mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-11 02:50:24 +00:00
Code Issues Releases Activity

Update:

Browse Source 
devel/subversion to 1.8.1
   devel/subversion16 to 1.7.11

 These releases fix CVE-2013-4131
 http://subversion.apache.org/security/CVE-2013-4131-advisory.txt

Approved by:	Olli Hauer <ohauer@FreeBSD.org> for devel/subversion17
Security:	CVE-2013-4131
This commit is contained in:
Lev A. Serebryakov 2013-07-24 17:18:50 +00:00
parent 721986acee
commit c24d6a1a61
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=323611
8 changed files with 50 additions and 230 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
devel/subversion/Makefile
View File

@ -119,6 +119,14 @@ BUILD_DEPENDS+= ${OLD_LIB_DEPENDS}
LIB_DEPENDS=
.endif
TOOLS_STATIC_BINARIES= client-side/svn-bench/svn-bench server-side/svnauthz \
server-side/fsfs-stats \
server-side/svn-populate-node-origins-index \
server-side/svnauthz-validate \
server-side/svn-rep-sharing-stats dev/fsfs-reorg \
dev/svnraisetreeconflict/svnraisetreeconflict \
dev/fsfs-access-map diff/diff3 diff/diff diff/diff4
pre-everything::
@${ECHO_MSG} ""
.if ${PORT_OPTIONS:MBDB}
@ -256,6 +264,10 @@ post-install: ${MKREPOS_TARGET}
.endif
.endif
@${MKDIR} ${DATADIR}
.if ${PORT_OPTIONS:MSTATIC}
cd ${WRKSRC}/tools ; \
${RM} ${TOOLS_STATIC_BINARIES}
.endif
cd ${WRKSRC}/tools ; \
${TAR} --exclude '*.in' --exclude '.libs' --exclude '*.o' --exclude '*.lo' --exclude '*.la' --exclude='*.slo' -cf - * | ${TAR} -C ${DATADIR} -xf -
# ugly hack to remove libtool scripts ...

4
devel/subversion/Makefile.common
View File

@ -2,8 +2,8 @@
# $FreeBSD$
PORTNAME= subversion
PORTVERSION= 1.8.0
PORTREVISION?= 3
PORTVERSION= 1.8.1
PORTREVISION?= 0
CATEGORIES+= devel
MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:main/} \
${MASTER_SITE_LOCAL:S/$/:book/}

4
devel/subversion/distinfo
View File

@ -1,5 +1,5 @@
SHA256 (subversion18/subversion-1.8.0.tar.bz2) = a470803293a8aced445cff0f7b24b95ad276600af55d4b24b1e196fd2de87f10
SIZE (subversion18/subversion-1.8.0.tar.bz2) = 6711904
SHA256 (subversion18/subversion-1.8.1.tar.bz2) = faaaaedba25777331e761884598af1dd9fe33631d6415b2e0ba5348867c4edb4
SIZE (subversion18/subversion-1.8.1.tar.bz2) = 6770843
SHA256 (subversion18/svn-book-html-r4515.tar.bz2) = 666cef147abc9b917a6bb6527da4f4869221d793126289c715f002bfb2baa508
SIZE (subversion18/svn-book-html-r4515.tar.bz2) = 473182
SHA256 (subversion18/svn-book-r4515.pdf) = 962d524ae2c861ec48a45723c484f4f5e1826ee2f9ccfe58b07b96af67b0bf5e

77
devel/subversion/files/patch-fix4383
View File

@ -1,77 +0,0 @@
Index: subversion/libsvn_wc/wc_db_wcroot.c
===================================================================
--- subversion/libsvn_wc/wc_db_wcroot.c (revision 1496006)
+++ subversion/libsvn_wc/wc_db_wcroot.c (revision 1496007)
@@ -434,6 +434,8 @@
svn_boolean_t always_check = FALSE;
int wc_format = 0;
const char *adm_relpath;
+ /* Non-NULL if WCROOT is found through a symlink: */
+ const char *symlink_wcroot_abspath = NULL;
/* ### we need more logic for finding the database (if it is located
### outside of the wcroot) and then managing all of that within DB.
@@ -611,6 +613,7 @@
if (found_wcroot)
break;
+ symlink_wcroot_abspath = local_abspath;
SVN_ERR(read_link_target(&local_abspath, local_abspath,
scratch_pool));
try_symlink_as_dir:
@@ -632,6 +635,7 @@
local_abspath = svn_dirent_dirname(local_abspath, scratch_pool);
moved_upwards = TRUE;
+ symlink_wcroot_abspath = NULL;
/* Is the parent directory recorded in our hash? */
found_wcroot = svn_hash_gets(db->dir_data, local_abspath);
@@ -669,7 +673,10 @@
(ie. where we found it). */
err = svn_wc__db_pdh_create_wcroot(wcroot,
- apr_pstrdup(db->state_pool, local_abspath),
+ apr_pstrdup(db->state_pool,
+ symlink_wcroot_abspath
+ ? symlink_wcroot_abspath
+ : local_abspath),
sdb, wc_id, FORMAT_FROM_SDB,
db->verify_format, db->enforce_empty_wq,
db->state_pool, scratch_pool);
@@ -737,7 +744,10 @@
}
SVN_ERR(svn_wc__db_pdh_create_wcroot(wcroot,
- apr_pstrdup(db->state_pool, local_abspath),
+ apr_pstrdup(db->state_pool,
+ symlink_wcroot_abspath
+ ? symlink_wcroot_abspath
+ : local_abspath),
NULL, UNKNOWN_WC_ID, wc_format,
db->verify_format, db->enforce_empty_wq,
db->state_pool, scratch_pool));
@@ -809,6 +819,7 @@
scratch_pool));
if (resolved_kind == svn_node_dir)
{
+ symlink_wcroot_abspath = original_abspath;
SVN_ERR(read_link_target(&local_abspath, original_abspath,
scratch_pool));
/* This handle was opened in this function but is not going
@@ -826,6 +837,15 @@
apr_pstrdup(db->state_pool, local_dir_abspath),
*wcroot);
+ /* If the WCROOT was found through a symlink pointing at the root of
+ * the WC, its cache entry is now keyed on the link's target path.
+ * Cache the WCROOT under the symlink's path as well. Otherwise, future
+ * wcroot queries for the symlink path would construct a fresh wcroot. */
+ if (symlink_wcroot_abspath)
+ svn_hash_sets(db->dir_data,
+ apr_pstrdup(db->state_pool, symlink_wcroot_abspath),
+ *wcroot);
+
/* Did we traverse up to parent directories? */
if (!moved_upwards)
{

145
devel/subversion/files/patch-subversion--libsvn_subr--gpg_agent.c
View File

@ -1,145 +0,0 @@
--- subversion/libsvn_subr/gpg_agent.c 2013/07/08 14:27:14 1500761
+++ subversion/libsvn_subr/gpg_agent.c 2013/07/08 14:29:04 1500762
@@ -156,42 +156,28 @@
return (strncmp(buf, "OK", 2) == 0);
}
-/* Implementation of svn_auth__password_get_t that retrieves the password
- from gpg-agent */
+
+/* Locate a running GPG Agent, and return an open file descriptor
+ * for communication with the agent in *NEW_SD. If no running agent
+ * can be found, set *NEW_SD to -1. */
static svn_error_t *
-password_get_gpg_agent(svn_boolean_t *done,
- const char **password,
- apr_hash_t *creds,
- const char *realmstring,
- const char *username,
- apr_hash_t *parameters,
- svn_boolean_t non_interactive,
- apr_pool_t *pool)
+find_running_gpg_agent(int *new_sd, apr_pool_t *pool)
{
- int sd;
+ char *buffer;
char *gpg_agent_info = NULL;
+ const char *socket_name = NULL;
+ const char *request = NULL;
const char *p = NULL;
char *ep = NULL;
- char *buffer;
-
- apr_array_header_t *socket_details;
- const char *request = NULL;
- const char *cache_id = NULL;
- struct sockaddr_un addr;
- const char *tty_name;
- const char *tty_type;
- const char *lc_ctype;
- const char *display;
- const char *socket_name = NULL;
- svn_checksum_t *digest = NULL;
- char *password_prompt;
- char *realm_prompt;
+ int sd;
- *done = FALSE;
+ *new_sd = -1;
gpg_agent_info = getenv("GPG_AGENT_INFO");
if (gpg_agent_info != NULL)
{
+ apr_array_header_t *socket_details;
+
socket_details = svn_cstring_split(gpg_agent_info, ":", TRUE,
pool);
socket_name = APR_ARRAY_IDX(socket_details, 0, const char *);
@@ -201,6 +187,8 @@
if (socket_name != NULL)
{
+ struct sockaddr_un addr;
+
addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, socket_name, sizeof(addr.sun_path) - 1);
addr.sun_path[sizeof(addr.sun_path) - 1] = '\0';
@@ -273,6 +261,44 @@
return SVN_NO_ERROR;
}
+ *new_sd = sd;
+ return SVN_NO_ERROR;
+}
+
+/* Implementation of svn_auth__password_get_t that retrieves the password
+ from gpg-agent */
+static svn_error_t *
+password_get_gpg_agent(svn_boolean_t *done,
+ const char **password,
+ apr_hash_t *creds,
+ const char *realmstring,
+ const char *username,
+ apr_hash_t *parameters,
+ svn_boolean_t non_interactive,
+ apr_pool_t *pool)
+{
+ int sd;
+ const char *p = NULL;
+ char *ep = NULL;
+ char *buffer;
+ const char *request = NULL;
+ const char *cache_id = NULL;
+ const char *tty_name;
+ const char *tty_type;
+ const char *lc_ctype;
+ const char *display;
+ svn_checksum_t *digest = NULL;
+ char *password_prompt;
+ char *realm_prompt;
+
+ *done = FALSE;
+
+ SVN_ERR(find_running_gpg_agent(&sd, pool));
+ if (sd == -1)
+ return SVN_NO_ERROR;
+
+ buffer = apr_palloc(pool, BUFFER_SIZE);
+
/* Send TTY_NAME to the gpg-agent daemon. */
tty_name = getenv("GPG_TTY");
if (tty_name != NULL)
@@ -388,8 +414,8 @@
password in GPG Agent if that's how this particular integration
worked. But it isn't. GPG Agent stores the password provided by
the user via the pinentry program immediately upon its provision
- (and regardless of its accuracy as passwords go), so there's
- nothing really to do here. */
+ (and regardless of its accuracy as passwords go), so we just need
+ to check if a usable GPG Agent exists. */
static svn_error_t *
password_set_gpg_agent(svn_boolean_t *done,
apr_hash_t *creds,
@@ -400,7 +426,21 @@
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
- *done = TRUE;
+ int sd;
+ const char *tty_name;
+
+ *done = FALSE;
+
+ SVN_ERR(find_running_gpg_agent(&sd, pool));
+ if (sd == -1)
+ return SVN_NO_ERROR;
+
+ close(sd);
+
+ /* Also ensure that GPG_TTY is set in the evironment.
+ * If it isn't set the user won't be prompted by the agent. */
+ tty_name = getenv("GPG_TTY");
+ *done = (tty_name != NULL);
return SVN_NO_ERROR;
}

4
devel/subversion17/Makefile.common
View File

@ -2,8 +2,8 @@
# $FreeBSD$
PORTNAME= subversion
PORTVERSION= 1.7.10
PORTREVISION?= 1
PORTVERSION= 1.7.11
PORTREVISION?= 0
CATEGORIES+= devel
MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:main/} \
${MASTER_SITE_LOCAL:S/$/:book/}

4
devel/subversion17/distinfo
View File

@ -1,5 +1,5 @@
SHA256 (subversion17/subversion-1.7.10.tar.bz2) = c1df222bec83d014d17785e2ceba6bc80962f64b280967de0285836d8d77a8e7
SIZE (subversion17/subversion-1.7.10.tar.bz2) = 5952121
SHA256 (subversion17/subversion-1.7.11.tar.bz2) = c383b19d8d0db4c736570f1eb6af196416b26d0b3bde64ae60988a9d1f7ac3c0
SIZE (subversion17/subversion-1.7.11.tar.bz2) = 6042338
SHA256 (subversion17/svn-book-html-r4515.tar.bz2) = 666cef147abc9b917a6bb6527da4f4869221d793126289c715f002bfb2baa508
SIZE (subversion17/svn-book-html-r4515.tar.bz2) = 473182
SHA256 (subversion17/svn-book-r4515.pdf) = 962d524ae2c861ec48a45723c484f4f5e1826ee2f9ccfe58b07b96af67b0bf5e

30
security/vuxml/vuln.xml
View File

@ -51,6 +51,36 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="2ae24334-f2e6-11e2-8346-001e8c75030d">
<topic>subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow.</topic>
<affects>
<package>
<name>subversion</name>
<range><ge>1.8.0</ge><lt>1.8.1</lt></range>
<range><ge>1.7.0</ge><lt>1.7.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Subversion Project reports:</p>
<blockquote cite="http://subversion.apache.org/security/CVE-2013-4131-advisory.txt">
<p>Subversion's mod_dav_svn Apache HTTPD server module will trigger an assertion
on some requests made against a revision root. This can lead to a DoS.
If assertions are disabled it will trigger a read overflow which may cause a
SEGFAULT (or equivalent) or undefined behavior.</p>
<p>Commit access is required to exploit this.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-4131</cvename>
</references>
<dates>
<discovery>2013-07-19</discovery>
<entry>2013-07-24</entry>
</dates>
</vuln>
<vuln vid="2fbfd455-f2d0-11e2-8a46-000d601460a4">
<topic>suPHP -- Privilege escalation</topic>
<affects>