Hello community, here is the log from the commit of package mumble for openSUSE:Factory checked in at Thu Mar 24 11:11:46 CET 2011. -------- --- mumble/mumble.changes 2011-02-21 15:46:08.000000000 +0100 +++ /mounts/work_src_done/STABLE/mumble/mumble.changes 2011-03-08 17:34:44.000000000 +0100 @@ -1,0 +2,6 @@ +Tue Mar 8 16:07:54 UTC 2011 - lnussel@suse.de + +- change log dir owner to root +- clean up init script + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- 0001-open-log-file-early-so-log-dir-can-be-root-owned.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mumble.spec ++++++ --- /var/tmp/diff_new_pack.STHex0/_old 2011-03-24 11:00:41.000000000 +0100 +++ /var/tmp/diff_new_pack.STHex0/_new 2011-03-24 11:00:41.000000000 +0100 @@ -97,6 +97,7 @@ Source2: mumble-server.init Patch0: 0001-fix-build-error-with-capability.h.diff Patch1: 0001-fix-user-switching.diff +Patch2: 0001-open-log-file-early-so-log-dir-can-be-root-owned.diff Patch50: mumble-1.2.2-buildcompare.diff # hack, no clue about glx so no idea to fix this properly Patch99: mumble-1.1.4-sle10glx.diff @@ -162,6 +163,7 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 # %patch50 -p1 %if 0%{?suse_version} && 0%{?suse_version} < 1020 @@ -408,7 +410,7 @@ %{_mandir}/man1/murmurd.* %{_mandir}/man1/murmur-user-wrapper.* %dir %attr(-,mumble-server,mumble-server) /var/lib/mumble-server -%dir %attr(-,mumble-server,mumble-server) /var/log/mumble-server +%dir /var/log/mumble-server %if 0%{?suse_version} < 1130 %dir %attr(-,mumble-server,mumble-server) /var/run/mumble-server %else ++++++ 0001-open-log-file-early-so-log-dir-can-be-root-owned.diff ++++++

From d79587e5570ec036355ada3de76521d981ce9596 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nussel@suse.de> Date: Tue, 8 Mar 2011 16:31:33 +0100 Subject: [PATCH] open log file early so log dir can be root owned

http://article.gmane.org/gmane.comp.security.oss.general/4404 --- src/murmur/UnixMurmur.cpp | 2 +- src/murmur/main.cpp | 46 ++++++++++++++++++++++++++------------------ 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/src/murmur/UnixMurmur.cpp b/src/murmur/UnixMurmur.cpp index 773701c..3dc9c08 100644 --- a/src/murmur/UnixMurmur.cpp +++ b/src/murmur/UnixMurmur.cpp @@ -255,7 +255,7 @@ void UnixMurmur::setuid() { void UnixMurmur::initialcap() { #ifdef Q_OS_LINUX - cap_value_t caps[] = {CAP_NET_ADMIN, CAP_SETUID, CAP_SETGID, CAP_SYS_RESOURCE, CAP_DAC_OVERRIDE }; + cap_value_t caps[] = {CAP_NET_ADMIN, CAP_SETUID, CAP_SETGID, CAP_CHOWN, CAP_SYS_RESOURCE, CAP_DAC_OVERRIDE }; if (! bRoot) return; diff --git a/src/murmur/main.cpp b/src/murmur/main.cpp index 5a4810d..695f8cc 100644 --- a/src/murmur/main.cpp +++ b/src/murmur/main.cpp @@ -273,6 +273,33 @@ int main(int argc, char **argv) { Meta::mp.read(inifile); + // need to open log file early so log dir can be root owned: + // http://article.gmane.org/gmane.comp.security.oss.general/4404 + if (detach && ! Meta::mp.qsLogfile.isEmpty()) { + qfLog = new QFile(Meta::mp.qsLogfile); + if (! qfLog->open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text)) { + delete qfLog; + qfLog = NULL; +#ifdef Q_OS_UNIX + fprintf(stderr, "murmurd: failed to open logfile %s: no logging will be done\n",qPrintable(Meta::mp.qsLogfile)); +#else + qWarning("Failed to open logfile %s. Will not detach.",qPrintable(Meta::mp.qsLogfile)); + detach = false; +#endif + } else { + qfLog->setTextModeEnabled(true); + QFileInfo qfi(*qfLog); + Meta::mp.qsLogfile = qfi.absoluteFilePath(); +#ifdef Q_OS_UNIX + if (Meta::mp.uiUid != 0 && fchown(qfLog->handle(), Meta::mp.uiUid, Meta::mp.uiGid) == -1) { + qFatal("can't change log file owner to %d %d:%d - %s", qfLog->handle(), Meta::mp.uiUid, Meta::mp.uiGid, strerror(errno)); + } +#endif + } + } else { + detach = false; + } + #ifdef Q_OS_UNIX unixhandler.setuid(); #endif @@ -318,25 +345,6 @@ int main(int argc, char **argv) { } } - if (detach && ! Meta::mp.qsLogfile.isEmpty()) { - qfLog = new QFile(Meta::mp.qsLogfile); - if (! qfLog->open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text)) { - delete qfLog; - qfLog = NULL; -#ifdef Q_OS_UNIX - fprintf(stderr, "murmurd: failed to open logfile %s: no logging will be done\n",qPrintable(Meta::mp.qsLogfile)); -#else - qWarning("Failed to open logfile %s. Will not detach.",qPrintable(Meta::mp.qsLogfile)); - detach = false; -#endif - } else { - qfLog->setTextModeEnabled(true); - QFileInfo qfi(*qfLog); - Meta::mp.qsLogfile = qfi.absoluteFilePath(); - } - } else { - detach = false; - } #ifdef Q_OS_UNIX if (detach) { if (fork() != 0) { -- 1.7.3.4 ++++++ mumble-server.init ++++++ --- /var/tmp/diff_new_pack.STHex0/_old 2011-03-24 11:00:41.000000000 +0100 +++ /var/tmp/diff_new_pack.STHex0/_new 2011-03-24 11:00:41.000000000 +0100 @@ -21,10 +21,6 @@ INIFILE=/etc/mumble-server.ini DAEMON_OPTS="-ini $INIFILE" -MURMUR_DAEMON_START=0 -MURMUR_USE_CAPABILITIES=0 -MURMUR_LIMIT_NOFILE=0 -MURMUR_LIMIT_RTPRIO=0 # Include murmur defaults if available if [ -f /etc/default/$NAME ] ; then @@ -33,26 +29,12 @@ . /etc/rc.status -if [ "$MURMUR_LIMIT_NOFILE" -gt 0 ] ; then - ulimit -n $MURMUR_LIMIT_NOFILE -fi -if [ "$MURMUR_LIMIT_RTPRIO" -gt 0 ]; then - ulimit -r 1 -fi - case "$1" in start) echo -n "Starting $NAME " - user=`sed -ne '/^uname=/s/.*=//p' < $INIFILE` - if [ -z "$user" ]; then - echo -n "${ext}No user configured in $INIFILE, refusing to run as root${norm}" - rc_status -v 6 - else - eval HOME=~$user - cd $HOME - /sbin/start_daemon -p $PIDFILE -u $user $DAEMON $DAEMON_OPTS - rc_status -v - fi + test -d $PIDDIR || /usr/bin/install -d -m 0755 -o mumble-server -g mumble-server $PIDDIR + /sbin/start_daemon -p $PIDFILE $DAEMON $DAEMON_OPTS + rc_status -v ;; stop) echo -n "Shutting down $NAME " ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org