Hello community, here is the log from the commit of package nbd for openSUSE:Factory checked in at 2018-08-20 16:16:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nbd (Old) and /work/SRC/openSUSE:Factory/.nbd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nbd" Mon Aug 20 16:16:43 2018 rev:47 rq:628877 version:3.17 Changes: -------- --- /work/SRC/openSUSE:Factory/nbd/nbd.changes 2018-07-13 10:18:33.558255659 +0200 +++ /work/SRC/openSUSE:Factory/.nbd.new/nbd.changes 2018-08-20 16:16:53.320608503 +0200 @@ -1,0 +2,8 @@ +Tue Jul 24 19:31:37 UTC 2018 - luizl...@gmail.com + +- Add firewalld service file +- Fix some rpmlint warnings: + * 0001_fix_setgroup.patch (gh#NetworkBlockDevice/nbd#79) + * Workaround macro-in-comment (rpmlint bug) + +------------------------------------------------------------------- New: ---- 0001_fix_setgroup.patch nbd.firewalld ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nbd.spec ++++++ --- /var/tmp/diff_new_pack.KO66XM/_old 2018-08-20 16:16:55.284611265 +0200 +++ /var/tmp/diff_new_pack.KO66XM/_new 2018-08-20 16:16:55.288611270 +0200 @@ -16,6 +16,12 @@ # +%if 0%{?suse_version} >= 1500 +%define use_firewalld 1 +%else +%define use_firewalld 0 +%endif + Name: nbd Version: 3.17 Release: 0 @@ -28,6 +34,10 @@ Source3: config.example Source4: nbd-server.sysconfig Source5: nbd-client.service +#%%if %%{use_firewalld} +Source10: nbd.firewalld +#%%endif +Patch1: 0001_fix_setgroup.patch BuildRequires: pkgconfig BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(glib-2.0) >= 2.26.0 @@ -56,6 +66,7 @@ %prep %setup -q +%patch1 -p1 %build %configure @@ -82,6 +93,11 @@ install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/nbd-server/config.example install -D -p -m 0644 %{SOURCE4} %{buildroot}%{_fillupdir}/sysconfig.%{name}-server +# install firewall information file +%if %{use_firewalld} +install -D -m 644 %{SOURCE10} %{buildroot}%{_libexecdir}/firewalld/services/%{name}.xml +%endif + %post export DISABLE_RESTART_ON_UPDATE=yes %service_add_post %{name}-server.service @@ -93,10 +109,12 @@ grep -vE '^(#|[[:blank:]]*$)' %{_sysconfdir}/nbd-server.conf | while read port file opts; do if test -z "$generic"; then - echo > %{_sysconfdir}/nbd-server/config - echo "[generic]" >> %{_sysconfdir}/nbd-server/config - echo " # No generic options yet" >> %{_sysconfdir}/nbd-server/config - echo >> %{_sysconfdir}/nbd-server/config + cat >%{_sysconfdir}/nbd-server/config <<-EOF + + [generic] + # No generic options yet + + EOF generic=1 fi FN=${file%/*} @@ -137,5 +155,10 @@ %dir %{_libexecdir}/modules-load.d/ %{_libexecdir}/modules-load.d/nbd.conf %{_fillupdir}/sysconfig.%{name}-server +%if %{use_firewalld} +%dir %{_libexecdir}/firewalld +%dir %{_libexecdir}/firewalld/services +%{_libexecdir}/firewalld/services/%{name}.xml +%endif %changelog ++++++ 0001_fix_setgroup.patch ++++++ >From 0cd9e3ba2a0f54d930d813bfde9ff9d57a12d9ed Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca <luizl...@gmail.com> Date: Tue, 24 Jul 2018 15:59:39 -0300 Subject: [PATCH] server: clean supplementary groups when setuid Upstream: merged References: https://github.com/NetworkBlockDevice/nbd/commit/0cd9e3ba2a0f54d930d813bfde9ff9d57a12d9ed References: gh#NetworkBlockDevice/nbd#79 References: https://github.com/NetworkBlockDevice/nbd/pull/79 When nbd-server drops privileges, it was leaving supplementary groups untouched. As nbd-server was normally dropping from root, nbd-server kept membership to root supplementary groups. Signed-off-by: Luiz Angelo Daros de Luca <luizl...@gmail.com> --- nbd-server.c | 1 + 1 file changed, 1 insertion(+) diff --git a/nbd-server.c b/nbd-server.c index 1d1f4c8d..b0720ea1 100644 --- a/nbd-server.c +++ b/nbd-server.c @@ -3470,6 +3470,7 @@ void dousers(const gchar *const username, const gchar *const groupname) { str = g_strdup_printf("Invalid user name: %s", username); err(str); } + setgroups(0, NULL); if(setuid(pw->pw_uid)<0) { err("Could not set UID: %m"); } ++++++ nbd.firewalld ++++++ <?xml version="1.0" encoding="utf-8"?> <service> <short>NBD</short> <description>The Network Block Device is a Linux-originated lightweight block access protocol that allows one to export a block device to a client.</description> <port protocol="tcp" port="10809"/> </service>