Re: [PATCH 1/6] subversion: Security Advisory - subversion - CVE-2014-3528

All of lore.kernel.org
 help / color / mirror / Atom feed

From: wenzong fan <wenzong.fan@windriver.com>
To: akuster808 <akuster808@gmail.com>,
	<openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 1/6] subversion: Security Advisory - subversion - CVE-2014-3528
Date: Wed, 19 Nov 2014 17:18:08 +0800	[thread overview]
Message-ID: <546C6050.9070209@windriver.com> (raw)
In-Reply-To: <546C3390.7060803@gmail.com>

On 11/19/2014 02:07 PM, akuster808 wrote:
> Wenzong,
>
> I wanted to just patch 1.8.9 for dizzy since 1.8.10 included more than
> just security fixes.   Looks like my subject should have included
> [dizzy] even though the cover letter did.  I will have to be more
> careful next time.
>

You have clear cover page 'Dizzy next':)

Since I updated serf on master, so I wonder how the subversion related 
CVEes will be processed on Dizzy.

Thanks for the clarification.

Wenzong


> thanks,
> Armin
>
> On 11/18/2014 05:29 PM, wenzong fan wrote:
>> There's subversion 1.8.10 in master branch that has included the CVE
>> fixes.
>>
>> Would you like to backport 1.8.10 from master? Or just patch 1.8.9 to
>> fix this CVE?
>>
>> Thanks
>> Wenzong
>>
>> On 11/19/2014 12:18 AM, Armin Kuster wrote:
>>> From: Yue Tao <Yue.Tao@windriver.com>
>>>
>>> Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
>>> 1.8.10 uses an MD5 hash of the URL and authentication realm to store
>>> cached credentials, which makes it easier for remote servers to obtain
>>> the credentials via a crafted authentication realm.
>>>
>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528
>>>
>>> (From OE-Core rev: e0dc0432b13f38d16f642bdadf8ebc78b7a74806)
>>>
>>> Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
>>> Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
>>> Signed-off-by: Ross Burton <ross.burton@intel.com>
>>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>>> ---
>>>   .../subversion/subversion-CVE-2014-3528.patch      | 29
>>> ++++++++++++++++++++++
>>>   .../subversion/subversion_1.6.15.bb                |  1 +
>>>   .../subversion/subversion_1.8.9.bb                 |  1 +
>>>   3 files changed, 31 insertions(+)
>>>   create mode 100644
>>> meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
>>>
>>>
>>>
>>> diff --git
>>> a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
>>>
>>> b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
>>>
>>>
>>> new file mode 100644
>>> index 0000000..23e738e
>>> --- /dev/null
>>> +++
>>> b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
>>>
>>>
>>> @@ -0,0 +1,29 @@
>>> +Upstream-Status: Backport
>>> +
>>> +Signed-off-by: Yue Tao <yue.tao@windriver.com>
>>> +
>>> +diff --git a/subversion/libsvn_subr/config_auth.c.old
>>> b/subversion/libsvn_subr/config_auth.c
>>> +index ff50270..c511d04 100644
>>> +--- a/subversion/libsvn_subr/config_auth.c.old
>>> ++++ b/subversion/libsvn_subr/config_auth.c
>>> +@@ -85,6 +85,7 @@ svn_config_read_auth_data(apr_hash_t **hash,
>>> +   if (kind == svn_node_file)
>>> +     {
>>> +       svn_stream_t *stream;
>>> ++      svn_string_t *stored_realm;
>>> +
>>> +       SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool,
>>> pool),
>>> +                 _("Unable to open auth file for reading"));
>>> +@@ -95,6 +96,12 @@ svn_config_read_auth_data(apr_hash_t **hash,
>>> +                 apr_psprintf(pool, _("Error parsing '%s'"),
>>> +                              svn_path_local_style(auth_path, pool)));
>>> +
>>> ++      stored_realm = apr_hash_get(*hash, SVN_CONFIG_REALMSTRING_KEY,
>>> ++                                  APR_HASH_KEY_STRING);
>>> ++
>>> ++      if (!stored_realm || strcmp(stored_realm->data, realmstring)
>>> != 0)
>>> ++        *hash = NULL; /* Hash collision, or somebody tampering with
>>> storage */
>>> ++
>>> +       SVN_ERR(svn_stream_close(stream));
>>> +     }
>>> +
>>> diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
>>> b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
>>> index 6680ab6..b135bb7 100644
>>> --- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
>>> +++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
>>> @@ -19,6 +19,7 @@ SRC_URI =
>>> "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
>>>              file://subversion-CVE-2013-1847-CVE-2013-1846.patch \
>>>              file://subversion-CVE-2013-4277.patch \
>>>              file://subversion-CVE-2014-3522.patch \
>>> +           file://subversion-CVE-2014-3528.patch \
>>>   "
>>>
>>>   SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"
>>> diff --git a/meta/recipes-devtools/subversion/subversion_1.8.9.bb
>>> b/meta/recipes-devtools/subversion/subversion_1.8.9.bb
>>> index e1ab945..1ef59a0 100644
>>> --- a/meta/recipes-devtools/subversion/subversion_1.8.9.bb
>>> +++ b/meta/recipes-devtools/subversion/subversion_1.8.9.bb
>>> @@ -13,6 +13,7 @@ SRC_URI =
>>> "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
>>>              file://libtool2.patch \
>>>              file://disable_macos.patch \
>>>              file://subversion-CVE-2014-3522.patch;striplevel=0 \
>>> +           file://subversion-CVE-2014-3528.patch \
>>>   "
>>>   SRC_URI[md5sum] = "bd495517a760ddd764ce449a891971db"
>>>   SRC_URI[sha256sum] =
>>> "45d708a5c3ffbef4b2a1044c4716a053e680763743d1f7ba99d0369f6da49e33"
>>>
>
>

next prev parent reply	other threads:[~2014-11-19  9:18 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-18 16:18 [PATCH 0/6] Dizzy Next Armin Kuster
2014-11-18 16:18 ` [PATCH 1/6] subversion: Security Advisory - subversion - CVE-2014-3528 Armin Kuster
2014-11-19  1:29   ` wenzong fan
2014-11-19  6:07     ` akuster808
2014-11-19  9:18       ` wenzong fan [this message]
2014-11-18 16:18 ` [PATCH 2/6] curl: Security Advisory - curl - CVE-2014-3613 Armin Kuster
2014-11-18 16:18 ` [PATCH 3/6] curl: Security Advisory - curl - CVE-2014-3620 Armin Kuster
2014-11-18 16:18 ` [PATCH 4/6] nss: CVE-2014-1568 Armin Kuster
2014-11-18 16:18 ` [PATCH 5/6] tzcode: update to 2014j Armin Kuster
2014-11-18 16:18 ` [PATCH 6/6] tzdata: " Armin Kuster

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=546C6050.9070209@windriver.com \
    --to=wenzong.fan@windriver.com \
    --cc=akuster808@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.