Bug#698502: unblock: glusterfs/3.2.7-4
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package glusterfs
It fixes the security bug #693112 aka CVE-2012-4417.
diff -Naur '--exclude=.svn' 3.2.7-3/debian/changelog 3.2.7-4/debian/changelog
--- 3.2.7-3/debian/changelog 2012-11-12 20:37:46.218864002 +0100
+++ 3.2.7-4/debian/changelog 2013-01-19 14:10:01.323965193 +0100
@@ -1,3 +1,12 @@
+glusterfs (3.2.7-4) unstable; urgency=medium
+
+ * Add backported upstream patch 04-CVE-2012-4417 to fix CVE-2012-4417:
+ glusterfs allows local users to overwrite arbitrary files via a symlink
+ attack on temporary files with predictable names.
+ Closes: #693112
+
+ -- Patrick Matthäi <pmatthaei@debian.org> Sat, 19 Jan 2013 13:53:18 +0100
+
glusterfs (3.2.7-3) unstable; urgency=low
* Remove duplicated and faulty call of the glusterd daemon from the init
diff -Naur '--exclude=.svn' 3.2.7-3/debian/patches/04-CVE-2012-4417.diff 3.2.7-4/debian/patches/04-CVE-2012-4417.diff
--- 3.2.7-3/debian/patches/04-CVE-2012-4417.diff 1970-01-01 01:00:00.000000000 +0100
+++ 3.2.7-4/debian/patches/04-CVE-2012-4417.diff 2013-01-19 14:10:01.323965193 +0100
@@ -0,0 +1,121 @@
+# Backported upstream patch to fix CVE-2012-4417:
+# GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to
+# overwrite arbitrary files via a symlink attack on temporary files with
+# predictable names.
+# Closes: #693112
+
+diff -Naur glusterfs-3.2.7.orig/libglusterfs/src/common-utils.h glusterfs-3.2.7/libglusterfs/src/common-utils.h
+--- glusterfs-3.2.7.orig/libglusterfs/src/common-utils.h 2012-06-10 19:44:15.000000000 +0200
++++ glusterfs-3.2.7/libglusterfs/src/common-utils.h 2013-01-19 13:49:26.415982036 +0100
+@@ -134,6 +134,16 @@
+ } \
+ } while (0);
+
++#define GF_REMOVE_SLASH_FROM_PATH(path, string) \
++ do { \
++ int i = 0; \
++ for (i = 1; i < strlen (path); i++) { \
++ string[i-1] = path[i]; \
++ if (string[i-1] == '/') \
++ string[i-1] = '-'; \
++ } \
++ } while (0)
++
+ #define GF_FILE_CONTENT_REQUESTED(_xattr_req,_content_limit) \
+ (dict_get_uint64 (_xattr_req, "glusterfs.content", _content_limit) == 0)
+
+diff -Naur glusterfs-3.2.7.orig/libglusterfs/src/statedump.c glusterfs-3.2.7/libglusterfs/src/statedump.c
+--- glusterfs-3.2.7.orig/libglusterfs/src/statedump.c 2012-06-10 19:44:15.000000000 +0200
++++ glusterfs-3.2.7/libglusterfs/src/statedump.c 2013-01-19 13:49:26.415982036 +0100
+@@ -62,15 +62,11 @@
+
+
+ static int
+-gf_proc_dump_open (void)
++gf_proc_dump_open (char *tmpname)
+ {
+- char path[256];
+ int dump_fd = -1;
+
+- memset (path, 0, sizeof (path));
+- snprintf (path, sizeof (path), "%s.%d", GF_DUMP_LOGFILE_ROOT, getpid ());
+-
+- dump_fd = open (path, O_CREAT|O_RDWR|O_TRUNC|O_APPEND, 0600);
++ dump_fd = mkstemp (tmpname);
+ if (dump_fd < 0)
+ return -1;
+
+@@ -408,12 +404,13 @@
+ void
+ gf_proc_dump_info (int signum)
+ {
+- int ret = -1;
+- glusterfs_ctx_t *ctx = NULL;
+-
++ int ret = -1;
++ glusterfs_ctx_t *ctx = NULL;
++ char brick_name[PATH_MAX] = {0,};
++ char tmp_dump_name[] = "/tmp/dumpXXXXXX";
++ char path[PATH_MAX] = {0,};
+
+ gf_proc_dump_lock ();
+- ret = gf_proc_dump_open ();
+ if (ret < 0)
+ goto out;
+
+@@ -422,23 +419,32 @@
+ if (ret < 0)
+ goto out;
+
+- if (GF_PROC_DUMP_IS_OPTION_ENABLED (mem))
+- gf_proc_dump_mem_info ();
+-
+ ctx = glusterfs_ctx_get ();
+
+- if (ctx) {
+- if (GF_PROC_DUMP_IS_OPTION_ENABLED (iobuf))
+- iobuf_stats_dump (ctx->iobuf_pool);
+- if (GF_PROC_DUMP_IS_OPTION_ENABLED (callpool))
+- gf_proc_dump_pending_frames (ctx->pool);
+- if (ctx->active)
+- gf_proc_dump_xlator_info (ctx->active->top);
++ if (!ctx)
++ goto out;
+
+- }
++ if (ctx->cmd_args.brick_name) {
++ GF_REMOVE_SLASH_FROM_PATH (ctx->cmd_args.brick_name, brick_name);
++ } else
++ strncpy (brick_name, "glusterdump", sizeof (brick_name));
++
++ snprintf (path, sizeof path, "%s/%s.%d.dump.%"PRIu64, "/tmp",
++ brick_name, getpid(), (uint64_t) time (NULL));
++
++ ret = gf_proc_dump_open (tmp_dump_name);
++ if (GF_PROC_DUMP_IS_OPTION_ENABLED (mem))
++ gf_proc_dump_mem_info ();
++ if (GF_PROC_DUMP_IS_OPTION_ENABLED (iobuf))
++ iobuf_stats_dump (ctx->iobuf_pool);
++ if (GF_PROC_DUMP_IS_OPTION_ENABLED (callpool))
++ gf_proc_dump_pending_frames (ctx->pool);
++ if (ctx->active)
++ gf_proc_dump_xlator_info (ctx->active->top);
+
+ gf_proc_dump_close ();
+ out:
++ rename (tmp_dump_name, path);
+ gf_proc_dump_unlock ();
+
+ return;
+diff -Naur glusterfs-3.2.7.orig/xlators/mgmt/glusterd/src/glusterd-utils.c glusterfs-3.2.7/xlators/mgmt/glusterd/src/glusterd-utils.c
+--- glusterfs-3.2.7.orig/xlators/mgmt/glusterd/src/glusterd-utils.c 2012-06-10 19:44:17.000000000 +0200
++++ glusterfs-3.2.7/xlators/mgmt/glusterd/src/glusterd-utils.c 2013-01-19 13:49:26.415982036 +0100
+@@ -63,7 +63,7 @@
+ #define MOUNTV3_VERSION 3
+ #define MOUNTV1_VERSION 1
+
+-char *glusterd_sock_dir = "/tmp";
++char *glusterd_sock_dir = "/var/run";
+ static glusterd_lock_t lock;
+
+ static int32_t
diff -Naur '--exclude=.svn' 3.2.7-3/debian/patches/series 3.2.7-4/debian/patches/series
--- 3.2.7-3/debian/patches/series 2012-11-12 20:37:46.218864002 +0100
+++ 3.2.7-4/debian/patches/series 2013-01-19 14:10:01.323965193 +0100
@@ -1,3 +1,4 @@
01-manpage-errors.diff
02-spelling-error.diff
03-glusterd-crash-gcc-optimizations.diff
+04-CVE-2012-4417.diff
unblock glusterfs/3.2.7-4
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: