rpm/systemtap
SHA256
1
0
Fork 0
forked from pool/systemtap
Code Pull Requests Activity

checked in

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:tools/systemtap?expand=0&rev=8
This commit is contained in:
OBS User autobuild 2009-12-08 11:19:12 +00:00 committed by Git OBS Bridge
parent c888d4e1d8
commit a9cdc7d2f9
10 changed files with 17 additions and 467 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
systemtap-0.9.9.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c57c639399982ad2d0f6e903066397a7cac0b99babdaa611901b5d3083ffabb6
size 1172877

3
systemtap-1.0.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9a942ba85d6360023e6f8503a8dd4c8493d16b17cb474cc8f0ad5a50cec3607a
size 1205746

135
systemtap-CVE-limit-dwarf-expression-stack-size.patch
View File

@ -1,135 +0,0 @@
From: Jan Lieskovsky <jlieskov@redhat.com>
Subject: Three SystemTap-1.0 denial of service issues
References: CVE-2009-2911, BNC#548361
Upstream: yes
Three denial of service flaws were found in the SystemTap
instrumentation system of version 1.0, when the --unprivileged mode was
activated:
b, Kernel stack frame overflow allows local attackers to cause denial
of service via specially-crafted user-provided DWARF information.
diff --git a/dwflpp.cxx b/dwflpp.cxx
index 636cd38..c31548d 100644
--- a/dwflpp.cxx
+++ b/dwflpp.cxx
@@ -2272,7 +2272,15 @@ dwflpp::express_as_string (string prelude,
fprintf(memstream, "{\n");
fprintf(memstream, "%s", prelude.c_str());
- bool deref = c_emit_location (memstream, head, 1);
+
+ unsigned int stack_depth;
+ bool deref = c_emit_location (memstream, head, 1, &stack_depth);
+
+ // Ensure that DWARF keeps loc2c to a "reasonable" stack size
+ // 32 intptr_t leads to max 256 bytes on the stack
+ if (stack_depth > 32)
+ throw semantic_error("oversized DWARF stack");
+
fprintf(memstream, "%s", postlude.c_str());
fprintf(memstream, " goto out;\n");
diff --git a/loc2c-test.c b/loc2c-test.c
index 495a95f..ed7aa4b 100644
--- a/loc2c-test.c
+++ b/loc2c-test.c
@@ -329,11 +329,14 @@ handle_variable (Dwarf_Die *lscopes, int lnscopes, int out,
"{\n"
" intptr_t value;");
- bool deref = c_emit_location (stdout, head, 1);
+ unsigned int stack_depth;
+ bool deref = c_emit_location (stdout, head, 1, &stack_depth);
obstack_free (&pool, NULL);
- puts (store ? " return;" :
+ printf (" /* max expression stack depth %u */\n", stack_depth);
+
+ puts (store ? " return;" :
" printk (\" ---> %ld\\n\", (unsigned long) value);\n"
" return;");
diff --git a/loc2c.c b/loc2c.c
index 5d6b549..0716c7d 100644
--- a/loc2c.c
+++ b/loc2c.c
@@ -2071,7 +2071,8 @@ emit_loc_address (FILE *out, struct location *loc, unsigned int indent,
assign it to an address-sized value. */
static void
emit_loc_value (FILE *out, struct location *loc, unsigned int indent,
- const char *target, bool declare)
+ const char *target, bool declare,
+ bool *used_deref, unsigned int *max_stack)
{
if (declare)
emit ("%*s%s %s;\n", indent * 2, "", STACK_TYPE, target);
@@ -2091,6 +2092,9 @@ emit_loc_value (FILE *out, struct location *loc, unsigned int indent,
case loc_address:
case loc_value:
emit_loc_address (out, loc, indent, target);
+ *used_deref = *used_deref || loc->address.used_deref;
+ if (loc->address.stack_depth > *max_stack)
+ *max_stack = loc->address.stack_depth;
break;
}
@@ -2098,7 +2102,8 @@ emit_loc_value (FILE *out, struct location *loc, unsigned int indent,
}
bool
-c_emit_location (FILE *out, struct location *loc, int indent)
+c_emit_location (FILE *out, struct location *loc, int indent,
+ unsigned int *max_stack)
{
emit ("%*s{\n", indent * 2, "");
@@ -2134,9 +2139,11 @@ c_emit_location (FILE *out, struct location *loc, int indent)
}
bool deref = false;
+ *max_stack = 0;
if (loc->frame_base != NULL)
- emit_loc_value (out, loc->frame_base, indent, "frame_base", true);
+ emit_loc_value (out, loc->frame_base, indent, "frame_base", true,
+ &deref, max_stack);
for (; loc->next != NULL; loc = loc->next)
switch (loc->type)
@@ -2144,8 +2151,7 @@ c_emit_location (FILE *out, struct location *loc, int indent)
case loc_address:
case loc_value:
/* Emit the program fragment to calculate the address. */
- emit_loc_value (out, loc, indent + 1, "addr", false);
- deref = deref || loc->address.used_deref;
+ emit_loc_value (out, loc, indent + 1, "addr", false, &deref, max_stack);
break;
case loc_fragment:
@@ -2172,6 +2178,9 @@ c_emit_location (FILE *out, struct location *loc, int indent)
emit ("%s%*s}\n", loc->address.program, indent * 2, "");
+ if (loc->address.stack_depth > *max_stack)
+ *max_stack = loc->address.stack_depth;
+
return deref || loc->address.used_deref;
}
diff --git a/loc2c.h b/loc2c.h
index becf2d8..45d9382 100644
--- a/loc2c.h
+++ b/loc2c.h
@@ -112,6 +112,7 @@ struct location *c_translate_argument (struct obstack *,
Writes complete lines of C99, code forming a complete C block, to STREAM.
Return value is true iff that code uses the `deref' runtime macros. */
-bool c_emit_location (FILE *stream, struct location *loc, int indent);
+bool c_emit_location (FILE *stream, struct location *loc, int indent,
+ unsigned int *max_stack);
/* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */

75
systemtap-CVE-limit-printf-arguments.patch
View File

@ -1,75 +0,0 @@
From: Jan Lieskovsky <jlieskov@redhat.com>
Subject: Three SystemTap-1.0 denial of service issues
References: CVE-2009-2911, BNC#548361
Upstream: yes
Three denial of service flaws were found in the SystemTap
instrumentation system of version 1.0, when the --unprivileged mode was
activated:
a, Kernel stack overflow allows local attackers to cause denial of service or
execute arbitrary code via long number of parameters, provided to the print*
call.
diff --git a/buildrun.cxx b/buildrun.cxx
index 100cbc4..c86a442 100644
--- a/buildrun.cxx
+++ b/buildrun.cxx
@@ -200,6 +200,9 @@ compile_pass (systemtap_session& s)
// o << "CFLAGS += -fno-unit-at-a-time" << endl;
+ // 512 bytes should be enough for anybody
+ o << "EXTRA_CFLAGS += $(call cc-option,-Wframe-larger-than=512)" << endl;
+
// Assumes linux 2.6 kbuild
o << "EXTRA_CFLAGS += -Wno-unused -Werror" << endl;
#if CHECK_POINTER_ARITH_PR5947
diff --git a/testsuite/transko/varargs.stp b/testsuite/transko/varargs.stp
new file mode 100755
index 0000000..f38309a
--- /dev/null
+++ b/testsuite/transko/varargs.stp
@@ -0,0 +1,10 @@
+#! stap -p3
+
+probe begin {
+ // PR10750 enforces at most 32 print args
+ println(1, 2, 3, 4, 5, 6, 7, 8,
+ 9, 10, 11, 12, 13, 14, 15, 16,
+ 17, 18, 19, 20, 21, 22, 23, 24,
+ 25, 26, 27, 28, 29, 30, 31, 32,
+ 33)
+}
diff --git a/testsuite/transok/varargs.stp b/testsuite/transok/varargs.stp
new file mode 100755
index 0000000..216166f
--- /dev/null
+++ b/testsuite/transok/varargs.stp
@@ -0,0 +1,9 @@
+#! stap -p3
+
+probe begin {
+ // PR10750 enforces at most 32 print args
+ println(1, 2, 3, 4, 5, 6, 7, 8,
+ 9, 10, 11, 12, 13, 14, 15, 16,
+ 17, 18, 19, 20, 21, 22, 23, 24,
+ 25, 26, 27, 28, 29, 30, 31, 32)
+}
diff --git a/translate.cxx b/translate.cxx
index 04a9247..c73a5bd 100644
--- a/translate.cxx
+++ b/translate.cxx
@@ -4151,6 +4151,11 @@ c_unparser::visit_print_format (print_format* e)
{
stmt_expr block(*this);
+ // PR10750: Enforce a reasonable limit on # of varargs
+ // 32 varargs leads to max 256 bytes on the stack
+ if (e->args.size() > 32)
+ throw semantic_error("too many arguments to print", e->tok);
+
// Compute actual arguments
vector<tmpvar> tmp;

193
systemtap-CVE-unwind-table-size-checks.patch
View File

@ -1,193 +0,0 @@
From: Jan Lieskovsky <jlieskov@redhat.com>
Subject: Three SystemTap-1.0 denial of service issues
References: CVE-2009-2911, BNC#548361
Upstream: yes
Three denial of service flaws were found in the SystemTap
instrumentation system of version 1.0, when the --unprivileged mode was
activated:
c, Absent check(s) for the upper bound of the size of the unwind table
and for the upper bound of the size of each of the CIE/CFI records, could
allow an attacker to cause a denial of service (infinite loop).
diff --git a/runtime/unwind.c b/runtime/unwind.c
index 00108a3..7607770 100644
--- a/runtime/unwind.c
+++ b/runtime/unwind.c
@@ -88,7 +88,7 @@ static sleb128_t get_sleb128(const u8 **pcur, const u8 *end)
/* given an FDE, find its CIE */
static const u32 *cie_for_fde(const u32 *fde, void *unwind_data,
- int is_ehframe)
+ uint32_t table_len, int is_ehframe)
{
const u32 *cie;
@@ -118,6 +118,11 @@ static const u32 *cie_for_fde(const u32 *fde, void *unwind_data,
else
cie = unwind_data + fde[1];
+ /* Make sure address falls in the table */
+ if (((void *)cie) < ((void*)unwind_data)
+ || ((void*)cie) > ((void*)(unwind_data + table_len)))
+ return NULL;
+
if (*cie <= sizeof(*cie) + 4 || *cie >= fde[1] - sizeof(*fde)
|| (*cie & (sizeof(*cie) - 1))
|| (cie[1] != 0xffffffff && cie[1] != 0)) {
@@ -200,7 +205,8 @@ static unsigned long read_pointer(const u8 **pLoc, const void *end, signed ptrTy
return value;
}
-static signed fde_pointer_type(const u32 *cie)
+static signed fde_pointer_type(const u32 *cie, void *unwind_data,
+ uint32_t table_len)
{
const u8 *ptr = (const u8 *)(cie + 2);
unsigned version = *ptr;
@@ -212,11 +218,16 @@ static signed fde_pointer_type(const u32 *cie)
const u8 *end = (const u8 *)(cie + 1) + *cie;
uleb128_t len;
+ /* end of cie should fall within unwind table. */
+ if (((void*)end) < ((void *)unwind_data)
+ || ((void *)end) > ((void *)(unwind_data + table_len)))
+ return -1;
+
/* check if augmentation size is first (and thus present) */
if (*ptr != 'z')
return -1;
/* check if augmentation string is nul-terminated */
- if ((ptr = memchr(aug = (const void *)ptr, 0, end - ptr)) == NULL)
+ if ((ptr = memchr(aug = (const void *)ptr, 0, end - ptr)) == NULL)
return -1;
++ptr; /* skip terminator */
get_uleb128(&ptr, end); /* skip code alignment */
@@ -267,6 +278,10 @@ static void set_rule(uleb128_t reg, enum item_location where, uleb128_t value, s
}
}
+/* Limit the number of instructions we process. Arbitrary limit.
+ 512 should be enough for anybody... */
+#define MAX_CFI 512
+
static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc, signed ptrType, struct unwind_state *state)
{
union {
@@ -276,6 +291,9 @@ static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc, s
} ptr;
int result = 1;
+ if (end - start > MAX_CFI)
+ return 0;
+
dbug_unwind(1, "targetLoc=%lx state->loc=%lx\n", targetLoc, state->loc);
if (start != state->cieStart) {
state->loc = state->org;
@@ -606,10 +624,10 @@ static int unwind_frame(struct unwind_frame_info *frame,
/* found the fde, now set startLoc and endLoc */
if (fde != NULL) {
- cie = cie_for_fde(fde, table, is_ehframe);
+ cie = cie_for_fde(fde, table, table_len, is_ehframe);
if (likely(cie != NULL && cie != &bad_cie && cie != &not_fde)) {
ptr = (const u8 *)(fde + 2);
- ptrType = fde_pointer_type(cie);
+ ptrType = fde_pointer_type(cie, table, table_len);
startLoc = read_pointer(&ptr, (const u8 *)(fde + 1) + *fde, ptrType);
startLoc = adjustStartLoc(startLoc, m, s, ptrType, is_ehframe);
@@ -632,12 +650,12 @@ static int unwind_frame(struct unwind_frame_info *frame,
for (fde = table, tableSize = table_len; cie = NULL, tableSize > sizeof(*fde)
&& tableSize - sizeof(*fde) >= *fde; tableSize -= sizeof(*fde) + *fde, fde += 1 + *fde / sizeof(*fde)) {
dbug_unwind(3, "fde=%lx tableSize=%d\n", (long)*fde, (int)tableSize);
- cie = cie_for_fde(fde, table, is_ehframe);
+ cie = cie_for_fde(fde, table, table_len, is_ehframe);
if (cie == &bad_cie) {
cie = NULL;
break;
}
- if (cie == NULL || cie == &not_fde || (ptrType = fde_pointer_type(cie)) < 0)
+ if (cie == NULL || cie == &not_fde || (ptrType = fde_pointer_type(cie, table, table_len)) < 0)
continue;
ptr = (const u8 *)(fde + 2);
@@ -666,6 +684,12 @@ static int unwind_frame(struct unwind_frame_info *frame,
state.cieEnd = ptr; /* keep here temporarily */
ptr = (const u8 *)(cie + 2);
end = (const u8 *)(cie + 1) + *cie;
+
+ /* end should fall within unwind table. */
+ if (((void *)end) < table
+ || ((void *)end) > ((void *)(table + table_len)))
+ goto err;
+
frame->call_frame = 1;
if ((state.version = *ptr) != 1) {
dbug_unwind(1, "CIE version number is %d. 1 is supported.\n", state.version);
@@ -723,6 +747,11 @@ static int unwind_frame(struct unwind_frame_info *frame,
state.cieEnd = end;
end = (const u8 *)(fde + 1) + *fde;
+ /* end should fall within unwind table. */
+ if (((void*)end) < table
+ || ((void *)end) > ((void *)(table + table_len)))
+ goto err;
+
/* skip augmentation */
if (((const char *)(cie + 2))[1] == 'z') {
uleb128_t augSize = get_uleb128(&ptr, end);
diff --git a/runtime/unwind/unwind.h b/runtime/unwind/unwind.h
index 285a3a3..023ea60 100644
--- a/runtime/unwind/unwind.h
+++ b/runtime/unwind/unwind.h
@@ -143,8 +143,10 @@ static unsigned long read_pointer(const u8 **pLoc,
const void *end,
signed ptrType);
static const u32 bad_cie, not_fde;
-static const u32 *cie_for_fde(const u32 *fde, void *table, int is_ehframe);
-static signed fde_pointer_type(const u32 *cie);
+static const u32 *cie_for_fde(const u32 *fde, void *table,
+ uint32_t table_len, int is_ehframe);
+static signed fde_pointer_type(const u32 *cie,
+ void *table, uint32_t table_len);
#endif /* STP_USE_DWARF_UNWINDER */
diff --git a/translate.cxx b/translate.cxx
index bc5d615..9d456bc 100644
--- a/translate.cxx
+++ b/translate.cxx
@@ -29,6 +29,11 @@ extern "C" {
#include <elfutils/libdwfl.h>
}
+// Max unwind table size (debug or eh) per module. Somewhat arbitrary
+// limit (a bit more than twice the .debug_frame size of my local
+// vmlinux for 2.6.31.4-83.fc12.x86_64)
+#define MAX_UNWIND_TABLE_SIZE (3 * 1024 * 1024)
+
using namespace std;
struct var;
@@ -4785,6 +4790,9 @@ dump_unwindsyms (Dwfl_Module *m,
get_unwind_data (m, &debug_frame, &eh_frame, &debug_len, &eh_len, &eh_addr);
if (debug_frame != NULL && debug_len > 0)
{
+ if (debug_len > MAX_UNWIND_TABLE_SIZE)
+ throw semantic_error ("module debug unwind table size too big");
+
c->output << "#if defined(STP_USE_DWARF_UNWINDER) && defined(STP_NEED_UNWIND_DATA)\n";
c->output << "static uint8_t _stp_module_" << stpmod_idx
<< "_debug_frame[] = \n";
@@ -4802,6 +4810,9 @@ dump_unwindsyms (Dwfl_Module *m,
if (eh_frame != NULL && eh_len > 0)
{
+ if (eh_len > MAX_UNWIND_TABLE_SIZE)
+ throw semantic_error ("module eh unwind table size too big");
+
c->output << "#if defined(STP_USE_DWARF_UNWINDER) && defined(STP_NEED_UNWIND_DATA)\n";
c->output << "static uint8_t _stp_module_" << stpmod_idx
<< "_eh_frame[] = \n";

10
systemtap-docs.changes
View File

@ -1,13 +1,3 @@
-------------------------------------------------------------------
Wed Dec 2 23:52:10 UTC 2009 - tonyj@novell.com
- Minor changes to spec file
-------------------------------------------------------------------
Fri Oct 2 18:57:14 CEST 2009 - tonyj@suse.de
- updated to version 1.0. See systemtap.changes for full changelog.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jul 21 08:47:33 CEST 2009 - tiwai@suse.de Tue Jul 21 08:47:33 CEST 2009 - tiwai@suse.de

8
systemtap-docs.spec
View File

@ -28,7 +28,7 @@ BuildRequires: latex2html
%endif %endif
%define use_snapshot 0 %define use_snapshot 0
License: GPL v2 or later License: GPL v2 or later
Version: 1.0 Version: 0.9.9
Release: 1 Release: 1
Summary: Documents and examples for systemtap Summary: Documents and examples for systemtap
Group: Development/Tools/Debuggers Group: Development/Tools/Debuggers
@ -40,7 +40,8 @@ Url: http://sourceware.org/systemtap/
%endif %endif
Source: ftp://sources.redhat.com/pub/systemtap/snapshots/systemtap-%{package_version}.tar.bz2 Source: ftp://sources.redhat.com/pub/systemtap/snapshots/systemtap-%{package_version}.tar.bz2
Patch: systemtap-docdir-fix.diff Patch: systemtap-docdir-fix.diff
Patch2: systemtap-xmlto-fop.diff # Patch2: systemtap-ioblock-suse-kernel-fix.diff
Patch3: systemtap-xmlto-fop.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch BuildArch: noarch
@ -64,8 +65,9 @@ Authors:
%setup -n systemtap-%{package_version} -q %setup -n systemtap-%{package_version} -q
%endif %endif
%patch -p1 %patch -p1
# %patch2
%if %suse_version > 1030 %if %suse_version > 1030
%patch2 -p1 %patch3 -p1
%endif %endif
%build %build

4
systemtap-ioblock-suse-kernel-fix.diff
View File

@ -1,5 +1,5 @@
--- a/tapset/ioblock.stp-dist 2008-12-05 08:14:19.000000000 +0100 --- tapset/ioblock.stp-dist 2008-12-05 08:14:19.000000000 +0100
+++ b/tapset/ioblock.stp 2008-12-05 08:14:27.000000000 +0100 +++ tapset/ioblock.stp 2008-12-05 08:14:27.000000000 +0100
@@ -122,7 +122,7 @@ @@ -122,7 +122,7 @@
vcnt = $bio->bi_vcnt vcnt = $bio->bi_vcnt
idx = $bio->bi_idx idx = $bio->bi_idx

35
systemtap.changes
View File

@ -1,38 +1,3 @@
-------------------------------------------------------------------
Wed Dec 2 23:51:24 UTC 2009 - tonyj@novell.com
- Fixes for CVE-2009-2911, BNC#548361
-------------------------------------------------------------------
Fri Oct 2 18:57:14 CEST 2009 - tonyj@suse.de
- updated to version 1.0:
* SystemTap frontend (stap) changes
- EXPERIMENTAL support for unprivileged users.
- -a ARCH allows cross compiling of scripts, stap-start-server arguments
extended to support starting a cross compiling server
- Change notion of architecture to be same as kernels
- Support output file switching by SIGUSR2
- New experimental transport mechanism using ftrace's ring_buffer
- Reduction in memory consumption for scripts using many uprobes
- Support for recognizing DW_OP_{stack,implicit}_value DWARF expressions
* SystemTap script language changes
- Dwarf probes now support C++ scopes and so can be limited to classes or
namespaces.
- Preprocessor support for || and &&
- Probe alias names may be overloaded (multiple aliases of same name)
* SystemTap tapset changes
- Enabling semaphore now used to reduce computation overhead of dorman
process().mark() probes.
- Many functions marked as usable by unprivileged users (return global info
or specific to user process).
- New netdev tapset probe points for monitoring network traffic and device
configurations.
- New task_backtrace function returns the current hex backtrace of any
arbitrary task in the system.
- Function is_myproc returns whether the current process is owned by user
which started systemtap script.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Aug 13 15:55:14 CEST 2009 - tiwai@suse.de Thu Aug 13 15:55:14 CEST 2009 - tiwai@suse.de

18
systemtap.spec
View File

@ -1,5 +1,5 @@
# #
# spec file for package systemtap (Version 1.0) # spec file for package systemtap (Version 0.9.9)
# #
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
@ -23,7 +23,7 @@ BuildRequires: gcc-c++ glib2-devel libcap-devel libebl-devel pkg-config sqlite-
BuildRequires: mozilla-nspr-devel mozilla-nss-devel mozilla-nss-tools BuildRequires: mozilla-nspr-devel mozilla-nss-devel mozilla-nss-tools
%define use_snapshot 0 %define use_snapshot 0
License: GPL v2 or later License: GPL v2 or later
Version: 1.0 Version: 0.9.9
Release: 1 Release: 1
Summary: Instrumentation System Summary: Instrumentation System
Group: Development/Tools/Debuggers Group: Development/Tools/Debuggers
@ -38,10 +38,7 @@ Url: http://sourceware.org/systemtap/
Source: ftp://sources.redhat.com/pub/systemtap/snapshots/systemtap-%{package_version}.tar.bz2 Source: ftp://sources.redhat.com/pub/systemtap/snapshots/systemtap-%{package_version}.tar.bz2
Patch: systemtap-docdir-fix.diff Patch: systemtap-docdir-fix.diff
Patch2: systemtap-ioblock-suse-kernel-fix.diff Patch2: systemtap-ioblock-suse-kernel-fix.diff
Patch3: systemtap-CVE-limit-dwarf-expression-stack-size.patch # Patch3: systemtap-xmlto-fop.diff
Patch4: systemtap-CVE-limit-printf-arguments.patch
Patch5: systemtap-CVE-unwind-table-size-checks.patch
Requires: libebl1 Requires: libebl1
Requires: %{name}-runtime = %{version}-%{release} Requires: %{name}-runtime = %{version}-%{release}
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -142,10 +139,10 @@ Authors:
%setup -n %{name}-%{package_version} -q %setup -n %{name}-%{package_version} -q
%endif %endif
%patch -p1 %patch -p1
%patch2 -p1 %patch2
%patch3 -p1 # %if %suse_version > 1030
%patch4 -p1 # %patch3 -p1
%patch5 -p1 # %endif
%build %build
autoreconf -fi autoreconf -fi
@ -200,7 +197,6 @@ rm -rf ${RPM_BUILD_ROOT}
%{_bindir}/stap-authorize* %{_bindir}/stap-authorize*
%{_bindir}/stap-env %{_bindir}/stap-env
%{_bindir}/stap-gen-cert %{_bindir}/stap-gen-cert
%{_bindir}/stap-sign-module
%{_mandir}/man8/stap-server.* %{_mandir}/man8/stap-server.*
%files sdt-devel %files sdt-devel