[OE-core] [PATCH 1/6] subversion: Security Advisory - subversion - CVE-2014-3528
wenzong fan
wenzong.fan at windriver.com
Wed Nov 19 01:29:15 UTC 2014
There's subversion 1.8.10 in master branch that has included the CVE fixes.
Would you like to backport 1.8.10 from master? Or just patch 1.8.9 to
fix this CVE?
Thanks
Wenzong
On 11/19/2014 12:18 AM, Armin Kuster wrote:
> From: Yue Tao <Yue.Tao at windriver.com>
>
> Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
> 1.8.10 uses an MD5 hash of the URL and authentication realm to store
> cached credentials, which makes it easier for remote servers to obtain
> the credentials via a crafted authentication realm.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528
>
> (From OE-Core rev: e0dc0432b13f38d16f642bdadf8ebc78b7a74806)
>
> Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
> Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
> Signed-off-by: Ross Burton <ross.burton at intel.com>
> Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> ---
> .../subversion/subversion-CVE-2014-3528.patch | 29 ++++++++++++++++++++++
> .../subversion/subversion_1.6.15.bb | 1 +
> .../subversion/subversion_1.8.9.bb | 1 +
> 3 files changed, 31 insertions(+)
> create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
>
> diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
> new file mode 100644
> index 0000000..23e738e
> --- /dev/null
> +++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
> @@ -0,0 +1,29 @@
> +Upstream-Status: Backport
> +
> +Signed-off-by: Yue Tao <yue.tao at windriver.com>
> +
> +diff --git a/subversion/libsvn_subr/config_auth.c.old b/subversion/libsvn_subr/config_auth.c
> +index ff50270..c511d04 100644
> +--- a/subversion/libsvn_subr/config_auth.c.old
> ++++ b/subversion/libsvn_subr/config_auth.c
> +@@ -85,6 +85,7 @@ svn_config_read_auth_data(apr_hash_t **hash,
> + if (kind == svn_node_file)
> + {
> + svn_stream_t *stream;
> ++ svn_string_t *stored_realm;
> +
> + SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
> + _("Unable to open auth file for reading"));
> +@@ -95,6 +96,12 @@ svn_config_read_auth_data(apr_hash_t **hash,
> + apr_psprintf(pool, _("Error parsing '%s'"),
> + svn_path_local_style(auth_path, pool)));
> +
> ++ stored_realm = apr_hash_get(*hash, SVN_CONFIG_REALMSTRING_KEY,
> ++ APR_HASH_KEY_STRING);
> ++
> ++ if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0)
> ++ *hash = NULL; /* Hash collision, or somebody tampering with storage */
> ++
> + SVN_ERR(svn_stream_close(stream));
> + }
> +
> diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
> index 6680ab6..b135bb7 100644
> --- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
> +++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
> @@ -19,6 +19,7 @@ SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
> file://subversion-CVE-2013-1847-CVE-2013-1846.patch \
> file://subversion-CVE-2013-4277.patch \
> file://subversion-CVE-2014-3522.patch \
> + file://subversion-CVE-2014-3528.patch \
> "
>
> SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"
> diff --git a/meta/recipes-devtools/subversion/subversion_1.8.9.bb b/meta/recipes-devtools/subversion/subversion_1.8.9.bb
> index e1ab945..1ef59a0 100644
> --- a/meta/recipes-devtools/subversion/subversion_1.8.9.bb
> +++ b/meta/recipes-devtools/subversion/subversion_1.8.9.bb
> @@ -13,6 +13,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
> file://libtool2.patch \
> file://disable_macos.patch \
> file://subversion-CVE-2014-3522.patch;striplevel=0 \
> + file://subversion-CVE-2014-3528.patch \
> "
> SRC_URI[md5sum] = "bd495517a760ddd764ce449a891971db"
> SRC_URI[sha256sum] = "45d708a5c3ffbef4b2a1044c4716a053e680763743d1f7ba99d0369f6da49e33"
>
More information about the Openembedded-core
mailing list