Hello community, here is the log from the commit of package sysconfig for openSUSE:Factory checked in at 2011-12-21 14:59:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sysconfig (Old) and /work/SRC/openSUSE:Factory/.sysconfig.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sysconfig", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/sysconfig/sysconfig.changes 2011-12-06 18:03:13.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.sysconfig.new/sysconfig.changes 2011-12-21 14:59:19.000000000 +0100 @@ -1,0 +2,8 @@ +Mon Dec 19 09:41:09 UTC 2011 - [email protected] + +- Fixed to quote config / interface variables in ifservices script + and cleaned up content of the ESSID which gets appended to them + by NetworkManager dispatcher hook (bnc#735394, CVE-2011-4182). + Fixed also to return proper exit code 0 in NM dispatcher hooks. + +------------------------------------------------------------------- New: ---- 0001-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sysconfig.spec ++++++ --- /var/tmp/diff_new_pack.oyFWXV/_old 2011-12-21 14:59:20.000000000 +0100 +++ /var/tmp/diff_new_pack.oyFWXV/_new 2011-12-21 14:59:20.000000000 +0100 @@ -15,16 +15,14 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - Name: sysconfig Version: 0.76.0 Release: 0 Summary: The sysconfig scheme and traditional network scripts -Url: http://gitorious.org/opensuse/sysconfig +License: GPL-2.0+ Group: System/Base -License: GPLv2+ +Url: http://gitorious.org/opensuse/sysconfig PreReq: %fillup_prereq %insserv_prereq textutils fileutils gawk sed grep # we may create these automatically from rpm later Provides: sysvinit(network) @@ -32,6 +30,7 @@ BuildRequires: libtool BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: %name-%version.tar.bz2 +Patch1: 0001-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch %description This package provides the SuSE system configuration scheme and @@ -51,6 +50,7 @@ %prep %setup -n sysconfig-%{version} +%patch1 -p1 %build autoreconf --force --install ++++++ 0001-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch ++++++ >From 525c8d50d7d441b1c312648a4d99d5d1f526c768 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski <[email protected]> Date: Fri, 16 Dec 2011 16:03:15 +0100 Subject: [PATCH] CVE-2011-4182 - fixed quoting in ifservices script Fixed to quote config / interface variables in ifservices script and cleaned up content of the ESSID which gets appended to them by NetworkManager dispatcher hook (bnc#735394, CVE-2011-4182). Fixed also to return proper exit code 0 in NM dispatcher hooks. Signed-off-by: Marius Tomaschewski <[email protected]> --- scripts/ifup-services | 11 +++++------ scripts/netcontrol_services | 6 ++++-- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/scripts/ifup-services b/scripts/ifup-services index 300b437..ea42081 100755 --- a/scripts/ifup-services +++ b/scripts/ifup-services @@ -93,17 +93,16 @@ done # fi ###################################################################### -# check presence of configuration file and source it +# change into the ifservice configuration directory or exit # -source_iface_config "$CONFIG" if [ -d "ifservices-$CONFIG" ] ; then - cd ifservices-$CONFIG + cd "ifservices-$CONFIG" elif [ -d "ifservices-$INTERFACE" ] ; then - cd ifservices-$INTERFACE + cd "ifservices-$INTERFACE" elif [ -d "ifservices-${INTERFACE%%-*}" ] ; then - cd ifservices-${INTERFACE%%-*} + cd "ifservices-${INTERFACE%%-*}" elif [ -d "ifservices" ] ; then - cd ifservices + cd "ifservices" else debug "No services to handle for '$CONFIG $INTERFACE'" exit 0 diff --git a/scripts/netcontrol_services b/scripts/netcontrol_services index 928f466..d0a55b7 100755 --- a/scripts/netcontrol_services +++ b/scripts/netcontrol_services @@ -28,10 +28,12 @@ # Note that services are stopped always _after_ the interface is down. Stopping # services earlier would require a change in NetworkManager itself. -cd /etc/sysconfig/network/ || exit +cd /etc/sysconfig/network/ || exit 0 test -r ./config && . ./config test -r scripts/functions && . scripts/functions -E="`iwconfig ${1} 2>/dev/null | sed -n 's/^.*ESSID:\"\([^\"]*\)\".*$/\1/p'`" +E=`iwconfig "${1}" 2>/dev/null | \ + sed -n 's/^.*ESSID:\"\([^\"]*\)\".*$/\1/p' | \ + sed -e 's/[^abcdefghijklmnopqrstuvwxyz0123456789=._-]/_/gi'` info_mesg "calling 'if${2}-services ${1}${E:+-$E}'" scripts/if${2}-services "${1}${E:+-$E}" -- 1.7.3.4 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
