Ubuntu
qemu package

Merge ~paelzer/ubuntu/+source/qemu:fix-1820291-freeze-hook-and-CVE into ~ubuntu-virt/ubuntu/+source/qemu:ubuntu-disco-3.1

  1. Git
  2. lp:~paelzer/ubuntu/+source/qemu
  3. fix-1820291-freeze-hook-and-CVE
  4. Merge into ubuntu-disco-3.1
Proposed by Christian Ehrhardt 
Status: Merged
Merge reported by: Christian Ehrhardt 
Merged at revision: 6bda69c720794f432abc84bde494e4612cf925e5
Proposed branch: ~paelzer/ubuntu/+source/qemu:fix-1820291-freeze-hook-and-CVE
Merge into: ~ubuntu-virt/ubuntu/+source/qemu:ubuntu-disco-3.1
Diff against target: 279 lines (+227/-1)
7 files modified
debian/changelog (+14/-0)
debian/patches/i2c-ddc-fix-oob-read-CVE-2019-3812.patch (+34/-0)
debian/patches/series (+1/-0)
debian/qemu-guest-agent.install (+1/-1)
debian/qemu-guest-agent.postinst (+59/-0)
debian/qemu-guest-agent.postrm (+56/-0)
debian/qemu-guest-agent.preinst (+62/-0)
Reviewer Review Type Date Requested Status
Robie Basak (community) Approve
Andreas Hasenack (community) Abstain
Ubuntu Virtualisation team Pending
Review via email: mp+364760@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Robie Basak (racb) wrote :

AFAICT the implementation of your conffile rename is necessary and correct.

I am somewhat confused by the approach you took though, which seems to have three different "what to minimise" choices in three different cases. I've left comments inline in an effort to explain what I mean. However, I don't think it's worth worrying about, since this upgrade path code will go away soon anyway, you have tested the different cases with your implementation here carefully, and I don't see any functional problems with your approach as dpkg-maintscript-helper and dpkg are written today.

Separately I suggested one minor changelog fixup (inline), which I leave to your discretion in case I'm missing something.

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) :
review: Abstain
Revision history for this message
Robie Basak (racb) wrote :

(oh, and I did review the CVE fix, which looks fine, matching upstream, etc)

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks for the review!
I have made quite some cleanups due to that and I think it is better now.
I'll reset and to the testing again, once good I'll ping for a re-review.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

BTW - the PPA to test is:
https://launchpad.net/~paelzer/+archive/ubuntu/bug-1820291-fix-fsfreeze

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

tested and pushed the new version

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

@rbasak - would you mind to do a quick re-review?

Revision history for this message
Robie Basak (racb) :
review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks, I proposed it to Debian as well now [1] - and give them a chance to reply so that we handle it similarly.
Likely uploading tomorrow to meet the Beta freeze in time.

[1]: https://salsa.debian.org/qemu-team/qemu/merge_requests/5

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Building at https://launchpad.net/ubuntu/+source/qemu/1:3.1+dfsg-2ubuntu3
Setting merged.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 4652669..6430822 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,17 @@
6+qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium
7+
8+ * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
9+ - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
10+ - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
11+ mv_conffile since the new path is a directory in the old package
12+ version which can not be handled by mv_conffile.
13+ * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
14+ OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
15+ Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev)
16+ CVE-2019-3812
17+
18+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 18 Mar 2019 09:20:07 +0100
19+
20 qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium
21
22 * disable pvrdma - besides several security holes there are many other
23diff --git a/debian/patches/i2c-ddc-fix-oob-read-CVE-2019-3812.patch b/debian/patches/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
24new file mode 100644
25index 0000000..628696b
26--- /dev/null
27+++ b/debian/patches/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
28@@ -0,0 +1,34 @@
29+From: Gerd Hoffmann <kraxel@redhat.com>
30+Date: Tue, 8 Jan 2019 11:23:01 +0100
31+Subject: i2c-ddc: fix oob read
32+Commit-Id: b05b267840515730dbf6753495d5b7bd8b04ad1c
33+Bug-Debian: https://bugs.debian.org/922635
34+MIME-Version: 1.0
35+Content-Type: text/plain; charset=UTF-8
36+Content-Transfer-Encoding: 8bit
37+
38+Suggested-by: Michael Hanselmann <public@hansmi.ch>
39+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
40+Reviewed-by: Michael Hanselmann <public@hansmi.ch>
41+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
42+Message-id: 20190108102301.1957-1-kraxel@redhat.com
43+---
44+ hw/i2c/i2c-ddc.c | 2 +-
45+ 1 file changed, 1 insertion(+), 1 deletion(-)
46+
47+diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
48+index be34fe072c..0a0367ff38 100644
49+--- a/hw/i2c/i2c-ddc.c
50++++ b/hw/i2c/i2c-ddc.c
51+@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
52+ I2CDDCState *s = I2CDDC(i2c);
53+
54+ int value;
55+- value = s->edid_blob[s->reg];
56++ value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
57+ s->reg++;
58+ return value;
59+ }
60+--
61+2.11.0
62+
63diff --git a/debian/patches/series b/debian/patches/series
64index fbe83e2..54769a7 100644
65--- a/debian/patches/series
66+++ b/debian/patches/series
67@@ -5,6 +5,7 @@ bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665.patch
68 hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
69 scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
70 slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
71+i2c-ddc-fix-oob-read-CVE-2019-3812.patch
72
73 # ubuntu patches
74 ubuntu/expose-vmx_qemu64cpu.patch
75diff --git a/debian/qemu-guest-agent.install b/debian/qemu-guest-agent.install
76index 8bf0389..7049413 100644
77--- a/debian/qemu-guest-agent.install
78+++ b/debian/qemu-guest-agent.install
79@@ -3,4 +3,4 @@ debian/tmp/usr/share/man/man8/qemu-ga.8 /usr/share/man/man8
80 debian/tmp/usr/share/man/man7/qemu-ga-ref.7 /usr/share/man/man7
81 debian/tmp/usr/share/doc/qemu/qemu-ga-ref.* /usr/share/doc/qemu-guest-agent
82 qga/qapi-schema.json /usr/share/doc/qemu-guest-agent
83-scripts/qemu-guest-agent/fsfreeze-hook /etc/qemu/fsfreeze-hook
84+scripts/qemu-guest-agent/fsfreeze-hook /etc/qemu/
85diff --git a/debian/qemu-guest-agent.postinst b/debian/qemu-guest-agent.postinst
86new file mode 100644
87index 0000000..925b748
88--- /dev/null
89+++ b/debian/qemu-guest-agent.postinst
90@@ -0,0 +1,59 @@
91+#!/bin/sh
92+# postinst script for qemu-guest-agent
93+#
94+# see: dh_installdeb(1)
95+
96+set -e
97+
98+# summary of how this script can be called:
99+# * <postinst> `configure' <most-recently-configured-version>
100+# * <old-postinst> `abort-upgrade' <new version>
101+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
102+# <new-version>
103+# * <postinst> `abort-remove'
104+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
105+# <failed-install-package> <version> `removing'
106+# <conflicting-package> <version>
107+# for details, see https://www.debian.org/doc/debian-policy/ or
108+# the debian-policy package
109+
110+
111+case "$1" in
112+ configure)
113+ ;;
114+
115+ abort-upgrade|abort-remove|abort-deconfigure)
116+ ;;
117+
118+ *)
119+ echo "postinst called with unknown argument \`$1'" >&2
120+ exit 1
121+ ;;
122+esac
123+
124+# dh_installdeb will replace this with shell code automatically
125+# generated by other debhelper scripts.
126+
127+#DEBHELPER#
128+
129+# Normal mv_conffile alone would fail due to the new path being a DIR in the old package version (LP: 1820291)
130+case "$1" in
131+ configure)
132+ # From /usr/bin/dpkg-maintscript-helper modified to be able to cope with this edge case
133+ if [ -n "$2" ] && dpkg --compare-versions -- "$2" le-nl "1:3.1+dfsg-2ubuntu3~"; then
134+ TMPCONFFILE="/etc/qemu/fsfreeze-hook.old"
135+ NEWCONFFILE="/etc/qemu/fsfreeze-hook"
136+ ORIGCONFFILE="/etc/qemu/fsfreeze-hook/fsfreeze-hook"
137+ rm -f "$TMPCONFFILE.dpkg-remove"
138+ if [ -e "$TMPCONFFILE" ]; then
139+ echo "Preserving user changes to $NEWCONFFILE (renamed from $ORIGCONFFILE)..."
140+ if [ -e "$NEWCONFFILE" ]; then
141+ mv -f "$NEWCONFFILE" "$NEWCONFFILE.dpkg-new"
142+ fi
143+ mv -f "$TMPCONFFILE" "$NEWCONFFILE"
144+ fi
145+ fi
146+ ;;
147+esac
148+
149+exit 0
150diff --git a/debian/qemu-guest-agent.postrm b/debian/qemu-guest-agent.postrm
151new file mode 100644
152index 0000000..14abbb8
153--- /dev/null
154+++ b/debian/qemu-guest-agent.postrm
155@@ -0,0 +1,56 @@
156+#!/bin/sh
157+# postrm script for qemu-guest-agent
158+#
159+# see: dh_installdeb(1)
160+
161+set -e
162+
163+# summary of how this script can be called:
164+# * <postrm> `remove'
165+# * <postrm> `purge'
166+# * <old-postrm> `upgrade' <new-version>
167+# * <new-postrm> `failed-upgrade' <old-version>
168+# * <new-postrm> `abort-install'
169+# * <new-postrm> `abort-install' <old-version>
170+# * <new-postrm> `abort-upgrade' <old-version>
171+# * <disappearer's-postrm> `disappear' <overwriter>
172+# <overwriter-version>
173+# for details, see https://www.debian.org/doc/debian-policy/ or
174+# the debian-policy package
175+
176+
177+case "$1" in
178+ purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
179+ ;;
180+
181+ *)
182+ echo "postrm called with unknown argument \`$1'" >&2
183+ exit 1
184+ ;;
185+esac
186+
187+# dh_installdeb will replace this with shell code automatically
188+# generated by other debhelper scripts.
189+
190+#DEBHELPER#
191+
192+# If needed revert the move we have made in preinst to compensate the new path being a DIR in the old package version (LP: 1820291)
193+case "$1" in
194+ abort-install|abort-upgrade)
195+ # From /usr/bin/dpkg-maintscript-helper modified to be able to cope with this edge case
196+ if [ -n "$2" ] && dpkg --compare-versions -- "$2" le-nl "1:3.1+dfsg-2ubuntu3~"; then
197+ TMPCONFFILE="/etc/qemu/fsfreeze-hook.old"
198+ NEWCONFFILE="/etc/qemu/fsfreeze-hook"
199+ ORIGCONFFILE="/etc/qemu/fsfreeze-hook/fsfreeze-hook"
200+ if [ -e "$TMPCONFFILE.dpkg-remove" ]; then
201+ echo "Reinstalling $ORIGCONFFILE that was moved away"
202+ if [ -f "$NEWCONFFILE" ]; then
203+ rm -f "$NEWCONFFILE"
204+ fi
205+ mkdir -p "$NEWCONFFILE"
206+ mv "$TMPCONFFILE.dpkg-remove" "$ORIGCONFFILE"
207+ fi
208+ fi
209+esac
210+
211+exit 0
212diff --git a/debian/qemu-guest-agent.preinst b/debian/qemu-guest-agent.preinst
213new file mode 100644
214index 0000000..4f47675
215--- /dev/null
216+++ b/debian/qemu-guest-agent.preinst
217@@ -0,0 +1,62 @@
218+#!/bin/sh
219+# preinst script for qemu-guest-agent
220+#
221+# see: dh_installdeb(1)
222+
223+set -e
224+
225+# summary of how this script can be called:
226+# * <new-preinst> `install'
227+# * <new-preinst> `install' <old-version>
228+# * <new-preinst> `upgrade' <old-version>
229+# * <old-preinst> `abort-upgrade' <new-version>
230+# for details, see https://www.debian.org/doc/debian-policy/ or
231+# the debian-policy package
232+
233+
234+case "$1" in
235+ install|upgrade)
236+ ;;
237+
238+ abort-upgrade)
239+ ;;
240+
241+ *)
242+ echo "preinst called with unknown argument \`$1'" >&2
243+ exit 1
244+ ;;
245+esac
246+
247+# dh_installdeb will replace this with shell code automatically
248+# generated by other debhelper scripts.
249+
250+# Normal mv_conffile alone would fail due to the new path being a DIR in the old package version (LP: 1820291)
251+case "$1" in
252+ install|upgrade)
253+ # From /usr/bin/dpkg-maintscript-helper modified to be able to cope with this edge case
254+ if [ -n "$2" ] && dpkg --compare-versions -- "$2" le-nl "1:3.1+dfsg-2ubuntu3~"; then
255+ TMPCONFFILE="/etc/qemu/fsfreeze-hook.old"
256+ NEWCONFFILE="/etc/qemu/fsfreeze-hook"
257+ ORIGCONFFILE="/etc/qemu/fsfreeze-hook/fsfreeze-hook"
258+ if [ -f "$ORIGCONFFILE" ]; then
259+ disk_md5sum="$(md5sum "$ORIGCONFFILE" | sed -e 's/ .*//')"
260+ pkg_md5sum="$(dpkg-query -W -f='${Conffiles}' "qemu-guest-agent" | \
261+ sed -n -e "\'^ $ORIGCONFFILE ' { s/ obsolete$//; s/.* //; p }")"
262+ if [ "$disk_md5sum" = "$pkg_md5sum" ]; then
263+ # mark as having no custom content
264+ mv -f "$ORIGCONFFILE" "${TMPCONFFILE}.dpkg-remove"
265+ else
266+ # keep the "old" name to reflect there is content to be preserved
267+ mv -f "$ORIGCONFFILE" "$TMPCONFFILE"
268+ fi
269+ # In any case the old directory blocking the new conffile
270+ # has to be removed before unpack happens
271+ rmdir "$NEWCONFFILE" || echo "failed to remove $NEWCONFFILE"
272+ fi
273+ fi
274+ ;;
275+esac
276+
277+#DEBHELPER#
278+
279+exit 0

Subscribers

People subscribed via source and target branches