[Pkg-ofed-commits] [librdmacm] 17/18: Imported Debian patch 1.0.15-1+deb7u1
Ana Beatriz Guerrero López
ana at moszumanska.debian.org
Wed Jul 2 13:58:26 UTC 2014
This is an automated email from the git hooks/post-receive script.
ana pushed a commit to branch master
in repository librdmacm.
commit 2efccb59e0d4274c4787f728638c068a131f651d
Author: Roland Dreier <rbd at debian.org>
Date: Tue Oct 30 11:48:07 2012 -0700
Imported Debian patch 1.0.15-1+deb7u1
---
debian/changelog | 7 +++
.../01-CVE-2012-4516-no-default-acm-port.patch | 62 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 70 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index e0b0560..6604faf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+librdmacm (1.0.15-1+deb7u1) wheezy; urgency=high
+
+ * Security fix: apply 01-CVE-2012-4516-no-default-acm-port.patch
+ (Closes: #690672)
+
+ -- Roland Dreier <rbd at debian.org> Tue, 30 Oct 2012 11:48:07 -0700
+
librdmacm (1.0.15-1) unstable; urgency=low
* New upstream release.
diff --git a/debian/patches/01-CVE-2012-4516-no-default-acm-port.patch b/debian/patches/01-CVE-2012-4516-no-default-acm-port.patch
new file mode 100644
index 0000000..9e1c9ef
--- /dev/null
+++ b/debian/patches/01-CVE-2012-4516-no-default-acm-port.patch
@@ -0,0 +1,62 @@
+From: Sean Hefty <sean.hefty at intel.com>
+Subject: Disable ACM support if ibacm.port is not found
+
+The librdmacm will try to connect port 6125 if ibacm.port is
+not found. The problem is that some other service or application
+could be using that port and respond with garbage. Rather
+than falling back to a hard coded port number, if ibacm.port
+is not found, simply disable ACM support.
+
+This has the effect of removing support for older versions
+of ibacm, unless the port file is created manually.
+
+Patch created based on feedback from Doug Ledford and Florian
+Weimer from RedHat.
+
+Origin: upstream, http://git.openfabrics.org/git?p=~shefty/librdmacm.git;a=commitdiff;h=4b5c1aa734e0e734fc2ba3cd41d0ddf02170af6d
+Bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4516
+Bug-Debian: http://bugs.debian.org/690672
+---
+Index: librdmacm-1.0.15/src/acm.c
+===================================================================
+--- librdmacm-1.0.15.orig/src/acm.c 2012-10-30 11:54:30.910048525 -0700
++++ librdmacm-1.0.15/src/acm.c 2012-10-30 11:56:41.034052522 -0700
+@@ -49,8 +49,8 @@
+ #include <infiniband/acm.h>
+
+ static pthread_mutex_t acm_lock = PTHREAD_MUTEX_INITIALIZER;
+-static int sock;
+-static short server_port = 6125;
++static int sock = -1;
++static short server_port;
+
+ struct ib_connect_hdr {
+ uint8_t cma_version;
+@@ -64,7 +64,7 @@
+ #define cma_dst_ip6 dst_addr[0]
+ };
+
+-static void ucma_set_server_port(void)
++static int ucma_set_server_port(void)
+ {
+ FILE *f;
+
+@@ -72,6 +72,7 @@
+ fscanf(f, "%hu", (unsigned short *) &server_port);
+ fclose(f);
+ }
++ return server_port;
+ }
+
+ void ucma_ib_init(void)
+@@ -79,7 +80,9 @@
+ struct sockaddr_in addr;
+ int ret;
+
+- ucma_set_server_port();
++ if (!ucma_set_server_port())
++ return;
++
+ sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+ if (sock < 0)
+ return;
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..9a8c312
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+01-CVE-2012-4516-no-default-acm-port.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ofed/librdmacm.git
More information about the Pkg-ofed-commits
mailing list