Hello community, here is the log from the commit of package systemd for openSUSE:Factory checked in at 2012-03-20 12:04:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/systemd (Old) and /work/SRC/openSUSE:Factory/.systemd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "systemd", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/systemd/systemd-gtk.changes 2012-03-13 00:46:06.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.systemd.new/systemd-gtk.changes 2012-03-20 12:04:51.000000000 +0100 @@ -1,0 +2,27 @@ +Mon Mar 19 10:11:23 UTC 2012 - [email protected] + +- Add 0001-util-never-follow-symlinks-in-rm_rf_children.patch: fix + CVE-2012-1174 (bnc#752281). + +------------------------------------------------------------------- +Fri Mar 16 09:21:54 UTC 2012 - [email protected] + +- Update to version 43: + + Support optional initialization of the machine ID from the KVM + or container configured UUID. + + Support immediate reboots with "systemctl reboot -ff" + + Show /etc/os-release data in systemd-analyze output + + Many bugfixes for the journal, including endianess fixes and + ensuring that disk space enforcement works + + non-UTF8 strings are refused if used in configuration and unit + files. + + Register Mimo USB Screens as suitable for automatic seat + configuration + + Reorder configuration file lookup order. /etc now always + overrides /run. + + manpages for journal utilities. +- Drop fix-c++-compat.patch, no-tmpfs-fsck.patch, + systemd-journald-fix-endianess-bug.patch. +- Requires util-linux >= 2.21 (needed to fix fsck on tmpfs). + +------------------------------------------------------------------- systemd.changes: same change Old: ---- fix-c++-compat.patch no-tmpfs-fsck.patch systemd-43.tar.xz systemd-journald-fix-endianess-bug.patch New: ---- 0001-util-never-follow-symlinks-in-rm_rf_children.patch systemd-44.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ systemd-gtk.spec ++++++ --- /var/tmp/diff_new_pack.JGceoI/_old 2012-03-20 12:04:55.000000000 +0100 +++ /var/tmp/diff_new_pack.JGceoI/_new 2012-03-20 12:04:55.000000000 +0100 @@ -18,7 +18,7 @@ Name: systemd-gtk Url: http://www.freedesktop.org/wiki/Software/systemd -Version: 43 +Version: 44 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: audit-devel ++++++ systemd.spec ++++++ --- /var/tmp/diff_new_pack.JGceoI/_old 2012-03-20 12:04:55.000000000 +0100 +++ /var/tmp/diff_new_pack.JGceoI/_new 2012-03-20 12:04:55.000000000 +0100 @@ -20,7 +20,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd -Version: 43 +Version: 44 Release: 0 Summary: A System and Session Manager License: GPL-2.0+ @@ -52,7 +52,7 @@ Requires: pam-config >= 0.79-5 Requires: systemd-presets-branding Requires: udev >= 172 -Requires: util-linux >= 2.19 +Requires: util-linux >= 2.21 Recommends: dbus-1-python Conflicts: filesystem < 11.5 Conflicts: mkinitrd < 2.7.0 @@ -86,9 +86,7 @@ # Never add any patches to this package without the upstream commit id # in the patch. Any patches added here without a very good reason to make # an exception will be silently removed with the next version update. -Patch21: no-tmpfs-fsck.patch -Patch40: systemd-journald-fix-endianess-bug.patch -Patch41: fix-c++-compat.patch +Patch40: 0001-util-never-follow-symlinks-in-rm_rf_children.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -139,7 +137,6 @@ %patch15 -p1 %patch16 -p1 %patch19 -p1 -%patch21 -p1 %patch22 -p1 %patch23 -p1 %patch24 -p1 @@ -149,7 +146,6 @@ %patch38 -p1 %patch39 -p1 %patch40 -p1 -%patch41 -p1 %build autoreconf -fiv ++++++ 0001-util-never-follow-symlinks-in-rm_rf_children.patch ++++++ >From 5ebff5337594d690b322078c512eb222d34aaa82 Mon Sep 17 00:00:00 2001 From: Michal Schmidt <[email protected]> Date: Fri, 2 Mar 2012 10:39:10 +0100 Subject: [PATCH] util: never follow symlinks in rm_rf_children() The function checks if the entry is a directory before recursing, but there is a window between the check and the open, during which the directory could be replaced with a symlink. CVE-2012-1174 https://bugzilla.redhat.com/show_bug.cgi?id=803358 --- src/util.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/util.c b/src/util.c index 20cbc2b..dfc1dc6 100644 --- a/src/util.c +++ b/src/util.c @@ -3593,7 +3593,8 @@ static int rm_rf_children(int fd, bool only_dirs, bool honour_sticky) { if (is_dir) { int subdir_fd; - if ((subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)) < 0) { + subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW); + if (subdir_fd < 0) { if (ret == 0 && errno != ENOENT) ret = -errno; continue; -- 1.7.7 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
