[wicd] Fix CVS-2012-0813 (#785147)
David Cantrell
dcantrel at fedoraproject.org
Fri Jan 27 19:22:01 UTC 2012
commit 309fe7376a594ecbdaaad0a610dd5d4771f55810
Author: David Cantrell <david.l.cantrell at gmail.com>
Date: Fri Jan 27 14:21:47 2012 -0500
Fix CVS-2012-0813 (#785147)
wicd-1.7.1b2-CVE-2012-0813.patch | 19 +++++++++++++++++++
wicd.spec | 11 ++++++++++-
2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/wicd-1.7.1b2-CVE-2012-0813.patch b/wicd-1.7.1b2-CVE-2012-0813.patch
new file mode 100644
index 0000000..06f0e8f
--- /dev/null
+++ b/wicd-1.7.1b2-CVE-2012-0813.patch
@@ -0,0 +1,19 @@
+diff -up wicd-1.7.1b2/wicd/configmanager.py.CVE-2012-0813 wicd-1.7.1b2/wicd/configmanager.py
+--- wicd-1.7.1b2/wicd/configmanager.py.CVE-2012-0813 2010-10-29 11:36:55.000000000 -0400
++++ wicd-1.7.1b2/wicd/configmanager.py 2012-01-27 14:17:48.773091678 -0500
+@@ -107,8 +107,13 @@ class ConfigManager(RawConfigParser):
+ ret = ret[3:-3]
+ if default:
+ if self.debug:
+- print ''.join(['found ', option, ' in configuration ',
+- str(ret)])
++ # mask out sensitive information
++ if option in ['apsk', 'password', 'identity', 'private_key', \
++ 'private_key_passwd', 'key', 'passphrase']:
++ print ''.join(['found ', option, ' in configuration *****'])
++ else:
++ print ''.join(['found ', option, ' in configuration ',
++ str(ret)])
+ else:
+ if default != "__None__":
+ print 'did not find %s in configuration, setting default %s' % (option, str(default))
diff --git a/wicd.spec b/wicd.spec
index 8fd600b..3c94572 100644
--- a/wicd.spec
+++ b/wicd.spec
@@ -10,7 +10,7 @@
Name: wicd
Version: 1.7.1
-Release: 0.2.%{alphatag}%{?dist}
+Release: 0.3.%{alphatag}%{?dist}
Summary: Wireless and wired network connection manager
Group: System Environment/Base
@@ -27,6 +27,7 @@ Patch2: wicd-1.7.1b2-error-messages.patch
Patch3: wicd-1.7.0-dbus-policy.patch
Patch4: wicd-1.7.1b2-wired_showing.patch
Patch5: wicd-1.7.1b2-initialize-check-and-message.patch
+Patch6: wicd-1.7.1b2-CVE-2012-0813.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -u -n)
BuildRequires: python2-devel
@@ -109,6 +110,11 @@ Client program for wicd that uses a GTK+ interface.
# Make sure check and message are always a lambda
%patch5 -p1
+# Fix CVE-2012-0813
+# Patch based on upstream:
+# http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682
+%patch6 -p1
+
%build
# NOTE: --etc is where dhclient.conf.template goes
%{__python} setup.py configure \
@@ -293,6 +299,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%{_datadir}/icons/hicolor/scalable/apps/wicd-gtk.svg
%changelog
+* Fri Jan 27 2012 David Cantrell <dcantrell at redhat.com> - 1.7.1b2-0.3
+- Fix CVS-2012-0813 (#785147)
+
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7.1-0.2.b2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
More information about the scm-commits
mailing list