Bug#698502: marked as done (pu: glusterfs/3.2.7-3+deb7u1)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 29 Sep 2013 23:09:08 +0200
with message-id <20130929210907.GB21946@mraw.org>
and subject line Re: Bug#698502: unblock: glusterfs/3.2.7-4
has caused the Debian Bug report #698502,
regarding pu: glusterfs/3.2.7-3+deb7u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
698502: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698502
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: glusterfs/3.2.7-4
• From: Patrick Matthäi <pmatthaei@debian.org>
• Date: Sat, 19 Jan 2013 14:27:47 +0100
• Message-id: <20130119132747.23070.71586.reportbug@srv1.linux-dev.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package glusterfs

It fixes the security bug #693112 aka CVE-2012-4417.



diff -Naur '--exclude=.svn' 3.2.7-3/debian/changelog 3.2.7-4/debian/changelog
--- 3.2.7-3/debian/changelog    2012-11-12 20:37:46.218864002 +0100
+++ 3.2.7-4/debian/changelog    2013-01-19 14:10:01.323965193 +0100
@@ -1,3 +1,12 @@
+glusterfs (3.2.7-4) unstable; urgency=medium
+
+  * Add backported upstream patch 04-CVE-2012-4417 to fix CVE-2012-4417:
+    glusterfs allows local users to overwrite arbitrary files via a symlink
+    attack on temporary files with predictable names.
+    Closes: #693112
+
+ -- Patrick Matthäi <pmatthaei@debian.org>  Sat, 19 Jan 2013 13:53:18 +0100
+
 glusterfs (3.2.7-3) unstable; urgency=low
 
   * Remove duplicated and faulty call of the glusterd daemon from the init
diff -Naur '--exclude=.svn' 3.2.7-3/debian/patches/04-CVE-2012-4417.diff 3.2.7-4/debian/patches/04-CVE-2012-4417.diff
--- 3.2.7-3/debian/patches/04-CVE-2012-4417.diff        1970-01-01 01:00:00.000000000 +0100
+++ 3.2.7-4/debian/patches/04-CVE-2012-4417.diff        2013-01-19 14:10:01.323965193 +0100
@@ -0,0 +1,121 @@
+# Backported upstream patch to fix CVE-2012-4417:
+# GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to
+# overwrite arbitrary files via a symlink attack on temporary files with
+# predictable names.
+# Closes: #693112
+
+diff -Naur glusterfs-3.2.7.orig/libglusterfs/src/common-utils.h glusterfs-3.2.7/libglusterfs/src/common-utils.h
+--- glusterfs-3.2.7.orig/libglusterfs/src/common-utils.h       2012-06-10 19:44:15.000000000 +0200
++++ glusterfs-3.2.7/libglusterfs/src/common-utils.h    2013-01-19 13:49:26.415982036 +0100
+@@ -134,6 +134,16 @@
+                 }                                                       \
+       } while (0);
+ 
++#define GF_REMOVE_SLASH_FROM_PATH(path, string)                         \
++        do {                                                            \
++                int i = 0;                                              \
++                for (i = 1; i < strlen (path); i++) {                   \
++                        string[i-1] = path[i];                          \
++                        if (string[i-1] == '/')                         \
++                                string[i-1] = '-';                      \
++                }                                                       \
++        } while (0)
++
+ #define GF_FILE_CONTENT_REQUESTED(_xattr_req,_content_limit) \
+       (dict_get_uint64 (_xattr_req, "glusterfs.content", _content_limit) == 0)
+ 
+diff -Naur glusterfs-3.2.7.orig/libglusterfs/src/statedump.c glusterfs-3.2.7/libglusterfs/src/statedump.c
+--- glusterfs-3.2.7.orig/libglusterfs/src/statedump.c  2012-06-10 19:44:15.000000000 +0200
++++ glusterfs-3.2.7/libglusterfs/src/statedump.c       2013-01-19 13:49:26.415982036 +0100
+@@ -62,15 +62,11 @@
+ 
+ 
+ static int
+-gf_proc_dump_open (void)
++gf_proc_dump_open (char *tmpname)
+ {
+-        char path[256];
+         int  dump_fd = -1;
+ 
+-        memset (path, 0, sizeof (path));
+-        snprintf (path, sizeof (path), "%s.%d", GF_DUMP_LOGFILE_ROOT, getpid ());
+-
+-        dump_fd = open (path, O_CREAT|O_RDWR|O_TRUNC|O_APPEND, 0600);
++        dump_fd = mkstemp (tmpname);
+         if (dump_fd < 0)
+                 return -1;
+ 
+@@ -408,12 +404,13 @@
+ void
+ gf_proc_dump_info (int signum)
+ {
+-        int               ret = -1;
+-        glusterfs_ctx_t   *ctx = NULL;
+-
++        int                   ret = -1;
++        glusterfs_ctx_t      *ctx = NULL;
++        char brick_name[PATH_MAX] = {0,};
++        char      tmp_dump_name[] = "/tmp/dumpXXXXXX";
++        char       path[PATH_MAX] = {0,};
+ 
+         gf_proc_dump_lock ();
+-        ret = gf_proc_dump_open ();
+         if (ret < 0)
+                 goto out;
+ 
+@@ -422,23 +419,32 @@
+         if (ret < 0)
+                 goto out;
+ 
+-        if (GF_PROC_DUMP_IS_OPTION_ENABLED (mem))
+-                gf_proc_dump_mem_info ();
+-
+         ctx = glusterfs_ctx_get ();
+ 
+-        if (ctx) {
+-                if (GF_PROC_DUMP_IS_OPTION_ENABLED (iobuf))
+-                        iobuf_stats_dump (ctx->iobuf_pool);
+-                if (GF_PROC_DUMP_IS_OPTION_ENABLED (callpool))
+-                        gf_proc_dump_pending_frames (ctx->pool);
+-                if (ctx->active)
+-                        gf_proc_dump_xlator_info (ctx->active->top);
++        if (!ctx)
++                goto out;
+ 
+-        }
++        if (ctx->cmd_args.brick_name) {
++                GF_REMOVE_SLASH_FROM_PATH (ctx->cmd_args.brick_name, brick_name);
++        } else
++                strncpy (brick_name, "glusterdump", sizeof (brick_name));
++
++        snprintf (path, sizeof path, "%s/%s.%d.dump.%"PRIu64, "/tmp",
++                  brick_name, getpid(), (uint64_t) time (NULL));
++
++        ret = gf_proc_dump_open (tmp_dump_name);
++        if (GF_PROC_DUMP_IS_OPTION_ENABLED (mem))
++                gf_proc_dump_mem_info ();
++        if (GF_PROC_DUMP_IS_OPTION_ENABLED (iobuf))
++                iobuf_stats_dump (ctx->iobuf_pool);
++        if (GF_PROC_DUMP_IS_OPTION_ENABLED (callpool))
++                gf_proc_dump_pending_frames (ctx->pool);
++        if (ctx->active)
++                gf_proc_dump_xlator_info (ctx->active->top);
+ 
+         gf_proc_dump_close ();
+ out:
++        rename (tmp_dump_name, path);
+         gf_proc_dump_unlock ();
+ 
+         return;
+diff -Naur glusterfs-3.2.7.orig/xlators/mgmt/glusterd/src/glusterd-utils.c glusterfs-3.2.7/xlators/mgmt/glusterd/src/glusterd-utils.c
+--- glusterfs-3.2.7.orig/xlators/mgmt/glusterd/src/glusterd-utils.c    2012-06-10 19:44:17.000000000 +0200
++++ glusterfs-3.2.7/xlators/mgmt/glusterd/src/glusterd-utils.c 2013-01-19 13:49:26.415982036 +0100
+@@ -63,7 +63,7 @@
+ #define MOUNTV3_VERSION 3
+ #define MOUNTV1_VERSION 1
+ 
+-char    *glusterd_sock_dir = "/tmp";
++char    *glusterd_sock_dir = "/var/run";
+ static glusterd_lock_t lock;
+ 
+ static int32_t
diff -Naur '--exclude=.svn' 3.2.7-3/debian/patches/series 3.2.7-4/debian/patches/series
--- 3.2.7-3/debian/patches/series       2012-11-12 20:37:46.218864002 +0100
+++ 3.2.7-4/debian/patches/series       2013-01-19 14:10:01.323965193 +0100
@@ -1,3 +1,4 @@
 01-manpage-errors.diff
 02-spelling-error.diff
 03-glusterd-crash-gcc-optimizations.diff
+04-CVE-2012-4417.diff


unblock glusterfs/3.2.7-4

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

• To: 698502-done@bugs.debian.org
• Cc: pmatthaei@debian.org, Moritz Mühlenhoff <jmm@inutil.org>, kkeithle@redhat.com
• Subject: Re: Bug#698502: unblock: glusterfs/3.2.7-4
• From: Cyril Brulebois <kibi@debian.org>
• Date: Sun, 29 Sep 2013 23:09:08 +0200
• Message-id: <20130929210907.GB21946@mraw.org>
• In-reply-to: <1367435693.28602.23.camel@jacala.jungle.funky-badger.org>
• References: <20130119132747.23070.71586.reportbug@srv1.linux-dev.org> <20130119171426.GM5676@radis.cristau.org> <510248B9.6020907@debian.org> <20130125123950.GA30302@crater1.logilab.fr> <20130203215537.GA7759@pisco.westfalen.local> <5116DAC7.5010807@debian.org> <1367435693.28602.23.camel@jacala.jungle.funky-badger.org>

Adam D. Barratt <adam@adam-barratt.org.uk> (2013-05-01):
> user release.debian.org@packages.debian.org
> usertags 698502 = pu
> retitle 698502 pu: glusterfs/3.2.7-3+deb7u1
> thanks
> 
> On Sun, 2013-02-10 at 00:24 +0100, Patrick Matthäi wrote:
> > Upstream just said these days, that the HEAD fix may also be 
> > unsecure/incomplete/broken/whatever, if this patch is not QA acceptable.
> > 
> > Also some gluterfs developers stated, that they have not got the time 
> > for working on this issue and that "people seeing problems" may fix it 
> > better.
> 
> I think it's clear at this point that we won't be accepting the current
> package for the release. Let's look at it again afterwards to see if we
> can fix it via a point release.

We received no further input and last message from Patrick suggested
upstream support wasn't going to happen; besides, we accepted an updated
package already for different reasons (kernel compatibility). I don't
see a reason for this pu request to be kept open, so closing now.

Mraw,
KiBi.

Attachment: signature.asc
Description: Digital signature

--- End Message ---