Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package postfix for openSUSE:Factory checked
in at 2023-08-30 10:17:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
and /work/SRC/openSUSE:Factory/.postfix.new.1766 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix"
Wed Aug 30 10:17:39 2023 rev:228 rq:1105486 version:3.8.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/postfix/postfix-bdb.changes 2023-06-08
21:42:01.901803479 +0200
+++ /work/SRC/openSUSE:Factory/.postfix.new.1766/postfix-bdb.changes
2023-08-30 10:18:20.991579634 +0200
@@ -1,0 +2,7 @@
+Tue Aug 15 09:07:07 UTC 2023 - Peter Varkoly <vark...@suse.com>
+
+- CVE-2023-32182: postfix: config_postfix SUSE specific script
+ potentially bad /tmp file usage (bsc#1211196)
+ Use temp file created by mktemp
+
+-------------------------------------------------------------------
postfix.changes: same change
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
postfix.spec: same change
++++++ postfix-SUSE.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-SUSE/config.postfix
new/postfix-SUSE/config.postfix
--- old/postfix-SUSE/config.postfix 2023-01-18 13:06:36.172000000 +0100
+++ new/postfix-SUSE/config.postfix 2023-07-06 13:45:44.446089671 +0200
@@ -1372,11 +1372,12 @@
update_cf() {
while test "x$1" != "x" ; do
+ TMPFILE=$(mktemp /tmp/postfix.${1}.XXXXXX) || exit 1
B=$( find /etc/postfix/${1} -printf %CY%Cm%Cd%CI%CM )
cp /etc/postfix/${1} "@conf_backup_dir@/${1}$B"
cp /etc/postfix/${1} "@conf_backup_dir@/${1}"
- eval gen_${1/\./_} > /tmp/${1}.config
- mv -Z /tmp/${1}.config /etc/postfix/${1};
+ eval gen_${1/\./_} > $TMPFILE
+ mv -Z $TMPFILE /etc/postfix/${1};
shift
done
}
