averi pushed to check-mk (el6). "Add 01-Set-Legacy-Eval-True.patch (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Fri Apr 10 10:47:46 UTC 2015
>From 8036622f7e3e6c5c2e20efb53bead346b87fb875 Mon Sep 17 00:00:00 2001
From: Andrea Veri <av at gnome.org>
Date: Wed, 17 Sep 2014 20:36:38 +0200
Subject: Add 01-Set-Legacy-Eval-True.patch
Turn Wato_Legacy_Eval as True as we want to prevent breakages
between machines running different Python and/or check-mk releases.
This is necessary after the 'ast' move from 'pickle' (that was
generating a insecure API call), however the 'ast' module is still
not available for RHEL / CentOS 5 machines. The patch is there to
avoid miscommunications between different distribution releases. More
information is available at: http://mathias-kettner.com/check_mk_werks.php?werk_id=984.
diff --git a/.gitignore b/.gitignore
index 49d8d19..e534987 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
/check_mk-1.2.4.tar.gz
/check_mk-1.2.4p1.tar.gz
/check_mk-1.2.4p2.tar.gz
+/check_mk-1.2.4p5.tar.gz
diff --git a/01-Set-Legacy-Eval-True.patch b/01-Set-Legacy-Eval-True.patch
new file mode 100644
index 0000000..526fc7d
--- /dev/null
+++ b/01-Set-Legacy-Eval-True.patch
@@ -0,0 +1,11 @@
+--- plugins/config/wato.py 2014-09-17 16:45:20.548080345 +0200
++++ plugins/config/wato.py.patched 2014-09-17 16:45:34.604504277 +0200
+@@ -39,7 +39,7 @@
+ wato_use_git = False
+ wato_hidden_users = []
+ wato_user_attrs = []
+-wato_legacy_eval = False
++wato_legacy_eval = True
+
+ def tag_alias(tag):
+ for entry in wato_host_tags:
diff --git a/check-mk.spec b/check-mk.spec
index 0bff6f4..c04594b 100644
--- a/check-mk.spec
+++ b/check-mk.spec
@@ -15,6 +15,7 @@ Requires: mod_python
Source1: First-Installation.txt
Source2: defaults
Source3: defaults.py
+Patch0: 01-Set-Legacy-Eval-True.patch
AutoReq: 0
# Do not provide from a documentation
@@ -71,6 +72,9 @@ This package contains the check-mk's web interface aka WATO.
%prep
%setup -q -n check_mk-%{version}
tar xf agents.tar.gz
+tar xf web.tar.gz && rm -f web.tar.gz
+%patch0 -p0
+tar zcf web.tar.gz htdocs plugins
%build
rm -f waitmax
@@ -269,10 +273,18 @@ rmdir %{buildroot}%{_prefix}/lib/check_mk
%changelog
* Wed Sep 17 2014 Andrea Veri <averi at fedoraproject.org> - 1.2.4p5-1
- New upstream release. Fixes CVEs:
- - CVE-2014-5338
+ - CVE-2014-5338
- CVE-2014-5339
- - CVE-2014-5340
-- Stop shipping the j4p_performance plugin as it's deprecated.
+ - CVE-2014-5340 (BZ: #1132337, #1132339, #1132341)
+- Stop shipping the j4p_performance plugin as it's deprecated. (BZ: #1133068)
+- Turn Wato_Legacy_Eval as True as we want to prevent breakages
+ between machines running different Python and/or check-mk releases.
+ This is necessary after the 'ast' move from 'pickle' (that was
+ generating a insecure API call), however the 'ast' module is still
+ not available for RHEL / CentOS 5 machines. The patch is there to
+ avoid miscommunications between different distribution releases. More
+ information is available at:
+ http://mathias-kettner.com/check_mk_werks.php?werk_id=984.
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.4p2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
diff --git a/sources b/sources
index 2153953..6d6a60d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1162c007d89558bc20c5655e35a0ba94 check_mk-1.2.4p2.tar.gz
+ef3055d191bd38295d1716b3f7824115 check_mk-1.2.4p5.tar.gz
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/check-mk.git/commit/?h=el6&id=8036622f7e3e6c5c2e20efb53bead346b87fb875
More information about the scm-commits
mailing list