Ubuntu
multipath-tools package

~bryce/ubuntu/+source/multipath-tools:merge-v0.9.4-3-lunar

  1. Git
  2. lp:~bryce/ubuntu/+source/multipath-tools
  3. merge-v0.9.4-3-lunar
Last commit made on 2023-02-23
Get this branch:
git clone -b merge-v0.9.4-3-lunar https://git.launchpad.net/~bryce/ubuntu/+source/multipath-tools
Only Bryce Harrington can upload to this branch. If you are Bryce Harrington please log in for upload directions.

Branch merges

Branch information

Name:
merge-v0.9.4-3-lunar
Repository:
lp:~bryce/ubuntu/+source/multipath-tools

Recent commits

9565244... by Bryce Harrington

update-maintainer

4bfc31d... by Bryce Harrington

reconstruct-changelog

1fb8ca6... by Bryce Harrington

merge-changelogs

696b0c6... by Bryce Harrington

  * d/rules: Don't update debian/po. This directory was dropped in
    0.9.0-2.

3340951... by Bryce Harrington

  * Dropped:
    - authorization bypass
      + d/p/CVE-2022-41974-pre1.patch: fix command completion in
        interactive mode in multipathd/callbacks.c, multipathd/cli.c,
        multipathd/cli_handlers.c, multipathd/main.c.
      + d/p/CVE-2022-41974.patch: more robust command parsing in
        multipathd/callbacks.c, multipathd/cli.c, multipathd/cli.h,
        multipathd/cli_handlers.c, multipathd/uxlsnr.c.
      + d/p/CVE-2022-41974-2.patch: fix command completion with
        robust parser in multipathd/cli.c, multipathd/cli.h,
        multipathd/uxlsnr.c.
      + d/p/CVE-2022-41974-3.patch: add test for command parsing
        in Makefile.inc, tests/Makefile, tests/cli.c, multipathd/cli.h,
        multipathd/cli.c.
      + d/p/CVE-2022-41974-4.patch: fix memory leak handling
        invalid commands in multipathd/uxlsnr.c.
      [Included in upstream release]

940e093... by Bryce Harrington

  * Dropped:
    - d/p/kpartx-Improve-finding-loopback-device-by-file.patch: Improve
      finding loopback devices (LP 1747044)
      [Solved differently in upstream release]

Proposed dropping this delta, based on the discussion w/ upstream:
https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/1747044/comments/6
The original author, Julian Andres Klode, has no knowledge or opinion
on this anymore. So keep it for now but drive towards dropping this
in https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/1961633.

58f6ec0... by Bryce Harrington

    - SECURITY UPDATE: symlink attack
      + debian/patches/CVE-2022-41973.patch: use /run instead of /dev/shm in
        .gitignore, Makefile.inc, libmultipath/defaults.h,
        multipath/Makefile, multipath/multipath.rules.in,
        multipath/tmpfiles.conf.in.
        [Dropped: Included in upstream release]
      + debian/multipath-tools.install: install tmpfiles.d/multipath.conf.
      + debian/rules: copy udev rule after build.
      + CVE-2022-41973

The patch portion of this CVE is dropped since it was a backport of
upstream that's now included in the codebase. The packaging adjustments
appear to still be relevant but it's not evident why they were added;
they're being kept out of caution but maybe can be dropped?

d66bc28... by Athos Ribeiro

    - d/rules: remove -Bsymbolic-functions from LDFLAGS

multipathd overrides a function provided by libmultipath. Using
-Bsymbolic-functions would force multipathd to run through an unexpected
codepath causing segmentation faults during the service execution. See
https://github.com/opensvc/multipath-tools/issues/26 for further
references.

e684d91... by Utkarsh Gupta

    - Don't build the multipath-tools binary package on i386; we only want
      kpartx.

Unfortunately, this was dropped in 0.8.5-2ubuntu1 but it turns
out that we still need this, so re-adding again.

da0855a... by Utkarsh Gupta

    - d/rules: Move udev rules to priority 95, because rules that load
      modules should be >90.