From fd074593abe6f4dcf8ded5292af2f8ee88a2eb00 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Feb 15 2010 16:13:25 +0000 Subject: - Add systemtap-1.1-cfi-cfa_ops-fixes.patch - Resolves RHBZ #564429 - Add systemtap-1.1-get_argv.patch - Resolves CVE-2010-0411 - Add systemtap-1.1-tighten-server-params.patch (excluding testsuite) - Resolves CVE-2010-0412, CVE-2009-4273 --- diff --git a/systemtap-1.1-cfi-cfa_ops-fixes.patch b/systemtap-1.1-cfi-cfa_ops-fixes.patch new file mode 100644 index 0000000..ed22ea0 --- /dev/null +++ b/systemtap-1.1-cfi-cfa_ops-fixes.patch @@ -0,0 +1,283 @@ +commit 08d1d520616557f6ff7dd023e260ad6577e9e0e8 +Author: Mark Wielaard +Date: Mon Jan 18 09:13:30 2010 +0100 + + PR11173 Markers get a bad address in prelinked libraries. + + Our literal_addr_to_sym_addr() function was just wrong. To compensate for + raw addresses read from elf (either given by the user or through a mark + transformation) we need to know what the elf_bias is (as returned by + dwfl_module_getelf) before feeding them to any libdwfl functions. + + * tapsets.cxx (query_module_dwarf): Always add elf_bias to raw function or + statement addresses before calling query_addr(). + (query_addr): Don't call literal_addr_to_sym_addr(). + * dwflpp.h (literal_addr_to_sym_addr): Removed. + * dwflpp.cxx (literal_addr_to_sym_addr): Likewise. + +diff --git a/dwflpp.cxx b/dwflpp.cxx +index 7dd31d0..e6fe017 100644 +--- a/dwflpp.cxx ++++ b/dwflpp.cxx +@@ -2771,45 +2771,6 @@ dwflpp::relocate_address(Dwarf_Addr dw_addr, string& reloc_section) + return reloc_addr; + } + +-/* Converts a "global" literal address to the module symbol address +- * space. If necessary (not for kernel and executables using absolute +- * addresses), this adjust the address for the current module symbol +- * bias. Literal addresses are provided by the user (or contained on +- * the .probes section) based on the "on disk" layout of the module. +- */ +-Dwarf_Addr +-dwflpp::literal_addr_to_sym_addr(Dwarf_Addr lit_addr) +-{ +- if (sess.verbose > 2) +- clog << "literal_addr_to_sym_addr 0x" << hex << lit_addr << dec << endl; +- +- // Assume the address came from the symbol list. +- // If we cannot get the symbol bias fall back on the dw bias. +- // The kernel (and other absolute executable modules) is special though. +- if (module_name != TOK_KERNEL +- && dwfl_module_relocations (module) > 0) +- { +- Dwarf_Addr symbias = ~0; +- if (dwfl_module_getsymtab (module) != -1) +- dwfl_module_info (module, NULL, NULL, NULL, NULL, +- &symbias, NULL, NULL); +- +- if (sess.verbose > 3) +- clog << "symbias 0x" << hex << symbias << dec +- << ", dwbias 0x" << hex << module_bias << dec << endl; +- +- if (symbias == (Dwarf_Addr) ~0) +- symbias = module_bias; +- +- lit_addr += symbias; +- } +- +- if (sess.verbose > 2) +- clog << "literal_addr_to_sym_addr ret 0x" << hex << lit_addr << dec << endl; +- +- return lit_addr; +-} +- + /* Returns the call frame address operations for the given program counter + * in the libdw address space. + */ +diff --git a/dwflpp.h b/dwflpp.h +index cdc6ad9..523dd88 100644 +--- a/dwflpp.h ++++ b/dwflpp.h +@@ -284,8 +284,6 @@ struct dwflpp + + Dwarf_Addr relocate_address(Dwarf_Addr addr, std::string& reloc_section); + +- Dwarf_Addr literal_addr_to_sym_addr(Dwarf_Addr lit_addr); +- + + private: + DwflPtr dwfl_ptr; +diff --git a/tapsets.cxx b/tapsets.cxx +index 071f92d..d5c6b25 100644 +--- a/tapsets.cxx ++++ b/tapsets.cxx +@@ -761,6 +761,13 @@ dwarf_query::query_module_dwarf() + // number plus the module's bias. + Dwarf_Addr addr = has_function_num ? + function_num_val : statement_num_val; ++ ++ // These are raw addresses, we need to know what the elf_bias ++ // is to feed it to libdwfl based functions. ++ Dwarf_Addr elf_bias; ++ Elf *elf = dwfl_module_getelf (dw.module, &elf_bias); ++ assert(elf); ++ addr += elf_bias; + query_addr(addr, this); + } + else +@@ -1168,8 +1175,8 @@ query_addr(Dwarf_Addr addr, dwarf_query *q) + { + dwflpp &dw = q->dw; + +- // Translate to and actual sumbol address. +- addr = dw.literal_addr_to_sym_addr(addr); ++ if (q->sess.verbose > 2) ++ clog << "query_addr 0x" << hex << addr << dec << endl; + + // First pick which CU contains this address + Dwarf_Die* cudie = dw.query_cu_containing_address(addr); + +commit 87748e2b87e574d3c83866ccd0d83678c3c68d93 +Author: Mark Wielaard +Date: Tue Feb 2 13:47:19 2010 +0100 + + Make sure cfa_ops are always retrieved through dwfl global address. + + dwflpp::translate_location() works on the dw address space, but + get_cfa_ops() starts out with dwfl calls (only dwarf_cfi_addrframe() + needs to be adjusted for bias). + + * dwflpp.cxx (translate_location): Pass pc plus module bias through to + get_cfa_ops. + (get_cfa_ops): Adjust for bias when calling dwarf_cfi_addrframe(), + add frame start/end address when found if verbose logging. + * testsuite/systemtap.exelib/lib.stp: Add $foo and $bar variables to + process.function probes. + * testsuite/systemtap.exelib/libmarkunamestack.stp: Likewise. + * testsuite/systemtap.exelib/lib.tcl: Expect correct values for + process.function probe variables. + * testsuite/systemtap.exelib/libmarkunamestack.tcl: Likewise. + +diff --git a/dwflpp.cxx b/dwflpp.cxx +index e6fe017..d16411c 100644 +--- a/dwflpp.cxx ++++ b/dwflpp.cxx +@@ -1726,9 +1726,10 @@ dwflpp::translate_location(struct obstack *pool, + e->tok); + } + +- // pc is relative to current module, which is what get_cfa_ops +- // and c_translate_location expects. +- Dwarf_Op *cfa_ops = get_cfa_ops (pc); ++ // pc is in the dw address space of the current module, which is what ++ // c_translate_location expects. get_cfa_ops wants the global dwfl address. ++ Dwarf_Addr addr = pc + module_bias; ++ Dwarf_Op *cfa_ops = get_cfa_ops (addr); + return c_translate_location (pool, &loc2c_error, this, + &loc2c_emit_address, + 1, 0 /* PR9768 */, +@@ -2783,17 +2784,17 @@ dwflpp::get_cfa_ops (Dwarf_Addr pc) + clog << "get_cfa_ops @0x" << hex << pc << dec + << ", module_start @0x" << hex << module_start << dec << endl; + +-#if _ELFUTILS_PREREQ(0,142) + // Try debug_frame first, then fall back on eh_frame. +- size_t cfa_nops; +- Dwarf_Addr bias; ++ size_t cfa_nops = 0; ++ Dwarf_Addr bias = 0; ++ Dwarf_Frame *frame = NULL; ++#if _ELFUTILS_PREREQ(0,142) + Dwarf_CFI *cfi = dwfl_module_dwarf_cfi (module, &bias); + if (cfi != NULL) + { + if (sess.verbose > 3) + clog << "got dwarf cfi bias: 0x" << hex << bias << dec << endl; +- Dwarf_Frame *frame = NULL; +- if (dwarf_cfi_addrframe (cfi, pc, &frame) == 0) ++ if (dwarf_cfi_addrframe (cfi, pc - bias, &frame) == 0) + dwarf_frame_cfa (frame, &cfa_ops, &cfa_nops); + else if (sess.verbose > 3) + clog << "dwarf_cfi_addrframe failed: " << dwarf_errmsg(-1) << endl; +@@ -2809,7 +2810,7 @@ dwflpp::get_cfa_ops (Dwarf_Addr pc) + if (sess.verbose > 3) + clog << "got eh cfi bias: 0x" << hex << bias << dec << endl; + Dwarf_Frame *frame = NULL; +- if (dwarf_cfi_addrframe (cfi, pc, &frame) == 0) ++ if (dwarf_cfi_addrframe (cfi, pc - bias, &frame) == 0) + dwarf_frame_cfa (frame, &cfa_ops, &cfa_nops); + else if (sess.verbose > 3) + clog << "dwarf_cfi_addrframe failed: " << dwarf_errmsg(-1) << endl; +@@ -2821,7 +2822,20 @@ dwflpp::get_cfa_ops (Dwarf_Addr pc) + #endif + + if (sess.verbose > 2) +- clog << (cfa_ops == NULL ? "not " : " ") << "found cfa" << endl; ++ { ++ if (cfa_ops == NULL) ++ clog << "not found cfa" << endl; ++ else ++ { ++ Dwarf_Addr frame_start, frame_end; ++ bool frame_signalp; ++ int info = dwarf_frame_info (frame, &frame_start, &frame_end, ++ &frame_signalp); ++ clog << "found cfa, info:" << info << " [start: 0x" << hex ++ << frame_start << dec << ", end: 0x" << hex << frame_end ++ << dec << "), nops: " << cfa_nops << endl; ++ } ++ } + + return cfa_ops; + } +diff --git a/testsuite/systemtap.exelib/lib.stp b/testsuite/systemtap.exelib/lib.stp +index 0151282..3fdc6db 100644 +--- a/testsuite/systemtap.exelib/lib.stp ++++ b/testsuite/systemtap.exelib/lib.stp +@@ -6,7 +6,7 @@ probe process(@1).function("main") { + } + + probe process(@1).function("main_func") { +- printf("main_func\n"); ++ printf("main_func %d\n", $foo); + } + + probe process(@2).function("lib_main") { +@@ -14,5 +14,5 @@ probe process(@2).function("lib_main") { + } + + probe process(@2).function("lib_func") { +- printf("lib_func\n"); ++ printf("lib_func %d\n", $bar); + } +diff --git a/testsuite/systemtap.exelib/lib.tcl b/testsuite/systemtap.exelib/lib.tcl +index c5b7402..a33290b 100644 +--- a/testsuite/systemtap.exelib/lib.tcl ++++ b/testsuite/systemtap.exelib/lib.tcl +@@ -1,11 +1,11 @@ + set ::result_string {main +-main_func +-main_func +-main_func ++main_func 3 ++main_func 2 ++main_func 1 + lib_main +-lib_func +-lib_func +-lib_func} ++lib_func 3 ++lib_func 2 ++lib_func 1} + + # Only run on make installcheck + if {! [installtest_p]} { untested "lib-$testname"; return } +diff --git a/testsuite/systemtap.exelib/libmarkunamestack.stp b/testsuite/systemtap.exelib/libmarkunamestack.stp +index 0efbae0..5ee229d 100644 +--- a/testsuite/systemtap.exelib/libmarkunamestack.stp ++++ b/testsuite/systemtap.exelib/libmarkunamestack.stp +@@ -7,7 +7,7 @@ probe process(@1).function("main") { + } + + probe process(@1).function("main_func") { +- printf("main_func\n"); ++ printf("main_func: %d\n", $foo); + } + + probe process(@2).function("lib_main") { +@@ -15,7 +15,7 @@ probe process(@2).function("lib_main") { + } + + probe process(@2).function("lib_func") { +- printf("lib_func\n"); ++ printf("lib_func: %d\n", $bar); + } + + #mark +diff --git a/testsuite/systemtap.exelib/libmarkunamestack.tcl b/testsuite/systemtap.exelib/libmarkunamestack.tcl +index 55dc10e..20111b3 100644 +--- a/testsuite/systemtap.exelib/libmarkunamestack.tcl ++++ b/testsuite/systemtap.exelib/libmarkunamestack.tcl +@@ -47,9 +47,9 @@ expect { + + # lib + -re {^main\r\n} {incr lib; exp_continue} +- -re {^main_func\r\n} {incr lib; exp_continue} ++ -re {^main_func: [1-3]\r\n} {incr lib; exp_continue} + -re {^lib_main\r\n} {incr lib; exp_continue} +- -re {^lib_func\r\n} {incr lib; exp_continue} ++ -re {^lib_func: [1-3]\r\n} {incr lib; exp_continue} + + # mark + -re {^main_count: [1-3]\r\n} {incr mark; exp_continue} diff --git a/systemtap-1.1-get_argv.patch b/systemtap-1.1-get_argv.patch new file mode 100644 index 0000000..2f755b0 --- /dev/null +++ b/systemtap-1.1-get_argv.patch @@ -0,0 +1,183 @@ +commit a2d399c87a642190f08ede63dc6fc434a5a8363a +Author: Josh Stone +Date: Thu Feb 4 17:47:31 2010 -0800 + + PR11234: Rewrite __get_argv without embedded-C + + We now implement __get_argv's string building in pure stap script. + Also, every argument is now quoted, which is different than before, but + it's much more robust about handling special characters. + +diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp +index bab0f64..e762b37 100644 +--- a/tapset/aux_syscalls.stp ++++ b/tapset/aux_syscalls.stp +@@ -399,124 +399,53 @@ function __sem_flags:string(semflg:long) + + + /* This function copies an argv from userspace. */ +-function __get_argv:string(a:long, first:long) +-%{ /* pure */ +- char __user *__user *argv = (char __user *__user *)(long)THIS->a; +- char __user *vstr; +- int space, rc, len = MAXSTRINGLEN; +- char *str = THIS->__retvalue; +- char buf[80]; +- char *ptr = buf; +- +- +- if (THIS->first && argv) +- argv++; +- +- while (argv != NULL) { +- if (__stp_get_user (vstr, argv)) +- break; +- +- if (vstr == NULL) +- break; +- +- rc = _stp_strncpy_from_user(buf, vstr, 79); +- if (rc <= 0) +- break; +- +- /* check for whitespace in string */ +- buf[rc] = 0; +- ptr = buf; +- space = 0; +- while (*ptr && rc--) { +- if (isspace(*ptr++)) { +- space = 1; +- break; +- } +- } +- +- if (len != MAXSTRINGLEN && len) { +- *str++=' '; +- len--; +- } +- +- if (space && len) { +- *str++='\"'; +- len--; +- } +- +- rc = strlcpy (str, buf, len); +- str += rc; +- len -= rc; +- +- if (space && len) { +- *str++='\"'; +- len--; +- } +- +- argv++; ++function __get_argv:string(argv:long, first:long) ++{ ++%( CONFIG_64BIT == "y" %? ++ if (first && argv) ++ argv += 8 ++ while (argv) { ++ vstr = user_long(argv) ++ if (!vstr) ++ break ++ if (len) ++ str .= " " ++ str .= user_string_quoted(vstr) ++ ++ newlen = strlen(str) ++ if (newlen == len) ++ break ++ len = newlen ++ argv += 8 + } +- *str = 0; +-%} +-/* This function copies an argv from userspace. */ +-function __get_compat_argv:string(a:long, first:long) +-%{ /* pure */ +-#ifdef CONFIG_COMPAT +- compat_uptr_t __user *__user *argv = (compat_uptr_t __user *__user *)(long)THIS->a; +- compat_uptr_t __user *vstr; +- int space, rc, len = MAXSTRINGLEN; +- char *str = THIS->__retvalue; +- char buf[80]; +- char *ptr = buf; +- +- if (THIS->first && argv) +- argv++; +- +- while (argv != NULL) { +- if (__stp_get_user (vstr, argv)) +- break; +- +- if (vstr == NULL) +- break; +- +- rc = _stp_strncpy_from_user(buf, (char *)vstr, 79); +- if (rc <= 0) +- break; +- +- /* check for whitespace in string */ +- buf[rc] = 0; +- ptr = buf; +- space = 0; +- while (*ptr && rc--) { +- if (isspace(*ptr++)) { +- space = 1; +- break; +- } +- } +- +- if (len != MAXSTRINGLEN && len) { +- *str++=' '; +- len--; +- } +- +- if (space && len) { +- *str++='\"'; +- len--; +- } +- +- rc = strlcpy (str, buf, len); +- str += rc; +- len -= rc; +- +- if (space && len) { +- *str++='\"'; +- len--; +- } + +- argv++; ++ return str ++%: ++ return __get_compat_argv(argv, first) ++%) ++} ++/* This function copies an argv from userspace. */ ++function __get_compat_argv:string(argv:long, first:long) ++{ ++ if (first && argv) ++ argv += 4 ++ while (argv) { ++ vstr = user_int(argv) & 0xffffffff ++ if (!vstr) ++ break ++ if (len) ++ str .= " " ++ str .= user_string_quoted(vstr) ++ ++ newlen = strlen(str) ++ if (newlen == len) ++ break ++ len = newlen ++ argv += 4 + } +- *str = 0; +-#endif +-%} ++ ++ return str ++} + + /* + * Return the symbolic string representation diff --git a/systemtap-1.1-tighten-server-params.patch b/systemtap-1.1-tighten-server-params.patch new file mode 100644 index 0000000..ee0c286 --- /dev/null +++ b/systemtap-1.1-tighten-server-params.patch @@ -0,0 +1,262 @@ +Note: Not including testsuite part. + +commit c0d1b5a004b9949bb455b7dbe17b335b7cab9ead +Author: Frank Ch. Eigler +Date: Fri Feb 12 10:25:43 2010 -0500 + + PR11105 part 2: tighten constraints on stap-server parameters passed to make + + * util.h, util.cxx (assert_match_regexp): New function. + * main.cxx (main): Constrain -R, -r, -a, -D, -S, -q, -B flags. + * stap-serverd (listen): Harden stap-server-connect with ulimit/loop. + +diff --git a/main.cxx b/main.cxx +index 8f5ee72..2dba179 100644 +--- a/main.cxx ++++ b/main.cxx +@@ -57,7 +57,7 @@ version () + << "SystemTap translator/driver " + << "(version " << VERSION << "/" << dwfl_version (NULL) + << " " << GIT_MESSAGE << ")" << endl +- << "Copyright (C) 2005-2009 Red Hat, Inc. and others" << endl ++ << "Copyright (C) 2005-2010 Red Hat, Inc. and others" << endl + << "This is free software; see the source for copying conditions." << endl; + } + +@@ -708,12 +708,12 @@ main (int argc, char * const argv []) + break; + + case 'o': ++ // NB: client_options not a problem, since pass 1-4 does not use output_file. + s.output_file = string (optarg); + break; + + case 'R': +- if (client_options) +- client_options_disallowed += client_options_disallowed.empty () ? "-R" : ", -R"; ++ if (client_options) { cerr << "ERROR: -R invalid with --client-options" << endl; usage(s,1); } + s.runtime_path = string (optarg); + break; + +@@ -722,6 +722,7 @@ main (int argc, char * const argv []) + client_options_disallowed += client_options_disallowed.empty () ? "-m" : ", -m"; + s.module_name = string (optarg); + save_module = true; ++ // XXX: convert to assert_regexp_match() + { + string::size_type len = s.module_name.length(); + +@@ -766,15 +767,14 @@ main (int argc, char * const argv []) + break; + + case 'r': +- if (client_options) +- client_options_disallowed += client_options_disallowed.empty () ? "-r" : ", -r"; ++ if (client_options) // NB: no paths! ++ assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_\\.-]+$"); + setup_kernel_release(s, optarg); + break; + + case 'a': +- if (client_options) +- client_options_disallowed += client_options_disallowed.empty () ? "-a" : ", -a"; +- s.architecture = string(optarg); ++ assert_regexp_match("-a parameter", optarg, "^[a-z0-9_-]+$"); ++ s.architecture = string(optarg); + break; + + case 'k': +@@ -821,16 +821,19 @@ main (int argc, char * const argv []) + break; + + case 'D': ++ assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=[a-z_0-9]+)?$"); + if (client_options) + client_options_disallowed += client_options_disallowed.empty () ? "-D" : ", -D"; + s.macros.push_back (string (optarg)); + break; + + case 'S': ++ assert_regexp_match ("-S parameter", optarg, "^[0-9]+(,[0-9]+)?$"); + s.size_option = string (optarg); + break; + + case 'q': ++ if (client_options) { cerr << "ERROR: -q invalid with --client-options" << endl; usage(s,1); } + s.tapset_compile_coverage = true; + break; + +@@ -861,9 +864,8 @@ main (int argc, char * const argv []) + break; + + case 'B': +- if (client_options) +- client_options_disallowed += client_options_disallowed.empty () ? "-B" : ", -B"; +- s.kbuildflags.push_back (string (optarg)); ++ if (client_options) { cerr << "ERROR: -B invalid with --client-options" << endl; usage(s,1); } ++ s.kbuildflags.push_back (string (optarg)); + break; + + case 0: +diff --git a/stap-serverd b/stap-serverd +index eda9711..5820286 100755 +--- a/stap-serverd ++++ b/stap-serverd +@@ -360,11 +360,19 @@ function advertise_presence { + function listen { + # The stap-server-connect program will listen forever + # accepting requests. +- ${stap_pkglibexecdir}stap-server-connect \ +- -p $port -n $nss_cert -d $ssl_db -w $nss_pw \ +- -s "$stap_options" \ +- >> $logfile 2>&1 & +- wait '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 ++ # CVE-2009-4273 ... or at least, until resource limits fire ++ while true; do # NB: loop to avoid DoS by deliberate rlimit-induced halt ++ # NB: impose resource limits in case of mischevious data inducing ++ # too much / long computation ++ (ulimit -f 50000 -s 1000 -t 60 -u 20 -v 500000; ++ exec ${stap_pkglibexecdir}stap-server-connect \ ++ -p $port -n $nss_cert -d $ssl_db -w $nss_pw \ ++ -s "$stap_options") & ++ stap_server_connect_pid=$! ++ wait ++ # NB: avoid superfast spinning in case of a ulimit or other failure ++ sleep 1 ++ done >> $logfile 2>&1 + } + + # function: warning [ MESSAGE ] +@@ -396,8 +404,8 @@ function terminate { + wait '%avahi-publish-service' >> $logfile 2>&1 + + # Kill any running 'stap-server-connect' job. +- kill -s SIGTERM '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 +- wait '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 ++ kill -s SIGTERM $stap_server_connect_pid >> $logfile 2>&1 ++ wait $stap_server_connect_pid >> $logfile 2>&1 + + exit + } +diff --git a/util.cxx b/util.cxx +index 736e5a3..73ba167 100644 +--- a/util.cxx ++++ b/util.cxx +@@ -1,5 +1,5 @@ + // Copyright (C) Andrew Tridgell 2002 (original file) +-// Copyright (C) 2006, 2009 Red Hat Inc. (systemtap changes) ++// Copyright (C) 2006-2010 Red Hat Inc. (systemtap changes) + // + // This program is free software; you can redistribute it and/or + // modify it under the terms of the GNU General Public License as +@@ -19,6 +19,8 @@ + #include "sys/sdt.h" + #include + #include ++#include ++#include + + extern "C" { + #include +@@ -31,6 +33,7 @@ extern "C" { + #include + #include + #include ++#include + } + + using namespace std; +@@ -413,4 +416,35 @@ kill_stap_spawn(int sig) + return spawned_pid ? kill(spawned_pid, sig) : 0; + } + ++ ++void assert_regexp_match (const string& name, const string& value, const string& re) ++{ ++ typedef map cache; ++ static cache compiled; ++ cache::iterator it = compiled.find (re); ++ regex_t* r = 0; ++ if (it == compiled.end()) ++ { ++ r = new regex_t; ++ int rc = regcomp (r, re.c_str(), REG_ICASE|REG_NOSUB|REG_EXTENDED); ++ if (rc) { ++ cerr << "regcomp " << re << " (" << name << ") error rc=" << rc << endl; ++ exit(1); ++ } ++ compiled[re] = r; ++ } ++ else ++ r = it->second; ++ ++ // run regexec ++ int rc = regexec (r, value.c_str(), 0, 0, 0); ++ if (rc) ++ { ++ cerr << "ERROR: Safety pattern mismatch for " << name ++ << " ('" << value << "' vs. '" << re << "') rc=" << rc << endl; ++ exit(1); ++ } ++} ++ ++ + /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ +diff --git a/util.h b/util.h +index 8fc64cb..75e198c 100644 +--- a/util.h ++++ b/util.h +@@ -21,7 +21,7 @@ const std::string cmdstr_quoted(const std::string& cmd); + std::string git_revision(const std::string& path); + int stap_system(int verbose, const std::string& command); + int kill_stap_spawn(int sig); +- ++void assert_regexp_match (const std::string& name, const std::string& value, const std::string& re); + + // stringification generics + + +commit cc9e5488d82b728e568bca1f8d6094856fc8e641 +Author: Frank Ch. Eigler +Date: Fri Feb 12 10:39:58 2010 -0500 + + PR11105 part 2a, fix buggy \\. in -r option regexp + +diff --git a/main.cxx b/main.cxx +index 2dba179..b5fdbc0 100644 +--- a/main.cxx ++++ b/main.cxx +@@ -768,7 +768,7 @@ main (int argc, char * const argv []) + + case 'r': + if (client_options) // NB: no paths! +- assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_\\.-]+$"); ++ assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_.-]+$"); + setup_kernel_release(s, optarg); + break; + + +commit c8408b459b88a5aa5f4325e690aef95b5da7c2eb +Author: Mark Wielaard +Date: Sun Feb 14 21:42:06 2010 +0100 + + PR11281 Allow negative values for -D argument. + + Change regexp match to "^[a-z_][a-z_0-9]*(=-?[a-z_0-9]+)?$". + + * main.cxx (main): case 'D' allow optional single minus sign after equal + in assert_regexp_match(). + +diff --git a/main.cxx b/main.cxx +index b5fdbc0..faac7f8 100644 +--- a/main.cxx ++++ b/main.cxx +@@ -821,7 +821,7 @@ main (int argc, char * const argv []) + break; + + case 'D': +- assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=[a-z_0-9]+)?$"); ++ assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=-?[a-z_0-9]+)?$"); + if (client_options) + client_options_disallowed += client_options_disallowed.empty () ? "-D" : ", -D"; + s.macros.push_back (string (optarg)); diff --git a/systemtap.spec b/systemtap.spec index 3a0a120..9cd1926 100644 --- a/systemtap.spec +++ b/systemtap.spec @@ -12,7 +12,7 @@ Name: systemtap Version: 1.1 -Release: 1%{?dist} +Release: 2%{?dist} # for version, see also configure.ac Summary: Instrumentation System Group: Development/System @@ -56,6 +56,10 @@ BuildRequires: elfutils-devel >= %{elfutils_version} Requires: crash %endif +Patch10: systemtap-1.1-cfi-cfa_ops-fixes.patch +Patch11: systemtap-1.1-get_argv.patch +Patch12: systemtap-1.1-tighten-server-params.patch + %if %{with_docs} BuildRequires: /usr/bin/latex /usr/bin/dvips /usr/bin/ps2pdf latex2html # On F10, xmlto's pdf support was broken off into a sub-package, @@ -189,6 +193,10 @@ find . \( -name configure -o -name config.h.in \) -print | xargs touch cd .. %endif +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 + %build %if %{with_bundled_elfutils} @@ -492,6 +500,14 @@ exit 0 %changelog +* Mon Feb 15 2010 Mark Wielaard - 1.1-2 +- Add systemtap-1.1-cfi-cfa_ops-fixes.patch + - Resolves RHBZ #564429 +- Add systemtap-1.1-get_argv.patch + - Resolves CVE-2010-0411 +- Add systemtap-1.1-tighten-server-params.patch (excluding testsuite) + - Resolves CVE-2010-0412, CVE-2009-4273 + * Mon Dec 21 2009 David Smith - 1.1-1 - Upstream release.