Re: [PATCH 1/6] subversion: Security Advisory - subversion - CVE-2014-3528

Openembedded Core Discussions
 help / color / mirror / Atom feed

From: wenzong fan <wenzong.fan@windriver.com>
To: akuster808 <akuster808@gmail.com>,
	<openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 1/6] subversion: Security Advisory - subversion - CVE-2014-3528
Date: Wed, 19 Nov 2014 17:18:08 +0800	[thread overview]
Message-ID: <546C6050.9070209@windriver.com> (raw)
In-Reply-To: <546C3390.7060803@gmail.com>

On 11/19/2014 02:07 PM, akuster808 wrote:
> Wenzong,
>
> I wanted to just patch 1.8.9 for dizzy since 1.8.10 included more than
> just security fixes.   Looks like my subject should have included
> [dizzy] even though the cover letter did.  I will have to be more
> careful next time.
>

You have clear cover page 'Dizzy next':)

Since I updated serf on master, so I wonder how the subversion related 
CVEes will be processed on Dizzy.

Thanks for the clarification.

Wenzong


> thanks,
> Armin
>
> On 11/18/2014 05:29 PM, wenzong fan wrote:
>> There's subversion 1.8.10 in master branch that has included the CVE
>> fixes.
>>
>> Would you like to backport 1.8.10 from master? Or just patch 1.8.9 to
>> fix this CVE?
>>
>> Thanks
>> Wenzong
>>
>> On 11/19/2014 12:18 AM, Armin Kuster wrote:
>>> From: Yue Tao <Yue.Tao@windriver.com>
>>>
>>> Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
>>> 1.8.10 uses an MD5 hash of the URL and authentication realm to store
>>> cached credentials, which makes it easier for remote servers to obtain
>>> the credentials via a crafted authentication realm.
>>>
>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528
>>>
>>> (From OE-Core rev: e0dc0432b13f38d16f642bdadf8ebc78b7a74806)
>>>
>>> Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
>>> Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
>>> Signed-off-by: Ross Burton <ross.burton@intel.com>
>>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>>> ---
>>>   .../subversion/subversion-CVE-2014-3528.patch      | 29
>>> ++++++++++++++++++++++
>>>   .../subversion/subversion_1.6.15.bb                |  1 +
>>>   .../subversion/subversion_1.8.9.bb                 |  1 +
>>>   3 files changed, 31 insertions(+)
>>>   create mode 100644
>>> meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
>>>
>>>
>>>
>>> diff --git
>>> a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
>>>
>>> b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
>>>
>>>
>>> new file mode 100644
>>> index 0000000..23e738e
>>> --- /dev/null
>>> +++
>>> b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
>>>
>>>
>>> @@ -0,0 +1,29 @@
>>> +Upstream-Status: Backport
>>> +
>>> +Signed-off-by: Yue Tao <yue.tao@windriver.com>
>>> +
>>> +diff --git a/subversion/libsvn_subr/config_auth.c.old
>>> b/subversion/libsvn_subr/config_auth.c
>>> +index ff50270..c511d04 100644
>>> +--- a/subversion/libsvn_subr/config_auth.c.old
>>> ++++ b/subversion/libsvn_subr/config_auth.c
>>> +@@ -85,6 +85,7 @@ svn_config_read_auth_data(apr_hash_t **hash,
>>> +   if (kind == svn_node_file)
>>> +     {
>>> +       svn_stream_t *stream;
>>> ++      svn_string_t *stored_realm;
>>> +
>>> +       SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool,
>>> pool),
>>> +                 _("Unable to open auth file for reading"));
>>> +@@ -95,6 +96,12 @@ svn_config_read_auth_data(apr_hash_t **hash,
>>> +                 apr_psprintf(pool, _("Error parsing '%s'"),
>>> +                              svn_path_local_style(auth_path, pool)));
>>> +
>>> ++      stored_realm = apr_hash_get(*hash, SVN_CONFIG_REALMSTRING_KEY,
>>> ++                                  APR_HASH_KEY_STRING);
>>> ++
>>> ++      if (!stored_realm || strcmp(stored_realm->data, realmstring)
>>> != 0)
>>> ++        *hash = NULL; /* Hash collision, or somebody tampering with
>>> storage */
>>> ++
>>> +       SVN_ERR(svn_stream_close(stream));
>>> +     }
>>> +
>>> diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
>>> b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
>>> index 6680ab6..b135bb7 100644
>>> --- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
>>> +++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
>>> @@ -19,6 +19,7 @@ SRC_URI =
>>> "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
>>>              file://subversion-CVE-2013-1847-CVE-2013-1846.patch \
>>>              file://subversion-CVE-2013-4277.patch \
>>>              file://subversion-CVE-2014-3522.patch \
>>> +           file://subversion-CVE-2014-3528.patch \
>>>   "
>>>
>>>   SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"
>>> diff --git a/meta/recipes-devtools/subversion/subversion_1.8.9.bb
>>> b/meta/recipes-devtools/subversion/subversion_1.8.9.bb
>>> index e1ab945..1ef59a0 100644
>>> --- a/meta/recipes-devtools/subversion/subversion_1.8.9.bb
>>> +++ b/meta/recipes-devtools/subversion/subversion_1.8.9.bb
>>> @@ -13,6 +13,7 @@ SRC_URI =
>>> "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
>>>              file://libtool2.patch \
>>>              file://disable_macos.patch \
>>>              file://subversion-CVE-2014-3522.patch;striplevel=0 \
>>> +           file://subversion-CVE-2014-3528.patch \
>>>   "
>>>   SRC_URI[md5sum] = "bd495517a760ddd764ce449a891971db"
>>>   SRC_URI[sha256sum] =
>>> "45d708a5c3ffbef4b2a1044c4716a053e680763743d1f7ba99d0369f6da49e33"
>>>
>
>

next prev parent reply	other threads:[~2014-11-19  9:18 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-18 16:18 [PATCH 0/6] Dizzy Next Armin Kuster
2014-11-18 16:18 ` [PATCH 1/6] subversion: Security Advisory - subversion - CVE-2014-3528 Armin Kuster
2014-11-19  1:29   ` wenzong fan
2014-11-19  6:07     ` akuster808
2014-11-19  9:18       ` wenzong fan [this message]
2014-11-18 16:18 ` [PATCH 2/6] curl: Security Advisory - curl - CVE-2014-3613 Armin Kuster
2014-11-18 16:18 ` [PATCH 3/6] curl: Security Advisory - curl - CVE-2014-3620 Armin Kuster
2014-11-18 16:18 ` [PATCH 4/6] nss: CVE-2014-1568 Armin Kuster
2014-11-18 16:18 ` [PATCH 5/6] tzcode: update to 2014j Armin Kuster
2014-11-18 16:18 ` [PATCH 6/6] tzdata: " Armin Kuster

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=546C6050.9070209@windriver.com \
    --to=wenzong.fan@windriver.com \
    --cc=akuster808@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox