Hello community, here is the log from the commit of package acpid for openSUSE:11.4 checked in at Tue Mar 13 14:02:23 CET 2012. -------- --- old-versions/11.4/all/acpid/acpid.changes 2010-12-22 04:41:24.000000000 +0100 +++ 11.4/acpid/acpid.changes 2011-12-28 11:57:18.000000000 +0100 @@ -1,0 +2,6 @@ +Wed Dec 28 11:56:57 CET 2011 - hmacht@suse.de + +- add acpid-set-umask-for-scripts.patch: Set umask for running + scripts (bnc#735282, CVE-2011-4578) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/acpid Destination is old-versions/11.4/UPDATES/all/acpid calling whatdependson for 11.4-i586 New: ---- acpid-set-umask-for-scripts.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ acpid.spec ++++++ --- /var/tmp/diff_new_pack.12peqI/_old 2012-03-13 14:01:28.000000000 +0100 +++ /var/tmp/diff_new_pack.12peqI/_new 2012-03-13 14:01:28.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package acpid (Version 2.0.7) +# spec file for package acpid # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ Name: acpid Url: http://tedfelix.com/linux/acpid-netlink.html Version: 2.0.7 -Release: 1 +Release: 7.<RELEASE8> License: GPLv2+ Group: System/Daemons AutoReqProv: on @@ -37,6 +37,7 @@ Source7: power_button Source8: acpid.service Patch1: acpid-makefile.patch +Patch2: acpid-set-umask-for-scripts.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: %ix86 x86_64 ia64 @@ -60,6 +61,7 @@ %prep %setup -q %patch1 -p0 +%patch2 -p1 cp %{S:2} %{S:3} %{S:4} %{S:5} %{S:6} %{S:7} %{S:9} . %build ++++++ acpid-set-umask-for-scripts.patch ++++++ Index: acpid-2.0.7/event.c =================================================================== --- acpid-2.0.7.orig/event.c +++ acpid-2.0.7/event.c @@ -641,6 +641,7 @@ do_cmd_rule(struct rule *rule, const cha if (acpid_debug && logevents) { fprintf(stdout, "BEGIN HANDLER MESSAGES\n"); } + umask(0077); execl("/bin/sh", "/bin/sh", "-c", action, NULL); /* should not get here */ acpid_log(LOG_ERR, "execl(): %s\n", strerror(errno)); continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org