Hello community, here is the log from the commit of package fail2ban for openSUSE:Factory checked in at Thu Sep 1 16:59:51 CEST 2011.
-------- --- fail2ban/fail2ban.changes 2011-01-06 17:59:53.000000000 +0100 +++ /mounts/work_src_done/STABLE/fail2ban/fail2ban.changes 2011-09-01 16:09:20.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Sep 1 14:07:28 UTC 2011 - co...@suse.com + +- Use /var/run/fail2ban instead of /tmp for temp files in + actions: see bugs.debian.org/544232, bnc#690853, + CVE-2009-5023 + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- fix-tmp-usage.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fail2ban.spec ++++++ --- /var/tmp/diff_new_pack.bO6mKB/_old 2011-09-01 16:59:11.000000000 +0200 +++ /var/tmp/diff_new_pack.bO6mKB/_new 2011-09-01 16:59:11.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package fail2ban (Version 0.8.4) +# spec file for package fail2ban # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -26,7 +26,7 @@ PreReq: %fillup_prereq AutoReqProv: on Version: 0.8.4 -Release: 8 +Release: 13 Url: http://www.fail2ban.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -35,6 +35,7 @@ Source1: %{name}.init Source2: %{name}.sysconfig Patch: fail2ban-0.8.2-fd_cloexec.patch +Patch1: fix-tmp-usage.diff %description Fail2ban scans log files like /var/log/messages and bans IP addresses @@ -53,6 +54,7 @@ %setup perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd %patch -p1 +%patch1 -p1 %build export CFLAGS="$RPM_OPT_FLAGS" ++++++ fix-tmp-usage.diff ++++++ From: yarikoptic <yarikoptic@a942ae1a-1317-0410-a47c-b1dcaea8d605> Date: Wed, 23 Mar 2011 20:35:56 +0000 (+0000) Subject: BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs... X-Git-Tag: upstream/0.8.4+svn20110323^2~8 X-Git-Url: http://git.onerussian.com/?p=deb%2Ffail2ban.git;a=commitdiff_plain;h=ea7d352616b1e2232fcaa99b11807a86ce29ed8b BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see bugs.debian.org/544232 It should be robust since /var/run/fail2ban is guaranteed to exist to carry the socket file, and it will be owned by root (or some other dedicated fail2ban user) thus avoiding possibility for the exploit git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 a942ae1a-1317-0410-a47c-b1dcaea8d605 --- diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf index b80698b..8549a55 100644 --- a/config/action.d/dshield.conf +++ b/config/action.d/dshield.conf @@ -206,5 +206,5 @@ dest = repo...@dshield.org # Notes.: Base name of temporary files used for buffering # Values: [ STRING ] Default: /tmp/fail2ban-dshield # -tmpfile = /tmp/fail2ban-dshield +tmpfile = /var/run/fail2ban/tmp-dshield diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf index 8a33d0e..6fd51d2 100644 --- a/config/action.d/mail-buffered.conf +++ b/config/action.d/mail-buffered.conf @@ -81,7 +81,7 @@ lines = 5 # Default temporary file # -tmpfile = /tmp/fail2ban-mail.txt +tmpfile = /var/run/fail2ban/tmp-mail.txt # Destination/Addressee of the mail # diff --git a/config/action.d/mynetwatchman.conf b/config/action.d/mynetwatchman.conf index 15b91b1..f0e5515 100644 --- a/config/action.d/mynetwatchman.conf +++ b/config/action.d/mynetwatchman.conf @@ -141,4 +141,4 @@ mnwurl = http://mynetwatchman.com/insertwebreport.asp # Notes.: Base name of temporary files # Values: [ STRING ] Default: /tmp/fail2ban-mynetwatchman # -tmpfile = /tmp/fail2ban-mynetwatchman +tmpfile = /var/run/fail2ban/tmp-mynetwatchman diff --git a/config/action.d/sendmail-buffered.conf b/config/action.d/sendmail-buffered.conf index de8166a..25a23b7 100644 --- a/config/action.d/sendmail-buffered.conf +++ b/config/action.d/sendmail-buffered.conf @@ -101,5 +101,5 @@ lines = 5 # Default temporary file # -tmpfile = /tmp/fail2ban-mail.txt +tmpfile = /var/run/fail2ban/tmp-mail.txt ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org