Hello community,
here is the log from the commit of package sysconfig for openSUSE:12.1:Update:Test checked in at 2011-12-19 18:24:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1:Update:Test/sysconfig (Old)
and /work/SRC/openSUSE:12.1:Update:Test/.sysconfig.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sysconfig", Maintainer is "mt@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:12.1:Update:Test/sysconfig/sysconfig.changes 2011-12-19 18:24:18.000000000 +0100
+++ /work/SRC/openSUSE:12.1:Update:Test/.sysconfig.new/sysconfig.changes 2011-12-19 18:24:18.000000000 +0100
@@ -1,0 +2,11 @@
+Mon Dec 19 09:41:09 UTC 2011 - mt@suse.com
+
+- Fixed to quote config / interface variables in ifservices script
+ and cleaned up content of the ESSID which gets appended to them
+ by NetworkManager dispatcher hook (bnc#735394, CVE-2011-4182).
+ Fixed also to return proper exit code 0 in NM dispatcher hooks.
+- Changed to call ip addr flush in ifdown, but after ip link set
+ down as it does not cause ipv6 sysctl tree side effects then
+ at least with more recent kernels (bnc#580018,bnc#559170).
+
+------------------------------------------------------------------
Old:
----
sysconfig-nm-online-timeout-0-default.patch
New:
----
0001-sysconfig-nm-online-timeout-0-default.patch
0002-Fixed-order-of-addr-flush-and-link-down-in-ifdown.patch
0003-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sysconfig.spec ++++++
--- /var/tmp/diff_new_pack.JzMu8m/_old 2011-12-19 18:24:19.000000000 +0100
+++ /var/tmp/diff_new_pack.JzMu8m/_new 2011-12-19 18:24:19.000000000 +0100
@@ -15,24 +15,23 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
-
Name: sysconfig
Version: 0.75.4
Release: 0
Summary: The sysconfig scheme and traditional network scripts
-Url: http://gitorious.org/opensuse/sysconfig
+License: GPL-2.0+
Group: System/Base
-License: GPLv2+
-AutoReqProv: on
+Url: http://gitorious.org/opensuse/sysconfig
PreReq: %fillup_prereq %insserv_prereq textutils fileutils gawk sed grep
# we may create these automatically from rpm later
Provides: sysvinit(network)
Requires: iproute2 dbus-1 procps
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Source: %name-%version.tar.bz2
-Patch1: sysconfig-nm-online-timeout-0-default.patch
+Patch1: 0001-sysconfig-nm-online-timeout-0-default.patch
+Patch2: 0002-Fixed-order-of-addr-flush-and-link-down-in-ifdown.patch
+Patch3: 0003-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch
%description
This package provides the SuSE system configuration scheme and
@@ -53,6 +52,8 @@
%prep
%setup -n sysconfig-%{version}
%patch1 -p1
+%patch2 -p1
+%patch3 -p1
%build
autoreconf --force --install
++++++ 0001-sysconfig-nm-online-timeout-0-default.patch ++++++
From 578a4f46906883e376ec36261bdaee4e823421da Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski
Date: Mon, 10 Oct 2011 13:13:49 +0200
Subject: [PATCH] Changed NM_ONLINE_TIMEOUT default to 0
Changed NM_ONLINE_TIMEOUT default back to 0 to avoid
unneeded waiting for NM interfaces at boot (bnc#722304)
Signed-off-by: Marius Tomaschewski
---
config/sysconfig.config-network | 4 ++--
sysconfig.spec.in | 18 ------------------
2 files changed, 2 insertions(+), 20 deletions(-)
diff --git a/config/sysconfig.config-network b/config/sysconfig.config-network
index 1f8d05a..38e3eb1 100644
--- a/config/sysconfig.config-network
+++ b/config/sysconfig.config-network
@@ -226,7 +226,7 @@ IFPLUGD_OPTIONS="-f -I -b"
NETWORKMANAGER=no
## Type: int
-## Default: 30
+## Default: 0
#
# When using NetworkManager you may define a timeout to wait for NetworkManager
# to connect in /etc/init.d/network(-remotefs) script. Other network services
@@ -234,7 +234,7 @@ NETWORKMANAGER=no
#
# This variable has no effect if NETWORKMANAGER=no.
#
-NM_ONLINE_TIMEOUT="30"
+NM_ONLINE_TIMEOUT="0"
## Type: string
## Default: "dns-resolver dns-bind ntp-runtime nis"
diff --git a/sysconfig.spec.in b/sysconfig.spec.in
index f559763..b64d677 100644
--- a/sysconfig.spec.in
+++ b/sysconfig.spec.in
@@ -119,13 +119,6 @@ if [ ${1:-0} -gt 1 ]; then
if [ ! -f etc/sysconfig/network/scripts/move_shm_sysconfig.sh ] ; then
touch etc/sysconfig/network/__move_shm_sysconfig__
fi
- # set a mark when updating from NM_ONLINE_TIMEOUT=0
- eval NM_ONLINE_TIMEOUT='' \
- `grep -s '^[[:space:]]*NM_ONLINE_TIMEOUT=' \
- var/adm/fillup-templates/sysconfig.config-network`
- if [ "x$NM_ONLINE_TIMEOUT" = "x0" ] ; then
- touch etc/sysconfig/network/__nm_online_timeout__
- fi
fi
%post
@@ -142,17 +135,6 @@ fi
#
%{fillup_and_insserv -fY network}
%{fillup_and_insserv -fY network-remotefs}
-# remove first, we need the new default value
-sysconfig_remove_and_set network/dhcp DHCLIENT_TIMEOUT
-# remove first when NM_ONLINE_TIMEOUT was 0 in old template
-if [ -f etc/sysconfig/network/__nm_online_timeout__ ] ; then
- rm -f etc/sysconfig/network/__nm_online_timeout__
- eval NM_ONLINE_TIMEOUT='' \
- `grep -s '^[[:space:]]*NM_ONLINE_TIMEOUT=' \
- etc/sysconfig/network/config`
- [ "x$NM_ONLINE_TIMEOUT" = "x0" ] && \
- sysconfig_remove_and_set network/config NM_ONLINE_TIMEOUT
-fi
%{fillup_only -dns dhcp network network}
%{fillup_only -dns config network network}
/sbin/ldconfig
--
1.7.3.4
++++++ 0002-Fixed-order-of-addr-flush-and-link-down-in-ifdown.patch ++++++
From d844f0ceb913a60e2c88b1097c98aa0b4486288f Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski
Date: Fri, 18 Nov 2011 13:47:26 +0100
Subject: [PATCH] Fixed order of addr flush and link down in ifdown
Changed the order of ip addr flush and ip link set down calls
in ifdown as it does not trigger the ipv6 sysctl tree removal
(bnc#580018,bnc#559170).
Signed-off-by: Marius Tomaschewski
---
scripts/ifup | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/ifup b/scripts/ifup
index bd6e83a..409a925 100755
--- a/scripts/ifup
+++ b/scripts/ifup
@@ -949,8 +949,8 @@ case "$BOOTPROTO$SKIP_MAIN_PART" in
# Calling 'ip' if there is no interface (ifdown called from udev for
# remove event) would trigger automatic module loading (Bug 199456)
if [ -d /sys/class/net/$INTERFACE ] ; then
- ip addr flush dev $INTERFACE &>/dev/null
ip link set dev $INTERFACE down &>/dev/null
+ ip addr flush dev $INTERFACE &>/dev/null
fi
retcode=0 # $?
;;
@@ -1134,8 +1134,8 @@ case "$BOOTPROTO$SKIP_MAIN_PART" in
# Calling 'ip' if there is no interface (ifdown called from udev for
# remove event) would trigger automatic module loading (Bug 199456)
if [ -d /sys/class/net/$INTERFACE ] ; then
- ip addr flush dev $INTERFACE &>/dev/null
ip link set dev $INTERFACE down &>/dev/null
+ ip addr flush dev $INTERFACE &>/dev/null
fi
retcode=0 # $?
;;
--
1.7.3.4
++++++ 0003-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch ++++++
From 74f224c74c2c463365b0d39c14117870ce5776d5 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski
Date: Fri, 16 Dec 2011 16:03:15 +0100
Subject: [PATCH] CVE-2011-4182 - fixed quoting in ifservices script
Fixed to quote config / interface variables in ifservices script
and cleaned up content of the ESSID which gets appended to them
by NetworkManager dispatcher hook (bnc#735394, CVE-2011-4182).
Fixed also to return proper exit code 0 in NM dispatcher hooks.
Signed-off-by: Marius Tomaschewski
---
scripts/ifup-services | 10 +++++-----
scripts/netcontrol_services | 6 ++++--
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/scripts/ifup-services b/scripts/ifup-services
index 2047d34..8a3b083 100755
--- a/scripts/ifup-services
+++ b/scripts/ifup-services
@@ -95,15 +95,15 @@ done
######################################################################
# check presence of configuration file and source it
#
-test -f ./ifcfg-$CONFIG && . ./ifcfg-$CONFIG
+test -f "./ifcfg-$CONFIG" && . "./ifcfg-$CONFIG"
if [ -d "ifservices-$CONFIG" ] ; then
- cd ifservices-$CONFIG
+ cd "ifservices-$CONFIG"
elif [ -d "ifservices-$INTERFACE" ] ; then
- cd ifservices-$INTERFACE
+ cd "ifservices-$INTERFACE"
elif [ -d "ifservices-${INTERFACE%%-*}" ] ; then
- cd ifservices-${INTERFACE%%-*}
+ cd "ifservices-${INTERFACE%%-*}"
elif [ -d "ifservices" ] ; then
- cd ifservices
+ cd "ifservices"
else
debug "No services to handle for '$CONFIG $INTERFACE'"
exit 0
diff --git a/scripts/netcontrol_services b/scripts/netcontrol_services
index 928f466..d0a55b7 100755
--- a/scripts/netcontrol_services
+++ b/scripts/netcontrol_services
@@ -28,10 +28,12 @@
# Note that services are stopped always _after_ the interface is down. Stopping
# services earlier would require a change in NetworkManager itself.
-cd /etc/sysconfig/network/ || exit
+cd /etc/sysconfig/network/ || exit 0
test -r ./config && . ./config
test -r scripts/functions && . scripts/functions
-E="`iwconfig ${1} 2>/dev/null | sed -n 's/^.*ESSID:\"\([^\"]*\)\".*$/\1/p'`"
+E=`iwconfig "${1}" 2>/dev/null | \
+ sed -n 's/^.*ESSID:\"\([^\"]*\)\".*$/\1/p' | \
+ sed -e 's/[^abcdefghijklmnopqrstuvwxyz0123456789=._-]/_/gi'`
info_mesg "calling 'if${2}-services ${1}${E:+-$E}'"
scripts/if${2}-services "${1}${E:+-$E}"
--
1.7.3.4
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org