Bug#771445: unblock: open-vm-tools/2:9.4.6-1770165-7

Sat, 29 Nov 2014 09:03:33 -0800 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package open-vm-tools

2:9.4.6-1770165-7 fixes CVE-2014-4199 / #770809

thanks,

bernd


unblock open-vm-tools/2:9.4.6-1770165-7


-- 
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

diff --git a/debian/changelog b/debian/changelog
index 89d3cb3..f6b5705 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+open-vm-tools (2:9.4.6-1770165-7) unstable; urgency=medium
+
+  * [8df5b4ac] Adding patch to fix CVE-2014-4199.
+    Thanks to Moritz Muehlenhoff (Closes: #770809)
+
+ -- Bernd Zeimetz <b...@debian.org>  Sat, 29 Nov 2014 15:57:20 +0100
+
 open-vm-tools (2:9.4.6-1770165-6) unstable; urgency=medium
 
   * [6b514014] Fix installation of systemd services.
diff --git a/debian/patches/debian/fix-CVE-2014-4199 b/debian/patches/debian/fix-CVE-2014-4199
new file mode 100644
index 0000000..3764b62
--- /dev/null
+++ b/debian/patches/debian/fix-CVE-2014-4199
@@ -0,0 +1,123 @@
+--- a/scripts/common/vm-support
++++ b/scripts/common/vm-support
+@@ -27,9 +27,7 @@ usage()
+ }
+ 
+ 
+-TARFILE=vm-`date +%Y-%m-%d`.$$.tar
+ VER=0.89
+-OUTPUT_DIR=vm-support.$$
+ 
+ # banner(): prints any number of strings padded with
+ # newlines before and after.
+@@ -83,7 +81,7 @@ checkOutputDir()
+       if [ $? != 0 ]; then
+          banner "Could not create ./${OUTPUT_DIR}$dir... " \
+                 "Have you run out of disk space?" "Continuing"
+-         return -1
++         return 1
+       fi
+    fi
+    return 0
+@@ -195,22 +193,20 @@ fi
+ # possible information leakage.
+ umask 0077
+ 
+-# Clear up temporary files if the process is killed midway.
+-trap "rm -rf ${OUTPUT_DIR}; exit 1" HUP INT QUIT TERM ABRT
+-
+-
+-#	make a subdir to put all your files in.  die if it does not create
+-mkdir $OUTPUT_DIR
+ 
++TARFILE=$(mktemp vm-$(date +%Y-%m-%d.XXXXXXXXXX).tar)
++OUTPUT_DIR=`mktemp -d`
+ if [ $? != 0 ]; then
+ 	error "Could not create ./${OUTPUT_DIR}. Please cd to a directory to which "
+-	      "you can write."
++        "you can write."
+ fi
++# Clear up temporary files if the process is killed midway.
++trap "chmod -R u+w ${OUTPUT_DIR}; rm -rf ${OUTPUT_DIR} ${TARFILE}; exit 1" HUP INT QUIT TERM ABRT
+ 
+ banner "Collecting support information..."
+ 
+ # Common stuff that we gather for all OSes.
+-runcmd "echo vm-support version: $VER" "/tmp/vm-support-version.$$.txt"
++runcmd "echo vm-support version: $VER" "/tmp/vm-support-version.txt"
+ 
+ addfiles /etc/vmware-tools
+ addfiles /var/log/boot*
+@@ -219,14 +215,14 @@ addfiles /var/log/messages*
+ addfiles /var/log/syslog*
+ addfiles /var/run/vmware-*
+ 
+-runcmd "df" "/tmp/df.$$.txt"
+-runcmd "ifconfig -a" "/tmp/ifconfig.$$.txt"
+-runcmd "mount" "/tmp/mount.$$.txt"
+-runcmd "dmesg" "/tmp/dmesg.$$.txt"
+-runcmd "ulimit -a" "/tmp/ulimit-a.$$.txt"
+-runcmd "uptime" "/tmp/uptime.$$.txt"
+-runcmd "date" "/tmp/date.$$.txt"
+-runcmd "umask" "/tmp/umask.$$.txt"
++runcmd "df" "/tmp/df.txt"
++runcmd "ifconfig -a" "/tmp/ifconfig.txt"
++runcmd "mount" "/tmp/mount.txt"
++runcmd "dmesg" "/tmp/dmesg.txt"
++runcmd "ulimit -a" "/tmp/ulimit-a.txt"
++runcmd "uptime" "/tmp/uptime.txt"
++runcmd "date" "/tmp/date.txt"
++runcmd "umask" "/tmp/umask.txt"
+ 
+ 
+ # stageLinux(): gather information for troubleshooting Linux guests.
+@@ -272,29 +268,29 @@ stageLinux()
+    addfile /proc/irq
+ 
+    # Commands to run ($1) and redirect to logs ($2) for inclusion.
+-   runcmd "ps auwwx" "/tmp/ps-auwwx.$$.txt"
+-   runcmd "lspci -H1 -M" "/tmp/lspci1.$$.txt"
+-   runcmd "lspci -H1 -M -vn" "/tmp/lspci2.$$.txt"
+-   runcmd "/sbin/lsmod" "/tmp/modules.$$.txt"
+-   runcmd "uname -a" "/tmp/uname.$$.txt"
+-   runcmd "cat /etc/issue" "/tmp/issue.$$.txt"
+-   runcmd "rpm -qa" "/tmp/rpm-qa.$$.txt"
+-   runcmd "netstat -lan" "/tmp/netstat-lan.$$.txt"
+-   runcmd "route" "/tmp/route.$$.txt"
+-   runcmd "free" "/tmp/free.$$.txt"
++   runcmd "ps auwwx" "/tmp/ps-auwwx.txt"
++   runcmd "lspci -H1 -M" "/tmp/lspci1.txt"
++   runcmd "lspci -H1 -M -vn" "/tmp/lspci2.txt"
++   runcmd "/sbin/lsmod" "/tmp/modules.txt"
++   runcmd "uname -a" "/tmp/uname.txt"
++   runcmd "cat /etc/issue" "/tmp/issue.txt"
++   runcmd "rpm -qa" "/tmp/rpm-qa.txt"
++   runcmd "netstat -lan" "/tmp/netstat-lan.txt"
++   runcmd "route" "/tmp/route.txt"
++   runcmd "free" "/tmp/free.txt"
+ }
+ 
+ 
+ # stageFreeBSD(): gather information for troubleshooting FreeBSD guests.
+ stageFreeBSD()
+ {
+-   runcmd "ps auwwx" "/tmp/ps-auwwx.$$.txt"
++   runcmd "ps auwwx" "/tmp/ps-auwwx.txt"
+ }
+ 
+ # stageSolaris(): gather information for troubleshooting Solaris guests.
+ stageSolaris()
+ {
+-   runcmd "ps eaf" "/tmp/ps-eaf.$$.txt"
++   runcmd "ps eaf" "/tmp/ps-eaf.txt"
+ }
+ 
+ case `uname` in
+@@ -336,6 +332,7 @@ if [ $? != 0 ]; then
+ fi
+ 
+ #	Clean up temporary files
++chmod -R u+w $OUTPUT_DIR # needed if run as non-root user.
+ rm -rf $OUTPUT_DIR
+ 
+ if [ $? != 0 ]; then
diff --git a/debian/patches/series b/debian/patches/series
index 378a50e..bb3ff13 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -19,3 +19,4 @@ debian/0001-kvers.patch
 debian/fix_debian_verison_recognition
 debian/pam-use-common-auth-account
 debian/max_nic_count
+debian/fix-CVE-2014-4199

Reply via email to