Hello community, here is the log from the commit of package fonehome for openSUSE:Factory checked in at 2019-10-25 18:43:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fonehome (Old) and /work/SRC/openSUSE:Factory/.fonehome.new.2990 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "fonehome" Fri Oct 25 18:43:13 2019 rev:9 rq:742953 version:1.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/fonehome/fonehome.changes 2018-11-15 12:41:45.206160970 +0100 +++ /work/SRC/openSUSE:Factory/.fonehome.new.2990/fonehome.changes 2019-10-25 18:43:14.539960847 +0200 @@ -1,0 +2,7 @@ +Fri Oct 25 14:38:52 UTC 2019 - <[email protected]> + +- Upgrade to version 1.1.1 + + Filter zero bytes from /proc/X/cmdline to avoid bash warning + + Run %post commands with reduced privileges (bsc#1154200) + +------------------------------------------------------------------- Old: ---- fonehome-1.1.0.tar.gz New: ---- fonehome-1.1.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fonehome.spec ++++++ --- /var/tmp/diff_new_pack.GBoGz7/_old 2019-10-25 18:43:15.011961295 +0200 +++ /var/tmp/diff_new_pack.GBoGz7/_new 2019-10-25 18:43:15.015961299 +0200 @@ -1,7 +1,7 @@ # # spec file for package fonehome # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2012 Archie L. Cobbs <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -42,7 +42,7 @@ %define authkeys_options no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="0.0.0.0:9",command="sleep 99999d" Name: fonehome -Version: 1.1.0 +Version: 1.1.1 Release: 0 Summary: Remote access to machines behind firewalls License: Apache-2.0 ++++++ fonehome-1.1.0.tar.gz -> fonehome-1.1.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/fonehome-1.1.0/CHANGES new/fonehome-1.1.1/CHANGES --- old/fonehome-1.1.0/CHANGES 2016-01-07 21:18:57.000000000 +0100 +++ new/fonehome-1.1.1/CHANGES 2019-10-25 16:40:03.000000000 +0200 @@ -1,3 +1,8 @@ +Version 1.1.1 Released October 25, 2019 + + - Filter zero bytes from /proc/X/cmdline to avoid bash warning + - Run %post commands with reduced privileges to avoid security races + Version 1.1.0 Released January 7, 2016 - Improvements to fhshow(1); support IPv6 and UDP sockets diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/fonehome-1.1.0/INSTALL new/fonehome-1.1.1/INSTALL --- old/fonehome-1.1.0/INSTALL 2016-01-07 21:18:57.000000000 +0100 +++ new/fonehome-1.1.1/INSTALL 2019-10-25 16:40:03.000000000 +0200 @@ -1,7 +1,7 @@ Pre-build RPMs are available here: - http://download.opensuse.org/repositories/home:/archie172/ + https://build.opensuse.org/package/show/network:utilities/fonehome Otherwise, use "ant" to build them yourself using rpmbuild(1). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/fonehome-1.1.0/build.xml new/fonehome-1.1.1/build.xml --- old/fonehome-1.1.0/build.xml 2016-01-07 21:18:57.000000000 +0100 +++ new/fonehome-1.1.1/build.xml 2019-10-25 16:40:03.000000000 +0200 @@ -1,12 +1,24 @@ <?xml version="1.0" encoding="UTF-8"?> -<project name="fonehome" default="build" basedir="." xmlns:dellroad="urn:org.dellroad.ant"> +<project name="fonehome" + default="build" + basedir="." + xmlns:antcontrib="urn:net.sf.antcontrib" + xmlns:dellroad="urn:org.dellroad.ant"> <!-- Import ant macros --> <import file="src/build/macros.xml"/> <!-- Determine version --> - <dellroad:gitrevision property="fonehome.version"/> + <antcontrib:if> + <available file="version.properties" type="file"/> + <antcontrib:then> + <property file="version.properties"/> + </antcontrib:then> + <antcontrib:else> + <dellroad:gitrevision property="fonehome.version"/> + </antcontrib:else> + </antcontrib:if> <echo message=""/> <echo message="Version is ${fonehome.version}"/> <echo message=""/> @@ -19,14 +31,16 @@ <target name="tarball"> <delete dir="build/${tarball.name}"/> <mkdir dir="build/${tarball.name}"/> + <echo file="build/${tarball.name}/version.properties" message="fonehome.version=${fonehome.version}"/> <copy todir="build/${tarball.name}"> <fileset dir="."> - <include name="*"/> - <include name="src/build/**/*"/> - <include name="src/conf/**/*"/> - <include name="src/init.d/**/*"/> - <include name="src/scripts/**/*"/> - <include name="src/man/**/*"/> + <include name="CHANGES"/> + <include name="INSTALL"/> + <include name="COPYING"/> + <include name="README"/> + <include name="README.md"/> + <include name="build.xml"/> + <include name="src/**/*"/> </fileset> </copy> <tar compression="gzip" basedir="build" includes="${tarball.name}/**/*" destfile="build/${tarball.file}"/> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/fonehome-1.1.0/src/rpm/fonehome.spec new/fonehome-1.1.1/src/rpm/fonehome.spec --- old/fonehome-1.1.0/src/rpm/fonehome.spec 2016-01-07 21:18:57.000000000 +0100 +++ new/fonehome-1.1.1/src/rpm/fonehome.spec 2019-10-25 16:40:03.000000000 +0200 @@ -164,6 +164,8 @@ Group: System/Daemons Requires(pre): pwdutils Requires(post): openssh +Requires(post): sed +Requires(post): util-linux %description server fonehome allows remote access to machines behind firewalls using SSH @@ -185,20 +187,17 @@ # Generate ssh key pair for user fonehome if ! [ -e %{servprikey} ]; then + # Run commands below with reduced privileges to avoid security race conditions + RUN_FONEHOME='runuser -u %{username} -g %{usergroup} --' + # Generate key echo "creating SSH public key pair for user '%{username}'" - rm -f %{servpubkey} - ssh-keygen -t rsa -N '' -C '%{username}' -f %{servprikey} - chmod 600 %{servprikey} - chmod 644 %{servpubkey} - chown root:root %{servprikey} - chown %{username}:%{usergroup} %{servpubkey} + ${RUN_FONEHOME} ssh-keygen -t rsa -N '' -C %{username} -f %{servprikey} # Allow incoming ssh connections using key, but with lots of restrictions - sed -r 's/^((ssh|ecdsa)-[^[:space:]]+[[:space:]].*)$/# %{authkeys_comment}\n%{authkeys_options} \1/g' \ - < %{servpubkey}> %{authkeys} - chmod 644 %{authkeys} - chown %{username}:%{usergroup} %{authkeys} + ${RUN_FONEHOME} cat %{servpubkey} \ + | ${RUN_FONEHOME} sed -r 's/^((ssh|ecdsa)-[^[:space:]]+[[:space:]].*)$/# %{authkeys_comment}\n%{authkeys_options} \1/g' \ + | ${RUN_FONEHOME} tee %{authkeys} >/dev/null fi %files server @@ -213,7 +212,7 @@ %config(noreplace missingok) %{portsfile} %dir %attr(755,%{username},%{usergroup}) %{serverdir} %dir %attr(700,%{username},%{usergroup}) %{serverdir}/.ssh -%ghost %verify(not size md5 mtime) %attr(600,root,root) %{servprikey} +%ghost %verify(not size md5 mtime) %attr(600,%{username},%{usergroup}) %{servprikey} %ghost %verify(not size md5 mtime) %attr(644,%{username},%{usergroup}) %{servpubkey} %ghost %verify(not size md5 mtime) %attr(644,%{username},%{usergroup}) %{authkeys} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/fonehome-1.1.0/src/scripts/fhshow.sh new/fonehome-1.1.1/src/scripts/fhshow.sh --- old/fonehome-1.1.0/src/scripts/fhshow.sh 2016-01-07 21:18:57.000000000 +0100 +++ new/fonehome-1.1.1/src/scripts/fhshow.sh 2019-10-25 16:40:03.000000000 +0200 @@ -76,7 +76,7 @@ warn multiple processes listening on port ${PORT} \(${CHILD_ID}\) continue fi - PROCESS="${CHILD_ID} `cat /proc/"${CHILD_ID}"/cmdline`" + PROCESS="${CHILD_ID} `cat /proc/"${CHILD_ID}"/cmdline | tr -d '\000'`" # Find parent process PARENT_ID=`sed -rn "s|^${WORD}${SPACE}\([^)]*\)${SPACE}${WORD}${SPACE}(${WORD}).*$|\1|gp" /proc/${CHILD_ID}/stat` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/fonehome-1.1.0/version.properties new/fonehome-1.1.1/version.properties --- old/fonehome-1.1.0/version.properties 1970-01-01 01:00:00.000000000 +0100 +++ new/fonehome-1.1.1/version.properties 2019-10-25 16:40:03.000000000 +0200 @@ -0,0 +1 @@ +fonehome.version=1.1.1 \ No newline at end of file
