Hello community, here is the log from the commit of package inn.852 for openSUSE:11.4:Update checked in at 2012-09-14 13:35:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:11.4:Update/inn.852 (Old) and /work/SRC/openSUSE:11.4:Update/.inn.852.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "inn.852", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2012-08-23 02:41:28.555381587 +0200 +++ /work/SRC/openSUSE:11.4:Update/.inn.852.new/inn.changes 2012-09-14 13:35:18.000000000 +0200 @@ -0,0 +1,433 @@ +------------------------------------------------------------------- +Tue Sep 4 17:22:48 CEST 2012 - [email protected] + +- fix starttls command injection issue [bnc#776967] + +------------------------------------------------------------------- +Wed May 19 17:09:38 CEST 2010 - [email protected] + +- adapt innbind modes to permissions file + +------------------------------------------------------------------- +Thu Apr 8 17:26:36 CEST 2010 - [email protected] + +- compile with largefile support + +------------------------------------------------------------------- +Wed Apr 7 14:38:44 CEST 2010 - [email protected] + +- update to inn-2.5.2 + * implement CAPABILITIES command + * decent parser for NNTP commands + * multiple LIST commands allow pattern matching + +------------------------------------------------------------------- +Fri Sep 4 11:46:44 CEST 2009 - [email protected] + +- fix fd leak [bnc#525827] + +------------------------------------------------------------------- +Sun Aug 30 20:05:26 CEST 2009 - [email protected] + +- provide Patch0 + +------------------------------------------------------------------- +Thu Jul 10 17:01:48 CEST 2008 - [email protected] + +- fix segfault in perl_call_argv [bnc#405186] + +------------------------------------------------------------------- +Thu Jun 19 12:47:26 CEST 2008 - [email protected] + +- Add missing Provides to the init script + +------------------------------------------------------------------- +Wed May 30 15:02:17 CEST 2007 - [email protected] + +- split devel package +- remove some file duplicates + +------------------------------------------------------------------- +Mon Apr 2 11:49:51 CEST 2007 - [email protected] + +- Add gdbm-devel BuildRequires. + +------------------------------------------------------------------- +Thu Mar 29 17:47:42 CEST 2007 - [email protected] + +- Add bison BuildRequires. + +------------------------------------------------------------------- +Wed Feb 14 15:34:29 CET 2007 - [email protected] + +- Fix building as non-root. + +------------------------------------------------------------------- +Mon Nov 13 20:06:48 CET 2006 - [email protected] + +- initialize mechusing variable to shut up intel compiler [#197713] + +------------------------------------------------------------------- +Mon Jan 30 16:19:05 CET 2006 - [email protected] + +- add -fstack-protector to CFLAGS + +------------------------------------------------------------------- +Wed Jan 25 21:36:37 CET 2006 - [email protected] + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Mon Jun 27 00:57:29 CEST 2005 - [email protected] + +- build with fPIE/pie + +------------------------------------------------------------------- +Fri Mar 11 20:36:29 CET 2005 - [email protected] + +- fix off-by-one error in parsedate_rfc2822 + +------------------------------------------------------------------- +Fri Mar 4 17:34:38 CET 2005 - [email protected] + +- package startinnfeed with mode 4755 + +------------------------------------------------------------------- +Fri Feb 4 17:27:10 CET 2005 - [email protected] + +- update to inn-2.4.2 + +------------------------------------------------------------------- +Thu Nov 11 00:59:59 CET 2004 - [email protected] + +- permissions handling fix + +------------------------------------------------------------------- +Sun Apr 4 21:46:00 CEST 2004 - [email protected] + +- made /usr/lib/news/bin owned by root:root as it contains + a suid-root program + +------------------------------------------------------------------- +Thu Mar 25 23:58:31 CET 2004 - [email protected] + +- Add postfix to # neededforbuild + +------------------------------------------------------------------- +Thu Mar 18 17:30:35 CET 2004 - [email protected] + +- provide slp regfile +- pack manpages with owner root:root + +------------------------------------------------------------------- +Fri Feb 27 12:29:29 CET 2004 - [email protected] + +- update to inn-2.4.1 +- updated inn faq + +------------------------------------------------------------------- +Fri Jan 16 13:11:47 CET 2004 - [email protected] + +- Cleanup neededforbuild + +------------------------------------------------------------------- +Mon Jan 12 11:51:08 CET 2004 - [email protected] + +- package startinnfeed with 0555 permissions + (following permissions scripts) + +------------------------------------------------------------------- +Fri Jan 9 11:59:00 CET 2004 - [email protected] + +- fixed remotely exploitable buffer overflow (#33882) + +------------------------------------------------------------------- +Tue Sep 2 16:00:46 CEST 2003 - [email protected] + +- use stop_on_removal/restart_on_update macros +- convertspool: use split -a 5 + +------------------------------------------------------------------- +Wed Jul 30 16:10:25 CEST 2003 - [email protected] + +- update to inn-2.4.0 + +------------------------------------------------------------------- +Mon Jun 23 14:57:55 CEST 2003 - [email protected] + +- create link targets as ghost +- don't pack /etc/news, /usr/lib/news, /var/lib/news, they + are already in filesystem.rpm + +------------------------------------------------------------------- +Fri Apr 11 01:26:09 CEST 2003 - [email protected] + +- fix deprecated head/tail calling syntax (-1) + +------------------------------------------------------------------- +Mon Mar 3 17:30:23 CET 2003 - [email protected] + +- touch /var/log/news/news in postinstall (#24555) + +------------------------------------------------------------------- +Fri Jan 10 12:50:39 CET 2003 - [email protected] + +- update to inn-2.3.4 + +------------------------------------------------------------------- +Wed Sep 11 10:57:07 MEST 2002 - [email protected] + +- corrected Required-Start in rc file (#19402) + +------------------------------------------------------------------- +Tue Aug 20 11:35:36 MEST 2002 - [email protected] + +- added PreReqs +- dropped superfluous (and dangerous) "Provides: inn" + +------------------------------------------------------------------- +Fri Aug 9 16:14:13 MEST 2002 - [email protected] + +- made it work with threaded perl-5.8.0 + +------------------------------------------------------------------- +Fri Jul 12 12:36:58 MEST 2002 - [email protected] + +- fixed postinstall script to be sh -e resistant +- check if compress binary really works in uucp scripts ++++ 236 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:11.4:Update/.inn.852.new/inn.changes New: ---- doc-inn.tar.bz2 inn-2.5.2.diff inn-2.5.2.tar.bz2 inn-emptydb.tar.gz inn-linereset.diff inn.changes inn.reg inn.spec pubring.pgp ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ inn.spec ++++++ # # spec file for package inn # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: inn BuildRequires: bison BuildRequires: gdbm-devel BuildRequires: pam-devel BuildRequires: postfix Url: http://www.isc.org/software/inn/ Summary: InterNetNews License: GPL-2.0+ Group: Productivity/Networking/News/Servers Provides: inn_pkg nntp_daemon Conflicts: cnews nntpd mininews PreReq: perl %fillup_prereq %insserv_prereq permissions Version: 2.5.2 Release: 0 %define PatchVersion -%{version} Source: inn%{PatchVersion}.tar.bz2 Source1: doc-inn.tar.bz2 Source2: pubring.pgp Source3: inn-emptydb.tar.gz Source4: inn.reg Patch0: inn-%{version}.diff Patch1: inn-linereset.diff # BuildRoot: %{_tmppath}/%{name}-%{version}-build # %description Rich Salz's InterNetNews news transport system. Authors: -------- Rich Salz <[email protected]> Andreas Klemm <[email protected]> Vince Skahan <[email protected]> Arjan de Vet <[email protected]> %package devel Requires: %name = %version Summary: InterNetNews development files License: GPL-2.0+ Group: Productivity/Networking/News/Servers %description devel Rich Salz's InterNetNews news transport system. This package contains the files needed to develop software depending on inn. Authors: -------- Rich Salz <[email protected]> Andreas Klemm <[email protected]> Vince Skahan <[email protected]> Arjan de Vet <[email protected]> %package -n mininews Summary: Inews - Post News from an NNTP Client License: No license agreement found in package Group: Productivity/Networking/News/Utilities Provides: nntp_daemon %description -n mininews Rich Salz's InterNetNews news transport system. Authors: -------- Rich Salz <[email protected]> %prep %setup -n inn%{PatchVersion} %setup -n inn%{PatchVersion} -D -T -a 1 %setup -n inn%{PatchVersion} -D -T -a 3 %patch0 %patch1 cp -a $RPM_SOURCE_DIR/pubring.pgp . %build LDFLAGS="-pie" CFLAGS="$RPM_OPT_FLAGS -pipe -fno-strict-aliasing -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -fPIE -fstack-protector" ./configure \ --enable-dual-socket \ --enable-uucp-rnews \ --enable-setgid-inews \ --prefix=/usr/lib/news \ --sysconfdir=/etc/news \ --mandir=%{_mandir} \ --disable-shared \ --enable-tagged-hash \ --with-perl \ --with-sendmail=/usr/sbin/sendmail \ --with-news-user=news \ --with-news-group=news \ --with-news-master=news \ --with-etc-dir=/etc/news \ --with-db-dir=/var/lib/news \ --with-run-dir=/var/run/news \ --with-log-dir=/var/log/news \ --with-http-dir=/var/log/news/http \ --with-spool-dir=/var/spool/news \ --with-tmp-dir=/var/spool/news/tmp make %install mkdir -p %{buildroot}/etc mkdir -p %{buildroot}/usr/lib mkdir -p %{buildroot}/usr/bin mkdir -p %{buildroot}/var/lib mkdir -p %{buildroot}/var/log mkdir -p %{buildroot}/var/spool mkdir -p %{buildroot}%{_mandir} # make DESTDIR=%{buildroot} OWNER= ROWNER= install rm %{buildroot}/usr/share/man/man8/actsyncd.8 gzip -nf9 %{buildroot}%{_mandir}/*/* ln -s actsync.8.gz %{buildroot}/usr/share/man/man8/actsyncd.8.gz chmod 444 %{buildroot}/usr/lib/news/lib/*.a # those just die("BerkeleyDB support not compiled"); rm %{buildroot}/usr/lib/news/bin/ovdb_server rm %{buildroot}/usr/lib/news/bin/ovdb_stat ln %{buildroot}/usr/lib/news/bin/ovdb_init %{buildroot}/usr/lib/news/bin/ovdb_server ln %{buildroot}/usr/lib/news/bin/ovdb_init %{buildroot}/usr/lib/news/bin/ovdb_stat # # # %define installnews install -o news -g news -m %define installnews install -m %define installroot install -o root -g root -m %define installroot install -m %{installnews} 0755 -d %{buildroot}/var/log/news/http %{installnews} 0644 subscriptions %{buildroot}/etc/news %{installnews} 0644 distributions %{buildroot}/etc/news %{installnews} 0644 crontab.sample %{buildroot}/etc/news %{installnews} 0644 profile %{buildroot}/etc/news/.profile %{installnews} 0755 -d %{buildroot}/etc/news/.pgp %{installnews} 0600 pubring.pgp %{buildroot}/etc/news/.pgp %{installnews} 0644 samples/send-uucp.cf %{buildroot}/etc/news %{installnews} 0755 -d %{buildroot}/var/log/news/http %{installnews} 0755 -d %{buildroot}/var/log/news/http/pics %{installnews} 0555 convertspool %{buildroot}/usr/lib/news/bin %{installnews} 0755 -d %{buildroot}/usr/lib/news/include %{installnews} 0755 -d %{buildroot}/usr/lib/news/include/inn #%{installnews} 0644 include/clibrary.h %{buildroot}/usr/lib/news/include #%{installnews} 0644 include/config.h %{buildroot}/usr/lib/news/include # # # %{installnews} 0644 inn-emptydb/* %{buildroot}/var/lib/news %{installnews} 0755 -d %{buildroot}/var/lib/news/backoff # # compat links # ln -sf bin/inews %{buildroot}/usr/lib/news/inews ln -sf ../lib/news/bin/inews %{buildroot}/usr/bin/inews ln -sf ../lib/news/bin/rnews %{buildroot}/usr/bin/rnews # # other links # ln -sf ../innfeed.status %{buildroot}/var/log/news/http/innfeed.status.txt ln -sf ../inn.status %{buildroot}/var/log/news/http/inn.status.txt # # # mkdir -p %{buildroot}/etc/init.d %{installnews} 0550 rc %{buildroot}/etc/init.d/inn mkdir -p %{buildroot}/usr/sbin ln -sf ../../etc/init.d/inn %{buildroot}/usr/sbin/rcinn # touch %{buildroot}/var/log/news/news touch %{buildroot}/var/log/news/news.notice touch %{buildroot}/var/log/news/news.err touch %{buildroot}/var/log/news/news.crit touch %{buildroot}/var/log/news/inn.status touch %{buildroot}/var/log/news/innfeed.status # # SLP regfile # %{installroot} 0755 -d $RPM_BUILD_ROOT/etc/slp.reg.d %{installroot} 0644 %{SOURCE4} $RPM_BUILD_ROOT/etc/slp.reg.d/ # # build filelist # %define filelist %{name}-filelist find %{buildroot} -type d -printf "/%%P\n" | awk ' ! /^\/(etc|usr\/lib|var\/lib|var\/log|var\/spool|var\/run)\/news/ { next } $0 == "/etc/news" { next } $0 == "/usr/lib/news" { next } $0 == "/var/lib/news" { next } { pfx="" } $0 == "/var/spool/news" { pfx = "%%attr(775,news,news) " } /\/news/ { if (!match(pfx, /%%attr/)) pfx = "%%attr(-,news,news) " pfx } { print "%dir " pfx $0 } ' > %{filelist} find %{buildroot} ! -type d -printf "/%%P\n" | awk ' { pfx="" } /^\/usr\/lib\/news\/include/ { next } /^\/usr\/lib\/news\/lib\/.*\.a/ { next } $0 == "/etc/init.d/inn" { pfx="%attr(750,root,news) %config " } $0 == "/usr/lib/news/bin/inews" { pfx="%attr(2555,news,news) " } $0 == "/usr/lib/news/bin/rnews" { pfx="%attr(4550,news,uucp) " } $0 == "/usr/lib/news/bin/innbind" { pfx="%verify(not mode) %attr(4554,root,news) " } /^\/(etc\/news|usr\/lib\/news\/bin\/filter|var\/lib\/news)\// { pfx="%config(noreplace) "pfx } /\/man\/man/ { pfx="%doc %attr(444,root,root) "pfx } /^\/var\/log\/news\/(news|inn\.status|innfeed\.status)/ { pfx="%ghost %attr(644,news,news) "pfx } /\/news\// { if (!match(pfx, /%%attr/)) pfx = "%%attr(-,news,news) " pfx } /^\/etc\/slp\.reg\.d\// { next } { print pfx $0 } ' >> %{filelist} # # # %pre test -f var/log/news && mv var/log/news var/log/news.bak exit 0 %post mkdir -p var/log/news touch var/log/news/news.notice touch var/log/news/news.err touch var/log/news/news.crit touch var/log/news/news touch var/log/news/inn.status touch var/log/news/innfeed.status chown news:news var/log/news/news.notice var/log/news/news.err var/log/news/news.crit var/log/news/news var/log/news/inn.status var/log/news/innfeed.status if test -e usr/lib/news/bin/control/version -o -e usr/lib/news/bin/inndstart ; then rm -f etc/news/inn.conf.OLD rm -f etc/news/newsfeeds.OLD usr/lib/news/bin/innupgrade etc/news fi %{fillup_and_insserv inn} %run_permissions %verifyscript %verify_permissions -e /usr/lib/news/bin/innbind %preun %stop_on_removal inn %postun %restart_on_update inn %{insserv_cleanup} %files -f %{filelist} %defattr(-,root,root) %dir /etc/slp.reg.d %config(noreplace) /etc/slp.reg.d/inn.reg %doc ChangeLog NEWS INSTALL README* %doc doc-inn/* %files devel %defattr(-,root,root) /usr/lib/news/include /usr/lib/news/lib/*.a %files -n mininews %defattr(-,root,root) %config(noreplace) /etc/news/inn.conf %dir /usr/lib/news/bin %attr(4550,news,uucp) /usr/lib/news/bin/rnews %attr(2555,news,news) /usr/lib/news/bin/inews /usr/bin/[ri]news /usr/lib/news/[ri]news %doc %{_mandir}/*/inn.conf.* %doc %{_mandir}/*/[ri]news.* %changelog ++++++ inn-2.5.2.diff ++++++ ++++ 700 lines (skipped) ++++++ inn-linereset.diff ++++++ --- ./nnrpd/line.c.orig 2010-03-24 20:10:36.000000000 +0000 +++ ./nnrpd/line.c 2012-09-04 15:41:37.000000000 +0000 @@ -67,6 +67,17 @@ line_init(struct line *line) } /* +** Reset a line structure +*/ +void +line_reset(struct line *line) +{ + assert(line); + line->where = line->start; + line->remaining = 0; +} + +/* ** Timeout is used only if HAVE_SSL is defined. */ static ssize_t --- ./nnrpd/misc.c.orig 2010-03-24 20:10:36.000000000 +0000 +++ ./nnrpd/misc.c 2012-09-04 15:43:19.000000000 +0000 @@ -518,5 +518,8 @@ CMDstarttls(int ac UNUSED, char *av[] UN GRPcount = 0; PERMgroupmadeinvalid = false; } + + /* Reset our read buffer so as to prevent plaintext command injection. */ + line_reset(&NNTPline); } #endif /* HAVE_SSL */ --- ./nnrpd/nnrpd.h.orig 2010-03-24 20:10:36.000000000 +0000 +++ ./nnrpd/nnrpd.h 2012-09-04 15:42:15.000000000 +0000 @@ -292,6 +292,7 @@ void PY_dynamic_init (char* file); void line_free(struct line *); void line_init(struct line *); +void line_reset(struct line *); READTYPE line_read(struct line *, int, const char **, size_t *, size_t *); #ifdef HAVE_SASL --- ./nnrpd/sasl.c.orig 2012-09-04 15:43:27.000000000 +0000 +++ ./nnrpd/sasl.c 2012-09-04 15:44:22.000000000 +0000 @@ -326,6 +326,9 @@ SASLauth(int ac, char *av[]) GRPcount = 0; PERMgroupmadeinvalid = false; } + + /* Reset our read buffer so as to prevent plaintext command injection. */ + line_reset(&NNTPline); } } else { /* Failure. */ ++++++ inn.reg ++++++ ############################################################################# # # OpenSLP registration file # # register INN daemon # ############################################################################# service:nntp://$HOSTNAME:119,en,65535 watch-port-tcp=119 description=Net News Server [innd] -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
