Hello community, here is the log from the commit of package dbus-1 for openSUSE:Factory checked in at 2012-08-31 09:20:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dbus-1 (Old) and /work/SRC/openSUSE:Factory/.dbus-1.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dbus-1", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/dbus-1/dbus-1.changes 2012-05-21 08:03:42.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.dbus-1.new/dbus-1.changes 2012-08-31 09:20:50.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Aug 27 13:54:45 CEST 2012 - [email protected] + +- dbus-cve-2012-3524.patch: Add patch for CVE-2012-3524 to fix getenv() + vulnerability in setuid root binaries (bnc#697105) + +------------------------------------------------------------------- New: ---- dbus-cve-2012-3524.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dbus-1.spec ++++++ --- /var/tmp/diff_new_pack.aIG4Oa/_old 2012-08-31 09:20:51.000000000 +0200 +++ /var/tmp/diff_new_pack.aIG4Oa/_new 2012-08-31 09:20:51.000000000 +0200 @@ -55,6 +55,7 @@ Patch0: dbus-log-deny.patch # PATCH-FIX-OPENSUSE [email protected] -- force a feature configure won't accept without x11 in buildrequires Patch1: dbus-do-autolaunch.patch +Patch2: dbus-cve-2012-3524.patch %if 0%{?suse_version} > 1100 %bcond_without selinux %else @@ -127,6 +128,7 @@ %setup -n %{_name}-%{version} -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build autoreconf -fi ++++++ dbus-cve-2012-3524.patch ++++++ --- dbus-1.5.12/configure.ac 2012-08-28 10:28:12.000000000 +0200 +++ dbus-1.5.12/configure.ac 2012-08-28 10:28:17.000000000 +0200 @@ -578,7 +578,7 @@ AC_SEARCH_LIBS(socket,[socket network]) AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)]) -AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull) +AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull __secure_getenv) AC_CHECK_HEADERS([syslog.h]) if test "x$ac_cv_header_syslog_h" = "xyes"; then --- dbus-1.5.12/dbus/dbus-sysdeps.c 2012-08-28 10:28:12.000000000 +0200 +++ dbus-1.5.12/dbus/dbus-sysdeps.c 2012-08-28 10:28:17.000000000 +0200 @@ -181,8 +181,12 @@ */ const char* _dbus_getenv (const char *varname) -{ - return getenv (varname); +{ +#ifdef HAVE___SECURE_GETENV + return __secure_getenv(varname); +#else + return getenv(varname); +#endif } /** -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
