[Bug 1334832] Re: Update to upstream 2.4.7 for Utopic

Kent Baxley 1334832 at bugs.launchpad.net
Thu Jul 10 13:43:26 UTC 2014 

** Patch added: "openwsman.debdiff"
   https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1334832/+attachment/4149603/+files/openwsman.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1334832

Title:
  Update to upstream 2.4.7 for Utopic

Status in “openwsman” package in Ubuntu:
  New

Bug description:
  A few bug fixes and new features:

  2.4.7
  - Bugfixes
    - file authenticator: allow password hash of up to 128 characters
    - libu: don't exit() on malloc errors

  2.4.6
  - Features
    - Support large hashes (like SHA512) in file authentication
    - use constant-time password compare to prevent brute-force attacks
    - Create server-plugin-ruby as separate RPM
    - Add Unisys namespace and CIM class prefix 'SPAR'
    - Alias openwsman and openwsmand systemd services
    - Also create respective rc-commands: rcopenwsman, rcopenwsmand
      (SUSE only)
  - Bugfixes
    - Fix crash on invalide resource URI  
    - Fix resource namespace for DCIM_ classes

  2.4.5
  - Features
    - enforce SSL operation in systemd service
    - Add /usr/sbin/rcopenwsman for systemd environments
    - New environment variable 'OPENWSMAN_CURL_TRANSPORT_SSLVERSION' to
      select SSL protocol version. Set it to 'tlsv1.2' for TLS-v1.2
      (anstein)
  - Bugfixes
    - Fix memory leaks in redirect plugin (Praveen K Paladugu)
    - shttpd: Improve error reporting if SSL context fails
    - Builds on Fedora 20 now

  2.4.4
  - Security update
    - ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
    - ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
    - wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW
    - LocalSubscriptionOpUpdate() unchecked fopen()
    - Incorrect order of sanity guards in wsman_get_fault_status_from_doc()
    - Unchecked memory allocation in wsman_init_plugins(), p->ifc
    - Unchecked memory allocation in mem_double(), newptr
    - Unchecked memory allocation in dictionary_new(), d, d->val, d->key, d->hash
    - Unchecked memory allocation in u_error_new(), *error
    - sighup_handler() in wsmand.c uses unsafe functions in a signal handler
  - Features
    - add rcopenwsman command to systemd environments
    - add rcopenwsmand command for backwards compatibility
  - Bindings
    - support rdoc 2.1 in Ruby bindings
    - cmake: use PYTHON_INCLUDE_DIRS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1334832/+subscriptions

More information about the Ubuntu-sponsors mailing list