Hello community, here is the log from the commit of package shadowsocks-libev for openSUSE:Factory checked in at 2017-11-01 11:09:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shadowsocks-libev (Old) and /work/SRC/openSUSE:Factory/.shadowsocks-libev.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shadowsocks-libev" Wed Nov 1 11:09:50 2017 rev:2 rq:537772 version:3.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/shadowsocks-libev/shadowsocks-libev.changes 2017-09-28 12:35:56.282891397 +0200 +++ /work/SRC/openSUSE:Factory/.shadowsocks-libev.new/shadowsocks-libev.changes 2017-11-01 11:09:49.441366254 +0100 @@ -1,0 +2,6 @@ +Tue Oct 31 03:31:56 UTC 2017 - hillw...@opensuse.org + +- Add fix-Command-Execution-in-ss-manager.patch + * Fix boo#1065619 and CVE-2017-15924 + +------------------------------------------------------------------- New: ---- fix-Command-Execution-in-ss-manager.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shadowsocks-libev.spec ++++++ --- /var/tmp/diff_new_pack.tV60Qe/_old 2017-11-01 11:09:50.177339371 +0100 +++ /var/tmp/diff_new_pack.tV60Qe/_new 2017-11-01 11:09:50.181339225 +0100 @@ -1,7 +1,7 @@ # # spec file for package shadowsocks-libev # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,15 +15,18 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + %define libver 2 Name: shadowsocks-libev Version: 3.1.0 Release: 0 -License: GPL-3.0+ Summary: Libev port of Shadowsocks -Url: https://github.com/shadowsocks/shadowsocks-libev +License: GPL-3.0+ Group: Productivity/Networking/Web/Proxy +Url: https://github.com/shadowsocks/shadowsocks-libev Source0: https://github.com/shadowsocks/shadowsocks-libev/releases/download/v%{version}/%{name}-%{version}.tar.gz +# PATFH-FIX-SUSE fix-Command-Execution-in-ss-manager.patch hillw...@opensuse.org --Fix boo#1065619 and CVE-2017-15924 +Patch0: fix-Command-Execution-in-ss-manager.patch Source1: %{name}-config.json Source2: %{name}-client.service Source3: %{name}-server.service @@ -32,12 +35,12 @@ Source6: %{name}-manager.service Source7: %{name}-redir.service BuildRequires: libtool -BuildRequires: pkgconfig(openssl) -BuildRequires: pkgconfig(libsodium) >= 1.0.4 -BuildRequires: pkgconfig(libpcre) +BuildRequires: mbedtls-devel BuildRequires: pkgconfig(libcares) BuildRequires: pkgconfig(libev) -BuildRequires: mbedtls-devel +BuildRequires: pkgconfig(libpcre) +BuildRequires: pkgconfig(libsodium) >= 1.0.4 +BuildRequires: pkgconfig(openssl) %if 0%{?fedora} >= 24 BuildRequires: pkgconfig %else @@ -47,8 +50,8 @@ BuildRequires: ghostscript-core %endif BuildRequires: asciidoc -BuildRequires: xmlto BuildRequires: systemd +BuildRequires: xmlto Recommends: simple-obfs %{?systemd_requires} BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -59,6 +62,7 @@ %package -n lib%{name}%{libver} Summary: Libev port of Shadowsocks +Group: Productivity/Networking/Web/Proxy %description -n lib%{name}%{libver} shadowsocks-libev is a lightweight secured scoks5 proxy @@ -91,6 +95,7 @@ %prep %setup -q +%patch0 -p1 %build %configure --prefix=%{_prefix} \ ++++++ fix-Command-Execution-in-ss-manager.patch ++++++ diff -Nur shadowsocks-libev-3.1.0/src/manager.c shadowsocks-libev-3.1.0-new/src/manager.c --- shadowsocks-libev-3.1.0/src/manager.c 2017-09-06 09:19:47.000000000 +0800 +++ shadowsocks-libev-3.1.0-new/src/manager.c 2017-10-31 11:29:51.122235135 +0800 @@ -92,7 +92,7 @@ } static void -build_config(char *prefix, struct server *server) +build_config(char *prefix, struct manager_ctx *manager, struct server *server) { char *path = NULL; int path_size = strlen(prefix) + strlen(server->port) + 20; @@ -110,11 +110,18 @@ fprintf(f, "{\n"); fprintf(f, "\"server_port\":%d,\n", atoi(server->port)); fprintf(f, "\"password\":\"%s\"", server->password); - if (server->fast_open[0]) fprintf(f, ",\n\"fast_open\": %s", server->fast_open); - if (server->mode) fprintf(f, ",\n\"mode\":\"%s\"", server->mode); - if (server->method) fprintf(f, ",\n\"method\":\"%s\"", server->method); - if (server->plugin) fprintf(f, ",\n\"plugin\":\"%s\"", server->plugin); - if (server->plugin_opts) fprintf(f, ",\n\"plugin_opts\":\"%s\"", server->plugin_opts); + if (server->method) + fprintf(f, ",\n\"method\":\"%s\"", server->method); + else if (manager->method) + fprintf(f, ",\n\"method\":\"%s\"", manager->method); + if (server->fast_open[0]) + fprintf(f, ",\n\"fast_open\": %s", server->fast_open); + if (server->mode) + fprintf(f, ",\n\"mode\":\"%s\"", server->mode); + if (server->plugin) + fprintf(f, ",\n\"plugin\":\"%s\"", server->plugin); + if (server->plugin_opts) + fprintf(f, ",\n\"plugin_opts\":\"%s\"", server->plugin_opts); fprintf(f, "\n}\n"); fclose(f); ss_free(path); @@ -124,17 +131,17 @@ construct_command_line(struct manager_ctx *manager, struct server *server) { static char cmd[BUF_SIZE]; - char *method = manager->method; int i; + int port; - build_config(working_dir, server); + port = atoi(server->port); + + build_config(working_dir, manager, server); - if (server->method) method = server->method; memset(cmd, 0, BUF_SIZE); snprintf(cmd, BUF_SIZE, - "%s -m %s --manager-address %s -f %s/.shadowsocks_%s.pid -c %s/.shadowsocks_%s.conf", - executable, method, manager->manager_address, - working_dir, server->port, working_dir, server->port); + "%s --manager-address %s -f %s/.shadowsocks_%d.pid -c %s/.shadowsocks_%d.conf", + executable, manager->manager_address, working_dir, port, working_dir, port); if (manager->acl != NULL) { int len = strlen(cmd); @@ -1211,3 +1218,4 @@ return 0; } +
