Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dkimproxy for openSUSE:Factory
checked in at 2024-08-28 21:33:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dkimproxy (Old)
and /work/SRC/openSUSE:Factory/.dkimproxy.new.2698 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dkimproxy"
Wed Aug 28 21:33:21 2024 rev:28 rq:1196447 version:1.4.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/dkimproxy/dkimproxy.changes 2024-06-20
16:49:30.294494498 +0200
+++ /work/SRC/openSUSE:Factory/.dkimproxy.new.2698/dkimproxy.changes
2024-08-28 21:33:39.228164983 +0200
@@ -1,0 +2,11 @@
+Wed Aug 28 10:19:19 UTC 2024 - Peter Varkoly <vark...@suse.com>
+
+- Fix VUL-1: dkimproxy: possible symlink attack in /run/dkimproxy/sysconfig
+ (bsc#1217173)
+ Remove environment variables DKIMPROXY_USER DKIMPROXY_GROUP.
+ These are hardcoded anyway in dkimproxy-tmpfiles. Changing these
+ would only lead to trouble. Now User and Group in dkimproxy-in.service
+ are set to dkim to avoid the mentioned security issue.
+ ExecStart got a '+' to execute it by root rights.
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dkimproxy-in.service ++++++
--- /var/tmp/diff_new_pack.aEdzFK/_old 2024-08-28 21:33:40.424214792 +0200
+++ /var/tmp/diff_new_pack.aEdzFK/_new 2024-08-28 21:33:40.428214959 +0200
@@ -17,10 +17,12 @@
[Service]
Type=forking
+User=dkim
+Group=dkim
ExecStartPre=_LIBEXECDIR/dkimproxy/dkimproxy_env.sh
EnvironmentFile=-/run/dkimproxy/sysconfig
PIDFile=/run/dkimproxy/dkimproxy_in.pid
-ExecStart=/usr/share/dkimproxy/bin/dkimproxy.in --hostname=${FQHN}
--conf_file=${DKIMPROXY_IN_CFG} --user=${DKIMPROXY_USER}
--group=${DKIMPROXY_GROUP} --daemonize --pidfile=/run/dkimproxy/dkimproxy_in.pid
+ExecStart=+/usr/share/dkimproxy/bin/dkimproxy.in --hostname=${FQHN}
--conf_file=${DKIMPROXY_IN_CFG} --user=dkim --group=dkim --daemonize
--pidfile=/run/dkimproxy/dkimproxy_in.pid
[Install]
++++++ dkimproxy-out.service ++++++
--- /var/tmp/diff_new_pack.aEdzFK/_old 2024-08-28 21:33:40.448215792 +0200
+++ /var/tmp/diff_new_pack.aEdzFK/_new 2024-08-28 21:33:40.452215959 +0200
@@ -19,7 +19,7 @@
Type=forking
EnvironmentFile=/etc/sysconfig/dkimproxy
PIDFile=/run/dkimproxy/dkimproxy_out.pid
-ExecStart=/usr/share/dkimproxy/bin/dkimproxy.out
--conf_file=${DKIMPROXY_OUT_CFG} --user=${DKIMPROXY_USER}
--group=${DKIMPROXY_GROUP} --daemonize
--pidfile=/run/dkimproxy/dkimproxy_out.pid
+ExecStart=/usr/share/dkimproxy/bin/dkimproxy.out
--conf_file=${DKIMPROXY_OUT_CFG} --user=dkim --group=dkim --daemonize
--pidfile=/run/dkimproxy/dkimproxy_out.pid
[Install]
++++++ dkimproxy.sysconfig ++++++
--- /var/tmp/diff_new_pack.aEdzFK/_old 2024-08-28 21:33:40.488217458 +0200
+++ /var/tmp/diff_new_pack.aEdzFK/_new 2024-08-28 21:33:40.488217458 +0200
@@ -1,16 +1,3 @@
-## Path: Network/Mail/DKIMProxy
-## Description: Basic configuration of the DKIMProxy
-## Type: string
-## Default: "dkim"
-#
-DKIMPROXY_USER=dkim
-
-## Description: Basic configuration of the DKIMProxy
-## Type: string
-## Default: "dkim"
-#
-DKIMPROXY_GROUP=dkim
-
## Description: Basic configuration of the DKIMProxy
## Type: string
## Default: "dkim"
