Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory
checked in at Thu Sep 1 16:59:51 CEST 2011.



--------
--- fail2ban/fail2ban.changes   2011-01-06 17:59:53.000000000 +0100
+++ /mounts/work_src_done/STABLE/fail2ban/fail2ban.changes      2011-09-01 
16:09:20.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Sep  1 14:07:28 UTC 2011 - co...@suse.com
+
+- Use /var/run/fail2ban instead of /tmp for temp files in 
+  actions: see bugs.debian.org/544232, bnc#690853,
+  CVE-2009-5023
+
+-------------------------------------------------------------------

calling whatdependson for head-i586


New:
----
  fix-tmp-usage.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ fail2ban.spec ++++++
--- /var/tmp/diff_new_pack.bO6mKB/_old  2011-09-01 16:59:11.000000000 +0200
+++ /var/tmp/diff_new_pack.bO6mKB/_new  2011-09-01 16:59:11.000000000 +0200
@@ -1,5 +1,5 @@
 #
-# spec file for package fail2ban (Version 0.8.4)
+# spec file for package fail2ban
 #
 # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -26,7 +26,7 @@
 PreReq:         %fillup_prereq
 AutoReqProv:    on
 Version:        0.8.4
-Release:        8
+Release:        13
 Url:            http://www.fail2ban.org/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
@@ -35,6 +35,7 @@
 Source1:        %{name}.init
 Source2:        %{name}.sysconfig
 Patch:          fail2ban-0.8.2-fd_cloexec.patch
+Patch1:         fix-tmp-usage.diff
 
 %description
 Fail2ban scans log files like /var/log/messages and bans IP addresses
@@ -53,6 +54,7 @@
 %setup
 perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd
 %patch -p1
+%patch1 -p1
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS"

++++++ fix-tmp-usage.diff ++++++
From: yarikoptic <yarikoptic@a942ae1a-1317-0410-a47c-b1dcaea8d605>
Date: Wed, 23 Mar 2011 20:35:56 +0000 (+0000)
Subject: BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: 
see http://bugs... 
X-Git-Tag: upstream/0.8.4+svn20110323^2~8
X-Git-Url: 
http://git.onerussian.com/?p=deb%2Ffail2ban.git;a=commitdiff_plain;h=ea7d352616b1e2232fcaa99b11807a86ce29ed8b

BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see 
bugs.debian.org/544232

It should be robust since /var/run/fail2ban is guaranteed to exist to carry the
socket file, and it will be owned by root (or some other dedicated fail2ban
user) thus avoiding possibility for the exploit

git-svn-id: 
https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 
a942ae1a-1317-0410-a47c-b1dcaea8d605
---

diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
index b80698b..8549a55 100644
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@@ -206,5 +206,5 @@ dest = repo...@dshield.org
 # Notes.:  Base name of temporary files used for buffering
 # Values:  [ STRING ]  Default: /tmp/fail2ban-dshield
 #
-tmpfile = /tmp/fail2ban-dshield
+tmpfile = /var/run/fail2ban/tmp-dshield
 
diff --git a/config/action.d/mail-buffered.conf 
b/config/action.d/mail-buffered.conf
index 8a33d0e..6fd51d2 100644
--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@@ -81,7 +81,7 @@ lines = 5
 
 # Default temporary file
 #
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt
 
 # Destination/Addressee of the mail
 #
diff --git a/config/action.d/mynetwatchman.conf 
b/config/action.d/mynetwatchman.conf
index 15b91b1..f0e5515 100644
--- a/config/action.d/mynetwatchman.conf
+++ b/config/action.d/mynetwatchman.conf
@@ -141,4 +141,4 @@ mnwurl = http://mynetwatchman.com/insertwebreport.asp
 # Notes.:  Base name of temporary files
 # Values:  [ STRING ]  Default: /tmp/fail2ban-mynetwatchman
 #
-tmpfile = /tmp/fail2ban-mynetwatchman
+tmpfile = /var/run/fail2ban/tmp-mynetwatchman
diff --git a/config/action.d/sendmail-buffered.conf 
b/config/action.d/sendmail-buffered.conf
index de8166a..25a23b7 100644
--- a/config/action.d/sendmail-buffered.conf
+++ b/config/action.d/sendmail-buffered.conf
@@ -101,5 +101,5 @@ lines = 5
 
 # Default temporary file
 #
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt
 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to