Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package hotspot for openSUSE:Factory checked in at 2023-03-14 18:16:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hotspot (Old) and /work/SRC/openSUSE:Factory/.hotspot.new.31432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hotspot" Tue Mar 14 18:16:06 2023 rev:6 rq:1071524 version:1.4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/hotspot/hotspot.changes 2022-05-12 23:01:17.116871313 +0200 +++ /work/SRC/openSUSE:Factory/.hotspot.new.31432/hotspot.changes 2023-03-14 18:16:09.515575905 +0100 @@ -1,0 +2,27 @@ +Tue Mar 14 12:12:42 UTC 2023 - Christophe Marin <christo...@krop.fr> + +- Replace 0001-Prevent-running-hotspot-as-root.patch with + upstream change (boo#1209206, CVE-2023-28144): + * 0001-Opt-in-via-CMake-to-allow-privilege-escalation.patch + +------------------------------------------------------------------- +Wed Mar 1 08:31:50 UTC 2023 - Christophe Marin <christo...@krop.fr> + +- Update to 1.4.1: + * improved disassembly view with a godbolt-like source code + annotation + * the self cost columns for tracepoints are now hidden by default + * more flexible window layouting with KDDockWidgets + * you can export and import data from hotspot in a custom + format that is efficient to load and self-contained + * analysis data can be grouped by thread, process or CPU + * demangling for the D programming language + * a new frequency page that shows how often certain events got + measured, which can also indicate the CPU frequency scaling + when cycles are measured +- Drop patch, merged upstream: + * 0001-CMake-Don-t-assume-KDE_INSTALL_-variables-are-relati.patch +- Add patch to prevent running hotspot as root (boo#1208808) + * 0001-Prevent-running-hotspot-as-root.patch + +------------------------------------------------------------------- Old: ---- 0001-CMake-Don-t-assume-KDE_INSTALL_-variables-are-relati.patch hotspot-v1.3.0.tar.gz New: ---- 0001-Opt-in-via-CMake-to-allow-privilege-escalation.patch hotspot-v1.4.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hotspot.spec ++++++ --- /var/tmp/diff_new_pack.05IKFH/_old 2023-03-14 18:16:10.183579476 +0100 +++ /var/tmp/diff_new_pack.05IKFH/_new 2023-03-14 18:16:10.207579604 +0100 @@ -1,7 +1,7 @@ # # spec file for package hotspot # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,32 +17,47 @@ Name: hotspot -Version: 1.3.0 +Version: 1.4.1 Release: 0 Summary: Perf GUI for performance analysis License: GPL-2.0-or-later Group: Development/Tools/Debuggers URL: https://github.com/KDAB/hotspot Source: https://github.com/KDAB/hotspot/releases/download/v%{version}/hotspot-v%{version}.tar.gz -# PATCH-FIX-UPSTREAM -Patch0: 0001-CMake-Don-t-assume-KDE_INSTALL_-variables-are-relati.patch +# PATCH-FIX-UPSTREAM Make privilege escalation optional (CVE-2023-28144) +Patch0: 0001-Opt-in-via-CMake-to-allow-privilege-escalation.patch BuildRequires: glibc-devel-static +BuildRequires: kddockwidgets-devel BuildRequires: libdw-devel BuildRequires: libelf-devel BuildRequires: libzstd-devel +BuildRequires: qcustomplot-devel +BuildRequires: cmake(KF5Archive) BuildRequires: cmake(KF5ConfigWidgets) BuildRequires: cmake(KF5CoreAddons) BuildRequires: cmake(KF5I18n) +BuildRequires: cmake(KF5IconThemes) BuildRequires: cmake(KF5ItemModels) BuildRequires: cmake(KF5ItemViews) BuildRequires: cmake(KF5KIO) +BuildRequires: cmake(KF5Notifications) +BuildRequires: cmake(KF5Parts) BuildRequires: cmake(KF5Solid) +BuildRequires: cmake(KF5SyntaxHighlighting) BuildRequires: cmake(KF5ThreadWeaver) BuildRequires: cmake(KF5WindowSystem) BuildRequires: cmake(Qt5Concurrent) +BuildRequires: cmake(Qt5Core) BuildRequires: cmake(Qt5Gui) +BuildRequires: cmake(Qt5Network) +# qcustomplot-devel in Leap 15 needs this dependency. Keep it there for the moment +%if 0%{?suse_version} == 1500 +BuildRequires: cmake(Qt5PrintSupport) +%endif BuildRequires: cmake(Qt5Svg) BuildRequires: cmake(Qt5Test) +BuildRequires: cmake(Qt5Widgets) +BuildRequires: pkgconfig(libdebuginfod) Requires: perf %description @@ -53,22 +68,32 @@ %autosetup -p1 -n %{name}-v%{version} %build -%cmake_kf5 -d build +%cmake_kf5 -d build -- -DALLOW_PRIVILEGE_ESCALATION:BOOL=OFF %install %kf5_makeinstall -C build +# Unneeded +rm %{buildroot}%{_datadir}/dbus-1/{system-services/com.kdab.hotspot.perf.service,system.d/com.kdab.hotspot.perf.conf} +rm %{buildroot}%{_datadir}/polkit-1/actions/com.kdab.hotspot.perf.policy +%if %{pkg_vcmp kf5-filesystem >= 20220307} + rm %{buildroot}%{_libexecdir}/{elevate_perf_privileges.sh,kauth/hotspot-auth-helper} +%else + rm %{buildroot}%{_kf5_libdir}/libexec/{elevate_perf_privileges.sh,kauth/hotspot-auth-helper} +%endif + %files %license LICENSE.GPL.txt %doc README.md +%{_kf5_applicationsdir}/com.kdab.hotspot.desktop +%{_kf5_appstreamdir}/com.kdab.Hotspot.appdata.xml %{_kf5_bindir}/hotspot %if %{pkg_vcmp kf5-filesystem >= 20220307} %{_libexecdir}/hotspot-perfparser -%{_libexecdir}/elevate_perf_privileges.sh %else %{_kf5_libdir}/libexec/hotspot-perfparser -%{_kf5_libdir}/libexec/elevate_perf_privileges.sh %endif %{_kf5_iconsdir}/hicolor/*/*/hotspot.png +%{_kf5_notifydir}/hotspot.notifyrc %changelog ++++++ 0001-Opt-in-via-CMake-to-allow-privilege-escalation.patch ++++++ >From 9f279095a8f66be1d830a504a2768b87d26dfb52 Mon Sep 17 00:00:00 2001 From: Milian Wolff <milian.wo...@kdab.com> Date: Mon, 13 Mar 2023 17:22:05 +0100 Subject: [PATCH] Opt-in via CMake to allow privilege escalation Matthias Gerstner from Suse found a TOCTOU security vulnerability in our privilege escalation code. If abused, the temporary escalation would remain permanent and opens the door for attackers to wreak havoc. As this is an optional feature, let's disable it by default until I find the time to resolve this differently. See CVE-2023-28144 for more information, the gist is, to quote Matthias: > The script contains the following logic during early startup: > > if [ ! -z "$1" ]; then > olduser=$(stat -c '%u' "$1") > chown "$(whoami)" "$1" > echo "rewriting to $1" > # redirect output to file, to enable parsing of output even when > # the graphical sudo helper like kdesudo isn't forwarding the text > properly > $0 2>&1 | tee -a "$1" > chown "$olduser" "$1" > exit > fi > > The two `chown` invocations on the temporary file result in a temporary change > of the ownership of the temporary file to root, which is originally owned by > the unprivileged user. So it changes ownership of the provided path first to > `root`, then reexecutes itself, then changes ownership back to the original > user. > > This offers the following attack vectors: > > - giving ownership of an arbitrary file to root > - giving ownership of an arbitrary file to the unprivileged user Thanks a lot for Matthias and Suse for detecting this issue and bringing it to my attention. --- CMakeLists.txt | 2 ++ hotspot-config.h.cmake | 2 ++ src/perfrecord.cpp | 7 ++++++- src/perfrecord.h | 1 + src/recordpage.cpp | 11 +++++++---- 5 files changed, 18 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4eb5c9f..608c68d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -26,6 +26,8 @@ endif() set(CMAKE_CXX_STANDARD 14) set(CMAKE_CXX_STANDARD_REQUIRED ON) +option(ALLOW_PRIVILEGE_ESCALATION "allow temporary privilege escalation" OFF) + # Enable the test harness enable_testing() diff --git a/hotspot-config.h.cmake b/hotspot-config.h.cmake index d529f22..a9b664c 100644 --- a/hotspot-config.h.cmake +++ b/hotspot-config.h.cmake @@ -28,3 +28,5 @@ #cmakedefine01 KGraphViewerPart_FOUND #cmakedefine01 KF5SyntaxHighlighting_FOUND + +#cmakedefine01 ALLOW_PRIVILEGE_ESCALATION diff --git a/src/perfrecord.cpp b/src/perfrecord.cpp index d721045..c02a30a 100644 --- a/src/perfrecord.cpp +++ b/src/perfrecord.cpp @@ -109,7 +109,7 @@ static bool privsAlreadyElevated() void PerfRecord::startRecording(bool elevatePrivileges, const QStringList& perfOptions, const QString& outputPath, const QStringList& recordOptions, const QString& workingDirectory) { - if (elevatePrivileges && geteuid() != 0 && !privsAlreadyElevated()) { + if (canElevatePrivileges() && elevatePrivileges && geteuid() != 0 && !privsAlreadyElevated()) { // elevate privileges temporarily as root // use kauth/kdesudo to start the elevate_perf_privileges.sh script // then parse its output and once we get the "waiting..." line the privileges got elevated @@ -495,6 +495,11 @@ bool PerfRecord::canCompress() return Zstd_FOUND && perfBuildOptions().contains("zstd: [ on ]"); } +bool PerfRecord::canElevatePrivileges() +{ + return ALLOW_PRIVILEGE_ESCALATION && (!sudoUtil().isEmpty() || KF5Auth_FOUND); +} + bool PerfRecord::isPerfInstalled() { return !QStandardPaths::findExecutable(QStringLiteral("perf")).isEmpty(); diff --git a/src/perfrecord.h b/src/perfrecord.h index 9a8e3f8..b9a580e 100644 --- a/src/perfrecord.h +++ b/src/perfrecord.h @@ -39,6 +39,7 @@ public: static bool canSwitchEvents(); static bool canUseAio(); static bool canCompress(); + static bool canElevatePrivileges(); static QStringList offCpuProfilingOptions(); diff --git a/src/recordpage.cpp b/src/recordpage.cpp index c8838ec..149559c 100644 --- a/src/recordpage.cpp +++ b/src/recordpage.cpp @@ -371,7 +371,7 @@ RecordPage::RecordPage(QWidget* parent) if (m_perfRecord->currentUsername() == QLatin1String("root")) { ui->elevatePrivilegesCheckBox->setChecked(true); ui->elevatePrivilegesCheckBox->setEnabled(false); - } else if (m_perfRecord->sudoUtil().isEmpty() && !KF5Auth_FOUND) { + } else if (!PerfRecord::canElevatePrivileges()) { ui->elevatePrivilegesCheckBox->setChecked(false); ui->elevatePrivilegesCheckBox->setEnabled(false); ui->elevatePrivilegesCheckBox->setText( @@ -383,7 +383,8 @@ RecordPage::RecordPage(QWidget* parent) restoreCombobox(config(), QStringLiteral("applications"), ui->applicationName->comboBox()); restoreCombobox(config(), QStringLiteral("eventType"), ui->eventTypeBox, {ui->eventTypeBox->currentText()}); restoreCombobox(config(), QStringLiteral("customOptions"), ui->perfParams); - ui->elevatePrivilegesCheckBox->setChecked(config().readEntry(QStringLiteral("elevatePrivileges"), false)); + ui->elevatePrivilegesCheckBox->setChecked(PerfRecord::canElevatePrivileges() + && config().readEntry(QStringLiteral("elevatePrivileges"), false)); ui->offCpuCheckBox->setChecked(config().readEntry(QStringLiteral("offCpuProfiling"), false)); ui->sampleCpuCheckBox->setChecked(config().readEntry(QStringLiteral("sampleCpu"), true)); ui->mmapPagesSpinBox->setValue(config().readEntry(QStringLiteral("mmapPages"), 0)); @@ -754,10 +755,12 @@ void RecordPage::updateRecordType() m_perfOutput->setInputVisible(recordType == LaunchApplication); m_perfOutput->clear(); - ui->elevatePrivilegesCheckBox->setEnabled(recordType != ProfileSystem); + ui->elevatePrivilegesCheckBox->setEnabled(PerfRecord::canElevatePrivileges() && recordType != ProfileSystem); ui->sampleCpuCheckBox->setEnabled(recordType != ProfileSystem && PerfRecord::canSampleCpu()); if (recordType == ProfileSystem) { - ui->elevatePrivilegesCheckBox->setChecked(true); + if (PerfRecord::canElevatePrivileges()) { + ui->elevatePrivilegesCheckBox->setChecked(true); + } ui->sampleCpuCheckBox->setChecked(true && PerfRecord::canSampleCpu()); } -- 2.39.2 ++++++ hotspot-v1.3.0.tar.gz -> hotspot-v1.4.1.tar.gz ++++++ ++++ 30524 lines of diff (skipped)
