r20046 - in /desktop/unstable/system-tools-backends/debian: changelog patches/08_use_md5.patch patches/09_check_etc_timezone.patch patches/series
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Wed May 20 09:48:44 UTC 2009
Author: joss
Date: Wed May 20 09:48:44 2009
New Revision: 20046
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=20046
Log:
* 09_check_etc_timezone.patch: patch from Ubuntu. Use /etc/timezone to
* Security NMU.
* Fix CVE-2008-6792 "limiting effective password length to 8 characters"
and another related bug in do_get_use_md5(). Closes: #527952.
Added:
desktop/unstable/system-tools-backends/debian/patches/08_use_md5.patch
desktop/unstable/system-tools-backends/debian/patches/09_check_etc_timezone.patch
Modified:
desktop/unstable/system-tools-backends/debian/changelog
desktop/unstable/system-tools-backends/debian/patches/series
Modified: desktop/unstable/system-tools-backends/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/changelog?rev=20046&op=diff
==============================================================================
--- desktop/unstable/system-tools-backends/debian/changelog (original)
+++ desktop/unstable/system-tools-backends/debian/changelog Wed May 20 09:48:44 2009
@@ -1,9 +1,17 @@
system-tools-backends (2.6.0-7) UNRELEASED; urgency=low
- * 08_check_etc_timezone.patch: patch from Ubuntu. Use /etc/timezone to
+ * 09_check_etc_timezone.patch: patch from Ubuntu. Use /etc/timezone to
obtain time zone. Closes: #526940.
-- Josselin Mouette <joss at debian.org> Mon, 04 May 2009 17:58:31 +0200
+
+system-tools-backends (2.6.0-6.1) unstable; urgency=high
+
+ * Security NMU.
+ * Fix CVE-2008-6792 "limiting effective password length to 8 characters"
+ and another related bug in do_get_use_md5(). Closes: #527952.
+
+ -- Jan Christoph Nordholz <hesso at pool.math.tu-berlin.de> Mon, 18 May 2009 17:55:01 +0200
system-tools-backends (2.6.0-6) unstable; urgency=low
Added: desktop/unstable/system-tools-backends/debian/patches/08_use_md5.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/patches/08_use_md5.patch?rev=20046&op=file
==============================================================================
--- desktop/unstable/system-tools-backends/debian/patches/08_use_md5.patch (added)
+++ desktop/unstable/system-tools-backends/debian/patches/08_use_md5.patch Wed May 20 09:48:44 2009
@@ -1,0 +1,23 @@
+Add fix for CVE 2008-6792 and another related bug in do_get_use_md5().
+
+ -- James Westby <james.westby at canonical.com>
+ -- Jan Christoph Nordholz <hesso at pool.math.tu-berlin.de>
+
+--- system-tools-backends-2.6.0.orig/Users/Users.pm 2008-03-09 13:21:45.000000000 +0000
++++ system-tools-backends-2.6.0/Users/Users.pm 2009-05-18 15:41:15.246049271 +0000
+@@ -286,13 +286,14 @@
+
+ if ($line[0] eq "\@include")
+ {
+- $use_md5 = &do_get_use_md5 ($line[1]);
++ $use_md5 |= &do_get_use_md5 ($line[1]);
+ }
+ elsif ($line[0] eq "password")
+ {
+ foreach $i (@line)
+ {
+ $use_md5 = 1 if ($i eq "md5");
++ $use_md5 = 1 if ($i =~ /^sha\d+/);
+ }
+ }
+ }
Added: desktop/unstable/system-tools-backends/debian/patches/09_check_etc_timezone.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/patches/09_check_etc_timezone.patch?rev=20046&op=file
==============================================================================
--- desktop/unstable/system-tools-backends/debian/patches/09_check_etc_timezone.patch (added)
+++ desktop/unstable/system-tools-backends/debian/patches/09_check_etc_timezone.patch Wed May 20 09:48:44 2009
@@ -1,0 +1,20 @@
+Index: system-tools-backends-2.6.0/Time/TimeDate.pm
+===================================================================
+--- system-tools-backends-2.6.0.orig/Time/TimeDate.pm 2009-05-04 10:59:40.000000000 -0400
++++ system-tools-backends-2.6.0/Time/TimeDate.pm 2009-05-04 11:01:13.000000000 -0400
+@@ -200,13 +200,12 @@
+ {
+ fn =>
+ {
+- ZONEINFO => "/usr/share/zoneinfo",
+- LOCAL_TIME => "/etc/localtime"
++ TIMEZONE => "/etc/timezone"
+ },
+ table =>
+ [
+ [ "local_time", \&get_utc_time ],
+- [ "timezone", \&get_timezone, [LOCAL_TIME, ZONEINFO] ],
++ [ "timezone", \&Utils::Parse::get_first_line, TIMEZONE ],
+ ]
+ },
+
Modified: desktop/unstable/system-tools-backends/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/patches/series?rev=20046&op=diff
==============================================================================
--- desktop/unstable/system-tools-backends/debian/patches/series (original)
+++ desktop/unstable/system-tools-backends/debian/patches/series Wed May 20 09:48:44 2009
@@ -3,5 +3,6 @@
04_correct_perl_command.patch
05_cve_2008_4311.patch
07_dont_symlink_localtime.patch
-08_check_etc_timezone.patch
+08_use_md5.patch
+09_check_etc_timezone.patch
60_fix-permissions-of-pid-file.patch
More information about the pkg-gnome-commits
mailing list