diff options
author | SoonKyu Park <sk7.park@samsung.com> | 2017-02-22 17:49:06 +0900 |
---|---|---|
committer | SoonKyu Park <sk7.park@samsung.com> | 2017-02-22 17:49:06 +0900 |
commit | 0b25e6fa11a696209068cc8b8768c0ecda81f3ce (patch) | |
tree | ccc7c53e9319b3d4a6a897092e5287acd0c8b261 | |
parent | 1b140f77ed5e53a46b952269a67fd6732336c2ac (diff) | |
download | obs-server-2.4-upstream.tar.gz obs-server-2.4-upstream.tar.bz2 obs-server-2.4-upstream.zip |
Imported Upstream version 2.4.6upstream/2.4.6upstream
-rw-r--r-- | ReleaseNotes-2.4.7 | 30 | ||||
-rw-r--r-- | ReleaseNotes-2.4.8 | 32 | ||||
-rw-r--r-- | src/api/test/functional/source_services_test.rb | 14 | ||||
-rw-r--r-- | src/backend/BSVerify.pm | 8 | ||||
-rwxr-xr-x | src/backend/bs_service | 3 | ||||
-rwxr-xr-x | src/backend/bs_srcserver | 24 |
6 files changed, 4 insertions, 107 deletions
diff --git a/ReleaseNotes-2.4.7 b/ReleaseNotes-2.4.7 deleted file mode 100644 index cd0655b..0000000 --- a/ReleaseNotes-2.4.7 +++ /dev/null @@ -1,30 +0,0 @@ -# -# openSUSE Build Service 2.4.7 -# - -Updaters from any OBS 2.4 release can just ugrade the packages -and restart all services. Updaters from former releases should -read the README.UPDATERS file. - -This release fixes a serious security leak tracked as CVE-2014-0594: - The CSRF protection got incorrectly disabled, this means any -web site can inject actions as long a user has a running session. - -All OBS 2.4 admins are requested to updated immediatly to close this -hole. - -Feature backports: -================== - -* None - -Changes: -======== - -* None - -Bugfixes: -========= - -* backend: fix arbitrary command execution in service daemon (CVE-2015-0778) - diff --git a/ReleaseNotes-2.4.8 b/ReleaseNotes-2.4.8 deleted file mode 100644 index 7f2b0fa..0000000 --- a/ReleaseNotes-2.4.8 +++ /dev/null @@ -1,32 +0,0 @@ -# -# openSUSE Build Service 2.4.8 -# - -Updaters from any OBS 2.4 release can just ugrade the packages -and restart all services. Updaters from former releases should -read the README.UPDATERS file. - -This release fixes a serious security leak tracked as CVE-2014-0594: - The CSRF protection got incorrectly disabled, this means any -web site can inject actions as long a user has a running session. - -All OBS 2.4 admins are requested to updated immediatly to close this -hole. - -Feature backports: -================== - -* None - -Changes: -======== - -* None - -Bugfixes: -========= - -* backend: validate results of external patch command. could be used - to modify packages without sufficiant permissions (bnc#941099, CVE-2015-0796) - - diff --git a/src/api/test/functional/source_services_test.rb b/src/api/test/functional/source_services_test.rb index e6bd39a..f747349 100644 --- a/src/api/test/functional/source_services_test.rb +++ b/src/api/test/functional/source_services_test.rb @@ -266,19 +266,7 @@ class SourceServicesTest < ActionController::IntegrationTest wait_for_service( "home:tom", "service" ) get "/source/home:tom/service" assert_response :success - assert_xml_tag :tag => 'serviceinfo', :attributes => { :code => 'failed' } - assert_match(/not_existing.service No such file or directory/, @response.body) - - # unknown parameter - put '/source/home:tom/_project/_service', '<services> <service name="set_version" > <param name="INVALID">0817</param></service> </services>' - assert_response :success - post '/source/home:tom/service?cmd=runservice' - assert_response :success - wait_for_service( 'home:tom', 'service') - get '/source/home:tom/service' - assert_response :success - assert_xml_tag :tag => 'serviceinfo', :attributes => { :code => 'failed' } - assert_match(/service parameter INVALID is not defined/, @response.body) + assert_xml_tag :tag => "serviceinfo", :attributes => { :code => 'failed' } put "/source/home:tom/_project/_service", '<services> <service name="set_version" > <param name="version">0817</param> <param name="file">pack.spec</param> </service> </services>' assert_response :success diff --git a/src/backend/BSVerify.pm b/src/backend/BSVerify.pm index f94c605..7604cf3 100644 --- a/src/backend/BSVerify.pm +++ b/src/backend/BSVerify.pm @@ -76,14 +76,6 @@ sub verify_packid_repository { verify_packid($_[0]) unless $_[0] && $_[0] eq '_repository'; } -sub verify_service { - my $p = $_[0]; - verify_filename($p->{'name'}) if defined($p->{'name'}); - for my $param (@{$p->{'param'} || []}) { - verify_filename($param->{'name'}); - } -} - sub verify_patchinfo { # This verifies the absolute minimum required content of a patchinfo file my $p = $_[0]; diff --git a/src/backend/bs_service b/src/backend/bs_service index a9684d5..08ff361 100755 --- a/src/backend/bs_service +++ b/src/backend/bs_service @@ -142,13 +142,11 @@ sub run_source_update { my $infoxml = readstr($sf); my $serviceinfo = XMLin($BSXML::services, $infoxml); for my $service (@{$serviceinfo->{'service'}}) { - BSVerify::verify_filename($service->{'name'}); if (defined($service->{'mode'}) && ($service->{'mode'} eq 'localonly' || $service->{'mode'} eq 'disabled')) { print "Skip ".$service->{'name'}."\n"; next; } print "Run for ".$service->{'name'}."\n"; - my $servicedef = readxml($rootservicedir."/".$service->{'name'}.".service", $BSXML::servicetype); my @run; if (defined $BSConfig::service_wrapper->{$service->{'name'}} ) { push @run, $BSConfig::service_wrapper->{$service->{'name'}}; @@ -161,7 +159,6 @@ sub run_source_update { for my $param (@{$service->{'param'}}) { next if $param->{'name'} eq 'outdir'; next unless $param->{'_content'}; - die("$run[0]: service parameter $param->{'name'} is not defined\n") unless grep {$_->{'name'} eq $param->{'name'}} @{$servicedef->{'parameter'}}; push @run, "--$param->{'name'}"; push @run, $param->{'_content'}; } diff --git a/src/backend/bs_srcserver b/src/backend/bs_srcserver index e4c9eef..d3ed444 100755 --- a/src/backend/bs_srcserver +++ b/src/backend/bs_srcserver @@ -1612,28 +1612,10 @@ sub applylink { die("/usr/bin/patch: $!\n"); } waitpid($pid, 0) == $pid || die("waitpid $pid: $!\n"); - $failed = "could not apply patch '$pn'" if $?; - # clean up patch fallout... - for my $f (ls($tmpdir)) { - my @s = lstat("$tmpdir/$f"); - die("$tmpdir/$f: $!\n") unless @s; - if (-l _ || ! -f _) { - unlink("$tmpdir/$f"); - $failed = "patch created a non-file"; - next; - } - eval { - die("cannot create a link from a patch") if $f eq '_link'; - BSVerify::verify_filename($f) unless $f eq '.log'; - }; - if ($@) { - unlink("$tmpdir/$f"); - $failed = "patch created an illegal file"; - next; - } - chmod(($s[2] & 077) | 0600, "$tmpdir/$f") if ($s[2] & 07700) != 0600; + if ($?) { + $failed = "could not apply patch '$pn'"; + last; } - last if $failed; } if ($failed) { local *F; |