Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Hi
I would like to update ceph with the next stable point release to fix
the 4 security issues listed below. These are all minor issues which did
not warrant a DSA on their own, but are still worth fixing.
https://security-tracker.debian.org/tracker/CVE-2016-9579
https://security-tracker.debian.org/tracker/CVE-2016-5009
https://security-tracker.debian.org/tracker/CVE-2016-7031
https://security-tracker.debian.org/tracker/CVE-2016-8626
The complete debdiff is attached below. I have already built the
package, but not yet uploaded. As soon as I get your OK I'll upload the
package.
Gaudenz
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru ceph-0.80.7/debian/changelog ceph-0.80.7/debian/changelog
--- ceph-0.80.7/debian/changelog 2016-01-15 10:42:14.0 +0100
+++ ceph-0.80.7/debian/changelog 2016-12-28 10:47:36.0 +0100
@@ -1,3 +1,14 @@
+ceph (0.80.7-2+deb8u2) jessie; urgency=medium
+
+ * [78329e] Upstream fix for CVE-2016-9579 (short CORS request)
+(Closes: #849048)
+ * [514d48] Upstream fix for CVE-2016-5009 (mon DoS) (Closes: #829661)
+ * [7ae81b] Upstream fix for CVE-2016-7031 (anonymous read on ACL)
+(Closes: #838026)
+ * [86ac46] Upstream fix for CVE-2016-8626 (RGW DoS) (Closes: #844200)
+
+ -- Gaudenz Steinlin Wed, 28 Dec 2016 10:47:36 +0100
+
ceph (0.80.7-2+deb8u1) jessie; urgency=medium
* [61b5e0] Patch to fix CVE-2015-5245 applied from upstream (Closes: #798567)
diff -Nru ceph-0.80.7/debian/gbp.conf ceph-0.80.7/debian/gbp.conf
--- ceph-0.80.7/debian/gbp.conf 2016-01-15 10:41:01.0 +0100
+++ ceph-0.80.7/debian/gbp.conf 2016-12-27 21:47:49.0 +0100
@@ -1,5 +1,5 @@
[DEFAULT]
-debian-branch = jessie-security
+debian-branch = jessie
pristine-tar = True
[import-orig]
diff -Nru ceph-0.80.7/debian/patches/cve-2016-5009_mon_dos.patch ceph-0.80.7/debian/patches/cve-2016-5009_mon_dos.patch
--- ceph-0.80.7/debian/patches/cve-2016-5009_mon_dos.patch 1970-01-01 01:00:00.0 +0100
+++ ceph-0.80.7/debian/patches/cve-2016-5009_mon_dos.patch 2016-12-28 10:47:27.0 +0100
@@ -0,0 +1,99 @@
+commit b78a1be835706e7dabc505be343945d0ac05697d
+Author: Kefu Chai
+Date: Thu Jun 30 13:24:22 2016 +0800
+
+mon: Monitor: validate prefix on handle_command()
+
+Fixes: http://tracker.ceph.com/issues/16297
+
+Signed-off-by: You Ji
+(cherry picked from commit 7cb3434fed03a5497abfd00bcec7276b70df0654)
+
+Conflicts:
+src/mon/Monitor.cc (the signature of Monitor::reply_command()
+changed a little bit in master, so adapt the
+commit to work with the old method)
+
+--- a/src/mon/Monitor.cc
b/src/mon/Monitor.cc
+@@ -2214,7 +2214,19 @@
+ return;
+ }
+
+- cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
++ // check return value. If no prefix parameter provided,
++ // return value will be false, then return error info.
++ if(!cmd_getval(g_ceph_context, cmdmap, "prefix", prefix)) {
++reply_command(m, -EINVAL, "command prefix not found", 0);
++return;
++ }
++
++ // check prefix is empty
++ if (prefix.empty()) {
++reply_command(m, -EINVAL, "command prefix must not be empty", 0);
++return;
++ }
++
+ if (prefix == "get_command_descriptions") {
+ bufferlist rdata;
+ Formatter *f = new_formatter("json");
+@@ -2235,6 +2247,15 @@
+ boost::scoped_ptr f(new_formatter(format));
+
+ get_str_vec(prefix, fullcmd);
++
++ // make sure fullcmd is not empty.
++ // invalid prefix will cause empty vector fullcmd.
++ // such as, prefix=";,,;"
++ if (fullcmd.empty()) {
++reply_command(m, -EINVAL, "command requires a prefix to be valid", 0);
++return;
++ }
++
+ module = fullcmd[0];
+
+ // validate command is in leader map
+--- a/src/test/librados/cmd.cc
b/src/test/librados/cmd.cc
+@@ -49,6 +49,41 @@
+ rados_buffer_free(buf);
+ rados_buffer_free(st);
+
++ cmd[0] = (char *)"";
++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "{}", 2, , , , ));
++ rados_buffer_free(buf);
++ rados_buffer_free(st);
++
++ cmd[0] = (char *)"{}";
++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, , , , ));
++ rados_buffer_free(buf);
++ rados_buffer_free(st);
++
++ cmd[0] = (char *)"{\"abc\":\"something\"}";
++ ASSERT_EQ(-EINVAL, rados_mon_command(cluster, (const char **)cmd, 1, "", 0, , , , ));
++ rados_buffer_free(buf);
++ rados_buffer_free(st);
++
++ cmd[0] = (char