diff options
author | Leo Famulari <leo@famulari.name> | 2018-01-03 14:15:20 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2018-01-03 14:16:29 -0500 |
commit | 0c84e8679c6d41e46416cfe97d63221a64beee55 (patch) | |
tree | 9ee57dc15d92b50cd093739dbba416a712e41427 /gnu/packages | |
parent | 1ee750ba4c76d9eff248b0f0657e0d8f119607ff (diff) | |
download | patches-0c84e8679c6d41e46416cfe97d63221a64beee55.tar patches-0c84e8679c6d41e46416cfe97d63221a64beee55.tar.gz |
gnu: fossil: Fix CVE-2017-17459.
* gnu/packages/patches/fossil-CVE-2017-17459.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/version-control.scm (fossil)[source]: Use it.
Diffstat (limited to 'gnu/packages')
-rw-r--r-- | gnu/packages/patches/fossil-CVE-2017-17459.patch | 57 | ||||
-rw-r--r-- | gnu/packages/version-control.scm | 2 |
2 files changed, 59 insertions, 0 deletions
diff --git a/gnu/packages/patches/fossil-CVE-2017-17459.patch b/gnu/packages/patches/fossil-CVE-2017-17459.patch new file mode 100644 index 0000000000..e566235b4e --- /dev/null +++ b/gnu/packages/patches/fossil-CVE-2017-17459.patch @@ -0,0 +1,57 @@ +Fix CVE-2017-17459: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17459 + +Patch copied from upstream source repository: + +https://www.fossil-scm.org/xfer/info/1f63db591c77108c + +Index: src/http_transport.c +================================================================== +--- src/http_transport.c ++++ src/http_transport.c +@@ -73,10 +73,23 @@ + if( resetFlag ){ + transport.nSent = 0; + transport.nRcvd = 0; + } + } ++ ++/* ++** Remove leading "-" characters from the input string. ++** ++** This prevents attacks that try to trick a victim into using ++** a ssh:// URI with a carefully crafted hostname of other ++** parameter that ends up being interpreted as a command-line ++** option by "ssh". ++*/ ++static const char *stripLeadingMinus(const char *z){ ++ while( z[0]=='-' ) z++; ++ return z; ++} + + /* + ** Default SSH command + */ + #ifdef _WIN32 +@@ -116,17 +129,17 @@ + }else{ + zHost = mprintf("%s", pUrlData->name); + } + n = blob_size(&zCmd); + blob_append(&zCmd, " ", 1); +- shell_escape(&zCmd, zHost); ++ shell_escape(&zCmd, stripLeadingMinus(zHost)); + blob_append(&zCmd, " ", 1); + shell_escape(&zCmd, mprintf("%s", pUrlData->fossil)); + blob_append(&zCmd, " test-http", 10); + if( pUrlData->path && pUrlData->path[0] ){ + blob_append(&zCmd, " ", 1); +- shell_escape(&zCmd, mprintf("%s", pUrlData->path)); ++ shell_escape(&zCmd, mprintf("%s", stripLeadingMinus(pUrlData->path))); + } + if( g.fSshTrace ){ + fossil_print("%s\n", blob_str(&zCmd)+n); /* Show tail of SSH command */ + } + free(zHost); + diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index cbf5ce7d87..d400afd6ef 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -1503,6 +1503,8 @@ repository\" with git-annex.") (string-append "https://www.fossil-scm.org/index.html/uv/" "fossil-src-" version ".tar.gz"))) + (patches (search-patches "fossil-CVE-2017-17459.patch")) + (patch-flags '("-p0")) (sha256 (base32 "0wfgacfg29dkl0c3l1rp5ji0kraa64gcbg5lh8p4m7mqdqcq53wv")))) |