New upstream release 2.7.1

CVE-2015-5273, CVE-2015-5287 Resolves: #1262252, #1284557
2015-11-23 16:32:33 +01:00 · 2015-11-23 16:32:33 +01:00 · 1684aef22e
commit 1684aef22e
parent e95b9d4bf0
5 changed files with 21 additions and 65 deletions
--- a/.gitignore
+++ b/.gitignore
@ -45,3 +45,4 @@ abrt-1.1.13.tar.gz
 /abrt-2.6.1.tar.gz
 /abrt-2.6.2.tar.gz
 /abrt-2.7.0.tar.gz
+/abrt-2.7.1.tar.gz
--- a/0012-dbus-ensure-expected-bytes-width-of-DBus-numbers.patch
+++ b/0012-dbus-ensure-expected-bytes-width-of-DBus-numbers.patch
@ -1,32 +0,0 @@
-From 7fe8403abed51dc951aa497bf149c19d61a19555 Mon Sep 17 00:00:00 2001
-From: Jakub Filak <jfilak@redhat.com>
-Date: Wed, 28 Oct 2015 00:21:12 +0100
-Subject: [PATCH] dbus: ensure expected bytes width of DBus numbers
-
-t - UINT64 - guint64 (unsigned long is not wide enough on 32bit architectures)
-
-Resolves: rhbz#1256456
-
-Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
- src/dbus/abrt-dbus.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
-index 44778a2..500ddb2 100644
--- a/src/dbus/abrt-dbus.c
-+++ b/src/dbus/abrt-dbus.c
-@@ -625,8 +625,8 @@ static void handle_method_call(GDBusConnection *connection,
- 
-             g_variant_builder_add(response_builder, "{s(its)}",
-                                                     element_name,
-                                                    element_info->flags,
-                                                    size,
-+                                                    (gint32)element_info->flags,
-+                                                    (guint64)size,
-                                                     element_info->content);
-         }
- 
-- 
-2.5.0
-
--- a/abrt.spec
+++ b/abrt.spec
@ -48,18 +48,15 @@

 Summary: Automatic bug detection and reporting tool
 Name: abrt
-Version: 2.7.0
-Release: 2%{?dist}
+Version: 2.7.1
+Release: 1%{?dist}
 License: GPLv2+
 Group: Applications/System
 URL: https://abrt.readthedocs.org/
 Source: https://fedorahosted.org/released/%{name}/%{name}-%{version}.tar.gz
-# don't remove this patch, packages in rawhide are not signed!
-Patch0: disable-OpenGPGCheck-in-Fedora-Rawhide.patch

 # git format-patch %%{Version} --topo-order -N -M;
 # i=1; for p in `ls 0*.patch`; do printf "Patch%04d: %s\n" $i $p; ((i++)); done
-Patch0012:     0012-dbus-ensure-expected-bytes-width-of-DBus-numbers.patch

 # '%%autosetup -S git' -> git
 BuildRequires: git
@ -757,7 +754,7 @@ killall abrt-dbus >/dev/null 2>&1 || :
 %{_mandir}/man5/abrt_event.conf.5.gz
 %config(noreplace) %{_sysconfdir}/libreport/events.d/smart_event.conf
 %{_mandir}/man5/smart_event.conf.5.gz
-%dir %attr(0751, abrt, abrt) %{_localstatedir}/spool/%{name}
+%dir %attr(0751, root, abrt) %{_localstatedir}/spool/%{name}
 %dir %attr(0700, abrt, abrt) %{_localstatedir}/spool/%{name}-upload
 # abrtd runs as root
 %dir %attr(0755, root, root) %{_localstatedir}/run/%{name}
@ -887,6 +884,7 @@ killall abrt-dbus >/dev/null 2>&1 || :
 %{_mandir}/man*/abrt-action-analyze-core.*
 %{_mandir}/man*/abrt-action-analyze-vulnerability.*
 %{_mandir}/man*/abrt-action-perform-ccpp-analysis.*
+%{_mandir}/man*/abrt-dump-journal-core.*

 %files addon-upload-watch
 %defattr(-,root,root,-)
@ -940,7 +938,9 @@ killall abrt-dbus >/dev/null 2>&1 || :
 %{_initrddir}/abrt-xorg
 %endif
 %{_bindir}/abrt-dump-xorg
+%{_bindir}/abrt-dump-journal-xorg
 %{_mandir}/man1/abrt-dump-xorg.1*
+%{_mandir}/man1/abrt-dump-journal-xorg.1*

 %if %{?have_kexec_tools} == 1
 %files addon-vmcore
@ -1078,6 +1078,19 @@ killall abrt-dbus >/dev/null 2>&1 || :
 %config(noreplace) %{_sysconfdir}/profile.d/abrt-console-notification.sh

 %changelog
+* Mon Nov 23 2015 Jakub Filak <jfilak@redhat.com> 2.7.1-1
+- CVE-2015-5287: switch owner of /var/spool/abrt to 'root'
+- CVE-2015-5287: ccpp: save abrt core files only if DebugLevel > 0
+- CVE-2015-5287: ccpp: save abrt core files only to new files
+- CVE-2015-5287: abrt configuration: introduce DebugLevel
+- CVE-2015-5273: a-a-i-d-to-abrt-cache: make own random temporary directory
+- ccpp: make crashes of processes with locked memory not-reportable
+- xorg: introduce tool abrt-dump-journal-xorg
+- abrt-xorg.service: change due to abrt-dump-journal-xorg
+- a-d-journal-core: set root owner for created dump directory
+- spec: add missing man page for abrt-dump-journal-core
+- Resolves: #1262252, #1284557
+
 * Wed Oct 28 2015 Jakub Filak <jfilak@redhat.com> 2.7.0-2
 - Fix broken problem details in abrt-cli/gnome-abrt
 - Resolves: #1256456
--- a/disable-OpenGPGCheck-in-Fedora-Rawhide.patch
+++ b/disable-OpenGPGCheck-in-Fedora-Rawhide.patch
@ -1,26 +0,0 @@
-From 1ef034096efe367af85f568bc982af969124003b Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 10 Feb 2014 09:39:07 +0100
-Subject: [PATCH] disable OpenGPGCheck in Fedora Rawhide
-
-Packages in Fedora Rawhide are not signed.
---
- src/daemon/abrt-action-save-package-data.conf | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/daemon/abrt-action-save-package-data.conf b/src/daemon/abrt-action-save-package-data.conf
-index 3d35bb6..e3f724a 100644
--- a/src/daemon/abrt-action-save-package-data.conf
-+++ b/src/daemon/abrt-action-save-package-data.conf
-@@ -3,7 +3,7 @@
- # the list of public keys used to check the signature is
- # in the file gpg_keys
- #
-OpenGPGCheck = yes
-+OpenGPGCheck = no
- 
- # Blacklisted packages
- #
-- 
-1.8.3.1
-
--- a/2
+++ b/2
@ -1 +1 @@
-1e132c42d1f0161db95c82c0c720e697  abrt-2.7.0.tar.gz
+fee268003142e35fc72fa8a52941dd80  abrt-2.7.1.tar.gz