[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#858782: marked as done (unblock: firebird3.0/3.0.1.32609.ds4-14)

Your message dated Sun, 26 Mar 2017 18:37:00 +0000
with message-id <ce1ee24d-f187-1cda-da8b-8cb9b981f0ab@thykier.net>
and subject line Re: Bug#858782: unblock: firebird3.0/3.0.1.32609.ds4-14
has caused the Debian Bug report #858782,
regarding unblock: firebird3.0/3.0.1.32609.ds4-14
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
858782: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858782
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package firebird3.0

Changelog since 3.0.1.32609.ds4-13 (currently in testing):

firebird3.0 (3.0.1.32609.ds4-14) unstable; urgency=high

  * Apply commit 56e9a73c168 from upstream B3_0_Release branch
    fixing authenticated remote execution vulnerability (CVE-2017-6369,
    CORE-5474)
    Closes: #858644

Binary and source debdiffs attached.

unblock firebird3.0/3.0.1.32609.ds4-14

diff -Nru firebird3.0-3.0.1.32609.ds4/debian/changelog firebird3.0-3.0.1.32609.ds4/debian/changelog
--- firebird3.0-3.0.1.32609.ds4/debian/changelog	2017-01-14 17:56:28.000000000 +0200
+++ firebird3.0-3.0.1.32609.ds4/debian/changelog	2017-03-25 18:07:07.000000000 +0200
@@ -1,3 +1,12 @@
+firebird3.0 (3.0.1.32609.ds4-14) unstable; urgency=high
+
+  * Apply commit 56e9a73c168 from upstream B3_0_Release branch
+    fixing authenticated remote execution vulnerability (CVE-2017-6369,
+    CORE-5474)
+    Closes: #858644
+
+ -- Damyan Ivanov <dmn@debian.org>  Sat, 25 Mar 2017 16:07:07 +0000
+
 firebird3.0 (3.0.1.32609.ds4-13) unstable; urgency=medium
 
   * Add Danish debconf translation by Joe Dalton (Closes: #850854)
diff -Nru firebird3.0-3.0.1.32609.ds4/debian/patches/series firebird3.0-3.0.1.32609.ds4/debian/patches/series
--- firebird3.0-3.0.1.32609.ds4/debian/patches/series	2017-01-14 17:56:28.000000000 +0200
+++ firebird3.0-3.0.1.32609.ds4/debian/patches/series	2017-03-25 17:54:15.000000000 +0200
@@ -1,4 +1,5 @@
 upstream/engine-unload-segfault.patch
+upstream/CORE-5474-remote-execution.patch
 out/obsolete-syslogd.target.patch
 out/honour-buildflags.patch
 out/no-copy-from-icu.patch
diff -Nru firebird3.0-3.0.1.32609.ds4/debian/patches/upstream/CORE-5474-remote-execution.patch firebird3.0-3.0.1.32609.ds4/debian/patches/upstream/CORE-5474-remote-execution.patch
--- firebird3.0-3.0.1.32609.ds4/debian/patches/upstream/CORE-5474-remote-execution.patch	1970-01-01 02:00:00.000000000 +0200
+++ firebird3.0-3.0.1.32609.ds4/debian/patches/upstream/CORE-5474-remote-execution.patch	2017-03-25 17:53:40.000000000 +0200
@@ -0,0 +1,81 @@
+56e9a73c16803c3544076edb2d6c4ca25815e541 Backported fix for CORE-5474: 'Restrict UDF' is not effective, because fbudf.so is dynamically linked against libc
+diff --git a/src/common/os/mod_loader.h b/src/common/os/mod_loader.h
+index b27d35630d..b57af4ac9f 100644
+--- a/src/common/os/mod_loader.h
++++ b/src/common/os/mod_loader.h
+@@ -70,23 +70,15 @@ public:
+ 		/// Destructor
+ 		virtual ~Module() {}
+ 
+-#ifdef WIN_NT
+ 		const Firebird::PathName fileName;
+-#endif
+ 
+ 	protected:
+ 		/// The constructor is protected so normal code can't allocate instances
+ 		/// of the class, but the class itself is still able to be subclassed.
+-#ifdef WIN_NT
+ 		Module(MemoryPool& pool, const Firebird::PathName& aFileName)
+ 			: fileName(pool, aFileName)
+ 		{
+ 		}
+-#else
+-		Module()
+-		{
+-		}
+-#endif
+ 
+ 	private:
+ 		/// Copy construction is not supported, hence the copy constructor is private
+diff --git a/src/common/os/posix/mod_loader.cpp b/src/common/os/posix/mod_loader.cpp
+index a03c3065bc..2b42c59a5c 100644
+--- a/src/common/os/posix/mod_loader.cpp
++++ b/src/common/os/posix/mod_loader.cpp
+@@ -27,6 +27,7 @@
+ 
+ #include "firebird.h"
+ #include "../common/os/mod_loader.h"
++#include "../common/os/path_utils.h"
+ #ifdef HAVE_UNISTD_H
+ #include <unistd.h>
+ #endif
+@@ -39,8 +40,9 @@
+ class DlfcnModule : public ModuleLoader::Module
+ {
+ public:
+-	DlfcnModule(void* m)
+-		: module(m)
++	DlfcnModule(MemoryPool& pool, const Firebird::PathName& aFileName, void* m)
++		: ModuleLoader::Module(pool, aFileName),
++		  module(m)
+ 	{}
+ 
+ 	~DlfcnModule();
+@@ -104,7 +106,7 @@ ModuleLoader::Module* ModuleLoader::loadModule(const Firebird::PathName& modPath
+ 	system(command.c_str());
+ #endif
+ 
+-	return FB_NEW_POOL(*getDefaultMemoryPool()) DlfcnModule(module);
++	return FB_NEW_POOL(*getDefaultMemoryPool()) DlfcnModule(*getDefaultMemoryPool(), modPath, module);
+ }
+ 
+ DlfcnModule::~DlfcnModule()
+@@ -122,6 +124,18 @@ void* DlfcnModule::findSymbol(const Firebird::string& symName)
+ 
+ 		result = dlsym(module, newSym.c_str());
+ 	}
++
++#ifdef HAVE_DLADDR
++	if (!PathUtils::isRelative(fileName))
++	{
++		Dl_info info;
++		if (!dladdr(result, &info))
++			return NULL;
++		if (fileName != info.dli_fname)
++			return NULL;
++	}
++#endif
++
+ 	return result;
+ }
+ 

[The following lists of changes regard files as different if they have
different names, permissions or owners.]

Files in second .changes but not in first
-----------------------------------------
-rw-r--r--  root/root   /usr/lib/debug/.build-id/0e/1030fbf8dc2030144882fb090405d3f7445a88.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/25/26d884a03a897414ddc119495a8272e0badc4e.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/25/4d0e1c45debc6abdbc915669347a8d5c41d2ee.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/3a/cd69f8972e1784250ad9c7ffbdfa076ec29a8f.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/43/b6efe476c4c5489438c808ceac3b3fc73a4be9.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/51/913a1b8f3d8fc3b95b1133153b3b95e1e802ed.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/a7/62efdf428daeced2f769986a9fb7b5fe758745.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/aa/c82d7c9cc832d7bbe15931e59f30bde437cd2e.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/b3/283cc5c2f69cfc0676a761be9c6e8e729e294e.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/b9/f3f652689dd0027df979dbd3b2461c02cee7ee.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/c7/9c4cb9e1327a84d73ab799f24d0f1860040abc.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/d0/8fcae651e574ab3a7765c9846e6b34d1e60a1a.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/e3/43ca492172fe1d8c426174bd2f708e956c79b6.debug

Files in first .changes but not in second
-----------------------------------------
-rw-r--r--  root/root   /usr/lib/debug/.build-id/07/330f263bd6a4bfaaa9e596d94a350b58465fd2.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/42/0705865d45ef8ee44df021faebd2d5dbaf367f.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/44/adc09d84064fce6502bde9515aa76575bf3e23.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/62/a96dd1bf3349d78f45438e7e70052d3a8ea272.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/71/46d417b22d8ac85fa1166611891d13bd7cf228.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/a8/a7f2bc90f8ca9c004cfdda82cff99f1365de1a.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/b5/6ff25a3b0eac3ef301a647477f6ef8ab74952a.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/c2/c6ee2e36a33063945824150c9b470e3effe8b6.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/c8/67e4ea4ebddc6efebc80de017059a697d7cd25.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/d4/d2c2d252df9afb1945846af9f2d00a5c58b0a1.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/e7/61857bfe340da61e0253c327513ce8eb7b0f9f.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/f3/7662896c4906590aa01b71d7a4278c94b24c9e.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/fb/cd2c875f651cdfd245659faa007db69d81685a.debug

Control files of package firebird-dev: lines which differ (wdiff format)
------------------------------------------------------------------------
Depends: libfbclient2 (>= [-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} libib-util (>= [-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package firebird3.0-common: lines which differ (wdiff format)
------------------------------------------------------------------------------
Depends: firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package firebird3.0-common-doc: lines which differ (wdiff format)
----------------------------------------------------------------------------------
Installed-Size: [-178-] {+179+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package firebird3.0-doc: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package firebird3.0-examples: lines which differ (wdiff format)
--------------------------------------------------------------------------------
Depends: firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package firebird3.0-server: lines which differ (wdiff format)
------------------------------------------------------------------------------
Depends: adduser, libc6 (>= 2.17), libfbclient2 (>= 3.0.0~svn20110219r52404.ds3), libgcc1 (>= 1:3.0), libncurses5 (>= 6), libstdc++6 (>= 4.1.1), libtinfo5 (>= 6), libtommath1, firebird3.0-common (= [-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} firebird3.0-server-core (= [-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} firebird3.0-utils (= [-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} lsb-base (>= 3.0-6), debconf (>= 1.4.69), init-system-helpers (>= 1.18~), firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package firebird3.0-server-core: lines which differ (wdiff format)
-----------------------------------------------------------------------------------
Depends: libc6 (>= 2.17), libfbclient2 (>= 3.0.0~svn20110219r52404.ds3), libgcc1 (>= 1:3.0), libib-util (>= 2.5.0.23247~Beta1.ds2), libncurses5 (>= 6), libstdc++6 (>= 4.1.1), libtinfo5 (>= 6), libtommath1, firebird3.0-common (= [-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Installed-Size: [-9434-] {+9438+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package firebird3.0-server-core-dbgsym: lines which differ (wdiff format)
------------------------------------------------------------------------------------------
Build-Ids: [-07330f263bd6a4bfaaa9e596d94a350b58465fd2-] {+2526d884a03a897414ddc119495a8272e0badc4e+} 3359b2dd874e8f2e71e45d725bfab92bec11d1b7 {+51913a1b8f3d8fc3b95b1133153b3b95e1e802ed+} 5cf6ce74c1c61eb719ea59d1adcf674e41162067 [-62a96dd1bf3349d78f45438e7e70052d3a8ea272-] 7986b79b8482b25799ae5979ccf04e268eaf47f0 [-c2c6ee2e36a33063945824150c9b470e3effe8b6 e761857bfe340da61e0253c327513ce8eb7b0f9f f37662896c4906590aa01b71d7a4278c94b24c9e fbcd2c875f651cdfd245659faa007db69d81685a-] {+a762efdf428daeced2f769986a9fb7b5fe758745 aac82d7c9cc832d7bbe15931e59f30bde437cd2e c79c4cb9e1327a84d73ab799f24d0f1860040abc e343ca492172fe1d8c426174bd2f708e956c79b6+}
Depends: firebird3.0-server-core (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Installed-Size: [-46624-] {+46631+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package firebird3.0-server-dbgsym: lines which differ (wdiff format)
-------------------------------------------------------------------------------------
Build-Ids: 104955183697b0906380698ae585af83082b0f65 [-a8a7f2bc90f8ca9c004cfdda82cff99f1365de1a c867e4ea4ebddc6efebc80de017059a697d7cd25-] {+3acd69f8972e1784250ad9c7ffbdfa076ec29a8f d08fcae651e574ab3a7765c9846e6b34d1e60a1a+} ffcfa0b3b83b7b300ad7375331c8f164229588f6
Depends: firebird3.0-server (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Installed-Size: [-5739-] {+5742+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package firebird3.0-utils: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Depends: libc6 (>= 2.17), libedit2 (>= 2.11-20080614), libfbclient2 (>= 3.0.0~svn20110219r52404.ds3), libgcc1 (>= 1:3.0), libncurses5 (>= 6), libstdc++6 (>= 4.1.1), libtinfo5 (>= 6), libtommath1, firebird3.0-common (= [-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package firebird3.0-utils-dbgsym: lines which differ (wdiff format)
------------------------------------------------------------------------------------
Build-Ids: [-44adc09d84064fce6502bde9515aa76575bf3e23-] {+0e1030fbf8dc2030144882fb090405d3f7445a88 254d0e1c45debc6abdbc915669347a8d5c41d2ee 43b6efe476c4c5489438c808ceac3b3fc73a4be9+} 6a2a5fff04a1340e3917572e49bc6e6bda296c9e [-7146d417b22d8ac85fa1166611891d13bd7cf228-] a0bc7dfe3c6ba175ce9df5db3c5ae98049ee2a6c [-b56ff25a3b0eac3ef301a647477f6ef8ab74952a-] {+b3283cc5c2f69cfc0676a761be9c6e8e729e294e+} d2d1f584022944f85e91e0c8118130c0597fa44c [-d4d2c2d252df9afb1945846af9f2d00a5c58b0a1-] d5cdce411d259abb900d2810dcec7c3b7c83d1d5
Depends: firebird3.0-utils (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Installed-Size: [-11490-] {+11492+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package libfbclient2: lines which differ (wdiff format)
------------------------------------------------------------------------
Depends: libc6 (>= 2.17), libgcc1 (>= 1:3.0), libncurses5 (>= 6), libstdc++6 (>= 4.1.1), libtinfo5 (>= 6), libtommath1, firebird3.0-common (= [-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package libfbclient2-dbgsym: lines which differ (wdiff format)
-------------------------------------------------------------------------------
Build-Ids: [-420705865d45ef8ee44df021faebd2d5dbaf367f-] {+b9f3f652689dd0027df979dbd3b2461c02cee7ee+}
Depends: libfbclient2 (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Installed-Size: [-5611-] {+5613+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package libib-util: lines which differ (wdiff format)
----------------------------------------------------------------------
Depends: libc6 (>= 2.2.5), libgcc1 (>= 1:3.0), libstdc++6 (>= 4.1.1), firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

Control files of package libib-util-dbgsym: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Depends: libib-util (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}

--- End Message ---
--- Begin Message --- 
Damyan Ivanov:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package firebird3.0
> 
> Changelog since 3.0.1.32609.ds4-13 (currently in testing):
> 
> firebird3.0 (3.0.1.32609.ds4-14) unstable; urgency=high
> 
>   * Apply commit 56e9a73c168 from upstream B3_0_Release branch
>     fixing authenticated remote execution vulnerability (CVE-2017-6369,
>     CORE-5474)
>     Closes: #858644
> 
> Binary and source debdiffs attached.
> 
> unblock firebird3.0/3.0.1.32609.ds4-14
> 

Unblocked, thanks.

~Niels

--- End Message ---
Reply to: