lp://staging/~kentb/ubuntu/trusty/openwsman/bug-1319098

Branch merges

Propose for merging

No branches dependent on this one.

Merged into lp://staging/ubuntu/trusty/openwsman

Jamie Strandboge: Approve on 2014-06-16

Diff: 607 lines (+539/-0)

13 files modified

debian/changelog (+30/-0)
debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch (+74/-0)
debian/patches/SHA512-password-fixes.patch (+82/-0)
debian/patches/increase-password-upper-limit.patch (+20/-0)
debian/patches/mem-allocation-dictionary-new-fix.patch (+58/-0)
debian/patches/mem-allocation-mem-double-newptr-fix.patch (+37/-0)
debian/patches/mem-allocation-u-error-new-fix.patch (+22/-0)
debian/patches/mem-allocation-wsman-init-plugins-fix.patch (+52/-0)
debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch (+19/-0)
debian/patches/series (+11/-0)
debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch (+29/-0)
debian/patches/wsman-get-fault-status-sanity-guard-fix.patch (+64/-0)
debian/patches/wsmc-create-request-fix-buff-overflow.patch (+41/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1319089: Add security fixes from upstream

Undecided

Fix Released

Link a bug report

Related blueprints

19. By Kent Baxley on 2014-06-06

update patch series

18. By Kent Baxley on 2014-06-06

* SECURITY UPDATE: Add security fixes from upstream openwsman (LP: #1319089)
  - debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch:
    ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
  - debian/patches/wsmc-create-request-fix-buff-overflow.patch:
    wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW
  - debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch:
    address LocalSubscriptionOpUpdate() unchecked fopen()
  - debian/patches/wsman-get-fault-status-sanity-guard-fix.patch:
    Fix incorrect order of sanity guards in wsman_get_fault_status_from_doc()
  - debian/patches/mem-allocation-wsman-init-plugins-fix.patch:
    Fix unchecked memory allocation in wsman_init_plugins(), p->ifc
  - debian/patches/mem-allocation-mem-double-newptr-fix.patch:
    Fix unchecked memory allocation in mem_double(), newptr
  - debian/patches/mem-allocation-dictionary-new-fix.patch:
    Fix unchecked memory allocation in dictionary_new(), d, d->val, d->key,
  - debian/patches/mem-allocation-u-error-new-fix.patch:
    Fix unchecked memory allocation in u_error_new(), *error
  - debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch:
    sighup_handler() in wsmand.c use of unsafe functions in a signal handler
  - debian/patches/SHA512-password-fixes.patch:
    Support SHA512 password encoding, use safe_cmp to prevent brute-force
    attacks
  - debian/patches/increase-password-upper-limit.patch:
    increase password upper limit to 128 characters (from 64)

17. By Kent Baxley on 2014-06-06

Break out patch set one at a time.
Added two new fixes from upsteram (SHA512 fixes and increase password length).
Only add security-relevant patches this time.

16. By Kent Baxley on 2014-05-13

popped all the quilt patches to make the diff easier to read

15. By Kent Baxley on 2014-05-13

drop urgency to low in changelog

14. By Kent Baxley on 2014-05-13

Fix changelog version to be in-line with security team guidelines.

13. By Kent Baxley on 2014-05-13

* Add security fixes from upstream openwsman-2.4.4 (LP: #1319089)
  * ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
  * wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW
  * LocalSubscriptionOpUpdate() unchecked fopen()
  * Incorrect order of sanity guards in wsman_get_fault_status_from_doc()
  * Unchecked memory allocation in wsman_init_plugins(), p->ifc
  * Unchecked memory allocation in mem_double(), newptr
  * Unchecked memory allocation in dictionary_new(), d, d->val, d->key,
    d->hash
  * Unchecked memory allocation in u_error_new(), *error
  * sighup_handler() in wsmand.c uses unsafe functions in a signal handler

12. By Kent Baxley on 2014-01-24

debian/control: fix the breaks and replaces version numbers
for libopenwsman1.

11. By Kent Baxley on 2014-01-13

* Sync with upstream 2.4.3 (LP: #1268707)
* debian/control: bump standards version to 3.9.5
* debian/patches: removed cmake-findruby.patch. FTBFS no longer occurs due to
  overhauled ruby cmake file upstream.

10. By Stefan Bader on 2013-02-06

* Sync with upstream 2.3.6
* debian/control: Move to standards version 3.9.2
  - debian/*.install: Use relative source paths
  - debian/*.conffiles: Dropped
  - debian/source/format: New: "3.0 (quilt)"
  - debian/control: Add debhelper (>= 9.0.0) as build-dependency
  - debian/rules: Use dh format
  - debian/rules: Disable dh_auto_test. Testcases fail
  - debian/rules: Override dh_auto_install to install the client config
* debian/control: Add build-dependency on cmake
* debian/control: Drop build-dependency on cdbs
* debian/control: Multi-Arch conversion for libopenwsman1 and
                  libwsman-clientpp1.
* debian/rules: Drop cdbs includes
* debian/rules: Drop extra build flags (not required anymore)
* debian/libopenwsman-dev.install: Don't install .a files (not built)
* debian/patches/cmake-findruby.patch: Fix FTBS caused by a certain
  usage of braces.
* debian/patches/cmake-python-includes.patch: Need to use a different
  variable which has architecture specific include path as well.