On 11/19/2014 02:07 PM, akuster808 wrote:
Wenzong,
I wanted to just patch 1.8.9 for dizzy since 1.8.10 included more than
just security fixes. Looks like my subject should have included
[dizzy] even though the cover letter did. I will have to be more
careful next time.
You have clear cover page 'Dizzy next':)
Since I updated serf on master, so I wonder how the subversion related
CVEes will be processed on Dizzy.
Thanks for the clarification.
Wenzong
thanks,
Armin
On 11/18/2014 05:29 PM, wenzong fan wrote:
There's subversion 1.8.10 in master branch that has included the CVE
fixes.
Would you like to backport 1.8.10 from master? Or just patch 1.8.9 to
fix this CVE?
Thanks
Wenzong
On 11/19/2014 12:18 AM, Armin Kuster wrote:
From: Yue Tao <yue....@windriver.com>
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
1.8.10 uses an MD5 hash of the URL and authentication realm to store
cached credentials, which makes it easier for remote servers to obtain
the credentials via a crafted authentication realm.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528
(From OE-Core rev: e0dc0432b13f38d16f642bdadf8ebc78b7a74806)
Signed-off-by: Yue Tao <yue....@windriver.com>
Signed-off-by: Jackie Huang <jackie.hu...@windriver.com>
Signed-off-by: Ross Burton <ross.bur...@intel.com>
Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
.../subversion/subversion-CVE-2014-3528.patch | 29
++++++++++++++++++++++
.../subversion/subversion_1.6.15.bb | 1 +
.../subversion/subversion_1.8.9.bb | 1 +
3 files changed, 31 insertions(+)
create mode 100644
meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
diff --git
a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
new file mode 100644
index 0000000..23e738e
--- /dev/null
+++
b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
@@ -0,0 +1,29 @@
+Upstream-Status: Backport
+
+Signed-off-by: Yue Tao <yue....@windriver.com>
+
+diff --git a/subversion/libsvn_subr/config_auth.c.old
b/subversion/libsvn_subr/config_auth.c
+index ff50270..c511d04 100644
+--- a/subversion/libsvn_subr/config_auth.c.old
++++ b/subversion/libsvn_subr/config_auth.c
+@@ -85,6 +85,7 @@ svn_config_read_auth_data(apr_hash_t **hash,
+ if (kind == svn_node_file)
+ {
+ svn_stream_t *stream;
++ svn_string_t *stored_realm;
+
+ SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool,
pool),
+ _("Unable to open auth file for reading"));
+@@ -95,6 +96,12 @@ svn_config_read_auth_data(apr_hash_t **hash,
+ apr_psprintf(pool, _("Error parsing '%s'"),
+ svn_path_local_style(auth_path, pool)));
+
++ stored_realm = apr_hash_get(*hash, SVN_CONFIG_REALMSTRING_KEY,
++ APR_HASH_KEY_STRING);
++
++ if (!stored_realm || strcmp(stored_realm->data, realmstring)
!= 0)
++ *hash = NULL; /* Hash collision, or somebody tampering with
storage */
++
+ SVN_ERR(svn_stream_close(stream));
+ }
+
diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
index 6680ab6..b135bb7 100644
--- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
@@ -19,6 +19,7 @@ SRC_URI =
"http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
file://subversion-CVE-2013-1847-CVE-2013-1846.patch \
file://subversion-CVE-2013-4277.patch \
file://subversion-CVE-2014-3522.patch \
+ file://subversion-CVE-2014-3528.patch \
"
SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"
diff --git a/meta/recipes-devtools/subversion/subversion_1.8.9.bb
b/meta/recipes-devtools/subversion/subversion_1.8.9.bb
index e1ab945..1ef59a0 100644
--- a/meta/recipes-devtools/subversion/subversion_1.8.9.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.8.9.bb
@@ -13,6 +13,7 @@ SRC_URI =
"${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://libtool2.patch \
file://disable_macos.patch \
file://subversion-CVE-2014-3522.patch;striplevel=0 \
+ file://subversion-CVE-2014-3528.patch \
"
SRC_URI[md5sum] = "bd495517a760ddd764ce449a891971db"
SRC_URI[sha256sum] =
"45d708a5c3ffbef4b2a1044c4716a053e680763743d1f7ba99d0369f6da49e33"
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core