--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package open-vm-tools
2:9.4.6-1770165-7 fixes CVE-2014-4199 / #770809
thanks,
bernd
unblock open-vm-tools/2:9.4.6-1770165-7
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
diff --git a/debian/changelog b/debian/changelog
index 89d3cb3..f6b5705 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+open-vm-tools (2:9.4.6-1770165-7) unstable; urgency=medium
+
+ * [8df5b4ac] Adding patch to fix CVE-2014-4199.
+ Thanks to Moritz Muehlenhoff (Closes: #770809)
+
+ -- Bernd Zeimetz <bzed@debian.org> Sat, 29 Nov 2014 15:57:20 +0100
+
open-vm-tools (2:9.4.6-1770165-6) unstable; urgency=medium
* [6b514014] Fix installation of systemd services.
diff --git a/debian/patches/debian/fix-CVE-2014-4199 b/debian/patches/debian/fix-CVE-2014-4199
new file mode 100644
index 0000000..3764b62
--- /dev/null
+++ b/debian/patches/debian/fix-CVE-2014-4199
@@ -0,0 +1,123 @@
+--- a/scripts/common/vm-support
++++ b/scripts/common/vm-support
+@@ -27,9 +27,7 @@ usage()
+ }
+
+
+-TARFILE=vm-`date +%Y-%m-%d`.$$.tar
+ VER=0.89
+-OUTPUT_DIR=vm-support.$$
+
+ # banner(): prints any number of strings padded with
+ # newlines before and after.
+@@ -83,7 +81,7 @@ checkOutputDir()
+ if [ $? != 0 ]; then
+ banner "Could not create ./${OUTPUT_DIR}$dir... " \
+ "Have you run out of disk space?" "Continuing"
+- return -1
++ return 1
+ fi
+ fi
+ return 0
+@@ -195,22 +193,20 @@ fi
+ # possible information leakage.
+ umask 0077
+
+-# Clear up temporary files if the process is killed midway.
+-trap "rm -rf ${OUTPUT_DIR}; exit 1" HUP INT QUIT TERM ABRT
+-
+-
+-# make a subdir to put all your files in. die if it does not create
+-mkdir $OUTPUT_DIR
+
++TARFILE=$(mktemp vm-$(date +%Y-%m-%d.XXXXXXXXXX).tar)
++OUTPUT_DIR=`mktemp -d`
+ if [ $? != 0 ]; then
+ error "Could not create ./${OUTPUT_DIR}. Please cd to a directory to which "
+- "you can write."
++ "you can write."
+ fi
++# Clear up temporary files if the process is killed midway.
++trap "chmod -R u+w ${OUTPUT_DIR}; rm -rf ${OUTPUT_DIR} ${TARFILE}; exit 1" HUP INT QUIT TERM ABRT
+
+ banner "Collecting support information..."
+
+ # Common stuff that we gather for all OSes.
+-runcmd "echo vm-support version: $VER" "/tmp/vm-support-version.$$.txt"
++runcmd "echo vm-support version: $VER" "/tmp/vm-support-version.txt"
+
+ addfiles /etc/vmware-tools
+ addfiles /var/log/boot*
+@@ -219,14 +215,14 @@ addfiles /var/log/messages*
+ addfiles /var/log/syslog*
+ addfiles /var/run/vmware-*
+
+-runcmd "df" "/tmp/df.$$.txt"
+-runcmd "ifconfig -a" "/tmp/ifconfig.$$.txt"
+-runcmd "mount" "/tmp/mount.$$.txt"
+-runcmd "dmesg" "/tmp/dmesg.$$.txt"
+-runcmd "ulimit -a" "/tmp/ulimit-a.$$.txt"
+-runcmd "uptime" "/tmp/uptime.$$.txt"
+-runcmd "date" "/tmp/date.$$.txt"
+-runcmd "umask" "/tmp/umask.$$.txt"
++runcmd "df" "/tmp/df.txt"
++runcmd "ifconfig -a" "/tmp/ifconfig.txt"
++runcmd "mount" "/tmp/mount.txt"
++runcmd "dmesg" "/tmp/dmesg.txt"
++runcmd "ulimit -a" "/tmp/ulimit-a.txt"
++runcmd "uptime" "/tmp/uptime.txt"
++runcmd "date" "/tmp/date.txt"
++runcmd "umask" "/tmp/umask.txt"
+
+
+ # stageLinux(): gather information for troubleshooting Linux guests.
+@@ -272,29 +268,29 @@ stageLinux()
+ addfile /proc/irq
+
+ # Commands to run ($1) and redirect to logs ($2) for inclusion.
+- runcmd "ps auwwx" "/tmp/ps-auwwx.$$.txt"
+- runcmd "lspci -H1 -M" "/tmp/lspci1.$$.txt"
+- runcmd "lspci -H1 -M -vn" "/tmp/lspci2.$$.txt"
+- runcmd "/sbin/lsmod" "/tmp/modules.$$.txt"
+- runcmd "uname -a" "/tmp/uname.$$.txt"
+- runcmd "cat /etc/issue" "/tmp/issue.$$.txt"
+- runcmd "rpm -qa" "/tmp/rpm-qa.$$.txt"
+- runcmd "netstat -lan" "/tmp/netstat-lan.$$.txt"
+- runcmd "route" "/tmp/route.$$.txt"
+- runcmd "free" "/tmp/free.$$.txt"
++ runcmd "ps auwwx" "/tmp/ps-auwwx.txt"
++ runcmd "lspci -H1 -M" "/tmp/lspci1.txt"
++ runcmd "lspci -H1 -M -vn" "/tmp/lspci2.txt"
++ runcmd "/sbin/lsmod" "/tmp/modules.txt"
++ runcmd "uname -a" "/tmp/uname.txt"
++ runcmd "cat /etc/issue" "/tmp/issue.txt"
++ runcmd "rpm -qa" "/tmp/rpm-qa.txt"
++ runcmd "netstat -lan" "/tmp/netstat-lan.txt"
++ runcmd "route" "/tmp/route.txt"
++ runcmd "free" "/tmp/free.txt"
+ }
+
+
+ # stageFreeBSD(): gather information for troubleshooting FreeBSD guests.
+ stageFreeBSD()
+ {
+- runcmd "ps auwwx" "/tmp/ps-auwwx.$$.txt"
++ runcmd "ps auwwx" "/tmp/ps-auwwx.txt"
+ }
+
+ # stageSolaris(): gather information for troubleshooting Solaris guests.
+ stageSolaris()
+ {
+- runcmd "ps eaf" "/tmp/ps-eaf.$$.txt"
++ runcmd "ps eaf" "/tmp/ps-eaf.txt"
+ }
+
+ case `uname` in
+@@ -336,6 +332,7 @@ if [ $? != 0 ]; then
+ fi
+
+ # Clean up temporary files
++chmod -R u+w $OUTPUT_DIR # needed if run as non-root user.
+ rm -rf $OUTPUT_DIR
+
+ if [ $? != 0 ]; then
diff --git a/debian/patches/series b/debian/patches/series
index 378a50e..bb3ff13 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -19,3 +19,4 @@ debian/0001-kvers.patch
debian/fix_debian_verison_recognition
debian/pam-use-common-auth-account
debian/max_nic_count
+debian/fix-CVE-2014-4199
--- End Message ---