summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2017-02-05 18:20:51 +0100
committerRemi Collet <fedora@famillecollet.com>2017-02-05 18:20:51 +0100
commit0c9fc790189dd45e4cc91311adaa60896cba4625 (patch)
treed73c2dbbd5e07d1bfbd7d0518f7150d1832b8162
parent7423c0d7bdac6e3660a59ed1415bf754d23b412a (diff)
php-pecl-trace: add securty fix
-rw-r--r--php-pecl-trace.spec20
-rw-r--r--trace-pr76.patch27
2 files changed, 46 insertions, 1 deletions
diff --git a/php-pecl-trace.spec b/php-pecl-trace.spec
index 3c736e8..93b52f4 100644
--- a/php-pecl-trace.spec
+++ b/php-pecl-trace.spec
@@ -22,13 +22,17 @@
Summary: Trace is a low-overhead tracing tool for PHP
Name: %{?sub_prefix}php-pecl-%{pecl_name}
Version: 1.0.0
-Release: 1%{?dist}%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}
+Release: 2%{?dist}%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}
# common/sds is BSD-2, other is ASL 2.0
License: ASL 2.0 and BSD
Group: Development/Languages
URL: http://pecl.php.net/package/%{pecl_name}
Source0: http://pecl.php.net/get/%{pecl_name}-%{version}.tgz
+# https://github.com/Qihoo360/phptrace/issues/75
+# https://github.com/Qihoo360/phptrace/pull/76
+Patch0: %{pecl_name}-pr76.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
# https://github.com/Qihoo360/phptrace/issues/71
# PHP 7.1 build broken
@@ -64,6 +68,10 @@ Obsoletes: php56w-pecl-%{pecl_name} <= %{version}
%endif
%if "%{php_version}" > "7.0"
Obsoletes: php70u-pecl-%{pecl_name} <= %{version}
+Obsoletes: php70w-pecl-%{pecl_name} <= %{version}
+%endif
+%if "%{php_version}" > "7.1"
+Obsoletes: php71u-pecl-%{pecl_name} <= %{version}
Obsoletes: php71w-pecl-%{pecl_name} <= %{version}
%endif
%endif
@@ -90,6 +98,9 @@ Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSIO
%prep
%setup -q -c
+pushd %{pecl_name}-%{version}
+%patch0 -p1 -b .pr76
+popd
# Don't install tests
sed -e 's/role="test"/role="src"/' \
@@ -123,6 +134,7 @@ EOF
%build
+%{?dtsenable}
cd %{pecl_name}-%{version}/extension
%{_bindir}/phpize
@@ -135,6 +147,7 @@ make cli %{?_smp_mflags}
%install
rm -rf %{buildroot}
+%{?dtsenable}
make -C %{pecl_name}-%{version}/extension install-all INSTALL_ROOT=%{buildroot}
@@ -213,6 +226,11 @@ rm -rf %{buildroot}
%changelog
+* Sun Feb 5 2017 Remi Collet <remi@fedoraproject.org> - 1.0.0-2
+- add patch for security issue (umask=0)
+ patch from https://github.com/Qihoo360/phptrace/pull/76
+ see https://github.com/Qihoo360/phptrace/issues/75
+
* Thu Jan 19 2017 Remi Collet <remi@fedoraproject.org> - 1.0.0-1
- Update to 1.0.0 (beta)
- open https://github.com/Qihoo360/phptrace/issues/71: PHP 7.1 build broken
diff --git a/trace-pr76.patch b/trace-pr76.patch
new file mode 100644
index 0000000..5df2a3e
--- /dev/null
+++ b/trace-pr76.patch
@@ -0,0 +1,27 @@
+From cf9e59ad032a56ee14d96f2a6adb6e17f51fa852 Mon Sep 17 00:00:00 2001
+From: Remi Collet <fedora@famillecollet.com>
+Date: Sat, 4 Feb 2017 10:39:23 +0100
+Subject: [PATCH] Fix #75: don't change umask value
+
+---
+ common/trace_mmap.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/common/trace_mmap.c b/common/trace_mmap.c
+index a051ecd..02a433c 100644
+--- a/common/trace_mmap.c
++++ b/common/trace_mmap.c
+@@ -77,10 +77,12 @@ int pt_mmap_open(pt_segment_t *seg, const char *file, size_t size)
+ int pt_mmap_create(pt_segment_t *seg, const char *file, size_t size)
+ {
+ int fd;
++ mode_t um;
+
+ /* file open */
+- umask(0000);
++ um = umask(0000);
+ fd = open(file, O_RDWR | O_CREAT, DEFFILEMODE);
++ umask(um);
+ if (fd == -1) {
+ return reset_with_retval(seg, -1);
+ }