From 986e548e28560e938a50e4185a66925449e57d922959d85ae12548b363340094 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20Mail=C3=A4nder?= Date: Thu, 9 Oct 2014 17:19:42 +0000 Subject: [PATCH] Accepting request 254842 from home:Futhorc:branches:shells Multiple security fixes, update to 2.1.1 OBS-URL: https://build.opensuse.org/request/show/254842 OBS-URL: https://build.opensuse.org/package/show/shells/fish?expand=0&rev=4 --- fish-2.1.0.tar.gz | 3 --- fish-2.1.1.tar.gz | 3 +++ fish.changes | 19 +++++++++++++++++++ fish.spec | 17 +++++++++-------- 4 files changed, 31 insertions(+), 11 deletions(-) delete mode 100644 fish-2.1.0.tar.gz create mode 100644 fish-2.1.1.tar.gz diff --git a/fish-2.1.0.tar.gz b/fish-2.1.0.tar.gz deleted file mode 100644 index 80c5f78..0000000 --- a/fish-2.1.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:af527af9d145df5675ca3031c1a87007d4f4753a1cde49da88f4eb883a1cf044 -size 1707921 diff --git a/fish-2.1.1.tar.gz b/fish-2.1.1.tar.gz new file mode 100644 index 0000000..a5885c8 --- /dev/null +++ b/fish-2.1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b7e4d3c3d55fc3859edcb20462fcf0d14ab26e920eddcd503072e8105284d924 +size 1681744 diff --git a/fish.changes b/fish.changes index 7244772..c1c0a9f 100644 --- a/fish.changes +++ b/fish.changes @@ -1,4 +1,23 @@ ------------------------------------------------------------------- +Thu Oct 9 12:05:02 UTC 2014 - seanpwatson@live.com + +- update to 2.1.1 +- The fish_config web interface now uses an authentication token +to protect requests and only responds to requests from the local +machine with this token, preventing a remote code execution attack +(closing CVE-2014-2914). +- psub and funced are no longer vulnerable to attacks which +allow local privilege escalation and data tampering (closing +CVE-2014-2906 and CVE-2014-3856) +- fishd uses a secure path for its socket, preventing a local +privilege escalation attack (closing CVE-2014-2905) +- __fish_print_packages is no longer vulnerable to attacks which +would allow local privilege escalation and data tampering +(closing CVE-2014-3219) +-fishd now ignores SIGPIPE, fixing crashes using tools like +GNU Parallel and which occurred more often as a result of +the other fishd changes. +------------------------------------------------------------------- Sat Oct 12 20:34:28 UTC 2013 - mailaender@opensuse.org - update to 2.1.0 diff --git a/fish.spec b/fish.spec index 80bb7be..6a1ec48 100644 --- a/fish.spec +++ b/fish.spec @@ -1,7 +1,7 @@ # # spec file for package fish # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,22 +15,23 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: fish -Version: 2.1.0 +Version: 2.1.1 Release: 0 +Summary: A user friendly interactive shell License: GPL-2.0 Group: System/Shells Url: http://fishshell.com/ Source: http://fishshell.com/files/%{version}/fish-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: doxygen BuildRequires: gcc-c++ BuildRequires: gettext BuildRequires: groff -BuildRequires: python BuildRequires: ncurses-devel -Summary: A user friendly interactive shell +BuildRequires: python +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description fish is a user friendly command line shell for UNIX-like operating systems such as Linux. @@ -47,7 +48,7 @@ autoconf make %{?_smp_mflags} %install -make install DESTDIR=%{buildroot} +make DESTDIR=%{buildroot} install %{?_smp_mflags} %find_lang %{name} %post @@ -60,7 +61,7 @@ fi # Remove fish from the list of allowed shells in /etc/shells if [ "$1" = 0 ]; then grep -v %{_bindir}/%{name} %{_sysconfdir}/shells >%{_sysconfdir}/%{name}.tmp - mv %{_sysconfdir}/%{name}.tmp %_sysconfdir/shells + mv %{_sysconfdir}/%{name}.tmp %{_sysconfdir}/shells fi %files -f %{name}.lang @@ -73,4 +74,4 @@ fi %{_datadir}/%{name}/tools %{_mandir}/man1/* -%changelog \ No newline at end of file +%changelog