Re: Security Advisory?

Sun, 02 Oct 2005 18:07:53 -0700 

See here for the patch:

http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1.diff.gz

That is linked to from http://www.debian.org/security/2005/dsa-836 .

It looks like a patch to a Debian-contributed shell script called vicf,
so I don't think general cfengine users need to worry.

For those not as familiar with Debian, here is how I figured that out:

    $ URL=http://security.debian.org/pool/updates/main/c/cfengine2
    $ wget -q $URL/cfengine2_2.1.14-1sarge1.diff.gz
    $ wget -q $URL/cfengine2_2.1.14-1sarge1.dsc
    $ wget -q $URL/cfengine2_2.1.14.orig.tar.gz
    $ dpkg-source -x cfengine2_2.1.14-1sarge1.dsc 
    dpkg-source: extracting cfengine2 in cfengine2-2.1.14
    $ cd cfengine2-2.1.14/debian/patches
    $ ls
    010_CAN-2005-2960_tmpfile
    $

I included the whole patch below my sig.

Best,
Brendan

--
Senior System Administrator
The University of Chicago
Department of Computer Science
http://www.cs.uchicago.edu/people/brendan


diff -u -p -Nr --exclude CVS cfengine-2.1.14.orig/contrib/vicf.in 
cfengine-2.1.14/contrib/vicf.in
--- cfengine-2.1.14.orig/contrib/vicf.in        2005-02-08 12:48:56.000000000 
+0100
+++ cfengine-2.1.14/contrib/vicf.in     2005-09-23 12:11:34.000000000 +0200
@@ -56,12 +56,13 @@ EdFile () {
     while [ "$editfile" = "n" ]
     do
        ${EDITOR} ${CFINPUTS}/.${file}.lock
-       cp /dev/null /tmp/cfparse.$$
-       $sbindir/cfengine --no-warn --parse-only --file 
${CFINPUTS}/.${file}.lock > /tmp/cfparse.$$ 2>&1
-       if [ -s /tmp/cfparse.$$ ]
+        tmpfile=`mktemp -t tempfile.XXXXXX` || { echo "$0: Cannot create 
temporary file" >&2; exit 1;  }
+        trap " [ -f \"$tmpfile\" ] && /bin/rm -f -- \"$tmpfile\"" 0 1 2 3 13 15
+        $sbindir/cfengine --no-warn --parse-only --file 
${CFINPUTS}/.${file}.lock > $tmpfile 2>&1
+        if [ -s $tmpfile ]
        then
                echo PARSE ERROR IN NEW INPUT-FILE:
-               cat /tmp/cfparse.$$
+               cat $tmpfile
                /usr/ucb/echo -n "Re-edit file? (Y/n) "
                read answer
                if [ "$answer" = "n" ]
@@ -75,7 +76,7 @@ EdFile () {
        fi
     done
 
-    rm -f /tmp/cfparse.$$ ${CFINPUTS}/.${file}.lock
+    rm -f ${CFINPUTS}/.${file}.lock
 }
 
 force=n


_______________________________________________
Help-cfengine mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-cfengine

Reply via email to