diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-16 03:00:53 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-18 12:50:36 +0000 |
commit | f0cb5fe07c3989d6bdd7ed9d6d051f5b38501572 (patch) | |
tree | b607c71bdc4c938f5b33a50a10b49b11caadeda2 /meta/recipes-devtools/subversion | |
parent | 0f25f626ec9aaa9d2055b34ee5b3931bb6e880fe (diff) | |
download | poky-f0cb5fe07c3989d6bdd7ed9d6d051f5b38501572.tar.gz |
subversion: upgrade 1.9.6 -> 1.9.7
(From OE-Core rev: d3973d787c8af417b6f4d433c3a8a60b5333778e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/subversion')
-rw-r--r-- | meta/recipes-devtools/subversion/subversion/CVE-2017-9800.patch | 136 | ||||
-rw-r--r-- | meta/recipes-devtools/subversion/subversion_1.9.7.bb (renamed from meta/recipes-devtools/subversion/subversion_1.9.6.bb) | 5 |
2 files changed, 2 insertions, 139 deletions
diff --git a/meta/recipes-devtools/subversion/subversion/CVE-2017-9800.patch b/meta/recipes-devtools/subversion/subversion/CVE-2017-9800.patch deleted file mode 100644 index 0599c2badb..0000000000 --- a/meta/recipes-devtools/subversion/subversion/CVE-2017-9800.patch +++ /dev/null | |||
@@ -1,136 +0,0 @@ | |||
1 | ------------------------------------------------------------------------ | ||
2 | r1804691 | danielsh | 2017-08-10 11:14:13 -0700 (Thu, 10 Aug 2017) | 18 lines | ||
3 | |||
4 | Fix CVE-2017-9800. | ||
5 | |||
6 | See: https://subversion.apache.org/security/CVE-2017-0800-advisory.txt | ||
7 | |||
8 | * subversion/libsvn_ra_svn/client.c | ||
9 | (svn_ctype.h): Include. | ||
10 | (find_tunnel_agent): Pass a "--" end-of-options guard to ssh. | ||
11 | Expect the 'hostinfo' parameter to be URI-decoded. | ||
12 | (is_valid_hostinfo): New. | ||
13 | (ra_svn_open): Validate the hostname before using it. | ||
14 | |||
15 | * subversion/libsvn_subr/config_file.c | ||
16 | (svn_config_ensure): Update the example configuration likewise. | ||
17 | |||
18 | Patch by: philip | ||
19 | Review by: danielsh | ||
20 | stsp | ||
21 | astieger (earlier version) | ||
22 | |||
23 | Upstream-Status: Backport | ||
24 | http://svn.apache.org/viewvc?view=revision&sortby=rev&revision=1804691 | ||
25 | |||
26 | CVE: CVE-2017-9800 | ||
27 | |||
28 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
29 | --- | ||
30 | Index: subversion/libsvn_subr/config_file.c | ||
31 | =================================================================== | ||
32 | --- subversion/libsvn_subr/config_file.c (revision 1804690) | ||
33 | +++ subversion/libsvn_subr/config_file.c (revision 1804691) | ||
34 | @@ -1448,12 +1448,12 @@ | ||
35 | "### passed to the tunnel agent as <user>@<hostname>.) If the" NL | ||
36 | "### built-in ssh scheme were not predefined, it could be defined" NL | ||
37 | "### as:" NL | ||
38 | - "# ssh = $SVN_SSH ssh -q" NL | ||
39 | + "# ssh = $SVN_SSH ssh -q --" NL | ||
40 | "### If you wanted to define a new 'rsh' scheme, to be used with" NL | ||
41 | "### 'svn+rsh:' URLs, you could do so as follows:" NL | ||
42 | - "# rsh = rsh" NL | ||
43 | + "# rsh = rsh --" NL | ||
44 | "### Or, if you wanted to specify a full path and arguments:" NL | ||
45 | - "# rsh = /path/to/rsh -l myusername" NL | ||
46 | + "# rsh = /path/to/rsh -l myusername --" NL | ||
47 | "### On Windows, if you are specifying a full path to a command," NL | ||
48 | "### use a forward slash (/) or a paired backslash (\\\\) as the" NL | ||
49 | "### path separator. A single backslash will be treated as an" NL | ||
50 | Index: subversion/libsvn_ra_svn/client.c | ||
51 | =================================================================== | ||
52 | --- subversion/libsvn_ra_svn/client.c (revision 1804690) | ||
53 | +++ subversion/libsvn_ra_svn/client.c (revision 1804691) | ||
54 | @@ -46,6 +46,7 @@ | ||
55 | #include "svn_props.h" | ||
56 | #include "svn_mergeinfo.h" | ||
57 | #include "svn_version.h" | ||
58 | +#include "svn_ctype.h" | ||
59 | |||
60 | #include "svn_private_config.h" | ||
61 | |||
62 | @@ -398,7 +399,7 @@ | ||
63 | * versions have it too. If the user is using some other ssh | ||
64 | * implementation that doesn't accept it, they can override it | ||
65 | * in the [tunnels] section of the config. */ | ||
66 | - val = "$SVN_SSH ssh -q"; | ||
67 | + val = "$SVN_SSH ssh -q --"; | ||
68 | } | ||
69 | |||
70 | if (!val || !*val) | ||
71 | @@ -443,7 +444,7 @@ | ||
72 | for (n = 0; cmd_argv[n] != NULL; n++) | ||
73 | argv[n] = cmd_argv[n]; | ||
74 | |||
75 | - argv[n++] = svn_path_uri_decode(hostinfo, pool); | ||
76 | + argv[n++] = hostinfo; | ||
77 | argv[n++] = "svnserve"; | ||
78 | argv[n++] = "-t"; | ||
79 | argv[n] = NULL; | ||
80 | @@ -811,7 +812,33 @@ | ||
81 | } | ||
82 | |||
83 | |||
84 | +/* A simple whitelist to ensure the following are valid: | ||
85 | + * user@server | ||
86 | + * [::1]:22 | ||
87 | + * server-name | ||
88 | + * server_name | ||
89 | + * 127.0.0.1 | ||
90 | + * with an extra restriction that a leading '-' is invalid. | ||
91 | + */ | ||
92 | +static svn_boolean_t | ||
93 | +is_valid_hostinfo(const char *hostinfo) | ||
94 | +{ | ||
95 | + const char *p = hostinfo; | ||
96 | |||
97 | + if (p[0] == '-') | ||
98 | + return FALSE; | ||
99 | + | ||
100 | + while (*p) | ||
101 | + { | ||
102 | + if (!svn_ctype_isalnum(*p) && !strchr(":.-_[]@", *p)) | ||
103 | + return FALSE; | ||
104 | + | ||
105 | + ++p; | ||
106 | + } | ||
107 | + | ||
108 | + return TRUE; | ||
109 | +} | ||
110 | + | ||
111 | static svn_error_t *ra_svn_open(svn_ra_session_t *session, | ||
112 | const char **corrected_url, | ||
113 | const char *url, | ||
114 | @@ -844,8 +871,18 @@ | ||
115 | || (callbacks->check_tunnel_func && callbacks->open_tunnel_func | ||
116 | && !callbacks->check_tunnel_func(callbacks->tunnel_baton, | ||
117 | tunnel)))) | ||
118 | - SVN_ERR(find_tunnel_agent(tunnel, uri.hostinfo, &tunnel_argv, config, | ||
119 | - result_pool)); | ||
120 | + { | ||
121 | + const char *decoded_hostinfo; | ||
122 | + | ||
123 | + decoded_hostinfo = svn_path_uri_decode(uri.hostinfo, result_pool); | ||
124 | + | ||
125 | + if (!is_valid_hostinfo(decoded_hostinfo)) | ||
126 | + return svn_error_createf(SVN_ERR_BAD_URL, NULL, _("Invalid host '%s'"), | ||
127 | + uri.hostinfo); | ||
128 | + | ||
129 | + SVN_ERR(find_tunnel_agent(tunnel, decoded_hostinfo, &tunnel_argv, | ||
130 | + config, result_pool)); | ||
131 | + } | ||
132 | else | ||
133 | tunnel_argv = NULL; | ||
134 | |||
135 | |||
136 | ------------------------------------------------------------------------ | ||
diff --git a/meta/recipes-devtools/subversion/subversion_1.9.6.bb b/meta/recipes-devtools/subversion/subversion_1.9.7.bb index 532edeb080..57735f7f86 100644 --- a/meta/recipes-devtools/subversion/subversion_1.9.6.bb +++ b/meta/recipes-devtools/subversion/subversion_1.9.7.bb | |||
@@ -15,11 +15,10 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ | |||
15 | file://serf.m4-Regex-modified-to-allow-D-in-paths.patch \ | 15 | file://serf.m4-Regex-modified-to-allow-D-in-paths.patch \ |
16 | file://0001-Fix-libtool-name-in-configure.ac.patch \ | 16 | file://0001-Fix-libtool-name-in-configure.ac.patch \ |
17 | file://serfmacro.patch \ | 17 | file://serfmacro.patch \ |
18 | file://CVE-2017-9800.patch;striplevel=0 \ | ||
19 | " | 18 | " |
20 | 19 | ||
21 | SRC_URI[md5sum] = "f27e00338d4a9f7f9aec9d4a3f8b418b" | 20 | SRC_URI[md5sum] = "05b0c677681073920f938c1f322e0be2" |
22 | SRC_URI[sha256sum] = "dbcbc51fb634082f009121f2cb64350ce32146612787ffb0f7ced351aacaae19" | 21 | SRC_URI[sha256sum] = "c3b118333ce12e501d509e66bb0a47bcc34d053990acab45559431ac3e491623" |
23 | 22 | ||
24 | LIC_FILES_CHKSUM = "file://LICENSE;md5=af81ae49ba359e70626c05e9bf313709" | 23 | LIC_FILES_CHKSUM = "file://LICENSE;md5=af81ae49ba359e70626c05e9bf313709" |
25 | 24 | ||