[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: fossil: Fix CVE-2017-17459.
|
From: |
Leo Famulari |
|
Subject: |
01/01: gnu: fossil: Fix CVE-2017-17459. |
|
Date: |
Wed, 3 Jan 2018 14:16:40 -0500 (EST) |
lfam pushed a commit to branch master
in repository guix.
commit 0c84e8679c6d41e46416cfe97d63221a64beee55
Author: Leo Famulari <address@hidden>
Date: Wed Jan 3 14:15:20 2018 -0500
gnu: fossil: Fix CVE-2017-17459.
* gnu/packages/patches/fossil-CVE-2017-17459.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/version-control.scm (fossil)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/patches/fossil-CVE-2017-17459.patch | 57 ++++++++++++++++++++++++
gnu/packages/version-control.scm | 2 +
3 files changed, 60 insertions(+)
diff --git a/gnu/local.mk b/gnu/local.mk
index afa25e8..6f54073 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -639,6 +639,7 @@ dist_patch_DATA =
\
%D%/packages/patches/fltk-xfont-on-demand.patch \
%D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \
%D%/packages/patches/foomatic-filters-CVE-2015-8560.patch \
+ %D%/packages/patches/fossil-CVE-2017-17459.patch \
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
%D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \
diff --git a/gnu/packages/patches/fossil-CVE-2017-17459.patch
b/gnu/packages/patches/fossil-CVE-2017-17459.patch
new file mode 100644
index 0000000..e566235
--- /dev/null
+++ b/gnu/packages/patches/fossil-CVE-2017-17459.patch
@@ -0,0 +1,57 @@
+Fix CVE-2017-17459:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17459
+
+Patch copied from upstream source repository:
+
+https://www.fossil-scm.org/xfer/info/1f63db591c77108c
+
+Index: src/http_transport.c
+==================================================================
+--- src/http_transport.c
++++ src/http_transport.c
+@@ -73,10 +73,23 @@
+ if( resetFlag ){
+ transport.nSent = 0;
+ transport.nRcvd = 0;
+ }
+ }
++
++/*
++** Remove leading "-" characters from the input string.
++**
++** This prevents attacks that try to trick a victim into using
++** a ssh:// URI with a carefully crafted hostname of other
++** parameter that ends up being interpreted as a command-line
++** option by "ssh".
++*/
++static const char *stripLeadingMinus(const char *z){
++ while( z[0]=='-' ) z++;
++ return z;
++}
+
+ /*
+ ** Default SSH command
+ */
+ #ifdef _WIN32
+@@ -116,17 +129,17 @@
+ }else{
+ zHost = mprintf("%s", pUrlData->name);
+ }
+ n = blob_size(&zCmd);
+ blob_append(&zCmd, " ", 1);
+- shell_escape(&zCmd, zHost);
++ shell_escape(&zCmd, stripLeadingMinus(zHost));
+ blob_append(&zCmd, " ", 1);
+ shell_escape(&zCmd, mprintf("%s", pUrlData->fossil));
+ blob_append(&zCmd, " test-http", 10);
+ if( pUrlData->path && pUrlData->path[0] ){
+ blob_append(&zCmd, " ", 1);
+- shell_escape(&zCmd, mprintf("%s", pUrlData->path));
++ shell_escape(&zCmd, mprintf("%s", stripLeadingMinus(pUrlData->path)));
+ }
+ if( g.fSshTrace ){
+ fossil_print("%s\n", blob_str(&zCmd)+n); /* Show tail of SSH command */
+ }
+ free(zHost);
+
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index cbf5ce7..d400afd 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -1503,6 +1503,8 @@ repository\" with git-annex.")
(string-append
"https://www.fossil-scm.org/index.html/uv/";
"fossil-src-" version ".tar.gz")))
+ (patches (search-patches "fossil-CVE-2017-17459.patch"))
+ (patch-flags '("-p0"))
(sha256
(base32
"0wfgacfg29dkl0c3l1rp5ji0kraa64gcbg5lh8p4m7mqdqcq53wv"))))