noodles pushed to ganglia (el5). "Merge branch 'f17' into el6"
notifications at fedoraproject.org
notifications at fedoraproject.org
Wed Apr 22 02:50:36 UTC 2015
>From 4d185009c607af7343273a6da4fa291a621af941 Mon Sep 17 00:00:00 2001
From: Kostas Georgiou <georgiou at opengamma.com>
Date: Tue, 14 Jun 2011 15:36:33 +0100
Subject: Fix buffer overflow in moddisk.so #689483
diff --git a/diskmetrics.patch b/diskmetrics.patch
new file mode 100644
index 0000000..51af49a
--- /dev/null
+++ b/diskmetrics.patch
@@ -0,0 +1,12 @@
+diff -u a/libmetrics/linux/metrics.c-orig b/libmetrics/linux/metrics.c
+--- a/libmetrics/linux/metrics.c 2011-06-13 16:39:19.279753448 +0100
++++ b/libmetrics/linux/metrics.c 2011-06-13 16:46:36.936156216 +0100
+@@ -1242,7 +1242,7 @@
+ return max;
+ }
+ while ( fgets(procline, sizeof(procline), mounts) ) {
+- rc=sscanf(procline, "%s %s %s %s ", device, mount, type, mode);
++ rc=sscanf(procline, "%127s %127s %31s %127s ", device, mount, type, mode);
+ if (!rc) continue;
+ if (!strncmp(mode, "ro", 2)) continue;
+ if (remote_mount(device, type)) continue;
diff --git a/ganglia.spec b/ganglia.spec
index 2f3b4e4..7cf57ff 100644
--- a/ganglia.spec
+++ b/ganglia.spec
@@ -1,6 +1,6 @@
Name: ganglia
Version: 3.1.7
-Release: 3%{?svnrev:.r%{svnrev}}%{?dist}
+Release: 4%{?svnrev:.r%{svnrev}}%{?dist}
Summary: Ganglia Distributed Monitoring System
Group: Applications/Internet
@@ -10,6 +10,7 @@ Source0: http://dl.sourceforge.net/sourceforge/%{name}/%{name}-%{vers
#Source0: http://www.ganglia.info/snapshots/3.1.x/%{name}-%{version}.%{svnrev}.tar.gz
Patch0: diskusage-pcre.patch
Patch1: setuserid-fix.patch
+Patch2: diskmetrics.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: rrdtool-devel, apr-devel >= 1
@@ -92,6 +93,7 @@ programmers can use to build scalable cluster or grid applications
%setup -q -n %{name}-%{version}%{?svnrev:.%{svnrev}}
%patch0 -p1
%patch1 -p1
+%patch2 -p1
## Hey, those shouldn't be executable...
chmod -x lib/*.{h,x}
@@ -277,6 +279,9 @@ fi
%{_datadir}/%{name}
%changelog
+* Tue Feb 08 2011 Kostas Georgiou <georgiou at fedoraproject.org> - 3.1.7-4
+- Fix buffer overflow in moddisk.so #689483
+
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.1.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--
cgit v0.10.2
>From 251b426ec296bb42e17115fdb9c5fb8c359c0307 Mon Sep 17 00:00:00 2001
From: Kostas Georgiou <georgiou at opengamma.com>
Date: Tue, 14 Jun 2011 17:49:49 +0100
Subject: Correct changelog date
diff --git a/ganglia.spec b/ganglia.spec
index 7cf57ff..01ed120 100644
--- a/ganglia.spec
+++ b/ganglia.spec
@@ -279,7 +279,7 @@ fi
%{_datadir}/%{name}
%changelog
-* Tue Feb 08 2011 Kostas Georgiou <georgiou at fedoraproject.org> - 3.1.7-4
+* Tue Jun 14 2011 Kostas Georgiou <georgiou at fedoraproject.org> - 3.1.7-4
- Fix buffer overflow in moddisk.so #689483
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.1.7-3
--
cgit v0.10.2
>From 2a1e8cdf65f8f6e3d7282222305affa9b9e20e02 Mon Sep 17 00:00:00 2001
From: Dennis Gilmore <dennis at ausil.us>
Date: Thu, 12 Jan 2012 20:56:09 -0600
Subject: - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
diff --git a/ganglia.spec b/ganglia.spec
index 01ed120..d01e5c6 100644
--- a/ganglia.spec
+++ b/ganglia.spec
@@ -1,6 +1,6 @@
Name: ganglia
Version: 3.1.7
-Release: 4%{?svnrev:.r%{svnrev}}%{?dist}
+Release: 5%{?svnrev:.r%{svnrev}}%{?dist}
Summary: Ganglia Distributed Monitoring System
Group: Applications/Internet
@@ -279,6 +279,9 @@ fi
%{_datadir}/%{name}
%changelog
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.1.7-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
* Tue Jun 14 2011 Kostas Georgiou <georgiou at fedoraproject.org> - 3.1.7-4
- Fix buffer overflow in moddisk.so #689483
--
cgit v0.10.2
>From bfd9cff9ae56cf3771f08ec3ea9cdea12e7c3177 Mon Sep 17 00:00:00 2001
From: Kostas Georgiou <k.georgiou at atreides.org.uk>
Date: Sun, 15 Jul 2012 14:37:08 +0100
Subject: Backport of security fix
http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=333
diff --git a/ganglia.spec b/ganglia.spec
index d01e5c6..a935c02 100644
--- a/ganglia.spec
+++ b/ganglia.spec
@@ -1,6 +1,6 @@
Name: ganglia
Version: 3.1.7
-Release: 5%{?svnrev:.r%{svnrev}}%{?dist}
+Release: 6%{?svnrev:.r%{svnrev}}%{?dist}
Summary: Ganglia Distributed Monitoring System
Group: Applications/Internet
@@ -11,6 +11,7 @@ Source0: http://dl.sourceforge.net/sourceforge/%{name}/%{name}-%{vers
Patch0: diskusage-pcre.patch
Patch1: setuserid-fix.patch
Patch2: diskmetrics.patch
+Patch3: graph-remoteexec-fix.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: rrdtool-devel, apr-devel >= 1
@@ -94,6 +95,7 @@ programmers can use to build scalable cluster or grid applications
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
## Hey, those shouldn't be executable...
chmod -x lib/*.{h,x}
@@ -279,6 +281,9 @@ fi
%{_datadir}/%{name}
%changelog
+* Sun Jul 15 2012 Kostas Georgiou <georgiou at fedoraproject.org> - 3.1.7-6
+- Backport of security patch for gangliabz#333
+
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.1.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
diff --git a/graph-remoteexec-fix.patch b/graph-remoteexec-fix.patch
new file mode 100644
index 0000000..7c8ffe0
--- /dev/null
+++ b/graph-remoteexec-fix.patch
@@ -0,0 +1,12 @@
+diff -u a/web/graph.php-orig b/web/graph.php
+--- a/web/graph.php-orig 2012-07-15 13:56:07.004566423 +0100
++++ b/web/graph.php 2012-07-15 13:56:17.082752514 +0100
+@@ -122,7 +122,7 @@
+
+ $graph_file = "$graphdir/$graph.php";
+
+-if ( is_readable($graph_file) ) {
++if ( is_readable($graph_file) and realpath($graphdir) === dirname(realpath($graph_file)) ) {
+ include_once($graph_file);
+
+ $graph_function = "graph_${graph}";
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/ganglia.git/commit/?h=el5&id=320e1baf2615eaa17d53e4266fd288265b3375aa
More information about the scm-commits
mailing list