Hello community, here is the log from the commit of package opie for openSUSE:Factory checked in at Wed Jul 6 10:19:12 CEST 2011.
-------- --- opie/opie.changes 2010-10-31 19:04:12.000000000 +0100 +++ /mounts/work_src_done/STABLE/opie/opie.changes 2011-07-05 17:15:44.000000000 +0200 @@ -1,0 +2,8 @@ +Mon Jun 27 16:51:42 CEST 2011 - meiss...@suse.de + +- Fixed 2 singlebyte overflows in opiesu (bnc#698772 CVE-2011-2489) +- Fixed missing setuid() return check in opielogin (bnc#698772 CVE-2011-2490) +- run permission hooks +- fixed some build issues + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- opie-2.4-implicit.patch opie-fix-autoconf.patch opielogin-setuid-CVE-2011-2490.patch opiesu-overflow-CVE-2011-2489.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ opie.spec ++++++ --- /var/tmp/diff_new_pack.yHYW3d/_old 2011-07-06 10:16:20.000000000 +0200 +++ /var/tmp/diff_new_pack.yHYW3d/_new 2011-07-06 10:16:20.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package opie (Version 2.4) +# spec file for package opie # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ BuildRequires: bison pam-devel Url: http://www.inner.net/opie Version: 2.4 -Release: 708 +Release: 713 License: GPLv2+ Group: Productivity/Security Provides: pam_opie @@ -47,6 +47,10 @@ Patch12: %{name_pam}-%{version_pam}_array-subscript.patch Patch13: %name-2.4-getline.patch Patch14: %name-2.4-fclose.patch +Patch15: %name-2.4-implicit.patch +Patch16: opielogin-setuid-CVE-2011-2490.patch +Patch17: opiesu-overflow-CVE-2011-2489.patch +Patch18: opie-fix-autoconf.patch Summary: Support for One-Time Passwords BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -75,18 +79,24 @@ perl -pi -e 's/(?<!DESTDIR\))\$\(LOCALMAN\)/\$\(DESTDIR\)\$\(LOCALMAN\)/g' Makefile.in %patch10 -p1 %patch11 -cd %{name_pam} +pushd %{name_pam} %patch1 -p0 %patch12 -cd .. +popd %patch13 %patch14 +%patch15 -p1 +%patch16 +%patch17 +%patch18 %build # build opie export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" +autoreconf -i -f %configure --enable-insecure-override make %{?_smp_mflags} + # build pam_opie cd %{name_pam} make %{?_smp_mflags} @@ -108,11 +118,25 @@ %clean [ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT +%verifyscript +%verify_permissions -e /usr/bin/opiepasswd -e /usr/bin/opiesu + +%post +%set_permissions /usr/bin/opiepasswd /usr/bin/opiesu + %files %defattr(-,root,root) %dir /etc/opielocks %config(noreplace) /etc/opiekeys -/usr/bin/* +/usr/bin/opieftpd +/usr/bin/opiegen +/usr/bin/opieinfo +/usr/bin/opiekey +/usr/bin/opielogin +%verify(not mode) /usr/bin/opiepasswd +%verify(not mode) /usr/bin/opiesu +/usr/bin/otp-md4 +/usr/bin/otp-md5 /%{_lib}/security/pam_opie.so /%{_includedir}/opie.h /%{_libdir}/libopie.a ++++++ opie-2.4-implicit.patch ++++++ Index: opie-2.4/configure.in =================================================================== --- opie-2.4.orig/configure.in +++ opie-2.4/configure.in @@ -467,7 +467,7 @@ AC_CHECK_LIB(socket, socket) dnl Checks for header files. AC_HEADER_DIRENT AC_HEADER_SYS_WAIT -AC_CHECK_HEADERS(crypt.h fcntl.h limits.h termios.h sys/file.h sys/ioctl.h sys/time.h syslog.h unistd.h paths.h shadow.h signal.h sys/signal.h lastlog.h sys/utsname.h pwd.h sys/param.h string.h stdlib.h utmpx.h sys/select.h) +AC_CHECK_HEADERS(crypt.h fcntl.h limits.h termios.h sys/file.h sys/ioctl.h time.h sys/time.h syslog.h unistd.h paths.h shadow.h signal.h sys/signal.h lastlog.h sys/utsname.h pwd.h sys/param.h string.h stdlib.h utmpx.h sys/select.h) dnl Checks for typedefs, structures, and compiler characteristics. dnl AC_TYPE_UID_T ++++++ opie-fix-autoconf.patch ++++++ Index: configure.in =================================================================== --- configure.in.orig +++ configure.in @@ -546,7 +546,9 @@ AC_TRY_COMPILE([ #endif /* HAVE_UNISTD_H */ ], [struct timeval tv; -gettimeofday(&tv, NULL)], AC_MSG_RESULT(no), AC_MSG_RESULT(maybe) AC_TRY_COMPILE([ +gettimeofday(&tv, NULL)],[AC_MSG_RESULT(no)],[ +AC_MSG_RESULT(maybe) +AC_TRY_COMPILE([ #if HAVE_SYS_TIME_H #include <sys/time.h> #endif /* HAVE_SYS_TIME_H */ @@ -555,8 +557,13 @@ gettimeofday(&tv, NULL)], AC_MSG_RESULT( #endif /* HAVE_UNISTD_H */ ], [struct timeval tv; -gettimeofday(&tv)], AC_DEFINE(HAVE_ONE_ARG_GETTIMEOFDAY) AC_MSG_RESULT(yes), AC_MSG_RESULT(no))) +gettimeofday(&tv)], +[ + AC_DEFINE(HAVE_ONE_ARG_GETTIMEOFDAY) + AC_MSG_RESULT(yes) +],[AC_MSG_RESULT(no)])]) # Munge out LOCALBIN and LOCALMAN in canonical (no bletch) form -AC_OUTPUT(configure.munger libmissing/Makefile libopie/Makefile Makefile.munge:Makefile.in) +AC_CONFIG_FILES(configure.munger libmissing/Makefile libopie/Makefile Makefile.munge:Makefile.in) +AC_OUTPUT sh configure.munger ++++++ opielogin-setuid-CVE-2011-2490.patch ++++++ --- opielogin.c.xx 2011-06-27 16:46:10.000000000 +0200 +++ opielogin.c 2011-06-27 16:48:05.000000000 +0200 @@ -1309,7 +1309,11 @@ fflush(stderr); #endif /* PERMSFILE */ - setuid(thisuser.pw_uid); + if (setuid(thisuser.pw_uid) < 0) { + syslog(LOG_ERR, "setuid() failed with %m. Attack attempt on tty %s, name %s", tty, name); + exit(1); + } + /* destroy environment unless user has asked to preserve it */ if (!pflag) ++++++ opiesu-overflow-CVE-2011-2489.patch ++++++ --- opiesu.c.xx 2011-06-27 16:48:46.000000000 +0200 +++ opiesu.c 2011-06-27 16:50:18.000000000 +0200 @@ -102,7 +102,7 @@ static char userbuf[16] = "USER="; static char homebuf[128] = "HOME="; static char shellbuf[128] = "SHELL="; -static char pathbuf[sizeof("PATH") + sizeof(DEFAULT_PATH) - 1] = "PATH="; +static char pathbuf[sizeof("PATH=") + sizeof(DEFAULT_PATH) - 1] = "PATH="; static char termbuf[32] = "TERM="; static char *cleanenv[] = {userbuf, homebuf, shellbuf, pathbuf, 0, 0}; static char *user = "root"; @@ -260,10 +260,12 @@ int argvsize = 0; for (i = 0; i < argc; argvsize += strlen(argv[i++])); argvsize += argc; + argvsize ++; /* final \0 */ if (!(argvbuf = malloc(argvsize))) { syslog(LOG_ERR, "can't allocate memory to store command line"); exit(1); }; + argvbuf[0] = '\0'; for (i = 0, *argvbuf = 0; i < argc;) { strcat(argvbuf, argv[i]); if (++i < argc) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org