commit cyrus-sasl for openSUSE:Factory

Source-Sync Tue, 02 Mar 2021 03:28:33 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cyrus-sasl for openSUSE:Factory 
checked in at 2021-03-02 12:26:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cyrus-sasl (Old)
 and      /work/SRC/openSUSE:Factory/.cyrus-sasl.new.2378 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "cyrus-sasl"

Tue Mar  2 12:26:35 2021 rev:61 rq:875610 version:2.1.27

Changes:
--------
--- /work/SRC/openSUSE:Factory/cyrus-sasl/cyrus-sasl-bdb.changes        
2020-12-28 10:29:41.130795167 +0100
+++ /work/SRC/openSUSE:Factory/.cyrus-sasl.new.2378/cyrus-sasl-bdb.changes      
2021-03-02 12:28:22.823474165 +0100
@@ -1,0 +2,7 @@
+Thu Feb 25 18:03:26 UTC 2021 - Peter Varkoly <vark...@suse.com>
+
+- Fix build: Do not build libsasl2-3 in the bdb package. This will
+  not be linked to berkely db. libsasl2-3 is now defined as
+  %BuildRequires and %Requires
+
+-------------------------------------------------------------------
@@ -5 +12 @@
-  The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build
+  The packages cyrus-sasl and cyrus-sasl-saslauthd are built
@@ -7 +14 @@
-  The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build
+  The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
--- /work/SRC/openSUSE:Factory/cyrus-sasl/cyrus-sasl-saslauthd-bdb.changes      
2020-12-28 10:29:41.226795246 +0100
+++ 
/work/SRC/openSUSE:Factory/.cyrus-sasl.new.2378/cyrus-sasl-saslauthd-bdb.changes
    2021-03-02 12:28:23.263474558 +0100
@@ -5 +5 @@
-  The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build
+  The packages cyrus-sasl and cyrus-sasl-saslauthd are built
@@ -7 +7 @@
-  The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build
+  The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
--- /work/SRC/openSUSE:Factory/cyrus-sasl/cyrus-sasl.changes    2020-12-28 
10:29:41.426795411 +0100
+++ /work/SRC/openSUSE:Factory/.cyrus-sasl.new.2378/cyrus-sasl.changes  
2021-03-02 12:28:23.499474769 +0100
@@ -1,0 +2,8 @@
+Fri Jan  8 11:32:42 UTC 2021 - Peter Varkoly <vark...@suse.com>
+
+- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
+  due to insecure tmp file usage. (bsc#1180669)
+  Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
+  files.
+
+-------------------------------------------------------------------
@@ -5 +13 @@
-  The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build
+  The packages cyrus-sasl and cyrus-sasl-saslauthd are built
@@ -7 +15 @@
-  The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build
+  The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cyrus-sasl-bdb.spec ++++++
--- /var/tmp/diff_new_pack.Vap6yh/_old  2021-03-02 12:28:24.155475355 +0100
+++ /var/tmp/diff_new_pack.Vap6yh/_new  2021-03-02 12:28:24.155475355 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package cyrus-sasl-bdb
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -36,8 +36,10 @@
 Patch6:         cyrus-sasl-lfs.patch
 Patch7:         fix_libpq-fe_include.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+Requires:       libsasl2-3
 BuildRequires:  db-devel
 BuildRequires:  krb5-mini-devel
+BuildRequires:  libsasl2-3
 BuildRequires:  libtool
 BuildRequires:  openssl-devel
 BuildRequires:  opie
@@ -52,49 +54,49 @@
 %package      gssapi
 Summary:        Plugin for the GSSAPI SASL mechanism
 Group:          Productivity/Networking/Other
-Requires:       cyrus-sasl = %{version}
+Requires:       cyrus-sasl-bdb = %{version}
 Conflicts:      cyrus-sasl-gssapi
 
 %package      crammd5
 Summary:        Plugin for the CRAMMD5 SASL mechanism
 Group:          Productivity/Networking/Other
-Requires:       cyrus-sasl = %{version}
+Requires:       cyrus-sasl-bdb = %{version}
 Conflicts:      cyrus-sasl-crammd5
 
 %package      digestmd5
 Summary:        Plugin for the DIGESTMD5 SASL mechanism
 Group:          Productivity/Networking/Other
-Requires:       cyrus-sasl = %{version}
+Requires:       cyrus-sasl-bdb = %{version}
 Conflicts:      cyrus-sasl-digestmd5
 
 %package      otp
 Summary:        Plugin for the OTP SASL mechanism
 Group:          Productivity/Networking/Other
-Requires:       cyrus-sasl = %{version}
+Requires:       cyrus-sasl-bdb = %{version}
 Conflicts:      cyrus-sasl-otp
 
 %package      plain
 Summary:        Plugin for the PLAIN SASL mechanism
 Group:          Productivity/Networking/Other
-Requires:       cyrus-sasl = %{version}
+Requires:       cyrus-sasl-bdb = %{version}
 Conflicts:      cyrus-sasl-plain
 
 %package      ntlm
 Summary:        Plugin for the NTLM SASL mechanism
 Group:          Productivity/Networking/Other
-Requires:       cyrus-sasl = %{version}
+Requires:       cyrus-sasl-bdb = %{version}
 Conflicts:      cyrus-sasl-ntlm
 
 %package      gs2
 Summary:        Plugin for the GS2 SASL mechanism
 Group:          Productivity/Networking/Other
-Requires:       cyrus-sasl = %{version}
+Requires:       cyrus-sasl-bdb = %{version}
 Conflicts:      cyrus-sasl-gs2
 
 %package      scram
 Summary:        Plugin for the SCRAM SASL mechanism
 Group:          Productivity/Networking/Other
-Requires:       cyrus-sasl = %{version}
+Requires:       cyrus-sasl-bdb = %{version}
 Conflicts:      cyrus-sasl-scram
 
 %package      devel

++++++ cyrus-sasl-saslauthd-bdb.spec ++++++
--- /var/tmp/diff_new_pack.Vap6yh/_old  2021-03-02 12:28:24.171475370 +0100
+++ /var/tmp/diff_new_pack.Vap6yh/_new  2021-03-02 12:28:24.175475374 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package cyrus-sasl-saslauthd-bdb
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed

cyrus-sasl-saslauthd.spec: same change
++++++ cyrus-sasl.spec ++++++
--- /var/tmp/diff_new_pack.Vap6yh/_old  2021-03-02 12:28:24.227475420 +0100
+++ /var/tmp/diff_new_pack.Vap6yh/_new  2021-03-02 12:28:24.227475420 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package cyrus-sasl
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -112,7 +112,6 @@
 %package -n libsasl2-3
 Summary:        Simple Authentication and Security Layer (SASL) library
 Group:          System/Libraries
-Conflicts:      libsasl2-3-bdb
 
 %description
 This is the Cyrus SASL API. It can be used on the client or server side
@@ -218,7 +217,7 @@
 #Convert password file from berkely into gdbm
 #In %pre the existing file will be dumped out
 if [ -e /etc/sasldb2 ]; then
-cat <<EOF > /tmp/saslpw.awk
+cat <<EOF > /var/adm/update-scripts/saslpw.awk
 {
         split(\$0,b,/\\\00/)
         if( b[3] == "userPassword" ) {
@@ -233,7 +232,8 @@
         }
 }
 EOF
-db_dump -p /etc/sasldb2 | gawk -f /tmp/saslpw.awk > 
/var/adm/update-scripts/saslpwd
+db_dump -p /etc/sasldb2 | gawk -f /var/adm/update-scripts/saslpw.awk > 
/var/adm/update-scripts/saslpwd
+rm -f /var/adm/update-scripts/saslpw.awk
 mv /etc/sasldb2 /etc/sasldb2-back
 fi
 
@@ -241,6 +241,7 @@
 if [ -e /var/adm/update-scripts/saslpwd ]; then
         chmod 755 /var/adm/update-scripts/saslpwd
         /var/adm/update-scripts/saslpwd
+       rm -f /var/adm/update-scripts/saslpwd
 fi
 
 %post   -n %lname -p /sbin/ldconfig

commit cyrus-sasl for openSUSE:Factory

Reply via email to