Hello community, here is the log from the commit of package logwatch for openSUSE:11.4 checked in at Sun Feb 27 12:55:27 CET 2011.
-------- --- old-versions/11.4/all/logwatch/logwatch.changes 2011-02-01 12:26:52.000000000 +0100 +++ 11.4/logwatch/logwatch.changes 2011-02-25 12:51:22.000000000 +0100 @@ -1,0 +2,8 @@ +Fri Feb 25 12:36:14 CET 2011 - [email protected] + +- Add patch to fix the handling of special characters in log files + (CVE-2011-1018, bnc#674984). +- Make files in Logwatch_Dmeventd_Setup_Files tarball 644 and + repack with bzip2. + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 Old: ---- Logwatch_Dmeventd_Setup_Files.tgz New: ---- Logwatch_Dmeventd_Setup_Files.tar.bz2 logwatch-CVE-2011-1018.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ logwatch.spec ++++++ --- /var/tmp/diff_new_pack.Bv8cFV/_old 2011-02-27 12:53:29.000000000 +0100 +++ /var/tmp/diff_new_pack.Bv8cFV/_new 2011-02-27 12:53:29.000000000 +0100 @@ -27,18 +27,19 @@ Name: logwatch Summary: Analyzes and Reports on system logs Version: 7.3.6 -Release: 75 +Release: 78.<RELEASE2> License: MIT License (or similar) Group: System/Monitoring Url: http://www.logwatch.org BuildArch: noarch Source0: logwatch-%{version}.tar.bz2 Source1: %{name}-rpmlintrc -Source2: Logwatch_Dmeventd_Setup_Files.tgz +Source2: Logwatch_Dmeventd_Setup_Files.tar.bz2 Patch0: logwatch-firewall.patch Patch1: logwatch-full_path_to_sendmail.patch Patch2: logwatch-timestamp_in_var.patch Patch3: logwatch-make_save_work.patch +Patch4: logwatch-CVE-2011-1018.patch Requires: perl textutils sh-utils grep mailx cron %date_manip_pkg BuildRequires: dos2unix BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -62,6 +63,7 @@ %patch1 %patch2 %patch3 +%patch4 dos2unix scripts/services/courier %build ++++++ logwatch-CVE-2011-1018.patch ++++++ Index: scripts/logwatch.pl =================================================================== --- scripts/logwatch.pl.orig 2011-02-25 12:30:40.934525836 +0100 +++ scripts/logwatch.pl 2011-02-25 12:34:45.979948361 +0100 @@ -845,6 +845,10 @@ foreach $LogFile (@LogFileList) { my $DestFile = $TempDir . $LogFile . "-archive"; my $Archive; foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) { + if ($Archive =~ /'/) { + print "File $Archive has invalid embedded quotes. File ignored.\n"; + next; + } my $CheckTime; # We need to find out what's the earliest log we need my @time_t = TimeBuild(); @@ -872,18 +876,18 @@ foreach $LogFile (@LogFileList) { #These system calls are not secure but we are getting closer #What needs to go is all the pipes and instead we need a command loop #For each filter to apply -mgt - my $arguments = "$Archive >> $DestFile"; + my $arguments = "'${Archive}' >> $DestFile"; system("$Config{'pathtozcat'} $arguments") == 0 or die "system $Config{'pathtozcat'} failed: $?" } elsif (($Archive =~ m/bz2$/) && (-f "$Archive")) { #These system calls are not secure but we are getting closer #What needs to go is all the pipes and instead we need a command loop #For each filter to apply -mgt - my $arguments = "$Archive 2>/dev/null >> $DestFile"; + my $arguments = "'${Archive}' 2>/dev/null >> $DestFile"; system("$Config{'pathtobzcat'} $arguments") == 0 or die "system $Config{'pathtobzcat'} failed: $?" - } elsif (-f "$Archive") { - my $arguments = "$Archive >> $DestFile"; + } elsif (-f "$Archive") && (-s "$Archive")) { + my $arguments = "'${Archive}' >> $DestFile"; system("$Config{'pathtocat'} $arguments") == 0 or die "system $Config{'pathtocat'} failed: $?" } #End if/elsif existence @@ -895,6 +899,10 @@ foreach $LogFile (@LogFileList) { foreach my $ThisFile (@FileList) { #Existence check for files -mgt next unless (-f $ThisFile); + if ($ThisFile =~ /'/) { + print "File $ThisFile has invalid embedded quotes. File ignored.\n"; + next; + } if (! -r $ThisFile) { print "File $ThisFile is not readable. Check permissions."; if ($> != 0) { @@ -903,7 +911,7 @@ foreach $LogFile (@LogFileList) { print "\n"; next; } - $FileText .= ($ThisFile . " "); + $FileText .= ("'" . $ThisFile . "' "); } #End foreach ThisFile # remove the ENV entries set by previous service ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
