r20046 - in /desktop/unstable/system-tools-backends/debian: changelog patches/08_use_md5.patch patches/09_check_etc_timezone.patch patches/series

joss at users.alioth.debian.org joss at users.alioth.debian.org
Wed May 20 09:48:44 UTC 2009


Author: joss
Date: Wed May 20 09:48:44 2009
New Revision: 20046

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=20046
Log:
* 09_check_etc_timezone.patch: patch from Ubuntu. Use /etc/timezone to 
* Security NMU.
* Fix CVE-2008-6792 "limiting effective password length to 8 characters"
  and another related bug in do_get_use_md5(). Closes: #527952.

Added:
    desktop/unstable/system-tools-backends/debian/patches/08_use_md5.patch
    desktop/unstable/system-tools-backends/debian/patches/09_check_etc_timezone.patch
Modified:
    desktop/unstable/system-tools-backends/debian/changelog
    desktop/unstable/system-tools-backends/debian/patches/series

Modified: desktop/unstable/system-tools-backends/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/changelog?rev=20046&op=diff
==============================================================================
--- desktop/unstable/system-tools-backends/debian/changelog (original)
+++ desktop/unstable/system-tools-backends/debian/changelog Wed May 20 09:48:44 2009
@@ -1,9 +1,17 @@
 system-tools-backends (2.6.0-7) UNRELEASED; urgency=low
 
-  * 08_check_etc_timezone.patch: patch from Ubuntu. Use /etc/timezone to 
+  * 09_check_etc_timezone.patch: patch from Ubuntu. Use /etc/timezone to 
     obtain time zone. Closes: #526940.
 
  -- Josselin Mouette <joss at debian.org>  Mon, 04 May 2009 17:58:31 +0200
+
+system-tools-backends (2.6.0-6.1) unstable; urgency=high
+
+  * Security NMU.
+  * Fix CVE-2008-6792 "limiting effective password length to 8 characters"
+    and another related bug in do_get_use_md5(). Closes: #527952.
+
+ -- Jan Christoph Nordholz <hesso at pool.math.tu-berlin.de>  Mon, 18 May 2009 17:55:01 +0200
 
 system-tools-backends (2.6.0-6) unstable; urgency=low
 

Added: desktop/unstable/system-tools-backends/debian/patches/08_use_md5.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/patches/08_use_md5.patch?rev=20046&op=file
==============================================================================
--- desktop/unstable/system-tools-backends/debian/patches/08_use_md5.patch (added)
+++ desktop/unstable/system-tools-backends/debian/patches/08_use_md5.patch Wed May 20 09:48:44 2009
@@ -1,0 +1,23 @@
+Add fix for CVE 2008-6792 and another related bug in do_get_use_md5().
+
+ -- James Westby <james.westby at canonical.com>
+ -- Jan Christoph Nordholz <hesso at pool.math.tu-berlin.de>
+
+--- system-tools-backends-2.6.0.orig/Users/Users.pm	2008-03-09 13:21:45.000000000 +0000
++++ system-tools-backends-2.6.0/Users/Users.pm	2009-05-18 15:41:15.246049271 +0000
+@@ -286,13 +286,14 @@
+ 
+     if ($line[0] eq "\@include")
+     {
+-      $use_md5 = &do_get_use_md5 ($line[1]);
++      $use_md5 |= &do_get_use_md5 ($line[1]);
+     }
+     elsif ($line[0] eq "password")
+     {
+       foreach $i (@line)
+       {
+         $use_md5 = 1 if ($i eq "md5");
++        $use_md5 = 1 if ($i =~ /^sha\d+/);
+       }
+     }
+   }

Added: desktop/unstable/system-tools-backends/debian/patches/09_check_etc_timezone.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/patches/09_check_etc_timezone.patch?rev=20046&op=file
==============================================================================
--- desktop/unstable/system-tools-backends/debian/patches/09_check_etc_timezone.patch (added)
+++ desktop/unstable/system-tools-backends/debian/patches/09_check_etc_timezone.patch Wed May 20 09:48:44 2009
@@ -1,0 +1,20 @@
+Index: system-tools-backends-2.6.0/Time/TimeDate.pm
+===================================================================
+--- system-tools-backends-2.6.0.orig/Time/TimeDate.pm	2009-05-04 10:59:40.000000000 -0400
++++ system-tools-backends-2.6.0/Time/TimeDate.pm	2009-05-04 11:01:13.000000000 -0400
+@@ -200,13 +200,12 @@
+    {
+      fn =>
+      {
+-       ZONEINFO     => "/usr/share/zoneinfo",
+-       LOCAL_TIME   => "/etc/localtime"
++       TIMEZONE     => "/etc/timezone"
+      },
+      table =>
+      [
+       [ "local_time",   \&get_utc_time ],
+-      [ "timezone",     \&get_timezone, [LOCAL_TIME, ZONEINFO] ],
++      [ "timezone",     \&Utils::Parse::get_first_line, TIMEZONE ],
+      ]
+    },
+ 

Modified: desktop/unstable/system-tools-backends/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/patches/series?rev=20046&op=diff
==============================================================================
--- desktop/unstable/system-tools-backends/debian/patches/series (original)
+++ desktop/unstable/system-tools-backends/debian/patches/series Wed May 20 09:48:44 2009
@@ -3,5 +3,6 @@
 04_correct_perl_command.patch
 05_cve_2008_4311.patch
 07_dont_symlink_localtime.patch
-08_check_etc_timezone.patch
+08_use_md5.patch
+09_check_etc_timezone.patch
 60_fix-permissions-of-pid-file.patch




More information about the pkg-gnome-commits mailing list