Hello community, here is the log from the commit of package sysconfig for openSUSE:12.1:Update:Test checked in at 2011-12-19 18:24:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/sysconfig (Old) and /work/SRC/openSUSE:12.1:Update:Test/.sysconfig.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sysconfig", Maintainer is "m...@suse.com" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/sysconfig/sysconfig.changes 2011-12-19 18:24:18.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.sysconfig.new/sysconfig.changes 2011-12-19 18:24:18.000000000 +0100 @@ -1,0 +2,11 @@ +Mon Dec 19 09:41:09 UTC 2011 - m...@suse.com + +- Fixed to quote config / interface variables in ifservices script + and cleaned up content of the ESSID which gets appended to them + by NetworkManager dispatcher hook (bnc#735394, CVE-2011-4182). + Fixed also to return proper exit code 0 in NM dispatcher hooks. +- Changed to call ip addr flush in ifdown, but after ip link set + down as it does not cause ipv6 sysctl tree side effects then + at least with more recent kernels (bnc#580018,bnc#559170). + +------------------------------------------------------------------ Old: ---- sysconfig-nm-online-timeout-0-default.patch New: ---- 0001-sysconfig-nm-online-timeout-0-default.patch 0002-Fixed-order-of-addr-flush-and-link-down-in-ifdown.patch 0003-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sysconfig.spec ++++++ --- /var/tmp/diff_new_pack.JzMu8m/_old 2011-12-19 18:24:19.000000000 +0100 +++ /var/tmp/diff_new_pack.JzMu8m/_new 2011-12-19 18:24:19.000000000 +0100 @@ -15,24 +15,23 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - Name: sysconfig Version: 0.75.4 Release: 0 Summary: The sysconfig scheme and traditional network scripts -Url: http://gitorious.org/opensuse/sysconfig +License: GPL-2.0+ Group: System/Base -License: GPLv2+ -AutoReqProv: on +Url: http://gitorious.org/opensuse/sysconfig PreReq: %fillup_prereq %insserv_prereq textutils fileutils gawk sed grep # we may create these automatically from rpm later Provides: sysvinit(network) Requires: iproute2 dbus-1 procps BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: %name-%version.tar.bz2 -Patch1: sysconfig-nm-online-timeout-0-default.patch +Patch1: 0001-sysconfig-nm-online-timeout-0-default.patch +Patch2: 0002-Fixed-order-of-addr-flush-and-link-down-in-ifdown.patch +Patch3: 0003-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch %description This package provides the SuSE system configuration scheme and @@ -53,6 +52,8 @@ %prep %setup -n sysconfig-%{version} %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build autoreconf --force --install ++++++ 0001-sysconfig-nm-online-timeout-0-default.patch ++++++ >From 578a4f46906883e376ec36261bdaee4e823421da Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski <m...@suse.com> Date: Mon, 10 Oct 2011 13:13:49 +0200 Subject: [PATCH] Changed NM_ONLINE_TIMEOUT default to 0 Changed NM_ONLINE_TIMEOUT default back to 0 to avoid unneeded waiting for NM interfaces at boot (bnc#722304) Signed-off-by: Marius Tomaschewski <m...@suse.com> --- config/sysconfig.config-network | 4 ++-- sysconfig.spec.in | 18 ------------------ 2 files changed, 2 insertions(+), 20 deletions(-) diff --git a/config/sysconfig.config-network b/config/sysconfig.config-network index 1f8d05a..38e3eb1 100644 --- a/config/sysconfig.config-network +++ b/config/sysconfig.config-network @@ -226,7 +226,7 @@ IFPLUGD_OPTIONS="-f -I -b" NETWORKMANAGER=no ## Type: int -## Default: 30 +## Default: 0 # # When using NetworkManager you may define a timeout to wait for NetworkManager # to connect in /etc/init.d/network(-remotefs) script. Other network services @@ -234,7 +234,7 @@ NETWORKMANAGER=no # # This variable has no effect if NETWORKMANAGER=no. # -NM_ONLINE_TIMEOUT="30" +NM_ONLINE_TIMEOUT="0" ## Type: string ## Default: "dns-resolver dns-bind ntp-runtime nis" diff --git a/sysconfig.spec.in b/sysconfig.spec.in index f559763..b64d677 100644 --- a/sysconfig.spec.in +++ b/sysconfig.spec.in @@ -119,13 +119,6 @@ if [ ${1:-0} -gt 1 ]; then if [ ! -f etc/sysconfig/network/scripts/move_shm_sysconfig.sh ] ; then touch etc/sysconfig/network/__move_shm_sysconfig__ fi - # set a mark when updating from NM_ONLINE_TIMEOUT=0 - eval NM_ONLINE_TIMEOUT='' \ - `grep -s '^[[:space:]]*NM_ONLINE_TIMEOUT=' \ - var/adm/fillup-templates/sysconfig.config-network` - if [ "x$NM_ONLINE_TIMEOUT" = "x0" ] ; then - touch etc/sysconfig/network/__nm_online_timeout__ - fi fi %post @@ -142,17 +135,6 @@ fi # %{fillup_and_insserv -fY network} %{fillup_and_insserv -fY network-remotefs} -# remove first, we need the new default value -sysconfig_remove_and_set network/dhcp DHCLIENT_TIMEOUT -# remove first when NM_ONLINE_TIMEOUT was 0 in old template -if [ -f etc/sysconfig/network/__nm_online_timeout__ ] ; then - rm -f etc/sysconfig/network/__nm_online_timeout__ - eval NM_ONLINE_TIMEOUT='' \ - `grep -s '^[[:space:]]*NM_ONLINE_TIMEOUT=' \ - etc/sysconfig/network/config` - [ "x$NM_ONLINE_TIMEOUT" = "x0" ] && \ - sysconfig_remove_and_set network/config NM_ONLINE_TIMEOUT -fi %{fillup_only -dns dhcp network network} %{fillup_only -dns config network network} /sbin/ldconfig -- 1.7.3.4 ++++++ 0002-Fixed-order-of-addr-flush-and-link-down-in-ifdown.patch ++++++ >From d844f0ceb913a60e2c88b1097c98aa0b4486288f Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski <m...@suse.com> Date: Fri, 18 Nov 2011 13:47:26 +0100 Subject: [PATCH] Fixed order of addr flush and link down in ifdown Changed the order of ip addr flush and ip link set down calls in ifdown as it does not trigger the ipv6 sysctl tree removal (bnc#580018,bnc#559170). Signed-off-by: Marius Tomaschewski <m...@suse.com> --- scripts/ifup | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ifup b/scripts/ifup index bd6e83a..409a925 100755 --- a/scripts/ifup +++ b/scripts/ifup @@ -949,8 +949,8 @@ case "$BOOTPROTO$SKIP_MAIN_PART" in # Calling 'ip' if there is no interface (ifdown called from udev for # remove event) would trigger automatic module loading (Bug 199456) if [ -d /sys/class/net/$INTERFACE ] ; then - ip addr flush dev $INTERFACE &>/dev/null ip link set dev $INTERFACE down &>/dev/null + ip addr flush dev $INTERFACE &>/dev/null fi retcode=0 # $? ;; @@ -1134,8 +1134,8 @@ case "$BOOTPROTO$SKIP_MAIN_PART" in # Calling 'ip' if there is no interface (ifdown called from udev for # remove event) would trigger automatic module loading (Bug 199456) if [ -d /sys/class/net/$INTERFACE ] ; then - ip addr flush dev $INTERFACE &>/dev/null ip link set dev $INTERFACE down &>/dev/null + ip addr flush dev $INTERFACE &>/dev/null fi retcode=0 # $? ;; -- 1.7.3.4 ++++++ 0003-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch ++++++ >From 74f224c74c2c463365b0d39c14117870ce5776d5 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski <m...@suse.com> Date: Fri, 16 Dec 2011 16:03:15 +0100 Subject: [PATCH] CVE-2011-4182 - fixed quoting in ifservices script Fixed to quote config / interface variables in ifservices script and cleaned up content of the ESSID which gets appended to them by NetworkManager dispatcher hook (bnc#735394, CVE-2011-4182). Fixed also to return proper exit code 0 in NM dispatcher hooks. Signed-off-by: Marius Tomaschewski <m...@suse.com> --- scripts/ifup-services | 10 +++++----- scripts/netcontrol_services | 6 ++++-- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/scripts/ifup-services b/scripts/ifup-services index 2047d34..8a3b083 100755 --- a/scripts/ifup-services +++ b/scripts/ifup-services @@ -95,15 +95,15 @@ done ###################################################################### # check presence of configuration file and source it # -test -f ./ifcfg-$CONFIG && . ./ifcfg-$CONFIG +test -f "./ifcfg-$CONFIG" && . "./ifcfg-$CONFIG" if [ -d "ifservices-$CONFIG" ] ; then - cd ifservices-$CONFIG + cd "ifservices-$CONFIG" elif [ -d "ifservices-$INTERFACE" ] ; then - cd ifservices-$INTERFACE + cd "ifservices-$INTERFACE" elif [ -d "ifservices-${INTERFACE%%-*}" ] ; then - cd ifservices-${INTERFACE%%-*} + cd "ifservices-${INTERFACE%%-*}" elif [ -d "ifservices" ] ; then - cd ifservices + cd "ifservices" else debug "No services to handle for '$CONFIG $INTERFACE'" exit 0 diff --git a/scripts/netcontrol_services b/scripts/netcontrol_services index 928f466..d0a55b7 100755 --- a/scripts/netcontrol_services +++ b/scripts/netcontrol_services @@ -28,10 +28,12 @@ # Note that services are stopped always _after_ the interface is down. Stopping # services earlier would require a change in NetworkManager itself. -cd /etc/sysconfig/network/ || exit +cd /etc/sysconfig/network/ || exit 0 test -r ./config && . ./config test -r scripts/functions && . scripts/functions -E="`iwconfig ${1} 2>/dev/null | sed -n 's/^.*ESSID:\"\([^\"]*\)\".*$/\1/p'`" +E=`iwconfig "${1}" 2>/dev/null | \ + sed -n 's/^.*ESSID:\"\([^\"]*\)\".*$/\1/p' | \ + sed -e 's/[^abcdefghijklmnopqrstuvwxyz0123456789=._-]/_/gi'` info_mesg "calling 'if${2}-services ${1}${E:+-$E}'" scripts/if${2}-services "${1}${E:+-$E}" -- 1.7.3.4 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
