Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package glusterfs It fixes CVE-2014-3619 and closes #781018 diff -Naur '--exclude=.svn' 3.5.2-1/debian/changelog 3.5.2-2/debian/changelog --- 3.5.2-1/debian/changelog 2014-08-01 13:17:51.262203834 +0200 +++ 3.5.2-2/debian/changelog 2015-03-23 15:47:19.949358143 +0100 @@ -1,3 +1,11 @@ +glusterfs (3.5.2-2) unstable; urgency=high + + * Add patch 01-CVE-2014-3619 to fix a fragment header infinite loop DoS in + glusterfs as described in CVE-2014-3619. + Closes: #781018 + + -- Patrick Matthäi <pmatth...@debian.org> Mon, 23 Mar 2015 15:35:25 +0100 + glusterfs (3.5.2-1) unstable; urgency=medium * New upstream release. diff -Naur '--exclude=.svn' 3.5.2-1/debian/patches/01-CVE-2014-3619.diff 3.5.2-2/debian/patches/01-CVE-2014-3619.diff --- 3.5.2-1/debian/patches/01-CVE-2014-3619.diff 1970-01-01 01:00:00.000000000 +0100 +++ 3.5.2-2/debian/patches/01-CVE-2014-3619.diff 2015-03-23 15:47:19.953358498 +0100 @@ -0,0 +1,55 @@ +# Upstream patch to fix CVE-2014-3619 (fragment header infinite loop DoS) +# URL: https://bugzilla.redhat.com/show_bug.cgi?id=1138145 +# Patch: http://review.gluster.org/#/c/8662/4 + +diff -Naur glusterfs-3.5.2.orig/rpc/rpc-transport/socket/src/socket.c glusterfs-3.5.2/rpc/rpc-transport/socket/src/socket.c +--- glusterfs-3.5.2.orig/rpc/rpc-transport/socket/src/socket.c 2014-07-31 13:05:35.000000000 +0200 ++++ glusterfs-3.5.2/rpc/rpc-transport/socket/src/socket.c 2015-03-23 15:28:00.765389702 +0100 +@@ -375,10 +375,11 @@ + /* first call after passing SP_STATE_READING_FRAGHDR */ + in->ra_max = min (RPC_FRAGSIZE (in->fraghdr), GF_SOCKET_RA_MAX); + /* Note that the in->iobuf is the primary iobuf into which +- headers are read into. By using this itself as our ++ headers are read into, and in->frag.fragcurrent points to ++ some position in the buffer. By using this itself as our + read-ahead cache, we can avoid memory copies in iov_load + */ +- in->ra_buf = iobuf_ptr (in->iobuf); ++ in->ra_buf = in->frag.fragcurrent; + } + + /* fill read-ahead */ +@@ -1986,9 +1987,22 @@ + goto out; + } + ++ if (in->iobuf == NULL) { ++ /* first fragment */ ++ frag->fragcurrent = iobuf_ptr (iobuf); ++ } else { ++ /* second or further fragment */ ++ memcpy(iobuf_ptr (iobuf), iobuf_ptr (in->iobuf), ++ in->total_bytes_read - RPC_FRAGSIZE(in->fraghdr)); ++ iobuf_unref (in->iobuf); ++ frag->fragcurrent = (char *) iobuf_ptr (iobuf) + ++ in->total_bytes_read - RPC_FRAGSIZE(in->fraghdr); ++ frag->pending_vector->iov_base = frag->fragcurrent; ++ in->pending_vector = frag->pending_vector; ++ } ++ + in->iobuf = iobuf; + in->iobuf_size = 0; +- frag->fragcurrent = iobuf_ptr (iobuf); + in->record_state = SP_STATE_READING_FRAG; + /* fall through */ + +@@ -2003,6 +2017,9 @@ + frag->bytes_read = 0; + + if (!RPC_LASTFRAG (in->fraghdr)) { ++ in->pending_vector = in->vector; ++ in->pending_vector->iov_base = &in->fraghdr; ++ in->pending_vector->iov_len = sizeof(in->fraghdr); + in->record_state = SP_STATE_READING_FRAGHDR; + break; + } diff -Naur '--exclude=.svn' 3.5.2-1/debian/patches/series 3.5.2-2/debian/patches/series --- 3.5.2-1/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ 3.5.2-2/debian/patches/series 2015-03-23 15:47:19.953358498 +0100 @@ -0,0 +1 @@ +01-CVE-2014-3619.diff unblock glusterfs/3.5.2-2 -- System Information: Debian Release: 7.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
