Hello community,
here is the log from the commit of package nbd for openSUSE:Factory checked in
at 2018-08-20 16:16:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nbd (Old)
and /work/SRC/openSUSE:Factory/.nbd.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nbd"
Mon Aug 20 16:16:43 2018 rev:47 rq:628877 version:3.17
Changes:
--------
--- /work/SRC/openSUSE:Factory/nbd/nbd.changes 2018-07-13 10:18:33.558255659
+0200
+++ /work/SRC/openSUSE:Factory/.nbd.new/nbd.changes 2018-08-20
16:16:53.320608503 +0200
@@ -1,0 +2,8 @@
+Tue Jul 24 19:31:37 UTC 2018 - luizl...@gmail.com
+
+- Add firewalld service file
+- Fix some rpmlint warnings:
+ * 0001_fix_setgroup.patch (gh#NetworkBlockDevice/nbd#79)
+ * Workaround macro-in-comment (rpmlint bug)
+
+-------------------------------------------------------------------
New:
----
0001_fix_setgroup.patch
nbd.firewalld
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nbd.spec ++++++
--- /var/tmp/diff_new_pack.KO66XM/_old 2018-08-20 16:16:55.284611265 +0200
+++ /var/tmp/diff_new_pack.KO66XM/_new 2018-08-20 16:16:55.288611270 +0200
@@ -16,6 +16,12 @@
#
+%if 0%{?suse_version} >= 1500
+%define use_firewalld 1
+%else
+%define use_firewalld 0
+%endif
+
Name: nbd
Version: 3.17
Release: 0
@@ -28,6 +34,10 @@
Source3: config.example
Source4: nbd-server.sysconfig
Source5: nbd-client.service
+#%%if %%{use_firewalld}
+Source10: nbd.firewalld
+#%%endif
+Patch1: 0001_fix_setgroup.patch
BuildRequires: pkgconfig
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(glib-2.0) >= 2.26.0
@@ -56,6 +66,7 @@
%prep
%setup -q
+%patch1 -p1
%build
%configure
@@ -82,6 +93,11 @@
install -D -p -m 0644 %{SOURCE3}
%{buildroot}%{_sysconfdir}/nbd-server/config.example
install -D -p -m 0644 %{SOURCE4}
%{buildroot}%{_fillupdir}/sysconfig.%{name}-server
+# install firewall information file
+%if %{use_firewalld}
+install -D -m 644 %{SOURCE10}
%{buildroot}%{_libexecdir}/firewalld/services/%{name}.xml
+%endif
+
%post
export DISABLE_RESTART_ON_UPDATE=yes
%service_add_post %{name}-server.service
@@ -93,10 +109,12 @@
grep -vE '^(#|[[:blank:]]*$)' %{_sysconfdir}/nbd-server.conf |
while read port file opts; do
if test -z "$generic"; then
- echo > %{_sysconfdir}/nbd-server/config
- echo "[generic]" >> %{_sysconfdir}/nbd-server/config
- echo " # No generic options yet" >> %{_sysconfdir}/nbd-server/config
- echo >> %{_sysconfdir}/nbd-server/config
+ cat >%{_sysconfdir}/nbd-server/config <<-EOF
+
+ [generic]
+ # No generic options yet
+
+ EOF
generic=1
fi
FN=${file%/*}
@@ -137,5 +155,10 @@
%dir %{_libexecdir}/modules-load.d/
%{_libexecdir}/modules-load.d/nbd.conf
%{_fillupdir}/sysconfig.%{name}-server
+%if %{use_firewalld}
+%dir %{_libexecdir}/firewalld
+%dir %{_libexecdir}/firewalld/services
+%{_libexecdir}/firewalld/services/%{name}.xml
+%endif
%changelog
++++++ 0001_fix_setgroup.patch ++++++
>From 0cd9e3ba2a0f54d930d813bfde9ff9d57a12d9ed Mon Sep 17 00:00:00 2001
From: Luiz Angelo Daros de Luca <luizl...@gmail.com>
Date: Tue, 24 Jul 2018 15:59:39 -0300
Subject: [PATCH] server: clean supplementary groups when setuid
Upstream: merged
References:
https://github.com/NetworkBlockDevice/nbd/commit/0cd9e3ba2a0f54d930d813bfde9ff9d57a12d9ed
References: gh#NetworkBlockDevice/nbd#79
References: https://github.com/NetworkBlockDevice/nbd/pull/79
When nbd-server drops privileges, it was leaving supplementary
groups untouched. As nbd-server was normally dropping from root,
nbd-server kept membership to root supplementary groups.
Signed-off-by: Luiz Angelo Daros de Luca <luizl...@gmail.com>
---
nbd-server.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/nbd-server.c b/nbd-server.c
index 1d1f4c8d..b0720ea1 100644
--- a/nbd-server.c
+++ b/nbd-server.c
@@ -3470,6 +3470,7 @@ void dousers(const gchar *const username, const gchar
*const groupname) {
str = g_strdup_printf("Invalid user name: %s",
username);
err(str);
}
+ setgroups(0, NULL);
if(setuid(pw->pw_uid)<0) {
err("Could not set UID: %m");
}
++++++ nbd.firewalld ++++++
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>NBD</short>
<description>The Network Block Device is a Linux-originated lightweight block
access protocol that allows one to export a block device to a
client.</description>
<port protocol="tcp" port="10809"/>
</service>
