rpm/fail2ban
SHA256
1
0
Fork 0
forked from pool/fail2ban
Code Pull Requests Activity

- Use /var/run/fail2ban instead of /tmp for temp files in

Browse Source 
actions: see bugs.debian.org/544232, bnc#690853,
  CVE-2009-5023

OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=11
This commit is contained in:
Stephan Kulow 2011-09-01 14:09:21 +00:00 committed by Git OBS Bridge
parent c313144d04
commit f2a704eb1b
3 changed files with 71 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
fail2ban.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Sep 1 14:07:28 UTC 2011 - coolo@suse.com
- Use /var/run/fail2ban instead of /tmp for temp files in
actions: see bugs.debian.org/544232, bnc#690853,
CVE-2009-5023
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 6 16:56:30 UTC 2011 - lchiquitto@novell.com Thu Jan 6 16:56:30 UTC 2011 - lchiquitto@novell.com

6
fail2ban.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package fail2ban (Version 0.8.4) # spec file for package fail2ban (Version 0.8.4)
# #
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -26,7 +26,7 @@ BuildRequires: python-devel
PreReq: %fillup_prereq PreReq: %fillup_prereq
AutoReqProv: on AutoReqProv: on
Version: 0.8.4 Version: 0.8.4
Release: 7 Release: 8
Url: http://www.fail2ban.org/ Url: http://www.fail2ban.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch BuildArch: noarch
@ -35,6 +35,7 @@ Source0: http://download.sourceforge.net/sourceforge/fail2ban/%{name}-%{v
Source1: %{name}.init Source1: %{name}.init
Source2: %{name}.sysconfig Source2: %{name}.sysconfig
Patch: fail2ban-0.8.2-fd_cloexec.patch Patch: fail2ban-0.8.2-fd_cloexec.patch
Patch1: fix-tmp-usage.diff
%description %description
Fail2ban scans log files like /var/log/messages and bans IP addresses Fail2ban scans log files like /var/log/messages and bans IP addresses
@ -53,6 +54,7 @@ Authors:
%setup %setup
perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd
%patch -p1 %patch -p1
%patch1 -p1
%build %build
export CFLAGS="$RPM_OPT_FLAGS" export CFLAGS="$RPM_OPT_FLAGS"

60
fix-tmp-usage.diff Normal file
View File

@ -0,0 +1,60 @@
From: yarikoptic <yarikoptic@a942ae1a-1317-0410-a47c-b1dcaea8d605>
Date: Wed, 23 Mar 2011 20:35:56 +0000 (+0000)
Subject: BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs...
X-Git-Tag: upstream/0.8.4+svn20110323^2~8
X-Git-Url: http://git.onerussian.com/?p=deb%2Ffail2ban.git;a=commitdiff_plain;h=ea7d352616b1e2232fcaa99b11807a86ce29ed8b
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see bugs.debian.org/544232
It should be robust since /var/run/fail2ban is guaranteed to exist to carry the
socket file, and it will be owned by root (or some other dedicated fail2ban
user) thus avoiding possibility for the exploit
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
index b80698b..8549a55 100644
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@@ -206,5 +206,5 @@ dest = reports@dshield.org
# Notes.: Base name of temporary files used for buffering
# Values: [ STRING ] Default: /tmp/fail2ban-dshield
#
-tmpfile = /tmp/fail2ban-dshield
+tmpfile = /var/run/fail2ban/tmp-dshield
diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
index 8a33d0e..6fd51d2 100644
--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@@ -81,7 +81,7 @@ lines = 5
# Default temporary file
#
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt
# Destination/Addressee of the mail
#
diff --git a/config/action.d/mynetwatchman.conf b/config/action.d/mynetwatchman.conf
index 15b91b1..f0e5515 100644
--- a/config/action.d/mynetwatchman.conf
+++ b/config/action.d/mynetwatchman.conf
@@ -141,4 +141,4 @@ mnwurl = http://mynetwatchman.com/insertwebreport.asp
# Notes.: Base name of temporary files
# Values: [ STRING ] Default: /tmp/fail2ban-mynetwatchman
#
-tmpfile = /tmp/fail2ban-mynetwatchman
+tmpfile = /var/run/fail2ban/tmp-mynetwatchman
diff --git a/config/action.d/sendmail-buffered.conf b/config/action.d/sendmail-buffered.conf
index de8166a..25a23b7 100644
--- a/config/action.d/sendmail-buffered.conf
+++ b/config/action.d/sendmail-buffered.conf
@@ -101,5 +101,5 @@ lines = 5
# Default temporary file
#
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt