commit openresolv for openSUSE:Factory

Source-Sync Sat, 20 Dec 2025 12:49:35 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package openresolv for openSUSE:Factory 
checked in at 2025-12-20 21:46:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openresolv (Old)
 and      /work/SRC/openSUSE:Factory/.openresolv.new.1928 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "openresolv"

Sat Dec 20 21:46:39 2025 rev:10 rq:1323760 version:3.17.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/openresolv/openresolv.changes    2025-07-10 
22:11:27.273983546 +0200
+++ /work/SRC/openSUSE:Factory/.openresolv.new.1928/openresolv.changes  
2025-12-20 21:49:15.126048244 +0100
@@ -1,0 +2,16 @@
+Sat Dec 20 08:28:59 UTC 2025 - Andrea Manzini <[email protected]>
+
+- update to 3.17.3:
+  * resolvconf: quote on printf rather than on value
+
+-------------------------------------------------------------------
+Sat Dec 13 16:43:41 UTC 2025 - Andrea Manzini <[email protected]>
+
+- update to 3.17.2:
+  * resolvconf: Escape single quotes in input when parsing
+    Fixes a futher attack vector from the prior release
+
+- update to 3.17.1:
+  * resolvconf: Single quote parsed values from resolv.conf
+
+-------------------------------------------------------------------

Old:
----
  openresolv-3.17.0.tar.xz
  openresolv-3.17.0.tar.xz.asc

New:
----
  openresolv-3.17.3.tar.xz
  openresolv-3.17.3.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ openresolv.spec ++++++
--- /var/tmp/diff_new_pack.IQbkcZ/_old  2025-12-20 21:49:16.118089404 +0100
+++ /var/tmp/diff_new_pack.IQbkcZ/_new  2025-12-20 21:49:16.154090898 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package openresolv
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           openresolv
-Version:        3.17.0
+Version:        3.17.3
 Release:        0
 Summary:        DNS management framework
 License:        BSD-2-Clause

++++++ openresolv-3.17.0.tar.xz -> openresolv-3.17.3.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/openresolv-3.17.0/resolvconf.in 
new/openresolv-3.17.3/resolvconf.in
--- old/openresolv-3.17.0/resolvconf.in 2025-06-26 11:59:34.000000000 +0200
+++ new/openresolv-3.17.3/resolvconf.in 2025-12-13 21:17:18.000000000 +0100
@@ -25,7 +25,7 @@
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 RESOLVCONF="$0"
-OPENRESOLV_VERSION="3.17.0"
+OPENRESOLV_VERSION="3.17.3"
 SYSCONFDIR=@SYSCONFDIR@
 LIBEXECDIR=@LIBEXECDIR@
 VARDIR=@VARDIR@
@@ -233,8 +233,34 @@
        return 1
 }
 
+# Quote input so it can be safely used for variable assignment via eval
+quote()
+{
+       if [ -z "$1" ]; then
+               R="''"
+       else
+               R=
+               for W; do
+                       while [ -n "$W" ]; do
+                               case "$W" in
+                               \'*)  R="$R\\'"; W=${W#?};;
+                               ?\'*) R="$R\\${W%%\'*}"; W="${W#?}";;
+                               *\'*) R="$R'${W%%\'*}'"; W="'${W#*\'}";;
+                               ?)    R="$R\\$W"; W=;;
+                               *)    R="$R'$W'"; W=;;
+                               esac
+                       done
+               done
+       fi
+
+       printf '%s\n' "$R"
+       return 0
+}
+
 # Parse resolv.conf's and make variables
 # for domain name servers, search name servers and global nameservers
+# Important! Each printf here should use the above quote function
+# to ensure that user input is quoted for eval.
 parse_resolv()
 {
        domain=
@@ -275,7 +301,7 @@
                                esac
                        done
                        if $islocal; then
-                               echo "LOCALNAMESERVERS=\"\$LOCALNAMESERVERS 
$value\""
+                               printf 'LOCALNAMESERVERS="$LOCALNAMESERVERS 
"%s\n' "$(quote "$value")"
                        else
                                ns="$ns${ns:+ }$value"
                        fi
@@ -285,7 +311,7 @@
                        if [ -z "$domain" ]; then
                                domain="$search"
                                if ! $nosearch; then
-                                       echo "DOMAIN=\"$domain\""
+                                       printf 'DOMAIN=%s\n' "$(quote 
"$domain")"
                                fi
                        fi
                        ;;
@@ -303,13 +329,13 @@
                                for d in $search; do
                                        ds="$ds${ds:+ }$d:$newns"
                                done
-                               echo "DOMAINS=\"\$DOMAINS $ds\""
+                               printf 'DOMAINS="$DOMAINS "%s\n' "$(quote 
"$ds")"
                        fi
                        if ! $nosearch; then
-                               echo "SEARCH=\"\$SEARCH $search\""
+                               printf 'SEARCH="$SEARCH "%s\n' "$(quote 
"$search")"
                        fi
                        if ! $private; then
-                               echo "NAMESERVERS=\"\$NAMESERVERS $ns\""
+                               printf 'NAMESERVERS="$NAMESERVERS "%s\n' 
"$(quote "$ns")"
                        fi
                        ns=
                        search=
@@ -1004,6 +1030,7 @@
                        newdomains="$newdomains${newdomains:+ }$dn:$newns"
                fi
        done
+
        DOMAIN="$(list_remove domain_blacklist $DOMAIN)"
        SEARCH="$(uniqify $SEARCH)"
        SEARCH="$(list_remove domain_blacklist $SEARCH)"
@@ -1011,11 +1038,13 @@
        NAMESERVERS="$(list_remove name_server_blacklist $NAMESERVERS)"
        LOCALNAMESERVERS="$(uniqify $LOCALNAMESERVERS)"
        LOCALNAMESERVERS="$(list_remove name_server_blacklist 
$LOCALNAMESERVERS)"
-       echo "DOMAIN='$DOMAIN'"
-       echo "SEARCH='$SEARCH'"
-       echo "NAMESERVERS='$NAMESERVERS'"
-       echo "LOCALNAMESERVERS='$LOCALNAMESERVERS'"
-       echo "DOMAINS='$newdomains'"
+
+       # Ensure output is quoted for eval
+       printf 'DOMAIN=%s\n' "$(quote "$DOMAIN")"
+       printf 'SEARCH=%s\n' "$(quote "$SEARCH")"
+       printf 'NAMESERVERS=%s\n' "$(quote "$NAMESERVERS")"
+       printf 'LOCALNAMESERVERS=%s\n' "$(quote "$LOCALNAMESERVERS")"
+       printf 'DOMAINS=%s\n' "$(quote "$newdomains")"
 }
 
 force=false
@@ -1054,7 +1083,7 @@
 fi
 
 if [ -z "$cmd" ]; then
-               if [ "$IF_PRIVATE" = 1 ]; then
+       if [ "$IF_PRIVATE" = 1 ]; then
                cmd=p
        elif [ "$IF_EXCLUSIVE" = 1 ]; then
                cmd=x

commit openresolv for openSUSE:Factory

Reply via email to