packages/pcp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2019-3695 CVE-2019-3696

Browse Source
This commit is contained in:
hht8 2020-05-13 17:22:16 +08:00
parent fb8f4b69b1
commit 188e04db88
2 changed files with 210 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
CVE-2019-3695-CVE-2019-3696.patch Normal file
View File

@ -0,0 +1,200 @@
From 34c83f7ee46224fe410572f33c57a739f7bd044f Mon Sep 17 00:00:00 2001
From: Nathan Scott <nathans@redhat.com>
Date: Sun, 6 Oct 2019 14:10:40 +1100
Subject: [PATCH] build: drop old config file transition code from rpm specs
Its been many years since this transition was done, good time
now with pcp-5.0.0 to full this old shell code. Also remove
the Fedora crontab transition logic as thats completely moved
over to systemd now.
---
build/rpm/GNUmakefile | 1 +
build/rpm/fedora.spec | 57 +---------------------------------------
build/rpm/pcp.spec.in | 60 ++-----------------------------------------
3 files changed, 4 insertions(+), 114 deletions(-)
diff --git a/build/rpm/GNUmakefile b/build/rpm/GNUmakefile
index cf6d21f..40a9efe 100644
--- a/build/rpm/GNUmakefile
+++ b/build/rpm/GNUmakefile
@@ -111,6 +111,7 @@ pcp.spec: pcp.spec.in
-e's|@pcp_sysconf_dir@|$(PCP_SYSCONF_DIR)|g' \
-e's|@pcp_share_dir@|$(PCP_SHARE_DIR)|g' \
-e's|@pcp_log_dir@|$(PCP_LOG_DIR)|g' \
+ -e's|@pcp_sa_dir@|$(PCP_LOG_DIR)|g' \
-e's|@pcp_var_dir@|$(PCP_VAR_DIR)|g' \
-e's|@pcp_etc_dir@|$(PCP_ETC_DIR)|g' \
-e's|@pcp_binadm_dir@|$(PCP_BINADM_DIR)|g' \
diff --git a/build/rpm/fedora.spec b/build/rpm/fedora.spec
index 0471dbd..1256926 100644
--- a/build/rpm/fedora.spec
+++ b/build/rpm/fedora.spec
@@ -2427,56 +2427,6 @@ exit 0
getent group pcp >/dev/null || groupadd -r pcp
getent passwd pcp >/dev/null || \
useradd -c "Performance Co-Pilot" -g pcp -d %{_localstatedir}/lib/pcp -M -r -s /sbin/nologin pcp
-PCP_CONFIG_DIR=%{_localstatedir}/lib/pcp/config
-PCP_SYSCONF_DIR=%{_confdir}
-PCP_LOG_DIR=%{_logsdir}
-PCP_ETC_DIR=%{_sysconfdir}
-# rename crontab files to align with current Fedora packaging guidelines
-for crontab in pmlogger pmie
-do
- test -f "$PCP_ETC_DIR/cron.d/$crontab" || continue
- mv -f "$PCP_ETC_DIR/cron.d/$crontab" "$PCP_ETC_DIR/cron.d/pcp-$crontab"
-done
-# produce a script to run post-install to move configs to their new homes
-save_configs_script()
-{
- _new="$1"
- shift
- for _dir
- do
- [ "$_dir" = "$_new" ] && continue
- if [ -d "$_dir" ]
- then
- ( cd "$_dir" ; find . -maxdepth 1 -type f ) | sed -e 's/^\.\///' \
- | while read _file
- do
- [ "$_file" = "control" ] && continue
- _want=true
- if [ -f "$_new/$_file" ]
- then
- # file exists in both directories, pick the more
- # recently modified one
- _try=`find "$_dir/$_file" -newer "$_new/$_file" -print`
- [ -n "$_try" ] || _want=false
- fi
- $_want && echo cp -p "$_dir/$_file" "$_new/$_file"
- done
- fi
- done
-}
-# migrate and clean configs if we have had a previous in-use installation
-[ -d "$PCP_LOG_DIR" ] || exit 0 # no configuration file upgrades required
-rm -f "$PCP_LOG_DIR/configs.sh"
-for daemon in pmie pmlogger
-do
- save_configs_script >> "$PCP_LOG_DIR/configs.sh" "$PCP_CONFIG_DIR/$daemon" \
- "$PCP_SYSCONF_DIR/$daemon"
-done
-for daemon in pmcd pmproxy
-do
- save_configs_script >> "$PCP_LOG_DIR/configs.sh" "$PCP_SYSCONF_DIR/$daemon"\
- "$PCP_CONFIG_DIR/$daemon" /etc/$daemon
-done
exit 0
%if !%{disable_microhttpd}
@@ -2828,11 +2778,7 @@ pmieconf -c enable dmthin
%{pmda_notready "$1" "prometheus"}
%post
-PCP_LOG_DIR=%{_logsdir}
PCP_PMNS_DIR=%{_pmnsdir}
-# restore saved configs, if any
-test -s "$PCP_LOG_DIR/configs.sh" && source "$PCP_LOG_DIR/configs.sh"
-rm -f $PCP_LOG_DIR/configs.sh
chown -R pcp:pcp %{_logsdir}/pmcd 2>/dev/null
chown -R pcp:pcp %{_logsdir}/pmlogger 2>/dev/null
@@ -2860,7 +2806,7 @@ chmod 644 "$PCP_PMNS_DIR/.NeedRebuild"
/sbin/service pmproxy condrestart
%endif
-cd $PCP_PMNS_DIR && ./Rebuild -s && rm -f .NeedRebuild
+cd "$PCP_PMNS_DIR" && ./Rebuild -s && rm -f .NeedRebuild
cd
%post libs -p /sbin/ldconfig
diff --git a/build/rpm/pcp.spec.in b/build/rpm/pcp.spec.in
index dba589e..c37e934 100755
--- a/build/rpm/pcp.spec.in
+++ b/build/rpm/pcp.spec.in
@@ -2764,11 +2764,6 @@ chown -R pcpqa:pcpqa @pcp_var_dir@/testsuite 2>/dev/null
getent group pcp >/dev/null || groupadd -r pcp
getent passwd pcp >/dev/null || \
useradd -c "Performance Co-Pilot" -g pcp -d @pcp_var_dir@ -M -r -s /sbin/nologin pcp
-# new directories; they should match /etc/pcp.conf settings after install
-PCP_CONFIG_DIR=@pcp_var_dir@/config
-PCP_SYSCONF_DIR=@pcp_sysconf_dir@
-PCP_LOG_DIR=@pcp_log_dir@
-PCP_ETC_DIR=@pcp_etc_dir@
# transition pmdadmcache over to pmdadm (device mapper)
PCP_PMCDCONF_PATH=@pcp_pmcdconf_path@
@@ -2780,52 +2780,6 @@
touch "$PCP_PMDAS_DIR/dmcache/.NeedRemove"
fi
-# rename crontab files to align with current Fedora packaging guidelines
-for crontab in pmlogger pmie
-do
- test -f "$PCP_ETC_DIR/cron.d/$crontab" || continue
- mv -f "$PCP_ETC_DIR/cron.d/$crontab" "$PCP_ETC_DIR/cron.d/pcp-$crontab"
-done
-# produce a script to run post-install to move configs to their new homes
-save_configs_script()
-{
- _new="$1"
- shift
- for _dir
- do
- [ "$_dir" = "$_new" ] && continue
- if [ -d "$_dir" ]
- then
- ( cd "$_dir" ; find . -maxdepth 1 -type f ) | sed -e 's/^\.\///' \
- | while read _file
- do
- [ "$_file" = "control" ] && continue
- _want=true
- if [ -f "$_new/$_file" ]
- then
- # file exists in both directories, pick the more
- # recently modified one
- _try=`find "$_dir/$_file" -newer "$_new/$_file" -print`
- [ -n "$_try" ] || _want=false
- fi
- $_want && echo cp -p "$_dir/$_file" "$_new/$_file"
- done
- fi
- done
-}
-# migrate and clean configs if we have had a previous in-use installation
-[ -d "$PCP_LOG_DIR" ] || exit 0 # no configuration file upgrades required
-rm -f "$PCP_LOG_DIR/configs.sh"
-for daemon in pmie pmlogger
-do
- save_configs_script >> "$PCP_LOG_DIR/configs.sh" "$PCP_CONFIG_DIR/$daemon" \
- "$PCP_SYSCONF_DIR/$daemon"
-done
-for daemon in pmcd pmproxy
-do
- save_configs_script >> "$PCP_LOG_DIR/configs.sh" "$PCP_SYSCONF_DIR/$daemon"\
- "$PCP_CONFIG_DIR/$daemon" /etc/$daemon
-done
exit 0
%if "@enable_webapi@" == "true"
@@ -3191,11 +3129,7 @@ fi
%post
PCP_PMNS_DIR=@pcp_var_dir@/pmns
PCP_LOG_DIR=@pcp_log_dir@
-PCP_SYSCONFIG_DIR=@pcp_sysconfig_dir@
-
-# restore saved configs, if any
-test -s "$PCP_LOG_DIR/configs.sh" && source "$PCP_LOG_DIR/configs.sh"
-rm -f $PCP_LOG_DIR/configs.sh
+PCP_SA_DIR=@pcp_sa_dir@
chown -R pcp:pcp "$PCP_LOG_DIR/pmcd" 2>/dev/null
chown -R pcp:pcp "$PCP_LOG_DIR/pmlogger" 2>/dev/null
@@ -3224,7 +3158,7 @@ chmod 644 "$PCP_PMNS_DIR/.NeedRebuild"
/sbin/service pmproxy condrestart
%endif
-cd $PCP_PMNS_DIR && ./Rebuild -s && rm -f .NeedRebuild
+cd "$PCP_PMNS_DIR" && ./Rebuild -s && rm -f .NeedRebuild
cd
%post libs -p /sbin/ldconfig

11
pcp.spec
View File

@ -9,7 +9,7 @@
Name: pcp Name: pcp
Version: 4.1.3 Version: 4.1.3
Summary: System-level performance monitoring and performance management Summary: System-level performance monitoring and performance management
Release: 3 Release: 4
License: GPLv2+ and LGPLv2.1+ and CC-BY License: GPLv2+ and LGPLv2.1+ and CC-BY
URL: https://pcp.io URL: https://pcp.io
Source0: https://dl.bintray.com/pcp/source/pcp-4.1.3.tar.gz Source0: https://dl.bintray.com/pcp/source/pcp-4.1.3.tar.gz
@ -17,6 +17,8 @@ Source1: https://github.com/performancecopilot/pcp-webapp-vector/archiv
Source2: https://github.com/performancecopilot/pcp-webapp-grafana/archive/1.9.1-2/pcp-webapp-grafana-1.9.1-2.tar.gz Source2: https://github.com/performancecopilot/pcp-webapp-grafana/archive/1.9.1-2/pcp-webapp-grafana-1.9.1-2.tar.gz
Source3: https://github.com/performancecopilot/pcp-webapp-graphite/archive/0.9.10/pcp-webapp-graphite-0.9.10.tar.gz Source3: https://github.com/performancecopilot/pcp-webapp-graphite/archive/0.9.10/pcp-webapp-graphite-0.9.10.tar.gz
Source4: https://github.com/performancecopilot/pcp-webapp-blinkenlights/archive/1.0.1/pcp-webapp-blinkenlights-1.0.1.tar.gz Source4: https://github.com/performancecopilot/pcp-webapp-blinkenlights/archive/1.0.1/pcp-webapp-blinkenlights-1.0.1.tar.gz
Patch6000: CVE-2019-3695-CVE-2019-3696.patch
BuildRequires: gcc gcc-c++ procps autoconf bison flex nss-devel rpm-devel avahi-devel xz-devel zlib-devel BuildRequires: gcc gcc-c++ procps autoconf bison flex nss-devel rpm-devel avahi-devel xz-devel zlib-devel
BuildRequires: python2-devel python3-devel ncurses-devel readline-devel cyrus-sasl-devel papi-devel libpfm-devel >= 4 BuildRequires: python2-devel python3-devel ncurses-devel readline-devel cyrus-sasl-devel papi-devel libpfm-devel >= 4
BuildRequires: libmicrohttpd-devel cairo-devel systemtap-sdt-devel boost-devel perl-generators perl-devel perl(strict) BuildRequires: libmicrohttpd-devel cairo-devel systemtap-sdt-devel boost-devel perl-generators perl-devel perl(strict)
@ -857,6 +859,7 @@ This package installs selinux support files for PCP.
%setup -q -T -D -a 3 -c -n graphite %setup -q -T -D -a 3 -c -n graphite
%setup -q -T -D -a 4 -c -n blinkenlights %setup -q -T -D -a 4 -c -n blinkenlights
%setup -q %setup -q
%patch6000 -p1
%build %build
@ -2208,5 +2211,11 @@ fi
%config(noreplace) /etc/pcp/pmrep/* %config(noreplace) /etc/pcp/pmrep/*
%changelog %changelog
* Wed May 13 2020 huanghaitao <huanghaitao8@huawei.com> - 4.1.3-4
- Type:cves
- ID: CVE-2019-3695 CVE-2019-3696
- SUG:restart
- DESC: fix CVE-2019-3695 CVE-2019-3696
* Fri Feb 21 2020 Senlin Xia <xiasenlin1@huawei.com> - 4.1.3-3 * Fri Feb 21 2020 Senlin Xia <xiasenlin1@huawei.com> - 4.1.3-3
- package init - package init