Mailinglist Archive: opensuse-commit (1792 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package build for openSUSE:11.3
checked in at Mon Feb 28 17:27:58 CET 2011.



--------
--- old-versions/11.3/UPDATES/all/build/build.changes   2010-07-28 
15:48:13.000000000 +0200
+++ 11.3/build/build.changes    2011-02-28 09:12:18.000000000 +0100
@@ -1,0 +2,5 @@
+Fri Jan 21 06:52:07 UTC 2011 - lnussel@xxxxxxx
+
+- force use of bsdtar for VMs (bnc#665768, CVE-2010-4226)
+
+-------------------------------------------------------------------

calling whatdependson for 11.3-i586


New:
----
  0001-force-use-of-bsdtar-for-VMs.diff
  build-emptyvmswap.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ build.spec ++++++
--- /var/tmp/diff_new_pack.LVyEEv/_old  2011-02-28 17:27:51.000000000 +0100
+++ /var/tmp/diff_new_pack.LVyEEv/_new  2011-02-28 17:27:51.000000000 +0100
@@ -1,7 +1,7 @@
 #
-# spec file for package build (Version 2010.07.28)
+# spec file for package build
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
 AutoReqProv:    on
 Summary:        A Script to Build SUSE Linux RPMs
 Version:        2010.07.28
-Release:        1.<RELEASE1>
+Release:        1.<RELEASE3>
 # osc rm build-*tar.bz2
 # REVISION=$(svn info 
https://forgesvn1.novell.com/svn/opensuse/trunk/buildservice/src/build | sed 
-ne "/Revision: /s///p")
 # VERSION="$(date +"%Y.%m.%d").r$REVISION"
@@ -40,6 +40,8 @@
 # osc submitreq create -m"current svn snapshot." openSUSE:Tools build 
openSUSE:Factory
 #!BuildIgnore:  build-mkbaselibs
 Source:         build-%{version}.tar.gz
+Patch0:         0001-force-use-of-bsdtar-for-VMs.diff
+Patch1:         build-emptyvmswap.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 # Manual requires to avoid hard require to bash-static
@@ -50,6 +52,7 @@
 Requires:       perl-TimeDate
 Requires:       binutils
 Requires:       tar
+Recommends:     bsdtar
 
 %description
 This package provides a script for building RPMs for SUSE Linux in a
@@ -72,6 +75,8 @@
 
 %prep
 %setup -q
+%patch0 -p1
+%patch1 -p1
 
 %build
 

++++++ 0001-force-use-of-bsdtar-for-VMs.diff ++++++
> From da60f9f18958fecdb51091dbca4be01b612699f0 Mon Sep 17 00:00:00 2001
From: Michael Schroeder <mls@xxxxxxx>
Date: Tue, 7 Dec 2010 18:06:45 +0100
Subject: [PATCH] force use of bsdtar for VMs

---
 init_buildsystem |   35 ++++++++++++++++++++++++-----------
 1 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/init_buildsystem b/init_buildsystem
index c1c7e33..426fa2b 100755
--- a/init_buildsystem
+++ b/init_buildsystem
@@ -129,7 +129,20 @@ preinstall()
     check_exit
     echo "preinstalling $1..."
     cd $BUILD_ROOT || cleanup_and_exit 1
-    CPIO="cpio --extract --unconditional --preserve-modification-time 
--make-directories --no-absolute-filenames --quiet"
+    if test -x /usr/bin/bsdtar ; then
+       CPIO="/usr/bin/bsdtar --chroot -o --numeric-owner -x -f-"
+       TAR="/usr/bin/bsdtar --chroot -o --numeric-owner -x"
+    else
+       # cpio isn't safe so we require bsdtar for VMs. chroot is
+       # unsafe anyways so it's ok for that.
+       if [ -n "$PREPARE_VM" ]; then
+           echo "Error: setting up a VM requires bsdtar for security reasons."
+           echo "Please install bsdtar"
+           cleanup_and_exit 1
+       fi
+       CPIO="cpio --extract --unconditional --preserve-modification-time 
--make-directories --no-absolute-filenames --quiet"
+       TAR="tar -x"
+    fi
     if test -e "$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" ; then
        PAYLOADDECOMPRESS=cat
        case `rpm -qp --nodigest --nosignature --qf "%{PAYLOADCOMPRESSOR}\n" 
"$BUILD_ROOT/.init_b_cache/rpms/$1.rpm"` in
@@ -151,22 +164,22 @@ preinstall()
        else
            rpm2cpio "$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" | 
$PAYLOADDECOMPRESS | $CPIO
        fi
-       if test -e .init_b_cache/scripts/$1.run ; then
-           rpm -qp --nodigest --nosignature --qf "%{PREIN}" 
"$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" > .init_b_cache/scripts/$1.pre
-           rpm -qp --nodigest --nosignature --qf "%{POSTIN}" 
"$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" > .init_b_cache/scripts/$1.post
+       if test -e ".init_b_cache/scripts/$1.run" ; then
+           rpm -qp --nodigest --nosignature --qf "%{PREIN}" 
"$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" > ".init_b_cache/scripts/$1.pre"
+           rpm -qp --nodigest --nosignature --qf "%{POSTIN}" 
"$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" > ".init_b_cache/scripts/$1.post"
            echo -n '(none)' > .init_b_cache/scripts/.none
-           cmp -s .init_b_cache/scripts/$1.pre .init_b_cache/scripts/.none && 
rm -f .init_b_cache/scripts/$1.pre
-           cmp -s .init_b_cache/scripts/$1.post .init_b_cache/scripts/.none && 
rm -f .init_b_cache/scripts/$1.post
+           cmp -s ".init_b_cache/scripts/$1.pre" .init_b_cache/scripts/.none 
&& rm -f ".init_b_cache/scripts/$1.pre"
+           cmp -s ".init_b_cache/scripts/$1.post" .init_b_cache/scripts/.none 
&& rm -f ".init_b_cache/scripts/$1.post"
            rm -f .init_b_cache/scripts/.none
        fi
     elif test -e "$BUILD_ROOT/.init_b_cache/rpms/$1.deb" ; then
        ar x "$BUILD_ROOT/.init_b_cache/rpms/$1.deb" control.tar.gz data.tar.gz
        mkdir -p .init_b_cache/scripts/control
-       tar -C .init_b_cache/scripts/control -xzf control.tar.gz
-       tar xzf data.tar.gz
-       if test -e .init_b_cache/scripts/$1.run ; then
-           test -e .init_b_cache/scripts/control/preinst && mv 
.init_b_cache/scripts/control/preinst .init_b_cache/scripts/$1.pre
-           test -e .init_b_cache/scripts/control/postinst && mv 
.init_b_cache/scripts/control/postinst .init_b_cache/scripts/$1.post
+       $TAR -C .init_b_cache/scripts/control -z -f control.tar.gz
+       $TAR -z -f data.tar.gz
+       if test -e ".init_b_cache/scripts/$1.run" ; then
+           test -e .init_b_cache/scripts/control/preinst && mv 
.init_b_cache/scripts/control/preinst ".init_b_cache/scripts/$1.pre"
+           test -e .init_b_cache/scripts/control/postinst && mv 
.init_b_cache/scripts/control/postinst ".init_b_cache/scripts/$1.post"
        fi
        rm -rf .init_b_cache/scripts/control control.tar.gz data.tar.gz
     else
-- 
1.7.1

++++++ build-emptyvmswap.diff ++++++
Index: build-2010.07.28/build
===================================================================
--- build-2010.07.28.orig/build
+++ build-2010.07.28/build
@@ -1138,7 +1138,7 @@ if test -z "$RUNNING_IN_VM" ; then
                vm_img_mkfs "$VMDISK_FILESYSTEM" "$VM_IMAGE" || 
cleanup_and_exit 3
            fi
        fi
-       if test ! -e "$VM_SWAP"; then
+       if test -n "$VM_SWAP" -a ! -e "$VM_SWAP"; then
            # setup VM_SWAP
            echo "Creating $VM_SWAP (${VMDISK_SWAPSIZE}M)"
            mkdir -p "${VM_SWAP%/*}"

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx