Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package btop for openSUSE:Factory checked in at 2021-11-05 22:58:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/btop (Old) and /work/SRC/openSUSE:Factory/.btop.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "btop" Fri Nov 5 22:58:22 2021 rev:6 rq:929209 version:1.0.22 Changes: -------- --- /work/SRC/openSUSE:Factory/btop/btop.changes 2021-10-29 22:35:14.331704911 +0200 +++ /work/SRC/openSUSE:Factory/.btop.new.1890/btop.changes 2021-11-05 22:58:28.608276433 +0100 @@ -1,0 +2,14 @@ +Thu Nov 4 14:31:35 UTC 2021 - Scott Bradnick <scott.bradn...@suse.com> - 1.0.22 + +- Update to upstream release 1.0.22: + * Fixed: Bad values for disks and network on 32-bit + +------------------------------------------------------------------- +Tue Nov 2 20:43:52 UTC 2021 - Scott Bradnick <scott.bradn...@suse.com> - 1.0.21 + +- Update to upstream release 1.0.21: + * Fixed: Removed extra spaces in cpu name + * Added: / as alternative bind for filter + * Fixed: Security issue when running with SUID bit set + +------------------------------------------------------------------- Old: ---- v1.0.20.tar.gz New: ---- v1.0.22.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ btop.spec ++++++ --- /var/tmp/diff_new_pack.k0YpWX/_old 2021-11-05 22:58:29.148276765 +0100 +++ /var/tmp/diff_new_pack.k0YpWX/_new 2021-11-05 22:58:29.152276768 +0100 @@ -17,7 +17,7 @@ Name: btop -Version: 1.0.20 +Version: 1.0.22 Release: 0 Summary: Usage and stats for processor, memory, disks, network and processes License: Apache-2.0 ++++++ v1.0.20.tar.gz -> v1.0.22.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btop-1.0.20/CHANGELOG.md new/btop-1.0.22/CHANGELOG.md --- old/btop-1.0.20/CHANGELOG.md 2021-10-26 23:41:40.000000000 +0200 +++ new/btop-1.0.22/CHANGELOG.md 2021-11-03 22:11:31.000000000 +0100 @@ -1,3 +1,15 @@ +## v1.0.22 + +* Fixed: Bad values for disks and network on 32-bit + +## v1.0.21 + +* Fixed: Removed extra spaces in cpu name + +* Added: / as alternative bind for filter + +* Fixed: Security issue when running with SUID bit set + ## v1.0.20 * Added: Improved cpu sensor detection for Ryzen Mobile, by @adnanpri diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btop-1.0.20/README.md new/btop-1.0.22/README.md --- old/btop-1.0.20/README.md 2021-10-26 23:41:40.000000000 +0200 +++ new/btop-1.0.22/README.md 2021-11-03 22:11:31.000000000 +0100 @@ -38,9 +38,38 @@ ### Under development +##### 30 October 2021 + +Work on the OSX and FreeBSD branches, both initiated and mostly worked on by [@joske](https://github.com/joske), will likely be completed in the coming weeks. +The OSX branch has some memory leaks that needs to be sorted out and both have some issues with the processes cpu usage calculation and other smaller issues that needs fixing. + +If you want to help out, test for bugs/fix bugs or just try out the branches: + +**OSX** +```bash +# Install and use Homebrew or MacPorts package managers for easy dependency installation +brew install coreutils make gcc@11 +git clone https://github.com/aristocratos/btop.git +cd btop +git checkout OSX +gmake +``` + +**FreeBSD** +```bash +sudo pkg install gmake gcc11 coreutils git +git clone https://github.com/aristocratos/btop.git +cd btop +git checkout freebsd +gmake +``` + +Note that GNU make (`gmake`) is recommended but not required for OSX but it is required on FreeBSD. + + ##### 6 October 2021 -OsX development have been started by @joske , big thanks :) +OsX development have been started by [@joske](https://github.com/joske), big thanks :) See branch [OSX](https://github.com/aristocratos/btop/tree/OSX) for current progress. ##### 18 September 2021 @@ -179,6 +208,8 @@ 1. **Download btop-(VERSION)-(PLATFORM)-(ARCH).tbz from [latest release](https://github.com/aristocratos/btop/releases/latest) and unpack to a new folder** + **Notice! Use x86_64 for 64-bit x86 systems, i486 and i686 are 32-bit!** + 2. **Install (from created folder)** * **Run install.sh or:** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btop-1.0.20/src/btop.cpp new/btop-1.0.22/src/btop.cpp --- old/btop-1.0.20/src/btop.cpp 2021-10-26 23:41:40.000000000 +0200 +++ new/btop-1.0.22/src/btop.cpp 2021-11-03 22:11:31.000000000 +0100 @@ -53,7 +53,7 @@ {"#801414", "???????????????????????? ????????? ???????????????????????????????????? ????????? ?????????"}, {"#000000", "????????????????????? ????????? ????????????????????? ?????????"}, }; - const string Version = "1.0.20"; + const string Version = "1.0.22"; int coreCount; string overlay; @@ -64,6 +64,7 @@ string fg_green = "\x1b[1;92m"; string fg_red = "\x1b[0;91m"; + uid_t real_uid, set_uid; fs::path self_path; @@ -298,6 +299,18 @@ ~thread_lock() { if (status == 0) pthread_mutex_unlock(&pt_mutex); } }; + //* Wrapper for raising priviliges when using SUID bit + class gain_priv { + int status = -1; + public: + gain_priv() { + if (Global::real_uid != Global::set_uid) this->status = seteuid(Global::set_uid); + } + ~gain_priv() { + if (status == 0) status = seteuid(Global::real_uid); + } + }; + string output; string empty_bg; bool pause_output = false; @@ -385,6 +398,9 @@ //? Atomic lock used for blocking non thread-safe actions in main thread atomic_lock lck(active); + //? Set effective user if SUID bit is set + gain_priv powers{}; + auto& conf = current_conf; //! DEBUG stats @@ -616,6 +632,17 @@ Global::start_time = time_s(); + //? Save real and effective userid's and drop priviliges until needed if running with SUID bit set + Global::real_uid = getuid(); + Global::set_uid = geteuid(); + if (Global::real_uid != Global::set_uid) { + if (seteuid(Global::real_uid) != 0) { + Global::real_uid = Global::set_uid; + Global::exit_error_msg = "Failed to change effective user ID. Unset btop SUID bit to ensure security on this system. Quitting!"; + clean_quit(1); + } + } + //? Call argument parser if launched with arguments if (argc > 1) argumentParser(argc, argv); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btop-1.0.20/src/btop_config.cpp new/btop-1.0.22/src/btop_config.cpp --- old/btop-1.0.20/src/btop_config.cpp 2021-10-26 23:41:40.000000000 +0200 +++ new/btop-1.0.22/src/btop_config.cpp 2021-11-03 22:11:31.000000000 +0100 @@ -589,6 +589,7 @@ void write() { if (conf_file.empty() or not write_new) return; Logger::debug("Writing new config file"); + if (geteuid() != Global::real_uid and seteuid(Global::real_uid) != 0) return; std::ofstream cwrite(conf_file, std::ios::trunc); if (cwrite.good()) { cwrite << "#? Config file for btop v. " << Global::Version; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btop-1.0.20/src/btop_input.cpp new/btop-1.0.22/src/btop_input.cpp --- old/btop-1.0.20/src/btop_input.cpp 2021-10-26 23:41:40.000000000 +0200 +++ new/btop-1.0.22/src/btop_input.cpp 2021-11-03 22:11:31.000000000 +0100 @@ -266,7 +266,7 @@ cur_i = 0; Config::set("proc_sorting", Proc::sort_vector.at(cur_i)); } - else if (key == "f") { + else if (is_in(key, "f", "/")) { Config::flip("proc_filtering"); Proc::filter = { Config::getS("proc_filter") }; old_filter = Proc::filter.text; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btop-1.0.20/src/btop_menu.cpp new/btop-1.0.22/src/btop_menu.cpp --- old/btop-1.0.20/src/btop_menu.cpp 2021-10-26 23:41:40.000000000 +0200 +++ new/btop-1.0.22/src/btop_menu.cpp 2021-11-03 22:11:31.000000000 +0100 @@ -126,7 +126,7 @@ {"z", "Toggle totals reset for current network device"}, {"a", "Toggle auto scaling for the network graphs."}, {"y", "Toggle synced scaling mode for network graphs."}, - {"f", "To enter a process filter."}, + {"f, /", "To enter a process filter."}, {"delete", "Clear any entered filter."}, {"c", "Toggle per-core cpu usage of processes."}, {"r", "Reverse sorting order in processes box."}, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btop-1.0.20/src/btop_shared.hpp new/btop-1.0.22/src/btop_shared.hpp --- old/btop-1.0.20/src/btop_shared.hpp 2021-10-26 23:41:40.000000000 +0200 +++ new/btop-1.0.22/src/btop_shared.hpp 2021-11-03 22:11:31.000000000 +0100 @@ -27,6 +27,7 @@ #include <array> #include <ifaddrs.h> #include <tuple> +#include <unistd.h> using std::string, std::vector, std::deque, robin_hood::unordered_flat_map, std::atomic, std::array, std::tuple; @@ -43,6 +44,7 @@ extern atomic<bool> resized; extern string overlay; extern string clock; + extern uid_t real_uid, set_uid; } namespace Runner { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btop-1.0.20/src/btop_tools.cpp new/btop-1.0.22/src/btop_tools.cpp --- old/btop-1.0.20/src/btop_tools.cpp 2021-10-26 23:41:40.000000000 +0200 +++ new/btop-1.0.22/src/btop_tools.cpp 2021-11-03 22:11:31.000000000 +0100 @@ -406,6 +406,18 @@ size_t loglevel; fs::path logfile; + //* Wrapper for lowering priviliges if using SUID bit and currently isn't using real userid + class lose_priv { + int status = -1; + public: + lose_priv() { + if (geteuid() != Global::real_uid) this->status = seteuid(Global::real_uid); + } + ~lose_priv() { + if (status == 0) status = seteuid(Global::set_uid); + } + }; + void set(const string& level) { loglevel = v_index(log_levels, level); } @@ -413,6 +425,7 @@ void log_write(const size_t level, const string& msg) { if (loglevel < level or logfile.empty()) return; atomic_lock lck(busy, true); + lose_priv neutered{}; std::error_code ec; try { if (fs::exists(logfile) and fs::file_size(logfile, ec) > 1024 << 10 and not ec) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btop-1.0.20/src/linux/btop_collect.cpp new/btop-1.0.22/src/linux/btop_collect.cpp --- old/btop-1.0.20/src/linux/btop_collect.cpp 2021-10-26 23:41:40.000000000 +0200 +++ new/btop-1.0.22/src/linux/btop_collect.cpp 2021-11-03 22:11:31.000000000 +0100 @@ -218,6 +218,7 @@ name.pop_back(); for (const auto& replace : {"Processor", "CPU", "(R)", "(TM)", "Intel", "AMD", "Core"}) { name = s_replace(name, replace, ""); + name = s_replace(name, " ", " "); } name = trim(name); } @@ -903,8 +904,8 @@ //? Get disk/partition stats for (auto& [mountpoint, disk] : disks) { if (std::error_code ec; not fs::exists(mountpoint, ec)) continue; - struct statvfs vfs; - if (statvfs(mountpoint.c_str(), &vfs) < 0) { + struct statvfs64 vfs; + if (statvfs64(mountpoint.c_str(), &vfs) < 0) { Logger::warning("Failed to get disk/partition stats with statvfs() for: " + mountpoint); continue; } @@ -1064,7 +1065,7 @@ auto& bandwidth = net.at(iface).bandwidth.at(dir); uint64_t val = saved_stat.last; - try { val = max((uint64_t)stoul(readfile(sys_file, "0")), val); } + try { val = max((uint64_t)stoull(readfile(sys_file, "0")), val); } catch (const std::invalid_argument&) {} catch (const std::out_of_range&) {}
