From d3973d787c8af417b6f4d433c3a8a60b5333778e Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Tue, 16 Jan 2018 03:00:53 -0800 Subject: subversion: upgrade 1.9.6 -> 1.9.7 Signed-off-by: Richard Purdie --- .../subversion/subversion/CVE-2017-9800.patch | 136 --------------------- .../subversion/subversion_1.9.6.bb | 56 --------- .../subversion/subversion_1.9.7.bb | 55 +++++++++ 3 files changed, 55 insertions(+), 192 deletions(-) delete mode 100644 meta/recipes-devtools/subversion/subversion/CVE-2017-9800.patch delete mode 100644 meta/recipes-devtools/subversion/subversion_1.9.6.bb create mode 100644 meta/recipes-devtools/subversion/subversion_1.9.7.bb (limited to 'meta/recipes-devtools/subversion') diff --git a/meta/recipes-devtools/subversion/subversion/CVE-2017-9800.patch b/meta/recipes-devtools/subversion/subversion/CVE-2017-9800.patch deleted file mode 100644 index 0599c2badb..0000000000 --- a/meta/recipes-devtools/subversion/subversion/CVE-2017-9800.patch +++ /dev/null @@ -1,136 +0,0 @@ ------------------------------------------------------------------------- -r1804691 | danielsh | 2017-08-10 11:14:13 -0700 (Thu, 10 Aug 2017) | 18 lines - -Fix CVE-2017-9800. - -See: https://subversion.apache.org/security/CVE-2017-0800-advisory.txt - -* subversion/libsvn_ra_svn/client.c - (svn_ctype.h): Include. - (find_tunnel_agent): Pass a "--" end-of-options guard to ssh. - Expect the 'hostinfo' parameter to be URI-decoded. - (is_valid_hostinfo): New. - (ra_svn_open): Validate the hostname before using it. - -* subversion/libsvn_subr/config_file.c - (svn_config_ensure): Update the example configuration likewise. - -Patch by: philip -Review by: danielsh - stsp - astieger (earlier version) - -Upstream-Status: Backport -http://svn.apache.org/viewvc?view=revision&sortby=rev&revision=1804691 - -CVE: CVE-2017-9800 - -Signed-off-by: Wenzong Fan ---- -Index: subversion/libsvn_subr/config_file.c -=================================================================== ---- subversion/libsvn_subr/config_file.c (revision 1804690) -+++ subversion/libsvn_subr/config_file.c (revision 1804691) -@@ -1448,12 +1448,12 @@ - "### passed to the tunnel agent as @.) If the" NL - "### built-in ssh scheme were not predefined, it could be defined" NL - "### as:" NL -- "# ssh = $SVN_SSH ssh -q" NL -+ "# ssh = $SVN_SSH ssh -q --" NL - "### If you wanted to define a new 'rsh' scheme, to be used with" NL - "### 'svn+rsh:' URLs, you could do so as follows:" NL -- "# rsh = rsh" NL -+ "# rsh = rsh --" NL - "### Or, if you wanted to specify a full path and arguments:" NL -- "# rsh = /path/to/rsh -l myusername" NL -+ "# rsh = /path/to/rsh -l myusername --" NL - "### On Windows, if you are specifying a full path to a command," NL - "### use a forward slash (/) or a paired backslash (\\\\) as the" NL - "### path separator. A single backslash will be treated as an" NL -Index: subversion/libsvn_ra_svn/client.c -=================================================================== ---- subversion/libsvn_ra_svn/client.c (revision 1804690) -+++ subversion/libsvn_ra_svn/client.c (revision 1804691) -@@ -46,6 +46,7 @@ - #include "svn_props.h" - #include "svn_mergeinfo.h" - #include "svn_version.h" -+#include "svn_ctype.h" - - #include "svn_private_config.h" - -@@ -398,7 +399,7 @@ - * versions have it too. If the user is using some other ssh - * implementation that doesn't accept it, they can override it - * in the [tunnels] section of the config. */ -- val = "$SVN_SSH ssh -q"; -+ val = "$SVN_SSH ssh -q --"; - } - - if (!val || !*val) -@@ -443,7 +444,7 @@ - for (n = 0; cmd_argv[n] != NULL; n++) - argv[n] = cmd_argv[n]; - -- argv[n++] = svn_path_uri_decode(hostinfo, pool); -+ argv[n++] = hostinfo; - argv[n++] = "svnserve"; - argv[n++] = "-t"; - argv[n] = NULL; -@@ -811,7 +812,33 @@ - } - - -+/* A simple whitelist to ensure the following are valid: -+ * user@server -+ * [::1]:22 -+ * server-name -+ * server_name -+ * 127.0.0.1 -+ * with an extra restriction that a leading '-' is invalid. -+ */ -+static svn_boolean_t -+is_valid_hostinfo(const char *hostinfo) -+{ -+ const char *p = hostinfo; - -+ if (p[0] == '-') -+ return FALSE; -+ -+ while (*p) -+ { -+ if (!svn_ctype_isalnum(*p) && !strchr(":.-_[]@", *p)) -+ return FALSE; -+ -+ ++p; -+ } -+ -+ return TRUE; -+} -+ - static svn_error_t *ra_svn_open(svn_ra_session_t *session, - const char **corrected_url, - const char *url, -@@ -844,8 +871,18 @@ - || (callbacks->check_tunnel_func && callbacks->open_tunnel_func - && !callbacks->check_tunnel_func(callbacks->tunnel_baton, - tunnel)))) -- SVN_ERR(find_tunnel_agent(tunnel, uri.hostinfo, &tunnel_argv, config, -- result_pool)); -+ { -+ const char *decoded_hostinfo; -+ -+ decoded_hostinfo = svn_path_uri_decode(uri.hostinfo, result_pool); -+ -+ if (!is_valid_hostinfo(decoded_hostinfo)) -+ return svn_error_createf(SVN_ERR_BAD_URL, NULL, _("Invalid host '%s'"), -+ uri.hostinfo); -+ -+ SVN_ERR(find_tunnel_agent(tunnel, decoded_hostinfo, &tunnel_argv, -+ config, result_pool)); -+ } - else - tunnel_argv = NULL; - - ------------------------------------------------------------------------- diff --git a/meta/recipes-devtools/subversion/subversion_1.9.6.bb b/meta/recipes-devtools/subversion/subversion_1.9.6.bb deleted file mode 100644 index 532edeb080..0000000000 --- a/meta/recipes-devtools/subversion/subversion_1.9.6.bb +++ /dev/null @@ -1,56 +0,0 @@ -SUMMARY = "Subversion (svn) version control system client" -SECTION = "console/network" -DEPENDS = "apr-util serf sqlite3 file" -DEPENDS_append_class-native = " file-replacement-native" -RDEPENDS_${PN} = "serf" -LICENSE = "Apache-2" -HOMEPAGE = "http://subversion.tigris.org" - -BBCLASSEXTEND = "native" - -inherit gettext pkgconfig - -SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ - file://disable_macos.patch \ - file://serf.m4-Regex-modified-to-allow-D-in-paths.patch \ - file://0001-Fix-libtool-name-in-configure.ac.patch \ - file://serfmacro.patch \ - file://CVE-2017-9800.patch;striplevel=0 \ - " - -SRC_URI[md5sum] = "f27e00338d4a9f7f9aec9d4a3f8b418b" -SRC_URI[sha256sum] = "dbcbc51fb634082f009121f2cb64350ce32146612787ffb0f7ced351aacaae19" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=af81ae49ba359e70626c05e9bf313709" - -PACKAGECONFIG[sasl] = "--with-sasl,--without-sasl,cyrus-sasl" -PACKAGECONFIG[gnome-keyring] = "--with-gnome-keyring,--without-gnome-keyring,glib-2.0 gnome-keyring" - -EXTRA_OECONF = " \ - --without-berkeley-db --without-apxs \ - --without-swig --with-apr=${STAGING_BINDIR_CROSS} \ - --with-apr-util=${STAGING_BINDIR_CROSS} \ - --disable-keychain \ - ac_cv_path_RUBY=none" - -inherit autotools - -export LDFLAGS += " -L${STAGING_LIBDIR} " -CPPFLAGS += "-P" -BUILD_CPPFLAGS += "-P" - -acpaths = "-I build/ -I build/ac-macros/" - -do_configure_prepend () { - rm -f ${S}/libtool - rm -f ${S}/build/libtool.m4 ${S}/build/ltmain.sh ${S}/build/ltoptions.m4 ${S}/build/ltsugar.m4 ${S}/build/ltversion.m4 ${S}/build/lt~obsolete.m4 - rm -f ${S}/aclocal.m4 - sed -i -e 's:with_sasl="/usr/local":with_sasl="${STAGING_DIR}":' ${S}/build/ac-macros/sasl.m4 -} - -#| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_ra_local/libsvn_ra_local-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_repos/libsvn_repos-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'| /usr/bin/ld: cannot find -lsvn_delta-1| collect2: ld returned 1 exit status| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_ra_svn/libsvn_ra_svn-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_ra_serf/libsvn_ra_serf-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib' -#| x86_64-linux-libtool: install: error: relink `libsvn_ra_serf-1.la' with the above command before installing it -#| x86_64-linux-libtool: install: warning: `../../subversion/libsvn_repos/libsvn_repos-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib' -#| /home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/subversion-1.8.9/build-outputs.mk:1090: recipe for target 'install-serf-lib' failed -#| make: *** [install-serf-lib] Error 1 -PARALLEL_MAKEINST = "" diff --git a/meta/recipes-devtools/subversion/subversion_1.9.7.bb b/meta/recipes-devtools/subversion/subversion_1.9.7.bb new file mode 100644 index 0000000000..57735f7f86 --- /dev/null +++ b/meta/recipes-devtools/subversion/subversion_1.9.7.bb @@ -0,0 +1,55 @@ +SUMMARY = "Subversion (svn) version control system client" +SECTION = "console/network" +DEPENDS = "apr-util serf sqlite3 file" +DEPENDS_append_class-native = " file-replacement-native" +RDEPENDS_${PN} = "serf" +LICENSE = "Apache-2" +HOMEPAGE = "http://subversion.tigris.org" + +BBCLASSEXTEND = "native" + +inherit gettext pkgconfig + +SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ + file://disable_macos.patch \ + file://serf.m4-Regex-modified-to-allow-D-in-paths.patch \ + file://0001-Fix-libtool-name-in-configure.ac.patch \ + file://serfmacro.patch \ + " + +SRC_URI[md5sum] = "05b0c677681073920f938c1f322e0be2" +SRC_URI[sha256sum] = "c3b118333ce12e501d509e66bb0a47bcc34d053990acab45559431ac3e491623" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=af81ae49ba359e70626c05e9bf313709" + +PACKAGECONFIG[sasl] = "--with-sasl,--without-sasl,cyrus-sasl" +PACKAGECONFIG[gnome-keyring] = "--with-gnome-keyring,--without-gnome-keyring,glib-2.0 gnome-keyring" + +EXTRA_OECONF = " \ + --without-berkeley-db --without-apxs \ + --without-swig --with-apr=${STAGING_BINDIR_CROSS} \ + --with-apr-util=${STAGING_BINDIR_CROSS} \ + --disable-keychain \ + ac_cv_path_RUBY=none" + +inherit autotools + +export LDFLAGS += " -L${STAGING_LIBDIR} " +CPPFLAGS += "-P" +BUILD_CPPFLAGS += "-P" + +acpaths = "-I build/ -I build/ac-macros/" + +do_configure_prepend () { + rm -f ${S}/libtool + rm -f ${S}/build/libtool.m4 ${S}/build/ltmain.sh ${S}/build/ltoptions.m4 ${S}/build/ltsugar.m4 ${S}/build/ltversion.m4 ${S}/build/lt~obsolete.m4 + rm -f ${S}/aclocal.m4 + sed -i -e 's:with_sasl="/usr/local":with_sasl="${STAGING_DIR}":' ${S}/build/ac-macros/sasl.m4 +} + +#| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_ra_local/libsvn_ra_local-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_repos/libsvn_repos-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'| /usr/bin/ld: cannot find -lsvn_delta-1| collect2: ld returned 1 exit status| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_ra_svn/libsvn_ra_svn-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_ra_serf/libsvn_ra_serf-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib' +#| x86_64-linux-libtool: install: error: relink `libsvn_ra_serf-1.la' with the above command before installing it +#| x86_64-linux-libtool: install: warning: `../../subversion/libsvn_repos/libsvn_repos-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib' +#| /home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/subversion-1.8.9/build-outputs.mk:1090: recipe for target 'install-serf-lib' failed +#| make: *** [install-serf-lib] Error 1 +PARALLEL_MAKEINST = "" -- cgit 1.2.3-korg