OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 14-Apr-2004 20:10:01
Branch: OPENPKG_1_3_SOLID Handle: 2004041419100100
Modified files: (Branch: OPENPKG_1_3_SOLID)
openpkg-src/cvs cvs.patch cvs.spec
Log:
apply security bugfixes (OpenPKG-SA-2004.013-cvs, CAN-2004-0180)
Summary:
Revision Changes Path
1.3.2.1.2.4 +49 -20 openpkg-src/cvs/cvs.patch
1.48.2.3.2.5+1 -1 openpkg-src/cvs/cvs.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/cvs/cvs.patch
============================================================================
$ cvs diff -u -r1.3.2.1.2.3 -r1.3.2.1.2.4 cvs.patch
--- openpkg-src/cvs/cvs.patch 8 Jan 2004 12:14:31 -0000 1.3.2.1.2.3
+++ openpkg-src/cvs/cvs.patch 14 Apr 2004 18:10:01 -0000 1.3.2.1.2.4
@@ -23,26 +23,8 @@
#ifdef SYSTEM_INITIALIZE
/* Hook for OS-specific behavior, for example socket subsystems on
---- src/modules.c.orig Fri Dec 12 15:47:47 2003
-+++ src/modules.c Fri Dec 12 15:49:50 2003
-@@ -157,6 +157,17 @@
- }
- #endif
-
-+ /* Don't process absolute directories. Anything else could be a security
-+ * problem. Before this check was put in place:
-+ *
-+ * $ cvs -d:fork:/cvsroot co /foo
-+ * cvs server: warning: cannot make directory CVS in /: Permission denied
-+ * cvs [server aborted]: cannot make directory /foo: Permission denied
-+ * $
-+ */
-+ if (isabsolute (mname))
-+ error (1, 0, "Absolute module reference invalid: `%s'", mname);
-+
- /* if this is a directory to ignore, add it to that list */
- if (mname[0] == '!' && mname[1] != '\0')
- {
+
+=============================================================================
Extracted security enhancement backported from Stable CVS 1.12.5
@@ -124,4 +106,51 @@
printf ("I LOVE YOU\n");
fflush (stdout);
+
+=============================================================================
+
+Security Bugfixes
+(OpenPKG-SA-2004.013-cvs, CAN-2004-0180)
+
+Index: src/client.c
+--- src/client.c.orig 2003-11-25 21:51:59.000000000 +0100
++++ src/client.c 2004-04-14 19:22:49.000000000 +0200
+@@ -602,6 +602,19 @@
+ char *rdirp;
+ int reposdirname_absolute;
+
++ /* For security reasons, if PATHNAME is absolute or attemps to ascend
++ * outside of the current sanbbox, we abort. The server should not send us
++ * anything but relative paths which remain inside the sandbox here.
++ * Anything less means a trojan CVS server could create and edit arbitrary
++ * files on the client.
++ */
++ if (isabsolute (pathname) || pathname_levels (pathname) > 0)
++ {
++ error (0, 0,
++ "Server attempted to update a file via an invalid pathname:");
++ error (1, 0, "`%s'.", pathname);
++ }
++
+ reposname = NULL;
+ read_line (&reposname);
+ assert (reposname != NULL);
+Index: src/modules.c
+--- src/modules.c.orig 2003-11-25 17:11:48.000000000 +0100
++++ src/modules.c 2004-04-14 19:22:53.000000000 +0200
+@@ -142,6 +142,14 @@
+ if (isabsolute (mname))
+ error (1, 0, "Absolute module reference invalid: `%s'", mname);
+
++ /* Similarly for directories that attempt to step above the root of the
++ * repository.
++ */
++ if (pathname_levels (mname) > 0)
++ error (1, 0, "up-level in module reference (`..') invalid: `%s'.",
++ mname);
++
++
+ /* if this is a directory to ignore, add it to that list */
+ if (mname[0] == '!' && mname[1] != '\0')
+ {
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/cvs/cvs.spec
============================================================================
$ cvs diff -u -r1.48.2.3.2.4 -r1.48.2.3.2.5 cvs.spec
--- openpkg-src/cvs/cvs.spec 8 Jan 2004 12:14:31 -0000 1.48.2.3.2.4
+++ openpkg-src/cvs/cvs.spec 14 Apr 2004 18:10:01 -0000 1.48.2.3.2.5
@@ -37,7 +37,7 @@
Group: SCM
License: GPL
Version: %{V_cvs}
-Release: 1.3.3
+Release: 1.3.4
# package options
%option with_fsl yes
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
