Hello community, here is the log from the commit of package sysconfig for openSUSE:11.3 checked in at Mon Dec 19 16:30:09 CET 2011.
-------- --- old-versions/11.3/UPDATES/all/sysconfig/sysconfig.changes 2011-11-09 10:59:49.000000000 +0100 +++ 11.3/sysconfig/sysconfig.changes 2011-12-19 12:57:51.000000000 +0100 @@ -1,0 +2,11 @@ +Mon Dec 19 09:41:09 UTC 2011 - [email protected] + +- Fixed to quote config / interface variables in ifservices script + and cleaned up content of the ESSID which gets appended to them + by NetworkManager dispatcher hook (bnc#735394, CVE-2011-4182). + Fixed also to return proper exit code 0 in NM dispatcher hooks. +- Changed to call ip addr flush in ifdown, but after ip link set + down as it does not cause ipv6 sysctl tree side effects then + at least with more recent kernels (bnc#580018,bnc#559170). + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- 0011-Fixed-order-of-addr-flush-and-link-down-in-ifdown.patch 0012-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sysconfig.spec ++++++ --- /var/tmp/diff_new_pack.EUsmSe/_old 2011-12-19 16:28:39.000000000 +0100 +++ /var/tmp/diff_new_pack.EUsmSe/_new 2011-12-19 16:28:39.000000000 +0100 @@ -20,7 +20,7 @@ Name: sysconfig Version: 0.73.7 -Release: 2.<RELEASE11> +Release: 2.<RELEASE13> Summary: The system configuration scheme Group: System/Base License: GPLv2+ @@ -39,6 +39,8 @@ Patch8: 0008-ifup-wireless-no-encryption-option.bnc648830.patch Patch9: 0009-do-not-stop-bonding-slaves-first.bnc698478.patch Patch10: 0010-Wait-for-link-and-ipv6-duplicate-address-detection.patch +Patch11: 0011-Fixed-order-of-addr-flush-and-link-down-in-ifdown.patch +Patch12: 0012-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch %description This package provides the SuSE system configuration scheme and @@ -68,6 +70,8 @@ %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 +%patch12 -p1 %build autoreconf --force --install ++++++ 0011-Fixed-order-of-addr-flush-and-link-down-in-ifdown.patch ++++++ >From d844f0ceb913a60e2c88b1097c98aa0b4486288f Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski <[email protected]> Date: Fri, 18 Nov 2011 13:47:26 +0100 Subject: [PATCH] Fixed order of addr flush and link down in ifdown Changed the order of ip addr flush and ip link set down calls in ifdown as it does not trigger the ipv6 sysctl tree removal (bnc#580018,bnc#559170). Signed-off-by: Marius Tomaschewski <[email protected]> --- scripts/ifup | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ifup b/scripts/ifup index bd6e83a..409a925 100755 --- a/scripts/ifup +++ b/scripts/ifup @@ -949,8 +949,8 @@ case "$BOOTPROTO$SKIP_MAIN_PART" in # Calling 'ip' if there is no interface (ifdown called from udev for # remove event) would trigger automatic module loading (Bug 199456) if [ -d /sys/class/net/$INTERFACE ] ; then - ip addr flush dev $INTERFACE &>/dev/null ip link set dev $INTERFACE down &>/dev/null + ip addr flush dev $INTERFACE &>/dev/null fi retcode=0 # $? ;; @@ -1134,8 +1134,8 @@ case "$BOOTPROTO$SKIP_MAIN_PART" in # Calling 'ip' if there is no interface (ifdown called from udev for # remove event) would trigger automatic module loading (Bug 199456) if [ -d /sys/class/net/$INTERFACE ] ; then - ip addr flush dev $INTERFACE &>/dev/null ip link set dev $INTERFACE down &>/dev/null + ip addr flush dev $INTERFACE &>/dev/null fi retcode=0 # $? ;; -- 1.7.3.4 ++++++ 0012-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch ++++++ >From 74f224c74c2c463365b0d39c14117870ce5776d5 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski <[email protected]> Date: Fri, 16 Dec 2011 16:03:15 +0100 Subject: [PATCH] CVE-2011-4182 - fixed quoting in ifservices script Fixed to quote config / interface variables in ifservices script and cleaned up content of the ESSID which gets appended to them by NetworkManager dispatcher hook (bnc#735394, CVE-2011-4182). Fixed also to return proper exit code 0 in NM dispatcher hooks. Signed-off-by: Marius Tomaschewski <[email protected]> --- scripts/ifup-services | 10 +++++----- scripts/netcontrol_services | 6 ++++-- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/scripts/ifup-services b/scripts/ifup-services index 2047d34..8a3b083 100755 --- a/scripts/ifup-services +++ b/scripts/ifup-services @@ -95,15 +95,15 @@ done ###################################################################### # check presence of configuration file and source it # -test -f ./ifcfg-$CONFIG && . ./ifcfg-$CONFIG +test -f "./ifcfg-$CONFIG" && . "./ifcfg-$CONFIG" if [ -d "ifservices-$CONFIG" ] ; then - cd ifservices-$CONFIG + cd "ifservices-$CONFIG" elif [ -d "ifservices-$INTERFACE" ] ; then - cd ifservices-$INTERFACE + cd "ifservices-$INTERFACE" elif [ -d "ifservices-${INTERFACE%%-*}" ] ; then - cd ifservices-${INTERFACE%%-*} + cd "ifservices-${INTERFACE%%-*}" elif [ -d "ifservices" ] ; then - cd ifservices + cd "ifservices" else debug "No services to handle for '$CONFIG $INTERFACE'" exit 0 diff --git a/scripts/netcontrol_services b/scripts/netcontrol_services index 928f466..d0a55b7 100755 --- a/scripts/netcontrol_services +++ b/scripts/netcontrol_services @@ -28,10 +28,12 @@ # Note that services are stopped always _after_ the interface is down. Stopping # services earlier would require a change in NetworkManager itself. -cd /etc/sysconfig/network/ || exit +cd /etc/sysconfig/network/ || exit 0 test -r ./config && . ./config test -r scripts/functions && . scripts/functions -E="`iwconfig ${1} 2>/dev/null | sed -n 's/^.*ESSID:\"\([^\"]*\)\".*$/\1/p'`" +E=`iwconfig "${1}" 2>/dev/null | \ + sed -n 's/^.*ESSID:\"\([^\"]*\)\".*$/\1/p' | \ + sed -e 's/[^abcdefghijklmnopqrstuvwxyz0123456789=._-]/_/gi'` info_mesg "calling 'if${2}-services ${1}${E:+-$E}'" scripts/if${2}-services "${1}${E:+-$E}" -- 1.7.3.4 continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
