[wicd/f16] Fix CVS-2012-0813 (#785147)
David Cantrell
dcantrel at fedoraproject.org
Fri Jan 27 19:47:59 UTC 2012
commit f79afab29f576db1d79e17b88a8fc5b5a0b396f1
Author: David Cantrell <david.l.cantrell at gmail.com>
Date: Fri Jan 27 14:47:47 2012 -0500
Fix CVS-2012-0813 (#785147)
wicd-1.7.0-CVE-2012-0813.patch | 19 +++++++++++++++++++
wicd.spec | 11 ++++++++++-
2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/wicd-1.7.0-CVE-2012-0813.patch b/wicd-1.7.0-CVE-2012-0813.patch
new file mode 100644
index 0000000..2c84e0e
--- /dev/null
+++ b/wicd-1.7.0-CVE-2012-0813.patch
@@ -0,0 +1,19 @@
+diff -up wicd-1.7.0/wicd/configmanager.py.CVE-2012-0813 wicd-1.7.0/wicd/configmanager.py
+--- wicd-1.7.0/wicd/configmanager.py.CVE-2012-0813 2012-01-27 14:34:12.779219466 -0500
++++ wicd-1.7.0/wicd/configmanager.py 2012-01-27 14:34:33.534091679 -0500
+@@ -97,8 +97,13 @@ class ConfigManager(RawConfigParser):
+ ret = ret[3:-3]
+ if default:
+ if self.debug:
+- print ''.join(['found ', option, ' in configuration ',
+- str(ret)])
++ # mask out sensitive information
++ if option in ['apsk', 'password', 'identity', 'private_key', \
++ 'private_key_passwd', 'key', 'passphrase']:
++ print ''.join(['found ', option, ' in configuration *****'])
++ else:
++ print ''.join(['found ', option, ' in configuration ',
++ str(ret)])
+ else:
+ if default != "__None__":
+ print 'did not find %s in configuration, setting default %s' % (option, str(default))
diff --git a/wicd.spec b/wicd.spec
index 1b7834a..e545273 100644
--- a/wicd.spec
+++ b/wicd.spec
@@ -9,7 +9,7 @@
Name: wicd
Version: 1.7.0
-Release: 9%{?dist}
+Release: 10%{?dist}
Summary: Wireless and wired network connection manager
Group: System Environment/Base
@@ -27,6 +27,7 @@ Patch3: wicd-1.7.0-error-messages.patch
Patch4: wicd-1.7.0-dbus-policy.patch
Patch5: wicd-1.7.0-wired_showing.patch
Patch6: wicd-1.7.0-initialize-check-and-message.patch
+Patch7: wicd-1.7.0-CVE-2012-0813.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -u -n)
BuildRequires: python2-devel
@@ -112,6 +113,11 @@ Client program for wicd that uses a GTK+ interface.
# Make sure check and message are always a lambda
%patch6 -p1
+# Fix CVE-2012-0813
+# Patch based on upstream:
+# http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682
+%patch7 -p1
+
%build
# NOTE: --etc is where dhclient.conf.template goes
%{__python} setup.py configure \
@@ -296,6 +302,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%{_datadir}/icons/hicolor/scalable/apps/wicd-gtk.svg
%changelog
+* Fri Jan 27 2012 David Cantrell <dcantrell at redhat.com> - 1.7.0-10
+- Fix CVS-2012-0813 (#785147)
+
* Fri Aug 19 2011 David Cantrell <dcantrell at redhat.com> - 1.7.0-9
- Initialize appGui._wired_showing in __init__ (#723553)
- Make sure check and message in wicd-cli are a lambda (#712435)
More information about the scm-commits
mailing list