Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package xnbd. It fixes a local symlink attack vulnerability being tracked as CVE-2013-0265. This upload includes a patch changing the default logfile location to a location which is not globally writable (and more FHS conform anyway). It also fixes a purely cosmetic spelling fix in man pages. diff -Nru xnbd-0.1.0-pre-hg20-e75b93a47722/debian/changelog xnbd-0.1.0-pre-hg20-e75b93a47722/debian/changelog --- xnbd-0.1.0-pre-hg20-e75b93a47722/debian/changelog 2012-05-28 19:38:35.000000000 +0200 +++ xnbd-0.1.0-pre-hg20-e75b93a47722/debian/changelog 2013-02-07 22:45:21.000000000 +0100 @@ -1,3 +1,12 @@ +xnbd (0.1.0-pre-hg20-e75b93a47722-3) unstable; urgency=medium + + * Fix "Documentation Error: Option --blocksize mistyped" use correct + spelling(Closes: #691842) + * CVE-2013-0265: Fix symlink vulnerability spotted by Sebastian Pipping + <spipp...@wavecon.de>. Moreover, thanks Sebastian for providing a patch. + + -- Arno Töll <a...@debian.org> Thu, 07 Feb 2013 22:45:10 +0100 + xnbd (0.1.0-pre-hg20-e75b93a47722-2) unstable; urgency=low * Do a full source rebuild again, now that #670557 is fixed. diff -Nru xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/CVE-2013-0265.patch xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/CVE-2013-0265.patch --- xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/CVE-2013-0265.patch 1970-01-01 01:00:00.000000000 +0100 +++ xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/CVE-2013-0265.patch 2013-02-07 22:40:22.000000000 +0100 @@ -0,0 +1,169 @@ +From: Sebastian Pipping <sebast...@pipping.org> +Date: Tue, 5 Feb 2013 14:05:29 +0100 +Subject: [PATCH] Fix insecure logging location (CVE-2013-0265) + +* Change the default log file location from /tmp to /var/log +* Update manpages with respect to the new default location. + +Origin: upstream, http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=bdb56bac +Bug: http://seclists.org/oss-sec/2013/q1/248 + +--- + trunk/doc/xnbd-server.8.sgml | 2 +- + trunk/doc/xnbd-wrapper.8.sgml | 2 +- + trunk/xnbd_common.c | 11 +++++------ + trunk/xnbd_common.h | 6 ++---- + trunk/xnbd_server.c | 9 +++++---- + trunk/xnbd_wrapper.c | 10 +++++++--- + 6 files changed, 21 insertions(+), 19 deletions(-) + +--- a/trunk/doc/xnbd-server.8.sgml ++++ b/trunk/doc/xnbd-server.8.sgml +@@ -172,7 +172,7 @@ + <term><option>--logpath <replaceable>FILE</replaceable></option> + </term> + <listitem> +- <para>Log informational messages to the given <replaceable>FILE</replaceable> if given. Defaults to <replaceable>/tmp/xnbd.log</replaceable></para> ++ <para>Log informational messages to the given <replaceable>FILE</replaceable> if given. Defaults to <replaceable>/var/log/xnbd-server.log</replaceable></para> + </listitem> + </varlistentry> + +--- a/trunk/doc/xnbd-wrapper.8.sgml ++++ b/trunk/doc/xnbd-wrapper.8.sgml +@@ -126,7 +126,7 @@ + <term><option>--logpath <replaceable>FILE</replaceable></option> + </term> + <listitem> +- <para>Log informational messages to the given <replaceable>FILE</replaceable> if given. Defaults to <replaceable>/tmp/xnbd.log</replaceable></para> ++ <para>Log informational messages to the given <replaceable>FILE</replaceable> if given. Defaults to <replaceable>/var/log/xnbd-wrapper.log</replaceable></para> + </listitem> + </varlistentry> + +--- a/trunk/xnbd_common.c ++++ b/trunk/xnbd_common.c +@@ -197,9 +197,9 @@ + return (unsigned long) nblocks64; + } + +-void redirect_stderr(const char *logfile) ++void redirect_stderr(const char *logfile, const char * default_logfile) + { +- int logfd = open(logfile ? logfile : DEFAULT_XNBDSERVER_LOGFILE, ++ int logfd = open(logfile ? logfile : default_logfile, + O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR); + if (logfd < 0) + err("open %s, %m", logfile); +@@ -211,7 +211,7 @@ + close(logfd); + } + +-void detach(const char *logpath) ++void detach(const char *logpath, const char * default_logpath) + { + close(STDIN_FILENO); + +@@ -224,9 +224,8 @@ + close(devnull); + + if(!logpath) { +- logpath = DEFAULT_XNBDSERVER_LOGFILE; +- info("logfile %s", logpath); +- redirect_stderr(logpath); ++ info("logfile %s", default_logpath); ++ redirect_stderr(NULL, default_logpath); + } + + int ret = daemon(0, 1); +--- a/trunk/xnbd_common.h ++++ b/trunk/xnbd_common.h +@@ -1,9 +1,7 @@ + #ifndef XNBD_COMMON_H + #define XNBD_COMMON_H + +-#define DEFAULT_XNBDSERVER_LOGFILE "/tmp/xnbd.log" +- +-void redirect_stderr(const char *logfile); +-void detach(const char *logpath); ++void redirect_stderr(const char *logfile, const char * default_logfile); ++void detach(const char *logpath, const char * default_logpath); + + #endif +--- a/trunk/xnbd_server.c ++++ b/trunk/xnbd_server.c +@@ -29,6 +29,7 @@ + #include <netinet/ip.h> + + ++#define XNBD_SERVER_LOGFILE_DEFAULT "/var/log/xnbd-server.log" + + + +@@ -750,7 +751,7 @@ + --lport listen port (default 8520)\n\ + --daemonize run as a daemon process\n\ + --readonly export a disk as readonly\n\ +- --logpath logfile (default /tmp/xnbd.log)\n\ ++ --logpath logfile (default /var/log/xnbd-server.log)\n\ + --inetd redirect stderr for running from inetd\n\ + "; + +@@ -825,7 +826,7 @@ + } + + if (inetd) +- redirect_stderr(logpath); ++ redirect_stderr(logpath, XNBD_SERVER_LOGFILE_DEFAULT); + + optind = 1; + +@@ -994,11 +995,11 @@ + + if (!inetd && logpath) { + info("logfile %s", logpath); +- redirect_stderr(logpath); ++ redirect_stderr(logpath, XNBD_SERVER_LOGFILE_DEFAULT); + } + + if (daemonize) +- detach(logpath); ++ detach(logpath, XNBD_SERVER_LOGFILE_DEFAULT); + + + master_server(lport, (void *) &xnbd, connected_fd); +--- a/trunk/xnbd_wrapper.c ++++ b/trunk/xnbd_wrapper.c +@@ -27,6 +27,10 @@ + #include <sys/signalfd.h> + #include <sys/epoll.h> + ++ ++#define XNBD_WRAPPER_LOGFILE_DEFAULT "/var/log/xnbd-wrapper.log" ++ ++ + /* static const int MAX_DISKIMG_NUM = 32; */ + #define MAX_DISKIMG_NUM 32 + +@@ -367,7 +371,7 @@ + " --xnbd-binary Path to xnbd-server (default: /usr/sbin/xnbd-server).\n" + " --imgfile Path to disk image file. This options can be used multiple times.\n" + " You can also use xnbd-wrapper-ctl to (de)register disk images dynamically.\n" +- " --logpath logfile (default /tmp/xnbd.log)\n" ++ " --logpath logfile (default /var/log/xnbd-wrapper.log)\n" + " --laddr Listen address.\n" + " --socket Unix socket path to listen on (default: /tmp/xnbd_wrapper.ctl).\n" + "\n" +@@ -405,12 +409,12 @@ + + if (logpath) { + info("logfile %s", logpath); +- redirect_stderr(logpath); ++ redirect_stderr(logpath, XNBD_WRAPPER_LOGFILE_DEFAULT); + } + + + if (daemonize) +- detach(logpath); ++ detach(logpath, XNBD_WRAPPER_LOGFILE_DEFAULT); + + + list_diskimg(&dsklist, stdout); diff -Nru xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/series xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/series --- xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/series 2012-04-26 18:25:04.000000000 +0200 +++ xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/series 2013-02-07 22:35:14.000000000 +0100 @@ -1,2 +1,4 @@ fix-670521 fix-xnbd-path +spelling-fix.patch +CVE-2013-0265.patch diff -Nru xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/spelling-fix.patch xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/spelling-fix.patch --- xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/spelling-fix.patch 1970-01-01 01:00:00.000000000 +0100 +++ xnbd-0.1.0-pre-hg20-e75b93a47722/debian/patches/spelling-fix.patch 2012-10-31 01:00:51.000000000 +0100 @@ -0,0 +1,11 @@ +--- a/trunk/doc/xnbd-client.1.sgml ++++ b/trunk/doc/xnbd-client.1.sgml +@@ -113,7 +113,7 @@ + + + <varlistentry> +- <term><option>--block-size <replaceable>SIZE</replaceable></option></term> ++ <term><option>--blocksize <replaceable>SIZE</replaceable></option></term> + <listitem> + <para>Use the provided value as block size. + Default is 1024; allowed values are either 512, 1024, 2048 or 4096. unblock xnbd/0.1.0-pre-hg20-e75b93a47722-3 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130207222051.11720.91679.reportbug@snowball
