Hello community,
here is the log from the commit of package fail2ban for openSUSE:11.4
checked in at Wed Oct 19 16:27:02 CEST 2011.
--------
--- old-versions/11.4/all/fail2ban/fail2ban.changes 2011-01-06 17:59:53.000000000 +0100
+++ 11.4/fail2ban/fail2ban.changes 2011-09-01 16:09:20.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Sep 1 14:07:28 UTC 2011 - coolo@suse.com
+
+- Use /var/run/fail2ban instead of /tmp for temp files in
+ actions: see bugs.debian.org/544232, bnc#690853,
+ CVE-2009-5023
+
+-------------------------------------------------------------------
Package does not exist at destination yet. Using Fallback old-versions/11.4/all/fail2ban
Destination is old-versions/11.4/UPDATES/all/fail2ban
calling whatdependson for 11.4-i586
New:
----
fix-tmp-usage.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ fail2ban.spec ++++++
--- /var/tmp/diff_new_pack.1jDGut/_old 2011-10-19 16:18:46.000000000 +0200
+++ /var/tmp/diff_new_pack.1jDGut/_new 2011-10-19 16:18:46.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package fail2ban (Version 0.8.4)
+# spec file for package fail2ban
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -26,7 +26,7 @@
PreReq: %fillup_prereq
AutoReqProv: on
Version: 0.8.4
-Release: 8
+Release: 11.<RELEASE12>
Url: http://www.fail2ban.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
@@ -35,6 +35,7 @@
Source1: %{name}.init
Source2: %{name}.sysconfig
Patch: fail2ban-0.8.2-fd_cloexec.patch
+Patch1: fix-tmp-usage.diff
%description
Fail2ban scans log files like /var/log/messages and bans IP addresses
@@ -53,6 +54,7 @@
%setup
perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd
%patch -p1
+%patch1 -p1
%build
export CFLAGS="$RPM_OPT_FLAGS"
++++++ fix-tmp-usage.diff ++++++
From: yarikoptic
Date: Wed, 23 Mar 2011 20:35:56 +0000 (+0000)
Subject: BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs...
X-Git-Tag: upstream/0.8.4+svn20110323^2~8
X-Git-Url: http://git.onerussian.com/?p=deb%2Ffail2ban.git;a=commitdiff_plain;h=ea7d352...
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see bugs.debian.org/544232
It should be robust since /var/run/fail2ban is guaranteed to exist to carry the
socket file, and it will be owned by root (or some other dedicated fail2ban
user) thus avoiding possibility for the exploit
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@... a942ae1a-1317-0410-a47c-b1dcaea8d605
---
diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
index b80698b..8549a55 100644
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@@ -206,5 +206,5 @@ dest = reports@dshield.org
# Notes.: Base name of temporary files used for buffering
# Values: [ STRING ] Default: /tmp/fail2ban-dshield
#
-tmpfile = /tmp/fail2ban-dshield
+tmpfile = /var/run/fail2ban/tmp-dshield
diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
index 8a33d0e..6fd51d2 100644
--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@@ -81,7 +81,7 @@ lines = 5
# Default temporary file
#
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt
# Destination/Addressee of the mail
#
diff --git a/config/action.d/mynetwatchman.conf b/config/action.d/mynetwatchman.conf
index 15b91b1..f0e5515 100644
--- a/config/action.d/mynetwatchman.conf
+++ b/config/action.d/mynetwatchman.conf
@@ -141,4 +141,4 @@ mnwurl = http://mynetwatchman.com/insertwebreport.asp
# Notes.: Base name of temporary files
# Values: [ STRING ] Default: /tmp/fail2ban-mynetwatchman
#
-tmpfile = /tmp/fail2ban-mynetwatchman
+tmpfile = /var/run/fail2ban/tmp-mynetwatchman
diff --git a/config/action.d/sendmail-buffered.conf b/config/action.d/sendmail-buffered.conf
index de8166a..25a23b7 100644
--- a/config/action.d/sendmail-buffered.conf
+++ b/config/action.d/sendmail-buffered.conf
@@ -101,5 +101,5 @@ lines = 5
# Default temporary file
#
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt
continue with "q"...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org