Hello community, here is the log from the commit of package mtr for openSUSE:Factory checked in at 2014-03-14 15:17:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mtr (Old) and /work/SRC/openSUSE:Factory/.mtr.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mtr" Changes: -------- --- /work/SRC/openSUSE:Factory/mtr/mtr.changes 2012-05-26 09:27:28.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mtr.new/mtr.changes 2014-03-14 15:17:19.000000000 +0100 @@ -1,0 +2,6 @@ +Wed Mar 12 10:26:00 UTC 2014 - [email protected] + +- mtr-0.82-capabilities.patch: Add patch to use and drop capabilities + instead of setuid. bnc#865351 + +------------------------------------------------------------------- New: ---- mtr-0.82-capabilities.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mtr.spec ++++++ --- /var/tmp/diff_new_pack.kILAhe/_old 2014-03-14 15:17:19.000000000 +0100 +++ /var/tmp/diff_new_pack.kILAhe/_new 2014-03-14 15:17:19.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package mtr # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,6 +19,7 @@ Name: mtr BuildRequires: automake BuildRequires: gtk2-devel +BuildRequires: libcap-devel BuildRequires: ncurses-devel BuildRequires: update-desktop-files BuildRequires: xorg-x11-devel @@ -34,6 +35,7 @@ Patch2: mtr-0.75-manxmtr.patch Patch3: mtr-0.75-nonvoid.patch Patch4: mtr-0.75-sec_snprintf.patch +Patch5: mtr-0.82-capabilities.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Icon: mtr.gif PreReq: permissions @@ -74,6 +76,7 @@ %patch2 %patch3 %patch4 +%patch5 -p1 %build aclocal -I /usr/share/aclocal ++++++ mtr-0.82-capabilities.patch ++++++ Index: mtr-0.82/configure.in =================================================================== --- mtr-0.82.orig/configure.in +++ mtr-0.82/configure.in @@ -27,6 +27,10 @@ AC_CHECK_HEADERS(socket.h sys/socket.h s # pull in anything if we don't refer to anything in the lib). AC_CHECK_LIB(termcap, tgetent) +AC_CHECK_LIB(cap, cap_init, + AC_DEFINE(HAVE_CAPABILITIES, 1, capability support) + LIBS="$LIBS -lcap", AC_MSG_WARN(No capability support available.)) + AC_CHECK_FUNC(initscr, , AC_CHECK_LIB(ncurses, initscr, , AC_CHECK_LIB(curses, initscr, , Index: mtr-0.82/mtr.c =================================================================== --- mtr-0.82.orig/mtr.c +++ mtr-0.82/mtr.c @@ -35,6 +35,9 @@ #include "report.h" #include "net.h" +#ifdef HAVE_CAPABILITIES +#include <sys/capability.h> +#endif #ifdef ENABLE_IPV6 #define DEFAULT_AF AF_UNSPEC @@ -343,6 +346,18 @@ int main(int argc, char **argv) exit( EXIT_FAILURE ); } + /* ported from ping */ +#ifdef HAVE_CAPABILITIES + { + cap_t caps = cap_init(); + if (cap_set_proc(caps) < 0) { + fprintf (stderr, "mtr: Unable to drop capabilities.\n"); + exit(1); + } + cap_free(caps); + } +#endif + /* Now drop to user permissions */ if (setgid(getgid()) || setuid(getuid())) { fprintf (stderr, "mtr: Unable to drop permissions.\n"); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
