Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package firebird3.0
Changelog since 3.0.1.32609.ds4-13 (currently in testing):
firebird3.0 (3.0.1.32609.ds4-14) unstable; urgency=high
* Apply commit 56e9a73c168 from upstream B3_0_Release branch
fixing authenticated remote execution vulnerability (CVE-2017-6369,
CORE-5474)
Closes: #858644
Binary and source debdiffs attached.
unblock firebird3.0/3.0.1.32609.ds4-14
diff -Nru firebird3.0-3.0.1.32609.ds4/debian/changelog
firebird3.0-3.0.1.32609.ds4/debian/changelog
--- firebird3.0-3.0.1.32609.ds4/debian/changelog 2017-01-14
17:56:28.000000000 +0200
+++ firebird3.0-3.0.1.32609.ds4/debian/changelog 2017-03-25
18:07:07.000000000 +0200
@@ -1,3 +1,12 @@
+firebird3.0 (3.0.1.32609.ds4-14) unstable; urgency=high
+
+ * Apply commit 56e9a73c168 from upstream B3_0_Release branch
+ fixing authenticated remote execution vulnerability (CVE-2017-6369,
+ CORE-5474)
+ Closes: #858644
+
+ -- Damyan Ivanov <d...@debian.org> Sat, 25 Mar 2017 16:07:07 +0000
+
firebird3.0 (3.0.1.32609.ds4-13) unstable; urgency=medium
* Add Danish debconf translation by Joe Dalton (Closes: #850854)
diff -Nru firebird3.0-3.0.1.32609.ds4/debian/patches/series
firebird3.0-3.0.1.32609.ds4/debian/patches/series
--- firebird3.0-3.0.1.32609.ds4/debian/patches/series 2017-01-14
17:56:28.000000000 +0200
+++ firebird3.0-3.0.1.32609.ds4/debian/patches/series 2017-03-25
17:54:15.000000000 +0200
@@ -1,4 +1,5 @@
upstream/engine-unload-segfault.patch
+upstream/CORE-5474-remote-execution.patch
out/obsolete-syslogd.target.patch
out/honour-buildflags.patch
out/no-copy-from-icu.patch
diff -Nru
firebird3.0-3.0.1.32609.ds4/debian/patches/upstream/CORE-5474-remote-execution.patch
firebird3.0-3.0.1.32609.ds4/debian/patches/upstream/CORE-5474-remote-execution.patch
---
firebird3.0-3.0.1.32609.ds4/debian/patches/upstream/CORE-5474-remote-execution.patch
1970-01-01 02:00:00.000000000 +0200
+++
firebird3.0-3.0.1.32609.ds4/debian/patches/upstream/CORE-5474-remote-execution.patch
2017-03-25 17:53:40.000000000 +0200
@@ -0,0 +1,81 @@
+56e9a73c16803c3544076edb2d6c4ca25815e541 Backported fix for CORE-5474:
'Restrict UDF' is not effective, because fbudf.so is dynamically linked against
libc
+diff --git a/src/common/os/mod_loader.h b/src/common/os/mod_loader.h
+index b27d35630d..b57af4ac9f 100644
+--- a/src/common/os/mod_loader.h
++++ b/src/common/os/mod_loader.h
+@@ -70,23 +70,15 @@ public:
+ /// Destructor
+ virtual ~Module() {}
+
+-#ifdef WIN_NT
+ const Firebird::PathName fileName;
+-#endif
+
+ protected:
+ /// The constructor is protected so normal code can't allocate
instances
+ /// of the class, but the class itself is still able to be
subclassed.
+-#ifdef WIN_NT
+ Module(MemoryPool& pool, const Firebird::PathName& aFileName)
+ : fileName(pool, aFileName)
+ {
+ }
+-#else
+- Module()
+- {
+- }
+-#endif
+
+ private:
+ /// Copy construction is not supported, hence the copy
constructor is private
+diff --git a/src/common/os/posix/mod_loader.cpp
b/src/common/os/posix/mod_loader.cpp
+index a03c3065bc..2b42c59a5c 100644
+--- a/src/common/os/posix/mod_loader.cpp
++++ b/src/common/os/posix/mod_loader.cpp
+@@ -27,6 +27,7 @@
+
+ #include "firebird.h"
+ #include "../common/os/mod_loader.h"
++#include "../common/os/path_utils.h"
+ #ifdef HAVE_UNISTD_H
+ #include <unistd.h>
+ #endif
+@@ -39,8 +40,9 @@
+ class DlfcnModule : public ModuleLoader::Module
+ {
+ public:
+- DlfcnModule(void* m)
+- : module(m)
++ DlfcnModule(MemoryPool& pool, const Firebird::PathName& aFileName,
void* m)
++ : ModuleLoader::Module(pool, aFileName),
++ module(m)
+ {}
+
+ ~DlfcnModule();
+@@ -104,7 +106,7 @@ ModuleLoader::Module* ModuleLoader::loadModule(const
Firebird::PathName& modPath
+ system(command.c_str());
+ #endif
+
+- return FB_NEW_POOL(*getDefaultMemoryPool()) DlfcnModule(module);
++ return FB_NEW_POOL(*getDefaultMemoryPool())
DlfcnModule(*getDefaultMemoryPool(), modPath, module);
+ }
+
+ DlfcnModule::~DlfcnModule()
+@@ -122,6 +124,18 @@ void* DlfcnModule::findSymbol(const Firebird::string&
symName)
+
+ result = dlsym(module, newSym.c_str());
+ }
++
++#ifdef HAVE_DLADDR
++ if (!PathUtils::isRelative(fileName))
++ {
++ Dl_info info;
++ if (!dladdr(result, &info))
++ return NULL;
++ if (fileName != info.dli_fname)
++ return NULL;
++ }
++#endif
++
+ return result;
+ }
+
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files in second .changes but not in first
-----------------------------------------
-rw-r--r-- root/root
/usr/lib/debug/.build-id/0e/1030fbf8dc2030144882fb090405d3f7445a88.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/25/26d884a03a897414ddc119495a8272e0badc4e.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/25/4d0e1c45debc6abdbc915669347a8d5c41d2ee.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/3a/cd69f8972e1784250ad9c7ffbdfa076ec29a8f.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/43/b6efe476c4c5489438c808ceac3b3fc73a4be9.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/51/913a1b8f3d8fc3b95b1133153b3b95e1e802ed.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/a7/62efdf428daeced2f769986a9fb7b5fe758745.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/aa/c82d7c9cc832d7bbe15931e59f30bde437cd2e.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/b3/283cc5c2f69cfc0676a761be9c6e8e729e294e.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/b9/f3f652689dd0027df979dbd3b2461c02cee7ee.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/c7/9c4cb9e1327a84d73ab799f24d0f1860040abc.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/d0/8fcae651e574ab3a7765c9846e6b34d1e60a1a.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/e3/43ca492172fe1d8c426174bd2f708e956c79b6.debug
Files in first .changes but not in second
-----------------------------------------
-rw-r--r-- root/root
/usr/lib/debug/.build-id/07/330f263bd6a4bfaaa9e596d94a350b58465fd2.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/42/0705865d45ef8ee44df021faebd2d5dbaf367f.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/44/adc09d84064fce6502bde9515aa76575bf3e23.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/62/a96dd1bf3349d78f45438e7e70052d3a8ea272.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/71/46d417b22d8ac85fa1166611891d13bd7cf228.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/a8/a7f2bc90f8ca9c004cfdda82cff99f1365de1a.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/b5/6ff25a3b0eac3ef301a647477f6ef8ab74952a.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/c2/c6ee2e36a33063945824150c9b470e3effe8b6.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/c8/67e4ea4ebddc6efebc80de017059a697d7cd25.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/d4/d2c2d252df9afb1945846af9f2d00a5c58b0a1.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/e7/61857bfe340da61e0253c327513ce8eb7b0f9f.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/f3/7662896c4906590aa01b71d7a4278c94b24c9e.debug
-rw-r--r-- root/root
/usr/lib/debug/.build-id/fb/cd2c875f651cdfd245659faa007db69d81685a.debug
Control files of package firebird-dev: lines which differ (wdiff format)
------------------------------------------------------------------------
Depends: libfbclient2 (>= [-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+}
libib-util (>= [-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+}
firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package firebird3.0-common: lines which differ (wdiff format)
------------------------------------------------------------------------------
Depends: firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-]
{+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package firebird3.0-common-doc: lines which differ (wdiff
format)
----------------------------------------------------------------------------------
Installed-Size: [-178-] {+179+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package firebird3.0-doc: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-]
{+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package firebird3.0-examples: lines which differ (wdiff format)
--------------------------------------------------------------------------------
Depends: firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-]
{+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package firebird3.0-server: lines which differ (wdiff format)
------------------------------------------------------------------------------
Depends: adduser, libc6 (>= 2.17), libfbclient2 (>=
3.0.0~svn20110219r52404.ds3), libgcc1 (>= 1:3.0), libncurses5 (>= 6),
libstdc++6 (>= 4.1.1), libtinfo5 (>= 6), libtommath1, firebird3.0-common (=
[-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} firebird3.0-server-core (=
[-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} firebird3.0-utils (=
[-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} lsb-base (>= 3.0-6), debconf
(>= 1.4.69), init-system-helpers (>= 1.18~), firebird3.0-common-doc (=
[-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package firebird3.0-server-core: lines which differ (wdiff
format)
-----------------------------------------------------------------------------------
Depends: libc6 (>= 2.17), libfbclient2 (>= 3.0.0~svn20110219r52404.ds3),
libgcc1 (>= 1:3.0), libib-util (>= 2.5.0.23247~Beta1.ds2), libncurses5 (>= 6),
libstdc++6 (>= 4.1.1), libtinfo5 (>= 6), libtommath1, firebird3.0-common (=
[-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} firebird3.0-common-doc (=
[-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Installed-Size: [-9434-] {+9438+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package firebird3.0-server-core-dbgsym: lines which differ
(wdiff format)
------------------------------------------------------------------------------------------
Build-Ids: [-07330f263bd6a4bfaaa9e596d94a350b58465fd2-]
{+2526d884a03a897414ddc119495a8272e0badc4e+}
3359b2dd874e8f2e71e45d725bfab92bec11d1b7
{+51913a1b8f3d8fc3b95b1133153b3b95e1e802ed+}
5cf6ce74c1c61eb719ea59d1adcf674e41162067
[-62a96dd1bf3349d78f45438e7e70052d3a8ea272-]
7986b79b8482b25799ae5979ccf04e268eaf47f0
[-c2c6ee2e36a33063945824150c9b470e3effe8b6
e761857bfe340da61e0253c327513ce8eb7b0f9f
f37662896c4906590aa01b71d7a4278c94b24c9e
fbcd2c875f651cdfd245659faa007db69d81685a-]
{+a762efdf428daeced2f769986a9fb7b5fe758745
aac82d7c9cc832d7bbe15931e59f30bde437cd2e
c79c4cb9e1327a84d73ab799f24d0f1860040abc
e343ca492172fe1d8c426174bd2f708e956c79b6+}
Depends: firebird3.0-server-core (= [-3.0.1.32609.ds4-13)-]
{+3.0.1.32609.ds4-14)+}
Installed-Size: [-46624-] {+46631+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package firebird3.0-server-dbgsym: lines which differ (wdiff
format)
-------------------------------------------------------------------------------------
Build-Ids: 104955183697b0906380698ae585af83082b0f65
[-a8a7f2bc90f8ca9c004cfdda82cff99f1365de1a
c867e4ea4ebddc6efebc80de017059a697d7cd25-]
{+3acd69f8972e1784250ad9c7ffbdfa076ec29a8f
d08fcae651e574ab3a7765c9846e6b34d1e60a1a+}
ffcfa0b3b83b7b300ad7375331c8f164229588f6
Depends: firebird3.0-server (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Installed-Size: [-5739-] {+5742+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package firebird3.0-utils: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Depends: libc6 (>= 2.17), libedit2 (>= 2.11-20080614), libfbclient2 (>=
3.0.0~svn20110219r52404.ds3), libgcc1 (>= 1:3.0), libncurses5 (>= 6),
libstdc++6 (>= 4.1.1), libtinfo5 (>= 6), libtommath1, firebird3.0-common (=
[-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} firebird3.0-common-doc (=
[-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package firebird3.0-utils-dbgsym: lines which differ (wdiff
format)
------------------------------------------------------------------------------------
Build-Ids: [-44adc09d84064fce6502bde9515aa76575bf3e23-]
{+0e1030fbf8dc2030144882fb090405d3f7445a88
254d0e1c45debc6abdbc915669347a8d5c41d2ee
43b6efe476c4c5489438c808ceac3b3fc73a4be9+}
6a2a5fff04a1340e3917572e49bc6e6bda296c9e
[-7146d417b22d8ac85fa1166611891d13bd7cf228-]
a0bc7dfe3c6ba175ce9df5db3c5ae98049ee2a6c
[-b56ff25a3b0eac3ef301a647477f6ef8ab74952a-]
{+b3283cc5c2f69cfc0676a761be9c6e8e729e294e+}
d2d1f584022944f85e91e0c8118130c0597fa44c
[-d4d2c2d252df9afb1945846af9f2d00a5c58b0a1-]
d5cdce411d259abb900d2810dcec7c3b7c83d1d5
Depends: firebird3.0-utils (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Installed-Size: [-11490-] {+11492+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package libfbclient2: lines which differ (wdiff format)
------------------------------------------------------------------------
Depends: libc6 (>= 2.17), libgcc1 (>= 1:3.0), libncurses5 (>= 6), libstdc++6
(>= 4.1.1), libtinfo5 (>= 6), libtommath1, firebird3.0-common (=
[-3.0.1.32609.ds4-13),-] {+3.0.1.32609.ds4-14),+} firebird3.0-common-doc (=
[-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package libfbclient2-dbgsym: lines which differ (wdiff format)
-------------------------------------------------------------------------------
Build-Ids: [-420705865d45ef8ee44df021faebd2d5dbaf367f-]
{+b9f3f652689dd0027df979dbd3b2461c02cee7ee+}
Depends: libfbclient2 (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Installed-Size: [-5611-] {+5613+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package libib-util: lines which differ (wdiff format)
----------------------------------------------------------------------
Depends: libc6 (>= 2.2.5), libgcc1 (>= 1:3.0), libstdc++6 (>= 4.1.1),
firebird3.0-common-doc (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
Control files of package libib-util-dbgsym: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Depends: libib-util (= [-3.0.1.32609.ds4-13)-] {+3.0.1.32609.ds4-14)+}
Version: [-3.0.1.32609.ds4-13-] {+3.0.1.32609.ds4-14+}
