Hello community, here is the log from the commit of package sysvinit for openSUSE:Factory checked in at Wed Jul 27 18:30:12 CEST 2011. -------- --- sysvinit/sysvinit.changes 2011-07-26 14:13:52.000000000 +0200 +++ /mounts/work_src_done/STABLE/sysvinit/sysvinit.changes 2011-07-27 15:22:47.000000000 +0200 @@ -1,0 +2,11 @@ +Wed Jul 27 13:11:31 UTC 2011 - werner@suse.de + +- Add workaround for blowfish signedness bug (CVE-2011-2483) + +------------------------------------------------------------------- +Wed Jul 27 10:41:27 UTC 2011 - werner@suse.de + +- Sulogin: respect byte order that is do not mix chars and ints + (bnc#707724) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- sysvinit-2.88+dsf-blowfish.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sysvinit.spec ++++++ --- /var/tmp/diff_new_pack.G9Sblb/_old 2011-07-27 18:29:35.000000000 +0200 +++ /var/tmp/diff_new_pack.G9Sblb/_new 2011-07-27 18:29:35.000000000 +0200 @@ -29,7 +29,7 @@ Group: System/Base AutoReqProv: on Version: 2.88+ -Release: 54 +Release: 56 Summary: SysV-Style init BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: audit-devel libselinux-devel libsepol-devel pam-devel @@ -52,6 +52,7 @@ Patch5: sysvinit-2.88dsf-multiple-sulogin.patch Patch6: sysvinit-2.88+dsf-run.diff Patch7: sysvinit-2.88+dsf-crypt.patch +Patch8: sysvinit-2.88+dsf-blowfish.dif Patch20: powerd-2.0.2.dif Patch21: powerd-2.0.2-getaddrinfo.patch Patch30: killproc-2.19.dif @@ -95,6 +96,7 @@ %patch5 -p0 -b .sulogin %patch6 -p0 -b .run %patch7 -p0 -b .crypt +%patch8 -p0 -b .blowfish %patch pushd ../powerd-%{PDVER} %patch20 ++++++ sysvinit-2.88+dsf-blowfish.dif ++++++ --- src/consoles.h +++ src/consoles.h 2011-07-27 11:10:26.620613503 +0000 @@ -39,6 +39,7 @@ struct console { int fd, id; #define CON_SERIAL 0x0001 #define CON_NOTTY 0x0002 +#define CON_EIGHTBIT 0x1000 pid_t pid; struct chardata cp; struct termios tio; --- src/sulogin.c +++ src/sulogin.c 2011-07-27 13:10:16.791925602 +0000 @@ -635,6 +635,7 @@ char *getpasswd(struct console *con) ptr = &pass[0]; cp->eol = *ptr = '\0'; + con->flags &= ~CON_EIGHTBIT; eightbit = ((con->flags & CON_SERIAL) == 0 || (tty.c_cflag & (PARODD|PARENB)) == 0); while (cp->eol == '\0') { if (read(fd, &c, 1) < 1) { @@ -697,6 +698,8 @@ char *getpasswd(struct console *con) goto quit; } *ptr++ = ascval; + if (((unsigned char)ascval) & 0x80) + con->flags |= CON_EIGHTBIT; break; } } @@ -839,6 +842,30 @@ void usage(void) fprintf(stderr, "Usage: sulogin [-e] [-p] [-t timeout] [tty device]\n\r"); } +/* + * Wrapper for blowfish signedness bug (CVE-2011-2483) + */ + +static +int checkpw(const char *answer, const char *passwd, const struct console *con) +{ + char buf[64]; + + if (strcmp(crypt(answer, passwd), passwd) == 0) + return 1; + if (strncmp(passwd, "$2a$", 4) != 0) + return 0; + if ((con->flags & CON_EIGHTBIT) == 0) + return 0; + if (strlen(passwd) >= 64) + return 0; + + strncpy(buf, passwd, 64); + buf[2] = 'x'; + + return (strcmp(crypt(answer, buf), buf) == 0); +} + int main(int argc, char **argv) { char *tty = NULL; @@ -967,8 +994,7 @@ int main(int argc, char **argv) if ((answer = getpasswd(con)) == NULL) break; - if (passwd[0] == '\0' || - strcmp(crypt(answer, passwd), passwd) == 0) { + if (passwd[0] == '\0' || checkpw(answer, passwd, con)) { *usemask |= (1<<con->id); sushell(pwd); *usemask &= ~(1<<con->id); ++++++ sysvinit-2.88dsf-multiple-sulogin.patch ++++++ --- /var/tmp/diff_new_pack.G9Sblb/_old 2011-07-27 18:29:35.000000000 +0200 +++ /var/tmp/diff_new_pack.G9Sblb/_new 2011-07-27 18:29:35.000000000 +0200 @@ -503,9 +503,9 @@ + struct termios tty; + char *ret = pass; + unsigned char tc; -+ char ascval; ++ char c, ascval; + int eightbit; -+ int c, fd; ++ int fd; + + if (con->flags & CON_NOTTY) + goto out; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org