Hello community, here is the log from the commit of package pptp checked in at Thu Nov 2 20:24:17 CET 2006. -------- --- pptp/pptp.changes 2006-10-23 19:45:24.000000000 +0200 +++ /mounts/work_src_done/STABLE/pptp/pptp.changes 2006-11-02 15:10:39.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Nov 2 15:09:53 CET 2006 - hvogel@suse.de + +- launder route variable in pptp-command (taint mode) [#214627] + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pptp.spec ++++++ --- /var/tmp/diff_new_pack.EBaoBi/_old 2006-11-02 20:24:13.000000000 +0100 +++ /var/tmp/diff_new_pack.EBaoBi/_new 2006-11-02 20:24:13.000000000 +0100 @@ -14,7 +14,7 @@ URL: http://pptpclient.sourceforge.net/ Summary: Point-to-Point Tunneling Protocol (PPTP) Client Version: 1.7.1 -Release: 1 +Release: 4 Source: %{name}-%{version}.tar.bz2 Source1: pptp-command Source2: options.pptp @@ -77,6 +77,8 @@ %attr(0755,root,root) /etc/pptp.d %changelog -n pptp +* Thu Nov 02 2006 - hvogel@suse.de +- launder route variable in pptp-command (taint mode) [#214627] * Mon Oct 23 2006 - hvogel@suse.de - update to version 1.7.1 * use prctl(2) to set process name ++++++ pptp-command ++++++ --- pptp/pptp-command 2002-11-11 11:39:44.000000000 +0100 +++ /mounts/work_src_done/STABLE/pptp/pptp-command 2006-11-02 15:08:52.000000000 +0100 @@ -792,6 +792,11 @@ $r = $1; $r =~ s/TUNNEL_DEV/$if/og; $r =~ s/DEF_GW/$gw/og; + # script runs in tainted mode, so $r has to be detaineted/laundered + # (funny thing is, it should be clean already ...) + # $r should be safe (see above: $safe_re) + $r =~ m/(.*)/; + $r = $1; die "route failed on $r" if system("/sbin/route $r"); #store the routes added in the lock file so they can be ripped down during stop. print "Route: $r added\n"; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org