r829 - in lvm2/trunk/debian: . patches
Bastian Blank
waldi at alioth.debian.org
Thu Aug 19 12:38:25 UTC 2010
Author: waldi
Date: Thu Aug 19 12:38:20 2010
New Revision: 829
Log:
Import changes from upstream version 2.02.72.
Added:
lvm2/trunk/debian/patches/upstream-2.02.72.patch
Modified:
lvm2/trunk/debian/changelog
lvm2/trunk/debian/patches/series
Modified: lvm2/trunk/debian/changelog
==============================================================================
--- lvm2/trunk/debian/changelog Fri Jun 18 09:40:08 2010 (r828)
+++ lvm2/trunk/debian/changelog Thu Aug 19 12:38:20 2010 (r829)
@@ -1,3 +1,12 @@
+lvm2 (2.02.66-3) UNRELEASED; urgency=high
+
+ * Import upstream version 2.02.72:
+ - CVE-2010-2526: Fix insecure communication between lvm2 and clvmd.
+ (Closes: #591204)
+ - Only use single node clvm if explicitely requested.
+
+ -- Bastian Blank <waldi at debian.org> Thu, 19 Aug 2010 12:28:02 +0000
+
lvm2 (2.02.66-2) unstable; urgency=medium
* Make libdevmapper1.02.1 depend on dmsetup. libdevmapper needs new enough
Modified: lvm2/trunk/debian/patches/series
==============================================================================
--- lvm2/trunk/debian/patches/series Fri Jun 18 09:40:08 2010 (r828)
+++ lvm2/trunk/debian/patches/series Thu Aug 19 12:38:20 2010 (r829)
@@ -1,4 +1,5 @@
upstream-define-union-semun.patch
+upstream-2.02.72.patch
install.patch
libs-cleanup.patch
config.patch
Added: lvm2/trunk/debian/patches/upstream-2.02.72.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ lvm2/trunk/debian/patches/upstream-2.02.72.patch Thu Aug 19 12:38:20 2010 (r829)
@@ -0,0 +1,295 @@
+diff --git a/Makefile.in b/Makefile.in
+index 5c1f837..dc31604 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -84,6 +84,7 @@ install_system_dirs:
+ $(INSTALL_ROOT_DIR) $(DESTDIR)$(DEFAULT_BACKUP_DIR)
+ $(INSTALL_ROOT_DIR) $(DESTDIR)$(DEFAULT_CACHE_DIR)
+ $(INSTALL_ROOT_DIR) $(DESTDIR)$(DEFAULT_LOCK_DIR)
++ $(INSTALL_ROOT_DIR) $(DESTDIR)$(DEFAULT_RUN_DIR)
+ $(INSTALL_ROOT_DATA) /dev/null $(DESTDIR)$(DEFAULT_CACHE_DIR)/.cache
+
+ install_initscripts:
+diff --git a/configure.in b/configure.in
+index 2b1987b..bd56136 100644
+--- a/configure.in
++++ b/configure.in
+@@ -1127,6 +1127,13 @@ if test "$BUILD_DMEVENTD" = yes; then
+ [Path to dmeventd binary.])
+ fi
+
++AH_TEMPLATE(DEFAULT_RUN_DIR, [Name of default run directory.])
++AC_ARG_WITH(default-run-dir,
++ [ --with-default-run-dir=DIR Default run directory [[/var/run/lvm]] ],
++ [ DEFAULT_RUN_DIR="$withval" ],
++ [ DEFAULT_RUN_DIR="/var/run/lvm" ])
++AC_DEFINE_UNQUOTED(DEFAULT_RUN_DIR,["$DEFAULT_RUN_DIR"] )
++
+ ################################################################################
+ dnl -- various defaults
+ AC_ARG_WITH(default-system-dir,
+diff --git a/daemons/clvmd/clvm.h b/daemons/clvmd/clvm.h
+index 92f807f..c9ea10c 100644
+--- a/daemons/clvmd/clvm.h
++++ b/daemons/clvmd/clvm.h
+@@ -22,6 +22,8 @@
+ #ifndef _CLVM_H
+ #define _CLVM_H
+
++#include "configure.h"
++
+ struct clvm_header {
+ uint8_t cmd; /* See below */
+ uint8_t flags; /* See below */
+@@ -45,9 +47,8 @@ struct clvm_header {
+ #define CLVMD_FLAG_SYSTEMLV 2 /* Data in system LV under my node name */
+ #define CLVMD_FLAG_NODEERRS 4 /* Reply has errors in node-specific portion */
+
+-/* Name of the local socket to communicate between libclvm and clvmd */
+-//static const char CLVMD_SOCKNAME[]="/var/run/clvmd";
+-static const char CLVMD_SOCKNAME[] = "\0clvmd";
++/* Name of the local socket to communicate between lvm and clvmd */
++static const char CLVMD_SOCKNAME[]= DEFAULT_RUN_DIR "/clvmd.sock";
+
+ /* Internal commands & replies */
+ #define CLVMD_CMD_REPLY 1
+diff --git a/daemons/clvmd/clvmd-singlenode.c b/daemons/clvmd/clvmd-singlenode.c
+index ec98f2c..4393a2e 100644
+--- a/daemons/clvmd/clvmd-singlenode.c
++++ b/daemons/clvmd/clvmd-singlenode.c
+@@ -26,17 +26,29 @@
+ #include <sys/socket.h>
+ #include <fcntl.h>
+
+-static const char SINGLENODE_CLVMD_SOCKNAME[] = "\0singlenode_clvmd";
++static const char SINGLENODE_CLVMD_SOCKNAME[] = DEFAULT_RUN_DIR "/clvmd_singlenode.sock";
+ static int listen_fd = -1;
+
++static void close_comms()
++{
++ if (listen_fd != -1 && close(listen_fd))
++ stack;
++ (void)unlink(SINGLENODE_CLVMD_SOCKNAME);
++ listen_fd = -1;
++}
++
+ static int init_comms()
+ {
+ struct sockaddr_un addr;
++ mode_t old_mask;
++
++ close_comms();
++ old_mask = umask(0077);
+
+ listen_fd = socket(PF_UNIX, SOCK_STREAM, 0);
+ if (listen_fd < 0) {
+ DEBUGLOG("Can't create local socket: %s\n", strerror(errno));
+- return -1;
++ goto error;
+ }
+ /* Set Close-on-exec */
+ fcntl(listen_fd, F_SETFD, 1);
+@@ -48,16 +60,19 @@ static int init_comms()
+
+ if (bind(listen_fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+ DEBUGLOG("Can't bind local socket: %s\n", strerror(errno));
+- close(listen_fd);
+- return -1;
++ goto error;
+ }
+ if (listen(listen_fd, 10) < 0) {
+ DEBUGLOG("Can't listen local socket: %s\n", strerror(errno));
+- close(listen_fd);
+- return -1;
++ goto error;
+ }
+
++ umask(old_mask);
+ return 0;
++error:
++ umask(old_mask);
++ close_comms();
++ return -1;
+ }
+
+ static int _init_cluster(void)
+@@ -74,7 +89,7 @@ static int _init_cluster(void)
+
+ static void _cluster_closedown(void)
+ {
+- close(listen_fd);
++ close_comms();
+
+ DEBUGLOG("cluster_closedown\n");
+ destroy_lvhash();
+diff --git a/daemons/clvmd/clvmd.c b/daemons/clvmd/clvmd.c
+index 4f5ed97..9554eea 100644
+--- a/daemons/clvmd/clvmd.c
++++ b/daemons/clvmd/clvmd.c
+@@ -123,6 +123,7 @@ static void process_remote_command(struct clvm_header *msg, int msglen, int fd,
+ static int process_reply(const struct clvm_header *msg, int msglen,
+ const char *csid);
+ static int open_local_sock(void);
++static void close_local_sock(int local_socket);
+ static int check_local_clvmd(void);
+ static struct local_client *find_client(int clientid);
+ static void main_loop(int local_sock, int cmd_timeout);
+@@ -276,6 +277,23 @@ static void remove_lockfile(void)
+ unlink(CLVMD_PIDFILE);
+ }
+
++/*
++ * clvmd require dm-ioctl capability for operation
++ */
++static void check_permissions()
++{
++ if (getuid() || geteuid()) {
++ log_error("Cannot run as a non-root user.");
++
++ /*
++ * Fail cleanly here if not run as root, instead of failing
++ * later when attempting a root-only operation
++ * Preferred exit code from an initscript for this.
++ */
++ exit(4);
++ }
++}
++
+ int main(int argc, char *argv[])
+ {
+ int local_sock;
+@@ -305,9 +323,11 @@ int main(int argc, char *argv[])
+ exit(0);
+
+ case 'R':
++ check_permissions();
+ return refresh_clvmd(1)==1?0:1;
+
+ case 'S':
++ check_permissions();
+ return restart_clvmd(clusterwide_opt)==1?0:1;
+
+ case 'C':
+@@ -353,6 +373,8 @@ int main(int argc, char *argv[])
+ }
+ }
+
++ check_permissions();
++
+ /* Setting debug options on an existing clvmd */
+ if (debug_opt && !check_local_clvmd()) {
+
+@@ -457,7 +479,7 @@ int main(int argc, char *argv[])
+ #endif
+ #ifdef USE_SINGLENODE
+ if (!clops)
+- if ((cluster_iface == IF_AUTO || cluster_iface == IF_SINGLENODE) && (clops = init_singlenode_cluster())) {
++ if (cluster_iface == IF_SINGLENODE && (clops = init_singlenode_cluster())) {
+ max_csid_len = SINGLENODE_CSID_LEN;
+ max_cluster_message = SINGLENODE_MAX_CLUSTER_MESSAGE;
+ max_cluster_member_name_len = MAX_CLUSTER_MEMBER_NAME_LEN;
+@@ -521,6 +543,7 @@ int main(int argc, char *argv[])
+ /* Do some work */
+ main_loop(local_sock, cmd_timeout);
+
++ close_local_sock(local_sock);
+ destroy_lvm();
+
+ return 0;
+@@ -864,7 +887,6 @@ static void main_loop(int local_sock, int cmd_timeout)
+
+ closedown:
+ clops->cluster_closedown();
+- close(local_sock);
+ }
+
+ static __attribute__ ((noreturn)) void wait_for_child(int c_pipe, int timeout)
+@@ -1963,20 +1985,30 @@ static int check_local_clvmd(void)
+ return ret;
+ }
+
++static void close_local_sock(int local_socket)
++{
++ if (local_socket != -1 && close(local_socket))
++ stack;
++
++ if (CLVMD_SOCKNAME[0] != '\0' && unlink(CLVMD_SOCKNAME))
++ stack;
++}
+
+ /* Open the local socket, that's the one we talk to libclvm down */
+ static int open_local_sock()
+ {
+- int local_socket;
++ int local_socket = -1;
+ struct sockaddr_un sockaddr;
++ mode_t old_mask;
++
++ close_local_sock(local_socket);
++ old_mask = umask(0077);
+
+ /* Open local socket */
+- if (CLVMD_SOCKNAME[0] != '\0')
+- unlink(CLVMD_SOCKNAME);
+ local_socket = socket(PF_UNIX, SOCK_STREAM, 0);
+ if (local_socket < 0) {
+ log_error("Can't create local socket: %m");
+- return -1;
++ goto error;
+ }
+
+ /* Set Close-on-exec & non-blocking */
+@@ -1989,18 +2021,19 @@ static int open_local_sock()
+ sockaddr.sun_family = AF_UNIX;
+ if (bind(local_socket, (struct sockaddr *) &sockaddr, sizeof(sockaddr))) {
+ log_error("can't bind local socket: %m");
+- close(local_socket);
+- return -1;
++ goto error;
+ }
+ if (listen(local_socket, 1) != 0) {
+ log_error("listen local: %m");
+- close(local_socket);
+- return -1;
++ goto error;
+ }
+- if (CLVMD_SOCKNAME[0] != '\0')
+- chmod(CLVMD_SOCKNAME, 0600);
+
++ umask(old_mask);
+ return local_socket;
++error:
++ close_local_sock(local_socket);
++ umask(old_mask);
++ return -1;
+ }
+
+ void process_message(struct local_client *client, const char *buf, int len,
+diff --git a/daemons/clvmd/clvmd.h b/daemons/clvmd/clvmd.h
+index aec31b2..ccc79cc 100644
+--- a/daemons/clvmd/clvmd.h
++++ b/daemons/clvmd/clvmd.h
+@@ -20,9 +20,6 @@
+ #define CLVMD_MINOR_VERSION 2
+ #define CLVMD_PATCH_VERSION 1
+
+-/* Name of the cluster LVM admin lock */
+-#define ADMIN_LOCK_NAME "CLVMD_ADMIN"
+-
+ /* Default time (in seconds) we will wait for all remote commands to execute
+ before declaring them dead */
+ #define DEFAULT_CMD_TIMEOUT 60
+diff --git a/lib/misc/configure.h.in b/lib/misc/configure.h.in
+index 01f668c..3a37678 100644
+--- a/lib/misc/configure.h.in
++++ b/lib/misc/configure.h.in
+@@ -35,6 +35,9 @@
+ /* Name of default locking directory. */
+ #undef DEFAULT_LOCK_DIR
+
++/* Name of default run directory. */
++#undef DEFAULT_RUN_DIR
++
+ /* Define to 0 to reinstate the pre-2.02.54 handling of unit suffixes. */
+ #undef DEFAULT_SI_UNIT_CONSISTENCY
+
More information about the pkg-lvm-commits
mailing list