Package: libguestfs / 1:1.18.1-1+deb7u3

Metadata

Package Version Patches format
libguestfs 1:1.18.1-1+deb7u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Disable fuse tests if dev fuse doesn t exist.patch | (download)

fuse/test-fuse.sh | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 disable fuse tests if /dev/fuse doesn't exist

e.g. when running in a chroot.

0002 Mount run as tmpfs inside appliance workaround for f.patch | (download)

appliance/init | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 mount /run as tmpfs inside appliance (workaround for febootstrap's
 /init)


0003 Fix for systemd based Debian systems.patch | (download)

appliance/make.sh.in | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 fix for systemd-based debian systems


0004 out of tree build fix building Perl bindings.patch | (download)

perl/Makefile.am | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 out-of-tree build: fix building perl bindings


0005 out of tree build daemon.patch | (download)

daemon/Makefile.am | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 out-of-tree build: daemon


0006 ruby install to vendor_ruby.patch | (download)

ruby/Makefile.am | 12 6 + 6 - 0 !
1 file changed, 6 insertions(+), 6 deletions(-)

 ruby: install to vendor_ruby.


0007 out of tree build install fix for translations.patch | (download)

po/Makefile.am | 14 6 + 8 - 0 !
1 file changed, 6 insertions(+), 8 deletions(-)

 out-of-tree build/install fix for translations


0008 autoreconf.patch | (download)

Makefile.in | 37 28 + 9 - 0 !
aclocal.m4 | 24 13 + 11 - 0 !
align/Makefile.in | 46 39 + 7 - 0 !
appliance/Makefile.in | 56 47 + 9 - 0 !
build-aux/config.guess | 259 144 + 115 - 0 !
build-aux/config.sub | 204 136 + 68 - 0 !
cat/Makefile.in | 46 39 + 7 - 0 !
config.h.in | 14 7 + 7 - 0 !
configure | 559 292 + 267 - 0 !
csharp/Makefile.in | 24 23 + 1 - 0 !
daemon/Makefile.in | 33 29 + 4 - 0 !
df/Makefile.in | 46 39 + 7 - 0 !
edit/Makefile.in | 46 39 + 7 - 0 !
erlang/Makefile.in | 34 31 + 3 - 0 !
erlang/examples/Makefile.in | 41 35 + 6 - 0 !
examples/Makefile.in | 58 47 + 11 - 0 !
fish/Makefile.in | 61 51 + 10 - 0 !
format/Makefile.in | 46 39 + 7 - 0 !
fuse/Makefile.in | 46 39 + 7 - 0 !
generator/Makefile.in | 24 23 + 1 - 0 !
gnulib/lib/Makefile.in | 35 27 + 8 - 0 !
gnulib/tests/Makefile.in | 35 27 + 8 - 0 !
gobject/Makefile.in | 53 41 + 12 - 0 !
gobject/docs/Makefile.in | 24 23 + 1 - 0 !
haskell/Makefile.in | 24 23 + 1 - 0 !
inspector/Makefile.in | 51 43 + 8 - 0 !
java/Makefile.in | 32 29 + 3 - 0 !
java/examples/Makefile.in | 41 35 + 6 - 0 !
ocaml/Makefile.in | 24 23 + 1 - 0 !
ocaml/examples/Makefile.in | 41 35 + 6 - 0 !
perl/Makefile.in | 25 24 + 1 - 0 !
perl/examples/Makefile.in | 41 35 + 6 - 0 !
php/Makefile.in | 29 27 + 2 - 0 !
po-docs/Makefile.in | 35 27 + 8 - 0 !
po-docs/ja/Makefile.in | 24 23 + 1 - 0 !
po-docs/uk/Makefile.in | 24 23 + 1 - 0 !
po/Makefile.in | 38 29 + 9 - 0 !
python/Makefile.in | 32 29 + 3 - 0 !
python/examples/Makefile.in | 41 35 + 6 - 0 !
rescue/Makefile.in | 46 39 + 7 - 0 !
resize/Makefile.in | 46 39 + 7 - 0 !
ruby/Makefile.in | 36 29 + 7 - 0 !
ruby/examples/Makefile.in | 41 35 + 6 - 0 !
sparsify/Makefile.in | 46 39 + 7 - 0 !
src/Makefile.in | 54 45 + 9 - 0 !
sysprep/Makefile.in | 46 39 + 7 - 0 !
test-tool/Makefile.in | 46 39 + 7 - 0 !
tests/btrfs/Makefile.in | 24 23 + 1 - 0 !
tests/c-api/Makefile.in | 24 23 + 1 - 0 !
tests/charsets/Makefile.in | 24 23 + 1 - 0 !
tests/data/Makefile.in | 24 23 + 1 - 0 !
tests/extra/Makefile.in | 24 23 + 1 - 0 !
tests/guests/Makefile.in | 24 23 + 1 - 0 !
tests/luks/Makefile.in | 24 23 + 1 - 0 !
tests/lvm/Makefile.in | 24 23 + 1 - 0 !
tests/md/Makefile.in | 24 23 + 1 - 0 !
tests/ntfsclone/Makefile.in | 24 23 + 1 - 0 !
tests/protocol/Makefile.in | 24 23 + 1 - 0 !
tests/qemu/Makefile.in | 24 23 + 1 - 0 !
tests/regressions/Makefile.in | 24 23 + 1 - 0 !
tests/xml/Makefile.in | 24 23 + 1 - 0 !
tools/Makefile.in | 46 39 + 7 - 0 !
62 files changed, 2363 insertions(+), 733 deletions(-)

 autoreconf


0009 The package containing the diff binary has been diff.patch | (download)

appliance/packagelist.in | 4 1 + 3 - 0 !
1 file changed, 1 insertion(+), 3 deletions(-)

 the package containing the diff binary has been diffutils for years


0010 gobject bindtests gjs exception behaviour changed fi.patch | (download)

gobject/bindtests-manual.js | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 gobject: bindtests: gjs exception behaviour changed, fix test.

When libguestfs calls 'error (g, "error")', gjs in F17 throws
error.message == "Error invoking Guestfs.test0rinterr: error"

In F18, error.message is simply the string "error".

Fix the test so it works for both cases.
(cherry picked from commit 6afb7336e33dc28c4fd1a4545a8298ee36c10723)

0011 fish CVE 2013 4419 Fix insecure temporary directory .patch | (download)

fish/rc.c | 43 39 + 4 - 0 !
1 file changed, 39 insertions(+), 4 deletions(-)

 fish: cve-2013-4419: fix insecure temporary directory handling for
 remote guestfish (RHBZ#1016960).

When using the guestfish --remote or guestfish --listen options,
guestfish would create a socket in a known location
(/tmp/.guestfish-$UID/socket-$PID).

The location has to be a known one in order for both ends to
communicate.  However no checking was done that the containing
directory (/tmp/.guestfish-$UID) is owned by the user.  Thus another
user could create this directory and potentially modify sockets owned
by another user's guestfish client or server.

This commit fixes the issue by creating the directory unconditionally,
and then checking that the directory has the correct owner and
permissions, thus preventing another user from creating the directory
first.

If guestfish sees a suspicious socket directory it will print an error
like this and exit with an error status:

  guestfish: '/tmp/.guestfish-1000' is not a directory or has insecure owner or permissions

Thanks: Michael Scherer for discovering this issue.

Version 2:
 - Add assigned CVE number.
 - Update documentation.

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>

(cherry picked from commit 54fb09e052d8cad50397f1085c1bdd346a13e659,
without documentation updates.)