Bug#697957: unblock: connman/1.0-1.1

Fri, 11 Jan 2013 15:03:25 -0800 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package connman

connman/1.0-1.1 contains just one patch from upstream which fixes the
vulnerability CVE-2012-6459 [1]. I am attaching the debdiff.

Cheers,

Adrian

unblock connman/1.0-1.1

> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697580

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru connman-1.0/debian/changelog connman-1.0-CVE-2012-6459/debian/changelog
--- connman-1.0/debian/changelog	2012-05-25 04:27:50.000000000 +0200
+++ connman-1.0-CVE-2012-6459/debian/changelog	2013-01-09 15:34:04.186261911 +0100
@@ -1,3 +1,11 @@
+connman (1.0-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Include patch to fix bluetooth offline visibility
+    issue CVE-2012-6459 (Closes: #697580).
+
+ -- John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de>  Wed, 09 Jan 2013 15:32:22 +0100
+
 connman (1.0-1) unstable; urgency=high
 
   [ Andrew Brouwers ]
diff -Nru connman-1.0/debian/patches/02-CVE-2012-6459.patch connman-1.0-CVE-2012-6459/debian/patches/02-CVE-2012-6459.patch
--- connman-1.0/debian/patches/02-CVE-2012-6459.patch	1970-01-01 01:00:00.000000000 +0100
+++ connman-1.0-CVE-2012-6459/debian/patches/02-CVE-2012-6459.patch	2013-01-09 15:31:58.677492862 +0100
@@ -0,0 +1,48 @@
+From 01126286f96856aab6b0de171830f4e8e842e1da Mon Sep 17 00:00:00 2001
+From: Gustavo Padovan <gustavo.pado...@collabora.co.uk>
+Date: Thu, 9 Aug 2012 18:57:25 -0300
+Subject: [PATCH] bluetooth: Add device to hash before registration
+
+During the connman_device_register() procedure a lookup to the
+bluetooth_devices hash table happens, however the device is not on the
+hash at this point and the look out fails.
+
+If the registration fails, technology_disable() returns the Failed
+message on D-Bus with the error status zero. That happens because we
+don't have any device registered.
+
+This patch moves the insertion of the device to before the device
+registration.
+---
+ plugins/bluetooth.c |    5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/plugins/bluetooth.c b/plugins/bluetooth.c
+index b06460a..2ab29a6 100644
+--- a/plugins/bluetooth.c
++++ b/plugins/bluetooth.c
+@@ -660,6 +660,8 @@ static void adapter_properties_reply(DBusPendingCall *call, void *user_data)
+ 	if (device != NULL)
+ 		goto update;
+ 
++	g_hash_table_insert(bluetooth_devices, g_strdup(path), device);
++
+ 	ether_aton_r(address, &addr);
+ 
+ 	snprintf(ident, 13, "%02x%02x%02x%02x%02x%02x",
+@@ -680,11 +682,10 @@ static void adapter_properties_reply(DBusPendingCall *call, void *user_data)
+ 
+ 	if (connman_device_register(device) < 0) {
+ 		connman_device_unref(device);
++		g_hash_table_remove(bluetooth_devices, path);
+ 		goto done;
+ 	}
+ 
+-	g_hash_table_insert(bluetooth_devices, g_strdup(path), device);
+-
+ update:
+ 	connman_device_set_string(device, "Address", address);
+ 	connman_device_set_string(device, "Name", name);
+-- 
+1.7.7.6
+
diff -Nru connman-1.0/debian/patches/series connman-1.0-CVE-2012-6459/debian/patches/series
--- connman-1.0/debian/patches/series	2012-05-25 04:27:50.000000000 +0200
+++ connman-1.0-CVE-2012-6459/debian/patches/series	2013-01-09 15:32:17.892998525 +0100
@@ -1 +1,2 @@
 01-init-script-lsb-headers.patch
+02-CVE-2012-6459.patch

Reply via email to