[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#986847: marked as done (unblock: network-manager/1.30.0-2)

Your message dated Mon, 12 Apr 2021 20:10:19 +0000
with message-id <E1lW2t1-0006bF-My@respighi.debian.org>
and subject line unblock network-manager
has caused the Debian Bug report #986847,
regarding unblock: network-manager/1.30.0-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
986847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986847
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package network-manager

It cherry-picks an upstream commit to fix
#986809 / CVE-2021-20297

Full debdiff attached.

Regards,
Michael

unblock network-manager/1.30.0-2

diff --git a/debian/changelog b/debian/changelog
index 44ae3264f7..3431459d47 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+network-manager (1.30.0-2) unstable; urgency=medium
+
+  * core: fix crash in nm_wildcard_match_check()
+    (CVE-2021-20297, Closes: #986809)
+
+ -- Michael Biebl <biebl@debian.org>  Mon, 12 Apr 2021 21:15:36 +0200
+
 network-manager (1.30.0-1) unstable; urgency=medium
 
   * New upstream version 1.30.0
diff --git a/debian/control b/debian/control
index 06146cd204..d95f09bd03 100644
--- a/debian/control
+++ b/debian/control
@@ -65,7 +65,7 @@ Breaks: ${misc:Breaks}
 Description: network management framework (daemon and userspace tools)
  NetworkManager is a system network service that manages your network devices
  and connections, attempting to keep active network connectivity when
- available. It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE
+ available. It manages ethernet, Wi-Fi, mobile broadband (WWAN), and PPPoE
  devices, and provides VPN integration with a variety of different VPN
  services.
  .
@@ -100,7 +100,7 @@ Depends: ${shlibs:Depends},
 Description: GObject-based client library for NetworkManager
  NetworkManager is a system network service that manages your network devices
  and connections, attempting to keep active network connectivity when
- available. It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE
+ available. It manages ethernet, Wi-Fi, mobile broadband (WWAN), and PPPoE
  devices, and provides VPN integration with a variety of different VPN
  services.
  .
@@ -118,7 +118,7 @@ Depends: ${misc:Depends},
 Description: GObject-based client library for NetworkManager (development files)
  NetworkManager is a system network service that manages your network devices
  and connections, attempting to keep active network connectivity when
- available. It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE
+ available. It manages ethernet, Wi-Fi, mobile broadband (WWAN), and PPPoE
  devices, and provides VPN integration with a variety of different VPN
  services.
  .
@@ -136,7 +136,7 @@ Replaces: gir1.2-networkmanager-1.0 (<< 1.8.0-2)
 Description: GObject introspection data for the libnm library
  NetworkManager is a system network service that manages your network devices
  and connections, attempting to keep active network connectivity when
- available. It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE
+ available. It manages ethernet, Wi-Fi, mobile broadband (WWAN), and PPPoE
  devices, and provides VPN integration with a variety of different VPN
  services.
  .
diff --git a/debian/patches/core-fix-crash-in-nm_wildcard_match_check.patch b/debian/patches/core-fix-crash-in-nm_wildcard_match_check.patch
new file mode 100644
index 0000000000..02d4484dd0
--- /dev/null
+++ b/debian/patches/core-fix-crash-in-nm_wildcard_match_check.patch
@@ -0,0 +1,74 @@
+From: Thomas Haller <thaller@redhat.com>
+Date: Wed, 24 Mar 2021 21:05:19 +0100
+Subject: core: fix crash in nm_wildcard_match_check()
+
+It's not entirely clear how to treat %NULL.
+Clearly "match.interface-name=eth0" should not
+match with an interface %NULL. But what about
+"match.interface-name=!eth0"? It's now implemented
+that negative matches still succeed against %NULL.
+What about "match.interface-name=*"? That probably
+should also match with %NULL. So we treat %NULL really
+like "".
+
+Against commit 11cd443448bc ('iwd: Don't call IWD methods when device
+unmanaged'), we got this backtrace:
+
+    #0  0x00007f1c164069f1 in __strnlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
+    #1  0x00007f1c1637ac9e in __fnmatch (pattern=<optimized out>, string=<optimized out>, string@entry=0x0, flags=flags@entry=0) at fnmatch.c:379
+            p = 0x0
+            res = <optimized out>
+            orig_pattern = <optimized out>
+            n = <optimized out>
+            wpattern = 0x7fff8d860730 L"pci-0000:03:00.0"
+            ps = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"}}
+            wpattern_malloc = 0x0
+            wstring_malloc = 0x0
+            wstring = <optimized out>
+            alloca_used = 80
+            __PRETTY_FUNCTION__ = "__fnmatch"
+    #2  0x0000564484a978bf in nm_wildcard_match_check (str=0x0, patterns=<optimized out>, num_patterns=<optimized out>) at src/core/nm-core-utils.c:1959
+            is_inverted = 0
+            is_mandatory = 0
+            match = <optimized out>
+            p = 0x564486c43fa0 "pci-0000:03:00.0"
+            has_optional = 0
+            has_any_optional = 0
+            i = <optimized out>
+    #3  0x0000564484bf4797 in check_connection_compatible (self=<optimized out>, connection=<optimized out>, error=0x0) at src/core/devices/nm-device.c:7499
+            patterns = <optimized out>
+            device_driver = 0x564486c76bd0 "veth"
+            num_patterns = 1
+            priv = 0x564486cbe0b0
+            __func__ = "check_connection_compatible"
+            device_iface = <optimized out>
+            local = 0x564486c99a60
+            conn_iface = 0x0
+            klass = <optimized out>
+            s_match = 0x564486c63df0 [NMSettingMatch]
+    #4  0x0000564484c38491 in check_connection_compatible (device=0x564486cbe590 [NMDeviceVeth], connection=0x564486c6b160, error=0x0) at src/core/devices/nm-device-ethernet.c:348
+            self = 0x564486cbe590 [NMDeviceVeth]
+            s_wired = <optimized out>
+
+Fixes: 3ced486f4162 ('libnm/match: extend syntax for match patterns with '|', '&', '!' and '\\'')
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1942741
+(cherry picked from commit 420784e342da4883f6debdfe10cde68507b10d27)
+---
+ src/core/nm-core-utils.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c
+index 9075c30..eed8cd7 100644
+--- a/src/core/nm-core-utils.c
++++ b/src/core/nm-core-utils.c
+@@ -1956,7 +1956,8 @@ nm_wildcard_match_check(const char *str, const char *const *patterns, guint num_
+ 
+         _pattern_parse(patterns[i], &p, &is_inverted, &is_mandatory);
+ 
+-        match = (fnmatch(p, str, 0) == 0);
++        match = (fnmatch(p, str ?: "", 0) == 0);
++
+         if (is_inverted)
+             match = !match;
+ 
diff --git a/debian/patches/series b/debian/patches/series
index a2d7e06dbd..b31950d2cb 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 Force-online-state-with-unmanaged-devices.patch
+core-fix-crash-in-nm_wildcard_match_check.patch

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---
Reply to: