commit libcap for openSUSE:11.4
Hello community,
here is the log from the commit of package libcap for openSUSE:11.4
checked in at Fri Nov 4 15:10:15 CET 2011.
--- old-versions/11.4/all/libcap/libcap.changes 2010-12-02 15:48:24.0
+0100
+++ 11.4/libcap/libcap.changes 2011-11-02 11:41:47.0 +0100
@@ -1,0 +2,6 @@
+Wed Nov 2 11:41:28 CET 2011 - ti...@suse.de
+
+- Fix VUL-0: libcap2: capsh does not chdir after chroot
+ (CVE-2011-4099, bnc#727715)
+
+---
Package does not exist at destination yet. Using Fallback
old-versions/11.4/all/libcap
Destination is old-versions/11.4/UPDATES/all/libcap
calling whatdependson for 11.4-i586
New:
libcap-CVE-2011-4099.diff
Other differences:
--
++ libcap.spec ++
--- /var/tmp/diff_new_pack.WI2pTp/_old 2011-11-04 15:08:38.0 +0100
+++ /var/tmp/diff_new_pack.WI2pTp/_new 2011-11-04 15:08:38.0 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package libcap (Version 2.19)
+# spec file for package libcap
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -24,9 +24,10 @@
AutoReqProv:on
Summary:Library for Capabilities (linux-privs) Support
Version:2.19
-Release:1
+Release:9.
Source:
ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.bz2
Source2:baselibs.conf
+Patch: libcap-CVE-2011-4099.diff
#URL: http://www.kernel.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libattr-devel
@@ -91,6 +92,7 @@
%prep
%setup -q
+%patch -p1
%build
# lib=%{_lib} make %{?_smp_mflags} COPTFLAG="$RPM_OPT_FLAGS"
++ libcap-CVE-2011-4099.diff ++
>From af725c50c2930485947bd958dbdf984faf8fc1ba Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan"
Date: Sun, 24 Jul 2011 19:17:25 -0700
Subject: [PATCH] Change directory to "/" after --chroot operation.
Thanks to Steve Grubb for suggesting this. He wrote:
=
I was reviewing something recently and discovered a problem in capsh. The capsh
program has a --chroot command line option. Inspecting the code shows that it
does not
do a chdir("/") after calling chroot. This means that '.' is outside the chroot.
Additional info:
http://cwe.mitre.org/data/definitions/243.html
=
Signed-off-by: Andrew G. Morgan
---
progs/capsh.c |8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/progs/capsh.c
+++ b/progs/capsh.c
@@ -243,10 +243,16 @@
perror("unable to lower CAP_SYS_CHROOT");
exit(1);
}
+ /*
+* Given we are now in a new directory tree, its good practice
+* to start off in a sane location
+*/
+ status = chdir("/");
+
cap_free(orig);
if (status != 0) {
- fprintf(stderr, "Unable to chroot to [%s]", argv[i]+9);
+ fprintf(stderr, "Unable to chroot/chdir to [%s]", argv[i]+9);
exit(1);
}
} else if (!memcmp("--secbits=", argv[i], 10)) {
continue with "q"...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit empathy for openSUSE:11.4
Hello community,
here is the log from the commit of package empathy for openSUSE:11.4
checked in at Fri Nov 4 15:08:27 CET 2011.
--- old-versions/11.4/UPDATES/all/empathy/empathy.changes 2011-10-28
10:42:24.0 +0200
+++ 11.4/empathy/empathy.changes2011-11-01 05:27:41.0 +0100
@@ -1,0 +2,6 @@
+Tue Nov 1 04:23:29 UTC 2011 - sree...@suse.com
+
+- Update empathy-cve-2011-3635.patch to use escaped name
+ everywhere in theme_adium_append_message
+
+---
calling whatdependson for 11.4-i586
Other differences:
--
++ empathy.spec ++
--- /var/tmp/diff_new_pack.OTjHOE/_old 2011-11-04 15:05:49.0 +0100
+++ /var/tmp/diff_new_pack.OTjHOE/_new 2011-11-04 15:05:49.0 +0100
@@ -19,7 +19,7 @@
Name: empathy
Version:2.32.2
-Release:7.
+Release:7.
License:GPLv2+
Summary:Instant Messenger Client for GNOME, based on Telepathy
Url:http://live.gnome.org/Empathy
++ empathy-cve-2011-3635.patch ++
--- /var/tmp/diff_new_pack.OTjHOE/_old 2011-11-04 15:05:49.0 +0100
+++ /var/tmp/diff_new_pack.OTjHOE/_new 2011-11-04 15:05:49.0 +0100
@@ -11,19 +11,31 @@
const gchar *body;
const gchar *name;
const gchar *contact_id;
-@@ -599,8 +599,10 @@ theme_adium_append_message (EmpathyChatV
- }
+@@ -469,12 +469,13 @@ theme_adium_append_message (EmpathyChatV
+ body_escaped = theme_adium_parse_body (body);
+ name = empathy_contact_get_alias (sender);
+ contact_id = empathy_contact_get_id (sender);
++ name_escaped = g_markup_escape_text (name, -1);
+
+ /* If this is a /me, append an event */
+ if (empathy_message_get_tptype (msg) ==
TP_CHANNEL_TEXT_MESSAGE_TYPE_ACTION) {
+ gchar *str;
+
+- str = g_strdup_printf ("%s %s", name, body_escaped);
++ str = g_strdup_printf ("%s %s", name_escaped, body_escaped);
+ theme_adium_append_event_escaped (view, str);
+
+ g_free (str);
+@@ -600,7 +601,7 @@ theme_adium_append_message (EmpathyChatV
if (html != NULL) {
-+ name_escaped = g_markup_escape_text (name, -1);
-+
theme_adium_append_html (theme, func, html, len, body_escaped,
- avatar_filename, name, contact_id,
+ avatar_filename, name_escaped,
contact_id,
service_name, message_classes->str,
timestamp, is_backlog);
} else {
-@@ -616,6 +618,7 @@ theme_adium_append_message (EmpathyChatV
+@@ -616,6 +617,7 @@ theme_adium_append_message (EmpathyChatV
priv->last_is_backlog = is_backlog;
g_free (body_escaped);
continue with "q"...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libcap for openSUSE:11.3
Hello community,
here is the log from the commit of package libcap for openSUSE:11.3
checked in at Fri Nov 4 15:05:40 CET 2011.
--- old-versions/11.3/all/libcap/libcap.changes 2010-06-09 11:22:55.0
+0200
+++ 11.3/libcap/libcap.changes 2011-11-02 11:40:54.0 +0100
@@ -1,0 +2,6 @@
+Wed Nov 2 11:40:32 CET 2011 - ti...@suse.de
+
+- Fix VUL-0: libcap2: capsh does not chdir after chroot
+ (CVE-2011-4099, bnc#727715)
+
+---
Package does not exist at destination yet. Using Fallback
old-versions/11.3/all/libcap
Destination is old-versions/11.3/UPDATES/all/libcap
calling whatdependson for 11.3-i586
New:
libcap-CVE-2011-4099.diff
Other differences:
--
++ libcap.spec ++
--- /var/tmp/diff_new_pack.DZLrLN/_old 2011-11-04 15:02:46.0 +0100
+++ /var/tmp/diff_new_pack.DZLrLN/_new 2011-11-04 15:02:46.0 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package libcap (Version 2.16)
+# spec file for package libcap
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,10 +24,11 @@
AutoReqProv:on
Summary:Library for Capabilities (linux-privs) Support
Version:2.16
-Release:5
+Release:10.
Source:
ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.bz2
Source2:baselibs.conf
Patch: libcap-u64-typedef-fix.diff
+Patch1: libcap-CVE-2011-4099.diff
#URL: http://www.kernel.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libattr-devel
@@ -93,6 +94,7 @@
%prep
%setup -q
%patch -p1
+%patch1 -p1
%build
# lib=%{_lib} make %{?jobs:-j %jobs} COPTFLAG="$RPM_OPT_FLAGS"
++ libcap-CVE-2011-4099.diff ++
>From af725c50c2930485947bd958dbdf984faf8fc1ba Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan"
Date: Sun, 24 Jul 2011 19:17:25 -0700
Subject: [PATCH] Change directory to "/" after --chroot operation.
Thanks to Steve Grubb for suggesting this. He wrote:
=
I was reviewing something recently and discovered a problem in capsh. The capsh
program has a --chroot command line option. Inspecting the code shows that it
does not
do a chdir("/") after calling chroot. This means that '.' is outside the chroot.
Additional info:
http://cwe.mitre.org/data/definitions/243.html
=
Signed-off-by: Andrew G. Morgan
---
progs/capsh.c |8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/progs/capsh.c
+++ b/progs/capsh.c
@@ -243,10 +243,16 @@
perror("unable to lower CAP_SYS_CHROOT");
exit(1);
}
+ /*
+* Given we are now in a new directory tree, its good practice
+* to start off in a sane location
+*/
+ status = chdir("/");
+
cap_free(orig);
if (status != 0) {
- fprintf(stderr, "Unable to chroot to [%s]", argv[i]+9);
+ fprintf(stderr, "Unable to chroot/chdir to [%s]", argv[i]+9);
exit(1);
}
} else if (!memcmp("--secbits=", argv[i], 10)) {
continue with "q"...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit empathy for openSUSE:11.3
Hello community,
here is the log from the commit of package empathy for openSUSE:11.3
checked in at Fri Nov 4 15:02:32 CET 2011.
--- old-versions/11.3/UPDATES/all/empathy/empathy.changes 2011-10-28
10:38:20.0 +0200
+++ 11.3/empathy/empathy.changes2011-11-01 05:23:09.0 +0100
@@ -1,0 +2,6 @@
+Tue Nov 1 04:09:49 UTC 2011 - sree...@suse.com
+
+- Update empathy-cve-2011-3635.patch to use escaped name
+ everywhere in theme_adium_append_message
+
+---
calling whatdependson for 11.3-i586
Other differences:
--
++ empathy.spec ++
--- /var/tmp/diff_new_pack.djzMbx/_old 2011-11-04 15:01:24.0 +0100
+++ /var/tmp/diff_new_pack.djzMbx/_new 2011-11-04 15:01:24.0 +0100
@@ -21,7 +21,7 @@
Name: empathy
Url:http://live.gnome.org/Empathy
Version:2.30.1
-Release:3.
+Release:3.
# FIXME: 2.29.3 fails a parallel build, but a newer tarball should work since
the bug got fixed in gnome-doc-utils
License:GPLv2+
Summary:Instant Messenger Client for GNOME, based on Telepathy
++ empathy-cve-2011-3635.patch ++
--- /var/tmp/diff_new_pack.djzMbx/_old 2011-11-04 15:01:24.0 +0100
+++ /var/tmp/diff_new_pack.djzMbx/_new 2011-11-04 15:01:24.0 +0100
@@ -11,19 +11,31 @@
const gchar *body;
const gchar *name;
const gchar *contact_id;
-@@ -594,8 +594,10 @@ theme_adium_append_message (EmpathyChatV
- }
+@@ -464,12 +464,13 @@ theme_adium_append_message (EmpathyChatV
+ body_escaped = theme_adium_parse_body (body);
+ name = empathy_contact_get_name (sender);
+ contact_id = empathy_contact_get_id (sender);
++ name_escaped = g_markup_escape_text (name, -1);
+
+ /* If this is a /me, append an event */
+ if (empathy_message_get_tptype (msg) ==
TP_CHANNEL_TEXT_MESSAGE_TYPE_ACTION) {
+ gchar *str;
+
+- str = g_strdup_printf ("%s %s", name, body_escaped);
++ str = g_strdup_printf ("%s %s", name_escaped, body_escaped);
+ theme_adium_append_event_escaped (view, str);
+
+ g_free (str);
+@@ -595,7 +596,7 @@ theme_adium_append_message (EmpathyChatV
if (html != NULL) {
-+ name_escaped = g_markup_escape_text (name, -1);
-+
theme_adium_append_html (theme, func, html, len, body_escaped,
- avatar_filename, name, contact_id,
+ avatar_filename, name_escaped,
contact_id,
service_name, message_classes->str,
timestamp);
} else {
-@@ -611,6 +613,7 @@ theme_adium_append_message (EmpathyChatV
+@@ -611,6 +612,7 @@ theme_adium_append_message (EmpathyChatV
priv->last_is_backlog = is_backlog;
g_free (body_escaped);
continue with "q"...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit NetworkManager for openSUSE:11.4
Hello community,
here is the log from the commit of package NetworkManager for openSUSE:11.4
checked in at Fri Nov 4 10:44:27 CET 2011.
--- old-versions/11.4/UPDATES/all/NetworkManager/NetworkManager.changes
2011-10-21 09:56:45.0 +0200
+++ 11.4/NetworkManager/NetworkManager.changes 2011-11-03 09:33:40.0
+0100
@@ -1,0 +2,6 @@
+Thu Nov 3 08:32:20 UTC 2011 - g...@suse.com
+
+- Add nm-check-for-shared-wifi-authorization.patch to check whether
+ the shared wifi connection is authorized or not. (bnc#702016)
+
+---
calling whatdependson for 11.4-i586
New:
nm-check-for-shared-wifi-authorization.patch
Other differences:
--
++ NetworkManager.spec ++
--- /var/tmp/diff_new_pack.cXQCGd/_old 2011-11-04 10:44:11.0 +0100
+++ /var/tmp/diff_new_pack.cXQCGd/_new 2011-11-04 10:44:11.0 +0100
@@ -20,7 +20,7 @@
Name: NetworkManager
Url:http://www.gnome.org/projects/NetworkManager/
Version:0.8.2
-Release:15.
+Release:15.
License:GPLv2+
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: dbus-1-devel dbus-1-glib-devel gtk-doc intltool iptables
libgcrypt-devel libgudev-1_0-devel libiw-devel libnl-devel libtool
libuuid-devel mozilla-nss-devel polkit-devel ppp-devel
translation-update-upstream wireless-tools
@@ -55,6 +55,8 @@
Patch9: nm-settings-subject-match.patch
# PATCH-FIX-UPSTREAM nm-probe-ca-cert.patch bnc#574266 g...@suse.com -- Probe
the RADIUS server certificate
Patch10:nm-probe-ca-cert.patch
+# PATCH-FIX-UPSTREAM nm-check-for-shared-wifi-authorization.patch bnc#702016
g...@suse.com -- Check whether the shared wifi is authorized or not
+Patch11:nm-check-for-shared-wifi-authorization.patch
Requires: %{name}-glib = %{version}
Requires: dhcp-client
Requires: iproute2
@@ -134,6 +136,7 @@
%patch8 -p1
%patch9 -p1
%patch10 -p1
+%patch11 -p1
translation-update-upstream
%build
++ nm-check-for-shared-wifi-authorization.patch ++
>From f5dac84c35dc690cfcf025884c10945ac1006e9f Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Wed, 26 Oct 2011 16:08:52 +0800
Subject: [PATCH] check for authorization when activating shared wifi connections
Based on
core: check for authorization when activating shared wifi connections
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=NM_0_8&id=e7273c1609ac267e1d77ff03c97c8929f15e3737
policy: don't auto-activate unauthorized shared wifi connections
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=NM_0_8&id=287fe10c40ae9b90ce703b79f3479b755f0956c0
core: adjust shared wifi connections permission handling for a few cases
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=NM_0_8&id=e5085f950730b1e2e68645231e2042127c29a82e
---
src/nm-manager-auth.c |6 +
src/nm-manager-auth.h |4 +
src/nm-manager.c | 272 +++-
src/nm-manager.h |4 +-
src/nm-policy.c |8 +-
5 files changed, 193 insertions(+), 101 deletions(-)
diff --git a/src/nm-manager-auth.c b/src/nm-manager-auth.c
index 44c82c2..246fa95 100644
--- a/src/nm-manager-auth.c
+++ b/src/nm-manager-auth.c
@@ -142,6 +142,12 @@ nm_auth_chain_get_data (NMAuthChain *self, const char *tag)
return tmp ? tmp->data : NULL;
}
+NMAuthCallResult
+nm_auth_chain_get_result (NMAuthChain *chain, const char *permission)
+{
+ return GPOINTER_TO_UINT (nm_auth_chain_get_data (chain, permission));
+}
+
void
nm_auth_chain_set_data (NMAuthChain *self,
const char *tag,
diff --git a/src/nm-manager-auth.h b/src/nm-manager-auth.h
index 6682f91..dde084a 100644
--- a/src/nm-manager-auth.h
+++ b/src/nm-manager-auth.h
@@ -33,6 +33,8 @@
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN
"org.freedesktop.NetworkManager.enable-disable-wwan"
#define NM_AUTH_PERMISSION_USE_USER_CONNECTIONS
"org.freedesktop.NetworkManager.use-user-connections"
#define NM_AUTH_PERMISSION_NETWORK_CONTROL
"org.freedesktop.NetworkManager.network-control"
+#define NM_AUTH_PERMISSION_WIFI_SHARE_OPEN
"org.freedesktop.network-manager-settings.system.wifi.share.open"
+#define NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED
"org.freedesktop.network-manager-settings.system.wifi.share.protected"
typedef struct NMAuthChain NMAuthChain;
@@ -68,6 +70,8 @@ NMAuthChain *nm_auth_chain_new_raw_message (PolkitAuthority
*authority,
gpointer nm_auth_chain_get_data (NMAuthChain *chain, const char *tag);
+NMAuthCallResult nm_auth_chain_get_result (NMAuthChain *chain, const char
*permission);
+
void nm_auth_chain_set_data (NMAuthChain *chain,
const char *tag,
gpointer data,
diff --git a/src/nm-manager.c b/s
commit NetworkManager for openSUSE:11.3
Hello community,
here is the log from the commit of package NetworkManager for openSUSE:11.3
checked in at Fri Nov 4 10:44:05 CET 2011.
--- old-versions/11.3/UPDATES/all/NetworkManager/NetworkManager.changes
2011-10-25 05:34:27.0 +0200
+++ 11.3/NetworkManager/NetworkManager.changes 2011-11-01 07:35:34.0
+0100
@@ -1,0 +2,6 @@
+Tue Nov 1 06:31:41 UTC 2011 - g...@suse.com
+
+- Add nm-check-for-shared-wifi-authorization.patch to check whether
+ the shared wifi connection is authorized or not. (bnc#702016)
+
+---
calling whatdependson for 11.3-i586
New:
nm-check-for-shared-wifi-authorization.patch
Other differences:
--
++ NetworkManager.spec ++
--- /var/tmp/diff_new_pack.3Zi5vN/_old 2011-11-04 10:43:32.0 +0100
+++ /var/tmp/diff_new_pack.3Zi5vN/_new 2011-11-04 10:43:32.0 +0100
@@ -20,7 +20,7 @@
Name: NetworkManager
Url:http://www.gnome.org/projects/NetworkManager/
Version:0.8
-Release:8.
+Release:8.
#Release:8.
License:GPLv2+
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -47,6 +47,8 @@
Patch4: nm-settings-subject-match.patch
# PATCH-FIX-UPSTREAM nm-probe-ca-cert.patch bnc#574266 g...@suse.com -- Probe
the RADIUS server certificate
Patch5: nm-probe-ca-cert.patch
+# PATCH-FIX-UPSTREAM nm-check-for-shared-wifi-authorization.patch bnc#702016
g...@suse.com -- Check whether the shared wifi is authorized or not
+Patch6: nm-check-for-shared-wifi-authorization.patch
Requires: dhcp-client
Requires: iproute2
Requires: iputils
@@ -118,12 +120,14 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
translation-update-upstream
%build
pppddir=`ls -1d /usr/%_lib/pppd/2*`
test -n "$pppddir" || exit 1
export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
+autoreconf -f -i
%configure\
--libexecdir=%{_prefix}/lib/NetworkManager\
--disable-static\
++ nm-check-for-shared-wifi-authorization.patch ++
1688 lines (skipped)
continue with "q"...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
