribute__ ((noreturn))
-
#undef ARRAY_SIZE
#define ARRAY_SIZE(x) ((unsigned)(sizeof(x) / sizeof((x)[0])))
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 5c281d2..32a054a 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -5,6 +5,7 @@ lib_LTLIBRARIES = \
libabrt.la
libabrt_la_SOURCES = \
+ libabrt_init.c \
abrt_conf.c \
hooklib.c \
daemon_is_ok.c \
@@ -40,3 +41,5 @@ libabrt_la_LIBADD = \
$(GIO_LIBS) \
$(LIBREPORT_LIBS) \
$(SATYR_LIBS)
+
+DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@
diff --git a/src/lib/hooklib.c b/src/lib/hooklib.c
index 23447df..4a50727 100644
--- a/src/lib/hooklib.c
+++ b/src/lib/hooklib.c
@@ -16,7 +16,7 @@
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include <sys/statvfs.h>
-#include "libabrt.h"
+#include "internal_libabrt.h"
int low_free_space(unsigned setting_MaxCrashReportsSize, const char *dump_location)
{
@@ -241,6 +241,8 @@ char *run_unstrip_n(const char *dump_dir_name, unsigned timeout_sec)
char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char *debuginfo_dirs)
{
+ INITIALIZE_LIBABRT();
+
struct dump_dir *dd = dd_opendir(dump_dir_name, /*flags:*/ 0);
if (!dd)
return NULL;
diff --git a/src/lib/ignored_problems.c b/src/lib/ignored_problems.c
index df138d8..7779c4c 100644
--- a/src/lib/ignored_problems.c
+++ b/src/lib/ignored_problems.c
@@ -17,7 +17,7 @@
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include "libabrt.h"
+#include "internal_libabrt.h"
#define IGN_COLUMN_DELIMITER ';'
#define IGN_DD_OPEN_FLAGS (DD_OPEN_READONLY | DD_FAIL_QUIETLY_ENOENT | DD_FAIL_QUIETLY_EACCES)
@@ -193,6 +193,8 @@ void ignored_problems_add(ignored_problems_t *set, const char *problem_id)
void ignored_problems_remove_row(ignored_problems_t *set, const char *problem_id,
const char *uuid, const char *duphash)
{
+ INITIALIZE_LIBABRT();
+
VERB1 log("Going to remove problem '%s' from ignored problems", problem_id);
FILE *orig_fp;
diff --git a/src/lib/libabrt_init.c b/src/lib/libabrt_init.c
new file mode 100644
index 0000000..f9c1449
--- /dev/null
+++ b/src/lib/libabrt_init.c
@@ -0,0 +1,28 @@
+/*
+ Copyright (C) 2014 ABRT team
+ Copyright (C) 2014 RedHat Inc
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "internal_libabrt.h"
+
+int g_libabrt_inited;
+
+void libabrt_init(void)
+{
+#if ENABLE_NLS
+ bindtextdomain(PACKAGE, LOCALEDIR);
+#endif
+}
diff --git a/src/lib/problem_api_dbus.c b/src/lib/problem_api_dbus.c
index 784a43f..2d77898 100644
--- a/src/lib/problem_api_dbus.c
+++ b/src/lib/problem_api_dbus.c
@@ -18,7 +18,7 @@
*/
#include "abrt_glib.h"
-#include "libabrt.h"
+#include "internal_libabrt.h"
static GDBusProxy *get_dbus_proxy(void)
{
@@ -48,6 +48,8 @@ static GDBusProxy *get_dbus_proxy(void)
int chown_dir_over_dbus(const char *problem_dir_path)
{
+ INITIALIZE_LIBABRT();
+
GDBusProxy *proxy = get_dbus_proxy();
if (!proxy)
return 1;
@@ -72,6 +74,8 @@ int chown_dir_over_dbus(const char *problem_dir_path)
int delete_problem_dirs_over_dbus(const GList *problem_dir_paths)
{
+ INITIALIZE_LIBABRT();
+
GDBusProxy *proxy = get_dbus_proxy();
if (!proxy)
return 1;
@@ -99,6 +103,8 @@ int delete_problem_dirs_over_dbus(const GList *problem_dir_paths)
problem_data_t *get_problem_data_dbus(const char *problem_dir_path)
{
+ INITIALIZE_LIBABRT();
+
GDBusProxy *proxy = get_dbus_proxy();
if (!proxy)
return NULL;
@@ -143,6 +149,8 @@ problem_data_t *get_problem_data_dbus(const char *problem_dir_path)
GList *get_problems_over_dbus(bool authorize)
{
+ INITIALIZE_LIBABRT();
+
GDBusProxy *proxy = get_dbus_proxy();
if (!proxy)
return ERR_PTR;
diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am
index dd32c7d..727dae0 100644
--- a/src/plugins/Makefile.am
+++ b/src/plugins/Makefile.am
@@ -89,6 +89,7 @@ EXTRA_DIST = \
analyze_LocalGDB.xml.in \
analyze_RetraceServer.xml.in \
analyze_VMcore.xml.in \
+ abrt-action-analyze-core.in \
abrt-action-analyze-vmcore \
abrt-action-check-oops-for-hw-error \
abrt-action-save-kernel-data \
@@ -306,7 +307,7 @@ endif
DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@
-DISTCLEANFILES = abrt-action-analyze-ccpp-local
+DISTCLEANFILES = abrt-action-analyze-ccpp-local abrt-action-analyze-core
abrt-action-perform-ccpp-analysis: abrt-action-perform-ccpp-analysis.in
sed -e s,\@libexecdir\@,$(libexecdir),g \
@@ -315,3 +316,8 @@ abrt-action-perform-ccpp-analysis: abrt-action-perform-ccpp-analysis.in
abrt-action-analyze-ccpp-local: abrt-action-analyze-ccpp-local.in
sed -e s,\@LIBEXEC_DIR\@,$(libexecdir),g \
$< >$@
+
+abrt-action-analyze-core: abrt-action-analyze-core.in
+ sed -e s,\@localedir\@,$(localedir),g \
+ -e s,\@PACKAGE\@,$(PACKAGE),g \
+ $< >$@
diff --git a/src/plugins/abrt-action-analyze-core b/src/plugins/abrt-action-analyze-core
deleted file mode 100644
index 806cc26..0000000
--- a/src/plugins/abrt-action-analyze-core
+++ /dev/null
@@ -1,186 +0,0 @@
-#!/usr/bin/python -u
-# -*- coding: utf-8 -*-
-# WARNING: python -u means unbuffered I/O. Without it the messages are
-# passed to the parent asynchronously which looks bad in clients.
-
-from subprocess import Popen, PIPE
-import sys
-import os
-import getopt
-
-GETTEXT_PROGNAME = "abrt"
-import locale
-import gettext
-
-_ = lambda x: gettext.lgettext(x)
-
-
-verbose = 0
-
-def log(s):
- sys.stderr.write("%s\n" % s)
-
-def log1(message):
- if verbose > 0:
- log(message)
-
-def log2(message):
- if verbose > 1:
- log(message)
-
-def error_msg(s):
- sys.stderr.write("%s\n" % s)
-
-def error_msg_and_die(s):
- sys.stderr.write("%s\n" % s)
- sys.exit(1)
-
-def xopen(name, mode):
- try:
- r = open(name, mode)
- except IOError, ex:
- error_msg_and_die("Can't open '%s': %s" % (name, ex))
- return r
-
-
-def init_gettext():
- try:
- locale.setlocale(locale.LC_ALL, "")
- except locale.Error:
- os.environ['LC_ALL'] = 'C'
- locale.setlocale(locale.LC_ALL, "")
- # Defeat "AttributeError: 'module' object has no attribute 'nl_langinfo'"
- try:
- gettext.bind_textdomain_codeset(GETTEXT_PROGNAME, locale.nl_langinfo(locale.CODESET))
- except AttributeError:
- pass
- gettext.bindtextdomain(GETTEXT_PROGNAME, '/usr/share/locale')
- gettext.textdomain(GETTEXT_PROGNAME)
-
-#eu_unstrip_OUT=`eu-unstrip "--core=$core" -n 2>eu_unstrip.ERR`
-def extract_info_from_core(coredump_name):
- """
- Extracts builds with filenames,
- Returns a list of tuples (build_id, filename)
- """
- #OFFSET = 0
- BUILD_ID = 1
- LIBRARY = 2
- #SEP = 3
- EXECUTABLE = 4
-
- log(_("Analyzing coredump '%s'") % coredump_name)
- eu_unstrip_OUT = Popen(["eu-unstrip","--core=%s" % coredump_name, "-n"], stdout=PIPE, bufsize=-1).communicate()[0]
- # parse eu_unstrip_OUT and return the list of build_ids
-
- # eu_unstrip_OUT = (
- # "0x7f42362ca000+0x204000 c4d35d993598a6242f7525d024b5ec3becf5b447@0x7f42362ca1a0 /usr/lib64/libcanberra-gtk.so.0 - libcanberra-gtk.so.0\n"
- # "0x3afa400000+0x210000 607308f916c13c3ad9ee503008d31fa671ba73ce@0x3afa4001a0 /usr/lib64/libcanberra.so.0 - libcanberra.so.0\n"
- # "0x3afa400000+0x210000 607308f916c13c3ad9ee503008d31fa671ba73ce@0x3afa4001a0 /usr/lib64/libcanberra.so.0 - libcanberra.so.0\n"
- # "0x3bc7000000+0x208000 3be016bb723e85779a23e111a8ab1a520b209422@0x3bc70001a0 /usr/lib64/libvorbisfile.so.3 - libvorbisfile.so.3\n"
- # "0x7f423609e000+0x22c000 87f9c7d9844f364c73aa2566d6cfc9c5fa36d35d@0x7f423609e1a0 /usr/lib64/libvorbis.so.0 - libvorbis.so.0\n"
- # "0x7f4235e99000+0x205000 b5bc98c125a11b571cf4f2746268a6d3cfa95b68@0x7f4235e991a0 /usr/lib64/libogg.so.0 - libogg.so.0\n"
- # "0x7f4235c8b000+0x20e000 f1ff6c8ee30dba27e90ef0c5b013df2833da2889@0x7f4235c8b1a0 /usr/lib64/libtdb.so.1 - libtdb.so.1\n"
- # "0x3bc3000000+0x209000 8ef56f789fd914e8d0678eb0cdfda1bfebb00b40@0x3bc30001a0 /usr/lib64/libltdl.so.7 - libltdl.so.7\n"
- # "0x7f4231b64000+0x22b000 3ca5b83798349f78b362b1ea51c8a4bc8114b8b1@0x7f4231b641a0 /usr/lib64/gio/modules/libgvfsdbus.so - libgvfsdbus.so\n"
- # "0x7f423192a000+0x218000 ad024a01ad132737a8cfc7c95beb7c77733a652d@0x7f423192a1a0 /usr/lib64/libgvfscommon.so.0 - libgvfscommon.so.0\n"
- # "0x7f423192a000+0x218000 ad024a01ad132737a8cfc7c95beb7c77733a652d@0x7f423192a1a0 /usr/lib64/libgvfscommon.so.0 - libgvfscommon.so.0\n"
- # "0x3bb8e00000+0x20e000 d240ac5755184a95c783bb98a2d05530e0cf958a@0x3bb8e001a0 /lib64/libudev.so.0 - libudev.so.0\n"
- # )
- #print eu_unstrip_OUT
- # we failed to get build ids from the core -> die
- if not eu_unstrip_OUT:
- error_msg_and_die("Can't get build ids from %s" % coredump_name)
-
- lines = eu_unstrip_OUT.split('\n')
- # using set ensures the unique values
- build_ids = set()
- libraries = set()
-
- for line in lines:
- b_ids_line = line.split()
- if len(b_ids_line) >= EXECUTABLE:
- # [exe] -> the executable itself
- # linux-vdso.so.1 -> Virtual Dynamic Shared Object
- # linux-gate.so.1 -> the same as vdso
- # See https://bugzilla.redhat.com/show_bug.cgi?id=706969
- # "Please split kernel debuginfo packages so that VDSO debuginfos are separate" -
- # we might want to remove this special-casing later.
- if b_ids_line[BUILD_ID] == '-':
- log(_("Missing build id: %s" % b_ids_line[EXECUTABLE]))
- elif ((len(b_ids_line) == EXECUTABLE) or (b_ids_line[EXECUTABLE] not in ["linux-vdso.so.1", "linux-gate.so.1"])):
- build_id = b_ids_line[BUILD_ID].split('@')[0]
- build_ids.add(build_id)
- library = b_ids_line[LIBRARY]
- libraries.add(library)
- else:
- log2("skipping line '%s'" % line)
- log1("Found %i build_ids" % len(build_ids))
- log1("Found %i libs" % len(libraries))
- return build_ids
-
-def build_ids_to_path(build_ids):
- """
- build_id1=${build_id:0:2}
- build_id2=${build_id:2}
- file="usr/lib/debug/.build-id/$build_id1/$build_id2.debug"
- """
- return ["/usr/lib/debug/.build-id/%s/%s.debug" % (b_id[:2], b_id[2:]) for b_id in build_ids]
-
-if __name__ == "__main__":
- # localization
- init_gettext()
-
- ABRT_VERBOSE = os.getenv("ABRT_VERBOSE")
- if (ABRT_VERBOSE):
- try:
- verbose = int(ABRT_VERBOSE)
- except:
- pass
-
- progname = os.path.basename(sys.argv[0])
- help_text = _("Usage: %s [-v] [-o OUTFILE] -c COREFILE") % progname
- try:
- opts, args = getopt.getopt(sys.argv[1:], "vhc:o:", ["help", "core="])
- except getopt.GetoptError, err:
- error_msg(err) # prints something like "option -a not recognized"
- error_msg_and_die(help_text)
-
- core = None
- opt_o = None
-
- for opt, arg in opts:
- if opt in ("-h", "--help"):
- print help_text
- exit(0)
- elif opt == "-v":
- verbose += 1
- elif opt == "-o":
- opt_o = arg
- elif opt in ("-c", "--core"):
- core = arg
-
- if not core:
- error_msg(_("COREFILE is not specified"))
- error_msg_and_die(help_text)
-
- b_ids = extract_info_from_core(core)
-
- try:
- # Note that we open -o FILE only when we reach the point
- # when we are definitely going to write something to it
- outfile = sys.stdout
- outname = opt_o
- # Make sure the file is readable for all
- oldmask = os.umask(0002)
- for bid in b_ids:
- if outname:
- outfile = xopen(outname, "w")
- outname = None
- outfile.write("%s\n" % bid)
- outfile.close()
- os.umask(oldmask)
- except IOError, e:
- if not opt_o:
- opt_o = "<stdout>"
- error_msg_and_die("Error writing to '%s': %s" % (opt_o, e))
diff --git a/src/plugins/abrt-action-analyze-core.in b/src/plugins/abrt-action-analyze-core.in
new file mode 100644
index 0000000..0185ac5
--- /dev/null
+++ b/src/plugins/abrt-action-analyze-core.in
@@ -0,0 +1,186 @@
+#!/usr/bin/python -u
+# -*- coding: utf-8 -*-
+# WARNING: python -u means unbuffered I/O. Without it the messages are
+# passed to the parent asynchronously which looks bad in clients.
+
+from subprocess import Popen, PIPE
+import sys
+import os
+import getopt
+
+GETTEXT_PROGNAME = "@PACKAGE@"
+import locale
+import gettext
+
+_ = lambda x: gettext.lgettext(x)
+
+
+verbose = 0
+
+def log(s):
+ sys.stderr.write("%s\n" % s)
+
+def log1(message):
+ if verbose > 0:
+ log(message)
+
+def log2(message):
+ if verbose > 1:
+ log(message)
+
+def error_msg(s):
+ sys.stderr.write("%s\n" % s)
+
+def error_msg_and_die(s):
+ sys.stderr.write("%s\n" % s)
+ sys.exit(1)
+
+def xopen(name, mode):
+ try:
+ r = open(name, mode)
+ except IOError, ex:
+ error_msg_and_die("Can't open '%s': %s" % (name, ex))
+ return r
+
+
+def init_gettext():
+ try:
+ locale.setlocale(locale.LC_ALL, "")
+ except locale.Error:
+ os.environ['LC_ALL'] = 'C'
+ locale.setlocale(locale.LC_ALL, "")
+ # Defeat "AttributeError: 'module' object has no attribute 'nl_langinfo'"
+ try:
+ gettext.bind_textdomain_codeset(GETTEXT_PROGNAME, locale.nl_langinfo(locale.CODESET))
+ except AttributeError:
+ pass
+ gettext.bindtextdomain(GETTEXT_PROGNAME, "@localedir@")
+ gettext.textdomain(GETTEXT_PROGNAME)
+
+#eu_unstrip_OUT=`eu-unstrip "--core=$core" -n 2>eu_unstrip.ERR`
+def extract_info_from_core(coredump_name):
+ """
+ Extracts builds with filenames,
+ Returns a list of tuples (build_id, filename)
+ """
+ #OFFSET = 0
+ BUILD_ID = 1
+ LIBRARY = 2
+ #SEP = 3
+ EXECUTABLE = 4
+
+ log(_("Analyzing coredump '%s'") % coredump_name)
+ eu_unstrip_OUT = Popen(["eu-unstrip","--core=%s" % coredump_name, "-n"], stdout=PIPE, bufsize=-1).communicate()[0]
+ # parse eu_unstrip_OUT and return the list of build_ids
+
+ # eu_unstrip_OUT = (
+ # "0x7f42362ca000+0x204000 c4d35d993598a6242f7525d024b5ec3becf5b447@0x7f42362ca1a0 /usr/lib64/libcanberra-gtk.so.0 - libcanberra-gtk.so.0\n"
+ # "0x3afa400000+0x210000 607308f916c13c3ad9ee503008d31fa671ba73ce@0x3afa4001a0 /usr/lib64/libcanberra.so.0 - libcanberra.so.0\n"
+ # "0x3afa400000+0x210000 607308f916c13c3ad9ee503008d31fa671ba73ce@0x3afa4001a0 /usr/lib64/libcanberra.so.0 - libcanberra.so.0\n"
+ # "0x3bc7000000+0x208000 3be016bb723e85779a23e111a8ab1a520b209422@0x3bc70001a0 /usr/lib64/libvorbisfile.so.3 - libvorbisfile.so.3\n"
+ # "0x7f423609e000+0x22c000 87f9c7d9844f364c73aa2566d6cfc9c5fa36d35d@0x7f423609e1a0 /usr/lib64/libvorbis.so.0 - libvorbis.so.0\n"
+ # "0x7f4235e99000+0x205000 b5bc98c125a11b571cf4f2746268a6d3cfa95b68@0x7f4235e991a0 /usr/lib64/libogg.so.0 - libogg.so.0\n"
+ # "0x7f4235c8b000+0x20e000 f1ff6c8ee30dba27e90ef0c5b013df2833da2889@0x7f4235c8b1a0 /usr/lib64/libtdb.so.1 - libtdb.so.1\n"
+ # "0x3bc3000000+0x209000 8ef56f789fd914e8d0678eb0cdfda1bfebb00b40@0x3bc30001a0 /usr/lib64/libltdl.so.7 - libltdl.so.7\n"
+ # "0x7f4231b64000+0x22b000 3ca5b83798349f78b362b1ea51c8a4bc8114b8b1@0x7f4231b641a0 /usr/lib64/gio/modules/libgvfsdbus.so - libgvfsdbus.so\n"
+ # "0x7f423192a000+0x218000 ad024a01ad132737a8cfc7c95beb7c77733a652d@0x7f423192a1a0 /usr/lib64/libgvfscommon.so.0 - libgvfscommon.so.0\n"
+ # "0x7f423192a000+0x218000 ad024a01ad132737a8cfc7c95beb7c77733a652d@0x7f423192a1a0 /usr/lib64/libgvfscommon.so.0 - libgvfscommon.so.0\n"
+ # "0x3bb8e00000+0x20e000 d240ac5755184a95c783bb98a2d05530e0cf958a@0x3bb8e001a0 /lib64/libudev.so.0 - libudev.so.0\n"
+ # )
+ #print eu_unstrip_OUT
+ # we failed to get build ids from the core -> die
+ if not eu_unstrip_OUT:
+ error_msg_and_die("Can't get build ids from %s" % coredump_name)
+
+ lines = eu_unstrip_OUT.split('\n')
+ # using set ensures the unique values
+ build_ids = set()
+ libraries = set()
+
+ for line in lines:
+ b_ids_line = line.split()
+ if len(b_ids_line) >= EXECUTABLE:
+ # [exe] -> the executable itself
+ # linux-vdso.so.1 -> Virtual Dynamic Shared Object
+ # linux-gate.so.1 -> the same as vdso
+ # See https://bugzilla.redhat.com/show_bug.cgi?id=706969
+ # "Please split kernel debuginfo packages so that VDSO debuginfos are separate" -
+ # we might want to remove this special-casing later.
+ if b_ids_line[BUILD_ID] == '-':
+ log(_("Missing build id: %s" % b_ids_line[EXECUTABLE]))
+ elif ((len(b_ids_line) == EXECUTABLE) or (b_ids_line[EXECUTABLE] not in ["linux-vdso.so.1", "linux-gate.so.1"])):
+ build_id = b_ids_line[BUILD_ID].split('@')[0]
+ build_ids.add(build_id)
+ library = b_ids_line[LIBRARY]
+ libraries.add(library)
+ else:
+ log2("skipping line '%s'" % line)
+ log1("Found %i build_ids" % len(build_ids))
+ log1("Found %i libs" % len(libraries))
+ return build_ids
+
+def build_ids_to_path(build_ids):
+ """
+ build_id1=${build_id:0:2}
+ build_id2=${build_id:2}
+ file="usr/lib/debug/.build-id/$build_id1/$build_id2.debug"
+ """
+ return ["/usr/lib/debug/.build-id/%s/%s.debug" % (b_id[:2], b_id[2:]) for b_id in build_ids]
+
+if __name__ == "__main__":
+ # localization
+ init_gettext()
+
+ ABRT_VERBOSE = os.getenv("ABRT_VERBOSE")
+ if (ABRT_VERBOSE):
+ try:
+ verbose = int(ABRT_VERBOSE)
+ except:
+ pass
+
+ progname = os.path.basename(sys.argv[0])
+ help_text = _("Usage: %s [-v] [-o OUTFILE] -c COREFILE") % progname
+ try:
+ opts, args = getopt.getopt(sys.argv[1:], "vhc:o:", ["help", "core="])
+ except getopt.GetoptError, err:
+ error_msg(err) # prints something like "option -a not recognized"
+ error_msg_and_die(help_text)
+
+ core = None
+ opt_o = None
+
+ for opt, arg in opts:
+ if opt in ("-h", "--help"):
+ print help_text
+ exit(0)
+ elif opt == "-v":
+ verbose += 1
+ elif opt == "-o":
+ opt_o = arg
+ elif opt in ("-c", "--core"):
+ core = arg
+
+ if not core:
+ error_msg(_("COREFILE is not specified"))
+ error_msg_and_die(help_text)
+
+ b_ids = extract_info_from_core(core)
+
+ try:
+ # Note that we open -o FILE only when we reach the point
+ # when we are definitely going to write something to it
+ outfile = sys.stdout
+ outname = opt_o
+ # Make sure the file is readable for all
+ oldmask = os.umask(0002)
+ for bid in b_ids:
+ if outname:
+ outfile = xopen(outname, "w")
+ outname = None
+ outfile.write("%s\n" % bid)
+ outfile.close()
+ os.umask(oldmask)
+ except IOError, e:
+ if not opt_o:
+ opt_o = "<stdout>"
+ error_msg_and_die("Error writing to '%s': %s" % (opt_o, e))
diff --git a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
index cf74326..e0eccc0 100644
--- a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
+++ b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
@@ -74,7 +74,8 @@ int main(int argc, char **argv)
// However since we communicate through environment variables
// we have to keep a whitelist of variables to keep.
static const char *whitelist[] = {
- "REPORT_CLIENT_SLAVE" // Check if the app is being run as a slave
+ "REPORT_CLIENT_SLAVE", // Check if the app is being run as a slave
+ "LANG",
};
const size_t wlsize = sizeof(whitelist)/sizeof(char*);
char *setlist[sizeof(whitelist)/sizeof(char*)] = { 0 };
--
1.8.3.1

123
0045-gdb-disable-loading-of-auto-loaded-files.patch Normal file
View file

@ -0,0 +1,123 @@
From 5a2f83cd86ce824167fa7ea8e5357c014034ed46 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 9 Jun 2014 17:13:09 +0200
Subject: [ABRT PATCH 45/66] gdb: disable loading of auto-loaded files
https://sourceware.org/gdb/onlinedocs/gdb/Auto_002dloading.html
There are two main reasons for doing so:
1. we cannot trust anybody
- the auto-loaded file may change the output format
- security?
2. bugs in such a files (#817)
Resolves: #1128637
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/lib/hooklib.c | 40 +++++++++++++++++++++-------------------
1 file changed, 21 insertions(+), 19 deletions(-)
diff --git a/src/lib/hooklib.c b/src/lib/hooklib.c
index 4a50727..21ad9e0 100644
--- a/src/lib/hooklib.c
+++ b/src/lib/hooklib.c
@@ -252,10 +252,12 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
/* Let user know what's going on */
log(_("Generating backtrace"));
- char *args[21];
+ char *args[23];
args[0] = (char*)"gdb";
args[1] = (char*)"-batch";
args[2] = (char*)"-ex";
+ args[3] = (char*)"set auto-load off";
+ args[4] = (char*)"-ex";
struct strbuf *set_debug_file_directory = strbuf_new();
if(debuginfo_dirs == NULL)
{
@@ -278,7 +280,7 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
p = colon_or_nul;
}
}
- args[3] = strbuf_free_nobuf(set_debug_file_directory);
+ args[5] = strbuf_free_nobuf(set_debug_file_directory);
/* "file BINARY_FILE" is needed, without it gdb cannot properly
* unwind the stack. Currently the unwind information is located
@@ -300,27 +302,27 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
* TODO: check mtimes on COREFILE and BINARY_FILE and not supply
* BINARY_FILE if it is newer (to at least avoid gdb complaining).
*/
- args[4] = (char*)"-ex";
- args[5] = xasprintf("file %s", executable);
- free(executable);
-
args[6] = (char*)"-ex";
- args[7] = xasprintf("core-file %s/"FILENAME_COREDUMP, dump_dir_name);
+ args[7] = xasprintf("file %s", executable);
+ free(executable);
args[8] = (char*)"-ex";
- /*args[9] = ... see below */
+ args[9] = xasprintf("core-file %s/"FILENAME_COREDUMP, dump_dir_name);
+
args[10] = (char*)"-ex";
- args[11] = (char*)"info sharedlib";
- /* glibc's abort() stores its message in __abort_msg variable */
+ /*args[11] = ... see below */
args[12] = (char*)"-ex";
- args[13] = (char*)"print (char*)__abort_msg";
+ args[13] = (char*)"info sharedlib";
+ /* glibc's abort() stores its message in __abort_msg variable */
args[14] = (char*)"-ex";
- args[15] = (char*)"print (char*)__glib_assert_msg";
+ args[15] = (char*)"print (char*)__abort_msg";
args[16] = (char*)"-ex";
- args[17] = (char*)"info all-registers";
+ args[17] = (char*)"print (char*)__glib_assert_msg";
args[18] = (char*)"-ex";
- args[19] = (char*)"disassemble";
- args[20] = NULL;
+ args[19] = (char*)"info all-registers";
+ args[20] = (char*)"-ex";
+ args[21] = (char*)"disassemble";
+ args[22] = NULL;
/* Get the backtrace, but try to cap its size */
/* Limit bt depth. With no limit, gdb sometimes OOMs the machine */
@@ -330,9 +332,9 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
char *bt = NULL;
while (1)
{
- args[9] = xasprintf("%s backtrace %u%s", thread_apply_all, bt_depth, full);
+ args[11] = xasprintf("%s backtrace %u%s", thread_apply_all, bt_depth, full);
bt = exec_vp(args, /*redirect_stderr:*/ 1, timeout_sec, NULL);
- free(args[9]);
+ free(args[11]);
if ((bt && strnlen(bt, 256*1024) < 256*1024) || bt_depth <= 32)
{
break;
@@ -357,7 +359,7 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
* End of assembler dump.
* (IOW: "empty" dump)
*/
- args[19] = (char*)"disassemble $pc-20, $pc+64";
+ args[21] = (char*)"disassemble $pc-20, $pc+64";
if (bt_depth <= 64 && thread_apply_all[0] != '\0')
{
@@ -373,9 +375,9 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
}
}
- free(args[3]);
free(args[5]);
free(args[7]);
+ free(args[9]);
return bt;
}
--
1.8.3.1

208
0049-koops-add-an-option-controlling-MCE-detection.patch Normal file
View file

@ -0,0 +1,208 @@
From 0ec7f45a005a5faeb3d013710572d7b09fada376 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 21 Mar 2014 15:36:58 +0100
Subject: [ABRT PATCH 49/66] koops: add an option controlling MCE detection
It is necessary to be able to turn off the detection of Non-fatal MCEs
on a certain machine.
Related to #807
Resolves: rhbz#1076820
Signed-off-by: Jakub Filak <jfilak@redhat.com>
Conflicts:
src/hooks/Makefile.am
---
doc/abrt-dump-oops.txt | 5 ++++
doc/dbus-configuration/Makefile.am | 1 +
.../com.redhat.problems.configuration.oops.xml.in | 11 ++++++++
src/hooks/Makefile.am | 3 ++-
src/hooks/oops.conf | 7 ++++++
src/include/libabrt.h | 10 ++++++++
src/lib/kernel.c | 29 +++++++++++++++++++++-
src/plugins/abrt-dump-oops.c | 25 ++++++++++++++++++-
8 files changed, 88 insertions(+), 3 deletions(-)
create mode 100644 doc/dbus-configuration/com.redhat.problems.configuration.oops.xml.in
create mode 100644 src/hooks/oops.conf
diff --git a/doc/abrt-dump-oops.txt b/doc/abrt-dump-oops.txt
index cdb985c..5aa6bca 100644
--- a/doc/abrt-dump-oops.txt
+++ b/doc/abrt-dump-oops.txt
@@ -14,6 +14,11 @@ DESCRIPTION
This tool creates problem directory from, updates problem directory with or
prints oops extracted from FILE or standard input.
+FILES
+-----
+/etc/abrt/plugins/oops.conf::
+ Configuration file where user can disable detection of non-fatal MCEs
+
OPTIONS
-------
-v, --verbose::
diff --git a/doc/dbus-configuration/Makefile.am b/doc/dbus-configuration/Makefile.am
index 2a3889d..15173de 100644
--- a/doc/dbus-configuration/Makefile.am
+++ b/doc/dbus-configuration/Makefile.am
@@ -8,6 +8,7 @@ dist_dbusabrtinterfaces_DATA = \
com.redhat.problems.configuration.xml \
com.redhat.problems.configuration.abrt.xml \
com.redhat.problems.configuration.ccpp.xml \
+ com.redhat.problems.configuration.oops.xml \
com.redhat.problems.configuration.python.xml \
com.redhat.problems.configuration.vmcore.xml \
com.redhat.problems.configuration.xorg.xml
diff --git a/doc/dbus-configuration/com.redhat.problems.configuration.oops.xml.in b/doc/dbus-configuration/com.redhat.problems.configuration.oops.xml.in
new file mode 100644
index 0000000..22bd166
--- /dev/null
+++ b/doc/dbus-configuration/com.redhat.problems.configuration.oops.xml.in
@@ -0,0 +1,11 @@
+<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
+
+<node name="/com/redhat/problems/configuration/oops">
+ <annotation name="com.redhat.problems.ConfFile" value="/etc/abrt/plugins/oops.conf" />
+ <annotation name="com.redhat.problems.DefaultConfFile" value="/usr/share/abrt/conf.d/plugins/oops.conf" />
+
+ <interface name="com.redhat.problems.configuration.oops">
+ <property name="OnlyFatalMCE" type="b" access="readwrite" />
+ </interface>
+</node>
diff --git a/src/hooks/Makefile.am b/src/hooks/Makefile.am
index 1cce3d7..e536089 100644
--- a/src/hooks/Makefile.am
+++ b/src/hooks/Makefile.am
@@ -6,7 +6,8 @@ pluginsconfdir = $(PLUGINS_CONF_DIR)
dist_pluginsconf_DATA = \
CCpp.conf \
python.conf \
- vmcore.conf
+ vmcore.conf \
+ oops.conf
defaultpluginsconfdir = $(DEFAULT_PLUGINS_CONF_DIR)
dist_defaultpluginsconf_DATA = $(dist_pluginsconf_DATA)
diff --git a/src/hooks/oops.conf b/src/hooks/oops.conf
new file mode 100644
index 0000000..0e35a68
--- /dev/null
+++ b/src/hooks/oops.conf
@@ -0,0 +1,7 @@
+# Lot of Machine Check Exceptions are correctable and thus not interesting to
+# users. Moreover some hardware may produce plenty of MCEs by design.
+#
+# Setting the following option to 'yes' will configure ABRT to detect only
+# the fatal MCEs.
+#
+OnlyFatalMCE = no
diff --git a/src/include/libabrt.h b/src/include/libabrt.h
index 3e42a09..85a5a5c 100644
--- a/src/include/libabrt.h
+++ b/src/include/libabrt.h
@@ -9,6 +9,8 @@
#ifndef LIBABRT_H_
#define LIBABRT_H_
+#include <regex.h>
+
#include <gio/gio.h> /* dbus */
#include "abrt-dbus.h"
/* libreport's internal functions we use: */
@@ -109,6 +111,14 @@ int koops_hash_str(char hash_str[SHA1_RESULT_LEN*2 + 1], const char *oops_buf);
void koops_extract_oopses(GList **oops_list, char *buffer, size_t buflen);
#define koops_print_suspicious_strings abrt_koops_print_suspicious_strings
void koops_print_suspicious_strings(void);
+/**
+ * Prints all suspicious strings that do not match any of the regular
+ * expression in NULL terminated list.
+ *
+ * The regular expression should be compiled with REG_NOSUB flag.
+ */
+#define koops_print_suspicious_strings_filtered abrt_koops_print_suspicious_strings_filtered
+void koops_print_suspicious_strings_filtered(const regex_t **filterout);
/* dbus client api */
diff --git a/src/lib/kernel.c b/src/lib/kernel.c
index ad20c65..799463d 100644
--- a/src/lib/kernel.c
+++ b/src/lib/kernel.c
@@ -158,8 +158,35 @@ static const char *const s_koops_suspicious_strings[] = {
void koops_print_suspicious_strings(void)
{
+ koops_print_suspicious_strings_filtered(NULL);
+}
+
+static bool match_any(const regex_t **res, const char *str)
+{
+ for (const regex_t **r = res; *r != NULL; ++r)
+ {
+ /* Regular expressions compiled with REG_NOSUB */
+ const int reti = regexec(*r, str, 0, NULL, 0);
+ if (reti == 0)
+ return true;
+ else if (reti != REG_NOMATCH)
+ {
+ char msgbuf[100];
+ regerror(reti, *r, msgbuf, sizeof(msgbuf));
+ error_msg_and_die("Regex match failed: %s", msgbuf);
+ }
+ }
+
+ return false;
+}
+
+void koops_print_suspicious_strings_filtered(const regex_t **filterout)
+{
for (const char *const *str = s_koops_suspicious_strings; *str; ++str)
- puts(*str);
+ {
+ if (filterout == NULL || !match_any(filterout, *str))
+ puts(*str);
+ }
}
void koops_extract_oopses(GList **oops_list, char *buffer, size_t buflen)
diff --git a/src/plugins/abrt-dump-oops.c b/src/plugins/abrt-dump-oops.c
index 12291be..9f0dc87 100644
--- a/src/plugins/abrt-dump-oops.c
+++ b/src/plugins/abrt-dump-oops.c
@@ -295,7 +295,30 @@ int main(int argc, char **argv)
if (opts & OPT_m)
{
- koops_print_suspicious_strings();
+ map_string_t *settings = new_map_string();
+
+ load_abrt_plugin_conf_file("oops.conf", settings);
+
+ int only_fatal_mce = 1;
+ try_get_map_string_item_as_bool(settings, "OnlyFatalMCE", &only_fatal_mce);
+
+ free_map_string(settings);
+
+ if (only_fatal_mce)
+ {
+ regex_t mce_re;
+ if (regcomp(&mce_re, "^Machine .*$", REG_NOSUB) != 0)
+ perror_msg_and_die(_("Failed to compile regex"));
+
+ const regex_t *filter[] = { &mce_re, NULL };
+
+ koops_print_suspicious_strings_filtered(filter);
+
+ regfree(&mce_re);
+ }
+ else
+ koops_print_suspicious_strings();
+
return 1;
}
--
1.8.3.1

40
0051-python-support-exceptions-without-traceback.patch Normal file
View file

@ -0,0 +1,40 @@
From a9f19fb25ee6e956d29931f06a8cd919c38fba53 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 9 Jul 2014 17:55:36 +0200
Subject: [ABRT PATCH 51/66] python: support exceptions without traceback
e.g. SyntaxError (python-2.7.5-13.fc20, python-2.7.7-2.fc21)
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt_exception_handler.py.in | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/hooks/abrt_exception_handler.py.in b/src/hooks/abrt_exception_handler.py.in
index 96a63ff..6cf36d0 100644
--- a/src/hooks/abrt_exception_handler.py.in
+++ b/src/hooks/abrt_exception_handler.py.in
@@ -55,12 +55,14 @@ def write_dump(tb_text, tb):
executable = sys.argv[0]
dso_list = None
- try:
- import rpm
- dso_list = get_dso_list(tb)
- except ImportError as imperr:
- syslog("RPM module not available, cannot query RPM db for package "\
- "names")
+ # Trace back is None in case of SyntaxError exception.
+ if tb:
+ try:
+ import rpm
+ dso_list = get_dso_list(tb)
+ except ImportError as imperr:
+ syslog("RPM module not available, cannot query RPM db for package "\
+ "names")
# Open ABRT daemon's socket and write data to it
try:
--
1.8.3.1

187
0053-gettext-fix-the-initialization-in-python-scripts.patch Normal file
View file

@ -0,0 +1,187 @@
From c647c9eaecde2653366decd9a992e75943db7fc0 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Tue, 22 Jul 2014 16:13:25 +0200
Subject: [ABRT PATCH 53/66] gettext: fix the initialization in python scripts
ABRT scripts cannot import and use _ symbol from reportclient because
reporclient's _ is bound to 'libreport' package.
Related to rhbz#1087880
Signed-off-by: Jakub Filak <jfilak@redhat.com>
Conflicts:
src/plugins/abrt-action-ureport
---
po/POTFILES.in | 2 ++
src/daemon/abrt-handle-upload.in | 26 ++++++++++++++++++++++++--
src/plugins/abrt-action-analyze-vmcore.in | 25 ++++++++++++++++++++++++-
src/plugins/abrt-action-install-debuginfo.in | 2 +-
src/plugins/abrt-action-ureport | 24 ++++++++++++++++++++++--
5 files changed, 73 insertions(+), 6 deletions(-)
diff --git a/po/POTFILES.in b/po/POTFILES.in
index ff9b97a..e3f917b 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -14,6 +14,7 @@ src/daemon/abrtd.c
src/daemon/abrt-handle-event.c
src/daemon/abrt-upload-watch.c
src/daemon/abrt-auto-reporting.c
+src/daemon/abrt-handle-upload.in
src/lib/abrt_conf.c
src/lib/hooklib.c
src/lib/problem_api.c
@@ -32,6 +33,7 @@ src/plugins/abrt-action-generate-core-backtrace.c
src/plugins/abrt-action-install-debuginfo.in
src/plugins/abrt-action-perform-ccpp-analysis.in
src/plugins/abrt-action-trim-files.c
+src/plugins/abrt-action-ureport
src/plugins/abrt-gdb-exploitable
src/plugins/abrt-watch-log.c
src/plugins/abrt-dump-oops.c
diff --git a/src/daemon/abrt-handle-upload.in b/src/daemon/abrt-handle-upload.in
index 084170e..dbc4534 100755
--- a/src/daemon/abrt-handle-upload.in
+++ b/src/daemon/abrt-handle-upload.in
@@ -11,7 +11,29 @@ import tempfile
import shutil
import datetime
-from reportclient import _, set_verbosity, error_msg_and_die, error_msg, log
+from reportclient import set_verbosity, error_msg_and_die, error_msg, log
+
+GETTEXT_PROGNAME = "abrt"
+import locale
+import gettext
+
+_ = lambda x: gettext.lgettext(x)
+
+def init_gettext():
+ try:
+ locale.setlocale(locale.LC_ALL, "")
+ except locale.Error:
+ os.environ['LC_ALL'] = 'C'
+ locale.setlocale(locale.LC_ALL, "")
+ # Defeat "AttributeError: 'module' object has no attribute 'nl_langinfo'"
+ try:
+ gettext.bind_textdomain_codeset(GETTEXT_PROGNAME, locale.nl_langinfo(locale.CODESET))
+ except AttributeError:
+ pass
+ gettext.bindtextdomain(GETTEXT_PROGNAME, '/usr/share/locale')
+ gettext.textdomain(GETTEXT_PROGNAME)
+
+
import problem
def write_str_to(filename, s):
@@ -32,7 +54,7 @@ if __name__ == "__main__":
sys.exit(die_exitcode)
# localization
- #init_gettext() - done by reportclient module init
+ init_gettext()
verbose = 0
ABRT_VERBOSE = os.getenv("ABRT_VERBOSE")
diff --git a/src/plugins/abrt-action-analyze-vmcore.in b/src/plugins/abrt-action-analyze-vmcore.in
index 11ad846..c08af80 100644
--- a/src/plugins/abrt-action-analyze-vmcore.in
+++ b/src/plugins/abrt-action-analyze-vmcore.in
@@ -8,7 +8,28 @@ import sys
import getopt
from subprocess import Popen, PIPE
-from reportclient import _, verbose, set_verbosity, error_msg_and_die, error_msg
+from reportclient import verbose, set_verbosity, error_msg_and_die, error_msg
+
+GETTEXT_PROGNAME = "abrt"
+import locale
+import gettext
+
+_ = lambda x: gettext.lgettext(x)
+
+def init_gettext():
+ try:
+ locale.setlocale(locale.LC_ALL, "")
+ except locale.Error:
+ os.environ['LC_ALL'] = 'C'
+ locale.setlocale(locale.LC_ALL, "")
+ # Defeat "AttributeError: 'module' object has no attribute 'nl_langinfo'"
+ try:
+ gettext.bind_textdomain_codeset(GETTEXT_PROGNAME, locale.nl_langinfo(locale.CODESET))
+ except AttributeError:
+ pass
+ gettext.bindtextdomain(GETTEXT_PROGNAME, '/usr/share/locale')
+ gettext.textdomain(GETTEXT_PROGNAME)
+
PROGNAME = "abrt-action-analyze-vmcore"
@@ -26,6 +47,8 @@ if __name__ == "__main__":
tmpdir = ""
vmcore = ""
+ init_gettext()
+
help_text = _("Usage: {0} [-v[v]] [--core=VMCORE]").format(PROGNAME)
try:
opts, args = getopt.getopt(sys.argv[1:], "hvd", ["help", "core="])
diff --git a/src/plugins/abrt-action-install-debuginfo.in b/src/plugins/abrt-action-install-debuginfo.in
index 5fd3110..f46d1b2 100644
--- a/src/plugins/abrt-action-install-debuginfo.in
+++ b/src/plugins/abrt-action-install-debuginfo.in
@@ -11,7 +11,7 @@ import errno
import getopt
import reportclient
from subprocess import Popen, PIPE
-from reportclient import _, verbose, log, log1, log2, set_verbosity, error_msg_and_die, error_msg
+from reportclient import verbose, log, log1, log2, set_verbosity, error_msg_and_die, error_msg
import time
from reportclient.debuginfo import DebugInfoDownload, filter_installed_debuginfos, build_ids_to_path, clean_up
import problem
diff --git a/src/plugins/abrt-action-ureport b/src/plugins/abrt-action-ureport
index 8c0f36f..e38a92c 100755
--- a/src/plugins/abrt-action-ureport
+++ b/src/plugins/abrt-action-ureport
@@ -10,7 +10,27 @@ import os
import getopt
from report import dd_opendir, DD_FAIL_QUIETLY_ENOENT
-from reportclient import _, set_verbosity, error_msg_and_die, error_msg, log1, log
+from reportclient import set_verbosity, error_msg_and_die, error_msg, log1, log
+
+GETTEXT_PROGNAME = "abrt"
+import locale
+import gettext
+
+_ = lambda x: gettext.lgettext(x)
+
+def init_gettext():
+ try:
+ locale.setlocale(locale.LC_ALL, "")
+ except locale.Error:
+ os.environ['LC_ALL'] = 'C'
+ locale.setlocale(locale.LC_ALL, "")
+ # Defeat "AttributeError: 'module' object has no attribute 'nl_langinfo'"
+ try:
+ gettext.bind_textdomain_codeset(GETTEXT_PROGNAME, locale.nl_langinfo(locale.CODESET))
+ except AttributeError:
+ pass
+ gettext.bindtextdomain(GETTEXT_PROGNAME, '/usr/share/locale')
+ gettext.textdomain(GETTEXT_PROGNAME)
def spawn_and_wait(prog):
try:
@@ -32,7 +52,7 @@ def try_parse_number(dd, filename):
if __name__ == "__main__":
# localization
- #init_gettext() - done by reportclient module init
+ init_gettext()
verbose = 0
ABRT_VERBOSE = os.getenv("ABRT_VERBOSE")
--
1.8.3.1

58
0054-oops-add-man-page.patch Normal file
View file

@ -0,0 +1,58 @@
From 449698ddf727559f2df76ac15716951120f9c0c5 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 1 Aug 2014 09:31:53 +0200
Subject: [ABRT PATCH 54/66] oops: add man page
Related to rhbz#1076820
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
doc/Makefile.am | 1 +
doc/abrt-oops.conf.txt | 23 +++++++++++++++++++++++
2 files changed, 24 insertions(+)
create mode 100644 doc/abrt-oops.conf.txt
diff --git a/doc/Makefile.am b/doc/Makefile.am
index e76abde..0480114 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -47,6 +47,7 @@ MAN5_TXT += abrt-action-save-package-data.conf.txt
MAN5_TXT += abrt-xorg.conf.txt
MAN5_TXT += abrt-python.conf.txt
MAN5_TXT += abrt-CCpp.conf.txt
+MAN5_TXT += abrt-oops.conf.txt
MAN5_TXT += gpg_keys.conf.txt
MAN5_TXT += abrt-vmcore.conf.txt
diff --git a/doc/abrt-oops.conf.txt b/doc/abrt-oops.conf.txt
new file mode 100644
index 0000000..e7e00e6
--- /dev/null
+++ b/doc/abrt-oops.conf.txt
@@ -0,0 +1,23 @@
+abrt-oops.conf(5)
+=================
+
+NAME
+----
+abrt-oops.conf - Configuration file for ABRT's Kernel Oops extractor
+
+DESCRIPTION
+-----------
+The configuration file consists of items in the format "Option = Value".
+The following items are recognized:
+
+OnlyFatalMCE = 'yes' / 'no'
+ If you want to see only fatal MCEs, set to "yes".
+ Defaults is 'yes': detect only fatal ones.
+
+SEE ALSO
+--------
+abrt.conf(5)
+
+AUTHORS
+-------
+* ABRT team
--
1.8.3.1

118
0056-cli-make-consistent-commands-in-abrt-cli.patch Normal file
View file

@ -0,0 +1,118 @@
From fbcbd0e922e2c7efe62a584fbd76b36fbe0e2952 Mon Sep 17 00:00:00 2001
From: Matej Habrnal <mhabrnal@redhat.com>
Date: Mon, 8 Sep 2014 13:27:56 +0200
Subject: [ABRT PATCH 56/66] cli: make consistent commands in abrt-cli
Add abbreviations to the client's parametres.
Related to rhbz#1066501
Conflicts:
src/cli/abrt-cli.c
---
doc/abrt-cli.txt | 2 +-
src/cli/abrt-cli.c | 20 +++++++++++---------
src/cli/builtin-cmd.h | 2 +-
src/cli/rm.c | 2 +-
4 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/doc/abrt-cli.txt b/doc/abrt-cli.txt
index 792e781..1c95655 100644
--- a/doc/abrt-cli.txt
+++ b/doc/abrt-cli.txt
@@ -9,7 +9,7 @@ SYNOPSIS
--------
'abrt-cli' list [-vdf] [DIR]...
-'abrt-cli' rm [-v] DIR...
+'abrt-cli' remove [-v] DIR...
'abrt-cli' report [-v] DIR...
diff --git a/src/cli/abrt-cli.c b/src/cli/abrt-cli.c
index a1ab7ec..c04c132 100644
--- a/src/cli/abrt-cli.c
+++ b/src/cli/abrt-cli.c
@@ -20,14 +20,15 @@
#include "libabrt.h"
#include "builtin-cmd.h"
-#define USAGE_OPTS_WIDTH 12
+#define USAGE_OPTS_WIDTH 16
#define USAGE_GAP 2
/* TODO: add --pager(default) and --no-pager */
-#define CMD(NAME, help) { #NAME, cmd_##NAME , (help) }
+#define CMD(NAME, ABBREV, help) { #NAME, ABBREV, cmd_##NAME , (help) }
struct cmd_struct {
const char *cmd;
+ const char *abbrev;
int (*fn)(int, const char **);
const char *help;
};
@@ -41,6 +42,7 @@ static void list_cmds_help(const struct cmd_struct *commands)
pos = fprintf(stderr, " ");
pos += fprintf(stderr, "%s", p->cmd);
+ pos += fprintf(stderr, ", %s", p->abbrev);
if (pos <= USAGE_OPTS_WIDTH)
pad = USAGE_OPTS_WIDTH - pos;
@@ -110,7 +112,7 @@ static void handle_internal_command(int argc, const char **argv,
for (const struct cmd_struct *p = commands; p->cmd; ++p)
{
- if (strcmp(p->cmd, cmd) != 0)
+ if (strcmp(p->cmd, cmd) != 0 && strcmp(p->abbrev, cmd) != 0)
continue;
exit(p->fn(argc, argv));
@@ -143,12 +145,12 @@ int main(int argc, const char **argv)
);
const struct cmd_struct commands[] = {
- CMD(list, _("List not yet reported problems [in DIRs]")),
- CMD(rm, _("Remove problem directory DIR")),
- CMD(report, _("Analyze and report problem data in DIR")),
- CMD(info, _("Print information about DIR")),
- CMD(status, _("Print the count of the recent crashes")),
- {NULL, NULL, NULL}
+ CMD(list, "ls", _("List problems [in DIRs]")),
+ CMD(remove, "rm", _("Remove problem directory DIR")),
+ CMD(report, "e",_("Analyze and report problem data in DIR")),
+ CMD(info, "i", _("Print information about DIR")),
+ CMD(status, "st",_("Print the count of the recent crashes")),
+ {NULL, NULL, NULL, NULL}
};
migrate_to_xdg_dirs();
diff --git a/src/cli/builtin-cmd.h b/src/cli/builtin-cmd.h
index 491760b..18588e1 100644
--- a/src/cli/builtin-cmd.h
+++ b/src/cli/builtin-cmd.h
@@ -21,7 +21,7 @@
#define _BUILTIN_CMD_H_
extern int cmd_list(int argc, const char **argv);
-extern int cmd_rm(int argc, const char **argv);
+extern int cmd_remove(int argc, const char **argv);
extern int cmd_report(int argc, const char **argv);
extern int cmd_info(int argc, const char **argv);
extern int cmd_status(int argc, const char **argv);
diff --git a/src/cli/rm.c b/src/cli/rm.c
index 8f185a4..fe458ff 100644
--- a/src/cli/rm.c
+++ b/src/cli/rm.c
@@ -25,7 +25,7 @@
* add -q, --quite
*/
-int cmd_rm(int argc, const char **argv)
+int cmd_remove(int argc, const char **argv)
{
const char *program_usage_string = _(
"& rm [options] DIR..."
--
1.8.3.1

69
0058-cli-robustize-abrt-console-notification.sh.patch Normal file
View file

@ -0,0 +1,69 @@
From 9492af5e0e09dd66e179ccd8a505ce0b79978c83 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 15 Sep 2014 08:40:05 +0200
Subject: [ABRT PATCH 58/66] cli: robustize abrt-console-notification.sh
- don't show any notifications without a terminal connected to stdout
- don't continue without writable $HOME directory
- forward all error messages to /dev/null
Resolves rhbz#1139001
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/cli/abrt-console-notification.sh | 30 ++++++++++++++++++++++++------
1 file changed, 24 insertions(+), 6 deletions(-)
diff --git a/src/cli/abrt-console-notification.sh b/src/cli/abrt-console-notification.sh
index 937abb0..849273c 100755
--- a/src/cli/abrt-console-notification.sh
+++ b/src/cli/abrt-console-notification.sh
@@ -1,21 +1,39 @@
+# If shell is not connect to a terminal, exit immediately, because this script
+# should print out ABRT's status and it is senseless to continue without
+# terminal.
+tty -s || exit 0
+
+# If $HOME is not set, a non human user is logging in to shell but this script
+# should provide information to human users, therefore exiting immediately
+# without showing the notification.
+if [ -z "$HOME" ]; then
+ exit 0
+fi
+
+if [ -z "$ABRT_DEBUG_LOG" ]; then
+ ABRT_DEBUG_LOG="/dev/null"
+fi
+
LPATHDIR="$HOME/.cache/abrt"
SINCEFILE="$LPATHDIR/lastnotification"
if [ ! -f "$LPATHDIR" ]; then
- mkdir -p "$LPATHDIR"
+ # It might happen that user doesn't have write access on his home.
+ mkdir -p "$LPATHDIR" >"$ABRT_DEBUG_LOG" 2>&1 || exit 0
fi
-TMPPATH=`mktemp --tmpdir="$LPATHDIR" lastnotification.XXXXXXXX 2> /dev/null`
+TMPPATH=`mktemp --tmpdir="$LPATHDIR" lastnotification.XXXXXXXX 2> "$ABRT_DEBUG_LOG"`
SINCE=0
if [ -f "$SINCEFILE" ]; then
- SINCE=`cat $SINCEFILE 2> /dev/null`
+ SINCE=`cat $SINCEFILE 2>"$ABRT_DEBUG_LOG"`
fi
# always update the lastnotification
if [ -f "$TMPPATH" ]; then
- date +%s > "$TMPPATH"
- mv -f "$TMPPATH" "$SINCEFILE"
+ # Be quite in case of errors and don't scare users by strange error messages.
+ date +%s > "$TMPPATH" 2>"$ABRT_DEBUG_LOG"
+ mv -f "$TMPPATH" "$SINCEFILE" >"$ABRT_DEBUG_LOG" 2>&1
fi
-abrt-cli status --since="$SINCE" 2> /dev/null
+abrt-cli status --since="$SINCE" 2>"$ABRT_DEBUG_LOG"
--
1.8.3.1

117
0059-plugins-add-abrt-action-generate-machine-id.patch Normal file
View file

@ -0,0 +1,117 @@
From 0e2514743b71f4e0d177b072036884c1d9b72621 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Tue, 16 Sep 2014 15:35:55 +0200
Subject: [ABRT PATCH 59/66] plugins: add abrt-action-generate-machine-id
Enabled by default on RHEL7.
Resolves: rhbz#1140044
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt_event.conf | 3 ++
src/plugins/Makefile.am | 2 +
src/plugins/abrt-action-generate-machine-id | 57 +++++++++++++++++++++++++++++
3 files changed, 62 insertions(+)
create mode 100644 src/plugins/abrt-action-generate-machine-id
diff --git a/src/daemon/abrt_event.conf b/src/daemon/abrt_event.conf
index 380b312..deda7c7 100644
--- a/src/daemon/abrt_event.conf
+++ b/src/daemon/abrt_event.conf
@@ -92,6 +92,9 @@ EVENT=post-create
rm sosreport.log
exit 1
+# Example: if you want to include *machineid* in dump directories:
+EVENT=post-create
+ /usr/libexec/abrt-action-generate-machine-id -o $DUMP_DIR/machineid
# Example: if you want to upload data immediately at the moment of a crash:
#EVENT=post-create
diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am
index 727dae0..326bb6e 100644
--- a/src/plugins/Makefile.am
+++ b/src/plugins/Makefile.am
@@ -35,6 +35,7 @@ libexec_PROGRAMS = \
abrt-action-install-debuginfo-to-abrt-cache
libexec_SCRIPTS = \
+ abrt-action-generate-machine-id \
abrt-action-ureport \
abrt-gdb-exploitable
@@ -91,6 +92,7 @@ EXTRA_DIST = \
analyze_VMcore.xml.in \
abrt-action-analyze-core.in \
abrt-action-analyze-vmcore \
+ abrt-action-generate-machine-id \
abrt-action-check-oops-for-hw-error \
abrt-action-save-kernel-data \
abrt-action-ureport \
diff --git a/src/plugins/abrt-action-generate-machine-id b/src/plugins/abrt-action-generate-machine-id
new file mode 100644
index 0000000..0aea787
--- /dev/null
+++ b/src/plugins/abrt-action-generate-machine-id
@@ -0,0 +1,57 @@
+#!/usr/bin/python
+from argparse import ArgumentParser
+
+import dmidecode
+import hashlib
+
+
+# Generate a machine_id based off dmidecode fields
+def generate_machine_id():
+ dmixml = dmidecode.dmidecodeXML()
+
+ # Fetch all DMI data into a libxml2.xmlDoc object
+ dmixml.SetResultType(dmidecode.DMIXML_DOC)
+ xmldoc = dmixml.QuerySection('all')
+
+ # Do some XPath queries on the XML document
+ dmixp = xmldoc.xpathNewContext()
+
+ # What to look for - XPath expressions
+ keys = ['/dmidecode/SystemInfo/Manufacturer',
+ '/dmidecode/SystemInfo/ProductName',
+ '/dmidecode/SystemInfo/SerialNumber',
+ '/dmidecode/SystemInfo/SystemUUID']
+
+ # Create a sha256 of ^ for machine_id
+ machine_id = hashlib.sha256()
+
+ # Run xpath expressions
+ for k in keys:
+ data = dmixp.xpathEval(k)
+ for d in data:
+ # Update the hash as we find the fields we are looking for
+ machine_id.update(d.get_content())
+
+ del dmixp
+ del xmldoc
+ # Create sha256 digest
+ return machine_id.hexdigest()
+
+
+if __name__ == "__main__":
+ CMDARGS = ArgumentParser(description = "Generate a machine_id based off dmidecode fields")
+ CMDARGS.add_argument('-o', '--output', type=str, help='Output file')
+
+ OPTIONS = CMDARGS.parse_args()
+ ARGS = vars(OPTIONS)
+
+ machineid = generate_machine_id()
+
+ if ARGS['output']:
+ try:
+ with open(ARGS['output'], 'w') as outfile:
+ outfile.write(machineid)
+ except IOError as ex:
+ print ex
+ else:
+ print machineid
--
1.8.3.1

47
0061-dbus-fixed-abrt-dbus-memory-leaks.patch Normal file
View file

@ -0,0 +1,47 @@
From ca9e26aab4b78dbd0d5f59ca5e3bda47000b6353 Mon Sep 17 00:00:00 2001
From: Matej Habrnal <mhabrnal@redhat.com>
Date: Thu, 18 Sep 2014 15:02:01 +0200
Subject: [ABRT PATCH 61/66] dbus: fixed abrt-dbus memory leaks
Fixed memory leaks in abrt-dbus (method FindProblemByElementInTimeRange).
This method leaks memory if fuzzing on org.freedesktop.problems interface.
Related to rhbz#1015473
Signed-off-by: Matej Habrnal <mhabrnal@redhat.com>
---
src/dbus/abrt-dbus.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
index 0350dee..308a9af 100644
--- a/src/dbus/abrt-dbus.c
+++ b/src/dbus/abrt-dbus.c
@@ -685,13 +685,17 @@ static void handle_method_call(GDBusConnection *connection,
if (g_strcmp0(method_name, "FindProblemByElementInTimeRange") == 0)
{
- const char *element;
- const char *value;
- long timestamp_from;
- long timestamp_to;
- bool all;
-
- g_variant_get(parameters, "(ssxxb)", &element, &value, &timestamp_from, &timestamp_to, &all);
+ const gchar *element;
+ const gchar *value;
+ glong timestamp_from;
+ glong timestamp_to;
+ gboolean all;
+
+ g_variant_get_child(parameters, 0, "&s", &element);
+ g_variant_get_child(parameters, 1, "&s", &value);
+ g_variant_get_child(parameters, 2, "x", &timestamp_from);
+ g_variant_get_child(parameters, 3, "x", &timestamp_to);
+ g_variant_get_child(parameters, 4, "b", &all);
if (all && polkit_check_authorization_dname(caller, "org.freedesktop.problems.getall") == PolkitYes)
caller_uid = 0;
--
1.8.3.1

61
0062-applet-chown-each-notified-problem-before-reporting-.patch Normal file
View file

@ -0,0 +1,61 @@
From 19a0816a032b7fdc5243a358ee77376d988b2dfd Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 27 Jun 2014 14:46:39 +0200
Subject: [ABRT PATCH 62/66] applet: chown each notified problem before
reporting it
Not chowing all directories leads to stealing of koops problems and dump
dir stealing is obsolete because:
- stolen directories are omitted in local duplicates search
- root cannot seen those directories
Kernel oops problems are not problems of another user, they are rather
system problems. Koops problems are readable by all users but are not
writable. Fortunately koops directories can be chowned by all users
without providing any credentials.
Resolves #1084027
Chowing problem directories runs in abrt-dbus which shows an
authorization dialogue.
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/applet/applet.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/applet/applet.c b/src/applet/applet.c
index 6ce400f..b1ce400 100644
--- a/src/applet/applet.c
+++ b/src/applet/applet.c
@@ -1164,17 +1164,18 @@ static void export_event_configuration(const char *event_name)
static void run_event_async(problem_info_t *pi, const char *event_name, int flags)
{
- if (pi->foreign)
+ /* chown the directory in any case, because kernel oopses are not foreign */
+ /* but their dump directories are not writable without chowning them or */
+ /* stealing them. The stealing is deprecated as it breaks the local */
+ /* duplicate search and root cannot see them */
+ const int res = chown_dir_over_dbus(problem_info_get_dir(pi));
+ if (pi->foreign && res != 0)
{
- int res = chown_dir_over_dbus(problem_info_get_dir(pi));
- if (res != 0)
- {
- error_msg(_("Can't take ownership of '%s'"), problem_info_get_dir(pi));
- problem_info_free(pi);
- return;
- }
- pi->foreign = false;
+ error_msg(_("Can't take ownership of '%s'"), problem_info_get_dir(pi));
+ problem_info_free(pi);
+ return;
}
+ pi->foreign = false;
struct dump_dir *dd = open_directory_for_writing(problem_info_get_dir(pi), /* don't ask */ NULL);
if (!dd)
--
1.8.3.1

74
0063-cli-add-option-remove-crash-dirs-after-reporting.patch Normal file
View file

@ -0,0 +1,74 @@
From fa289049950f8c64455e94dd07bec2170a2d28e2 Mon Sep 17 00:00:00 2001
From: Matej Habrnal <mhabrnal@redhat.com>
Date: Sat, 20 Sep 2014 11:24:25 +0200
Subject: [ABRT PATCH 63/66] cli: add option remove crash dirs after reporting
Add option -d to abrt-cli report which allows delete dump dir after the problem
was successfully reported.
Resolves #1067545
Signed-off-by: Matej Habrnal <mhabrnal@redhat.com>
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
po/POTFILES.in | 1 +
src/cli/report.c | 18 ++++++++++++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/po/POTFILES.in b/po/POTFILES.in
index e3f917b..141c73a 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -51,6 +51,7 @@ src/cli/abrt-cli-core.c
src/cli/abrt-cli.c
src/cli/list.c
src/cli/status.c
+src/cli/report.c
src/plugins/analyze_CCpp.xml.in
src/plugins/analyze_VMcore.xml.in
diff --git a/src/cli/report.c b/src/cli/report.c
index 3321a78..33d8b44 100644
--- a/src/cli/report.c
+++ b/src/cli/report.c
@@ -26,14 +26,20 @@ int cmd_report(int argc, const char **argv)
{
const char *program_usage_string = _(
"& report [options] DIR..."
- );
+ );
+
+ enum {
+ OPT_v = 1 << 0,
+ OPT_d = 1 << 1,
+ };
struct options program_options[] = {
OPT__VERBOSE(&g_verbose),
+ OPT_BOOL('d', "delete", NULL, _("Remove PROBLEM_DIR after reporting")),
OPT_END()
};
- parse_opts(argc, (char **)argv, program_options, program_usage_string);
+ unsigned opts = parse_opts(argc, (char **)argv, program_options, program_usage_string);
argv += optind;
if (!argv[0])
@@ -58,6 +64,14 @@ int cmd_report(int argc, const char **argv)
int status = report_problem_in_dir(dir_name,
LIBREPORT_WAIT
| LIBREPORT_RUN_CLI);
+
+ /* the problem was successfully reported and option is -d */
+ if((opts & OPT_d) && (status == 0 || status == EXIT_STOP_EVENT_RUN))
+ {
+ log(_("Deleting '%s'"), dir_name);
+ delete_dump_dir_possibly_using_abrtd(dir_name);
+ }
+
free(free_me);
if (status)
--
1.8.3.1

58
0064-applet-confirm-ignoring-of-notifications.patch Normal file
View file

@ -0,0 +1,58 @@
From ba356330db1c797ac050b6229f75474aed39faa7 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 1 Oct 2014 17:14:50 +0200
Subject: [ABRT PATCH 64/66] applet: confirm ignoring of notifications
and fix a bug in abrt-action-notify
Resolves #1084031
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/applet/applet.c | 16 +++++++++++++---
src/plugins/abrt-action-notify | 2 +-
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/applet/applet.c b/src/applet/applet.c
index b1ce400..a40f877 100644
--- a/src/applet/applet.c
+++ b/src/applet/applet.c
@@ -666,9 +666,19 @@ static void action_ignore(NotifyNotification *notification, gchar *action, gpoin
{
problem_info_t *pi = (problem_info_t *)user_data;
- log_debug("Ignoring problem '%s'", problem_info_get_dir(pi));
-
- ignored_problems_add_problem_data(g_ignore_set, pi->problem_data);
+ const char *const message = _(
+ "You are going to mute notifications of a particular problem. " \
+ "You will never see a notification bubble for this problem again, " \
+ "however, ABRT will be detecting it and you will be able " \
+ "to report it from ABRT GUI." \
+ "\n\n" \
+ "Do you want to continue?");
+
+ if (run_ask_yes_no_yesforever_dialog("AskIgnoreForever", message, NULL))
+ {
+ log_debug("Ignoring problem '%s'", problem_info_get_dir(pi));
+ ignored_problems_add_problem_data(g_ignore_set, pi->problem_data);
+ }
GError *err = NULL;
notify_notification_close(notification, &err);
diff --git a/src/plugins/abrt-action-notify b/src/plugins/abrt-action-notify
index cbabf74..8b8f38e 100644
--- a/src/plugins/abrt-action-notify
+++ b/src/plugins/abrt-action-notify
@@ -99,7 +99,7 @@ def emit_crash_dbus_signal(problem_data):
# member is a Boolean flag which is True if the element is required
arguments = ((FILENAME_PACKAGE, True), (CD_DUMPDIR, True),
(FILENAME_UID, False), (FILENAME_UUID, False),
- (FILENAME_PACKAGE, False))
+ (FILENAME_DUPHASH, False))
for elem in arguments:
itm = problem_data.get(elem[0])
--
1.8.3.1

262
0065-cli-batch-reporting-in-abrt-cli.patch Normal file
View file

@ -0,0 +1,262 @@
From 46fac7e2c0eaf98668698558ec4acbc2ade76ba7 Mon Sep 17 00:00:00 2001
From: Matej Habrnal <mhabrnal@redhat.com>
Date: Sat, 20 Sep 2014 22:50:11 +0200
Subject: [ABRT PATCH 65/66] cli: batch reporting in abrt-cli
Added option process (p) to the abrt-cli.
With option process abrt-cli goes through all problems one by one (when
parameter --since is not specified) and asks the user what action will be
executed.
Resolves #1066482
Signed-off-by: Matej Habrnal <mhabrnal@redhat.com>
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
doc/abrt-cli.txt | 2 +
po/POTFILES.in | 1 +
src/cli/Makefile.am | 1 +
src/cli/abrt-cli.c | 1 +
src/cli/builtin-cmd.h | 1 +
src/cli/process.c | 169 ++++++++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 175 insertions(+)
create mode 100644 src/cli/process.c
diff --git a/doc/abrt-cli.txt b/doc/abrt-cli.txt
index 1c95655..cd14bc9 100644
--- a/doc/abrt-cli.txt
+++ b/doc/abrt-cli.txt
@@ -15,6 +15,8 @@ SYNOPSIS
'abrt-cli' info [-vd] [-s SIZE] DIR...
+'abrt-cli' process [-v] DIR...
+
OPTIONS
-------
-v,--verbose::
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 141c73a..cbe89fa 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -52,6 +52,7 @@ src/cli/abrt-cli.c
src/cli/list.c
src/cli/status.c
src/cli/report.c
+src/cli/process.c
src/plugins/analyze_CCpp.xml.in
src/plugins/analyze_VMcore.xml.in
diff --git a/src/cli/Makefile.am b/src/cli/Makefile.am
index 75efac5..9fff5b3 100644
--- a/src/cli/Makefile.am
+++ b/src/cli/Makefile.am
@@ -9,6 +9,7 @@ BUILTIN_C += list.c
BUILTIN_C += rm.c
BUILTIN_C += report.c
BUILTIN_C += status.c
+BUILTIN_C += process.c
abrt_cli_SOURCES = $(CLI_C) $(BUILTIN_C) builtin-cmd.h abrt-cli-core.h
diff --git a/src/cli/abrt-cli.c b/src/cli/abrt-cli.c
index c04c132..bc11c7f 100644
--- a/src/cli/abrt-cli.c
+++ b/src/cli/abrt-cli.c
@@ -150,6 +150,7 @@ int main(int argc, const char **argv)
CMD(report, "e",_("Analyze and report problem data in DIR")),
CMD(info, "i", _("Print information about DIR")),
CMD(status, "st",_("Print the count of the recent crashes")),
+ CMD(process, "p",_("Process multiple problems")),
{NULL, NULL, NULL, NULL}
};
diff --git a/src/cli/builtin-cmd.h b/src/cli/builtin-cmd.h
index 18588e1..bc80479 100644
--- a/src/cli/builtin-cmd.h
+++ b/src/cli/builtin-cmd.h
@@ -25,5 +25,6 @@ extern int cmd_remove(int argc, const char **argv);
extern int cmd_report(int argc, const char **argv);
extern int cmd_info(int argc, const char **argv);
extern int cmd_status(int argc, const char **argv);
+extern int cmd_process(int argc, const char **argv);
#endif /* _BUILTIN-CMD_H_ */
diff --git a/src/cli/process.c b/src/cli/process.c
new file mode 100644
index 0000000..7f4fff5
--- /dev/null
+++ b/src/cli/process.c
@@ -0,0 +1,169 @@
+/*
+ Copyright (C) 2014 ABRT Team
+ Copyright (C) 2014 RedHat inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#include "libabrt.h"
+#include "client.h"
+
+#include "abrt-cli-core.h"
+#include "builtin-cmd.h"
+
+
+enum {
+ ACT_ERR = 0,
+ ACT_REMOVE,
+ ACT_REPORT,
+ ACT_INFO,
+ ACT_SKIP
+};
+
+static int process_one_crash(problem_data_t *problem_data)
+{
+ if (problem_data == NULL)
+ return ACT_ERR;
+
+ static const char *name_to_skip[] = {
+ FILENAME_PACKAGE ,
+ FILENAME_UID ,
+ FILENAME_COUNT
+ };
+
+ char *desc = make_description(problem_data,
+ /*names_to_skip:*/ (char **)name_to_skip,
+ /*max_text_size:*/ CD_TEXT_ATT_SIZE_BZ,
+ MAKEDESC_SHOW_ONLY_LIST | MAKEDESC_SHOW_URLS);
+
+ fputs(desc, stdout);
+ free(desc);
+
+ const char *dir_name = problem_data_get_content_or_NULL(problem_data,
+ CD_DUMPDIR);
+ char *action = NULL;
+ int ret_val = 0;
+ while (ret_val == 0)
+ {
+ const char *not_reportable = problem_data_get_content_or_NULL(problem_data, FILENAME_NOT_REPORTABLE);
+
+ /* if the problem is not-reportable then ask does not contain option report(e) */
+ if (not_reportable != NULL)
+ action = ask(_("Actions: remove(rm), info(i), skip(s):"));
+ else
+ action = ask(_("Actions: remove(rm), report(e), info(i), skip(s):"));
+
+ if(strcmp(action, "rm") == 0 || strcmp(action, "remove") == 0 )
+ {
+ log(_("Deleting '%s'"), dir_name);
+ delete_dump_dir_possibly_using_abrtd(dir_name);
+
+ ret_val = ACT_REMOVE;
+ }
+ else if (not_reportable == NULL && (strcmp(action, "e") == 0 || strcmp(action, "report") == 0))
+ {
+ log(_("Reporting '%s'"), dir_name);
+ report_problem_in_dir(dir_name,
+ LIBREPORT_WAIT
+ | LIBREPORT_RUN_CLI);
+
+ ret_val = ACT_REPORT;
+ }
+ else if (strcmp(action, "i") == 0 || strcmp(action, "info") == 0)
+ {
+ char *desc = make_description(problem_data,
+ /*names_to_skip:*/ NULL,
+ /*max_text_size:*/ CD_TEXT_ATT_SIZE_BZ,
+ MAKEDESC_SHOW_FILES | MAKEDESC_SHOW_MULTILINE);
+
+ fputs(desc, stdout);
+ free(desc);
+
+ ret_val = ACT_INFO;
+ }
+ else if (strcmp(action, "s") == 0 || strcmp(action, "skip") == 0)
+ {
+ ret_val = ACT_SKIP;
+ }
+
+ free(action);
+ }
+
+ return ret_val;
+}
+
+static void process_crashes(vector_of_problem_data_t *crash_list, long since)
+{
+
+ for (unsigned i = 0; i < crash_list->len; ++i)
+ {
+ problem_data_t *crash = get_problem_data(crash_list, i);
+
+ if (since != 0)
+ {
+ char *s = problem_data_get_content_or_NULL(crash, FILENAME_LAST_OCCURRENCE);
+ long val = s ? atol(s) : 0;
+ if (val < since)
+ continue;
+ }
+
+ /* do not print '\n' before first problem */
+ if(i != 0)
+ printf("\n");
+
+ int action = process_one_crash(crash);
+
+ if (i != crash_list->len - 1)
+ {
+ if (action == ACT_REMOVE || action == ACT_REPORT || action == ACT_INFO)
+ {
+ /* dummy must be free because the function ask allocate memory */
+ char *dummy = ask(_("For next problem press ENTER:"));
+ free(dummy);
+ }
+ }
+ }
+ return;
+}
+
+int cmd_process(int argc, const char **argv)
+{
+ const char *program_usage_string = _(
+ "Without --since argument, iterates over all detected problems."
+ );
+
+ int opt_since = 0;
+ struct options program_options[] = {
+ OPT__VERBOSE(&g_verbose),
+ OPT_INTEGER('s', "since" , &opt_since, _("Selects only problems detected after timestamp")),
+ OPT_END()
+ };
+
+ parse_opts(argc, (char **)argv, program_options, program_usage_string);
+ argv += optind;
+
+ GList *D_list = get_problem_storages();
+
+ vector_of_problem_data_t *ci = fetch_crash_infos(D_list);
+
+ g_ptr_array_sort_with_data(ci, &cmp_problem_data, (char *) FILENAME_LAST_OCCURRENCE);
+
+ process_crashes(ci, opt_since);
+
+ free_vector_of_problem_data(ci);
+ list_free_with_free(D_list);
+
+ return 0;
+}
--
1.8.3.1

89286
0066-Translation-updates.patch Normal file
View file

File diff suppressed because it is too large Load diff

103
0067-koops-don-t-analyze-MCEs-like-standard-oopses.patch Normal file
View file

@ -0,0 +1,103 @@
From ac3121ac9b752d62d82b329b8bae520147ebe6a6 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 26 Jun 2014 11:29:17 +0200
Subject: [ABRT PATCH 67/68] koops: don't analyze MCEs like standard oopses
MCEs are not kernel oopses as we know them, MCEs do not have stacktrace
and ABRT drops oopses without meaningful stack trace frames for hashing.
The required files are generated by abrt-action-check-oops-for-hw-errror
because that executable understands the format of MCE data.
- uuid (sha1 of backtrace file)
- duphash (sha1 of backtrace file)
- kernel (from dmesg)
Related to #1076820
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/abrt-action-check-oops-for-hw-error.in | 19 ++++++++++++++
src/plugins/koops_event.conf | 29 +++++++++++-----------
2 files changed, 33 insertions(+), 15 deletions(-)
diff --git a/src/plugins/abrt-action-check-oops-for-hw-error.in b/src/plugins/abrt-action-check-oops-for-hw-error.in
index d74f89d..6bf37f5 100644
--- a/src/plugins/abrt-action-check-oops-for-hw-error.in
+++ b/src/plugins/abrt-action-check-oops-for-hw-error.in
@@ -4,6 +4,8 @@ import sys
import os
import locale
import gettext
+import hashlib
+import re
GETTEXT_PROGNAME = "abrt"
@@ -83,6 +85,23 @@ if __name__ == "__main__":
))
f.close()
+ oops_hash = hashlib.sha1()
+ with open("backtrace", "r") as btfile:
+ for line in btfile:
+ oops_hash.update(line)
+
+ with open_or_die("uuid", "w") as f:
+ f.write(oops_hash.hexdigest())
+
+ with open_or_die("duphash", "w") as f:
+ f.write(oops_hash.hexdigest())
+
+ res = tail_with_search("dmesg", "Linux version", 1)
+ if res:
+ kernel = re.sub(r"^.*Linux version ([^ ]+) .*$", r"\1", res[0]);
+ with open_or_die("kernel", "w") as krnlfile:
+ krnlfile.write(kernel)
+
# vmcore MCEs already have good backtrace element, nothing more to do
if vmcore_mce:
sys.exit(0)
diff --git a/src/plugins/koops_event.conf b/src/plugins/koops_event.conf
index b1472ce..1604acf 100644
--- a/src/plugins/koops_event.conf
+++ b/src/plugins/koops_event.conf
@@ -1,23 +1,22 @@
# Analyze
EVENT=post-create analyzer=Kerneloops
# >> instead of > is due to bugzilla.redhat.com/show_bug.cgi?id=854266
- abrt-action-analyze-oops &&
- dmesg >>dmesg &&
- {
- # action-analyze-oops tries to save kernel version,
- # but for some oopses it can't do that (e.g. MCEs).
- # If it failed, try to extract version from dmesg:
- test -f kernel ||
- {
- k=`sed -n '/Linux version/ s/.*Linux version \([^ ]*\) .*/\1/p' dmesg | tail -n1`
- test "$k" != "" && printf "%s" "$k" >kernel
- true # ignore possible failures in previous command
- }
- } &&
- abrt-action-save-kernel-data &&
+ # 'dmesg' file is required by check-oops-for-hw-error
+ dmesg >>dmesg
# Do not fail the event (->do not delete problem dir)
# if check-oops-for-hw-error exits nonzero:
- { abrt-action-check-oops-for-hw-error || true; }
+ {
+ abrt-action-check-oops-for-hw-error || true
+ } &&
+ {
+ # run abrt-action-analyze-oops only if check-hw-error didn't create the
+ # required files
+ if test ! -f uuid -a ! -f duphash; then
+ abrt-action-analyze-oops || exit 1
+ fi
+ } &&
+ abrt-action-save-kernel-data
+
# If you want behavior similar to one provided by kerneloops daemon
# distributed by kerneloops.org - that is, if you want
--
1.8.3.1

87
0068-ureport-attach-contact-email-if-configured.patch Normal file
View file

@ -0,0 +1,87 @@
From 715a047ada1ca9f9420e194306c5b0fe01b5c9f1 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 9 Oct 2014 10:24:42 +0200
Subject: [ABRT PATCH 68/68] ureport: attach contact email if configured
Resolves #1150389
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/abrt-action-ureport | 37 ++++++++++++++++++++++++++++++++++---
1 file changed, 34 insertions(+), 3 deletions(-)
diff --git a/src/plugins/abrt-action-ureport b/src/plugins/abrt-action-ureport
index e38a92c..48bebef 100755
--- a/src/plugins/abrt-action-ureport
+++ b/src/plugins/abrt-action-ureport
@@ -8,6 +8,7 @@
import sys
import os
import getopt
+import augeas
from report import dd_opendir, DD_FAIL_QUIETLY_ENOENT
from reportclient import set_verbosity, error_msg_and_die, error_msg, log1, log
@@ -32,12 +33,31 @@ def init_gettext():
gettext.bindtextdomain(GETTEXT_PROGNAME, '/usr/share/locale')
gettext.textdomain(GETTEXT_PROGNAME)
-def spawn_and_wait(prog):
+
+def get_augeas(module, file_path):
+ """
+ A function for efficient configuration of Augeas.
+ Augeas modules are placed in /usr/share/augeas/lenses/dist
+ """
+
+ aug_obj = augeas.Augeas(flags=augeas.Augeas.NO_MODL_AUTOLOAD)
+ aug_obj.set("/augeas/load/{0}/lens".format(module), "{0}.lns".format(module))
+ aug_obj.set("/augeas/load/{0}/incl".format(module), file_path)
+ aug_obj.load()
+ return aug_obj
+
+
+def spawn_and_wait(prog, args=None):
+ if args is None:
+ args = [prog]
+ else:
+ args.insert(0, prog)
+
try:
- return os.spawnlp(os.P_WAIT, prog, prog)
+ return os.spawnvpe(os.P_WAIT, prog, args, os.environ)
except OSError as err:
error_msg(_("Unable to start '%s', error message was: '%s'"),
- prog, err)
+ " ".join(args), err)
return -1
def try_parse_number(dd, filename):
@@ -78,6 +98,7 @@ if __name__ == "__main__":
verbose += 1
set_verbosity(verbose)
+ os.environ["ABRT_VERBOSE"] = str(verbose)
# getcwd might fail if cwd was deleted
try:
@@ -140,6 +161,16 @@ if __name__ == "__main__":
sys.exit(1)
dd.save_text("ureports_counter", str(ureports_counter + 1))
dd.close()
+
+ email = os.getenv("uReport_ContactEmail")
+ if not email:
+ augeas = get_augeas("libreport", "/etc/libreport/plugins/ureport.conf")
+ email = augeas.get("/files/etc/libreport/plugins/ureport.conf/ContactEmail")
+
+ if email:
+ log1("Attaching ContactEmail: " + email)
+ spawn_and_wait("reporter-ureport", ["-A", "-E"])
+
sys.exit(exitcode)
else:
error_msg_and_die(_("reporter-ureport failed with exit code %d" % exitcode))
--
1.8.3.1

48
0069-console-notifications-use-return-instead-of-exit.patch Normal file
View file

@ -0,0 +1,48 @@
From 8482a75bf58d5e68f4c63746cb27433954f1d54a Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 9 Oct 2014 16:28:12 +0200
Subject: [ABRT PATCH 69/69] console-notifications: use return instead of exit
Thanks Ray Strode [halfline] <rstrode@redhat.com>
Related to rhbz#1150169
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/cli/abrt-console-notification.sh | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/cli/abrt-console-notification.sh b/src/cli/abrt-console-notification.sh
index 849273c..38de7bb 100755
--- a/src/cli/abrt-console-notification.sh
+++ b/src/cli/abrt-console-notification.sh
@@ -1,13 +1,13 @@
-# If shell is not connect to a terminal, exit immediately, because this script
+# If shell is not connect to a terminal, return immediately, because this script
# should print out ABRT's status and it is senseless to continue without
# terminal.
-tty -s || exit 0
+tty -s || return 0
# If $HOME is not set, a non human user is logging in to shell but this script
-# should provide information to human users, therefore exiting immediately
+# should provide information to human users, therefore returning immediately
# without showing the notification.
if [ -z "$HOME" ]; then
- exit 0
+ return 0
fi
if [ -z "$ABRT_DEBUG_LOG" ]; then
@@ -19,7 +19,7 @@ SINCEFILE="$LPATHDIR/lastnotification"
if [ ! -f "$LPATHDIR" ]; then
# It might happen that user doesn't have write access on his home.
- mkdir -p "$LPATHDIR" >"$ABRT_DEBUG_LOG" 2>&1 || exit 0
+ mkdir -p "$LPATHDIR" >"$ABRT_DEBUG_LOG" 2>&1 || return 0
fi
TMPPATH=`mktemp --tmpdir="$LPATHDIR" lastnotification.XXXXXXXX 2> "$ABRT_DEBUG_LOG"`
--
1.8.3.1

28
0070-applet-don-t-show-duphash-instead-of-component.patch Normal file
View file

@ -0,0 +1,28 @@
From 567b1fdbaff68f9fc2f52853bda95dcc11cb5ff0 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 10 Oct 2014 11:18:51 +0200
Subject: [ABRT PATCH 70/70] applet: don't show duphash instead of component
Related to rhbz#1084031
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/applet/applet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/applet/applet.c b/src/applet/applet.c
index a40f877..bd95666 100644
--- a/src/applet/applet.c
+++ b/src/applet/applet.c
@@ -1326,7 +1326,7 @@ static void Crash(DBusMessage* signal)
if (duphash != NULL && duphash[0] != '\0')
problem_data_add_text_noteditable(pi->problem_data, FILENAME_DUPHASH, duphash);
if (package_name != NULL && package_name[0] != '\0')
- problem_data_add_text_noteditable(pi->problem_data, FILENAME_COMPONENT, duphash);
+ problem_data_add_text_noteditable(pi->problem_data, FILENAME_COMPONENT, package_name);
pi->foreign = foreign_problem;
show_problem_notification(pi, flags);
}
--
1.8.3.1

30
0071-console-notifications-skip-non-interactive-shells.patch Normal file
View file

@ -0,0 +1,30 @@
From bbd1e3c8765a8e28d4ade94eff60640c140b436a Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Sat, 11 Oct 2014 00:05:07 +0200
Subject: [ABRT PATCH 71/71] console-notifications: skip non-interactive shells
Related to rhbz#1141485
Related to rhbz#1139001
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/cli/abrt-console-notification.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/cli/abrt-console-notification.sh b/src/cli/abrt-console-notification.sh
index 38de7bb..976dfc3 100755
--- a/src/cli/abrt-console-notification.sh
+++ b/src/cli/abrt-console-notification.sh
@@ -3,6 +3,9 @@
# terminal.
tty -s || return 0
+# Skip all for noninteractive shells for the same reason as above.
+[ -z "$PS1" ] && return 0
+
# If $HOME is not set, a non human user is logging in to shell but this script
# should provide information to human users, therefore returning immediately
# without showing the notification.
--
1.8.3.1

132
0072-applet-ensure-writable-dump-directory-before-reporti.patch Normal file
View file

@ -0,0 +1,132 @@
From a169b05a10f242b19beab749458e86d7d7aa4f7b Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Tue, 21 Oct 2014 14:57:10 +0200
Subject: [ABRT PATCH 72/72] applet: ensure writable dump directory before
reporting
Related to rhbz#1084027
Signed-off-by: Jakub Filak <jfilak@redhat.com>
Conflicts:
src/applet/applet.c
---
src/applet/applet.c | 62 ++++++++++++++++++++++++++++++++++-------------------
1 file changed, 40 insertions(+), 22 deletions(-)
diff --git a/src/applet/applet.c b/src/applet/applet.c
index bd95666..8c339a4 100644
--- a/src/applet/applet.c
+++ b/src/applet/applet.c
@@ -309,6 +309,7 @@ typedef struct problem_info {
bool incomplete;
bool reported;
bool was_announced;
+ bool is_writable;
} problem_info_t;
static void push_to_deferred_queue(problem_info_t *pi)
@@ -326,6 +327,36 @@ static void problem_info_set_dir(problem_info_t *pi, const char *dir)
problem_data_add_text_noteditable(pi->problem_data, CD_DUMPDIR, dir);
}
+static bool problem_info_ensure_writable(problem_info_t *pi)
+{
+ if (pi->is_writable)
+ return true;
+
+ /* chown the directory in any case, because kernel oopses are not foreign */
+ /* but their dump directories are not writable without chowning them or */
+ /* stealing them. The stealing is deprecated as it breaks the local */
+ /* duplicate search and root cannot see them */
+ const int res = chown_dir_over_dbus(problem_info_get_dir(pi));
+ if (pi->foreign && res != 0)
+ {
+ error_msg(_("Can't take ownership of '%s'"), problem_info_get_dir(pi));
+ return false;
+ }
+ pi->foreign = false;
+
+ struct dump_dir *dd = open_directory_for_writing(problem_info_get_dir(pi), /* don't ask */ NULL);
+ if (!dd)
+ {
+ error_msg(_("Can't open directory for writing '%s'"), problem_info_get_dir(pi));
+ return false;
+ }
+
+ problem_info_set_dir(pi, dd->dd_dirname);
+ pi->is_writable = true;
+ dd_close(dd);
+ return true;
+}
+
static problem_info_t *problem_info_new(const char *dir)
{
problem_info_t *pi = xzalloc(sizeof(*pi));
@@ -601,8 +632,13 @@ static pid_t spawn_event_handler_child(const char *dump_dir_name, const char *ev
return child;
}
-static void run_report_from_applet(const char *dirname)
+static void run_report_from_applet(problem_info_t *pi)
{
+ if (!problem_info_ensure_writable(pi))
+ return;
+
+ const char *dirname = problem_info_get_dir(pi);
+
fflush(NULL); /* paranoia */
pid_t pid = fork();
if (pid < 0)
@@ -642,7 +678,7 @@ static void action_report(NotifyNotification *notification, gchar *action, gpoin
if (strcmp(A_REPORT_REPORT, action) == 0)
{
#endif//RHBZ_1067114_NO_UREPORT
- run_report_from_applet(problem_info_get_dir(pi));
+ run_report_from_applet(pi);
problem_info_free(pi);
#ifndef RHBZ_1067114_NO_UREPORT
}
@@ -1113,7 +1149,7 @@ static gboolean handle_event_output_cb(GIOChannel *gio, GIOCondition condition,
if (pi->known || !(state->flags & REPORT_UNKNOWN_PROBLEM_IMMEDIATELY))
notify_problem(pi);
else
- run_report_from_applet(problem_info_get_dir(pi));
+ run_report_from_applet(pi);
}
else
{
@@ -1174,29 +1210,11 @@ static void export_event_configuration(const char *event_name)
static void run_event_async(problem_info_t *pi, const char *event_name, int flags)
{
- /* chown the directory in any case, because kernel oopses are not foreign */
- /* but their dump directories are not writable without chowning them or */
- /* stealing them. The stealing is deprecated as it breaks the local */
- /* duplicate search and root cannot see them */
- const int res = chown_dir_over_dbus(problem_info_get_dir(pi));
- if (pi->foreign && res != 0)
+ if (!problem_info_ensure_writable(pi))
{
- error_msg(_("Can't take ownership of '%s'"), problem_info_get_dir(pi));
problem_info_free(pi);
return;
}
- pi->foreign = false;
-
- struct dump_dir *dd = open_directory_for_writing(problem_info_get_dir(pi), /* don't ask */ NULL);
- if (!dd)
- {
- error_msg(_("Can't open directory for writing '%s'"), problem_info_get_dir(pi));
- problem_info_free(pi);
- return;
- }
-
- problem_info_set_dir(pi, dd->dd_dirname);
- dd_close(dd);
export_event_configuration(event_name);
--
1.8.3.1

209
0073-a-a-g-machine-id-add-systemd-s-machine-id.patch Normal file
View file

@ -0,0 +1,209 @@
From b7024111fcfe3662e96f5e6ad51d680fa3607b51 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 23 Oct 2014 16:37:14 +0200
Subject: [ABRT PATCH 73/75] a-a-g-machine-id: add systemd's machine id
The dmidecode based algorithm may not work on all architectures.
man machine-id
Related to rhbz#1139552
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/abrt-action-generate-machine-id | 162 +++++++++++++++++++++++++---
1 file changed, 150 insertions(+), 12 deletions(-)
diff --git a/src/plugins/abrt-action-generate-machine-id b/src/plugins/abrt-action-generate-machine-id
index 0aea787..6f43258 100644
--- a/src/plugins/abrt-action-generate-machine-id
+++ b/src/plugins/abrt-action-generate-machine-id
@@ -1,14 +1,47 @@
#!/usr/bin/python
+
+## Copyright (C) 2014 ABRT team <abrt-devel-list@redhat.com>
+## Copyright (C) 2014 Red Hat, Inc.
+
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA
+
+"""This module provides algorithms for generating Machine IDs.
+"""
+
+import sys
from argparse import ArgumentParser
+import logging
-import dmidecode
import hashlib
+def generate_machine_id_dmidecode():
+ """Generate a machine_id based off dmidecode fields
-# Generate a machine_id based off dmidecode fields
-def generate_machine_id():
- dmixml = dmidecode.dmidecodeXML()
+ The function generates the same result as sosreport-uploader
+
+ Returns a machine ID as string or throws RuntimeException
+
+ """
+ try:
+ import dmidecode
+ except ImportError as ex:
+ raise RuntimeError("Could not import dmidecode module: {0}"
+ .format(str(ex)))
+
+ dmixml = dmidecode.dmidecodeXML()
# Fetch all DMI data into a libxml2.xmlDoc object
dmixml.SetResultType(dmidecode.DMIXML_DOC)
xmldoc = dmixml.QuerySection('all')
@@ -38,20 +71,125 @@ def generate_machine_id():
return machine_id.hexdigest()
-if __name__ == "__main__":
- CMDARGS = ArgumentParser(description = "Generate a machine_id based off dmidecode fields")
- CMDARGS.add_argument('-o', '--output', type=str, help='Output file')
+def generate_machine_id_systemd():
+ """Generate a machine_id equals to a one generated by systemd
+
+ This function returns contents of /etc/machine-id
+
+ Returns a machine ID as string or throws RuntimeException.
+
+ """
+
+ try:
+ with open('/etc/machine-id', 'r') as midf:
+ return "".join((l.strip() for l in midf))
+ except IOError as ex:
+ raise RuntimeError("Could not use systemd's machine-id: {0}"
+ .format(str(ex)))
+
+
+GENERATORS = { 'sosreport_uploader-dmidecode' : generate_machine_id_dmidecode,
+ 'systemd' : generate_machine_id_systemd }
+
+
+def generate_machine_id(generators):
+ """Generates all requested machine id with all required generators
+
+ Keyword arguments:
+ generators -- a list of generator names
+
+ Returns a dictionary where keys are generators and associated values are
+ products of those generators.
+
+ """
+
+ ids = {}
+ workers = GENERATORS
+ for sd in generators:
+ try:
+ ids[sd] = workers[sd]()
+ except RuntimeError as ex:
+ logging.error("Machine-ID generator '{0}' failed: {1}"
+ .format(sd, ex.message))
+
+ return ids
+
+
+def print_result(ids, outfile, prefixed):
+ """Writes a dictionary of machine ids to a file
+
+ Each dictionary entry is written on a single line. The function does not
+ print trailing new-line if the dictionary contains only one item as it is
+ common format of one-liners placed in a dump directory.
+
+ Keyword arguments:
+ ids -- a dictionary [generator name: machine ids]
+ outfile -- output file
+ prefixed -- use 'generator name=' prefix or not
+ """
+
+ fmt = '{0}={1}' if prefixed else '{1}'
+
+ if len(ids) > 1:
+ fmt += '\n'
+
+ for sd, mid in ids.iteritems():
+ outfile.write(fmt.format(sd,mid))
+
+
+def print_generators(outfile=None):
+ """Prints requested generators
+
+ Keyword arguments:
+ outfile -- output file (default: sys.stdout)
+
+ """
+ if outfile is None:
+ outfile = sys.stdout
+
+ for sd in GENERATORS.iterkeys():
+ outfile.write("{0}\n".format(sd))
+
+
+if __name__ == '__main__':
+ CMDARGS = ArgumentParser(description = "Generate a machine_id")
+ CMDARGS.add_argument('-o', '--output', type=str,
+ help="Output file")
+ CMDARGS.add_argument('-g', '--generators', nargs='+', type=str,
+ help="Use given generators only")
+ CMDARGS.add_argument('-l', '--list-generators', action='store_true',
+ default=False, help="Print out a list of usable generators")
+ CMDARGS.add_argument('-n', '--noprefix', action='store_true',
+ default=False, help="Do not use generator name as prefix for IDs")
OPTIONS = CMDARGS.parse_args()
ARGS = vars(OPTIONS)
- machineid = generate_machine_id()
+ logging.basicConfig(format='%(message)s')
+
+ if ARGS['list_generators']:
+ print_generators()
+ sys.exit(0)
+
+ requested_generators = None
+ if ARGS['generators']:
+ requested_generators = ARGS['generators']
+ else:
+ requested_generators = GENERATORS.keys()
+
+ machineids = generate_machine_id(requested_generators)
if ARGS['output']:
try:
- with open(ARGS['output'], 'w') as outfile:
- outfile.write(machineid)
+ with open(ARGS['output'], 'w') as fout:
+ print_result(machineids, fout, not ARGS['noprefix'])
except IOError as ex:
- print ex
+ logging.error("Could not open output file: {0}".format(str(ex)))
+ sys.exit(1)
else:
- print machineid
+ print_result(machineids, sys.stdout, not ARGS['noprefix'])
+ # print_results() omits new-line for one-liners
+ if len(machineids) == 1:
+ sys.stdout.write('\n')
+
+ sys.exit(len(requested_generators) - len(machineids.keys()))
--
1.8.3.1

39
0074-a-a-g-machine-id-suppress-its-failures-in-abrt_event.patch Normal file
View file

@ -0,0 +1,39 @@
From 4bfbbd5840a21257cf319936b3c59b7aaa1519ad Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 24 Oct 2014 15:50:02 +0200
Subject: [ABRT PATCH 74/75] a-a-g-machine-id: suppress its failures in
abrt_event.conf
If an event script exits with a non-zero code, abrtd deletes entire dump
directory.
Failures of a-a-g-machine-id must not lead to the deletion of a dump
directory.
It is also expected that dmidecode-less systems will print an error
message related to the fact that dmidecode doesn't work, hence
forwarding of STDOUT and STDERR to 'event_log' file.
Related to rhbz#1139552
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt_event.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/abrt_event.conf b/src/daemon/abrt_event.conf
index deda7c7..54e1b3f 100644
--- a/src/daemon/abrt_event.conf
+++ b/src/daemon/abrt_event.conf
@@ -94,7 +94,7 @@ EVENT=post-create
# Example: if you want to include *machineid* in dump directories:
EVENT=post-create
- /usr/libexec/abrt-action-generate-machine-id -o $DUMP_DIR/machineid
+ /usr/libexec/abrt-action-generate-machine-id -o $DUMP_DIR/machineid >>event_log 2>&1 || :
# Example: if you want to upload data immediately at the moment of a crash:
#EVENT=post-create
--
1.8.3.1

12890
0075-Translation-updates.patch Normal file
View file

File diff suppressed because it is too large Load diff

120
0076-Revert-gdb-disable-loading-of-auto-loaded-files.patch Normal file
View file

@ -0,0 +1,120 @@
From f02866555da23e00ad3a76a8d540bd83804c439f Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 19 Nov 2014 07:19:29 +0100
Subject: [ABRT PATCH 76/78] Revert "gdb: disable loading of auto-loaded files"
This reverts commit 5a2f83cd86ce824167fa7ea8e5357c014034ed46.
Turning auto-load off also turns the pretty printer off.
Unfortunately, we must trust to providers of the auto-loaded scripts and
we must be fixing root causes and not treating symptoms.
Related: #1128637
---
src/lib/hooklib.c | 40 +++++++++++++++++++---------------------
1 file changed, 19 insertions(+), 21 deletions(-)
diff --git a/src/lib/hooklib.c b/src/lib/hooklib.c
index 21ad9e0..4a50727 100644
--- a/src/lib/hooklib.c
+++ b/src/lib/hooklib.c
@@ -252,12 +252,10 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
/* Let user know what's going on */
log(_("Generating backtrace"));
- char *args[23];
+ char *args[21];
args[0] = (char*)"gdb";
args[1] = (char*)"-batch";
args[2] = (char*)"-ex";
- args[3] = (char*)"set auto-load off";
- args[4] = (char*)"-ex";
struct strbuf *set_debug_file_directory = strbuf_new();
if(debuginfo_dirs == NULL)
{
@@ -280,7 +278,7 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
p = colon_or_nul;
}
}
- args[5] = strbuf_free_nobuf(set_debug_file_directory);
+ args[3] = strbuf_free_nobuf(set_debug_file_directory);
/* "file BINARY_FILE" is needed, without it gdb cannot properly
* unwind the stack. Currently the unwind information is located
@@ -302,27 +300,27 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
* TODO: check mtimes on COREFILE and BINARY_FILE and not supply
* BINARY_FILE if it is newer (to at least avoid gdb complaining).
*/
- args[6] = (char*)"-ex";
- args[7] = xasprintf("file %s", executable);
+ args[4] = (char*)"-ex";
+ args[5] = xasprintf("file %s", executable);
free(executable);
- args[8] = (char*)"-ex";
- args[9] = xasprintf("core-file %s/"FILENAME_COREDUMP, dump_dir_name);
+ args[6] = (char*)"-ex";
+ args[7] = xasprintf("core-file %s/"FILENAME_COREDUMP, dump_dir_name);
+ args[8] = (char*)"-ex";
+ /*args[9] = ... see below */
args[10] = (char*)"-ex";
- /*args[11] = ... see below */
- args[12] = (char*)"-ex";
- args[13] = (char*)"info sharedlib";
+ args[11] = (char*)"info sharedlib";
/* glibc's abort() stores its message in __abort_msg variable */
+ args[12] = (char*)"-ex";
+ args[13] = (char*)"print (char*)__abort_msg";
args[14] = (char*)"-ex";
- args[15] = (char*)"print (char*)__abort_msg";
+ args[15] = (char*)"print (char*)__glib_assert_msg";
args[16] = (char*)"-ex";
- args[17] = (char*)"print (char*)__glib_assert_msg";
+ args[17] = (char*)"info all-registers";
args[18] = (char*)"-ex";
- args[19] = (char*)"info all-registers";
- args[20] = (char*)"-ex";
- args[21] = (char*)"disassemble";
- args[22] = NULL;
+ args[19] = (char*)"disassemble";
+ args[20] = NULL;
/* Get the backtrace, but try to cap its size */
/* Limit bt depth. With no limit, gdb sometimes OOMs the machine */
@@ -332,9 +330,9 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
char *bt = NULL;
while (1)
{
- args[11] = xasprintf("%s backtrace %u%s", thread_apply_all, bt_depth, full);
+ args[9] = xasprintf("%s backtrace %u%s", thread_apply_all, bt_depth, full);
bt = exec_vp(args, /*redirect_stderr:*/ 1, timeout_sec, NULL);
- free(args[11]);
+ free(args[9]);
if ((bt && strnlen(bt, 256*1024) < 256*1024) || bt_depth <= 32)
{
break;
@@ -359,7 +357,7 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
* End of assembler dump.
* (IOW: "empty" dump)
*/
- args[21] = (char*)"disassemble $pc-20, $pc+64";
+ args[19] = (char*)"disassemble $pc-20, $pc+64";
if (bt_depth <= 64 && thread_apply_all[0] != '\0')
{
@@ -375,9 +373,9 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
}
}
+ free(args[3]);
free(args[5]);
free(args[7]);
- free(args[9]);
return bt;
}
--
1.8.3.1

176
0077-gdb-make-gdb-aware-of-the-abrt-s-debuginfo-dir.patch Normal file
View file

@ -0,0 +1,176 @@
From 56e7f58908997b6cfd52d44bca208ef50d1bdf61 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 13 Nov 2014 12:08:07 +0100
Subject: [ABRT PATCH 77/78] gdb: make gdb aware of the abrt's debuginfo dir
A debuginfo package might ship an auto-loaded gdb script. If abrt
unpacks that package into the abrt's debuginfo cache dir and points gdb
to that directory, gdb refuses to auto-loaded that gdb scripts and
produces a plenty of warning messages that abrt writes to 'backtrace'
file.
The previous solution of this issue was to turn auto-load off completely
but it turned the pretty printer off too.
The correct solution is to add the abrt's debuginfo cache directory to
auto-load safe-path and auto-load scripts-dir settings.
Thanks Jan Kratochvil <jkratoch@redhat.com>
Requires: rhbz#1163339
Resolves: rhbz#1128637
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/lib/hooklib.c | 83 ++++++++++++++++++++++++++++++++++++-------------------
1 file changed, 55 insertions(+), 28 deletions(-)
diff --git a/src/lib/hooklib.c b/src/lib/hooklib.c
index 4a50727..1d45cdd 100644
--- a/src/lib/hooklib.c
+++ b/src/lib/hooklib.c
@@ -252,11 +252,12 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
/* Let user know what's going on */
log(_("Generating backtrace"));
- char *args[21];
- args[0] = (char*)"gdb";
- args[1] = (char*)"-batch";
- args[2] = (char*)"-ex";
+ unsigned i = 0;
+ char *args[25];
+ args[i++] = (char*)"gdb";
+ args[i++] = (char*)"-batch";
struct strbuf *set_debug_file_directory = strbuf_new();
+ unsigned auto_load_base_index = 0;
if(debuginfo_dirs == NULL)
{
// set non-existent debug file directory to prevent resolving
@@ -266,6 +267,8 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
else
{
strbuf_append_str(set_debug_file_directory, "set debug-file-directory /usr/lib/debug");
+
+ struct strbuf *debug_directories = strbuf_new();
const char *p = debuginfo_dirs;
while (1)
{
@@ -274,11 +277,25 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
if (*p == '\0')
break;
const char *colon_or_nul = strchrnul(p, ':');
- strbuf_append_strf(set_debug_file_directory, ":%.*s/usr/lib/debug", (int)(colon_or_nul - p), p);
+ strbuf_append_strf(debug_directories, "%s%.*s/usr/lib/debug", (debug_directories->len == 0 ? "" : ":"),
+ (int)(colon_or_nul - p), p);
p = colon_or_nul;
}
+
+ strbuf_append_strf(set_debug_file_directory, ":%s", debug_directories->buf);
+
+ args[i++] = (char*)"-iex";
+ auto_load_base_index = i;
+ args[i++] = xasprintf("add-auto-load-safe-path %s", debug_directories->buf);
+ args[i++] = (char*)"-iex";
+ args[i++] = xasprintf("add-auto-load-scripts-directory %s", debug_directories->buf);
+
+ strbuf_free(debug_directories);
}
- args[3] = strbuf_free_nobuf(set_debug_file_directory);
+
+ args[i++] = (char*)"-ex";
+ const unsigned debug_dir_cmd_index = i++;
+ args[debug_dir_cmd_index] = strbuf_free_nobuf(set_debug_file_directory);
/* "file BINARY_FILE" is needed, without it gdb cannot properly
* unwind the stack. Currently the unwind information is located
@@ -300,27 +317,31 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
* TODO: check mtimes on COREFILE and BINARY_FILE and not supply
* BINARY_FILE if it is newer (to at least avoid gdb complaining).
*/
- args[4] = (char*)"-ex";
- args[5] = xasprintf("file %s", executable);
+ args[i++] = (char*)"-ex";
+ const unsigned file_cmd_index = i++;
+ args[file_cmd_index] = xasprintf("file %s", executable);
free(executable);
- args[6] = (char*)"-ex";
- args[7] = xasprintf("core-file %s/"FILENAME_COREDUMP, dump_dir_name);
+ args[i++] = (char*)"-ex";
+ const unsigned core_cmd_index = i++;
+ args[core_cmd_index] = xasprintf("core-file %s/"FILENAME_COREDUMP, dump_dir_name);
- args[8] = (char*)"-ex";
+ args[i++] = (char*)"-ex";
+ const unsigned bt_cmd_index = i++;
/*args[9] = ... see below */
- args[10] = (char*)"-ex";
- args[11] = (char*)"info sharedlib";
+ args[i++] = (char*)"-ex";
+ args[i++] = (char*)"info sharedlib";
/* glibc's abort() stores its message in __abort_msg variable */
- args[12] = (char*)"-ex";
- args[13] = (char*)"print (char*)__abort_msg";
- args[14] = (char*)"-ex";
- args[15] = (char*)"print (char*)__glib_assert_msg";
- args[16] = (char*)"-ex";
- args[17] = (char*)"info all-registers";
- args[18] = (char*)"-ex";
- args[19] = (char*)"disassemble";
- args[20] = NULL;
+ args[i++] = (char*)"-ex";
+ args[i++] = (char*)"print (char*)__abort_msg";
+ args[i++] = (char*)"-ex";
+ args[i++] = (char*)"print (char*)__glib_assert_msg";
+ args[i++] = (char*)"-ex";
+ args[i++] = (char*)"info all-registers";
+ args[i++] = (char*)"-ex";
+ const unsigned dis_cmd_index = i++;
+ args[dis_cmd_index] = (char*)"disassemble";
+ args[i++] = NULL;
/* Get the backtrace, but try to cap its size */
/* Limit bt depth. With no limit, gdb sometimes OOMs the machine */
@@ -330,9 +351,9 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
char *bt = NULL;
while (1)
{
- args[9] = xasprintf("%s backtrace %u%s", thread_apply_all, bt_depth, full);
+ args[bt_cmd_index] = xasprintf("%s backtrace %u%s", thread_apply_all, bt_depth, full);
bt = exec_vp(args, /*redirect_stderr:*/ 1, timeout_sec, NULL);
- free(args[9]);
+ free(args[bt_cmd_index]);
if ((bt && strnlen(bt, 256*1024) < 256*1024) || bt_depth <= 32)
{
break;
@@ -357,7 +378,7 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
* End of assembler dump.
* (IOW: "empty" dump)
*/
- args[19] = (char*)"disassemble $pc-20, $pc+64";
+ args[dis_cmd_index] = (char*)"disassemble $pc-20, $pc+64";
if (bt_depth <= 64 && thread_apply_all[0] != '\0')
{
@@ -373,9 +394,15 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
}
}
- free(args[3]);
- free(args[5]);
- free(args[7]);
+ if (auto_load_base_index > 0)
+ {
+ free(args[auto_load_base_index]);
+ free(args[auto_load_base_index + 2]);
+ }
+
+ free(args[debug_dir_cmd_index]);
+ free(args[file_cmd_index]);
+ free(args[core_cmd_index]);
return bt;
}
--
1.8.3.1

28
0079-cli-mark-the-suggestion-text-for-translation.patch Normal file
View file

@ -0,0 +1,28 @@
From 187530c4df6971927d1e099584be5b418ab2725b Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 12 Dec 2014 14:19:49 +0100
Subject: [ABRT PATCH 79/82] cli: mark the suggestion text for translation
Related: #1087880
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/cli/list.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cli/list.c b/src/cli/list.c
index b6b4790..ccb5f3b 100644
--- a/src/cli/list.c
+++ b/src/cli/list.c
@@ -124,7 +124,7 @@ static void print_crash(problem_data_t *problem_data, int detailed, int text_siz
if (event_found)
{
- char *tmp = xasprintf("%sRun 'abrt-cli report %s' for creating a case in Red Hat Customer Portal\n", desc, dump_dir_name);
+ char *tmp = xasprintf(_("%sRun 'abrt-cli report %s' for creating a case in Red Hat Customer Portal\n"), desc, dump_dir_name);
free(desc);
desc = tmp;
}
--
1.8.3.1

438
0080-auto-reporting-add-options-to-specify-auth-type.patch Normal file
View file

@ -0,0 +1,438 @@
From 2b16db2fea5552225437ac7d622706b597b7a71d Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 19 Dec 2014 00:41:16 +0100
Subject: [ABRT PATCH 80/82] auto-reporting: add options to specify auth type
See abrt-auto-reporting man page for more details about this commit.
Related: #1174833
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
doc/abrt-auto-reporting.txt | 41 ++++++-
src/daemon/abrt-auto-reporting.c | 258 ++++++++++++++++++++++++++++++++++++---
2 files changed, 280 insertions(+), 19 deletions(-)
diff --git a/doc/abrt-auto-reporting.txt b/doc/abrt-auto-reporting.txt
index 1cc534e..2a27945 100644
--- a/doc/abrt-auto-reporting.txt
+++ b/doc/abrt-auto-reporting.txt
@@ -3,11 +3,14 @@ abrt-auto-reporting(1)
NAME
----
-abrt-auto-reporting - Get or modify a value of the auto reporting option
+abrt-auto-reporting - Get or modify the auto reporting option values
SYNOPSIS
--------
-'abrt-auto-reporting' [-v] [ enabled | yes | 1 | disabled | no | 0 ]
+'abrt-auto-reporting' [-v] [ enabled | yes | 1 | on | disabled | no | 0 | off ]
+ [ [--anonymous] |
+ [--username USERNAME [--password PASSWORD] ] |
+ [--certificate SOURCE] ]
DESCRIPTION
-----------
@@ -23,6 +26,9 @@ process and will be persistent.
ABRT uploads an uReport which was generated for a detected problem
immediately after the detection phase.
+Reads and saves the authentication configuration options in
+/etc/libreport/plugins/ureport.conf and /etc/libreport/plugins/rhtsupport.conf
+
uReport description
~~~~~~~~~~~~~~~~~~~
ABRT supports uReports for four types of crashes: crashes of C/C++ programs
@@ -51,6 +57,14 @@ for kernel oopses::
these are list of loaded kernel modules, list of taint flags, and full text
of the kernel oops.
+The authenticated uReports also contains *hostname* and *machineid* to enable a
+server side filtering at https://access.redhat.com/.
+
+The authenticated uReports have the benefit of rich server replies which may
+include a solution for the submitted crash. The authentication is done using
+either Red Hat Subscription Certificates or Red Hat Customer Portal
+credentials.
+
'Warning':
The full text of a kernel oops might contain information like the
identification of the host hardware type. You should disable the autoreporting
@@ -62,9 +76,30 @@ OPTIONS
-v, --verbose::
Be more verbose. Can be given multiple times.
+-a, --anonymous::
+ Turns the authentication off by clearing both 'SSLClientAuth' and 'HTTPAuth'
+ configuration options in /etc/libreport/plugins/ureport.conf
+
+-u, --username USERNAME::
+ Turns HTTP Authentication on by setting 'HTTPAuth' configuration option to
+ *rhts-credentials* in /etc/libreport/plugins/ureport.conf and storing
+ USERNAME and PASSWORD in /etc/libreport/plugins/rhtsupport.conf
+ Also turns the SSL Client Authentication off, because these methods cannot
+ be used together.
+
+-p, --password PASSWORD::
+ Password for HTTP Authentication. If not provided, a prompt asking for it
+ will be issued.
+
+-c, --certificate SOURCE::
+ Turns SSL Client Authentication on by setting 'SSLClientAuth' configuration
+ option to SOURCE in /etc/libreport/plugins/ureport.conf.
+ Also turns the HTTP Authentication off, because these methods cannot
+ be used together.
+
SEE ALSO
--------
-abrt.conf(5)
+abrt.conf(5), ureport.conf(5), rhtsupport.conf(5)
AUTHORS
-------
diff --git a/src/daemon/abrt-auto-reporting.c b/src/daemon/abrt-auto-reporting.c
index 0909bed..f50c4c2 100644
--- a/src/daemon/abrt-auto-reporting.c
+++ b/src/daemon/abrt-auto-reporting.c
@@ -17,6 +17,7 @@
*/
#include "libabrt.h"
+#include "client.h"
#include <stdio.h>
@@ -26,13 +27,24 @@
#define STATE_MANUAL "disabled"
#define STATE_AUTO "enabled"
-const char *const REPORTING_STATES[6][2] = {
+#define RHTS_NAME "rhtsupport.conf"
+#define RHTS_USERNAME_OPTION "Login"
+#define RHTS_PASSWORD_OPTION "Password"
+
+#define UREPORT_NAME "ureport.conf"
+#define UREPORT_HTTP_AUTH_OPTION "HTTPAuth"
+#define UREPORT_CLIENT_AUTH_OPTION "SSLClientAuth"
+#define UREPORT_RTHS_CREDENTIALS_AUTH "rhts-credentials"
+
+const char *const REPORTING_STATES[8][2] = {
{STATE_MANUAL, "no" },
{STATE_AUTO, "yes"},
{"no", "no" },
{"yes", "yes"},
{"0", "no" },
{"1", "yes"},
+ {"off", "no" },
+ {"on", "yes"},
};
static int
@@ -52,6 +64,77 @@ set_abrt_reporting(map_string_t *conf, const char *opt_value)
return 1;
}
+static int
+set_ureport_http_auth(map_string_t *conf, const char *opt_value)
+{
+ const char *const cur_value = get_map_string_item_or_NULL(conf, UREPORT_HTTP_AUTH_OPTION);
+
+ if (cur_value == NULL || strcmp(cur_value, opt_value) != 0)
+ {
+ replace_map_string_item(conf, xstrdup(UREPORT_HTTP_AUTH_OPTION), xstrdup(opt_value));
+ remove_map_string_item(conf, UREPORT_CLIENT_AUTH_OPTION);
+
+ return save_plugin_conf_file(UREPORT_NAME, conf);
+ }
+
+ /* No changes needed -> success */
+ return 1;
+}
+
+static int
+set_ureport_client_auth(map_string_t *conf, const char *opt_value)
+{
+ const char *const cur_value = get_map_string_item_or_NULL(conf, UREPORT_CLIENT_AUTH_OPTION);
+
+ if (cur_value == NULL || strcmp(cur_value, opt_value) != 0)
+ {
+ replace_map_string_item(conf, xstrdup(UREPORT_CLIENT_AUTH_OPTION), xstrdup(opt_value));
+ remove_map_string_item(conf, UREPORT_HTTP_AUTH_OPTION);
+
+ return save_plugin_conf_file(UREPORT_NAME, conf);
+ }
+
+ /* No changes needed -> success */
+ return 1;
+}
+
+static int
+clear_ureport_auth(map_string_t *conf)
+{
+ const char *const http_cur_value = get_map_string_item_or_NULL(conf, UREPORT_HTTP_AUTH_OPTION);
+ const char *const ssl_cur_value = get_map_string_item_or_NULL(conf, UREPORT_CLIENT_AUTH_OPTION);
+
+ if (http_cur_value != NULL || ssl_cur_value != NULL)
+ {
+ remove_map_string_item(conf, UREPORT_HTTP_AUTH_OPTION);
+ remove_map_string_item(conf, UREPORT_CLIENT_AUTH_OPTION);
+
+ return save_plugin_conf_file(UREPORT_NAME, conf);
+ }
+
+ /* No changes needed -> success */
+ return 1;
+}
+
+static int
+set_rhts_credentials(map_string_t *conf, const char *username, const char *password)
+{
+ const char *const username_cur_value = get_map_string_item_or_NULL(conf, RHTS_USERNAME_OPTION);
+ const char *const password_cur_value = get_map_string_item_or_NULL(conf, RHTS_PASSWORD_OPTION);
+
+ if ( (username_cur_value == NULL || strcmp(username_cur_value, username) != 0)
+ || (password_cur_value == NULL || strcmp(password_cur_value, password) != 0))
+ {
+ replace_map_string_item(conf, xstrdup(RHTS_USERNAME_OPTION), xstrdup(username));
+ replace_map_string_item(conf, xstrdup(RHTS_PASSWORD_OPTION), xstrdup(password));
+
+ return save_plugin_conf_file(RHTS_NAME, conf);
+ }
+
+ /* No changes needed -> success */
+ return 1;
+}
+
static const char *
get_abrt_reporting(map_string_t *conf)
{
@@ -60,6 +143,18 @@ get_abrt_reporting(map_string_t *conf)
return REPORTING_STATES[index][0];
}
+static const char *
+get_ureport_http_auth(map_string_t *conf)
+{
+ return get_map_string_item_or_NULL(conf, UREPORT_HTTP_AUTH_OPTION);
+}
+
+static const char *
+get_ureport_client_auth(map_string_t *conf)
+{
+ return get_map_string_item_or_NULL(conf, UREPORT_CLIENT_AUTH_OPTION);
+}
+
int main(int argc, char *argv[])
{
setlocale(LC_ALL, "");
@@ -78,7 +173,8 @@ int main(int argc, char *argv[])
abrt_init(argv);
const char *program_usage_string = _(
- "& [ "STATE_MANUAL" | "STATE_AUTO" | yes | no | 1 | 0 ]\n"
+ "& [ "STATE_MANUAL" | "STATE_AUTO" | yes | no | 1 | 0 ] \\\n"
+ " [[--anonymous] | [--username USERNAME [--password PASSWORD]] | [--certificate SOURCE]]\n"
"\n"
"Get or modify a value of the auto-reporting option. The changes will take\n"
"effect immediately and will be persistent.\n"
@@ -94,36 +190,72 @@ int main(int argc, char *argv[])
"contains identification of the operating system, versions of the RPM packages\n"
"involved in the crash, and whether the program ran under a root user.\n"
"\n"
- "See abrt-auto-reporting(1) for more details.\n"
+ "See abrt-auto-reporting(1), reporter-ureport(1) and reporter-rhtsupport(1)\n"
+ "for more details.\n"
);
+ enum {
+ OPT_v = 1 << 0,
+ OPT_a = 1 << 1,
+ OPT_u = 1 << 2,
+ OPT_p = 1 << 3,
+ OPT_c = 1 << 4,
+ };
+
+ bool anonymous = false;
+ const char *username = NULL;
+ const char *password = NULL;
+ const char *certificate = NULL;
+
/* Keep enum above and order of options below in sync! */
struct options program_options[] = {
OPT__VERBOSE(&g_verbose),
+ OPT_BOOL ( 'a', "anonymous", &anonymous, _("Turns the authentication off")),
+ OPT_STRING( 'u', "username", &username, "USERNAME", _("Red Hat Support user name")),
+ OPT_STRING( 'p', "password", &password, "PASSWORD", _("Red Hat Support password, if not given, a prompt for it will be issued")),
+ OPT_STRING( 'c', "certificate", &certificate, "SOURCE", _("uReport SSL certificate paths or certificate type")),
OPT_END()
};
- const unsigned optind = parse_opts(argc, argv, program_options, program_usage_string);
+ const unsigned opts = parse_opts(argc, argv, program_options, program_usage_string);
argv += optind;
argc -= optind;
- if (argc > 2)
+ if ((opts & OPT_p) && !(opts & OPT_u))
{
- error_msg(_("Invalid number of arguments"));
+ error_msg(_("You also need to specify --username for --password"));
show_usage_and_die(program_usage_string, program_options);
}
- int exit_code = EXIT_FAILURE;
+ if ((opts & OPT_u) && (opts & OPT_c))
+ {
+ error_msg(_("You can use either --username or --certificate"));
+ show_usage_and_die(program_usage_string, program_options);
+ }
- map_string_t *conf = new_map_string();
- if (!load_abrt_conf_file(CONF_NAME, conf))
- goto finito;
+ if ((opts & OPT_u) && (opts & OPT_a))
+ {
+ error_msg(_("You can use either --username or --anonymous"));
+ show_usage_and_die(program_usage_string, program_options);
+ }
+
+ if ((opts & OPT_a) && (opts & OPT_c))
+ {
+ error_msg(_("You can use either --anonymous or --certificate"));
+ show_usage_and_die(program_usage_string, program_options);
+ }
+
+ if (argc > 1)
+ {
+ error_msg(_("Invalid number of arguments"));
+ show_usage_and_die(program_usage_string, program_options);
+ }
- if (argc == 2)
+ const char *opt_value = NULL;
+ if (argc == 1)
{
- const char *const new_value = argv[1];
- const char *opt_value = NULL;
+ const char *const new_value = argv[0];
for (int i = 0; i < sizeof(REPORTING_STATES)/sizeof(REPORTING_STATES[0]); ++i)
{
if (strcasecmp(new_value, REPORTING_STATES[i][0]) == 0)
@@ -138,15 +270,109 @@ int main(int argc, char *argv[])
error_msg(_("Unknown option value: '%s'\n"), new_value);
show_usage_and_die(program_usage_string, program_options);
}
+ }
+
+ int exit_code = EXIT_FAILURE;
+
+ map_string_t *conf = new_map_string();
+ map_string_t *rhts_conf = new_map_string();
+ map_string_t *rhts_conf_bck = NULL;
+ map_string_t *ureport_conf = new_map_string();
+ map_string_t *ureport_conf_bck = NULL;
+
+ if (!load_abrt_conf_file(CONF_NAME, conf))
+ goto finito;
- exit_code = set_abrt_reporting(conf, opt_value) ? EXIT_SUCCESS : EXIT_FAILURE;
+ if (!load_plugin_conf_file(RHTS_NAME, rhts_conf, false))
goto finito;
+
+ if (!load_plugin_conf_file(UREPORT_NAME, ureport_conf, false))
+ goto finito;
+
+ if ((opts & OPT_a))
+ {
+ ureport_conf_bck = clone_map_string(ureport_conf);
+
+ if (!clear_ureport_auth(ureport_conf))
+ goto finito;
+ }
+
+ if ((opts & OPT_u))
+ {
+ char *tmp_password = NULL;
+ if (!(opts & OPT_p))
+ {
+ password = tmp_password = ask_password(_("Password:"));
+ if (tmp_password == NULL)
+ {
+ error_msg(_("Cannot continue without password\n"));
+ goto finito;
+ }
+ }
+
+ ureport_conf_bck = clone_map_string(ureport_conf);
+
+ if (!set_ureport_http_auth(ureport_conf, UREPORT_RTHS_CREDENTIALS_AUTH))
+ goto finito;
+
+ rhts_conf_bck = clone_map_string(rhts_conf);
+
+ if (!set_rhts_credentials(rhts_conf, username, password))
+ {
+ save_plugin_conf_file(UREPORT_NAME, ureport_conf_bck);
+ goto finito;
+ }
+
+ free(tmp_password);
+ }
+
+ if ((opts & OPT_c))
+ {
+ ureport_conf_bck = clone_map_string(ureport_conf);
+
+ if (!set_ureport_client_auth(ureport_conf, certificate))
+ goto finito;
+ }
+
+ if (argc == 0)
+ {
+ printf("%s", get_abrt_reporting(conf));
+ exit_code = EXIT_SUCCESS;
+
+ if (g_verbose >= 1)
+ {
+ const char *tmp = get_ureport_http_auth(ureport_conf);
+ if (tmp != NULL)
+ /* Print only the part before ':' of a string like "username:password" */
+ printf(" %s (%*s)", _("HTTP Authenticated auto reporting"), (int)(strchrnul(tmp, ':') - tmp), tmp);
+ else if ((tmp = get_ureport_client_auth(ureport_conf)) != NULL)
+ printf(" %s (%s)", _("SSL Client Authenticated auto reporting"), tmp);
+ else
+ printf(" %s", _("anonymous auto reporting"));
+ }
+
+ putchar('\n');
+
+ goto finito;
+ }
+
+ exit_code = set_abrt_reporting(conf, opt_value) ? EXIT_SUCCESS : EXIT_FAILURE;
+
+ if (exit_code == EXIT_FAILURE)
+ {
+ if (ureport_conf_bck != NULL)
+ save_plugin_conf_file(UREPORT_NAME, ureport_conf_bck);
+
+ if (rhts_conf_bck != NULL)
+ save_plugin_conf_file(RHTS_NAME, rhts_conf_bck);
}
- printf("%s\n", get_abrt_reporting(conf));
- exit_code = EXIT_SUCCESS;
finito:
+ free_map_string(ureport_conf);
+ free_map_string(ureport_conf_bck);
+ free_map_string(rhts_conf);
+ free_map_string(rhts_conf_bck);
free_map_string(conf);
return exit_code;
}
--
1.8.3.1

22128
0082-translations-pull-the-newest-PO-files.patch Normal file
View file

File diff suppressed because it is too large Load diff

73643
0086-translations-update-the-PO-files.patch Normal file
View file

File diff suppressed because it is too large Load diff

45
0087-abrt-auto-reporting-make-the-code-more-safer.patch Normal file
View file

@ -0,0 +1,45 @@
From b6d744ffd5e70b410c960ace62c68094bbbd045c Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 9 Jan 2015 16:34:00 +0100
Subject: [ABRT PATCH 87/87] abrt-auto-reporting: make the code more safer
Uncovered by coverity.
Related: #1174833
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt-auto-reporting.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/daemon/abrt-auto-reporting.c b/src/daemon/abrt-auto-reporting.c
index f50c4c2..f3b4ed0 100644
--- a/src/daemon/abrt-auto-reporting.c
+++ b/src/daemon/abrt-auto-reporting.c
@@ -50,6 +50,8 @@ const char *const REPORTING_STATES[8][2] = {
static int
set_abrt_reporting(map_string_t *conf, const char *opt_value)
{
+ assert(opt_value != NULL || !"BUG: invalid auto-reporting state");
+
const char *const def_value = REPORTING_STATES[0][1];
const char *const cur_value = get_map_string_item_or_NULL(conf, OPTION_NAME);
@@ -356,7 +358,13 @@ int main(int argc, char *argv[])
goto finito;
}
- exit_code = set_abrt_reporting(conf, opt_value) ? EXIT_SUCCESS : EXIT_FAILURE;
+ if (opt_value == NULL)
+ { /* calm coverity: see 'if (argc ...)' statements above. 0 exits, >1 fails, 1 sets opt_value */
+ error_msg("BUG: invalid command line arguments");
+ exit_code = EXIT_FAILURE;
+ }
+ else
+ exit_code = set_abrt_reporting(conf, opt_value) ? EXIT_SUCCESS : EXIT_FAILURE;
if (exit_code == EXIT_FAILURE)
{
--
1.8.3.1

65
0088-a-a-save-package-data-turn-off-reading-data-from-roo.patch Normal file
View file

@ -0,0 +1,65 @@
From fdf93685d4f3fc36fe50d34a11e24662c4cb2d8c Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 15 Apr 2015 12:12:59 +0200
Subject: [ABRT PATCH] a-a-save-package-data: turn off reading data from root
directories
Making copies of files from arbitrary root directories is not secure.
Related: #1211835
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt-action-save-package-data.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/daemon/abrt-action-save-package-data.c b/src/daemon/abrt-action-save-package-data.c
index 6dbcfc2..97d5f5e 100644
--- a/src/daemon/abrt-action-save-package-data.c
+++ b/src/daemon/abrt-action-save-package-data.c
@@ -223,7 +223,6 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
char *cmdline = NULL;
char *executable = NULL;
- char *rootdir = NULL;
char *package_short_name = NULL;
struct pkg_envra *pkg_name = NULL;
char *component = NULL;
@@ -233,8 +232,6 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
cmdline = dd_load_text_ext(dd, FILENAME_CMDLINE, DD_FAIL_QUIETLY_ENOENT);
executable = dd_load_text(dd, FILENAME_EXECUTABLE);
- rootdir = dd_load_text_ext(dd, FILENAME_ROOTDIR,
- DD_FAIL_QUIETLY_ENOENT | DD_LOAD_TEXT_RETURN_NULL_ON_FAILURE);
/* Close dd while we query package database. It can take some time,
* don't want to keep dd locked longer than necessary */
@@ -246,7 +243,7 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
goto ret; /* return 1 (failure) */
}
- pkg_name = rpm_get_package_nvr(executable, rootdir);
+ pkg_name = rpm_get_package_nvr(executable, NULL);
if (!pkg_name)
{
if (settings_bProcessUnpackaged)
@@ -329,7 +326,7 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
*/
}
- component = rpm_get_component(executable, rootdir);
+ component = rpm_get_component(executable, NULL);
dd = dd_opendir(dump_dir_name, /*flags:*/ 0);
if (!dd)
@@ -355,7 +352,6 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
ret:
free(cmdline);
free(executable);
- free(rootdir);
free(package_short_name);
free_pkg_envra(pkg_name);
free(component);
--
1.8.3.1

80
0089-ccpp-fix-symlink-race-conditions.patch Normal file
View file

@ -0,0 +1,80 @@
From 80408e9e24a1c10f85fd969e1853e0f192157f92 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 15 Apr 2015 12:14:22 +0200
Subject: [ABRT PATCH] ccpp: fix symlink race conditions
Fix copy & chown race conditions
Related: #1211835
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 27 ++++++++++++++++-----------
1 file changed, 16 insertions(+), 11 deletions(-)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 8e141d4..be16fab 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -397,7 +397,7 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
return user_core_fd;
}
-static bool dump_fd_info(const char *dest_filename, char *source_filename, int source_base_ofs)
+static bool dump_fd_info(const char *dest_filename, char *source_filename, int source_base_ofs, uid_t uid, gid_t gid)
{
FILE *fp = fopen(dest_filename, "w");
if (!fp)
@@ -429,6 +429,16 @@ static bool dump_fd_info(const char *dest_filename, char *source_filename, int s
}
fclose(in);
}
+
+ const int dest_fd = fileno(fp);
+ if (fchown(dest_fd, uid, gid) < 0)
+ {
+ perror_msg("Can't change '%s' ownership to %lu:%lu", dest_filename, (long)uid, (long)gid);
+ fclose(fp);
+ unlink(dest_filename);
+ return false;
+ }
+
fclose(fp);
return true;
}
@@ -678,27 +688,22 @@ int main(int argc, char** argv)
// Disabled for now: /proc/PID/smaps tends to be BIG,
// and not much more informative than /proc/PID/maps:
- //copy_file(source_filename, dest_filename, 0640);
- //chown(dest_filename, dd->dd_uid, dd->dd_gid);
+ //copy_file_ext(source_filename, dest_filename, 0640, dd->dd_uid, dd->dd_gid, O_RDONLY, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
strcpy(source_filename + source_base_ofs, "maps");
strcpy(dest_base, FILENAME_MAPS);
- copy_file(source_filename, dest_filename, DEFAULT_DUMP_DIR_MODE);
- IGNORE_RESULT(chown(dest_filename, dd->dd_uid, dd->dd_gid));
+ copy_file_ext(source_filename, dest_filename, 0640, dd->dd_uid, dd->dd_gid, O_RDONLY, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
strcpy(source_filename + source_base_ofs, "limits");
strcpy(dest_base, FILENAME_LIMITS);
- copy_file(source_filename, dest_filename, DEFAULT_DUMP_DIR_MODE);
- IGNORE_RESULT(chown(dest_filename, dd->dd_uid, dd->dd_gid));
+ copy_file_ext(source_filename, dest_filename, 0640, dd->dd_uid, dd->dd_gid, O_RDONLY, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
strcpy(source_filename + source_base_ofs, "cgroup");
strcpy(dest_base, FILENAME_CGROUP);
- copy_file(source_filename, dest_filename, DEFAULT_DUMP_DIR_MODE);
- IGNORE_RESULT(chown(dest_filename, dd->dd_uid, dd->dd_gid));
+ copy_file_ext(source_filename, dest_filename, 0640, dd->dd_uid, dd->dd_gid, O_RDONLY, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
strcpy(dest_base, FILENAME_OPEN_FDS);
- if (dump_fd_info(dest_filename, source_filename, source_base_ofs))
- IGNORE_RESULT(chown(dest_filename, dd->dd_uid, dd->dd_gid));
+ dump_fd_info(dest_filename, source_filename, source_base_ofs, dd->dd_uid, dd->dd_gid);
free(dest_filename);
--
1.8.3.1

39
0090-ccpp-stop-reading-hs_error.log-from-tmp.patch Normal file
View file

@ -0,0 +1,39 @@
From 17cb66b13997b0159b4253b3f5722db79f476d68 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Tue, 28 Apr 2015 14:00:18 +0200
Subject: [ABRT PATCH] ccpp: stop reading hs_error.log from /tmp
The file might contain anything and there is no way to verify its
contents.
Related: #1211835
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index be16fab..5694f84 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -795,6 +795,8 @@ int main(int argc, char** argv)
unlink(core_basename);
}
+/* Because of #1211835 and #1126850 */
+#if 0
/* Save JVM crash log if it exists. (JVM's coredump per se
* is nearly useless for JVM developers)
*/
@@ -827,6 +829,7 @@ int main(int argc, char** argv)
close(src_fd);
}
}
+#endif
/* We close dumpdir before we start catering for crash storm case.
* Otherwise, delete_dump_dir's from other concurrent
--
1.8.3.1

31
0091-ccpp-do-not-read-data-from-root-directories.patch Normal file
View file

@ -0,0 +1,31 @@
From 4f2c1ddd3e3b81d2d5146b883115371f1cada9f9 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 15 Apr 2015 12:14:52 +0200
Subject: [ABRT PATCH] ccpp: do not read data from root directories
Users are allowed to modify /proc/[pid]/root to any directory by running
their own MOUNT namespace.
Related: #1211835
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 5694f84..0606519 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -678,7 +678,7 @@ int main(int argc, char** argv)
{
char *rootdir = get_rootdir(pid);
- dd_create_basic_files(dd, fsuid, (rootdir && strcmp(rootdir, "/") != 0) ? rootdir : NULL);
+ dd_create_basic_files(dd, fsuid, NULL);
char source_filename[sizeof("/proc/%lu/somewhat_long_name") + sizeof(long)*3];
int source_base_ofs = sprintf(source_filename, "/proc/%lu/smaps", (long)pid);
--
1.8.3.1

30
0092-ccpp-open-file-for-dump_fd_info-with-O_EXCL.patch Normal file
View file

@ -0,0 +1,30 @@
From d6e2f6f128cef4c21cb80941ae674c9842681aa7 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 15 Apr 2015 14:01:37 +0200
Subject: [ABRT PATCH] ccpp: open file for dump_fd_info with O_EXCL
To avoid possible races.
Related: #1211835
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 0606519..ece1ece 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -399,7 +399,7 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
static bool dump_fd_info(const char *dest_filename, char *source_filename, int source_base_ofs, uid_t uid, gid_t gid)
{
- FILE *fp = fopen(dest_filename, "w");
+ FILE *fp = fopen(dest_filename, "wx");
if (!fp)
return false;
--
1.8.3.1

53
0093-ccpp-postpone-changing-ownership-of-new-dump-directo.patch Normal file
View file

@ -0,0 +1,53 @@
From a4794b39efc62c9ba92b38b419de3babbbcd8cfb Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 15 Apr 2015 15:27:09 +0200
Subject: [ABRT PATCH] ccpp: postpone changing ownership of new dump
directories
Florian Weimer <fweimer@redhat.com>:
Currently, dd_create changes ownership of the directory immediately,
when it is still empty. This means that any operations within the
directory (which happen as the root user) can race with changes to
the directory contents by the user. If you delay changing directory
ownership until all the files have created and written, this is no
longer a problem.
Related: #1211835
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index ece1ece..7e05aa6 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -672,8 +672,12 @@ int main(int argc, char** argv)
/* use fsuid instead of uid, so we don't expose any sensitive
* information of suided app in /var/tmp/abrt
+ *
+ * dd_create_skeleton() creates a new directory and leaves ownership to
+ * the current user, hence, we have to call dd_reset_ownership() after the
+ * directory is populated.
*/
- dd = dd_create(path, fsuid, DEFAULT_DUMP_DIR_MODE);
+ dd = dd_create_skeleton(path, fsuid, DEFAULT_DUMP_DIR_MODE);
if (dd)
{
char *rootdir = get_rootdir(pid);
@@ -831,6 +835,9 @@ int main(int argc, char** argv)
}
#endif
+ /* And finally set the right uid and gid */
+ dd_reset_ownership(dd);
+
/* We close dumpdir before we start catering for crash storm case.
* Otherwise, delete_dump_dir's from other concurrent
* CCpp's won't be able to delete our dump (their delete_dump_dir
--
1.8.3.1

31
0094-ccpp-create-dump-directory-without-parents.patch Normal file
View file

@ -0,0 +1,31 @@
From 2f948bdc09aa346616852a421ce1af2e03b39997 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 15 Apr 2015 17:42:59 +0200
Subject: [ABRT PATCH] ccpp: create dump directory without parents
This patch makes the code more robust.
This patch ensures that abrt-hook-ccpp never creates the dump location.
Related: #1211835
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 7e05aa6..85e0d35 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -677,7 +677,7 @@ int main(int argc, char** argv)
* the current user, hence, we have to call dd_reset_ownership() after the
* directory is populated.
*/
- dd = dd_create_skeleton(path, fsuid, DEFAULT_DUMP_DIR_MODE);
+ dd = dd_create_skeleton(path, fsuid, DEFAULT_DUMP_DIR_MODE, /*no flags*/0);
if (dd)
{
char *rootdir = get_rootdir(pid);
--
1.8.3.1

82
0095-ccpp-do-not-override-existing-files-by-compat-cores.patch Normal file
View file

@ -0,0 +1,82 @@
From af945ff58a698ce00c45059a05994ef53a13e192 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 17 Apr 2015 14:36:45 +0200
Subject: [ABRT PATCH] ccpp: do not override existing files by compat cores
Implement all checks used in kernel's do_coredump() and require
non-relative path if suid_dumpable is 2.
Related: #1212818
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 85e0d35..82ff555 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -24,6 +24,8 @@
#define DUMP_SUID_UNSAFE 1
#define DUMP_SUID_SAFE 2
+static int g_user_core_flags;
+static int g_need_nonrelative;
/* I want to use -Werror, but gcc-4.4 throws a curveball:
* "warning: ignoring return value of 'ftruncate', declared with attribute warn_unused_result"
@@ -337,7 +339,14 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
full_core_basename = core_basename;
if (core_basename[0] != '/')
+ {
+ if (g_need_nonrelative)
+ {
+ error_msg("Current suid_dumpable policy prevents from saving core dumps according to relative core_pattern");
+ return -1;
+ }
core_basename = concat_path_file(user_pwd, core_basename);
+ }
/* Open (create) compat core file.
* man core:
@@ -372,19 +381,19 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
struct stat sb;
errno = 0;
/* Do not O_TRUNC: if later checks fail, we do not want to have file already modified here */
- int user_core_fd = open(core_basename, O_WRONLY | O_CREAT | O_NOFOLLOW, 0600); /* kernel makes 0600 too */
+ int user_core_fd = open(core_basename, O_WRONLY | O_CREAT | O_NOFOLLOW | g_user_core_flags, 0600); /* kernel makes 0600 too */
xsetegid(0);
xseteuid(0);
if (user_core_fd < 0
|| fstat(user_core_fd, &sb) != 0
|| !S_ISREG(sb.st_mode)
|| sb.st_nlink != 1
- /* kernel internal dumper checks this too: if (inode->i_uid != current->fsuid) <fail>, need to mimic? */
+ || sb.st_uid != fsuid
) {
if (user_core_fd < 0)
perror_msg("Can't open '%s'", full_core_basename);
else
- perror_msg("'%s' is not a regular file with link count 1", full_core_basename);
+ perror_msg("'%s' is not a regular file with link count 1 owned by UID(%d)", full_core_basename, fsuid);
return -1;
}
if (ftruncate(user_core_fd, 0) != 0) {
@@ -578,8 +587,11 @@ int main(int argc, char** argv)
/* use root for suided apps unless it's explicitly set to UNSAFE */
fsuid = 0;
if (suid_policy == DUMP_SUID_UNSAFE)
- {
fsuid = tmp_fsuid;
+ else
+ {
+ g_user_core_flags = O_EXCL;
+ g_need_nonrelative = 1;
}
}
--
1.8.3.1

218
0096-ccpp-do-not-use-value-of-proc-PID-cwd-for-chdir.patch Normal file
View file

@ -0,0 +1,218 @@
From 806bb07571b698d90169c3b73cb65cd09c900284 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 17 Apr 2015 14:40:20 +0200
Subject: [ABRT PATCH] ccpp: do not use value of /proc/PID/cwd for chdir
Avoid symlink resolutions.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 85 +++++++++++++++++++++++-----------------------
1 file changed, 42 insertions(+), 43 deletions(-)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 82ff555..d600bb7 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -144,6 +144,7 @@ static off_t copyfd_sparse(int src_fd, int dst_fd1, int dst_fd2, off_t size2)
/* Global data */
static char *user_pwd;
+static DIR *proc_cwd;
static char *proc_pid_status;
static struct dump_dir *dd;
static int user_core_fd = -1;
@@ -163,13 +164,6 @@ static int user_core_fd = -1;
*/
static const char percent_specifiers[] = "%scpugteh";
static char *core_basename = (char*) "core";
-/*
- * Used for error messages only.
- * It is either the same as core_basename if it is absolute,
- * or $PWD/core_basename.
- */
-static char *full_core_basename;
-
static char* get_executable(pid_t pid, int *fd_p)
{
@@ -198,6 +192,18 @@ static char* get_executable(pid_t pid, int *fd_p)
return executable;
}
+static DIR *open_cwd(pid_t pid)
+{
+ char buf[sizeof("/proc/%lu/cwd") + sizeof(long)*3];
+ sprintf(buf, "/proc/%lu/cwd", (long)pid);
+
+ DIR *cwd = opendir(buf);
+ if (cwd == NULL)
+ perror_msg("Can't open process's CWD for CompatCore");
+
+ return cwd;
+}
+
static char* get_cwd(pid_t pid)
{
char buf[sizeof("/proc/%lu/cwd") + sizeof(long)*3];
@@ -268,13 +274,9 @@ static int dump_suid_policy()
static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_values)
{
- errno = 0;
- if (user_pwd == NULL
- || chdir(user_pwd) != 0
- ) {
- perror_msg("Can't cd to '%s'", user_pwd);
+ proc_cwd = open_cwd(pid);
+ if (proc_cwd == NULL)
return -1;
- }
struct passwd* pw = getpwuid(uid);
gid_t gid = pw ? pw->pw_gid : uid;
@@ -337,15 +339,10 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
}
}
- full_core_basename = core_basename;
- if (core_basename[0] != '/')
+ if (g_need_nonrelative && core_basename[0] != '/')
{
- if (g_need_nonrelative)
- {
- error_msg("Current suid_dumpable policy prevents from saving core dumps according to relative core_pattern");
- return -1;
- }
- core_basename = concat_path_file(user_pwd, core_basename);
+ error_msg("Current suid_dumpable policy prevents from saving core dumps according to relative core_pattern");
+ return -1;
}
/* Open (create) compat core file.
@@ -381,7 +378,7 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
struct stat sb;
errno = 0;
/* Do not O_TRUNC: if later checks fail, we do not want to have file already modified here */
- int user_core_fd = open(core_basename, O_WRONLY | O_CREAT | O_NOFOLLOW | g_user_core_flags, 0600); /* kernel makes 0600 too */
+ int user_core_fd = openat(dirfd(proc_cwd), core_basename, O_WRONLY | O_CREAT | O_NOFOLLOW | g_user_core_flags, 0600); /* kernel makes 0600 too */
xsetegid(0);
xseteuid(0);
if (user_core_fd < 0
@@ -391,15 +388,15 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
|| sb.st_uid != fsuid
) {
if (user_core_fd < 0)
- perror_msg("Can't open '%s'", full_core_basename);
+ perror_msg("Can't open '%s' at '%s'", core_basename, user_pwd);
else
- perror_msg("'%s' is not a regular file with link count 1 owned by UID(%d)", full_core_basename, fsuid);
+ perror_msg("'%s' at '%s' is not a regular file with link count 1 owned by UID(%d)", core_basename, user_pwd, fsuid);
return -1;
}
if (ftruncate(user_core_fd, 0) != 0) {
/* perror first, otherwise unlink may trash errno */
- perror_msg("Can't truncate '%s' to size 0", full_core_basename);
- unlink(core_basename);
+ perror_msg("Can't truncate '%s' at '%s' to size 0", core_basename, user_pwd);
+ unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
return -1;
}
@@ -466,10 +463,8 @@ static int create_or_die(const char *filename)
if (dd)
dd_delete(dd);
if (user_core_fd >= 0)
- {
- xchdir(user_pwd);
- unlink(core_basename);
- }
+ unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
+
errno = sv_errno;
perror_msg_and_die("Can't open '%s'", filename);
}
@@ -573,7 +568,7 @@ int main(int argc, char** argv)
(long)pid, executable);
}
- user_pwd = get_cwd(pid); /* may be NULL on error */
+ user_pwd = get_cwd(pid);
log_notice("user_pwd:'%s'", user_pwd);
sprintf(path, "/proc/%lu/status", (long)pid);
@@ -672,6 +667,8 @@ int main(int argc, char** argv)
error_msg_and_die("Error saving '%s'", path);
}
log("Saved core dump of pid %lu (%s) to %s (%llu bytes)", (long)pid, executable, path, (long long)core_size);
+ if (proc_cwd != NULL)
+ closedir(proc_cwd);
return 0;
}
@@ -791,10 +788,7 @@ int main(int argc, char** argv)
unlink(path);
dd_delete(dd);
if (user_core_fd >= 0)
- {
- xchdir(user_pwd);
- unlink(core_basename);
- }
+ unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
/* copyfd_sparse logs the error including errno string,
* but it does not log file name */
error_msg_and_die("Error writing '%s'", path);
@@ -807,8 +801,7 @@ int main(int argc, char** argv)
)
) {
/* nuke it (silently) */
- xchdir(user_pwd);
- unlink(core_basename);
+ unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
}
/* Because of #1211835 and #1126850 */
@@ -879,6 +872,8 @@ int main(int argc, char** argv)
}
free(rootdir);
+ if (proc_cwd != NULL)
+ closedir(proc_cwd);
return 0;
}
@@ -890,19 +885,23 @@ int main(int argc, char** argv)
if (fsync(user_core_fd) != 0 || close(user_core_fd) != 0 || core_size < 0)
{
/* perror first, otherwise unlink may trash errno */
- perror_msg("Error writing '%s'", full_core_basename);
- xchdir(user_pwd);
- unlink(core_basename);
+ perror_msg("Error writing '%s' at '%s'", core_basename, user_pwd);
+ unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
+ if (proc_cwd != NULL)
+ closedir(proc_cwd);
return 1;
}
if (ulimit_c == 0 || core_size > ulimit_c)
{
- xchdir(user_pwd);
- unlink(core_basename);
+ unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
+ if (proc_cwd != NULL)
+ closedir(proc_cwd);
return 1;
}
- log("Saved core dump of pid %lu to %s (%llu bytes)", (long)pid, full_core_basename, (long long)core_size);
+ log("Saved core dump of pid %lu to %s at %s (%llu bytes)", (long)pid, core_basename, user_pwd, (long long)core_size);
}
+ if (proc_cwd != NULL)
+ closedir(proc_cwd);
return 0;
}
--
1.8.3.1

91
0097-ccpp-harden-dealing-with-UID-GID.patch Normal file
View file

@ -0,0 +1,91 @@
From b72616471ec52a009904689592f4f69e730a6f56 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 17 Apr 2015 14:42:13 +0200
Subject: [ABRT PATCH] ccpp: harden dealing with UID/GID
* Don't fall back to UID 0.
* Use fsgid.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 39 ++++++++++++++++++++++++++-------------
1 file changed, 26 insertions(+), 13 deletions(-)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index d600bb7..d9f1f5e 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -218,23 +218,27 @@ static char* get_rootdir(pid_t pid)
return malloc_readlink(buf);
}
-static int get_fsuid(void)
+static int get_proc_fs_id(char type)
{
- int real, euid, saved;
- /* if we fail to parse the uid, then make it root only readable to be safe */
- int fs_uid = 0;
+ const char *scanf_format = "%*cid:\t%d\t%d\t%d\t%d\n";
+ char id_type[] = "_id";
+ id_type[0] = type;
+
+ int real, e_id, saved;
+ int fs_id = 0;
char *line = proc_pid_status; /* never NULL */
for (;;)
{
- if (strncmp(line, "Uid", 3) == 0)
+ if (strncmp(line, id_type, 3) == 0)
{
- int n = sscanf(line, "Uid:\t%d\t%d\t%d\t%d\n", &real, &euid, &saved, &fs_uid);
+ int n = sscanf(line, scanf_format, &real, &e_id, &saved, &fs_id);
if (n != 4)
{
- perror_msg_and_die("Can't parse Uid: line");
+ perror_msg_and_die("Can't parse %cid: line", type);
}
- break;
+
+ return fs_id;
}
line = strchr(line, '\n');
if (!line)
@@ -242,7 +246,17 @@ static int get_fsuid(void)
line++;
}
- return fs_uid;
+ perror_msg_and_die("Failed to get file system %cID of the crashed process", type);
+}
+
+static int get_fsuid(void)
+{
+ return get_proc_fs_id(/*UID*/'U');
+}
+
+static int get_fsgid(void)
+{
+ return get_proc_fs_id(/*GID*/'G');
}
static int dump_suid_policy()
@@ -278,10 +292,9 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
if (proc_cwd == NULL)
return -1;
- struct passwd* pw = getpwuid(uid);
- gid_t gid = pw ? pw->pw_gid : uid;
- //log("setting uid: %i gid: %i", uid, gid);
- xsetegid(gid);
+ errno = 0;
+
+ xsetegid(get_fsgid());
xseteuid(fsuid);
if (strcmp(core_basename, "core") == 0)
--
1.8.3.1

30
0098-ccpp-check-for-overflow-in-abrt-coredump-path-creati.patch Normal file
View file

@ -0,0 +1,30 @@
From 28ce40d8db91c1926a95f21ef19a980a8af88471 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 17 Apr 2015 14:43:59 +0200
Subject: [ABRT PATCH] ccpp: check for overflow in abrt coredump path creation
This issue was discovered by Florian Weimer of Red Hat Product Security.
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index d9f1f5e..81f9349 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -669,7 +669,9 @@ int main(int argc, char** argv)
* and maybe crash again...
* Unlike dirs, mere files are ignored by abrtd.
*/
- snprintf(path, sizeof(path), "%s/%s-coredump", g_settings_dump_location, last_slash);
+ if (snprintf(path, sizeof(path), "%s/%s-coredump", g_settings_dump_location, last_slash) >= sizeof(path))
+ error_msg_and_die("Error saving '%s': truncated long file path", path);
+
int abrt_core_fd = xopen3(path, O_WRONLY | O_CREAT | O_TRUNC, 0600);
off_t core_size = copyfd_eof(STDIN_FILENO, abrt_core_fd, COPYFD_SPARSE);
if (core_size < 0 || fsync(abrt_core_fd) != 0)
--
1.8.3.1

188
0099-ccpp-emulate-selinux-for-creation-of-compat-cores.patch Normal file
View file

@ -0,0 +1,188 @@
From 2f0a18b499b9b0e1afbdab8a8bb31d38f2acc6d8 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 17 Apr 2015 16:06:33 +0200
Subject: [ABRT PATCH] ccpp: emulate selinux for creation of compat cores
This issue was discovered by Florian Weimer of Red Hat Product Security.
http://article.gmane.org/gmane.comp.security.selinux/21842
v2: use the _raw interface and do the preparation steps as root
v3: don't fail if SELinux is disabled
https://github.com/abrt/abrt/commit/c4f06d4198658c82550e93bb2617b96022c06cf4#commitcomment-11021276
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
configure.ac | 1 +
src/hooks/Makefile.am | 4 ++-
src/hooks/abrt-hook-ccpp.c | 85 ++++++++++++++++++++++++++++++++++++++++++++--
3 files changed, 86 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 9ff616d..6c6d2e8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -106,6 +106,7 @@ PKG_CHECK_MODULES([LIBREPORT_GTK], [libreport-gtk])
PKG_CHECK_MODULES([POLKIT], [polkit-gobject-1])
PKG_CHECK_MODULES([GIO], [gio-2.0])
PKG_CHECK_MODULES([SATYR], [satyr])
+PKG_CHECK_MODULES([LIBSELINUX], [libselinux])
PKG_PROG_PKG_CONFIG
AC_ARG_WITH([systemdsystemunitdir],
diff --git a/src/hooks/Makefile.am b/src/hooks/Makefile.am
index e536089..9a527f4 100644
--- a/src/hooks/Makefile.am
+++ b/src/hooks/Makefile.am
@@ -33,10 +33,12 @@ abrt_hook_ccpp_CPPFLAGS = \
-DDEFAULT_DUMP_DIR_MODE=$(DEFAULT_DUMP_DIR_MODE) \
$(GLIB_CFLAGS) \
$(LIBREPORT_CFLAGS) \
+ $(LIBSELINUX_CFLAGS) \
-D_GNU_SOURCE
abrt_hook_ccpp_LDADD = \
../lib/libabrt.la \
- $(LIBREPORT_LIBS)
+ $(LIBREPORT_LIBS) \
+ $(LIBSELINUX_LIBS)
# abrt-merge-pstoreoops
abrt_merge_pstoreoops_SOURCES = \
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 81f9349..00ae621 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -20,6 +20,7 @@
*/
#include <sys/utsname.h>
#include "libabrt.h"
+#include <selinux/selinux.h>
#define DUMP_SUID_UNSAFE 1
#define DUMP_SUID_SAFE 2
@@ -286,6 +287,54 @@ static int dump_suid_policy()
return suid_dump_policy;
}
+/* Computes a security context of new file created by the given process with
+ * pid in the given directory represented by file descriptor.
+ *
+ * On errors returns negative number. Returns 0 if the function succeeds and
+ * computes the context and returns positive number and assigns NULL to newcon
+ * if the security context is not needed (SELinux disabled).
+ */
+static int compute_selinux_con_for_new_file(pid_t pid, int dir_fd, security_context_t *newcon)
+{
+ security_context_t srccon;
+ security_context_t dstcon;
+
+ const int r = is_selinux_enabled();
+ if (r == 0)
+ {
+ *newcon = NULL;
+ return 1;
+ }
+ else if (r == -1)
+ {
+ perror_msg("Couldn't get state of SELinux");
+ return -1;
+ }
+ else if (r != 1)
+ error_msg_and_die("Unexpected SELinux return value: %d", r);
+
+
+ if (getpidcon_raw(pid, &srccon) < 0)
+ {
+ perror_msg("getpidcon_raw(%d)", pid);
+ return -1;
+ }
+
+ if (fgetfilecon_raw(dir_fd, &dstcon) < 0)
+ {
+ perror_msg("getfilecon_raw(%s)", user_pwd);
+ return -1;
+ }
+
+ if (security_compute_create_raw(srccon, dstcon, string_to_security_class("file"), newcon) < 0)
+ {
+ perror_msg("security_compute_create_raw(%s, %s, 'file')", srccon, dstcon);
+ return -1;
+ }
+
+ return 0;
+}
+
static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_values)
{
proc_cwd = open_cwd(pid);
@@ -294,6 +343,14 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
errno = 0;
+ /* http://article.gmane.org/gmane.comp.security.selinux/21842 */
+ security_context_t newcon;
+ if (compute_selinux_con_for_new_file(pid, dirfd(proc_cwd), &newcon) < 0)
+ {
+ log_notice("Not going to create a user core due to SELinux errors");
+ return -1;
+ }
+
xsetegid(get_fsgid());
xseteuid(fsuid);
@@ -388,10 +445,25 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
* (However, see the description of the prctl(2) PR_SET_DUMPABLE operation,
* and the description of the /proc/sys/fs/suid_dumpable file in proc(5).)
*/
+
+ /* Set SELinux context like kernel when creating core dump file */
+ if (newcon != NULL && setfscreatecon_raw(newcon) < 0)
+ {
+ perror_msg("setfscreatecon_raw(%s)", newcon);
+ return -1;
+ }
+
struct stat sb;
errno = 0;
/* Do not O_TRUNC: if later checks fail, we do not want to have file already modified here */
int user_core_fd = openat(dirfd(proc_cwd), core_basename, O_WRONLY | O_CREAT | O_NOFOLLOW | g_user_core_flags, 0600); /* kernel makes 0600 too */
+
+ if (newcon != NULL && setfscreatecon_raw(NULL) < 0)
+ {
+ error_msg("setfscreatecon_raw(NULL)");
+ goto user_core_fail;
+ }
+
xsetegid(0);
xseteuid(0);
if (user_core_fd < 0
@@ -404,16 +476,23 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
perror_msg("Can't open '%s' at '%s'", core_basename, user_pwd);
else
perror_msg("'%s' at '%s' is not a regular file with link count 1 owned by UID(%d)", core_basename, user_pwd, fsuid);
- return -1;
+ goto user_core_fail;
}
if (ftruncate(user_core_fd, 0) != 0) {
/* perror first, otherwise unlink may trash errno */
perror_msg("Can't truncate '%s' at '%s' to size 0", core_basename, user_pwd);
- unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
- return -1;
+ goto user_core_fail;
}
return user_core_fd;
+
+user_core_fail:
+ if (user_core_fd >= 0)
+ {
+ close(user_core_fd);
+ unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
+ }
+ return -1;
}
static bool dump_fd_info(const char *dest_filename, char *source_filename, int source_base_ofs, uid_t uid, gid_t gid)
--
1.8.3.1

233
0100-make-the-dump-directories-owned-by-root-by-default.patch Normal file
View file

@ -0,0 +1,233 @@
From 8939398b82006ba1fec4ed491339fc075f43fc7c Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 20 Apr 2015 07:56:34 +0200
Subject: [ABRT PATCH] make the dump directories owned by root by default
It was discovered that the abrt event scripts create a user-readable
copy of a sosreport file in abrt problem directories, and include
excerpts of /var/log/messages selected by the user-controlled process
name, leading to an information disclosure.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Related: #1212868
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt-server.c | 34 ++++++++++++++++++++++++++++++++--
src/daemon/abrt.conf | 5 +++++
src/hooks/abrt-hook-ccpp.c | 10 +++++++---
src/include/libabrt.h | 2 ++
src/lib/abrt_conf.c | 8 ++++++++
src/lib/hooklib.c | 7 ++++++-
src/plugins/abrt-dump-oops.c | 8 ++++++++
src/plugins/abrt-dump-xorg.c | 8 ++++++++
8 files changed, 76 insertions(+), 6 deletions(-)
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
index 307b41b..5789075 100644
--- a/src/daemon/abrt-server.c
+++ b/src/daemon/abrt-server.c
@@ -15,6 +15,7 @@
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+#include "problem_api.h"
#include "libabrt.h"
/* Maximal length of backtrace. */
@@ -153,7 +154,36 @@ static int run_post_create(const char *dirname)
error_msg("Bad problem directory name '%s', should start with: '%s'", dirname, g_settings_dump_location);
return 400; /* Bad Request */
}
- if (!dump_dir_accessible_by_uid(dirname, client_uid))
+ if (g_settings_privatereports)
+ {
+ struct stat statbuf;
+ if (lstat(dirname, &statbuf) != 0 || !S_ISDIR(statbuf.st_mode))
+ {
+ error_msg("Path '%s' isn't directory", dirname);
+ return 404; /* Not Found */
+ }
+ /* Get ABRT's group gid */
+ struct group *gr = getgrnam("abrt");
+ if (!gr)
+ {
+ error_msg("Group 'abrt' does not exist");
+ return 500;
+ }
+ if (statbuf.st_uid != 0 || !(statbuf.st_gid == 0 || statbuf.st_gid == gr->gr_gid) || statbuf.st_mode & 07)
+ {
+ error_msg("Problem directory '%s' isn't owned by root:abrt or others are not restricted from access", dirname);
+ return 403;
+ }
+ struct dump_dir *dd = dd_opendir(dirname, DD_OPEN_READONLY);
+ const bool complete = dd && problem_dump_dir_is_complete(dd);
+ dd_close(dd);
+ if (complete)
+ {
+ error_msg("Problem directory '%s' has already been processed", dirname);
+ return 403;
+ }
+ }
+ else if (!dump_dir_accessible_by_uid(dirname, client_uid))
{
if (errno == ENOTDIR)
{
@@ -377,7 +407,7 @@ static int create_problem_dir(GHashTable *problem_info, unsigned pid)
/* No need to check the path length, as all variables used are limited,
* and dd_create() fails if the path is too long.
*/
- struct dump_dir *dd = dd_create(path, client_uid, DEFAULT_DUMP_DIR_MODE);
+ struct dump_dir *dd = dd_create(path, g_settings_privatereports ? 0 : client_uid, DEFAULT_DUMP_DIR_MODE);
if (!dd)
{
error_msg_and_die("Error creating problem directory '%s'", path);
diff --git a/src/daemon/abrt.conf b/src/daemon/abrt.conf
index 59d1831..6c0d6b0 100644
--- a/src/daemon/abrt.conf
+++ b/src/daemon/abrt.conf
@@ -43,3 +43,8 @@ AutoreportingEnabled = no
# session; otherwise No.
#
# ShortenedReporting = yes
+
+# Disable this if you want to regular users to own the problem data colleted by
+# abrt.
+#
+PrivateReports = yes
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 00ae621..3a6d002 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -682,6 +682,9 @@ int main(int argc, char** argv)
}
}
+ /* If PrivateReports is on, root owns all problem directories */
+ const uid_t dduid = g_settings_privatereports ? 0 : fsuid;
+
/* Open a fd to compat coredump, if requested and is possible */
if (setting_MakeCompatCore && ulimit_c != 0)
/* note: checks "user_pwd == NULL" inside; updates core_basename */
@@ -773,18 +776,19 @@ int main(int argc, char** argv)
goto create_user_core;
}
- /* use fsuid instead of uid, so we don't expose any sensitive
- * information of suided app in /var/tmp/abrt
+ /* use dduid (either fsuid or 0) instead of uid, so we don't expose any
+ * sensitive information of suided app in /var/tmp/abrt
*
* dd_create_skeleton() creates a new directory and leaves ownership to
* the current user, hence, we have to call dd_reset_ownership() after the
* directory is populated.
*/
- dd = dd_create_skeleton(path, fsuid, DEFAULT_DUMP_DIR_MODE, /*no flags*/0);
+ dd = dd_create_skeleton(path, dduid, DEFAULT_DUMP_DIR_MODE, /*no flags*/0);
if (dd)
{
char *rootdir = get_rootdir(pid);
+ /* This function uses fsuid only for its value. The function stores fsuid in a file name 'uid'*/
dd_create_basic_files(dd, fsuid, NULL);
char source_filename[sizeof("/proc/%lu/somewhat_long_name") + sizeof(long)*3];
diff --git a/src/include/libabrt.h b/src/include/libabrt.h
index 85a5a5c..0320c5b 100644
--- a/src/include/libabrt.h
+++ b/src/include/libabrt.h
@@ -62,6 +62,8 @@ extern bool g_settings_autoreporting;
extern char * g_settings_autoreporting_event;
#define g_settings_shortenedreporting abrt_g_settings_shortenedreporting
extern bool g_settings_shortenedreporting;
+#define g_settings_privatereports abrt_g_settings_privatereports
+extern bool g_settings_privatereports;
#define load_abrt_conf abrt_load_abrt_conf
diff --git a/src/lib/abrt_conf.c b/src/lib/abrt_conf.c
index 5eb69e2..c6aba58 100644
--- a/src/lib/abrt_conf.c
+++ b/src/lib/abrt_conf.c
@@ -27,6 +27,7 @@ bool g_settings_delete_uploaded = 0;
bool g_settings_autoreporting = 0;
char * g_settings_autoreporting_event = NULL;
bool g_settings_shortenedreporting = 0;
+bool g_settings_privatereports = true;
void free_abrt_conf_data()
{
@@ -102,6 +103,13 @@ static void ParseCommon(map_string_t *settings, const char *conf_filename)
else
g_settings_shortenedreporting = 0;
+ value = get_map_string_item_or_NULL(settings, "PrivateReports");
+ if (value)
+ {
+ g_settings_privatereports = string_to_bool(value);
+ remove_map_string_item(settings, "PrivateReports");
+ }
+
GHashTableIter iter;
const char *name;
/*char *value; - already declared */
diff --git a/src/lib/hooklib.c b/src/lib/hooklib.c
index 1d45cdd..fb7750d 100644
--- a/src/lib/hooklib.c
+++ b/src/lib/hooklib.c
@@ -410,7 +410,12 @@ char* problem_data_save(problem_data_t *pd)
{
load_abrt_conf();
- struct dump_dir *dd = create_dump_dir_from_problem_data(pd, g_settings_dump_location);
+ struct dump_dir *dd = NULL;
+
+ if (g_settings_privatereports)
+ dd = create_dump_dir_from_problem_data_ext(pd, g_settings_dump_location, 0);
+ else
+ dd = create_dump_dir_from_problem_data(pd, g_settings_dump_location);
char *problem_id = NULL;
if (dd)
diff --git a/src/plugins/abrt-dump-oops.c b/src/plugins/abrt-dump-oops.c
index 9f0dc87..05cb728 100644
--- a/src/plugins/abrt-dump-oops.c
+++ b/src/plugins/abrt-dump-oops.c
@@ -189,6 +189,14 @@ static unsigned create_oops_dump_dirs(GList *oops_list, unsigned oops_cnt)
mode = DEFAULT_DUMP_DIR_MODE;
my_euid = geteuid();
}
+ if (g_settings_privatereports)
+ {
+ if (world_readable_dump)
+ log("Not going to make dump directories world readable because PrivateReports is on");
+
+ mode = DEFAULT_DUMP_DIR_MODE;
+ my_euid = 0;
+ }
pid_t my_pid = getpid();
unsigned idx = 0;
diff --git a/src/plugins/abrt-dump-xorg.c b/src/plugins/abrt-dump-xorg.c
index 3500629..434dc76 100644
--- a/src/plugins/abrt-dump-xorg.c
+++ b/src/plugins/abrt-dump-xorg.c
@@ -82,6 +82,14 @@ static void save_bt_to_dump_dir(const char *bt, const char *exe, const char *rea
mode = DEFAULT_DUMP_DIR_MODE;
my_euid = geteuid();
}
+ if (g_settings_privatereports)
+ {
+ if ((g_opts & OPT_x))
+ log("Not going to make dump directories world readable because PrivateReports is on");
+
+ mode = DEFAULT_DUMP_DIR_MODE;
+ my_euid = 0;
+ }
pid_t my_pid = getpid();
--
1.8.3.1

47
0101-configure-move-the-default-dump-location-to-var-spoo.patch Normal file
View file

@ -0,0 +1,47 @@
From 7d023c32a565e83306cddf34c894477b7aaf33d1 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 20 Apr 2015 08:06:09 +0200
Subject: [ABRT PATCH] configure: move the default dump location to /var/spool
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
configure.ac | 4 ++--
src/daemon/abrt.conf | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 6c6d2e8..d95fc4a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -146,8 +146,8 @@ PROBLEMS_CONFIG_INTERFACES_DIR=${dbusinterfacedir}
AC_ARG_WITH([defaultdumplocation],
AS_HELP_STRING([--with-defaultdumplocation=DIR],
- [Default dump location ('LOCALSTATEDIR/tmp/abrt')]),
- [], [with_defaultdumplocation=${localstatedir}/tmp/abrt])
+ [Default dump location ('LOCALSTATEDIR/spool/abrt')]),
+ [], [with_defaultdumplocation=${localstatedir}/spool/abrt])
AC_SUBST([DEFAULT_DUMP_LOCATION], [$with_defaultdumplocation])
AC_ARG_WITH(augeaslenslibdir,
diff --git a/src/daemon/abrt.conf b/src/daemon/abrt.conf
index 6c0d6b0..171ee4c 100644
--- a/src/daemon/abrt.conf
+++ b/src/daemon/abrt.conf
@@ -10,11 +10,11 @@
MaxCrashReportsSize = 1000
# Specify where you want to store coredumps and all files which are needed for
-# reporting. (default:/var/tmp/abrt)
+# reporting. (default:/var/spool/abrt)
#
# Changing dump location could cause problems with SELinux. See man abrt_selinux(8).
#
-#DumpLocation = /var/tmp/abrt
+#DumpLocation = /var/spool/abrt
# If you want to automatically clean the upload directory you have to tweak the
# selinux policy.
--
1.8.3.1

28
0103-ccpp-avoid-overriding-system-files-by-coredump.patch Normal file
View file

@ -0,0 +1,28 @@
From cdb4c5b0855d910132e61d71afbd445b0271fcb4 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Tue, 21 Apr 2015 07:54:17 +0200
Subject: [ABRT PATCH] ccpp: avoid overriding system files by coredump
Related: #1211835
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 3a6d002..02f15d5 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -544,7 +544,7 @@ static bool dump_fd_info(const char *dest_filename, char *source_filename, int s
/* Like xopen, but on error, unlocks and deletes dd and user core */
static int create_or_die(const char *filename)
{
- int fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, DEFAULT_DUMP_DIR_MODE);
+ int fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL, DEFAULT_DUMP_DIR_MODE);
if (fd >= 0)
{
IGNORE_RESULT(fchown(fd, dd->dd_uid, dd->dd_gid));
--
1.8.3.1

54
0105-daemon-use-libreport-s-function-checking-file-name.patch Normal file
View file

@ -0,0 +1,54 @@
From c796c76341ee846cfb897ed645bac211d7d0a932 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 23 Apr 2015 13:12:01 +0200
Subject: [ABRT PATCH] daemon: use libreport's function checking file name
Move the functions to libreport because we need the same functionality
there too.
Related: #1214451
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt-server.c | 18 +-----------------
1 file changed, 1 insertion(+), 17 deletions(-)
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
index 5789075..4d486d4 100644
--- a/src/daemon/abrt-server.c
+++ b/src/daemon/abrt-server.c
@@ -476,22 +476,6 @@ static int create_problem_dir(GHashTable *problem_info, unsigned pid)
exit(0);
}
-/* Checks if a string contains only printable characters. */
-static gboolean printable_str(const char *str)
-{
- do {
- if ((unsigned char)(*str) < ' ' || *str == 0x7f)
- return FALSE;
- str++;
- } while (*str);
- return TRUE;
-}
-
-static gboolean is_correct_filename(const char *value)
-{
- return printable_str(value) && !strchr(value, '/') && !strchr(value, '.');
-}
-
static gboolean key_value_ok(gchar *key, gchar *value)
{
char *i;
@@ -510,7 +494,7 @@ static gboolean key_value_ok(gchar *key, gchar *value)
|| strcmp(key, FILENAME_TYPE) == 0
)
{
- if (!is_correct_filename(value))
+ if (!str_is_correct_filename(value))
{
error_msg("Value of '%s' ('%s') is not a valid directory name",
key, value);
--
1.8.3.1

287
0106-lib-add-functions-validating-dump-dir.patch Normal file
View file

@ -0,0 +1,287 @@
From b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 23 Apr 2015 14:40:18 +0200
Subject: [ABRT PATCH] lib: add functions validating dump dir
Move the code from abrt-server to shared library and fix the condition
validating dump dir's path.
As of now, abrt is allowed to process only direct sub-directories of the
dump locations.
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt-server.c | 42 ++++++------------------
src/include/libabrt.h | 4 +++
src/lib/hooklib.c | 56 +++++++++++++++++++++++++++++++
tests/Makefile.am | 3 +-
tests/hooklib.at | 85 ++++++++++++++++++++++++++++++++++++++++++++++++
tests/testsuite.at | 1 +
6 files changed, 158 insertions(+), 33 deletions(-)
create mode 100644 tests/hooklib.at
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
index 4d486d4..1030461 100644
--- a/src/daemon/abrt-server.c
+++ b/src/daemon/abrt-server.c
@@ -76,20 +76,6 @@ static unsigned total_bytes_read = 0;
static uid_t client_uid = (uid_t)-1L;
-static bool dir_is_in_dump_location(const char *dump_dir_name)
-{
- unsigned len = strlen(g_settings_dump_location);
-
- if (strncmp(dump_dir_name, g_settings_dump_location, len) == 0
- && dump_dir_name[len] == '/'
- /* must not contain "/." anywhere (IOW: disallow ".." component) */
- && !strstr(dump_dir_name + len, "/.")
- ) {
- return 1;
- }
- return 0;
-}
-
/* Remove dump dir */
static int delete_path(const char *dump_dir_name)
{
@@ -100,6 +86,11 @@ static int delete_path(const char *dump_dir_name)
error_msg("Bad problem directory name '%s', should start with: '%s'", dump_dir_name, g_settings_dump_location);
return 400; /* Bad Request */
}
+ if (!dir_has_correct_permissions(dump_dir_name))
+ {
+ error_msg("Problem directory '%s' isn't owned by root:abrt or others are not restricted from access", dump_dir_name);
+ return 400; /* */
+ }
if (!dump_dir_accessible_by_uid(dump_dir_name, client_uid))
{
if (errno == ENOTDIR)
@@ -154,26 +145,13 @@ static int run_post_create(const char *dirname)
error_msg("Bad problem directory name '%s', should start with: '%s'", dirname, g_settings_dump_location);
return 400; /* Bad Request */
}
+ if (!dir_has_correct_permissions(dirname))
+ {
+ error_msg("Problem directory '%s' isn't owned by root:abrt or others are not restricted from access", dirname);
+ return 400; /* */
+ }
if (g_settings_privatereports)
{
- struct stat statbuf;
- if (lstat(dirname, &statbuf) != 0 || !S_ISDIR(statbuf.st_mode))
- {
- error_msg("Path '%s' isn't directory", dirname);
- return 404; /* Not Found */
- }
- /* Get ABRT's group gid */
- struct group *gr = getgrnam("abrt");
- if (!gr)
- {
- error_msg("Group 'abrt' does not exist");
- return 500;
- }
- if (statbuf.st_uid != 0 || !(statbuf.st_gid == 0 || statbuf.st_gid == gr->gr_gid) || statbuf.st_mode & 07)
- {
- error_msg("Problem directory '%s' isn't owned by root:abrt or others are not restricted from access", dirname);
- return 403;
- }
struct dump_dir *dd = dd_opendir(dirname, DD_OPEN_READONLY);
const bool complete = dd && problem_dump_dir_is_complete(dd);
dd_close(dd);
diff --git a/src/include/libabrt.h b/src/include/libabrt.h
index 0320c5b..5bf2397 100644
--- a/src/include/libabrt.h
+++ b/src/include/libabrt.h
@@ -47,6 +47,10 @@ char *run_unstrip_n(const char *dump_dir_name, unsigned timeout_sec);
#define get_backtrace abrt_get_backtrace
char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char *debuginfo_dirs);
+#define dir_is_in_dump_location abrt_dir_is_in_dump_location
+bool dir_is_in_dump_location(const char *dir_name);
+#define dir_has_correct_permissions abrt_dir_has_correct_permissions
+bool dir_has_correct_permissions(const char *dir_name);
#define g_settings_nMaxCrashReportsSize abrt_g_settings_nMaxCrashReportsSize
extern unsigned int g_settings_nMaxCrashReportsSize;
diff --git a/src/lib/hooklib.c b/src/lib/hooklib.c
index fb7750d..4b20025 100644
--- a/src/lib/hooklib.c
+++ b/src/lib/hooklib.c
@@ -427,3 +427,59 @@ char* problem_data_save(problem_data_t *pd)
log_info("problem id: '%s'", problem_id);
return problem_id;
}
+
+bool dir_is_in_dump_location(const char *dir_name)
+{
+ unsigned len = strlen(g_settings_dump_location);
+
+ /* The path must start with "g_settings_dump_location" */
+ if (strncmp(dir_name, g_settings_dump_location, len) != 0)
+ {
+ log_debug("Bad parent directory: '%s' not in '%s'", g_settings_dump_location, dir_name);
+ return false;
+ }
+
+ /* and must be a sub-directory of the g_settings_dump_location dir */
+ const char *base_name = dir_name + len;
+ while (*base_name && *base_name == '/')
+ ++base_name;
+
+ if (*(base_name - 1) != '/' || !str_is_correct_filename(base_name))
+ {
+ log_debug("Invalid dump directory name: '%s'", base_name);
+ return false;
+ }
+
+ /* and we are sure it is a directory */
+ struct stat sb;
+ if (lstat(dir_name, &sb) < 0)
+ {
+ VERB2 perror_msg("stat('%s')", dir_name);
+ return errno== ENOENT;
+ }
+
+ return S_ISDIR(sb.st_mode);
+}
+
+bool dir_has_correct_permissions(const char *dir_name)
+{
+ if (g_settings_privatereports)
+ {
+ struct stat statbuf;
+ if (lstat(dir_name, &statbuf) != 0 || !S_ISDIR(statbuf.st_mode))
+ {
+ error_msg("Path '%s' isn't directory", dir_name);
+ return false;
+ }
+ /* Get ABRT's group gid */
+ struct group *gr = getgrnam("abrt");
+ if (!gr)
+ {
+ error_msg("Group 'abrt' does not exist");
+ return false;
+ }
+ if (statbuf.st_uid != 0 || !(statbuf.st_gid == 0 || statbuf.st_gid == gr->gr_gid) || statbuf.st_mode & 07)
+ return false;
+ }
+ return true;
+}
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 5ef08a0..416f579 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -29,7 +29,8 @@ TESTSUITE_AT = \
testsuite.at \
pyhook.at \
koops-parser.at \
- ignored_problems.at
+ ignored_problems.at \
+ hooklib.at
EXTRA_DIST += $(TESTSUITE_AT)
TESTSUITE = $(srcdir)/testsuite
diff --git a/tests/hooklib.at b/tests/hooklib.at
new file mode 100644
index 0000000..70631c6
--- /dev/null
+++ b/tests/hooklib.at
@@ -0,0 +1,85 @@
+# -*- Autotest -*-
+
+AT_BANNER([hooklib])
+
+AT_TESTFUN([dir_is_in_dump_location],
+[[
+#include "libabrt.h"
+#include <assert.h>
+
+void test(char *name, bool expected)
+{
+ if (dir_is_in_dump_location(name) != expected)
+ {
+ fprintf(stderr, "Bad: %s", name);
+ abort();
+ }
+
+ free(name);
+}
+
+int main(void)
+{
+ g_verbose = 3;
+ load_abrt_conf();
+
+ g_verbose = 3;
+
+ char *name;
+
+ assert(dir_is_in_dump_location("/") == false);
+
+ asprintf(&name, "%s", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s..evil", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s/", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s///", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s/.", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s///.", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s/./", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s/.///", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s/..", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s///..", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s/../", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s/..///", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s/good/../../../evil", g_settings_dump_location);
+ test(name, false);
+
+ asprintf(&name, "%s/good..still", g_settings_dump_location);
+ test(name, true);
+
+ asprintf(&name, "%s/good.new", g_settings_dump_location);
+ test(name, true);
+
+ asprintf(&name, "%s/.meta", g_settings_dump_location);
+ test(name, true);
+
+ asprintf(&name, "%s/..data", g_settings_dump_location);
+ test(name, true);
+
+ return 0;
+}
+]])
diff --git a/tests/testsuite.at b/tests/testsuite.at
index b8f363d..765de2a 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -4,3 +4,4 @@
m4_include([koops-parser.at])
m4_include([pyhook.at])
m4_include([ignored_problems.at])
+m4_include([hooklib.at])
--
1.8.3.1

70
0107-dbus-process-only-valid-sub-directories-of-the-dump-.patch Normal file
View file

@ -0,0 +1,70 @@
From 6e811d78e2719988ae291181f5b133af32ce62d8 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 23 Apr 2015 14:46:27 +0200
Subject: [ABRT PATCH] dbus: process only valid sub-directories of the dump
location
Must have correct rights and must be a direct sub-directory of the dump
location.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Related: #1214451
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/dbus/abrt-dbus.c | 36 ++++++++++++++++++++++++++----------
1 file changed, 26 insertions(+), 10 deletions(-)
diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
index 308a9af..7400dff 100644
--- a/src/dbus/abrt-dbus.c
+++ b/src/dbus/abrt-dbus.c
@@ -132,18 +132,34 @@ static uid_t get_caller_uid(GDBusConnection *connection, GDBusMethodInvocation *
return caller_uid;
}
-static bool allowed_problem_dir(const char *dir_name)
+bool allowed_problem_dir(const char *dir_name)
{
-//HACK HACK HACK! Disabled for now until we fix clients (abrt-gui) to not pass /home/user/.cache/abrt/spool
+ if (!dir_is_in_dump_location(dir_name))
+ {
+ error_msg("Bad problem directory name '%s', should start with: '%s'", dir_name, g_settings_dump_location);
+ return false;
+ }
+
+ /* We cannot test correct permissions yet because we still need to chown
+ * dump directories before reporting and Chowing changes the file owner to
+ * the reporter, which causes this test to fail and prevents users from
+ * getting problem data after reporting it.
+ *
+ * Fortunately, libreport has been hardened against hard link and symbolic
+ * link attacks and refuses to work with such files, so this test isn't
+ * really necessary, however, we will use it once we get rid of the
+ * chowning files.
+ *
+ * abrt-server refuses to run post-create on directories that have
+ * incorrect owner (not "root:(abrt|root)"), incorrect permissions (other
+ * bits are not 0) and are complete (post-create finished). So, there is no
+ * way to run security sensitive event scripts (post-create) on crafted
+ * problem directories.
+ */
#if 0
- unsigned len = strlen(g_settings_dump_location);
-
- /* If doesn't start with "g_settings_dump_location[/]"... */
- if (strncmp(dir_name, g_settings_dump_location, len) != 0
- || (dir_name[len] != '/' && dir_name[len] != '\0')
- /* or contains "/." anywhere (-> might contain ".." component) */
- || strstr(dir_name + len, "/.")
- ) {
+ if (!dir_has_correct_permissions(dir_name))
+ {
+ error_msg("Problem directory '%s' isn't owned by root:abrt or others are not restricted from access", dir_name);
return false;
}
#endif
--
1.8.3.1

223
0108-dbus-avoid-race-conditions-in-tests-for-dum-dir-avai.patch Normal file
View file

@ -0,0 +1,223 @@
From 7814554e0827ece778ca88fd90832bd4d05520b1 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Fri, 24 Apr 2015 13:48:32 +0200
Subject: [ABRT PATCH] dbus: avoid race-conditions in tests for dum dir
availability
Florian Weimer <fweimer@redhat.com>
dump_dir_accessible_by_uid() is fundamentally insecure because it
opens up a classic time-of-check-time-of-use race between this
function and and dd_opendir().
Related: #1214745
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/dbus/abrt-dbus.c | 66 ++++++++++++++++++++++++++++++++++++++++++++-------
src/lib/problem_api.c | 15 ++++++++++--
2 files changed, 71 insertions(+), 10 deletions(-)
diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
index 7400dff..9e1844a 100644
--- a/src/dbus/abrt-dbus.c
+++ b/src/dbus/abrt-dbus.c
@@ -245,7 +245,15 @@ static struct dump_dir *open_directory_for_modification_of_element(
}
}
- if (!dump_dir_accessible_by_uid(problem_id, caller_uid))
+ int dir_fd = dd_openfd(problem_id);
+ if (dir_fd < 0)
+ {
+ perror_msg("can't open problem directory '%s'", problem_id);
+ return_InvalidProblemDir_error(invocation, problem_id);
+ return NULL;
+ }
+
+ if (!fdump_dir_accessible_by_uid(dir_fd, caller_uid))
{
if (errno == ENOTDIR)
{
@@ -260,10 +268,11 @@ static struct dump_dir *open_directory_for_modification_of_element(
_("Not Authorized"));
}
+ close(dir_fd);
return NULL;
}
- struct dump_dir *dd = dd_opendir(problem_id, /* flags : */ 0);
+ struct dump_dir *dd = dd_fdopendir(dir_fd, problem_id, /* flags : */ 0);
if (!dd)
{ /* This should not happen because of the access check above */
log_notice("Can't access the problem '%s' for modification", problem_id);
@@ -429,7 +438,15 @@ static void handle_method_call(GDBusConnection *connection,
return;
}
- int ddstat = dump_dir_stat_for_uid(problem_dir, caller_uid);
+ int dir_fd = dd_openfd(problem_dir);
+ if (dir_fd < 0)
+ {
+ perror_msg("can't open problem directory '%s'", problem_dir);
+ return_InvalidProblemDir_error(invocation, problem_dir);
+ return;
+ }
+
+ int ddstat = fdump_dir_stat_for_uid(dir_fd, caller_uid);
if (ddstat < 0)
{
if (errno == ENOTDIR)
@@ -443,6 +460,7 @@ static void handle_method_call(GDBusConnection *connection,
return_InvalidProblemDir_error(invocation, problem_dir);
+ close(dir_fd);
return;
}
@@ -450,6 +468,7 @@ static void handle_method_call(GDBusConnection *connection,
{ //caller seems to be in group with access to this dir, so no action needed
log_notice("caller has access to the requested directory %s", problem_dir);
g_dbus_method_invocation_return_value(invocation, NULL);
+ close(dir_fd);
return;
}
@@ -460,10 +479,11 @@ static void handle_method_call(GDBusConnection *connection,
g_dbus_method_invocation_return_dbus_error(invocation,
"org.freedesktop.problems.AuthFailure",
_("Not Authorized"));
+ close(dir_fd);
return;
}
- struct dump_dir *dd = dd_opendir(problem_dir, DD_OPEN_READONLY | DD_FAIL_QUIETLY_EACCES);
+ struct dump_dir *dd = dd_fdopendir(dir_fd, problem_dir, DD_OPEN_READONLY | DD_FAIL_QUIETLY_EACCES);
if (!dd)
{
return_InvalidProblemDir_error(invocation, problem_dir);
@@ -497,12 +517,21 @@ static void handle_method_call(GDBusConnection *connection,
return;
}
- if (!dump_dir_accessible_by_uid(problem_dir, caller_uid))
+ int dir_fd = dd_openfd(problem_dir);
+ if (dir_fd < 0)
+ {
+ perror_msg("can't open problem directory '%s'", problem_dir);
+ return_InvalidProblemDir_error(invocation, problem_dir);
+ return;
+ }
+
+ if (!fdump_dir_accessible_by_uid(dir_fd, caller_uid))
{
if (errno == ENOTDIR)
{
log_notice("Requested directory does not exist '%s'", problem_dir);
return_InvalidProblemDir_error(invocation, problem_dir);
+ close(dir_fd);
return;
}
@@ -512,11 +541,12 @@ static void handle_method_call(GDBusConnection *connection,
g_dbus_method_invocation_return_dbus_error(invocation,
"org.freedesktop.problems.AuthFailure",
_("Not Authorized"));
+ close(dir_fd);
return;
}
}
- struct dump_dir *dd = dd_opendir(problem_dir, DD_OPEN_READONLY | DD_FAIL_QUIETLY_EACCES);
+ struct dump_dir *dd = dd_fdopendir(dir_fd, problem_dir, DD_OPEN_READONLY | DD_FAIL_QUIETLY_EACCES);
if (!dd)
{
return_InvalidProblemDir_error(invocation, problem_dir);
@@ -677,20 +707,40 @@ static void handle_method_call(GDBusConnection *connection,
for (GList *l = problem_dirs; l; l = l->next)
{
const char *dir_name = (const char*)l->data;
- if (!dump_dir_accessible_by_uid(dir_name, caller_uid))
+
+ int dir_fd = dd_openfd(dir_name);
+ if (dir_fd < 0)
+ {
+ perror_msg("can't open problem directory '%s'", dir_name);
+ return_InvalidProblemDir_error(invocation, dir_name);
+ return;
+ }
+
+ if (!fdump_dir_accessible_by_uid(dir_fd, caller_uid))
{
if (errno == ENOTDIR)
{
log_notice("Requested directory does not exist '%s'", dir_name);
+ close(dir_fd);
continue;
}
if (polkit_check_authorization_dname(caller, "org.freedesktop.problems.getall") != PolkitYes)
{ // if user didn't provide correct credentials, just move to the next dir
+ close(dir_fd);
continue;
}
}
- delete_dump_dir(dir_name);
+
+ struct dump_dir *dd = dd_fdopendir(dir_fd, dir_name, /*flags:*/ 0);
+ if (dd)
+ {
+ if (dd_delete(dd) != 0)
+ {
+ error_msg("Failed to delete problem directory '%s'", dir_name);
+ dd_close(dd);
+ }
+ }
}
g_dbus_method_invocation_return_value(invocation, NULL);
diff --git a/src/lib/problem_api.c b/src/lib/problem_api.c
index c2b4b1c..b343882 100644
--- a/src/lib/problem_api.c
+++ b/src/lib/problem_api.c
@@ -46,7 +46,15 @@ int for_each_problem_in_dir(const char *path,
continue; /* skip "." and ".." */
char *full_name = concat_path_file(path, dent->d_name);
- if (caller_uid == -1 || dump_dir_accessible_by_uid(full_name, caller_uid))
+
+ int dir_fd = dd_openfd(full_name);
+ if (dir_fd < 0)
+ {
+ VERB2 perror_msg("can't open problem directory '%s'", full_name);
+ continue;
+ }
+
+ if (caller_uid == -1 || fdump_dir_accessible_by_uid(dir_fd, caller_uid))
{
/* Silently ignore *any* errors, not only EACCES.
* We saw "lock file is locked by process PID" error
@@ -54,7 +62,7 @@ int for_each_problem_in_dir(const char *path,
*/
int sv_logmode = logmode;
logmode = 0;
- struct dump_dir *dd = dd_opendir(full_name, DD_OPEN_READONLY | DD_FAIL_QUIETLY_EACCES | DD_DONT_WAIT_FOR_LOCK);
+ struct dump_dir *dd = dd_fdopendir(dir_fd, full_name, DD_OPEN_READONLY | DD_FAIL_QUIETLY_EACCES | DD_DONT_WAIT_FOR_LOCK);
logmode = sv_logmode;
if (dd)
{
@@ -62,6 +70,9 @@ int for_each_problem_in_dir(const char *path,
dd_close(dd);
}
}
+ else
+ close(dir_fd);
+
free(full_name);
if (brk)
break;
--
1.8.3.1

49
0109-dbus-report-invalid-element-names.patch Normal file
View file

@ -0,0 +1,49 @@
From f3c2a6af3455b2882e28570e8a04f1c2d4500d5b Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 27 Apr 2015 07:52:00 +0200
Subject: [ABRT PATCH] dbus: report invalid element names
Return D-Bus error in case of invalid problem element name.
Related: #1214451
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/dbus/abrt-dbus.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
index 9e1844a..6de15e9 100644
--- a/src/dbus/abrt-dbus.c
+++ b/src/dbus/abrt-dbus.c
@@ -599,7 +599,7 @@ static void handle_method_call(GDBusConnection *connection,
g_variant_get(parameters, "(&s&s&s)", &problem_id, &element, &value);
- if (element == NULL || element[0] == '\0' || strlen(element) > 64)
+ if (!str_is_correct_filename(element))
{
log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
char *error = xasprintf(_("'%s' is not a valid element name"), element);
@@ -658,6 +658,18 @@ static void handle_method_call(GDBusConnection *connection,
g_variant_get(parameters, "(&s&s)", &problem_id, &element);
+ if (!str_is_correct_filename(element))
+ {
+ log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
+ char *error = xasprintf(_("'%s' is not a valid element name"), element);
+ g_dbus_method_invocation_return_dbus_error(invocation,
+ "org.freedesktop.problems.InvalidElement",
+ error);
+
+ free(error);
+ return;
+ }
+
struct dump_dir *dd = open_directory_for_modification_of_element(
invocation, caller_uid, problem_id, element);
if (!dd)
--
1.8.3.1

170
0110-a-a-i-d-t-a-cache-sanitize-arguments.patch Normal file
View file

@ -0,0 +1,170 @@
From 9943a77bca37a0829ccd3784d1dfab37f8c24e7b Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 29 Apr 2015 13:57:39 +0200
Subject: [ABRT PATCH] a-a-i-d-t-a-cache: sanitize arguments
Parse command lines arguments and use them to create new arguments for
exec(). No black listing algorithm would be safe enough. The only
allowed arguments are the following:
* v - verbose
* y - noninteractive
* repo - enable only repositories whose names match the pattern
* exact - download packages for the specified files
* ids - passed as magic proc fd path to the wrapped executable
The wrapper opens the list of needed build ids passes /proc/self/fd/[fd]
to the wrapped process. This allows us to open the file with caller's
UID/GID in order to avoid information disclosures.
Forbidden arguments:
* cache - allows regular users to create a user writable dump directory
* tmpdir - the same as above
* size_mb - no need to allow users to fiddle with the cache size
Related: #1216962
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
po/POTFILES.in | 1 +
.../abrt-action-install-debuginfo-to-abrt-cache.c | 106 ++++++++++++++++-----
2 files changed, 85 insertions(+), 22 deletions(-)
diff --git a/po/POTFILES.in b/po/POTFILES.in
index cbe89fa..1248c46 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -31,6 +31,7 @@ src/plugins/abrt-action-check-oops-for-hw-error.in
src/plugins/abrt-action-generate-backtrace.c
src/plugins/abrt-action-generate-core-backtrace.c
src/plugins/abrt-action-install-debuginfo.in
+src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
src/plugins/abrt-action-perform-ccpp-analysis.in
src/plugins/abrt-action-trim-files.c
src/plugins/abrt-action-ureport
diff --git a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
index e0eccc0..eb2f7c5 100644
--- a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
+++ b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
@@ -29,28 +29,90 @@
*/
int main(int argc, char **argv)
{
- /*
- * We disallow passing of arguments which point to writable dirs
- * and other files possibly not accessible to calling user.
- * This way, the script will always use default values for these arguments.
- */
- char **pp = argv;
- char *arg;
- while ((arg = *++pp) != NULL)
+ /* I18n */
+ setlocale(LC_ALL, "");
+#if ENABLE_NLS
+ bindtextdomain(PACKAGE, LOCALEDIR);
+ textdomain(PACKAGE);
+#endif
+
+ abrt_init(argv);
+
+ /* Can't keep these strings/structs static: _() doesn't support that */
+ const char *program_usage_string = _(
+ "& [-y] [-i BUILD_IDS_FILE|-i -] [-e PATH[:PATH]...]\n"
+ "\t[-r REPO]\n"
+ "\n"
+ "Installs debuginfo packages for all build-ids listed in BUILD_IDS_FILE to\n"
+ "ABRT system cache."
+ );
+
+ enum {
+ OPT_v = 1 << 0,
+ OPT_y = 1 << 1,
+ OPT_i = 1 << 2,
+ OPT_e = 1 << 3,
+ OPT_r = 1 << 4,
+ OPT_s = 1 << 5,
+ };
+
+ const char *build_ids = "build_ids";
+ const char *exact = NULL;
+ const char *repo = NULL;
+ const char *size_mb = NULL;
+
+ struct options program_options[] = {
+ OPT__VERBOSE(&g_verbose),
+ OPT_BOOL ('y', "yes", NULL, _("Noninteractive, assume 'Yes' to all questions")),
+ OPT_STRING('i', "ids", &build_ids, "BUILD_IDS_FILE", _("- means STDIN, default: build_ids")),
+ OPT_STRING('e', "exact", &exact, "EXACT", _("Download only specified files")),
+ OPT_STRING('r', "repo", &repo, "REPO", _("Pattern to use when searching for repos, default: *debug*")),
+ OPT_STRING('s', "size_mb", &size_mb, "SIZE_MB", _("Ignored option")),
+ OPT_END()
+ };
+ const unsigned opts = parse_opts(argc, argv, program_options, program_usage_string);
+
+ /* We need to open the build ids file under the caller's UID/GID to avoid
+ * information disclosures when reading files with changed UID.
+ * Unfortunately, we cannot replace STDIN with the new fd because ABRT uses
+ * STDIN to communicate with the caller. So, the following code opens a
+ * dummy file descriptor to the build ids file and passes the new fd's proc
+ * path to the wrapped program in the ids argument.
+ * The new fd remains opened, the OS will close it for us. */
+ char *build_ids_self_fd = NULL;
+ if (strcmp("-", build_ids) != 0)
+ {
+ const int build_ids_fd = open(build_ids, O_RDONLY);
+ if (build_ids_fd < 0)
+ perror_msg_and_die("Failed to open file '%s'", build_ids);
+
+ /* We are not going to free this memory. There is no place to do so. */
+ build_ids_self_fd = xasprintf("/proc/self/fd/%d", build_ids_fd);
+ }
+
+ /* name, -v, --ids, -, -y, -e, EXACT, -r, REPO, --, NULL */
+ const char *args[11];
{
- /* Allow taking ids from stdin */
- if (strcmp(arg, "--ids=-") == 0)
- continue;
-
- if (strncmp(arg, "--exact", 7) == 0)
- continue;
-
- if (strncmp(arg, "--cache", 7) == 0)
- error_msg_and_die("bad option %s", arg);
- if (strncmp(arg, "--tmpdir", 8) == 0)
- error_msg_and_die("bad option %s", arg);
- if (strncmp(arg, "--ids", 5) == 0)
- error_msg_and_die("bad option %s", arg);
+ const char *verbs[] = { "", "-v", "-vv", "-vvv" };
+ unsigned i = 0;
+ args[i++] = EXECUTABLE;
+ args[i++] = "--ids";
+ args[i++] = (build_ids_self_fd != NULL) ? build_ids_self_fd : "-";
+ args[i++] = verbs[g_verbose <= 3 ? g_verbose : 3];
+ if ((opts & OPT_y))
+ args[i++] = "-y";
+ if ((opts & OPT_e))
+ {
+ args[i++] = "--exact";
+ args[i++] = exact;
+ }
+ if ((opts & OPT_r))
+ {
+ args[i++] = "--repo";
+ args[i++] = repo;
+ }
+ args[i++] = "--";
+ args[i] = NULL;
}
/* Switch real user/group to effective ones.
@@ -122,6 +184,6 @@ int main(int argc, char **argv)
putenv(path_env);
}
- execvp(EXECUTABLE, argv);
+ execvp(EXECUTABLE, (char **)args);
error_msg_and_die("Can't execute %s", EXECUTABLE);
}
--
1.8.3.1

31
0111-a-a-i-d-t-a-cache-sanitize-umask.patch Normal file
View file

@ -0,0 +1,31 @@
From 9a4100678fea4d60ec93d35f4c5de2e9ad054f3a Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 29 Apr 2015 14:13:57 +0200
Subject: [ABRT PATCH] a-a-i-d-t-a-cache: sanitize umask
We cannot trust anything when running suided program.
Related: #1216962
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
index eb2f7c5..cd9ee7a 100644
--- a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
+++ b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
@@ -182,6 +182,9 @@ int main(int argc, char **argv)
if (u != 0)
strcpy(path_env, "PATH=/usr/bin:/bin:"BIN_DIR);
putenv(path_env);
+
+ /* Use safe umask */
+ umask(0022);
}
execvp(EXECUTABLE, (char **)args);
--
1.8.3.1

102
0112-ccpp-revert-the-UID-GID-changes-if-user-core-fails.patch Normal file
View file

@ -0,0 +1,102 @@
From 7269a2cc88735aee0d1fa62491b9efe73ab5c6e8 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 4 May 2015 13:23:43 +0200
Subject: [ABRT PATCH] ccpp: revert the UID/GID changes if user core fails
Thanks Florian Weimer <fweimer@redhat.com>
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 58 ++++++++++++++++++++++++++++------------------
1 file changed, 36 insertions(+), 22 deletions(-)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 02f15d5..fdd9b06 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -351,9 +351,6 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
return -1;
}
- xsetegid(get_fsgid());
- xseteuid(fsuid);
-
if (strcmp(core_basename, "core") == 0)
{
/* Mimic "core.PID" if requested */
@@ -446,36 +443,53 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
* and the description of the /proc/sys/fs/suid_dumpable file in proc(5).)
*/
- /* Set SELinux context like kernel when creating core dump file */
- if (newcon != NULL && setfscreatecon_raw(newcon) < 0)
- {
- perror_msg("setfscreatecon_raw(%s)", newcon);
- return -1;
- }
+ int user_core_fd = -1;
+ int selinux_fail = 1;
- struct stat sb;
- errno = 0;
- /* Do not O_TRUNC: if later checks fail, we do not want to have file already modified here */
- int user_core_fd = openat(dirfd(proc_cwd), core_basename, O_WRONLY | O_CREAT | O_NOFOLLOW | g_user_core_flags, 0600); /* kernel makes 0600 too */
+ /*
+ * These calls must be reverted as soon as possible.
+ */
+ xsetegid(get_fsgid());
+ xseteuid(fsuid);
- if (newcon != NULL && setfscreatecon_raw(NULL) < 0)
+ /* Set SELinux context like kernel when creating core dump file.
+ * This condition is TRUE if */
+ if (/* SELinux is disabled */ newcon == NULL
+ || /* or the call succeeds */ setfscreatecon_raw(newcon) >= 0)
{
- error_msg("setfscreatecon_raw(NULL)");
- goto user_core_fail;
+ /* Do not O_TRUNC: if later checks fail, we do not want to have file already modified here */
+ user_core_fd = openat(dirfd(proc_cwd), core_basename, O_WRONLY | O_CREAT | O_NOFOLLOW | g_user_core_flags, 0600); /* kernel makes 0600 too */
+
+ /* Do the error check here and print the error message in order to
+ * avoid interference in 'errno' usage caused by SELinux functions */
+ if (user_core_fd < 0)
+ perror_msg("Can't open '%s' at '%s'", core_basename, user_pwd);
+
+ /* Fail if SELinux is enabled and the call fails */
+ if (newcon != NULL && setfscreatecon_raw(NULL) < 0)
+ perror_msg("setfscreatecon_raw(NULL)");
+ else
+ selinux_fail = 0;
}
+ else
+ perror_msg("setfscreatecon_raw(%s)", newcon);
+ /*
+ * DON'T JUMP OVER THIS REVERT OF THE UID/GID CHANGES
+ */
xsetegid(0);
xseteuid(0);
- if (user_core_fd < 0
- || fstat(user_core_fd, &sb) != 0
+
+ if (user_core_fd < 0 || selinux_fail)
+ goto user_core_fail;
+
+ struct stat sb;
+ if (fstat(user_core_fd, &sb) != 0
|| !S_ISREG(sb.st_mode)
|| sb.st_nlink != 1
|| sb.st_uid != fsuid
) {
- if (user_core_fd < 0)
- perror_msg("Can't open '%s' at '%s'", core_basename, user_pwd);
- else
- perror_msg("'%s' at '%s' is not a regular file with link count 1 owned by UID(%d)", core_basename, user_pwd, fsuid);
+ perror_msg("'%s' at '%s' is not a regular file with link count 1 owned by UID(%d)", core_basename, user_pwd, fsuid);
goto user_core_fail;
}
if (ftruncate(user_core_fd, 0) != 0) {
--
1.8.3.1

142
0113-upload-validate-and-sanitize-uploaded-dump-directori.patch Normal file
View file

@ -0,0 +1,142 @@
From a4e47c753e9d7988f4d938ed2e0fd690a909ce68 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 20 Apr 2015 15:15:40 +0200
Subject: [ABRT PATCH] upload: validate and sanitize uploaded dump directories
It was discovered that, when moving problem reports from
/var/spool/abrt-upload to /var/spool/abrt or /var/tmp/abrt,
abrt-handle-upload does not verify that the new problem directory
has appropriate permissions and does not contain symbolic links. A
crafted problem report exposes other parts of abrt to attack, and
the abrt-handle-upload script allows to overwrite arbitrary files.
Acknowledgement:
This issue was discovered by Florian Weimer of Red Hat Product Security.
Related: #1212953
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt-handle-upload.in | 78 +++++++++++++++++++++++++++++++++++-----
1 file changed, 70 insertions(+), 8 deletions(-)
diff --git a/src/daemon/abrt-handle-upload.in b/src/daemon/abrt-handle-upload.in
index dbc4534..7720da4 100755
--- a/src/daemon/abrt-handle-upload.in
+++ b/src/daemon/abrt-handle-upload.in
@@ -10,6 +10,7 @@ import getopt
import tempfile
import shutil
import datetime
+import grp
from reportclient import set_verbosity, error_msg_and_die, error_msg, log
@@ -36,12 +37,77 @@ def init_gettext():
import problem
-def write_str_to(filename, s):
- fd = os.open(filename, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, @DEFAULT_DUMP_DIR_MODE@ | stat.S_IROTH)
+def write_str_to(filename, s, uid, gid, mode):
+ fd = os.open(filename, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, mode)
if fd >= 0:
+ os.fchown(fd, uid, gid)
os.write(fd, s)
os.close(fd)
+
+def validate_transform_move_and_notify(uploaded_dir_path, problem_dir_path, dest=None):
+ fsuid = 0
+ fsgid = 0
+
+ try:
+ gabrt = grp.getgrnam("abrt")
+ fsgid = gabrt.gr_gid
+ except KeyError as ex:
+ error_msg("Failed to get GID of 'abrt' (using 0 instead): {0}'".format(str(ex)))
+
+ try:
+ # give the uploaded directory to 'root:abrt' or 'root:root'
+ os.chown(uploaded_dir_path, fsuid, fsgid)
+ # set the right permissions for this machine
+ # (allow the owner and the group to access problem elements,
+ # the default dump dir mode lacks x bit for both)
+ os.chmod(uploaded_dir_path, @DEFAULT_DUMP_DIR_MODE@ | stat.S_IXUSR | stat.S_IXGRP)
+
+ # sanitize problem elements
+ for item in os.listdir(uploaded_dir_path):
+ apath = os.path.join(uploaded_dir_path, item)
+ if os.path.islink(apath):
+ # remove symbolic links
+ os.remove(apath)
+ elif os.path.isdir(apath):
+ # remove directories
+ shutil.rmtree(apath)
+ elif os.path.isfile(apath):
+ # set file ownership to 'root:abrt' or 'root:root'
+ os.chown(apath, fsuid, fsgid)
+ # set the right file permissions for this machine
+ os.chmod(apath, @DEFAULT_DUMP_DIR_MODE@)
+ else:
+ # remove things that are neither files, symlinks nor directories
+ os.remove(apath)
+ except OSError as ex:
+ error_msg("Removing uploaded dir '{0}': '{1}'".format(uploaded_dir_path, str(ex)))
+ try:
+ shutil.rmtree(uploaded_dir_path)
+ except OSError as ex2:
+ error_msg_and_die("Failed to clean up dir '{0}': '{1}'".format(uploaded_dir_path, str(ex2)))
+ return
+
+ # overwrite remote if it exists
+ remote_path = os.path.join(uploaded_dir_path, "remote")
+ write_str_to(remote_path, "1", fsuid, fsgid, @DEFAULT_DUMP_DIR_MODE@)
+
+ # abrtd would increment count value and abrt-server refuses to process
+ # problem directories containing 'count' element when PrivateReports is on.
+ count_path = os.path.join(uploaded_dir_path, "count")
+ if os.path.exists(count_path):
+ # overwrite remote_count if it exists
+ remote_count_path = os.path.join(uploaded_dir_path, "remote_count")
+ os.rename(count_path, remote_count_path)
+
+ if not dest:
+ dest = problem_dir_path
+
+ shutil.move(uploaded_dir_path, dest)
+
+ problem.notify_new_path(problem_dir_path)
+
+
if __name__ == "__main__":
# Helper: exit with cleanup
@@ -177,21 +243,17 @@ if __name__ == "__main__":
# or one or more complete problem data directories.
# Checking second possibility first.
if os.path.exists(tempdir+"/analyzer") and os.path.exists(tempdir+"/time"):
- write_str_to(tempdir+"/remote", "1")
- shutil.move(tempdir, abrt_dir)
- problem.notify_new_path(abrt_dir+"/"+os.path.basename(tempdir))
+ validate_transform_move_and_notify(tempdir, abrt_dir+"/"+os.path.basename(tempdir), dest=abrt_dir)
else:
for d in os.listdir(tempdir):
if not os.path.isdir(tempdir+"/"+d):
continue
- write_str_to(tempdir+"/"+d+"/remote", "1")
dst = abrt_dir+"/"+d
if os.path.exists(dst):
dst += "."+str(os.getpid())
if os.path.exists(dst):
continue
- shutil.move(tempdir+"/"+d, dst)
- problem.notify_new_path(dst)
+ validate_transform_move_and_notify(tempdir+"/"+d, dst)
die_exitcode = 0
# This deletes working_dir (== delete_on_exit)
--
1.8.3.1

58
0114-daemon-harden-against-race-conditions-in-DELETE.patch Normal file
View file

@ -0,0 +1,58 @@
From 10bea037a2ad82616b3698d07d07d287481e1bed Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 6 May 2015 14:04:42 +0200
Subject: [ABRT PATCH] daemon: harden against race conditions in DELETE
There is a race between checking dump dir accessibility and deleting it
in abrt-server.
Related: #1214457.
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt-server.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
index 1030461..130c24a 100644
--- a/src/daemon/abrt-server.c
+++ b/src/daemon/abrt-server.c
@@ -91,8 +91,16 @@ static int delete_path(const char *dump_dir_name)
error_msg("Problem directory '%s' isn't owned by root:abrt or others are not restricted from access", dump_dir_name);
return 400; /* */
}
- if (!dump_dir_accessible_by_uid(dump_dir_name, client_uid))
+
+ int dir_fd = dd_openfd(dump_dir_name);
+ if (dir_fd < 0)
+ {
+ perror_msg("Can't open problem directory '%s'", dump_dir_name);
+ return 400;
+ }
+ if (!fdump_dir_accessible_by_uid(dir_fd, client_uid))
{
+ close(dir_fd);
if (errno == ENOTDIR)
{
error_msg("Path '%s' isn't problem directory", dump_dir_name);
@@ -102,7 +110,16 @@ static int delete_path(const char *dump_dir_name)
return 403; /* Forbidden */
}
- delete_dump_dir(dump_dir_name);
+ struct dump_dir *dd = dd_fdopendir(dir_fd, dump_dir_name, /*flags:*/ 0);
+ if (dd)
+ {
+ if (dd_delete(dd) != 0)
+ {
+ error_msg("Failed to delete problem directory '%s'", dump_dir_name);
+ dd_close(dd);
+ return 400;
+ }
+ }
return 0; /* success */
}
--
1.8.3.1

65
0115-daemon-allow-only-root-user-to-trigger-the-post-crea.patch Normal file
View file

@ -0,0 +1,65 @@
From 3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 6 May 2015 14:39:44 +0200
Subject: [ABRT PATCH] daemon: allow only root user to trigger the post-create
There is no reason to allow non-root users to trigger this
functionality. Regular users can create abrt problems only through
abrtd or abrt-dbus and both triggers the post-create.
Other hooks run under root user (CCpp, Koops, VMCore, Xorg).
Related: #1212861
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt-server.c | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
index 130c24a..d3fa1b5 100644
--- a/src/daemon/abrt-server.c
+++ b/src/daemon/abrt-server.c
@@ -178,16 +178,6 @@ static int run_post_create(const char *dirname)
return 403;
}
}
- else if (!dump_dir_accessible_by_uid(dirname, client_uid))
- {
- if (errno == ENOTDIR)
- {
- error_msg("Path '%s' isn't problem directory", dirname);
- return 404; /* Not Found */
- }
- error_msg("Problem directory '%s' can't be accessed by user with uid %ld", dirname, (long)client_uid);
- return 403; /* Forbidden */
- }
int child_stdout_fd;
int child_pid = spawn_event_handler_child(dirname, "post-create", &child_stdout_fd);
@@ -741,14 +731,21 @@ static int perform_http_xact(void)
/* Body received, EOF was seen. Don't let alarm to interrupt after this. */
alarm(0);
+ int ret = 0;
if (url_type == CREATION_NOTIFICATION)
{
+ if (client_uid != 0)
+ {
+ error_msg("UID=%ld is not authorized to trigger post-create processing", (long)client_uid);
+ ret = 403; /* Forbidden */
+ goto out;
+ }
+
messagebuf_data[messagebuf_len] = '\0';
return run_post_create(messagebuf_data);
}
/* Save problem dir */
- int ret = 0;
unsigned pid = convert_pid(problem_info);
die_if_data_is_missing(problem_info);
--
1.8.3.1

127
0116-daemon-dbus-allow-only-root-to-create-CCpp-Koops-vmc.patch Normal file
View file

@ -0,0 +1,127 @@
From 7417505e1d93cc95ec648b74e3c801bc67aacb9f Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Thu, 7 May 2015 11:07:12 +0200
Subject: [ABRT PATCH] daemon, dbus: allow only root to create CCpp, Koops,
vmcore and xorg
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Florian Weimer <fweimer@redhat.com>:
This prevents users from feeding things that are not actually
coredumps and excerpts from /proc to these analyzers.
For example, it should not be possible to trigger a rule with
“EVENT=post-create analyzer=CCpp” using NewProblem
Related: #1212861
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt-server.c | 2 +-
src/dbus/abrt-dbus.c | 10 +++++++++-
src/include/libabrt.h | 2 ++
src/lib/hooklib.c | 24 ++++++++++++++++++++++++
4 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
index d3fa1b5..afd9fd3 100644
--- a/src/daemon/abrt-server.c
+++ b/src/daemon/abrt-server.c
@@ -487,7 +487,7 @@ static gboolean key_value_ok(gchar *key, gchar *value)
}
}
- return TRUE;
+ return allowed_new_user_problem_entry(client_uid, key, value);
}
/* Handles a message received from client over socket. */
diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
index 6de15e9..bef95bd 100644
--- a/src/dbus/abrt-dbus.c
+++ b/src/dbus/abrt-dbus.c
@@ -168,6 +168,7 @@ bool allowed_problem_dir(const char *dir_name)
static char *handle_new_problem(GVariant *problem_info, uid_t caller_uid, char **error)
{
+ char *problem_id = NULL;
problem_data_t *pd = problem_data_new();
GVariantIter *iter;
@@ -175,6 +176,12 @@ static char *handle_new_problem(GVariant *problem_info, uid_t caller_uid, char *
gchar *key, *value;
while (g_variant_iter_loop(iter, "{ss}", &key, &value))
{
+ if (allowed_new_user_problem_entry(caller_uid, key, value) == false)
+ {
+ *error = xasprintf("You are not allowed to create element '%s' containing '%s'", key, value);
+ goto finito;
+ }
+
problem_data_add_text_editable(pd, key, value);
}
@@ -189,12 +196,13 @@ static char *handle_new_problem(GVariant *problem_info, uid_t caller_uid, char *
/* At least it should generate local problem identifier UUID */
problem_data_add_basics(pd);
- char *problem_id = problem_data_save(pd);
+ problem_id = problem_data_save(pd);
if (problem_id)
notify_new_path(problem_id);
else if (error)
*error = xasprintf("Cannot create a new problem");
+finito:
problem_data_free(pd);
return problem_id;
}
diff --git a/src/include/libabrt.h b/src/include/libabrt.h
index 5bf2397..3749a31 100644
--- a/src/include/libabrt.h
+++ b/src/include/libabrt.h
@@ -51,6 +51,8 @@ char *get_backtrace(const char *dump_dir_name, unsigned timeout_sec, const char
bool dir_is_in_dump_location(const char *dir_name);
#define dir_has_correct_permissions abrt_dir_has_correct_permissions
bool dir_has_correct_permissions(const char *dir_name);
+#define allowed_new_user_problem_entry abrt_allowed_new_user_problem_entry
+bool allowed_new_user_problem_entry(uid_t uid, const char *name, const char *value);
#define g_settings_nMaxCrashReportsSize abrt_g_settings_nMaxCrashReportsSize
extern unsigned int g_settings_nMaxCrashReportsSize;
diff --git a/src/lib/hooklib.c b/src/lib/hooklib.c
index 4b20025..8e93663 100644
--- a/src/lib/hooklib.c
+++ b/src/lib/hooklib.c
@@ -483,3 +483,27 @@ bool dir_has_correct_permissions(const char *dir_name)
}
return true;
}
+
+bool allowed_new_user_problem_entry(uid_t uid, const char *name, const char *value)
+{
+ /* Allow root to create everything */
+ if (uid == 0)
+ return true;
+
+ /* Permit non-root users to create everything except: analyzer and type */
+ if (strcmp(name, FILENAME_ANALYZER) != 0
+ && strcmp(name, FILENAME_TYPE) != 0
+ /* compatibility value used in abrt-server */
+ && strcmp(name, "basename") != 0)
+ return true;
+
+ /* Permit non-root users to create all types except: C/C++, Koops, vmcore and xorg */
+ if (strcmp(value, "CCpp") != 0
+ && strcmp(value, "Kerneloops") != 0
+ && strcmp(value, "vmcore") != 0
+ && strcmp(value, "xorg") != 0)
+ return true;
+
+ error_msg("Only root is permitted to create element '%s' containing '%s'", name, value);
+ return false;
+}
--
1.8.3.1

69
0118-dbus-validate-parameters-of-all-calls.patch Normal file
View file

@ -0,0 +1,69 @@
From 7a47f57975be0d285a2f20758e4572dca6d9cdd3 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 13 May 2015 11:10:23 +0200
Subject: [ABRT PATCH] dbus: validate parameters of all calls
SetElement and DeleteElement were missing check for valid dump directory
path.
FindProblemByElementInTimeRange was not reporting invalid element names.
Related: #1214451
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/dbus/abrt-dbus.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
index bef95bd..f2f742b 100644
--- a/src/dbus/abrt-dbus.c
+++ b/src/dbus/abrt-dbus.c
@@ -607,6 +607,12 @@ static void handle_method_call(GDBusConnection *connection,
g_variant_get(parameters, "(&s&s&s)", &problem_id, &element, &value);
+ if (!allowed_problem_dir(problem_id))
+ {
+ return_InvalidProblemDir_error(invocation, problem_id);
+ return;
+ }
+
if (!str_is_correct_filename(element))
{
log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
@@ -666,6 +672,12 @@ static void handle_method_call(GDBusConnection *connection,
g_variant_get(parameters, "(&s&s)", &problem_id, &element);
+ if (!allowed_problem_dir(problem_id))
+ {
+ return_InvalidProblemDir_error(invocation, problem_id);
+ return;
+ }
+
if (!str_is_correct_filename(element))
{
log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
@@ -783,6 +795,18 @@ static void handle_method_call(GDBusConnection *connection,
g_variant_get_child(parameters, 3, "x", &timestamp_to);
g_variant_get_child(parameters, 4, "b", &all);
+ if (!str_is_correct_filename(element))
+ {
+ log_notice("'%s' is not a valid element name", element);
+ char *error = xasprintf(_("'%s' is not a valid element name"), element);
+ g_dbus_method_invocation_return_dbus_error(invocation,
+ "org.freedesktop.problems.InvalidElement",
+ error);
+
+ free(error);
+ return;
+ }
+
if (all && polkit_check_authorization_dname(caller, "org.freedesktop.problems.getall") == PolkitYes)
caller_uid = 0;
--
1.8.3.1

167
0119-ccpp-do-not-unlink-failed-and-big-user-cores.patch Normal file
View file

@ -0,0 +1,167 @@
From 7bd77a63f226a572946f30db3e76f23f971f46d5 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 20 May 2015 06:07:15 +0200
Subject: [ABRT PATCH] ccpp: do not unlink failed and big user cores
* We might end up deleting an already existing file.
* Kernel does not delete nor truncate core files. Admittedly, kernel
knows how process's memory is structured, dumps it per logical
segments and checks whether a next segment can be written.
* 'ulimit -c' does not seem to be a hard limit. Kernel wrote 8192 bytes
despite $(ulimit -c) == 6.
Related: #1212818
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/hooks/abrt-hook-ccpp.c | 70 +++++++++++++++++++---------------------------
1 file changed, 29 insertions(+), 41 deletions(-)
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index fdd9b06..9b38ed7 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -129,8 +129,8 @@ static off_t copyfd_sparse(int src_fd, int dst_fd1, int dst_fd2, off_t size2)
size2 -= rd;
if (size2 < 0)
dst_fd2 = -1;
-//TODO: truncate to 0 or even delete the second file
-//(currently we delete the file later)
+// truncate to 0 or even delete the second file?
+// No, kernel does not delete nor truncate core files.
}
out:
@@ -502,13 +502,20 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
user_core_fail:
if (user_core_fd >= 0)
- {
close(user_core_fd);
- unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
- }
return -1;
}
+static int close_user_core(int user_core_fd, off_t core_size)
+{
+ if (user_core_fd >= 0 && (fsync(user_core_fd) != 0 || close(user_core_fd) != 0 || core_size < 0))
+ {
+ perror_msg("Error writing '%s' at '%s'", core_basename, user_pwd);
+ return -1;
+ }
+ return 0;
+}
+
static bool dump_fd_info(const char *dest_filename, char *source_filename, int source_base_ofs, uid_t uid, gid_t gid)
{
FILE *fp = fopen(dest_filename, "wx");
@@ -569,7 +576,7 @@ static int create_or_die(const char *filename)
if (dd)
dd_delete(dd);
if (user_core_fd >= 0)
- unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
+ close(user_core_fd);
errno = sv_errno;
perror_msg_and_die("Can't open '%s'", filename);
@@ -577,6 +584,7 @@ static int create_or_die(const char *filename)
int main(int argc, char** argv)
{
+ int err = 1;
/* Kernel starts us with all fd's closed.
* But it's dangerous:
* fprintf(stderr) can dump messages into random fds, etc.
@@ -778,9 +786,8 @@ int main(int argc, char** argv)
error_msg_and_die("Error saving '%s'", path);
}
log("Saved core dump of pid %lu (%s) to %s (%llu bytes)", (long)pid, executable, path, (long long)core_size);
- if (proc_cwd != NULL)
- closedir(proc_cwd);
- return 0;
+ err = 0;
+ goto finito;
}
unsigned path_len = snprintf(path, sizeof(path), "%s/ccpp-%s-%lu.new",
@@ -895,26 +902,17 @@ int main(int argc, char** argv)
* ls: cannot access core*: No such file or directory <=== BAD
*/
off_t core_size = copyfd_sparse(STDIN_FILENO, abrt_core_fd, user_core_fd, ulimit_c);
+
+ close_user_core(user_core_fd, core_size);
+
if (fsync(abrt_core_fd) != 0 || close(abrt_core_fd) != 0 || core_size < 0)
{
unlink(path);
dd_delete(dd);
- if (user_core_fd >= 0)
- unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
/* copyfd_sparse logs the error including errno string,
* but it does not log file name */
error_msg_and_die("Error writing '%s'", path);
}
- if (user_core_fd >= 0
- /* error writing user coredump? */
- && (fsync(user_core_fd) != 0 || close(user_core_fd) != 0
- /* user coredump is too big? */
- || (ulimit_c == 0 /* paranoia */ || core_size > ulimit_c)
- )
- ) {
- /* nuke it (silently) */
- unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
- }
/* Because of #1211835 and #1126850 */
#if 0
@@ -984,9 +982,9 @@ int main(int argc, char** argv)
}
free(rootdir);
- if (proc_cwd != NULL)
- closedir(proc_cwd);
- return 0;
+
+ err = 0;
+ goto finito;
}
/* We didn't create abrt dump, but may need to create compat coredump */
@@ -994,26 +992,16 @@ int main(int argc, char** argv)
if (user_core_fd >= 0)
{
off_t core_size = copyfd_size(STDIN_FILENO, user_core_fd, ulimit_c, COPYFD_SPARSE);
- if (fsync(user_core_fd) != 0 || close(user_core_fd) != 0 || core_size < 0)
- {
- /* perror first, otherwise unlink may trash errno */
- perror_msg("Error writing '%s' at '%s'", core_basename, user_pwd);
- unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
- if (proc_cwd != NULL)
- closedir(proc_cwd);
- return 1;
- }
- if (ulimit_c == 0 || core_size > ulimit_c)
- {
- unlinkat(dirfd(proc_cwd), core_basename, /*unlink file*/0);
- if (proc_cwd != NULL)
- closedir(proc_cwd);
- return 1;
- }
+ if (close_user_core(user_core_fd, core_size) != 0)
+ goto finito;
+
+ err = 0;
log("Saved core dump of pid %lu to %s at %s (%llu bytes)", (long)pid, core_basename, user_pwd, (long long)core_size);
}
+ finito:
if (proc_cwd != NULL)
closedir(proc_cwd);
- return 0;
+
+ return err;
}
--
1.8.3.1

82
0120-a-a-i-d-t-a-cache-don-t-open-the-build_ids-file-as-a.patch Normal file
View file

@ -0,0 +1,82 @@
From 3bdf6305f6a8501a692e1a98f98e0be9d3922a1d Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 20 May 2015 08:08:58 +0200
Subject: [ABRT PATCH] a-a-i-d-t-a-cache: don't open the build_ids file as abrt
Opening the build_ids file as abrt may lead to information disclosure.
Related: #1216962
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
.../abrt-action-install-debuginfo-to-abrt-cache.c | 30 +++++++++++++++++-----
1 file changed, 23 insertions(+), 7 deletions(-)
diff --git a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
index cd9ee7a..fafb0c4 100644
--- a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
+++ b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
@@ -72,6 +72,11 @@ int main(int argc, char **argv)
};
const unsigned opts = parse_opts(argc, argv, program_options, program_usage_string);
+ const gid_t egid = getegid();
+ const gid_t rgid = getgid();
+ const uid_t euid = geteuid();
+ const gid_t ruid = getuid();
+
/* We need to open the build ids file under the caller's UID/GID to avoid
* information disclosures when reading files with changed UID.
* Unfortunately, we cannot replace STDIN with the new fd because ABRT uses
@@ -82,7 +87,20 @@ int main(int argc, char **argv)
char *build_ids_self_fd = NULL;
if (strcmp("-", build_ids) != 0)
{
+ if (setregid(egid, rgid) < 0)
+ perror_msg_and_die("setregid(egid, rgid)");
+
+ if (setreuid(euid, ruid) < 0)
+ perror_msg_and_die("setreuid(euid, ruid)");
+
const int build_ids_fd = open(build_ids, O_RDONLY);
+
+ if (setregid(rgid, egid) < 0)
+ perror_msg_and_die("setregid(rgid, egid)");
+
+ if (setreuid(ruid, euid) < 0 )
+ perror_msg_and_die("setreuid(ruid, euid)");
+
if (build_ids_fd < 0)
perror_msg_and_die("Failed to open file '%s'", build_ids);
@@ -118,14 +136,12 @@ int main(int argc, char **argv)
/* Switch real user/group to effective ones.
* Otherwise yum library gets confused - gets EPERM (why??).
*/
- gid_t g = getegid();
/* do setregid only if we have to, to not upset selinux needlessly */
- if (g != getgid())
- IGNORE_RESULT(setregid(g, g));
- uid_t u = geteuid();
- if (u != getuid())
+ if (egid != rgid)
+ IGNORE_RESULT(setregid(egid, egid));
+ if (euid != ruid)
{
- IGNORE_RESULT(setreuid(u, u));
+ IGNORE_RESULT(setreuid(euid, euid));
/* We are suid'ed! */
/* Prevent malicious user from messing up with suid'ed process: */
#if 1
@@ -179,7 +195,7 @@ int main(int argc, char **argv)
// abrt-action-install-debuginfo doesn't fail when spawning
// abrt-action-trim-files
char path_env[] = "PATH=/usr/sbin:/sbin:/usr/bin:/bin:"BIN_DIR":"SBIN_DIR;
- if (u != 0)
+ if (euid != 0)
strcpy(path_env, "PATH=/usr/bin:/bin:"BIN_DIR);
putenv(path_env);
--
1.8.3.1

32
0121-a-a-i-d-t-a-cache-fix-command-line-argument-generati.patch Normal file
View file

@ -0,0 +1,32 @@
From ff67428ed1685b1d5b12e2893396d6acecf3a123 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 20 May 2015 15:22:58 +0200
Subject: [ABRT PATCH] a-a-i-d-t-a-cache: fix command line argument generation
Empty string in the list of arguments for execvp causes problems (-y
was ignored).
Related: #1216962
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
index fafb0c4..81b1486 100644
--- a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
+++ b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
@@ -116,7 +116,8 @@ int main(int argc, char **argv)
args[i++] = EXECUTABLE;
args[i++] = "--ids";
args[i++] = (build_ids_self_fd != NULL) ? build_ids_self_fd : "-";
- args[i++] = verbs[g_verbose <= 3 ? g_verbose : 3];
+ if (g_verbose > 0)
+ args[i++] = verbs[g_verbose <= 3 ? g_verbose : 3];
if ((opts & OPT_y))
args[i++] = "-y";
if ((opts & OPT_e))
--
1.8.3.1

26
0122-Do-not-use-bool-in-OPT_BOOL-macro-it-expects-int.patch Normal file
View file

@ -0,0 +1,26 @@
From 8b5ec646d59be4a52efd66a2331ee0ffbe6cd2bc Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 14 Jan 2015 11:51:59 +0100
Subject: [PATCH] Do not use 'bool' in OPT_BOOL() macro : it expects 'int'
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/daemon/abrt-auto-reporting.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/abrt-auto-reporting.c b/src/daemon/abrt-auto-reporting.c
index f3b4ed0..573c1ae 100644
--- a/src/daemon/abrt-auto-reporting.c
+++ b/src/daemon/abrt-auto-reporting.c
@@ -204,7 +204,7 @@ int main(int argc, char *argv[])
OPT_c = 1 << 4,
};
- bool anonymous = false;
+ int anonymous = 0;
const char *username = NULL;
const char *password = NULL;
const char *certificate = NULL;
--
2.4.3

Some files were not shown because too many files have changed in this diff Show more