Bug#697957: marked as done (unblock: connman/1.0-1.1)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 12 Jan 2013 11:48:32 +0000
with message-id <1357991312.32456.15.camel@jacala.jungle.funky-badger.org>
and subject line Re: Bug#697957: unblock: connman/1.0-1.1
has caused the Debian Bug report #697957,
regarding unblock: connman/1.0-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
697957: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697957
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: connman/1.0-1.1
• From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
• Date: Fri, 11 Jan 2013 23:59:44 +0100
• Message-id: <20130111225944.15509.20441.reportbug@localhost.localdomain>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package connman

connman/1.0-1.1 contains just one patch from upstream which fixes the
vulnerability CVE-2012-6459 [1]. I am attaching the debdiff.

Cheers,

Adrian

unblock connman/1.0-1.1

> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697580

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru connman-1.0/debian/changelog connman-1.0-CVE-2012-6459/debian/changelog
--- connman-1.0/debian/changelog	2012-05-25 04:27:50.000000000 +0200
+++ connman-1.0-CVE-2012-6459/debian/changelog	2013-01-09 15:34:04.186261911 +0100
@@ -1,3 +1,11 @@
+connman (1.0-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Include patch to fix bluetooth offline visibility
+    issue CVE-2012-6459 (Closes: #697580).
+
+ -- John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>  Wed, 09 Jan 2013 15:32:22 +0100
+
 connman (1.0-1) unstable; urgency=high
 
   [ Andrew Brouwers ]
diff -Nru connman-1.0/debian/patches/02-CVE-2012-6459.patch connman-1.0-CVE-2012-6459/debian/patches/02-CVE-2012-6459.patch
--- connman-1.0/debian/patches/02-CVE-2012-6459.patch	1970-01-01 01:00:00.000000000 +0100
+++ connman-1.0-CVE-2012-6459/debian/patches/02-CVE-2012-6459.patch	2013-01-09 15:31:58.677492862 +0100
@@ -0,0 +1,48 @@
+From 01126286f96856aab6b0de171830f4e8e842e1da Mon Sep 17 00:00:00 2001
+From: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
+Date: Thu, 9 Aug 2012 18:57:25 -0300
+Subject: [PATCH] bluetooth: Add device to hash before registration
+
+During the connman_device_register() procedure a lookup to the
+bluetooth_devices hash table happens, however the device is not on the
+hash at this point and the look out fails.
+
+If the registration fails, technology_disable() returns the Failed
+message on D-Bus with the error status zero. That happens because we
+don't have any device registered.
+
+This patch moves the insertion of the device to before the device
+registration.
+---
+ plugins/bluetooth.c |    5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/plugins/bluetooth.c b/plugins/bluetooth.c
+index b06460a..2ab29a6 100644
+--- a/plugins/bluetooth.c
++++ b/plugins/bluetooth.c
+@@ -660,6 +660,8 @@ static void adapter_properties_reply(DBusPendingCall *call, void *user_data)
+ 	if (device != NULL)
+ 		goto update;
+ 
++	g_hash_table_insert(bluetooth_devices, g_strdup(path), device);
++
+ 	ether_aton_r(address, &addr);
+ 
+ 	snprintf(ident, 13, "%02x%02x%02x%02x%02x%02x",
+@@ -680,11 +682,10 @@ static void adapter_properties_reply(DBusPendingCall *call, void *user_data)
+ 
+ 	if (connman_device_register(device) < 0) {
+ 		connman_device_unref(device);
++		g_hash_table_remove(bluetooth_devices, path);
+ 		goto done;
+ 	}
+ 
+-	g_hash_table_insert(bluetooth_devices, g_strdup(path), device);
+-
+ update:
+ 	connman_device_set_string(device, "Address", address);
+ 	connman_device_set_string(device, "Name", name);
+-- 
+1.7.7.6
+
diff -Nru connman-1.0/debian/patches/series connman-1.0-CVE-2012-6459/debian/patches/series
--- connman-1.0/debian/patches/series	2012-05-25 04:27:50.000000000 +0200
+++ connman-1.0-CVE-2012-6459/debian/patches/series	2013-01-09 15:32:17.892998525 +0100
@@ -1 +1,2 @@
 01-init-script-lsb-headers.patch
+02-CVE-2012-6459.patch

--- End Message ---

--- Begin Message ---

• To: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>, 697957-done@bugs.debian.org
• Subject: Re: Bug#697957: unblock: connman/1.0-1.1
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Sat, 12 Jan 2013 11:48:32 +0000
• Message-id: <1357991312.32456.15.camel@jacala.jungle.funky-badger.org>
• In-reply-to: <20130111225944.15509.20441.reportbug@localhost.localdomain>
• References: <20130111225944.15509.20441.reportbug@localhost.localdomain>

On Fri, 2013-01-11 at 23:59 +0100, John Paul Adrian Glaubitz wrote:
> connman/1.0-1.1 contains just one patch from upstream which fixes the
> vulnerability CVE-2012-6459 [1]. I am attaching the debdiff.

Unblocked; thanks.

Regards,

Adam

--- End Message ---