Bug#771445: marked as done (unblock: open-vm-tools/2:9.4.6-1770165-7)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 29 Nov 2014 18:07:18 +0100
with message-id <5479FD46.7080609@thykier.net>
and subject line Re: Bug#771445: unblock: open-vm-tools/2:9.4.6-1770165-7
has caused the Debian Bug report #771445,
regarding unblock: open-vm-tools/2:9.4.6-1770165-7
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
771445: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771445
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: open-vm-tools/2:9.4.6-1770165-7
• From: Bernd Zeimetz <bzed@debian.org>
• Date: Sat, 29 Nov 2014 17:59:42 +0100
• Message-id: <[🔎] 20141129165942.27105.28625.reportbug@think.bzed.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package open-vm-tools

2:9.4.6-1770165-7 fixes CVE-2014-4199 / #770809

thanks,

bernd


unblock open-vm-tools/2:9.4.6-1770165-7


-- 
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

diff --git a/debian/changelog b/debian/changelog
index 89d3cb3..f6b5705 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+open-vm-tools (2:9.4.6-1770165-7) unstable; urgency=medium
+
+  * [8df5b4ac] Adding patch to fix CVE-2014-4199.
+    Thanks to Moritz Muehlenhoff (Closes: #770809)
+
+ -- Bernd Zeimetz <bzed@debian.org>  Sat, 29 Nov 2014 15:57:20 +0100
+
 open-vm-tools (2:9.4.6-1770165-6) unstable; urgency=medium
 
   * [6b514014] Fix installation of systemd services.
diff --git a/debian/patches/debian/fix-CVE-2014-4199 b/debian/patches/debian/fix-CVE-2014-4199
new file mode 100644
index 0000000..3764b62
--- /dev/null
+++ b/debian/patches/debian/fix-CVE-2014-4199
@@ -0,0 +1,123 @@
+--- a/scripts/common/vm-support
++++ b/scripts/common/vm-support
+@@ -27,9 +27,7 @@ usage()
+ }
+ 
+ 
+-TARFILE=vm-`date +%Y-%m-%d`.$$.tar
+ VER=0.89
+-OUTPUT_DIR=vm-support.$$
+ 
+ # banner(): prints any number of strings padded with
+ # newlines before and after.
+@@ -83,7 +81,7 @@ checkOutputDir()
+       if [ $? != 0 ]; then
+          banner "Could not create ./${OUTPUT_DIR}$dir... " \
+                 "Have you run out of disk space?" "Continuing"
+-         return -1
++         return 1
+       fi
+    fi
+    return 0
+@@ -195,22 +193,20 @@ fi
+ # possible information leakage.
+ umask 0077
+ 
+-# Clear up temporary files if the process is killed midway.
+-trap "rm -rf ${OUTPUT_DIR}; exit 1" HUP INT QUIT TERM ABRT
+-
+-
+-#	make a subdir to put all your files in.  die if it does not create
+-mkdir $OUTPUT_DIR
+ 
++TARFILE=$(mktemp vm-$(date +%Y-%m-%d.XXXXXXXXXX).tar)
++OUTPUT_DIR=`mktemp -d`
+ if [ $? != 0 ]; then
+ 	error "Could not create ./${OUTPUT_DIR}. Please cd to a directory to which "
+-	      "you can write."
++        "you can write."
+ fi
++# Clear up temporary files if the process is killed midway.
++trap "chmod -R u+w ${OUTPUT_DIR}; rm -rf ${OUTPUT_DIR} ${TARFILE}; exit 1" HUP INT QUIT TERM ABRT
+ 
+ banner "Collecting support information..."
+ 
+ # Common stuff that we gather for all OSes.
+-runcmd "echo vm-support version: $VER" "/tmp/vm-support-version.$$.txt"
++runcmd "echo vm-support version: $VER" "/tmp/vm-support-version.txt"
+ 
+ addfiles /etc/vmware-tools
+ addfiles /var/log/boot*
+@@ -219,14 +215,14 @@ addfiles /var/log/messages*
+ addfiles /var/log/syslog*
+ addfiles /var/run/vmware-*
+ 
+-runcmd "df" "/tmp/df.$$.txt"
+-runcmd "ifconfig -a" "/tmp/ifconfig.$$.txt"
+-runcmd "mount" "/tmp/mount.$$.txt"
+-runcmd "dmesg" "/tmp/dmesg.$$.txt"
+-runcmd "ulimit -a" "/tmp/ulimit-a.$$.txt"
+-runcmd "uptime" "/tmp/uptime.$$.txt"
+-runcmd "date" "/tmp/date.$$.txt"
+-runcmd "umask" "/tmp/umask.$$.txt"
++runcmd "df" "/tmp/df.txt"
++runcmd "ifconfig -a" "/tmp/ifconfig.txt"
++runcmd "mount" "/tmp/mount.txt"
++runcmd "dmesg" "/tmp/dmesg.txt"
++runcmd "ulimit -a" "/tmp/ulimit-a.txt"
++runcmd "uptime" "/tmp/uptime.txt"
++runcmd "date" "/tmp/date.txt"
++runcmd "umask" "/tmp/umask.txt"
+ 
+ 
+ # stageLinux(): gather information for troubleshooting Linux guests.
+@@ -272,29 +268,29 @@ stageLinux()
+    addfile /proc/irq
+ 
+    # Commands to run ($1) and redirect to logs ($2) for inclusion.
+-   runcmd "ps auwwx" "/tmp/ps-auwwx.$$.txt"
+-   runcmd "lspci -H1 -M" "/tmp/lspci1.$$.txt"
+-   runcmd "lspci -H1 -M -vn" "/tmp/lspci2.$$.txt"
+-   runcmd "/sbin/lsmod" "/tmp/modules.$$.txt"
+-   runcmd "uname -a" "/tmp/uname.$$.txt"
+-   runcmd "cat /etc/issue" "/tmp/issue.$$.txt"
+-   runcmd "rpm -qa" "/tmp/rpm-qa.$$.txt"
+-   runcmd "netstat -lan" "/tmp/netstat-lan.$$.txt"
+-   runcmd "route" "/tmp/route.$$.txt"
+-   runcmd "free" "/tmp/free.$$.txt"
++   runcmd "ps auwwx" "/tmp/ps-auwwx.txt"
++   runcmd "lspci -H1 -M" "/tmp/lspci1.txt"
++   runcmd "lspci -H1 -M -vn" "/tmp/lspci2.txt"
++   runcmd "/sbin/lsmod" "/tmp/modules.txt"
++   runcmd "uname -a" "/tmp/uname.txt"
++   runcmd "cat /etc/issue" "/tmp/issue.txt"
++   runcmd "rpm -qa" "/tmp/rpm-qa.txt"
++   runcmd "netstat -lan" "/tmp/netstat-lan.txt"
++   runcmd "route" "/tmp/route.txt"
++   runcmd "free" "/tmp/free.txt"
+ }
+ 
+ 
+ # stageFreeBSD(): gather information for troubleshooting FreeBSD guests.
+ stageFreeBSD()
+ {
+-   runcmd "ps auwwx" "/tmp/ps-auwwx.$$.txt"
++   runcmd "ps auwwx" "/tmp/ps-auwwx.txt"
+ }
+ 
+ # stageSolaris(): gather information for troubleshooting Solaris guests.
+ stageSolaris()
+ {
+-   runcmd "ps eaf" "/tmp/ps-eaf.$$.txt"
++   runcmd "ps eaf" "/tmp/ps-eaf.txt"
+ }
+ 
+ case `uname` in
+@@ -336,6 +332,7 @@ if [ $? != 0 ]; then
+ fi
+ 
+ #	Clean up temporary files
++chmod -R u+w $OUTPUT_DIR # needed if run as non-root user.
+ rm -rf $OUTPUT_DIR
+ 
+ if [ $? != 0 ]; then
diff --git a/debian/patches/series b/debian/patches/series
index 378a50e..bb3ff13 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -19,3 +19,4 @@ debian/0001-kvers.patch
 debian/fix_debian_verison_recognition
 debian/pam-use-common-auth-account
 debian/max_nic_count
+debian/fix-CVE-2014-4199

--- End Message ---

--- Begin Message ---

• To: Bernd Zeimetz <bzed@debian.org>, 771445-done@bugs.debian.org
• Subject: Re: Bug#771445: unblock: open-vm-tools/2:9.4.6-1770165-7
• From: Niels Thykier <niels@thykier.net>
• Date: Sat, 29 Nov 2014 18:07:18 +0100
• Message-id: <5479FD46.7080609@thykier.net>
• In-reply-to: <[🔎] 20141129165942.27105.28625.reportbug@think.bzed.org>
• References: <[🔎] 20141129165942.27105.28625.reportbug@think.bzed.org>

On 2014-11-29 17:59, Bernd Zeimetz wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package open-vm-tools
> 
> 2:9.4.6-1770165-7 fixes CVE-2014-4199 / #770809
> 
> thanks,
> 
> bernd
> 
> 
> unblock open-vm-tools/2:9.4.6-1770165-7
> 
> 


Unblocked, thanks.

~Niels

--- End Message ---