Hello community, here is the log from the commit of package acpid for openSUSE:12.1:Update:Test checked in at 2012-01-05 16:50:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/acpid (Old) and /work/SRC/openSUSE:12.1:Update:Test/.acpid.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "acpid", Maintainer is "hmacht@suse.com" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/acpid/acpid.changes 2012-01-05 16:50:09.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.acpid.new/acpid.changes 2012-01-05 16:50:09.000000000 +0100 @@ -1,0 +2,6 @@ +Wed Dec 28 11:53:54 CET 2011 - hmacht@suse.de + +- add acpid-set-umask-for-scripts.patch: Set umask for running + scripts (bnc#735282, CVE-2011-4578) + +------------------------------------------------------------------- New: ---- acpid-set-umask-for-scripts.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ acpid.spec ++++++ --- /var/tmp/diff_new_pack.Ry1m51/_old 2012-01-05 16:50:09.000000000 +0100 +++ /var/tmp/diff_new_pack.Ry1m51/_new 2012-01-05 16:50:09.000000000 +0100 @@ -35,6 +35,7 @@ Source7: power_button Source8: acpid.service Patch1: acpid-makefile.patch +Patch2: acpid-set-umask-for-scripts.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: systemd ExclusiveArch: %ix86 x86_64 ia64 @@ -51,6 +52,7 @@ %prep %setup -q %patch1 -p0 +%patch2 -p1 cp %{S:2} %{S:3} %{S:4} %{S:5} %{S:6} %{S:7} %{S:9} . %build ++++++ acpid-set-umask-for-scripts.patch ++++++ Index: acpid-2.0.10/event.c =================================================================== --- acpid-2.0.10.orig/event.c +++ acpid-2.0.10/event.c @@ -641,6 +641,7 @@ do_cmd_rule(struct rule *rule, const cha if (acpid_debug && logevents) { fprintf(stdout, "BEGIN HANDLER MESSAGES\n"); } + umask(0077); execl("/bin/sh", "/bin/sh", "-c", action, NULL); /* should not get here */ acpid_log(LOG_ERR, "execl(): %s", strerror(errno)); -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org