Author: mvidner
Date: Fri Jan 6 15:02:09 2012
New Revision: 67121
URL: http://svn.opensuse.org/viewcvs/yast?rev=67121&view=rev
Log:
create user-unreadable ifcfg files without a race (bnc#713661, CVE-2011-3177)
svn merge -c66766 http://svn.opensuse.org/svn/yast/branches/SuSE-Code-11-SP2-Branch/yast2
Modified:
trunk/yast2/ (props changed)
trunk/yast2/VERSION
trunk/yast2/library/network/src/NetworkInterfaces.ycp
trunk/yast2/package/yast2.changes
trunk/yast2/yast2.spec.in
Modified: trunk/yast2/VERSION
URL: http://svn.opensuse.org/viewcvs/yast/trunk/yast2/VERSION?rev=67121&r1=67120&r2=67121&view=diff
==============================================================================
--- trunk/yast2/VERSION (original)
+++ trunk/yast2/VERSION Fri Jan 6 15:02:09 2012
@@ -1 +1 @@
-2.22.0
+2.22.1
Modified: trunk/yast2/library/network/src/NetworkInterfaces.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/yast2/library/network/src/NetworkInterfaces.ycp?rev=67121&r1=67120&r2=67121&view=diff
==============================================================================
--- trunk/yast2/library/network/src/NetworkInterfaces.ycp (original)
+++ trunk/yast2/library/network/src/NetworkInterfaces.ycp Fri Jan 6 15:02:09 2012
@@ -750,9 +750,6 @@
});
Deleted = [];
- /* Devices with chmod=0600 */
- list<string> chmod = [];
-
/* write all devices */
maplist(string typ, map > devsmap, (map > >) Devs, {
maplist(string config, map devmap, devsmap, {
@@ -826,10 +823,9 @@
boolean has_key = find (string k, SensitiveFields,
``( devmap[k]:"" != "" )) != nil;
string file = "/etc/sysconfig/network/ifcfg-" + config;
- y2debug("Permission change: %1, %2", has_key, file);
if(has_key) {
- y2debug("CHANGED");
- chmod = add(chmod, file);
+ y2debug("Permission change: %1", config);
+ SCR::Write(add(.network.section_private, config), true);
}
if (OriginalDevices == nil) {
@@ -845,13 +841,6 @@
/* Finish him */
SCR::Write(.network, nil);
- /* CHMOD */
- y2debug("chmod=%1", chmod);
- maplist(string file, chmod, {
- y2debug("changing: %1", file);
- SCR::Execute(.target.bash, "/bin/chmod 0600 " + file);
- });
-
return true;
}
Modified: trunk/yast2/package/yast2.changes
URL: http://svn.opensuse.org/viewcvs/yast/trunk/yast2/package/yast2.changes?rev=67121&r1=67120&r2=67121&view=diff
==============================================================================
--- trunk/yast2/package/yast2.changes (original)
+++ trunk/yast2/package/yast2.changes Fri Jan 6 15:02:09 2012
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Fri Jan 6 14:56:00 CET 2012 - mvidner@suse.cz
+
+- create user-unreadable ifcfg files without a race (bnc#713661, CVE-2011-3177)
+- 2.22.1
+
+-------------------------------------------------------------------
Fri Jan 6 14:47:16 CET 2012 - mvidner@suse.cz
- Moved NetworkStorage from yast2.rpm to yast2-network.rpm
Modified: trunk/yast2/yast2.spec.in
URL: http://svn.opensuse.org/viewcvs/yast/trunk/yast2/yast2.spec.in?rev=67121&r1=67120&r2=67121&view=diff
==============================================================================
--- trunk/yast2/yast2.spec.in (original)
+++ trunk/yast2/yast2.spec.in Fri Jan 6 15:02:09 2012
@@ -12,8 +12,8 @@
# pre-requires for filling the sysconfig template (sysconfig.yast2)
PreReq: %fillup_prereq
-# float::tolstring builtin
-Requires: yast2-core >= 2.18.12
+# ag_ini section_private
+Requires: yast2-core >= 2.22.1
# Mod_UI
# new UI::OpenContextMenu
Requires: yast2-ycp-ui-bindings >= 2.18.4
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org