Hello community,
here is the log from the commit of package supportutils for openSUSE:Factory
checked in at 2019-02-24 18:03:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/supportutils (Old)
and /work/SRC/openSUSE:Factory/.supportutils.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "supportutils"
Sun Feb 24 18:03:16 2019 rev:10 rq:677321 version:3.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/supportutils/supportutils.changes
2019-02-13 10:17:01.369365906 +0100
+++ /work/SRC/openSUSE:Factory/.supportutils.new.28833/supportutils.changes
2019-02-24 18:03:19.211776225 +0100
@@ -1,0 +2,20 @@
+Mon Feb 18 10:30:00 UTC 2019 - jason.rec...@suse.com
+
+- Corrected missed SUSE separation lines
+- Fixed invalid exit code commands (bsc#1125666)
+- CVE-2018-19640: supportutils: Users can kill arbitrary processes
+ (CVE-2018-19640 bsc#1118463)
+- User can overwrite arbitrary log files in support tar
+ (CVE-2018-19638 bsc#1118460)
+- Code execution if run with -v
+ (CVE-2018-19639 bsc#1118462)
+- Static temporary filename allows overwriting of files
+ (CVE-2018-19637 bsc#1117776)
+
+-------------------------------------------------------------------
+Fri Feb 15 14:58:41 UTC 2019 - jason.rec...@suse.com
+
+- Included additional SUSE separation (bsc#1125609)
+- Merged added listing of locked packes by zypper #41
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ supportutils-3.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/supportutils-3.1/bin/supportconfig
new/supportutils-3.1/bin/supportconfig
--- old/supportutils-3.1/bin/supportconfig 2019-01-28 18:40:46.842008130
+0100
+++ new/supportutils-3.1/bin/supportconfig 2019-02-19 11:34:41.315290448
+0100
@@ -1,7 +1,7 @@
#!/bin/bash
-SVER='3.1-4.16'
-SDATE='2019 01 28'
+SVER='3.1-4.22'
+SDATE='2019 02 16'
##############################################################################
# supportconfig - Gathers system troubleshooting information for SUSE Support
@@ -151,9 +151,6 @@
log_cmd $BASIC_ENVF 'SPident -vv'
fi
fi
- if rpm -q oes-SPident &>/dev/null; then
- log_cmd $BASIC_ENVF 'oes-SPident -vv'
- fi
cat $LOG/$RPM_DIST_FILE >> $LOG/$BASIC_ENVF
case $SLES_VER in
15*)
@@ -834,6 +831,7 @@
if [ $SLES_VER -ge 110 ] && rpm_verify $OF zypper; then
log_cmd $OF 'date'
log_cmd $OF 'ls -lA --time-style=long-iso /etc/products.d/'
+ log_cmd $OF 'zypper locks'
for CMDOPT in services 'repos -d' patch-check patches
list-patches products '--xml products'
do
if [ $TIMEOUT -ge 10 ]; then
@@ -993,40 +991,6 @@
echolog Done
}
-update_d_info() {
- printlog "Updates Daemon..."
- test $OPTION_UPD -eq 0 && { echolog Excluded; return 1; }
- OF=updates-daemon.txt
- SKIP=0
- addHeaderFile $OF
- if rpm_verify $OF rcd
- then
- RCD_HISTORY="/var/log/rcd/rcd-package-history"
- check_service $OF rcd
- log_cmd $OF "grep |upgrade| $RCD_HISTORY"
-
- FILES="/var/log/rcd/rcd-messages $RCD_HISTORY"
- test $ADD_OPTION_LOGS -gt 0 && log_files $OF 0 $FILES ||
log_files $OF $VAR_OPTION_LINE_COUNT $FILES
- else
- ((SKIP++))
- fi
-
- if rpm_verify $OF zmd
- then
- check_service $OF novell-zmd
- conf_files $OF /etc/zmd/zmd.conf /etc/zmd/deviceid
/etc/zmd/secret /etc/sysconfig/zmd
- sed -i -e 's/.*proxy-password[[:space:]]*=/*REMOVED BY
SUPPORTCONFIG*/g' $LOG/$OF
- [ $ADD_OPTION_LOGS -gt 0 ] &&
FILES="/var/log/zmd-messages.log*" || FILES="/var/log/zmd-messages.log"
- [ $ADD_OPTION_LOGS -gt 0 ] && log_files $OF 0 $FILES ||
log_files $OF $VAR_OPTION_LINE_COUNT $FILES
- FILES="/var/log/messages"
- [ $ADD_OPTION_LOGS -gt 0 ] && grep_log_files 'zmd:' $OF 0
$FILES || grep_log_files 'zmd:' $OF $VAR_OPTION_LINE_COUNT $FILES
- else
- ((SKIP++))
- fi
-
- test $SKIP -lt 2 && echolog Done || echolog Skipped
-}
-
pam_info() {
printlog "PAM..."
test $FORCE_OPTION_PAM -eq 0 && { echolog Excluded; return 1; }
@@ -3420,7 +3384,6 @@
local verify_list
local xserver_present=n
local drm_present=n
- echo "$SLES_VER" > /tmp/supp_log
printlog "X..."
test $OPTION_X -eq 0 && { echolog Excluded; return 1; }
@@ -3817,30 +3780,11 @@
log_cmd $OF 'ss -nlp | grep dhcp'
conf_files $OF /etc/sysconfig/dhcpd
conf_files $OF /etc/dhcpd.conf /var/lib/dhcp/db/dhcpd.leases
- else
- ((SKIP++))
- fi
- if rpm_verify $OF novell-oes-dhcp-conf; then
- SYSNOVLDHCP=/etc/sysconfig/novell/NvlDhcp*
- ACTIVEFILE=$(ls -1 /etc/sysconfig/novell/NvlDhcp* | sort | tail
-1)
- if [ -s $ACTIVEFILE ]; then
- . $ACTIVEFILE
- log_entry $OF entry "Using $ACTIVEFILE"
- conf_files $OF $CONFIG_DHCPSRV_LDAP_DEBUGFILE
$SYSNOVLDHCP
- [ -n "$CONFIG_DHCPSRV_LOCATOR_CONTEXT" ] &&
timed_log_cmd $OF "ldapsearch -x -s one -b $CONFIG_DHCPSRV_LOCATOR_CONTEXT
objectclass=dhcpLocator"
- [ -n "$CONFIG_DHCPSRV_GROUP_CONTEXT" ] && timed_log_cmd
$OF "ldapsearch -x -b cn=DHCPGroup,$CONFIG_DHCPSRV_GROUP_CONTEXT"
- else
- conf_files $OF $SYSNOVLDHCP
- fi
- else
- ((SKIP++))
- fi
- if [ $SKIP -eq 2 ]; then
- echolog Skipped
- else
log_cmd $OF "grep ' dhcpd' /var/log/warn"
log_cmd $OF "grep ' dhcpd' /var/log/messages"
echolog Done
+ else
+ echolog Skipped
fi
}
@@ -4068,15 +4012,6 @@
do
check_service $OF $(basename $WEB_SERVICE)
done
- OES_CATALINA_BASE=''
- if [ -d /var/opt/novell ]; then
- OES_CATALINA_BASE=$(find -L /var/opt/novell -maxdepth 1
-type d | grep tomcat | tail -1)
- fi
- if [ -d $OES_CATALINA_BASE ]; then
- conf_files $OF $OES_CATALINA_BASE/conf/*xml
- FILES="$OES_CATALINA_BASE/logs/catalina.out"
- test $ADD_OPTION_LOGS -gt 0 && log_files $OF 0 $FILES
|| log_files $OF $VAR_OPTION_LINE_COUNT $FILES
- fi
if [ -s /etc/sysconfig/j2ee ]; then
conf_files $OF /etc/sysconfig/j2ee
. /etc/sysconfig/j2ee
@@ -4084,19 +4019,10 @@
FILES="$CATALINA_HOME/logs/catalina.out
$CATALINA_HOME/logs/localhost_log*"
test $ADD_OPTION_LOGS -gt 0 && log_files $OF 0 $FILES
|| log_files $OF $VAR_OPTION_LINE_COUNT $FILES
fi
+ echolog Done
else
- ((SKIP++))
- fi
- if rpm -q novell-nrm &>/dev/null; then
- check_service $OF novell-httpstkd
- conf_files $OF /etc/opt/novell/httpstkd.conf
- log_cmd $OF 'ss -nlp | grep -i http'
- log_cmd $OF 'ps -eaf | grep httpstkd'
- [ -d /etc/opt/novell/httpstkd ] && log_cmd $OF 'ls -lR
--time-style=long-iso /etc/opt/novell/httpstkd'
- else
- ((SKIP++))
+ echolog Skipped
fi
- [ $SKIP -eq 2 ] && echolog Skipped || echolog Done
}
hppsp_info() {
@@ -4273,10 +4199,9 @@
VAR_OPTION_LOG_DIRS=$TARGET_DIRECTORY
fi
-# Ensures files uploaded to a novell.com address have unique file names
+# Uploaded tarball filenames should be unique
if (( UPLOAD_TARBALL )); then
- TONOVELL=$(echo $VAR_OPTION_UPLOAD_TARGET | grep -i "novell.com")
- [ -n "$TONOVELL" ] && VAR_OPTION_UNIQUE_FILE=1
+ VAR_OPTION_UNIQUE_FILE=1
fi
# Add custom tar ball name element
@@ -4332,6 +4257,10 @@
fi
fi
test $VAR_OPTION_SILENT -gt 0 && title >> $LOG/$BASIC_ENVF || title |
tee -a $LOG/$BASIC_ENVF
+ RPM_QA_FILE_PATH=$(mktemp ${LOG}/rpm_qa.XXXXXXXXXX)
+ RPM_DIST_FILE_PATH=$(mktemp ${LOG}/rpm_dist.XXXXXXXXXX)
+ RPM_QA_FILE=$(basename $RPM_QA_FILE_PATH)
+ RPM_DIST_FILE=$(basename $RPM_DIST_FILE_PATH)
addHeaderFile $CSFILE
log_entry $CSFILE note "Privacy Statement"
@@ -4388,7 +4317,6 @@
boot_info
slert_info
update_info
- (( SLES_VER < 110 )) && update_d_info
smt_info
ha_info
ocfs2_info
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/supportutils-3.1/bin/supportconfig.rc
new/supportutils-3.1/bin/supportconfig.rc
--- old/supportutils-3.1/bin/supportconfig.rc 2019-01-28 18:11:22.513588942
+0100
+++ new/supportutils-3.1/bin/supportconfig.rc 2019-02-19 11:34:41.315290448
+0100
@@ -36,7 +36,6 @@
OPTION_NFS=1
OPTION_NTP=1
OPTION_OCFS2=1
-OPTION_OES=0
OPTION_OFILES=1
OPTION_PRINT=1
OPTION_PROC=1
@@ -56,7 +55,6 @@
OPTION_UDEV=1
OPTION_UFILES=1
OPTION_UP=1
-OPTION_UPD=1
OPTION_WEB=1
OPTION_X=1
@@ -78,7 +76,7 @@
VAR_OPTION_CUSTOM_ARCH=""
VAR_OPTION_DMESG=0
VAR_OPTION_GPG_UID=""
-VAR_OPTION_HBREPORT_DIRS='/tmp /root /var/log'
+VAR_OPTION_HBREPORT_DIRS='/var/log /root'
# reports must have the format hb_report.*\.tar\.bz2 in each directory
VAR_OPTION_JOURNALCTL_LINE_COUNT=10000
VAR_OPTION_JOURNALCTL_MAX_BOOTS=10
@@ -113,14 +111,12 @@
RPMFILE=rpm.txt
FSLIST_FILE=fs-files.txt
FSLIST_ADD_FILE="${LIB_DIR}/additional-files.list"
-RPM_QA_FILE=rpm_qa.txt
-RPM_DIST_FILE=rpm_dist.txt
BASIC_ENVF=basic-environment.txt
XML_FILE=summary.xml
COMPRESS="tbz"
COMPRESS_OPT="jcf"
SC_SRV=$(hostname) # %s
-test "$SC_SRV" = "" && SC_SRV=novell
+test "$SC_SRV" = "" && SC_SRV=suse
SC_DATE=$(date +"%y%m%d") # %d
SC_TIME=$(date +"%H%M") # %t
test -x /usr/bin/uuidgen && SC_UID="$(uuidgen 2>/dev/null)" ||
SC_UID="$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)" # %u
@@ -443,7 +439,7 @@
shift
CMDLINE_ORIG="$@"
CMDBIN=$(echo $CMDLINE_ORIG | awk '{print $1}')
- SEMAPHORE_FILE="${LOGFILE}.$(basename ${CMDBIN}).$(date --utc
+%s).SEMAPHORE"
+ SEMAPHORE_FILE="${LOGFILE}.$(basename ${CMDBIN}).$(date --utc
+%s).SC__SEMAPHORE"
SEMAPHORE_BIN=${SEMAPHORE_FILE}.sh
SEMAPHORE_LOG=${SEMAPHORE_FILE}.out
SEMAPHORE_ERR=${SEMAPHORE_FILE}.returncode
@@ -659,25 +655,20 @@
}
timed_cmd_cleanup() {
- TIMEOUT_PIDS=$(\ls -A1 $LOG/*SEMAPHORE.pid 2>/dev/null)
- if [ -n "$TIMEOUT_PIDS" ]; then
+ PIDS2KILL=$(\ps axwwo pid,cmd | grep SC__SEMAPHORE | grep -v grep | awk
'{print $1}')
+ if [[ -n "$PIDS2KILL" ]]; then
test $VAR_OPTION_SILENT -eq 0 && { echo; }
if (( $VAR_OPTION_SBM )); then
printlog -b "Command Clean Up..."
else
printlog -b "Command Clean Up"
fi
- for TIMEOUT_PID_FILE in $TIMEOUT_PIDS
+ while [[ -n "$PIDS2KILL" ]]
do
- echolog " -> $(basename $TIMEOUT_PID_FILE) ($(cat
$TIMEOUT_PID_FILE))"
- PIDS2KILL=$(ps -eaf | grep `cat $TIMEOUT_PID_FILE`
2>/dev/null | grep -v grep | awk '{print $2}')
wait_trace_on "kill $PIDS2KILL"
- kill $PIDS2KILL &>/dev/null
+ kill -9 $PIDS2KILL &>/dev/null
sleep 1
- PIDS2KILL=$(ps -eaf | grep `cat $TIMEOUT_PID_FILE`
2>/dev/null | grep -v grep | awk '{print $2}')
- if [ -z "$PIDS2KILL" ]; then
- rm -f $TIMEOUT_PID_FILE &>/dev/null
- fi
+ PIDS2KILL=$(\ps axwwo pid,cmd | grep SC__SEMAPHORE |
grep -v grep | awk '{print $1}')
wait_trace_off
done
fi
@@ -900,7 +891,7 @@
case $1 in
on) FEATURE_STATE=1 ;;
off) FEATURE_STATE=0 ;;
- *) echo "ERROR: selected_features: Invalid FEATURE_STATE, $1"; exit_10
;;
+ *) exit_code 10 "ERROR: selected_features: Invalid FEATURE_STATE, $1"
;;
esac
FEATURE_LIST="$(get_features)"
for FEATURE in $(echo $SELECTED_FEATURE_LIST | sed -e 's/,/ /g')
@@ -918,9 +909,7 @@
done
if (( INVALID_KEYWORDS )); then
echo
- echo "Valid keywords listed below. They are case sensitive."
- echo
- get_features
+ echo "Use -F for a list of valid feature keywords. Keywords are
case sensitive."
echo
exit_code 11
fi
@@ -943,9 +932,10 @@
fi
done
if (( INVALID_KEYWORDS )); then
+ echo
echo "Use -F for a list of valid feature keywords. Keywords are
case sensitive."
echo
- exit_11
+ exit_code 11
fi
}
@@ -961,7 +951,7 @@
echo " File encryption failed, aborting"
echo
gpg --list-keys
- exit_13
+ exit_code 13
fi
if (( VAR_OPTION_SILENT )); then
gpg --batch --yes --trust-model always --encrypt --recipient
"$VAR_OPTION_GPG_UID" $TARBALL &> /dev/null
@@ -969,7 +959,7 @@
if [ $ERR -ne 0 ]; then
echo "ERROR: gpg failed, RC=$ERR, aborting"
echo
- exit_13
+ exit_code 13
fi
else
if (( $VAR_OPTION_SBM )); then
@@ -988,7 +978,7 @@
if [ $ERR -ne 0 ]; then
echo "ERROR: gpg failed, RC=$ERR, aborting"
echo
- exit_13
+ exit_code 13
fi
ENCRYPTED_TARBALL=1
echo "Encrypted File: ${TARBALL}.gpg"
@@ -1151,7 +1141,7 @@
echo "ERROR: Unsupported upload service type:
${UPLOAD_SERVICE}"
echo
echo " Supported service types: ftp, scp"
- echo " Example URI:
ftp://ftp.novell.com/incoming";
+ echo " Example URI:
ftp://ftp.server.com/incoming";
echo
echo "
VAR_OPTION_UPLOAD_TARGET=\"${VAR_OPTION_UPLOAD_TARGET}\""
;;
@@ -1300,12 +1290,6 @@
xml_write 'sle_patchlevel' ''
fi
- if [[ -f /etc/novell-release ]]; then
- if grep -i open /etc/novell-release &>/dev/null; then
- xml_write 'oes_version' "$(sed -ne 's/VERSION = //p'
/etc/novell-release)"
- xml_write 'oes_patchlevel' "$(sed -ne 's/PATCHLEVEL =
//p' /etc/novell-release)"
- fi
- fi
echo '</summary>' >> $LOG/$XML_FILE
echo '<customer>' >> $LOG/$XML_FILE
test -n "$VAR_OPTION_CONTACT_COMPANY" && { xml_write 'company'
"$VAR_OPTION_CONTACT_COMPANY"; }
@@ -1336,7 +1320,7 @@
get_sles_ver() {
if [[ -s /etc/os-release ]]; then
VID=$(grep VERSION_ID /etc/os-release | cut -d\= -f2)
- echo "VID=$VID"
+# echo "VID=$VID"
VID=${VID//\"/}
SLES_VER=${VID//\./}
if (( ${#SLES_VER} < 3 )); then
@@ -1349,9 +1333,6 @@
else
SLES_VER=123
fi
- grep -i "open enterprise server" /etc/*release* &>/dev/null
- OESFOUND=$?
- (( OESFOUND < 1 )) && OPTION_OES=1
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/supportutils-3.1/man/supportconfig.8
new/supportutils-3.1/man/supportconfig.8
--- old/supportutils-3.1/man/supportconfig.8 2019-01-28 17:08:46.101872917
+0100
+++ new/supportutils-3.1/man/supportconfig.8 2019-02-19 11:34:41.315290448
+0100
@@ -1,4 +1,4 @@
-.TH SUPPORTCONFIG 8 "28 Dec 2018" "supportutils" "Support Utilities Manual"
+.TH SUPPORTCONFIG 8 "16 Feb 2019" "supportutils" "Support Utilities Manual"
.SH NAME
supportconfig - Gathers system troubleshooting information
.SH SYNOPSIS
@@ -159,7 +159,7 @@
Disable all plugin execution
.TP
\fB\-q\fR
-Add a unique identifier to the supportconfig tar ball filename. You usually do
not need this, as hostnames, date and times are unique enough within an
organization. However, when uploading to Novell or some other central public
repository, it is needed.
+Add a unique identifier to the supportconfig tar ball filename. You usually do
not need this, as hostnames, date and times are unique enough within an
organization. However, when uploading to SUSE or some other central public
repository, it is needed.
.TP
\fB\-r\fR \fIsrnum\fR
Includes the service request number in the basic-environment.txt file and the
tar ball filename. Use this option when uploading (-u) tar balls to SUSE.
@@ -188,7 +188,7 @@
.B Example:
.RE
.RS
-.B supportconfig -x aFSLIST,aEDIR,X,SMART
+.B supportconfig -x aFSLIST,X,SMART
.RE
.TP
\fB\-y\fR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/supportutils-3.1/man/supportconfig.conf.5
new/supportutils-3.1/man/supportconfig.conf.5
--- old/supportutils-3.1/man/supportconfig.conf.5 2019-01-28
17:08:46.101872917 +0100
+++ new/supportutils-3.1/man/supportconfig.conf.5 2019-02-19
11:34:41.315290448 +0100
@@ -1,4 +1,4 @@
-.TH SUPPORTCONFIG.CONF 5 "17 Oct 2018" "supportutils" "Support Utilities
Manual"
+.TH SUPPORTCONFIG.CONF 5 "16 Feb 2019" "supportutils" "Support Utilities
Manual"
.SH NAME
supportconfig.conf \-
.BR supportconfig (1)
@@ -175,9 +175,6 @@
OPTION_UP
Update client related information. \fBupdates.txt\fR (1)
.TP
-OPTION_UPD
-Update daemon related information. \fBupdates-daemon.txt\fR (1)
-.TP
OPTION_WEB
Web server and web related information. \fBweb.txt\fR (1)
.TP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/supportutils-3.1/spec/supportutils.changes
new/supportutils-3.1/spec/supportutils.changes
--- old/supportutils-3.1/spec/supportutils.changes 2019-01-30
16:47:09.985150420 +0100
+++ new/supportutils-3.1/spec/supportutils.changes 2019-02-19
11:34:41.335289881 +0100
@@ -1,4 +1,24 @@
-------------------------------------------------------------------
+Mon Feb 18 10:30:00 UTC 2019 - jason.rec...@suse.com
+
+- Corrected missed SUSE separation lines
+- Fixed invalid exit code commands (bsc#1125666)
+- CVE-2018-19640: supportutils: Users can kill arbitrary processes
+ (CVE-2018-19640 bsc#1118463)
+- User can overwrite arbitrary log files in support tar
+ (CVE-2018-19638 bsc#1118460)
+- Code execution if run with -v
+ (CVE-2018-19639 bsc#1118462)
+- Static temporary filename allows overwriting of files
+ (CVE-2018-19637 bsc#1117776)
+
+-------------------------------------------------------------------
+Fri Feb 15 14:58:41 UTC 2019 - jason.rec...@suse.com
+
+- Included additional SUSE separation (bsc#1125609)
+- Merged added listing of locked packes by zypper #41
+
+-------------------------------------------------------------------
Wed Jan 30 15:46:59 UTC 2019 - jason.rec...@suse.com
- Corrected spec file errors
