Bug#700052: unblock: xnbd/0.1.0-pre-hg20-e75b93a47722-3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#700052: unblock: xnbd/0.1.0-pre-hg20-e75b93a47722-3
From: Arno Töll <arno@debian.org>
Date: Thu, 07 Feb 2013 23:20:51 +0100
Message-id: <20130207222051.11720.91679.reportbug@snowball>
Reply-to: Arno TÃ¶ll <arno@debian.org>, 700052@bugs.debian.org
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package xnbd. It fixes a local symlink attack vulnerability
being tracked as CVE-2013-0265. This upload includes a patch changing the
default logfile location to a location which is not globally writable (and more
FHS conform anyway). It also fixes a purely cosmetic spelling fix in man pages.

diff -Nru xnbd-0.1.0-pre-hg20-e75b93a47722/debian/changelog xnbd-0.1.0-pre-hg20-e75b93a47722/debian/changelog
--- xnbd-0.1.0-pre-hg20-e75b93a47722/debian/changelog   2012-05-28 19:38:35.000000000 +0200
+++ xnbd-0.1.0-pre-hg20-e75b93a47722/debian/changelog   2013-02-07 22:45:21.000000000 +0100
@@ -1,3 +1,12 @@
+xnbd (0.1.0-pre-hg20-e75b93a47722-3) unstable; urgency=medium
+
+  * Fix "Documentation Error: Option --blocksize mistyped" use correct
+    spelling(Closes: #691842)
+  * CVE-2013-0265: Fix symlink vulnerability spotted by Sebastian Pipping
+    <spipping@wavecon.de>. Moreover, thanks Sebastian for providing a patch.
+
+ -- Arno Töll <arno@debian.org>  Thu, 07 Feb 2013 22:45:10 +0100
+
 xnbd (0.1.0-pre-hg20-e75b93a47722-2) unstable; urgency=low
 
   * Do a full source rebuild again, now that #670557 is fixed.
diff -Nru xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/CVE-2013-0265.patch xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/CVE-2013-0265.patch
--- xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/CVE-2013-0265.patch 1970-01-01 01:00:00.000000000 +0100
+++ xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/CVE-2013-0265.patch 2013-02-07 22:40:22.000000000 +0100
@@ -0,0 +1,169 @@
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Tue, 5 Feb 2013 14:05:29 +0100
+Subject: [PATCH] Fix insecure logging location (CVE-2013-0265)
+
+* Change the default log file location from /tmp to /var/log
+* Update manpages with respect to the new default location.
+
+Origin: upstream, http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=bdb56bac
+Bug: http://seclists.org/oss-sec/2013/q1/248
+
+---
+ trunk/doc/xnbd-server.8.sgml  |    2 +-
+ trunk/doc/xnbd-wrapper.8.sgml |    2 +-
+ trunk/xnbd_common.c           |   11 +++++------
+ trunk/xnbd_common.h           |    6 ++----
+ trunk/xnbd_server.c           |    9 +++++----
+ trunk/xnbd_wrapper.c          |   10 +++++++---
+ 6 files changed, 21 insertions(+), 19 deletions(-)
+
+--- a/trunk/doc/xnbd-server.8.sgml
++++ b/trunk/doc/xnbd-server.8.sgml
+@@ -172,7 +172,7 @@
+         <term><option>--logpath <replaceable>FILE</replaceable></option>
+         </term>
+         <listitem>
+-          <para>Log informational messages to the given <replaceable>FILE</replaceable> if given. Defaults to <replaceable>/tmp/xnbd.log</replaceable></para>
++          <para>Log informational messages to the given <replaceable>FILE</replaceable> if given. Defaults to <replaceable>/var/log/xnbd-server.log</replaceable></para>
+         </listitem>
+       </varlistentry>
+ 
+--- a/trunk/doc/xnbd-wrapper.8.sgml
++++ b/trunk/doc/xnbd-wrapper.8.sgml
+@@ -126,7 +126,7 @@
+         <term><option>--logpath <replaceable>FILE</replaceable></option>
+         </term>
+         <listitem>
+-          <para>Log informational messages to the given <replaceable>FILE</replaceable> if given. Defaults to <replaceable>/tmp/xnbd.log</replaceable></para>
++          <para>Log informational messages to the given <replaceable>FILE</replaceable> if given. Defaults to <replaceable>/var/log/xnbd-wrapper.log</replaceable></para>
+         </listitem>
+       </varlistentry>
+ 
+--- a/trunk/xnbd_common.c
++++ b/trunk/xnbd_common.c
+@@ -197,9 +197,9 @@
+       return (unsigned long) nblocks64;
+ }
+ 
+-void redirect_stderr(const char *logfile)
++void redirect_stderr(const char *logfile, const char * default_logfile)
+ {
+-        int logfd = open(logfile ? logfile : DEFAULT_XNBDSERVER_LOGFILE,
++        int logfd = open(logfile ? logfile : default_logfile,
+                          O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR);
+         if (logfd < 0)
+                 err("open %s, %m", logfile);
+@@ -211,7 +211,7 @@
+         close(logfd);
+ }
+ 
+-void detach(const char *logpath)
++void detach(const char *logpath, const char * default_logpath)
+ {
+         close(STDIN_FILENO);
+ 
+@@ -224,9 +224,8 @@
+         close(devnull);
+ 
+         if(!logpath) {
+-                logpath = DEFAULT_XNBDSERVER_LOGFILE;
+-                info("logfile %s", logpath);
+-                redirect_stderr(logpath);
++                info("logfile %s", default_logpath);
++                redirect_stderr(NULL, default_logpath);
+         }
+ 
+         int ret = daemon(0, 1);
+--- a/trunk/xnbd_common.h
++++ b/trunk/xnbd_common.h
+@@ -1,9 +1,7 @@
+ #ifndef XNBD_COMMON_H
+ #define XNBD_COMMON_H
+ 
+-#define DEFAULT_XNBDSERVER_LOGFILE "/tmp/xnbd.log"
+-
+-void redirect_stderr(const char *logfile);
+-void detach(const char *logpath);
++void redirect_stderr(const char *logfile, const char * default_logfile);
++void detach(const char *logpath, const char * default_logpath);
+ 
+ #endif
+--- a/trunk/xnbd_server.c
++++ b/trunk/xnbd_server.c
+@@ -29,6 +29,7 @@
+ #include <netinet/ip.h>
+ 
+ 
++#define XNBD_SERVER_LOGFILE_DEFAULT "/var/log/xnbd-server.log"
+ 
+ 
+ 
+@@ -750,7 +751,7 @@
+   --lport     listen port (default 8520)\n\
+   --daemonize run as a daemon process\n\
+   --readonly  export a disk as readonly\n\
+-  --logpath   logfile (default /tmp/xnbd.log)\n\
++  --logpath   logfile (default /var/log/xnbd-server.log)\n\
+   --inetd     redirect stderr for running from inetd\n\
+ ";
+ 
+@@ -825,7 +826,7 @@
+       }
+ 
+       if (inetd)
+-              redirect_stderr(logpath);
++              redirect_stderr(logpath, XNBD_SERVER_LOGFILE_DEFAULT);
+ 
+       optind = 1;
+ 
+@@ -994,11 +995,11 @@
+ 
+       if (!inetd && logpath) {
+               info("logfile %s", logpath);
+-              redirect_stderr(logpath);
++              redirect_stderr(logpath, XNBD_SERVER_LOGFILE_DEFAULT);
+       }
+ 
+       if (daemonize)
+-              detach(logpath);
++              detach(logpath, XNBD_SERVER_LOGFILE_DEFAULT);
+ 
+ 
+       master_server(lport, (void *) &xnbd, connected_fd);
+--- a/trunk/xnbd_wrapper.c
++++ b/trunk/xnbd_wrapper.c
+@@ -27,6 +27,10 @@
+ #include <sys/signalfd.h>
+ #include <sys/epoll.h>
+ 
++
++#define XNBD_WRAPPER_LOGFILE_DEFAULT "/var/log/xnbd-wrapper.log"
++
++
+ /* static const int MAX_DISKIMG_NUM = 32; */
+ #define MAX_DISKIMG_NUM 32
+ 
+@@ -367,7 +371,7 @@
+                                      "  --xnbd-binary Path to xnbd-server (default: /usr/sbin/xnbd-server).\n"
+                                      "  --imgfile     Path to disk image file. This options can be used multiple times.\n"
+                                      "                You can also use xnbd-wrapper-ctl to (de)register disk images dynamically.\n"
+-                                     "  --logpath     logfile (default /tmp/xnbd.log)\n"
++                                     "  --logpath     logfile (default /var/log/xnbd-wrapper.log)\n"
+                                      "  --laddr       Listen address.\n"
+                                      "  --socket      Unix socket path to listen on (default: /tmp/xnbd_wrapper.ctl).\n"
+                                      "\n"
+@@ -405,12 +409,12 @@
+ 
+       if (logpath) {
+               info("logfile %s", logpath);
+-              redirect_stderr(logpath);
++              redirect_stderr(logpath, XNBD_WRAPPER_LOGFILE_DEFAULT);
+         }
+ 
+ 
+         if (daemonize)
+-              detach(logpath);
++              detach(logpath, XNBD_WRAPPER_LOGFILE_DEFAULT);
+ 
+ 
+       list_diskimg(&dsklist, stdout);
diff -Nru xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/series xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/series
--- xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/series      2012-04-26 18:25:04.000000000 +0200
+++ xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/series      2013-02-07 22:35:14.000000000 +0100
@@ -1,2 +1,4 @@
 fix-670521
 fix-xnbd-path
+spelling-fix.patch
+CVE-2013-0265.patch
diff -Nru xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/spelling-fix.patch xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/spelling-fix.patch
--- xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/spelling-fix.patch  1970-01-01 01:00:00.000000000 +0100
+++ xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/spelling-fix.patch  2012-10-31 01:00:51.000000000 +0100
@@ -0,0 +1,11 @@
+--- a/trunk/doc/xnbd-client.1.sgml
++++ b/trunk/doc/xnbd-client.1.sgml
+@@ -113,7 +113,7 @@
+ 
+ 
+       <varlistentry>
+-      <term><option>--block-size <replaceable>SIZE</replaceable></option></term>
++      <term><option>--blocksize <replaceable>SIZE</replaceable></option></term>
+       <listitem>
+         <para>Use the provided value as block size.
+           Default is 1024; allowed values are either 512, 1024, 2048 or 4096.



unblock xnbd/0.1.0-pre-hg20-e75b93a47722-3

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to:
Follow-Ups:
- Bug#700052: unblock: xnbd/0.1.0-pre-hg20-e75b93a47722-3
  - From: Julien Cristau <jcristau@debian.org>
- Bug#700052: marked as done (unblock: xnbd/0.1.0-pre-hg20-e75b93a47722-3)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
Prev by Date: Re: Unblock request for polarssl 1.1.4-2
Next by Date: Bug#697078: tpu: xdotool/1:2.20100701.2961-3+deb7u1
Previous by thread: Re: Unblock request for polarssl 1.1.4-2
Next by thread: Bug#700052: unblock: xnbd/0.1.0-pre-hg20-e75b93a47722-3
Index(es):
- Date
- Thread