Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package open-vm-tools 2:9.4.6-1770165-7 fixes CVE-2014-4199 / #770809 thanks, bernd unblock open-vm-tools/2:9.4.6-1770165-7 -- Bernd Zeimetz Debian GNU/Linux Developer http://bzed.de http://www.debian.org GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
diff --git a/debian/changelog b/debian/changelog index 89d3cb3..f6b5705 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +open-vm-tools (2:9.4.6-1770165-7) unstable; urgency=medium + + * [8df5b4ac] Adding patch to fix CVE-2014-4199. + Thanks to Moritz Muehlenhoff (Closes: #770809) + + -- Bernd Zeimetz <b...@debian.org> Sat, 29 Nov 2014 15:57:20 +0100 + open-vm-tools (2:9.4.6-1770165-6) unstable; urgency=medium * [6b514014] Fix installation of systemd services. diff --git a/debian/patches/debian/fix-CVE-2014-4199 b/debian/patches/debian/fix-CVE-2014-4199 new file mode 100644 index 0000000..3764b62 --- /dev/null +++ b/debian/patches/debian/fix-CVE-2014-4199 @@ -0,0 +1,123 @@ +--- a/scripts/common/vm-support ++++ b/scripts/common/vm-support +@@ -27,9 +27,7 @@ usage() + } + + +-TARFILE=vm-`date +%Y-%m-%d`.$$.tar + VER=0.89 +-OUTPUT_DIR=vm-support.$$ + + # banner(): prints any number of strings padded with + # newlines before and after. +@@ -83,7 +81,7 @@ checkOutputDir() + if [ $? != 0 ]; then + banner "Could not create ./${OUTPUT_DIR}$dir... " \ + "Have you run out of disk space?" "Continuing" +- return -1 ++ return 1 + fi + fi + return 0 +@@ -195,22 +193,20 @@ fi + # possible information leakage. + umask 0077 + +-# Clear up temporary files if the process is killed midway. +-trap "rm -rf ${OUTPUT_DIR}; exit 1" HUP INT QUIT TERM ABRT +- +- +-# make a subdir to put all your files in. die if it does not create +-mkdir $OUTPUT_DIR + ++TARFILE=$(mktemp vm-$(date +%Y-%m-%d.XXXXXXXXXX).tar) ++OUTPUT_DIR=`mktemp -d` + if [ $? != 0 ]; then + error "Could not create ./${OUTPUT_DIR}. Please cd to a directory to which " +- "you can write." ++ "you can write." + fi ++# Clear up temporary files if the process is killed midway. ++trap "chmod -R u+w ${OUTPUT_DIR}; rm -rf ${OUTPUT_DIR} ${TARFILE}; exit 1" HUP INT QUIT TERM ABRT + + banner "Collecting support information..." + + # Common stuff that we gather for all OSes. +-runcmd "echo vm-support version: $VER" "/tmp/vm-support-version.$$.txt" ++runcmd "echo vm-support version: $VER" "/tmp/vm-support-version.txt" + + addfiles /etc/vmware-tools + addfiles /var/log/boot* +@@ -219,14 +215,14 @@ addfiles /var/log/messages* + addfiles /var/log/syslog* + addfiles /var/run/vmware-* + +-runcmd "df" "/tmp/df.$$.txt" +-runcmd "ifconfig -a" "/tmp/ifconfig.$$.txt" +-runcmd "mount" "/tmp/mount.$$.txt" +-runcmd "dmesg" "/tmp/dmesg.$$.txt" +-runcmd "ulimit -a" "/tmp/ulimit-a.$$.txt" +-runcmd "uptime" "/tmp/uptime.$$.txt" +-runcmd "date" "/tmp/date.$$.txt" +-runcmd "umask" "/tmp/umask.$$.txt" ++runcmd "df" "/tmp/df.txt" ++runcmd "ifconfig -a" "/tmp/ifconfig.txt" ++runcmd "mount" "/tmp/mount.txt" ++runcmd "dmesg" "/tmp/dmesg.txt" ++runcmd "ulimit -a" "/tmp/ulimit-a.txt" ++runcmd "uptime" "/tmp/uptime.txt" ++runcmd "date" "/tmp/date.txt" ++runcmd "umask" "/tmp/umask.txt" + + + # stageLinux(): gather information for troubleshooting Linux guests. +@@ -272,29 +268,29 @@ stageLinux() + addfile /proc/irq + + # Commands to run ($1) and redirect to logs ($2) for inclusion. +- runcmd "ps auwwx" "/tmp/ps-auwwx.$$.txt" +- runcmd "lspci -H1 -M" "/tmp/lspci1.$$.txt" +- runcmd "lspci -H1 -M -vn" "/tmp/lspci2.$$.txt" +- runcmd "/sbin/lsmod" "/tmp/modules.$$.txt" +- runcmd "uname -a" "/tmp/uname.$$.txt" +- runcmd "cat /etc/issue" "/tmp/issue.$$.txt" +- runcmd "rpm -qa" "/tmp/rpm-qa.$$.txt" +- runcmd "netstat -lan" "/tmp/netstat-lan.$$.txt" +- runcmd "route" "/tmp/route.$$.txt" +- runcmd "free" "/tmp/free.$$.txt" ++ runcmd "ps auwwx" "/tmp/ps-auwwx.txt" ++ runcmd "lspci -H1 -M" "/tmp/lspci1.txt" ++ runcmd "lspci -H1 -M -vn" "/tmp/lspci2.txt" ++ runcmd "/sbin/lsmod" "/tmp/modules.txt" ++ runcmd "uname -a" "/tmp/uname.txt" ++ runcmd "cat /etc/issue" "/tmp/issue.txt" ++ runcmd "rpm -qa" "/tmp/rpm-qa.txt" ++ runcmd "netstat -lan" "/tmp/netstat-lan.txt" ++ runcmd "route" "/tmp/route.txt" ++ runcmd "free" "/tmp/free.txt" + } + + + # stageFreeBSD(): gather information for troubleshooting FreeBSD guests. + stageFreeBSD() + { +- runcmd "ps auwwx" "/tmp/ps-auwwx.$$.txt" ++ runcmd "ps auwwx" "/tmp/ps-auwwx.txt" + } + + # stageSolaris(): gather information for troubleshooting Solaris guests. + stageSolaris() + { +- runcmd "ps eaf" "/tmp/ps-eaf.$$.txt" ++ runcmd "ps eaf" "/tmp/ps-eaf.txt" + } + + case `uname` in +@@ -336,6 +332,7 @@ if [ $? != 0 ]; then + fi + + # Clean up temporary files ++chmod -R u+w $OUTPUT_DIR # needed if run as non-root user. + rm -rf $OUTPUT_DIR + + if [ $? != 0 ]; then diff --git a/debian/patches/series b/debian/patches/series index 378a50e..bb3ff13 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -19,3 +19,4 @@ debian/0001-kvers.patch debian/fix_debian_verison_recognition debian/pam-use-common-auth-account debian/max_nic_count +debian/fix-CVE-2014-4199