Hello community, here is the log from the commit of package logwatch for openSUSE:11.3 checked in at Mon Feb 28 17:27:34 CET 2011. -------- --- old-versions/11.3/all/logwatch/logwatch.changes 2010-05-10 12:23:20.000000000 +0200 +++ 11.3/logwatch/logwatch.changes 2011-02-25 12:59:25.000000000 +0100 @@ -1,0 +2,8 @@ +Fri Feb 25 12:36:14 CET 2011 - pth@suse.de + +- Add patch to fix the handling of special characters in log files + (CVE-2011-1018, bnc#674984). +- Make files in Logwatch_Dmeventd_Setup_Files tarball 644 and + repack with bzip2. + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.3/all/logwatch Destination is old-versions/11.3/UPDATES/all/logwatch calling whatdependson for 11.3-i586 Old: ---- Logwatch_Dmeventd_Setup_Files.tgz New: ---- Logwatch_Dmeventd_Setup_Files.tar.bz2 logwatch-CVE-2011-1018.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ logwatch.spec ++++++ --- /var/tmp/diff_new_pack.bRxvOa/_old 2011-02-28 17:27:20.000000000 +0100 +++ /var/tmp/diff_new_pack.bRxvOa/_new 2011-02-28 17:27:20.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package logwatch (Version 7.3.6) +# spec file for package logwatch # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,18 +21,19 @@ Name: logwatch Summary: Analyzes and Reports on system logs Version: 7.3.6 -Release: 68 +Release: 73.<RELEASE2> License: MIT License (or similar) Group: System/Monitoring Url: http://www.logwatch.org BuildArch: noarch Source0: logwatch-%{version}.tar.bz2 Source1: %{name}-rpmlintrc -Source2: Logwatch_Dmeventd_Setup_Files.tgz +Source2: Logwatch_Dmeventd_Setup_Files.tar.bz2 Patch0: logwatch-firewall.patch Patch1: logwatch-full_path_to_sendmail.patch Patch2: logwatch-timestamp_in_var.patch Patch3: logwatch-make_save_work.patch +Patch4: logwatch-CVE-2011-1018.patch Requires: perl textutils sh-utils grep mailx cron perl-Date-Manip BuildRequires: dos2unix BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -56,6 +57,7 @@ %patch1 %patch2 %patch3 +%patch4 dos2unix scripts/services/courier %build ++++++ logwatch-CVE-2011-1018.patch ++++++ Index: scripts/logwatch.pl =================================================================== --- scripts/logwatch.pl.orig 2011-02-25 12:30:40.934525836 +0100 +++ scripts/logwatch.pl 2011-02-25 12:34:45.979948361 +0100 @@ -845,6 +845,10 @@ foreach $LogFile (@LogFileList) { my $DestFile = $TempDir . $LogFile . "-archive"; my $Archive; foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) { + if ($Archive =~ /'/) { + print "File $Archive has invalid embedded quotes. File ignored.\n"; + next; + } my $CheckTime; # We need to find out what's the earliest log we need my @time_t = TimeBuild(); @@ -872,18 +876,18 @@ foreach $LogFile (@LogFileList) { #These system calls are not secure but we are getting closer #What needs to go is all the pipes and instead we need a command loop #For each filter to apply -mgt - my $arguments = "$Archive >> $DestFile"; + my $arguments = "'${Archive}' >> $DestFile"; system("$Config{'pathtozcat'} $arguments") == 0 or die "system $Config{'pathtozcat'} failed: $?" } elsif (($Archive =~ m/bz2$/) && (-f "$Archive")) { #These system calls are not secure but we are getting closer #What needs to go is all the pipes and instead we need a command loop #For each filter to apply -mgt - my $arguments = "$Archive 2>/dev/null >> $DestFile"; + my $arguments = "'${Archive}' 2>/dev/null >> $DestFile"; system("$Config{'pathtobzcat'} $arguments") == 0 or die "system $Config{'pathtobzcat'} failed: $?" - } elsif (-f "$Archive") { - my $arguments = "$Archive >> $DestFile"; + } elsif (-f "$Archive") && (-s "$Archive")) { + my $arguments = "'${Archive}' >> $DestFile"; system("$Config{'pathtocat'} $arguments") == 0 or die "system $Config{'pathtocat'} failed: $?" } #End if/elsif existence @@ -895,6 +899,10 @@ foreach $LogFile (@LogFileList) { foreach my $ThisFile (@FileList) { #Existence check for files -mgt next unless (-f $ThisFile); + if ($ThisFile =~ /'/) { + print "File $ThisFile has invalid embedded quotes. File ignored.\n"; + next; + } if (! -r $ThisFile) { print "File $ThisFile is not readable. Check permissions."; if ($> != 0) { @@ -903,7 +911,7 @@ foreach $LogFile (@LogFileList) { print "\n"; next; } - $FileText .= ($ThisFile . " "); + $FileText .= ("'" . $ThisFile . "' "); } #End foreach ThisFile # remove the ENV entries set by previous service ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org