diff options
| author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-16 03:00:53 -0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-18 12:50:36 +0000 |
| commit | f0cb5fe07c3989d6bdd7ed9d6d051f5b38501572 (patch) | |
| tree | b607c71bdc4c938f5b33a50a10b49b11caadeda2 /meta/recipes-devtools | |
| parent | 0f25f626ec9aaa9d2055b34ee5b3931bb6e880fe (diff) | |
| download | poky-f0cb5fe07c3989d6bdd7ed9d6d051f5b38501572.tar.gz | |
subversion: upgrade 1.9.6 -> 1.9.7
(From OE-Core rev: d3973d787c8af417b6f4d433c3a8a60b5333778e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
| -rw-r--r-- | meta/recipes-devtools/subversion/subversion/CVE-2017-9800.patch | 136 | ||||
| -rw-r--r-- | meta/recipes-devtools/subversion/subversion_1.9.7.bb (renamed from meta/recipes-devtools/subversion/subversion_1.9.6.bb) | 5 |
2 files changed, 2 insertions, 139 deletions
diff --git a/meta/recipes-devtools/subversion/subversion/CVE-2017-9800.patch b/meta/recipes-devtools/subversion/subversion/CVE-2017-9800.patch deleted file mode 100644 index 0599c2badb..0000000000 --- a/meta/recipes-devtools/subversion/subversion/CVE-2017-9800.patch +++ /dev/null | |||
| @@ -1,136 +0,0 @@ | |||
| 1 | ------------------------------------------------------------------------ | ||
| 2 | r1804691 | danielsh | 2017-08-10 11:14:13 -0700 (Thu, 10 Aug 2017) | 18 lines | ||
| 3 | |||
| 4 | Fix CVE-2017-9800. | ||
| 5 | |||
| 6 | See: https://subversion.apache.org/security/CVE-2017-0800-advisory.txt | ||
| 7 | |||
| 8 | * subversion/libsvn_ra_svn/client.c | ||
| 9 | (svn_ctype.h): Include. | ||
| 10 | (find_tunnel_agent): Pass a "--" end-of-options guard to ssh. | ||
| 11 | Expect the 'hostinfo' parameter to be URI-decoded. | ||
| 12 | (is_valid_hostinfo): New. | ||
| 13 | (ra_svn_open): Validate the hostname before using it. | ||
| 14 | |||
| 15 | * subversion/libsvn_subr/config_file.c | ||
| 16 | (svn_config_ensure): Update the example configuration likewise. | ||
| 17 | |||
| 18 | Patch by: philip | ||
| 19 | Review by: danielsh | ||
| 20 | stsp | ||
| 21 | astieger (earlier version) | ||
| 22 | |||
| 23 | Upstream-Status: Backport | ||
| 24 | http://svn.apache.org/viewvc?view=revision&sortby=rev&revision=1804691 | ||
| 25 | |||
| 26 | CVE: CVE-2017-9800 | ||
| 27 | |||
| 28 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
| 29 | --- | ||
| 30 | Index: subversion/libsvn_subr/config_file.c | ||
| 31 | =================================================================== | ||
| 32 | --- subversion/libsvn_subr/config_file.c (revision 1804690) | ||
| 33 | +++ subversion/libsvn_subr/config_file.c (revision 1804691) | ||
| 34 | @@ -1448,12 +1448,12 @@ | ||
| 35 | "### passed to the tunnel agent as <user>@<hostname>.) If the" NL | ||
| 36 | "### built-in ssh scheme were not predefined, it could be defined" NL | ||
| 37 | "### as:" NL | ||
| 38 | - "# ssh = $SVN_SSH ssh -q" NL | ||
| 39 | + "# ssh = $SVN_SSH ssh -q --" NL | ||
| 40 | "### If you wanted to define a new 'rsh' scheme, to be used with" NL | ||
| 41 | "### 'svn+rsh:' URLs, you could do so as follows:" NL | ||
| 42 | - "# rsh = rsh" NL | ||
| 43 | + "# rsh = rsh --" NL | ||
| 44 | "### Or, if you wanted to specify a full path and arguments:" NL | ||
| 45 | - "# rsh = /path/to/rsh -l myusername" NL | ||
| 46 | + "# rsh = /path/to/rsh -l myusername --" NL | ||
| 47 | "### On Windows, if you are specifying a full path to a command," NL | ||
| 48 | "### use a forward slash (/) or a paired backslash (\\\\) as the" NL | ||
| 49 | "### path separator. A single backslash will be treated as an" NL | ||
| 50 | Index: subversion/libsvn_ra_svn/client.c | ||
| 51 | =================================================================== | ||
| 52 | --- subversion/libsvn_ra_svn/client.c (revision 1804690) | ||
| 53 | +++ subversion/libsvn_ra_svn/client.c (revision 1804691) | ||
| 54 | @@ -46,6 +46,7 @@ | ||
| 55 | #include "svn_props.h" | ||
| 56 | #include "svn_mergeinfo.h" | ||
| 57 | #include "svn_version.h" | ||
| 58 | +#include "svn_ctype.h" | ||
| 59 | |||
| 60 | #include "svn_private_config.h" | ||
| 61 | |||
| 62 | @@ -398,7 +399,7 @@ | ||
| 63 | * versions have it too. If the user is using some other ssh | ||
| 64 | * implementation that doesn't accept it, they can override it | ||
| 65 | * in the [tunnels] section of the config. */ | ||
| 66 | - val = "$SVN_SSH ssh -q"; | ||
| 67 | + val = "$SVN_SSH ssh -q --"; | ||
| 68 | } | ||
| 69 | |||
| 70 | if (!val || !*val) | ||
| 71 | @@ -443,7 +444,7 @@ | ||
| 72 | for (n = 0; cmd_argv[n] != NULL; n++) | ||
| 73 | argv[n] = cmd_argv[n]; | ||
| 74 | |||
| 75 | - argv[n++] = svn_path_uri_decode(hostinfo, pool); | ||
| 76 | + argv[n++] = hostinfo; | ||
| 77 | argv[n++] = "svnserve"; | ||
| 78 | argv[n++] = "-t"; | ||
| 79 | argv[n] = NULL; | ||
| 80 | @@ -811,7 +812,33 @@ | ||
| 81 | } | ||
| 82 | |||
| 83 | |||
| 84 | +/* A simple whitelist to ensure the following are valid: | ||
| 85 | + * user@server | ||
| 86 | + * [::1]:22 | ||
| 87 | + * server-name | ||
| 88 | + * server_name | ||
| 89 | + * 127.0.0.1 | ||
| 90 | + * with an extra restriction that a leading '-' is invalid. | ||
| 91 | + */ | ||
| 92 | +static svn_boolean_t | ||
| 93 | +is_valid_hostinfo(const char *hostinfo) | ||
| 94 | +{ | ||
| 95 | + const char *p = hostinfo; | ||
| 96 | |||
| 97 | + if (p[0] == '-') | ||
| 98 | + return FALSE; | ||
| 99 | + | ||
| 100 | + while (*p) | ||
| 101 | + { | ||
| 102 | + if (!svn_ctype_isalnum(*p) && !strchr(":.-_[]@", *p)) | ||
| 103 | + return FALSE; | ||
| 104 | + | ||
| 105 | + ++p; | ||
| 106 | + } | ||
| 107 | + | ||
| 108 | + return TRUE; | ||
| 109 | +} | ||
| 110 | + | ||
| 111 | static svn_error_t *ra_svn_open(svn_ra_session_t *session, | ||
| 112 | const char **corrected_url, | ||
| 113 | const char *url, | ||
| 114 | @@ -844,8 +871,18 @@ | ||
| 115 | || (callbacks->check_tunnel_func && callbacks->open_tunnel_func | ||
| 116 | && !callbacks->check_tunnel_func(callbacks->tunnel_baton, | ||
| 117 | tunnel)))) | ||
| 118 | - SVN_ERR(find_tunnel_agent(tunnel, uri.hostinfo, &tunnel_argv, config, | ||
| 119 | - result_pool)); | ||
| 120 | + { | ||
| 121 | + const char *decoded_hostinfo; | ||
| 122 | + | ||
| 123 | + decoded_hostinfo = svn_path_uri_decode(uri.hostinfo, result_pool); | ||
| 124 | + | ||
| 125 | + if (!is_valid_hostinfo(decoded_hostinfo)) | ||
| 126 | + return svn_error_createf(SVN_ERR_BAD_URL, NULL, _("Invalid host '%s'"), | ||
| 127 | + uri.hostinfo); | ||
| 128 | + | ||
| 129 | + SVN_ERR(find_tunnel_agent(tunnel, decoded_hostinfo, &tunnel_argv, | ||
| 130 | + config, result_pool)); | ||
| 131 | + } | ||
| 132 | else | ||
| 133 | tunnel_argv = NULL; | ||
| 134 | |||
| 135 | |||
| 136 | ------------------------------------------------------------------------ | ||
diff --git a/meta/recipes-devtools/subversion/subversion_1.9.6.bb b/meta/recipes-devtools/subversion/subversion_1.9.7.bb index 532edeb080..57735f7f86 100644 --- a/meta/recipes-devtools/subversion/subversion_1.9.6.bb +++ b/meta/recipes-devtools/subversion/subversion_1.9.7.bb | |||
| @@ -15,11 +15,10 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ | |||
| 15 | file://serf.m4-Regex-modified-to-allow-D-in-paths.patch \ | 15 | file://serf.m4-Regex-modified-to-allow-D-in-paths.patch \ |
| 16 | file://0001-Fix-libtool-name-in-configure.ac.patch \ | 16 | file://0001-Fix-libtool-name-in-configure.ac.patch \ |
| 17 | file://serfmacro.patch \ | 17 | file://serfmacro.patch \ |
| 18 | file://CVE-2017-9800.patch;striplevel=0 \ | ||
| 19 | " | 18 | " |
| 20 | 19 | ||
| 21 | SRC_URI[md5sum] = "f27e00338d4a9f7f9aec9d4a3f8b418b" | 20 | SRC_URI[md5sum] = "05b0c677681073920f938c1f322e0be2" |
| 22 | SRC_URI[sha256sum] = "dbcbc51fb634082f009121f2cb64350ce32146612787ffb0f7ced351aacaae19" | 21 | SRC_URI[sha256sum] = "c3b118333ce12e501d509e66bb0a47bcc34d053990acab45559431ac3e491623" |
| 23 | 22 | ||
| 24 | LIC_FILES_CHKSUM = "file://LICENSE;md5=af81ae49ba359e70626c05e9bf313709" | 23 | LIC_FILES_CHKSUM = "file://LICENSE;md5=af81ae49ba359e70626c05e9bf313709" |
| 25 | 24 | ||