Hello community,
here is the log from the commit of package sysvinit for openSUSE:Factory
checked in at Wed Jul 27 18:30:12 CEST 2011.
--------
--- sysvinit/sysvinit.changes 2011-07-26 14:13:52.000000000 +0200
+++ /mounts/work_src_done/STABLE/sysvinit/sysvinit.changes 2011-07-27
15:22:47.000000000 +0200
@@ -1,0 +2,11 @@
+Wed Jul 27 13:11:31 UTC 2011 - wer...@suse.de
+
+- Add workaround for blowfish signedness bug (CVE-2011-2483)
+
+-------------------------------------------------------------------
+Wed Jul 27 10:41:27 UTC 2011 - wer...@suse.de
+
+- Sulogin: respect byte order that is do not mix chars and ints
+ (bnc#707724)
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
sysvinit-2.88+dsf-blowfish.dif
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sysvinit.spec ++++++
--- /var/tmp/diff_new_pack.G9Sblb/_old 2011-07-27 18:29:35.000000000 +0200
+++ /var/tmp/diff_new_pack.G9Sblb/_new 2011-07-27 18:29:35.000000000 +0200
@@ -29,7 +29,7 @@
Group: System/Base
AutoReqProv: on
Version: 2.88+
-Release: 54
+Release: 56
Summary: SysV-Style init
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: audit-devel libselinux-devel libsepol-devel pam-devel
@@ -52,6 +52,7 @@
Patch5: sysvinit-2.88dsf-multiple-sulogin.patch
Patch6: sysvinit-2.88+dsf-run.diff
Patch7: sysvinit-2.88+dsf-crypt.patch
+Patch8: sysvinit-2.88+dsf-blowfish.dif
Patch20: powerd-2.0.2.dif
Patch21: powerd-2.0.2-getaddrinfo.patch
Patch30: killproc-2.19.dif
@@ -95,6 +96,7 @@
%patch5 -p0 -b .sulogin
%patch6 -p0 -b .run
%patch7 -p0 -b .crypt
+%patch8 -p0 -b .blowfish
%patch
pushd ../powerd-%{PDVER}
%patch20
++++++ sysvinit-2.88+dsf-blowfish.dif ++++++
--- src/consoles.h
+++ src/consoles.h 2011-07-27 11:10:26.620613503 +0000
@@ -39,6 +39,7 @@ struct console {
int fd, id;
#define CON_SERIAL 0x0001
#define CON_NOTTY 0x0002
+#define CON_EIGHTBIT 0x1000
pid_t pid;
struct chardata cp;
struct termios tio;
--- src/sulogin.c
+++ src/sulogin.c 2011-07-27 13:10:16.791925602 +0000
@@ -635,6 +635,7 @@ char *getpasswd(struct console *con)
ptr = &pass[0];
cp->eol = *ptr = '\0';
+ con->flags &= ~CON_EIGHTBIT;
eightbit = ((con->flags & CON_SERIAL) == 0 || (tty.c_cflag &
(PARODD|PARENB)) == 0);
while (cp->eol == '\0') {
if (read(fd, &c, 1) < 1) {
@@ -697,6 +698,8 @@ char *getpasswd(struct console *con)
goto quit;
}
*ptr++ = ascval;
+ if (((unsigned char)ascval) & 0x80)
+ con->flags |= CON_EIGHTBIT;
break;
}
}
@@ -839,6 +842,30 @@ void usage(void)
fprintf(stderr, "Usage: sulogin [-e] [-p] [-t timeout] [tty
device]\n\r");
}
+/*
+ * Wrapper for blowfish signedness bug (CVE-2011-2483)
+ */
+
+static
+int checkpw(const char *answer, const char *passwd, const struct console *con)
+{
+ char buf[64];
+
+ if (strcmp(crypt(answer, passwd), passwd) == 0)
+ return 1;
+ if (strncmp(passwd, "$2a$", 4) != 0)
+ return 0;
+ if ((con->flags & CON_EIGHTBIT) == 0)
+ return 0;
+ if (strlen(passwd) >= 64)
+ return 0;
+
+ strncpy(buf, passwd, 64);
+ buf[2] = 'x';
+
+ return (strcmp(crypt(answer, buf), buf) == 0);
+}
+
int main(int argc, char **argv)
{
char *tty = NULL;
@@ -967,8 +994,7 @@ int main(int argc, char **argv)
if ((answer = getpasswd(con)) == NULL)
break;
- if (passwd[0] == '\0' ||
- strcmp(crypt(answer, passwd), passwd) == 0)
{
+ if (passwd[0] == '\0' || checkpw(answer,
passwd, con)) {
*usemask |= (1<<con->id);
sushell(pwd);
*usemask &= ~(1<<con->id);
++++++ sysvinit-2.88dsf-multiple-sulogin.patch ++++++
--- /var/tmp/diff_new_pack.G9Sblb/_old 2011-07-27 18:29:35.000000000 +0200
+++ /var/tmp/diff_new_pack.G9Sblb/_new 2011-07-27 18:29:35.000000000 +0200
@@ -503,9 +503,9 @@
+ struct termios tty;
+ char *ret = pass;
+ unsigned char tc;
-+ char ascval;
++ char c, ascval;
+ int eightbit;
-+ int c, fd;
++ int fd;
+
+ if (con->flags & CON_NOTTY)
+ goto out;
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
