[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#931350: stretch-pu: package fence-agents/4.0.25-1

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

I would like to upload a new version of fence-agents to stretch in order
to fix the UTF-8 problem that was recently fixed for buster too. debdiff
of the change is attached.

-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.9.0-9-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

diff -Nru fence-agents-4.0.25/debian/changelog fence-agents-4.0.25/debian/changelog
--- fence-agents-4.0.25/debian/changelog	2017-01-23 11:36:48.000000000 +0100
+++ fence-agents-4.0.25/debian/changelog	2019-06-30 19:01:55.000000000 +0200
@@ -1,3 +1,9 @@
+fence-agents (4.0.25-1+deb9u1) stretch; urgency=medium
+
+  * fence_rhevm: add patch for CVE-2019-10153 (Closes: #930887)
+
+ -- Valentin Vidic <vvidic@debian.org>  Sun, 30 Jun 2019 19:01:55 +0200
+
 fence-agents (4.0.25-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru fence-agents-4.0.25/debian/patches/CVE-2019-10153 fence-agents-4.0.25/debian/patches/CVE-2019-10153
--- fence-agents-4.0.25/debian/patches/CVE-2019-10153	1970-01-01 01:00:00.000000000 +0100
+++ fence-agents-4.0.25/debian/patches/CVE-2019-10153	2019-06-30 19:00:38.000000000 +0200
@@ -0,0 +1,34 @@
+Description: fence_rhevm fix for CVE-2019-10153
+ Import upstream security patches.
+Author: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Origin: upstream
+Bug-RHEL: https://bugzilla.redhat.com/show_bug.cgi?id=1716286
+Reviewed-by: Valentin Vidic <vvidic@debian.org>
+Last-Update: 2019-06-30
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/fence/agents/rhevm/fence_rhevm.py
++++ b/fence/agents/rhevm/fence_rhevm.py
+@@ -87,7 +87,7 @@
+ 	## send command through pycurl
+ 	conn = pycurl.Curl()
+ 	web_buffer = io.BytesIO()
+-	conn.setopt(pycurl.URL, url)
++	conn.setopt(pycurl.URL, url.encode("UTF-8"))
+ 	conn.setopt(pycurl.HTTPHEADER, ["Content-type: application/xml", "Accept: application/xml", "Prefer: persistent-auth", "Filter: true"])
+ 
+ 	if "cookie" in opt:
+@@ -121,10 +121,10 @@
+ 
+ 		opt["cookie"] = cookie
+ 
+-	result = web_buffer.getvalue().decode()
++	result = web_buffer.getvalue().decode("UTF-8")
+ 
+-	logging.debug("%s\n", command)
+-	logging.debug("%s\n", result)
++	logging.debug("%s\n", command.encode("UTF-8"))
++	logging.debug("%s\n", result.encode("UTF-8"))
+ 
+ 	return result
+ 
diff -Nru fence-agents-4.0.25/debian/patches/series fence-agents-4.0.25/debian/patches/series
--- fence-agents-4.0.25/debian/patches/series	2017-01-23 11:35:41.000000000 +0100
+++ fence-agents-4.0.25/debian/patches/series	2019-06-30 16:32:03.000000000 +0200
@@ -1,2 +1,3 @@
 reproducible
 remove-fence_amt_ws
+CVE-2019-10153
Reply to: