The packages cyrus-sasl and cyrus-sasl-saslauthd are built

The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built The packages cyrus-sasl and cyrus-sasl-saslauthd are built The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built - CVE-2020-8032: cyrus-sasl: Local privilege escalation to root due to insecure tmp file usage. (bsc#1180669) Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary files. The packages cyrus-sasl and cyrus-sasl-saslauthd are built The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built OBS-URL: https://build.opensuse.org/package/show/network/cyrus-sasl?expand=0&rev=85
2021-02-12 13:02:10 +00:00 · 2021-02-12 13:02:10 +00:00 · c57fcb38e7
commit c57fcb38e7
parent d2795b2d59
7 changed files with 22 additions and 12 deletions
--- a/cyrus-sasl-bdb.changes
+++ b/cyrus-sasl-bdb.changes
@ -2,9 +2,9 @@
 Tue Dec  8 13:33:33 UTC 2020 - Peter Varkoly <varkoly@suse.com>

 - Remove Berkeley DB dependency (JIRA#SLE-12190)
-  The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build
+  The packages cyrus-sasl and cyrus-sasl-saslauthd are built
  without Berkely DB support. gdbm will be used instead of BDB.
-  The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build
+  The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
  with Berkely DB support.
 - Update to 2.1.27
  * Added support for OpenSSL 1.1
--- a/cyrus-sasl-bdb.spec
+++ b/cyrus-sasl-bdb.spec
@ -1,7 +1,7 @@
 #
 # spec file for package cyrus-sasl-bdb
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
--- a/cyrus-sasl-saslauthd-bdb.changes
+++ b/cyrus-sasl-saslauthd-bdb.changes
@ -2,9 +2,9 @@
 Tue Dec  8 13:33:33 UTC 2020 - Peter Varkoly <varkoly@suse.com>

 - Remove Berkeley DB dependency (JIRA#SLE-12190)
-  The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build
+  The packages cyrus-sasl and cyrus-sasl-saslauthd are built
  without Berkely DB support. gdbm will be used instead of BDB.
-  The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build
+  The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
  with Berkely DB support.
 - Update to 2.1.27
  * Added support for OpenSSL 1.1
--- a/cyrus-sasl-saslauthd-bdb.spec
+++ b/cyrus-sasl-saslauthd-bdb.spec
@ -1,7 +1,7 @@
 #
 # spec file for package cyrus-sasl-saslauthd-bdb
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
--- a/cyrus-sasl-saslauthd.spec
+++ b/cyrus-sasl-saslauthd.spec
@ -1,7 +1,7 @@
 #
 # spec file for package cyrus-sasl-saslauthd
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
--- a/cyrus-sasl.changes
+++ b/cyrus-sasl.changes
@ -1,10 +1,18 @@
+-------------------------------------------------------------------
+Fri Jan  8 11:32:42 UTC 2021 - Peter Varkoly <varkoly@suse.com>
+
+- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
+  due to insecure tmp file usage. (bsc#1180669)
+  Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
+  files.
+
 -------------------------------------------------------------------
 Tue Dec  8 13:33:33 UTC 2020 - Peter Varkoly <varkoly@suse.com>

 - Remove Berkeley DB dependency (JIRA#SLE-12190)
-  The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build
+  The packages cyrus-sasl and cyrus-sasl-saslauthd are built
  without Berkely DB support. gdbm will be used instead of BDB.
-  The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build
+  The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
  with Berkely DB support.
 - Update to 2.1.27
  * Added support for OpenSSL 1.1
--- a/cyrus-sasl.spec
+++ b/cyrus-sasl.spec
@ -1,7 +1,7 @@
 #
 # spec file for package cyrus-sasl
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -218,7 +218,7 @@ find "%buildroot" -type f -name "*.la" -print -delete
 #Convert password file from berkely into gdbm
 #In %pre the existing file will be dumped out
 if [ -e /etc/sasldb2 ]; then
-cat <<EOF > /tmp/saslpw.awk
+cat <<EOF > /var/adm/update-scripts/saslpw.awk
 {
        split(\$0,b,/\\\00/)
        if( b[3] == "userPassword" ) {
@ -233,7 +233,8 @@ cat <<EOF > /tmp/saslpw.awk
        }
 }
 EOF
-db_dump -p /etc/sasldb2 | gawk -f /tmp/saslpw.awk > /var/adm/update-scripts/saslpwd
+db_dump -p /etc/sasldb2 | gawk -f /var/adm/update-scripts/saslpw.awk > /var/adm/update-scripts/saslpwd
+rm -f /var/adm/update-scripts/saslpw.awk
 mv /etc/sasldb2 /etc/sasldb2-back
 fi

@ -241,6 +242,7 @@ fi
 if [ -e /var/adm/update-scripts/saslpwd ]; then
        chmod 755 /var/adm/update-scripts/saslpwd
        /var/adm/update-scripts/saslpwd
+	rm -f /var/adm/update-scripts/saslpwd
 fi

 %post   -n %lname -p /sbin/ldconfig