Hello community, here is the log from the commit of package cloud-init for openSUSE:Leap:15.2 checked in at 2020-03-24 19:05:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/cloud-init (Old) and /work/SRC/openSUSE:Leap:15.2/.cloud-init.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cloud-init" Tue Mar 24 19:05:27 2020 rev:39 rq:787682 version:19.4 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/cloud-init/cloud-init.changes 2020-02-04 17:59:23.544929413 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.cloud-init.new.3160/cloud-init.changes 2020-03-24 19:05:29.237484425 +0100 @@ -1,0 +2,20 @@ +Thu Feb 13 14:07:50 UTC 2020 - Robert Schweikert <[email protected]> + +- Add cloud-init-long-pass.patch (bsc#1162936, CVE-2020-8632) + + Increase the default length of generated passwords + +------------------------------------------------------------------- +Wed Feb 12 22:37:57 UTC 2020 - Robert Schweikert <[email protected]> + +- Add cloud-init-use-different-random-src.diff (bsc#1162937, CVE-2020-8631) + + Use non-deterministic generator for password generation. + +------------------------------------------------------------------- +Wed Feb 12 19:30:42 UTC 2020 - Robert Schweikert <[email protected]> + +- Update cloud-init-write-routes.patch (bsc#1163178) + + Entries in the routes definition have changed causing a traceback + during rout config file writing. This patch update addresses the + issue by extracting the new entries properly. + +------------------------------------------------------------------- New: ---- cloud-init-long-pass.patch cloud-init-use-different-random-src.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cloud-init.spec ++++++ --- /var/tmp/diff_new_pack.KRTBfo/_old 2020-03-24 19:05:30.549493473 +0100 +++ /var/tmp/diff_new_pack.KRTBfo/_new 2020-03-24 19:05:30.557493527 +0100 @@ -45,6 +45,8 @@ Patch56: cloud-init-sysconf-path.patch # FIXME (lp#1860164) Patch57: cloud-init-no-tempnet-oci.patch +Patch58: cloud-init-use-different-random-src.diff +Patch59: cloud-init-long-pass.patch BuildRequires: fdupes BuildRequires: filesystem @@ -190,6 +192,8 @@ %patch55 -p0 %patch56 %patch57 +%patch58 -p1 +%patch59 %build %if 0%{?suse_version} && 0%{?suse_version} <= 1315 ++++++ cloud-init-long-pass.patch ++++++ --- cloudinit/config/cc_set_passwords.py.orig +++ cloudinit/config/cc_set_passwords.py @@ -236,7 +236,7 @@ def handle(_name, cfg, cloud, log, args) raise errors[-1] -def rand_user_password(pwlen=9): +def rand_user_password(pwlen=20): return util.rand_str(pwlen, select_from=PW_SET) ++++++ cloud-init-use-different-random-src.diff ++++++ diff --git a/cloudinit/util.py b/cloudinit/util.py index d99e82fa5..c02b3d9a5 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -397,9 +397,10 @@ def translate_bool(val, addons=None): def rand_str(strlen=32, select_from=None): + r = random.SystemRandom() if not select_from: select_from = string.ascii_letters + string.digits - return "".join([random.choice(select_from) for _x in range(0, strlen)]) + return "".join([r.choice(select_from) for _x in range(0, strlen)]) def rand_dict_key(dictionary, postfix=None): ++++++ cloud-init-write-routes.patch ++++++ --- /var/tmp/diff_new_pack.KRTBfo/_old 2020-03-24 19:05:30.601493831 +0100 +++ /var/tmp/diff_new_pack.KRTBfo/_new 2020-03-24 19:05:30.601493831 +0100 @@ -8,7 +8,7 @@ from cloudinit import helpers from cloudinit import log as logging -@@ -172,7 +173,47 @@ class Distro(distros.Distro): +@@ -172,7 +173,53 @@ class Distro(distros.Distro): util.write_file(out_fn, str(conf), 0o644) def _write_network_config(self, netconfig): @@ -34,12 +34,18 @@ + for subnet in subnets: + routes = subnet.get('routes', []) + for route in routes: -+ dest = route.get('network') ++ dest = route.get('destination') + if dest in default_nets: + dest = 'default' + if dest != 'default': -+ prefix = mask_to_net_prefix(route.get('netmask')) -+ dest += '/' + str(prefix) ++ netmask = route.get('genmask') ++ if netmask: ++ prefix = mask_to_net_prefix(netmask) ++ dest += '/' + str(prefix) ++ if '/' not in dest: ++ LOG.warning( ++ 'Route destination has no prefix "%s"', dest ++ ) + gateway = route.get('gateway') + config_routes += ' '.join( + [dest, gateway, '-', '-\n']
