Bug#697957: marked as done (unblock: connman/1.0-1.1)

Mon, 21 Jan 2013 14:51:19 -0800 

Your message dated Mon, 21 Jan 2013 22:48:34 +0000
with message-id <[email protected]>
and subject line Re: Bug#697957: unblock: connman/1.0-1.1
has caused the Debian Bug report #697957,
regarding unblock: connman/1.0-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
697957: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697957
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock

Please unblock package connman

connman/1.0-1.1 contains just one patch from upstream which fixes the
vulnerability CVE-2012-6459 [1]. I am attaching the debdiff.

Cheers,

Adrian

unblock connman/1.0-1.1

> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697580

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru connman-1.0/debian/changelog connman-1.0-CVE-2012-6459/debian/changelog
--- connman-1.0/debian/changelog	2012-05-25 04:27:50.000000000 +0200
+++ connman-1.0-CVE-2012-6459/debian/changelog	2013-01-09 15:34:04.186261911 +0100
@@ -1,3 +1,11 @@
+connman (1.0-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Include patch to fix bluetooth offline visibility
+    issue CVE-2012-6459 (Closes: #697580).
+
+ -- John Paul Adrian Glaubitz <[email protected]>  Wed, 09 Jan 2013 15:32:22 +0100
+
 connman (1.0-1) unstable; urgency=high
 
   [ Andrew Brouwers ]
diff -Nru connman-1.0/debian/patches/02-CVE-2012-6459.patch connman-1.0-CVE-2012-6459/debian/patches/02-CVE-2012-6459.patch
--- connman-1.0/debian/patches/02-CVE-2012-6459.patch	1970-01-01 01:00:00.000000000 +0100
+++ connman-1.0-CVE-2012-6459/debian/patches/02-CVE-2012-6459.patch	2013-01-09 15:31:58.677492862 +0100
@@ -0,0 +1,48 @@
+From 01126286f96856aab6b0de171830f4e8e842e1da Mon Sep 17 00:00:00 2001
+From: Gustavo Padovan <[email protected]>
+Date: Thu, 9 Aug 2012 18:57:25 -0300
+Subject: [PATCH] bluetooth: Add device to hash before registration
+
+During the connman_device_register() procedure a lookup to the
+bluetooth_devices hash table happens, however the device is not on the
+hash at this point and the look out fails.
+
+If the registration fails, technology_disable() returns the Failed
+message on D-Bus with the error status zero. That happens because we
+don't have any device registered.
+
+This patch moves the insertion of the device to before the device
+registration.
+---
+ plugins/bluetooth.c |    5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/plugins/bluetooth.c b/plugins/bluetooth.c
+index b06460a..2ab29a6 100644
+--- a/plugins/bluetooth.c
++++ b/plugins/bluetooth.c
+@@ -660,6 +660,8 @@ static void adapter_properties_reply(DBusPendingCall *call, void *user_data)
+ 	if (device != NULL)
+ 		goto update;
+ 
++	g_hash_table_insert(bluetooth_devices, g_strdup(path), device);
++
+ 	ether_aton_r(address, &addr);
+ 
+ 	snprintf(ident, 13, "%02x%02x%02x%02x%02x%02x",
+@@ -680,11 +682,10 @@ static void adapter_properties_reply(DBusPendingCall *call, void *user_data)
+ 
+ 	if (connman_device_register(device) < 0) {
+ 		connman_device_unref(device);
++		g_hash_table_remove(bluetooth_devices, path);
+ 		goto done;
+ 	}
+ 
+-	g_hash_table_insert(bluetooth_devices, g_strdup(path), device);
+-
+ update:
+ 	connman_device_set_string(device, "Address", address);
+ 	connman_device_set_string(device, "Name", name);
+-- 
+1.7.7.6
+
diff -Nru connman-1.0/debian/patches/series connman-1.0-CVE-2012-6459/debian/patches/series
--- connman-1.0/debian/patches/series	2012-05-25 04:27:50.000000000 +0200
+++ connman-1.0-CVE-2012-6459/debian/patches/series	2013-01-09 15:32:17.892998525 +0100
@@ -1 +1,2 @@
 01-init-script-lsb-headers.patch
+02-CVE-2012-6459.patch

--- End Message ---
--- Begin Message --- 
On Mon, 2013-01-21 at 15:05 +0100, John Paul Adrian Glaubitz wrote:
> On 01/21/2013 10:23 AM, Adam D. Barratt wrote:
> > I've been pondering this and arguing with myself a little. There is the
> > potential for confusion if the version in t-p-u goes backwards, so let's
> > go with the unstable route; thanks.
> 
> Just uploaded 1.0-1.2 into unstable.

1.0-1.1+wheezy1 unblocked; thanks.

Regards,

Adam

--- End Message ---

Reply via email to