commit build for openSUSE:11.2
Hello community, here is the log from the commit of package build for openSUSE:11.2 checked in at Mon Feb 28 17:17:56 CET 2011. -------- --- old-versions/11.2/UPDATES/all/build/build.changes 2010-07-28 15:48:13.000000000 +0200 +++ 11.2/build/build.changes 2011-02-28 09:11:59.000000000 +0100 @@ -1,0 +2,5 @@ +Fri Jan 21 06:52:07 UTC 2011 - lnussel@suse.de + +- force use of bsdtar for VMs (bnc#665768, CVE-2010-4226) + +------------------------------------------------------------------- calling whatdependson for 11.2-i586 New: ---- 0001-force-use-of-bsdtar-for-VMs.diff build-emptyvmswap.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ build.spec ++++++ --- /var/tmp/diff_new_pack.oFteIv/_old 2011-02-28 17:17:48.000000000 +0100 +++ /var/tmp/diff_new_pack.oFteIv/_new 2011-02-28 17:17:48.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package build (Version 2010.07.28) +# spec file for package build # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ AutoReqProv: on Summary: A Script to Build SUSE Linux RPMs Version: 2010.07.28 -Release: 1.<RELEASE1> +Release: 1.<RELEASE3> # osc rm build-*tar.bz2 # REVISION=$(svn info https://forgesvn1.novell.com/svn/opensuse/trunk/buildservice/src/build | sed -ne "/Revision: /s///p") # VERSION="$(date +"%Y.%m.%d").r$REVISION" @@ -40,6 +40,8 @@ # osc submitreq create -m"current svn snapshot." openSUSE:Tools build openSUSE:Factory #!BuildIgnore: build-mkbaselibs Source: build-%{version}.tar.gz +Patch0: 0001-force-use-of-bsdtar-for-VMs.diff +Patch1: build-emptyvmswap.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch # Manual requires to avoid hard require to bash-static @@ -50,6 +52,7 @@ Requires: perl-TimeDate Requires: binutils Requires: tar +Recommends: bsdtar %description This package provides a script for building RPMs for SUSE Linux in a @@ -72,6 +75,8 @@ %prep %setup -q +%patch0 -p1 +%patch1 -p1 %build ++++++ 0001-force-use-of-bsdtar-for-VMs.diff ++++++
From da60f9f18958fecdb51091dbca4be01b612699f0 Mon Sep 17 00:00:00 2001 From: Michael Schroeder <mls@suse.de> Date: Tue, 7 Dec 2010 18:06:45 +0100 Subject: [PATCH] force use of bsdtar for VMs
--- init_buildsystem | 35 ++++++++++++++++++++++++----------- 1 files changed, 24 insertions(+), 11 deletions(-) diff --git a/init_buildsystem b/init_buildsystem index c1c7e33..426fa2b 100755 --- a/init_buildsystem +++ b/init_buildsystem @@ -129,7 +129,20 @@ preinstall() check_exit echo "preinstalling $1..." cd $BUILD_ROOT || cleanup_and_exit 1 - CPIO="cpio --extract --unconditional --preserve-modification-time --make-directories --no-absolute-filenames --quiet" + if test -x /usr/bin/bsdtar ; then + CPIO="/usr/bin/bsdtar --chroot -o --numeric-owner -x -f-" + TAR="/usr/bin/bsdtar --chroot -o --numeric-owner -x" + else + # cpio isn't safe so we require bsdtar for VMs. chroot is + # unsafe anyways so it's ok for that. + if [ -n "$PREPARE_VM" ]; then + echo "Error: setting up a VM requires bsdtar for security reasons." + echo "Please install bsdtar" + cleanup_and_exit 1 + fi + CPIO="cpio --extract --unconditional --preserve-modification-time --make-directories --no-absolute-filenames --quiet" + TAR="tar -x" + fi if test -e "$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" ; then PAYLOADDECOMPRESS=cat case `rpm -qp --nodigest --nosignature --qf "%{PAYLOADCOMPRESSOR}\n" "$BUILD_ROOT/.init_b_cache/rpms/$1.rpm"` in @@ -151,22 +164,22 @@ preinstall() else rpm2cpio "$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" | $PAYLOADDECOMPRESS | $CPIO fi - if test -e .init_b_cache/scripts/$1.run ; then - rpm -qp --nodigest --nosignature --qf "%{PREIN}" "$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" > .init_b_cache/scripts/$1.pre - rpm -qp --nodigest --nosignature --qf "%{POSTIN}" "$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" > .init_b_cache/scripts/$1.post + if test -e ".init_b_cache/scripts/$1.run" ; then + rpm -qp --nodigest --nosignature --qf "%{PREIN}" "$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" > ".init_b_cache/scripts/$1.pre" + rpm -qp --nodigest --nosignature --qf "%{POSTIN}" "$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" > ".init_b_cache/scripts/$1.post" echo -n '(none)' > .init_b_cache/scripts/.none - cmp -s .init_b_cache/scripts/$1.pre .init_b_cache/scripts/.none && rm -f .init_b_cache/scripts/$1.pre - cmp -s .init_b_cache/scripts/$1.post .init_b_cache/scripts/.none && rm -f .init_b_cache/scripts/$1.post + cmp -s ".init_b_cache/scripts/$1.pre" .init_b_cache/scripts/.none && rm -f ".init_b_cache/scripts/$1.pre" + cmp -s ".init_b_cache/scripts/$1.post" .init_b_cache/scripts/.none && rm -f ".init_b_cache/scripts/$1.post" rm -f .init_b_cache/scripts/.none fi elif test -e "$BUILD_ROOT/.init_b_cache/rpms/$1.deb" ; then ar x "$BUILD_ROOT/.init_b_cache/rpms/$1.deb" control.tar.gz data.tar.gz mkdir -p .init_b_cache/scripts/control - tar -C .init_b_cache/scripts/control -xzf control.tar.gz - tar xzf data.tar.gz - if test -e .init_b_cache/scripts/$1.run ; then - test -e .init_b_cache/scripts/control/preinst && mv .init_b_cache/scripts/control/preinst .init_b_cache/scripts/$1.pre - test -e .init_b_cache/scripts/control/postinst && mv .init_b_cache/scripts/control/postinst .init_b_cache/scripts/$1.post + $TAR -C .init_b_cache/scripts/control -z -f control.tar.gz + $TAR -z -f data.tar.gz + if test -e ".init_b_cache/scripts/$1.run" ; then + test -e .init_b_cache/scripts/control/preinst && mv .init_b_cache/scripts/control/preinst ".init_b_cache/scripts/$1.pre" + test -e .init_b_cache/scripts/control/postinst && mv .init_b_cache/scripts/control/postinst ".init_b_cache/scripts/$1.post" fi rm -rf .init_b_cache/scripts/control control.tar.gz data.tar.gz else -- 1.7.1 ++++++ build-emptyvmswap.diff ++++++ Index: build-2010.07.28/build =================================================================== --- build-2010.07.28.orig/build +++ build-2010.07.28/build @@ -1138,7 +1138,7 @@ if test -z "$RUNNING_IN_VM" ; then vm_img_mkfs "$VMDISK_FILESYSTEM" "$VM_IMAGE" || cleanup_and_exit 3 fi fi - if test ! -e "$VM_SWAP"; then + if test -n "$VM_SWAP" -a ! -e "$VM_SWAP"; then # setup VM_SWAP echo "Creating $VM_SWAP (${VMDISK_SWAPSIZE}M)" mkdir -p "${VM_SWAP%/*}" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de