Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #4414 from uyuni-project/Uyuni-2021.09
Backport #4413 and tagging to master
  • Loading branch information
juliogonzalez committed Oct 28, 2021
2 parents 0897dcb + 5813fe4 commit 790c738
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 2 deletions.
2 changes: 1 addition & 1 deletion rel-eng/packages/spacewalk-admin
@@ -1 +1 @@
4.3.1-1 spacewalk/admin/
4.3.2-1 spacewalk/admin/
6 changes: 6 additions & 0 deletions spacewalk/admin/rhn-config-satellite.pl
Expand Up @@ -28,6 +28,8 @@
my @options = ();
my @removals = ();
my $help = '';
# bsc#1190040
my @allowed_target_files = qw(/etc/rhn/rhn.conf /var/lib/rhn/rhn-satellite-prep/satellite-local-rules.conf /var/lib/rhn/rhn-satellite-prep/etc/rhn/rhn.conf);

GetOptions("target=s" => \$target, "option=s" => \@options, "remove=s" => \@removals, "help" => \$help) or die $usage;

Expand All @@ -43,6 +45,10 @@

my $tmpfile = $target . ".bak.${PID}";

if (! grep { $_ eq $target} @allowed_target_files) {
die("Cannot modify a file that is not a spacewalk config file: " . $target);
}

if (-e $target . ".orig") {
unlink($target . ".orig") or die "Could not remove $target to ${target}.orig prior to new backup: $OS_ERROR";
}
Expand Down
8 changes: 8 additions & 0 deletions spacewalk/admin/spacewalk-admin.changes
@@ -1,6 +1,14 @@
- Add connection details for postgresql salt pillar
- replaced pidof with pgrep and removed sysvinit-tools dependency

-------------------------------------------------------------------
Thu Oct 28 12:16:53 CEST 2021 - jgonzalez@suse.com

- version 4.3.2-1
* Fix setup with rhn-config-satellite (bsc#1190300)
* Allow admins to modify only spacewalk config files with
rhn-config-satellite.pl (bsc#1190040) (CVE-2021-40348)

-------------------------------------------------------------------
Mon Aug 09 10:57:26 CEST 2021 - jgonzalez@suse.com

Expand Down
2 changes: 1 addition & 1 deletion spacewalk/admin/spacewalk-admin.spec
Expand Up @@ -28,7 +28,7 @@ License: GPL-2.0-only
Group: Applications/Internet
Name: spacewalk-admin
URL: https://github.com/uyuni-project/uyuni
Version: 4.3.1
Version: 4.3.2
Release: 1
Source0: https://github.com/uyuni-project/uyuni/archive/%{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Expand Down

0 comments on commit 790c738

Please sign in to comment.