Package: open-iscsi / 2.0.874-5

Metadata

Package Version Patches format
open-iscsi 2.0.874-5 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
bugfixes/no make clean kernel.patch | (download)

Makefile | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 don't run make -c kernel clean
 The kernel modules are no longer built (part of mainline), so don't
 run make -C kernel clean on make clean.
debian/var run lock.patch | (download)

doc/iscsid.8 | 2 1 + 1 - 0 !
iscsiuio/src/unix/main.c | 2 1 + 1 - 0 !
usr/initiator.h | 4 2 + 2 - 0 !
3 files changed, 4 insertions(+), 4 deletions(-)

 move from /var/lock and /var/run to /run/lock and /run
debian/dont link against openssl.patch | (download)

usr/Makefile | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 don't link against openssl
 GPL programs are legally not allowed to be linked against OpenSSL in
 Debian. Link against libisns-nocrypto instead of libisns, and don't
 link against libcrypto.
 .
 As the iSNS functionality in open-iscsi does not use the cryptographic
 capabilities of open-isns anyway, this has no impact on functionality.
debian/udeb without libmount.patch | (download)

usr/Makefile | 6 4 + 2 - 0 !
usr/initiator_common.c | 2 2 + 0 - 0 !
usr/mntcheck.c | 12 12 + 0 - 0 !
3 files changed, 18 insertions(+), 2 deletions(-)

 temporarily support builds without libmount
 libmount is not available as an udeb at the moment, so in order for
 the udeb not to break, temporarily support builds without libmount
 for d-i environments (removing the safety check at session shutdown).
 This is not intended for upstream, only as a stop-gap measure until
 a libmount udeb is available again.
bugfixes/need_iscsiuio_for_hardware_offload.patch | (download)

include/iscsi_net_util.h | 1 1 + 0 - 0 !
usr/iscsi_net_util.c | 17 17 + 0 - 0 !
2 files changed, 18 insertions(+)

 iscsiuio must be present to use hardware offload for bnx2x
bugfixes/move_offload_discovery_to_fw_get_targets.patch | (download)

utils/fwparam_ibft/fw_entry.c | 58 35 + 23 - 0 !
1 file changed, 35 insertions(+), 23 deletions(-)

 move iscsistart offload discovery/setup to fw_get_targets()
bugfixes/fix_iscsiuio_long_options.patch | (download)

iscsiuio/docs/iscsiuio.8 | 10 5 + 5 - 0 !
iscsiuio/src/unix/main.c | 12 7 + 5 - 0 !
2 files changed, 12 insertions(+), 10 deletions(-)

 fix iscsiuio long options
security/Check for root peer user for iscsiuio IPC.patch | (download)

iscsiuio/src/unix/Makefile.am | 3 2 + 1 - 0 !
iscsiuio/src/unix/iscsid_ipc.c | 47 47 + 0 - 0 !
2 files changed, 49 insertions(+), 1 deletion(-)

 [patch 1/8] check for root peer user for iscsiuio ipc

This fixes a possible vulnerability where a non-root
process could connect with iscsiuio. Fouund by Qualsys.

security/iscsiuio should ignore bogus iscsid broadcast packet.patch | (download)

iscsiuio/src/unix/iscsid_ipc.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 [patch 2/8] iscsiuio should ignore bogus iscsid broadcast packets

When iscsiuio is receiving broadcast packets from iscsid,
if the 'payload_len', carried in the packet, is too
large then ignore the packet and print a message.
Found by Qualsys.

security/Ensure all fields in iscsiuio IPC response are set.patch | (download)

iscsiuio/src/unix/iscsid_ipc.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch 3/8] ensure all fields in iscsiuio ipc response are set

Make sure all fields in the response strcuture are set,
or info from the stack can be leaked to our caller.
Found by Qualsys.

security/Do not double close IPC file stream to iscsid.patch | (download)

iscsiuio/src/unix/iscsid_ipc.c | 9 7 + 2 - 0 !
1 file changed, 7 insertions(+), 2 deletions(-)

 [patch 4/8] do not double-close ipc file stream to iscsid

A double-close of a file descriptor and its associated FILE stream
can be an issue in multi-threaded cases. Found by Qualsys.

security/Ensure strings from peer are copied correctly.patch | (download)

iscsiuio/src/unix/iscsid_ipc.c | 24 6 + 18 - 0 !
1 file changed, 6 insertions(+), 18 deletions(-)

 [patch 5/8] ensure strings from peer are copied correctly.

The method of using strlen() and strcpy()/strncpy() has
a couple of holes. Do not try to measure the length of
strings supplied from peer, and ensure copied strings are
NULL-terminated. Use the new strlcpy() instead.
Found by Qualsys.

security/Skip useless strcopy and validate CIDR length.patch | (download)

iscsiuio/src/unix/iscsid_ipc.c | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 [patch 6/8] skip useless strcopy, and validate cidr length

Remove a useless strcpy() that copies a string onto itself,
and ensure the CIDR length "keepbits" is not negative.
Found by Qualsys.

security/Check iscsiuio ping data length for validity.patch | (download)

iscsiuio/src/unix/iscsid_ipc.c | 5 5 + 0 - 0 !
iscsiuio/src/unix/packet.c | 2 1 + 1 - 0 !
iscsiuio/src/unix/packet.h | 2 2 + 0 - 0 !
3 files changed, 8 insertions(+), 1 deletion(-)

 [patch 7/8] check iscsiuio ping data length for validity

We do not trust that the received ping packet data length
is correct, so sanity check it. Found by Qualsys.