debian/0000775000000000000000000000000012347565345007206 5ustar debian/compat0000664000000000000000000000000212106651401010362 0ustar 9 debian/openwsman.install0000664000000000000000000000041312270462642012572 0ustar etc/openwsman/openwsman.conf etc/openwsman/ssleay.cnf etc/pam.d/openwsman usr/sbin/openwsmand usr/sbin/owsmangencert usr/lib/*/openwsman/authenticators/*.so usr/lib/*/openwsman/authenticators/*.so.* usr/lib/*/openwsman/plugins/*.so usr/lib/*/openwsman/plugins/*.so.* debian/openwsman.lintian-overrides0000664000000000000000000000011212270350723014552 0ustar postinst-has-useless-call-to-ldconfig postrm-has-useless-call-to-ldconfig debian/libwsman-client2.install0000664000000000000000000000010312270342153013723 0ustar usr/lib/*/libwsman_client.so.* etc/openwsman/openwsman_client.conf debian/libwsman-clientpp1.install0000664000000000000000000000004112106665357014277 0ustar usr/lib/*/libwsman_clientpp.so.* debian/libwsman1.install0000664000000000000000000000003012270463723012454 0ustar usr/lib/*/libwsman.so.* debian/python-openwsman.install0000664000000000000000000000012312106651665014112 0ustar usr/lib/python*/dist-packages/_pywsman.so usr/lib/python*/dist-packages/pywsman.py debian/source/0000775000000000000000000000000012061645241010471 5ustar debian/source/format0000664000000000000000000000001412061645241011677 0ustar 3.0 (quilt) debian/control0000664000000000000000000001562412270476202010605 0ustar Source: openwsman Section: admin Priority: extra Maintainer: Ubuntu Developers Build-Depends: debhelper (>= 9.0.0), cmake (>= 2.8.5), libssl-dev, libpam0g-dev, libxml2-dev, libcurl4-openssl-dev, libcimcclient0-dev, swig, python-dev Standards-Version: 3.9.5 Homepage: http://sourceforge.net/projects/openwsman/ Package: openwsman Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Description: Open Web Services Manager Openwsman is a project intended to provide an open-source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that exposes a set of operations focused on and covers all system management aspects. . This package provides a basic WS Manager daemon. Package: libwsman-server1 Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Description: Open Web Services Manager run-time libraries Openwsman is a project intended to provide an open-source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that exposes a set of operations focused on and covers all system management aspects. . This package provides the core run-time libraries. Package: libopenwsman1 Depends: libwsman1, ${misc:Depends} Architecture: all Section: oldlibs Description: Transitional dummy package for libwsman This is a transitional dummy package. It can be safely removed. Package: libwsman1 Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Replaces: libopenwsman1 (<< 2.4.3-0ubuntu4) Breaks: libopenwsman1 (<< 2.4.3-0ubuntu4) Description: Open Web Services Manager run-time libraries Openwsman is a project intended to provide an open-source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that exposes a set of operations focused on and covers all system management aspects. . This package provides the core run-time libraries. Package: libwsman-client2 Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Replaces: libopenwsman1 (<< 2.4.3-0ubuntu4) Breaks: libopenwsman1 (<< 2.4.3-0ubuntu4) Description: Open Web Services Manager run-time libraries Openwsman is a project intended to provide an open-source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that exposes a set of operations focused on and covers all system management aspects. . This package provides the client run-time libraries. Package: libwsman-curl-client-transport1 Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Replaces: libopenwsman1 (<< 2.4.3-0ubuntu4) Breaks: libopenwsman1 (<< 2.4.3-0ubuntu4) Description: Open Web Services Manager run-time libraries Openwsman is a project intended to provide an open-source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that exposes a set of operations focused on and covers all system management aspects. . This package provides the curl client transport run-time libraries. Package: libopenwsman-dev Section: libdevel Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libwsman1 (= ${binary:Version}), openwsman (= ${binary:Version}) Description: Open Web Services Manager library development files Openwsman is a project intended to provide an open-source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that exposes a set of operations focused on and covers all system management aspects. . This package provides the library development headers. Package: libwsman-clientpp1 Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends}, libwsman1 (= ${binary:Version}) Description: Open Web Services Manager C++ bindings Openwsman is a project intended to provide an open-source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that exposes a set of operations focused on and covers all system management aspects. . This package provides the C++ bindings to the Openwsman client libraries Package: libwsman-clientpp-dev Section: libdevel Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libwsman-clientpp1 (= ${binary:Version}) Description: Open Web Services Manager C++ bindings development files Openwsman is a project intended to provide an open-source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that exposes a set of operations focused on and covers all system management aspects. . This package provides the development files for the C++ interface to the Openwsman client libraries Package: python-openwsman Section: python Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libwsman1 (= ${binary:Version}) Description: Open Web Services Manager Python bindings Openwsman is a project intended to provide an open-source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that exposes a set of operations focused on and covers all system management aspects. . This package provides the Python bindings for the Openwsman client API. debian/changelog0000664000000000000000000001322312347565345011061 0ustar openwsman (2.4.3-0ubuntu4.1) trusty-security; urgency=low * SECURITY UPDATE: Add security fixes from upstream openwsman (LP: #1319089) - debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch: ws_xml_make_default_prefix() can overflow buf parameter via sprintf() - debian/patches/wsmc-create-request-fix-buff-overflow.patch: wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW - debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch: address LocalSubscriptionOpUpdate() unchecked fopen() - debian/patches/wsman-get-fault-status-sanity-guard-fix.patch: Fix incorrect order of sanity guards in wsman_get_fault_status_from_doc() - debian/patches/mem-allocation-wsman-init-plugins-fix.patch: Fix unchecked memory allocation in wsman_init_plugins(), p->ifc - debian/patches/mem-allocation-mem-double-newptr-fix.patch: Fix unchecked memory allocation in mem_double(), newptr - debian/patches/mem-allocation-dictionary-new-fix.patch: Fix unchecked memory allocation in dictionary_new(), d, d->val, d->key, d->hash - debian/patches/mem-allocation-u-error-new-fix.patch: Fix unchecked memory allocation in u_error_new(), *error - debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch: sighup_handler() in wsmand.c use of unsafe functions in a signal handler - debian/patches/SHA512-password-fixes.patch: Support SHA512 password encoding, use safe_cmp to prevent brute-force attacks - debian/patches/increase-password-upper-limit.patch: increase password upper limit to 128 characters (from 64) -- Kent Baxley Fri, 06 Jun 2014 12:55:02 -0500 openwsman (2.4.3-0ubuntu4) trusty; urgency=low * debian/control: fix the breaks and replaces version numbers for libopenwsman1. -- Kent Baxley Fri, 24 Jan 2014 08:45:40 -0600 openwsman (2.4.3-0ubuntu3) trusty; urgency=low * debian/control: Added 'Breaks' to each of the new libwsman packages. * debian/control: Added a libopenwsman1 transitional package. * clean up control and .install files to remove extra newlines. -- Kent Baxley Fri, 24 Jan 2014 06:57:58 -0600 openwsman (2.4.3-0ubuntu2) trusty; urgency=low * debian/control: convert libopenwsman package into libwsman1, libwsman-client2, libwsman-curl-client-transport1. * debain/control: break libwsman-server1 into its own package. * Fixes ABI breakage for wsmancli (LP: #1272059). -- Kent Baxley Thu, 23 Jan 2014 15:32:43 -0600 openwsman (2.4.3-0ubuntu1) trusty; urgency=low * Sync with upstream 2.4.3 (LP: #1268707) * debian/control: bump standards version to 3.9.5 * debian/patches: removed cmake-findruby.patch. FTBFS no longer occurs due to overhauled ruby cmake file upstream. -- Kent Baxley Mon, 13 Jan 2014 12:11:37 -0600 openwsman (2.3.6-0ubuntu1) raring; urgency=low * Sync with upstream 2.3.6 * debian/control: Move to standards version 3.9.2 - debian/*.install: Use relative source paths - debian/*.conffiles: Dropped - debian/source/format: New: "3.0 (quilt)" - debian/control: Add debhelper (>= 9.0.0) as build-dependency - debian/rules: Use dh format - debian/rules: Disable dh_auto_test. Testcases fail - debian/rules: Override dh_auto_install to install the client config * debian/control: Add build-dependency on cmake * debian/control: Drop build-dependency on cdbs * debian/control: Multi-Arch conversion for libopenwsman1 and libwsman-clientpp1. * debian/rules: Drop cdbs includes * debian/rules: Drop extra build flags (not required anymore) * debian/libopenwsman-dev.install: Don't install .a files (not built) * debian/patches/cmake-findruby.patch: Fix FTBS caused by a certain usage of braces. * debian/patches/cmake-python-includes.patch: Need to use a different variable which has architecture specific include path as well. -- Stefan Bader Wed, 06 Feb 2013 13:59:29 +0100 openwsman (2.2.3-0ubuntu4) precise; urgency=low * debian/libopenwsman-dev.install: Don't install la-file (LP: #905538) -- Andreas Moog Fri, 16 Dec 2011 23:00:37 +0100 openwsman (2.2.3-0ubuntu3) oneiric; urgency=low * No-change rebuild for libssl0.9.8 -> libssl1.0.0 transition. -- Ilya Barygin Sun, 21 Aug 2011 20:45:34 +0400 openwsman (2.2.3-0ubuntu2) natty; urgency=low [ Mathieu Trudel-Lapierre ] * debian/control: Add build-dep for libcimcclient0-dev, so that the CIM plugins gets built. (LP: #760835) -- Timo Aaltonen Fri, 15 Apr 2011 13:35:38 +0300 openwsman (2.2.3-0ubuntu1) maverick; urgency=low * New upstream release. (LP: #600392) -- Charlie Smotherman Sat, 10 Jul 2010 21:42:15 -0500 openwsman (2.0.0b1-0ubuntu2.2) lucid; urgency=low * Fixes typo in control (LP: #486823) -- arky Wed, 10 Feb 2010 18:42:15 +0530 openwsman (2.0.0b1-0ubuntu2.1) karmic-proposed; urgency=low * add "--disable-more-warnings" to fix FTBFS (LP: #427217) -- Whoopie Sun, 01 Nov 2009 04:11:16 +0100 openwsman (2.0.0b1-0ubuntu2) hardy; urgency=low * Missing depends on library by -dev package. -- Ben Collins Tue, 04 Mar 2008 13:03:17 -0500 openwsman (2.0.0b1-0ubuntu1) hardy; urgency=low * Initial release * Disable eventing support. Causes re-entrant building * src/server/wsmand-daemon.c: Wrap some usages of eventing in ifdef's -- Ben Collins Fri, 29 Feb 2008 14:06:25 -0500 debian/libwsman-clientpp-dev.install0000664000000000000000000000007312106665425014773 0ustar usr/lib/*/libwsman_clientpp.so usr/include/openwsman/cpp/* debian/libwsman-server1.install0000664000000000000000000000003712270462477013774 0ustar usr/lib/*/libwsman_server.so.* debian/rules0000775000000000000000000000154312106665657010271 0ustar #!/usr/bin/make -f export DH_VERBOSE=1 export DH_OPTIONS export CFLAGS=$(shell dpkg-buildflags --get CFLAGS) export CXXFLAGS=$(shell dpkg-buildflags --get CXXFLAGS) export DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) %: dh $@ --builddirectory=build override_dh_auto_configure: mkdir build cd build && cmake .. \ -DLIB=$${prefix}/lib/$(DEB_HOST_MULTIARCH) \ -DCMAKE_LIBRARY_ARCHITECTURE=$(DEB_HOST_MULTIARCH) \ -DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_VERBOSE_MAKEFILE=TRUE \ -DEXPLICIT_TARGET="$(EXPLICIT_TARGET)" \ -DBUILD_RUBY_GEM=no override_dh_auto_install: mkdir -p debian/tmp/etc/openwsman install -m 644 etc/openwsman_client.conf debian/tmp/etc/openwsman/ dh_auto_install -O--builddirectory=build mv debian/tmp/etc/openwsman/owsmangencert.sh \ debian/tmp/usr/sbin/owsmangencert override_dh_auto_test: debian/libopenwsman-dev.install0000664000000000000000000000034612073547640014045 0ustar usr/include/openwsman/*.h usr/include/openwsman/cim/*.h usr/include/openwsman/u/*.h usr/lib/*/libwsman.so usr/lib/*/libwsman_client.so usr/lib/*/libwsman_curl_client_transport.so usr/lib/*/libwsman_server.so usr/lib/*/pkgconfig/* debian/patches/0000775000000000000000000000000012347563452010632 5ustar debian/patches/SHA512-password-fixes.patch0000664000000000000000000000557712347563452015510 0ustar Description: support SHA512 password encoding, use safe_cmp to prevent brute-force attacks . SHA512 passwords needs more space than 64bytes . The runtime of strcmp depends on the string size, thus allows for brute-force password attacks. Replace it by constant-time safe_cmp when comparing usernames and passwords. Author: Forwarded: not-needed Origin: upstream, https://github.com/Openwsman/openwsman/commit/b1c2192f4b4fa04286dc1bb7e467b34926099720 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 Last-Update: 2014-05-19 --- --- openwsman-2.4.3.orig/src/authenticators/file/file_auth.c +++ openwsman-2.4.3/src/authenticators/file/file_auth.c @@ -70,14 +70,31 @@ int initialize(void *arg) { return 0; } +/* + * constant-time comparison to prevent brute-force attacks on authorize() + * + * returns zero only if s1 and s2 are bit-wise identical for the first len characters. + */ +static int +safe_cmp(unsigned const char *s1, unsigned const char *s2, size_t len) +{ + size_t i = 0; + unsigned char result = 0; + while (i++ < len) { + result |= *s1++ ^ *s2++; + } + return result; +} int authorize(char *username, const char *password) { int authorized = 0; - char l[256], u[65], passwd[65]; + char l[256], u[65], passwd[129]; char *newpw = NULL ; + size_t username_l; + size_t min_len; debug( "Checking basic for user: %s; password XXXXX", username); @@ -88,6 +105,7 @@ authorize(char *username, const char *password) username); return 0; } + username_l = strlen(username); FILE *fp = fopen(filename, "r"); if (!fp) { debug( "Couldn't open basic passwd file %s", @@ -99,10 +117,20 @@ authorize(char *username, const char *password) if (sscanf(l, "%64[^:]:%64s", u, passwd) != 2) continue; /* Ignore malformed lines */ debug( "user: %s, passwd: XXXX", u); - if (!strcmp(username, u)) { + min_len = strlen(u); + if (username_l < min_len) { + min_len = username_l; + } + if (!safe_cmp(username, u, min_len)) { + size_t newpw_l; + min_len = strlen(passwd); newpw = crypt(password, passwd); + newpw_l = strlen(newpw); + if (newpw_l < min_len) { + min_len = newpw_l; + } debug( "user: %s, passwd: XXXXX", u ); - authorized = ( strcmp (newpw, passwd) == 0 ); + authorized = ( safe_cmp (newpw, passwd, min_len) == 0 ); break; } } debian/patches/wsman-get-fault-status-sanity-guard-fix.patch0000664000000000000000000000423712347563452021406 0ustar Description: fix incorrect order of sanity guards in wsman_get_fault_status_from_doc(). Author: Forwarded: not-needed Origin: upstream, https://github.com/Openwsman/openwsman/commit/ca68ddd7c24b238cbb94bc97ffac349ff25f07bf Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 Last-Update: 2014-02-27 --- --- openwsman-2.4.3.orig/src/lib/wsman-faults.c +++ openwsman-2.4.3/src/lib/wsman-faults.c @@ -607,22 +607,37 @@ void wsman_get_fault_status_from_doc (WsXmlDocH doc, WsmanStatus *status) { int i; - char *subcode_value=ws_xml_get_xpath_value(doc, FAULT_SUBCODE_VALUE_XPATH); - char *subcode_value_msg =calloc(1,strlen(subcode_value)); - char *start_pos = strchr(subcode_value,':'); - strcpy(subcode_value_msg, start_pos+1); - if (strlen(subcode_value)== 0 ) return ; + char *subcode_value = ws_xml_get_xpath_value(doc, FAULT_SUBCODE_VALUE_XPATH); + char *subcode_value_msg; + char *start_pos; + + if (strlen(subcode_value) == 0) + return; + + subcode_value_msg = calloc(1, strlen(subcode_value)); + if (subcode_value_msg == NULL) { + error("Out of memory"); + status->fault_code = WSMAN_INTERNAL_ERROR; + /* some default values */ + status->fault_detail_code = OWSMAN_SYSTEM_ERROR; + status->fault_msg = NULL; + return; + } + + start_pos = strchr(subcode_value, ':'); + if (start_pos != NULL) { + strcpy(subcode_value_msg, start_pos+1); - int nfaults = sizeof (fault_code_table) / sizeof (fault_code_table[0]); - for (i = 0; i < nfaults; i++) { - if (strcmp (subcode_value_msg , fault_code_table[i].subCode) == 0) { - status->fault_code = fault_code_table[i].fault_code; - //some default values - status->fault_detail_code = 0; - status->fault_msg='\0'; - return; + int nfaults = sizeof (fault_code_table) / sizeof (fault_code_table[0]); + for (i = 0; i < nfaults; i++) { + if (strcmp (subcode_value_msg , fault_code_table[i].subCode) == 0) { + status->fault_code = fault_code_table[i].fault_code; + /* some default values */ + status->fault_detail_code = 0; + status->fault_msg = NULL; + return; + } } - } return; } debian/patches/mem-allocation-u-error-new-fix.patch0000664000000000000000000000142612347563452017523 0ustar Description: fix unchecked memory allocation in u_error_new(), *error Author: Forwarded: not-needed Origin: upstream, https://github.com/Openwsman/openwsman/commit/d9b48a472819b258a34746a07256516653d5a141 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 Last-Update: 2014-02-27 --- --- openwsman-2.4.3.orig/src/lib/u/uerr.c +++ openwsman-2.4.3/src/lib/u/uerr.c @@ -44,6 +44,10 @@ void u_error_new(u_error_t **error, int code, const char *format, ...) return; *error = u_malloc(sizeof(u_error_t)); + if (*error == NULL) { + fprintf(stderr, "u_error_new: memory allocation failure\n"); + return; + } (*error)->code = code; va_start(args, format); (*error)->message = u_strdup_vprintf(format, args); debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch0000664000000000000000000000115212347563452022274 0ustar Description: remove (unsafe) debug() call from sighup_handler Author: Forwarded: not-needed Origin: upstream, https://github.com/Openwsman/openwsman/commit/2cd98b07fa6930727a35da2b7409610b74535cae Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 Last-Update: 2014-02-27 --- --- openwsman-2.4.3.orig/src/server/wsmand.c +++ openwsman-2.4.3/src/server/wsmand.c @@ -141,8 +141,6 @@ static void signal_handler(int sig_num) static void sighup_handler(int sig_num) { - debug("SIGHUP received; reloading data"); - if (wsmand_options_get_debug_level() == 0) { int fd; debian/patches/mem-allocation-wsman-init-plugins-fix.patch0000664000000000000000000000404412347563452021105 0ustar Description: unchecked memory allocation in wsman_init_plugins(), p->ifc return NULL if alloc fails, handle NULL return in callers Author: Forwarded: not-needed Origin: upstream, https://github.com/Openwsman/openwsman/commit/d51551bf791083c00105e5d8ef0b3bc24e5bb4b5 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 Last-Update: 2014-02-27 --- --- openwsman-2.4.3.orig/src/lib/wsman-server.c +++ openwsman-2.4.3/src/lib/wsman-server.c @@ -102,6 +102,10 @@ WsContextH wsman_init_plugins(WsManListenerH * listener) p->ifc = (WsDispatchInterfaceInfo *) malloc(sizeof(WsDispatchInterfaceInfo)); + if (p->ifc == NULL) { + error("Memory allocation error while loading plugin"); + return NULL; + } ifcinfo = p->ifc; ifcinfo->extraData = p->data; p->set_config = dlsym(p->p_handle, "set_config"); --- openwsman-2.4.3.orig/src/server/wsmand-listener.c +++ openwsman-2.4.3/src/server/wsmand-listener.c @@ -674,21 +674,21 @@ WsManListenerH *wsmand_start_server(dictionary * ini) WsManListenerH *listener = wsman_dispatch_list_new(); listener->config = ini; WsContextH cntx = wsman_init_plugins(listener); - int num_threads=0; - int max_threads=wsmand_options_get_max_threads(); + int num_threads = 0; + int max_threads = wsmand_options_get_max_threads(); int max_connections_per_thread = wsmand_options_get_max_connections_per_thread(); - if(max_threads && !max_connections_per_thread){ + if (max_threads && !max_connections_per_thread) { error("max_threads: %d and max_connections_per_thread : %d", max_threads, max_connections_per_thread); return listener; } + if (cntx == NULL) { + return listener; + } #ifdef ENABLE_EVENTING_SUPPORT wsman_event_init(cntx->soap); #endif - if (cntx == NULL) { - return listener; - } #ifndef HAVE_SSL if (use_ssl) { error("Server configured without SSL support"); debian/patches/mem-allocation-dictionary-new-fix.patch0000664000000000000000000000406312347563452020275 0ustar Description: fix unchecked memory allocation in dictionary_new(), d, d->val, d->key, d->hash . iniparser_new might return NULL, handle this case in redirect.c Author: Forwarded: not-needed Origin: https://github.com/Openwsman/openwsman/commit/638abcbf5faa97ccb2c3ab15faeb2f2cc9363b56 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 Last-Update: 2014-02-27 --- --- openwsman-2.4.3.orig/src/lib/u/iniparser.c +++ openwsman-2.4.3/src/lib/u/iniparser.c @@ -218,11 +218,16 @@ static dictionary * dictionary_new(int size) if (sizesize = size ; - d->val = (char **)calloc(size, sizeof(char*)); - d->key = (char **)calloc(size, sizeof(char*)); - d->hash = (unsigned int *)calloc(size, sizeof(unsigned)); - + if (d != NULL) { + d->size = size ; + d->val = (char **)calloc(size, sizeof(char*)); + d->key = (char **)calloc(size, sizeof(char*)); + d->hash = (unsigned int *)calloc(size, sizeof(unsigned)); + } + if ((d == NULL) || (d->val == NULL) || (d->key == NULL) || (d->hash == NULL)) { + fprintf(stderr, "dictionary_new: memory allocation failure\n"); + d = NULL; + } return d; } @@ -884,6 +889,8 @@ dictionary * iniparser_new(char *ininame) * Initialize a new dictionary entry */ d = dictionary_new(0); + if (d == NULL) + return d; lineno = 0 ; while (fgets(lin, ASCIILINESZ, ini)!=NULL) { lineno++ ; --- openwsman-2.4.3.orig/src/plugins/redirect/redirect.c +++ openwsman-2.4.3/src/plugins/redirect/redirect.c @@ -99,7 +99,10 @@ int init( void *self, void **data ) dictionary *ini, *inc_ini; filename = (char *) wsmand_options_get_config_file(); ini = iniparser_new(filename); - + if (ini == NULL) { + error("redirect: iniparser_new failed"); + return 0; + } redirect_data = malloc (sizeof(struct __Redirect_Data)); if (redirect_data == NULL){ error("Failed while allocating memory for redirect_data"); debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch0000664000000000000000000000172212347563452022301 0ustar Description: ws_xml_make_default_prefix() overflow fix [PATCH] ws_xml_make_default_prefix() can overflow buf parameter via sprintf(). Author: Forwarded: not-needed Origin: upstream, https://github.com/Openwsman/openwsman/commit/1c21816f1d2cc63eee6326d0f1340d3341694e60 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 Last-Update: 2014-02-27 --- --- openwsman-2.4.3.orig/src/lib/wsman-xml.c +++ openwsman-2.4.3/src/lib/wsman-xml.c @@ -94,13 +94,13 @@ ws_xml_make_default_prefix(WsXmlNodeH node, for (i = 0; g_wsNsData[i].uri != NULL; i++) { WsXmlNsData *nsd = &g_wsNsData[i]; if (strcmp(uri, nsd->uri) == 0 && nsd->prefix) { - sprintf(buf, "%s", nsd->prefix ); + snprintf(buf, bufsize, "%s", nsd->prefix ); return; } } } if(g_wsNsData[i].uri == NULL && bufsize >= 12) - sprintf(buf, "n%lu", ++doc->prefixIndex); + snprintf(buf, bufsize, "n%lu", ++doc->prefixIndex); else buf[0] = 0; } debian/patches/cmake-python-includes.patch0000664000000000000000000000204712073275422016052 0ustar Description: Use all python include directories PYTHON_INCLUDE_PATH seems deprecated anyway and when compiling the C wrapper it needs the 64bit specific second include directory to find pyconfig.h Forwarded: pending Origin: vendor, while importing a new upstream version Author: Stefan Bader Last-Update: 2013-01-09 Index: openwsman-2.3.6/bindings/python/CMakeLists.txt =================================================================== --- openwsman-2.3.6.orig/bindings/python/CMakeLists.txt 2013-01-09 15:12:41.319560389 +0100 +++ openwsman-2.3.6/bindings/python/CMakeLists.txt 2013-01-09 15:13:07.727689493 +0100 @@ -36,7 +36,7 @@ SET(pywsman_SRCS ${SWIG_OUTPUT} ${CMAKE_ ADD_LIBRARY( pywsman SHARED ${pywsman_SRCS} ) SET_TARGET_PROPERTIES( pywsman PROPERTIES PREFIX "_" ) -INCLUDE_DIRECTORIES( ${PYTHON_INCLUDE_PATH} ) +INCLUDE_DIRECTORIES( ${PYTHON_INCLUDE_DIRS} ) INCLUDE_DIRECTORIES( ${CMAKE_CURRENT_BINARY_DIR} ) INCLUDE_DIRECTORIES( ${CMAKE_SOURCE_DIR} ${CMAKE_SOURCE_DIR}/bindings ${CMAKE_SOURCE_DIR}/include ) debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch0000664000000000000000000000566112347563452020655 0ustar Description: fix LocalSubscriptionOpUpdate() unchecked fopen() Author: Forwarded: not-needed Origin: upstream, https://github.com/Openwsman/openwsman/commit/09c3fcf4d209f6890eb9cb9e554bff637eae73b5 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 Last-Update: 2014-02-27 --- --- openwsman-2.4.3.orig/src/lib/wsman-subscription-repository.c +++ openwsman-2.4.3/src/lib/wsman-subscription-repository.c @@ -91,8 +91,12 @@ int LocalSubscriptionOpGet(char * uri_repository, char * uuid, unsigned char ** if(LocalSubscriptionInitFlag == 0) return -1; char *subs_path = u_strdup_printf ("%s/uuid:%s", uri_repository, uuid); FILE *fp = fopen(subs_path, "r"); + if (fp == NULL) { + fprintf(stderr, "Can't open %s: %s", subs_path, strerror(errno)); + u_free(subs_path); + return -1; + } u_free(subs_path); - if(fp == NULL) return -1; while(!feof(fp)) { memset(block, 0, 512); m = fread(block, 1, 511, fp); @@ -116,8 +120,12 @@ int LocalSubscriptionOpSearch(char * uri_repository, char * uuid) if(LocalSubscriptionInitFlag == 0) return -1; char *subs_path = u_strdup_printf ("%s/uuid:%s", uri_repository, uuid); FILE *fp = fopen(subs_path, "r"); + if (fp == NULL) { + fprintf(stderr, "Can't open %s: %s", subs_path, strerror(errno)); + u_free(subs_path); + return -1; + } u_free(subs_path); - if(fp == NULL) return -1; fclose(fp); return 0; } @@ -145,6 +153,11 @@ int LocalSubscriptionOpLoad (char * uri_repository, list_t * subscription_list) } char *subs_path = u_strdup_printf ("%s/%s", uri_repository, namelist[n]->d_name); FILE *subs = fopen(subs_path, "r"); + if (subs == NULL) { + fprintf(stderr, "Can't open %s: %s", subs_path, strerror(errno)); + u_free(subs_path); + return -1; + } u_free(subs_path); count = 0; buf = NULL; @@ -180,7 +193,10 @@ int LocalSubscriptionOpSave (char * uri_repository, char * uuid, unsigned char * if(LocalSubscriptionInitFlag == 0) return -1; snprintf(buf, U_NAME_MAX, "%s/uuid:%s", uri_repository, uuid); FILE *subsfile = fopen(buf, "w"); - if(subsfile == NULL) return -1; + if (subsfile == NULL) { + fprintf(stderr, "Can't open %s: %s", buf, strerror(errno)); + return -1; + } fprintf(subsfile, "%s", subscriptionDoc); fclose(subsfile); return 0; @@ -201,6 +217,10 @@ int LocalSubscriptionOpUpdate(char * uri_repository, char * uuid, char *expire) ws_xml_set_node_text(node, expire); ws_xml_dump_memory_enc(doc, &temp, &len, "UTF-8"); FILE *subsfile = fopen(buf, "w"); + if (subsfile == NULL) { + fprintf(stderr, "Can't open %s: %s", buf, strerror(errno)); + return -1; + } fprintf(subsfile, "%s", temp); fclose(subsfile); ws_xml_free_memory(temp); debian/patches/mem-allocation-mem-double-newptr-fix.patch0000664000000000000000000000243312347563452020703 0ustar Description: fix unchecked memory allocation in mem_double(), newptr Author: Forwarded: not-needed Origin: upstream, https://github.com/Openwsman/openwsman/commit/89dabd4582e3fbb88328dd780e89baf6efb4ad3f Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 Last-Update: 2014-02-27 --- --- openwsman-2.4.3.orig/src/lib/u/iniparser.c +++ openwsman-2.4.3/src/lib/u/iniparser.c @@ -152,6 +152,10 @@ static void * mem_double(void * ptr, int size) void *newptr; newptr = calloc(2*size, 1); + if (newptr == NULL) { + fprintf(stderr, "mem_double: allocation failed\n"); + return NULL; + } memcpy(newptr, ptr, size); free(ptr); return newptr ; @@ -346,8 +350,14 @@ static void dictionary_set(dictionary * d, char * key, char * val) /* Reached maximum size: reallocate blackboard */ d->val = (char **)mem_double(d->val, d->size * sizeof(char*)) ; + if (d->val == NULL) + exit(1); d->key = (char **)mem_double(d->key, d->size * sizeof(char*)) ; + if (d->key == NULL) + exit(1); d->hash = (unsigned int *)mem_double(d->hash, d->size * sizeof(unsigned)) ; + if (d->hash == NULL) + exit(1); /* Double size */ d->size *= 2 ; debian/patches/series0000664000000000000000000000075212347563452012053 0ustar cmake-python-includes.patch ws-xml-make-default-prefix-buff-overflow-fix.patch wsmc-create-request-fix-buff-overflow.patch LocalSubscriptionOpUpdate-fix-fopen.patch wsman-get-fault-status-sanity-guard-fix.patch mem-allocation-wsman-init-plugins-fix.patch mem-allocation-mem-double-newptr-fix.patch mem-allocation-dictionary-new-fix.patch mem-allocation-u-error-new-fix.patch remove-unsafe-debug-call-from-sighup-handler.patch SHA512-password-fixes.patch increase-password-upper-limit.patch debian/patches/increase-password-upper-limit.patch0000664000000000000000000000154012347563452017551 0ustar Subject: increase password upper limit to 128 characters (from 64) Author: Forwarded: not-needed Origin: upstream, https://github.com/Openwsman/openwsman/commit/9b51b3c49600846751d3e06043da53d93c62b566 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 Last-Update: 2014-05-21 --- --- openwsman-2.4.3.orig/src/authenticators/file/file_auth.c +++ openwsman-2.4.3/src/authenticators/file/file_auth.c @@ -114,7 +114,7 @@ authorize(char *username, const char *password) } while (fgets(l, sizeof(l), fp) != NULL) { - if (sscanf(l, "%64[^:]:%64s", u, passwd) != 2) + if (sscanf(l, "%64[^:]:%128s", u, passwd) != 2) continue; /* Ignore malformed lines */ debug( "user: %s, passwd: XXXX", u); min_len = strlen(u); debian/patches/wsmc-create-request-fix-buff-overflow.patch0000664000000000000000000000266612347563452021132 0ustar Description: wsmc_create_request() buffer overflow fix wsmc_create_request() correct a potential buf[20] overflow via WSMAN_ACTION_RENEW. Author: Forwarded: not-needed Origin: upstream, https://github.com/Openwsman/openwsman/commit/a61b2074a90c9fb3019f49b6b347ad651a3f80af Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 Last-Update: 2014-02-27 --- --- openwsman-2.4.3.orig/src/lib/wsman-client.c +++ openwsman-2.4.3/src/lib/wsman-client.c @@ -855,7 +855,6 @@ wsmc_create_request(WsManClient * cl, const char *resource_uri, WsXmlNodeH header; WsXmlNodeH node; char *_action = NULL; - char buf[20]; if (action == WSMAN_ACTION_IDENTIFY) { request = ws_xml_create_envelope(); } else { @@ -964,14 +963,18 @@ wsmc_create_request(WsManClient * cl, const char *resource_uri, } break; case WSMAN_ACTION_RENEW: + { + char buf[20]; node = ws_xml_add_child(body, XML_NS_EVENTING, WSEVENT_RENEW, NULL); - sprintf(buf, "PT%fS", options->expires); + /* %f default precision is 6 -> [-]ddd.ddd */ + snprintf(buf, 20, "PT%fS", options->expires); ws_xml_add_child(node, XML_NS_EVENTING, WSEVENT_EXPIRES, buf); if(data) { if(((char *)data)[0] != 0) add_subscription_context(ws_xml_get_soap_header(request), (char *)data); } + } break; case WSMAN_ACTION_NONE: case WSMAN_ACTION_TRANSFER_CREATE: debian/copyright0000664000000000000000000000273112061645241011127 0ustar Copyright (C) 2004-2006 Intel Corp. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - Neither the name of Intel Corp. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL Intel Corp. OR THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/libwsman-curl-client-transport1.install0000664000000000000000000000005612270342214016724 0ustar usr/lib/*/libwsman_curl_client_transport.so.*