Package: release.debian.org Severity: normal Tags: stretch User: [email protected] Usertags: pu
I would like to upload a new version of fence-agents to stretch in order to fix the UTF-8 problem that was recently fixed for buster too. debdiff of the change is attached. -- System Information: Debian Release: 9.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 4.9.0-9-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system)
diff -Nru fence-agents-4.0.25/debian/changelog fence-agents-4.0.25/debian/changelog --- fence-agents-4.0.25/debian/changelog 2017-01-23 11:36:48.000000000 +0100 +++ fence-agents-4.0.25/debian/changelog 2019-06-30 19:01:55.000000000 +0200 @@ -1,3 +1,9 @@ +fence-agents (4.0.25-1+deb9u1) stretch; urgency=medium + + * fence_rhevm: add patch for CVE-2019-10153 (Closes: #930887) + + -- Valentin Vidic <[email protected]> Sun, 30 Jun 2019 19:01:55 +0200 + fence-agents (4.0.25-1) unstable; urgency=medium * Team upload. diff -Nru fence-agents-4.0.25/debian/patches/CVE-2019-10153 fence-agents-4.0.25/debian/patches/CVE-2019-10153 --- fence-agents-4.0.25/debian/patches/CVE-2019-10153 1970-01-01 01:00:00.000000000 +0100 +++ fence-agents-4.0.25/debian/patches/CVE-2019-10153 2019-06-30 19:00:38.000000000 +0200 @@ -0,0 +1,34 @@ +Description: fence_rhevm fix for CVE-2019-10153 + Import upstream security patches. +Author: Oyvind Albrigtsen <[email protected]> +Origin: upstream +Bug-RHEL: https://bugzilla.redhat.com/show_bug.cgi?id=1716286 +Reviewed-by: Valentin Vidic <[email protected]> +Last-Update: 2019-06-30 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/fence/agents/rhevm/fence_rhevm.py ++++ b/fence/agents/rhevm/fence_rhevm.py +@@ -87,7 +87,7 @@ + ## send command through pycurl + conn = pycurl.Curl() + web_buffer = io.BytesIO() +- conn.setopt(pycurl.URL, url) ++ conn.setopt(pycurl.URL, url.encode("UTF-8")) + conn.setopt(pycurl.HTTPHEADER, ["Content-type: application/xml", "Accept: application/xml", "Prefer: persistent-auth", "Filter: true"]) + + if "cookie" in opt: +@@ -121,10 +121,10 @@ + + opt["cookie"] = cookie + +- result = web_buffer.getvalue().decode() ++ result = web_buffer.getvalue().decode("UTF-8") + +- logging.debug("%s\n", command) +- logging.debug("%s\n", result) ++ logging.debug("%s\n", command.encode("UTF-8")) ++ logging.debug("%s\n", result.encode("UTF-8")) + + return result + diff -Nru fence-agents-4.0.25/debian/patches/series fence-agents-4.0.25/debian/patches/series --- fence-agents-4.0.25/debian/patches/series 2017-01-23 11:35:41.000000000 +0100 +++ fence-agents-4.0.25/debian/patches/series 2019-06-30 16:32:03.000000000 +0200 @@ -1,2 +1,3 @@ reproducible remove-fence_amt_ws +CVE-2019-10153
