Overview

File apt-cacher-ng.changes of Package apt-cacher-ng

-------------------------------------------------------------------
Mon Jan 20 11:48:53 UTC 2020 - Matthias Gerstner <matthias.gerstner@suse.com>

- fix CVE-2019-18899 (bsc#1157703): the systemd service configuration in
  apt-cacher-ng.service did run apt-cacher-ng as root while /run/apt-cacher-ng
  was created for the apt-cacher-ng user via systemd-tmpfiles. A compromised
  apt-cacher-ng could have performed symlink attacks in /run/apt-cacher-ng to
  cause writes to privileged file system locations by root. Furthermore the
  socket path /run/apt-cacher-ng/socket could have been replaced by an
  attacker owned socket, thereby allowing him to hijack privileged client
  connections to apt-cacher-ng. Additional unexplored security issues could
  have been possible.

  To fix this use the upstream service file with correct privilege drop
  configuration. During update the ownership of /var/log/apt-cacher-ng and
  /var/cache/apt-cacher-ng as well as a possibly already running apt-cacher-ng
  instance (files in /run/apt-cacher-ng) need to be fixed in %pre, %post.

-------------------------------------------------------------------
Fri Jan 17 12:39:09 UTC 2020 - Matthias Gerstner <matthias.gerstner@suse.com>

- add CVE-2020-5202.patch: fixes bsc#1157706, CVE-2020-5202. A local user
  account that managed to listen on localhost:3142 before the actual
  apt-cacher-ng systemd service did could have intercepted client traffic sent
  by e.g. root via the cron job /etc/cron.daily/apt-cacher-ng, possibly
  including authentication credentials.

-------------------------------------------------------------------
Wed Dec  6 10:30:27 UTC 2017 - mpluskal@suse.com

- Use more of cmake macros
- Use pkgconfig style dependencies

-------------------------------------------------------------------
Tue Dec  5 11:38:57 UTC 2017 - mchandras@suse.de

- Version bump to 3.1
  * Hide credentials in acngtool in some corner cases
  * Dropped references to distkill.pl script which was superseeded by acngtool
  * Made default PassThroughPattern setting stricter
  * Mirror database update
  * Avoid expiration failure when some index files are missing
- Fix logrotate file installation

-------------------------------------------------------------------
Fri May 26 09:50:14 UTC 2017 - jengelh@inai.de

- Trim description. Use regular %setup call for all unpacking.

-------------------------------------------------------------------
Tue May 16 16:41:49 UTC 2017 - mchandras@suse.de

- Initial commit
openSUSE Build Service is sponsored by
Places