Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package munin for openSUSE:Factory checked
in at 2025-07-09 17:26:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/munin (Old)
and /work/SRC/openSUSE:Factory/.munin.new.7373 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "munin"
Wed Jul 9 17:26:32 2025 rev:39 rq:1291418 version:2.0.72
Changes:
--------
--- /work/SRC/openSUSE:Factory/munin/munin.changes 2025-06-18
19:30:29.182915827 +0200
+++ /work/SRC/openSUSE:Factory/.munin.new.7373/munin.changes 2025-07-09
17:27:00.540054203 +0200
@@ -1,0 +2,6 @@
+Tue Jul 8 13:03:35 UTC 2025 - Bernhard Wiedemann <bwiedem...@suse.de>
+
+- Let munin-node use its own log and run sub-directory
+ to avoid privilege escalation (boo#1246089)
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ munin.spec ++++++
--- /var/tmp/diff_new_pack.pIdqoE/_old 2025-07-09 17:27:01.428091154 +0200
+++ /var/tmp/diff_new_pack.pIdqoE/_new 2025-07-09 17:27:01.452092153 +0200
@@ -193,7 +193,7 @@
%__install -m0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/cron.d/munin
%endif
-%__mkdir_p %{buildroot}/%{logdir}
+%__mkdir_p %{buildroot}/%{logdir} %{buildroot}/%{logdir}-node
%__mkdir_p %{buildroot}/%{htmldir}
%__mkdir_p %{buildroot}/%{dbdir}
%__mkdir_p %{buildroot}/%{dbdir}/plugin-state
@@ -208,6 +208,11 @@
%python3_fix_shebang_path %{buildroot}/%{plugindir}/*
%endif
+# for boo#1246089
+sed -i 's,/var/log/munin/,/var/log/munin-node/,;
+ s,/var/run/munin/,/var/run/munin-node/,' \
+ %{buildroot}/etc/munin/munin-node.conf
+
# Fix rpmlint warning: This script uses 'env' as an interpreter.
for F in \
%{buildroot}/%{_prefix}/lib/munin/plugins/ipmi_sensor_ \
@@ -452,11 +457,11 @@
%{_mandir}/man3/Munin::Plugin.3pm.gz
%{_mandir}/man3/Munin::Plugin::Pgsql.3pm.gz
%{_mandir}/man3/Munin::Plugin::SNMP.3pm.gz
-%attr(0750, munin, munin) %dir %{logdir}
%attr(0755, munin, munin) %dir %{dbdir}
%attr(0775, nobody, nobody) %dir %{dbdir}/plugin-state
-%ghost %{logdir}/munin-node.log
-%ghost /run/munin
+%attr(0750, root, root) %dir %{logdir}-node
+%ghost %{logdir}-node/munin-node.log
+%ghost /run/munin-node
%dir %{_prefix}/lib/firewalld
%dir %{_prefix}/lib/firewalld/services
%{_prefix}/lib/firewalld/services/munin-node.xml
++++++ munin-node.logrotate ++++++
--- /var/tmp/diff_new_pack.pIdqoE/_old 2025-07-09 17:27:02.204123444 +0200
+++ /var/tmp/diff_new_pack.pIdqoE/_new 2025-07-09 17:27:02.240124943 +0200
@@ -1,4 +1,4 @@
-/var/log/munin/munin-node.log {
+/var/log/munin-node/munin-node.log {
daily
missingok
rotate 7
++++++ munin-node.service ++++++
--- /var/tmp/diff_new_pack.pIdqoE/_old 2025-07-09 17:27:02.412132100 +0200
+++ /var/tmp/diff_new_pack.pIdqoE/_new 2025-07-09 17:27:02.444133431 +0200
@@ -15,8 +15,8 @@
# end of automatic additions
Type=forking
ExecStart=/usr/sbin/munin-node
-ExecStartPre=/usr/bin/mkdir -p /var/run/munin/
-PIDFile=/var/run/munin/munin-node.pid
+ExecStartPre=/usr/bin/mkdir -p /var/run/munin-node/
+PIDFile=/var/run/munin-node/munin-node.pid
[Install]
WantedBy=multi-user.target
++++++ munin-node.tmpfiles ++++++
--- /var/tmp/diff_new_pack.pIdqoE/_old 2025-07-09 17:27:02.584139257 +0200
+++ /var/tmp/diff_new_pack.pIdqoE/_new 2025-07-09 17:27:02.624140921 +0200
@@ -1,2 +1,3 @@
d /run/munin 0755 munin munin - -
+d /run/munin-node 0755 root root - -
