Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package glusterfs It fixes the security bug #693112 aka CVE-2012-4417. diff -Naur '--exclude=.svn' 3.2.7-3/debian/changelog 3.2.7-4/debian/changelog --- 3.2.7-3/debian/changelog 2012-11-12 20:37:46.218864002 +0100 +++ 3.2.7-4/debian/changelog 2013-01-19 14:10:01.323965193 +0100 @@ -1,3 +1,12 @@ +glusterfs (3.2.7-4) unstable; urgency=medium + + * Add backported upstream patch 04-CVE-2012-4417 to fix CVE-2012-4417: + glusterfs allows local users to overwrite arbitrary files via a symlink + attack on temporary files with predictable names. + Closes: #693112 + + -- Patrick Matthäi <pmatth...@debian.org> Sat, 19 Jan 2013 13:53:18 +0100 + glusterfs (3.2.7-3) unstable; urgency=low * Remove duplicated and faulty call of the glusterd daemon from the init diff -Naur '--exclude=.svn' 3.2.7-3/debian/patches/04-CVE-2012-4417.diff 3.2.7-4/debian/patches/04-CVE-2012-4417.diff --- 3.2.7-3/debian/patches/04-CVE-2012-4417.diff 1970-01-01 01:00:00.000000000 +0100 +++ 3.2.7-4/debian/patches/04-CVE-2012-4417.diff 2013-01-19 14:10:01.323965193 +0100 @@ -0,0 +1,121 @@ +# Backported upstream patch to fix CVE-2012-4417: +# GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to +# overwrite arbitrary files via a symlink attack on temporary files with +# predictable names. +# Closes: #693112 + +diff -Naur glusterfs-3.2.7.orig/libglusterfs/src/common-utils.h glusterfs-3.2.7/libglusterfs/src/common-utils.h +--- glusterfs-3.2.7.orig/libglusterfs/src/common-utils.h 2012-06-10 19:44:15.000000000 +0200 ++++ glusterfs-3.2.7/libglusterfs/src/common-utils.h 2013-01-19 13:49:26.415982036 +0100 +@@ -134,6 +134,16 @@ + } \ + } while (0); + ++#define GF_REMOVE_SLASH_FROM_PATH(path, string) \ ++ do { \ ++ int i = 0; \ ++ for (i = 1; i < strlen (path); i++) { \ ++ string[i-1] = path[i]; \ ++ if (string[i-1] == '/') \ ++ string[i-1] = '-'; \ ++ } \ ++ } while (0) ++ + #define GF_FILE_CONTENT_REQUESTED(_xattr_req,_content_limit) \ + (dict_get_uint64 (_xattr_req, "glusterfs.content", _content_limit) == 0) + +diff -Naur glusterfs-3.2.7.orig/libglusterfs/src/statedump.c glusterfs-3.2.7/libglusterfs/src/statedump.c +--- glusterfs-3.2.7.orig/libglusterfs/src/statedump.c 2012-06-10 19:44:15.000000000 +0200 ++++ glusterfs-3.2.7/libglusterfs/src/statedump.c 2013-01-19 13:49:26.415982036 +0100 +@@ -62,15 +62,11 @@ + + + static int +-gf_proc_dump_open (void) ++gf_proc_dump_open (char *tmpname) + { +- char path[256]; + int dump_fd = -1; + +- memset (path, 0, sizeof (path)); +- snprintf (path, sizeof (path), "%s.%d", GF_DUMP_LOGFILE_ROOT, getpid ()); +- +- dump_fd = open (path, O_CREAT|O_RDWR|O_TRUNC|O_APPEND, 0600); ++ dump_fd = mkstemp (tmpname); + if (dump_fd < 0) + return -1; + +@@ -408,12 +404,13 @@ + void + gf_proc_dump_info (int signum) + { +- int ret = -1; +- glusterfs_ctx_t *ctx = NULL; +- ++ int ret = -1; ++ glusterfs_ctx_t *ctx = NULL; ++ char brick_name[PATH_MAX] = {0,}; ++ char tmp_dump_name[] = "/tmp/dumpXXXXXX"; ++ char path[PATH_MAX] = {0,}; + + gf_proc_dump_lock (); +- ret = gf_proc_dump_open (); + if (ret < 0) + goto out; + +@@ -422,23 +419,32 @@ + if (ret < 0) + goto out; + +- if (GF_PROC_DUMP_IS_OPTION_ENABLED (mem)) +- gf_proc_dump_mem_info (); +- + ctx = glusterfs_ctx_get (); + +- if (ctx) { +- if (GF_PROC_DUMP_IS_OPTION_ENABLED (iobuf)) +- iobuf_stats_dump (ctx->iobuf_pool); +- if (GF_PROC_DUMP_IS_OPTION_ENABLED (callpool)) +- gf_proc_dump_pending_frames (ctx->pool); +- if (ctx->active) +- gf_proc_dump_xlator_info (ctx->active->top); ++ if (!ctx) ++ goto out; + +- } ++ if (ctx->cmd_args.brick_name) { ++ GF_REMOVE_SLASH_FROM_PATH (ctx->cmd_args.brick_name, brick_name); ++ } else ++ strncpy (brick_name, "glusterdump", sizeof (brick_name)); ++ ++ snprintf (path, sizeof path, "%s/%s.%d.dump.%"PRIu64, "/tmp", ++ brick_name, getpid(), (uint64_t) time (NULL)); ++ ++ ret = gf_proc_dump_open (tmp_dump_name); ++ if (GF_PROC_DUMP_IS_OPTION_ENABLED (mem)) ++ gf_proc_dump_mem_info (); ++ if (GF_PROC_DUMP_IS_OPTION_ENABLED (iobuf)) ++ iobuf_stats_dump (ctx->iobuf_pool); ++ if (GF_PROC_DUMP_IS_OPTION_ENABLED (callpool)) ++ gf_proc_dump_pending_frames (ctx->pool); ++ if (ctx->active) ++ gf_proc_dump_xlator_info (ctx->active->top); + + gf_proc_dump_close (); + out: ++ rename (tmp_dump_name, path); + gf_proc_dump_unlock (); + + return; +diff -Naur glusterfs-3.2.7.orig/xlators/mgmt/glusterd/src/glusterd-utils.c glusterfs-3.2.7/xlators/mgmt/glusterd/src/glusterd-utils.c +--- glusterfs-3.2.7.orig/xlators/mgmt/glusterd/src/glusterd-utils.c 2012-06-10 19:44:17.000000000 +0200 ++++ glusterfs-3.2.7/xlators/mgmt/glusterd/src/glusterd-utils.c 2013-01-19 13:49:26.415982036 +0100 +@@ -63,7 +63,7 @@ + #define MOUNTV3_VERSION 3 + #define MOUNTV1_VERSION 1 + +-char *glusterd_sock_dir = "/tmp"; ++char *glusterd_sock_dir = "/var/run"; + static glusterd_lock_t lock; + + static int32_t diff -Naur '--exclude=.svn' 3.2.7-3/debian/patches/series 3.2.7-4/debian/patches/series --- 3.2.7-3/debian/patches/series 2012-11-12 20:37:46.218864002 +0100 +++ 3.2.7-4/debian/patches/series 2013-01-19 14:10:01.323965193 +0100 @@ -1,3 +1,4 @@ 01-manpage-errors.diff 02-spelling-error.diff 03-glusterd-crash-gcc-optimizations.diff +04-CVE-2012-4417.diff unblock glusterfs/3.2.7-4 -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org