diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2018-05-25 23:29:36 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-05-31 15:16:15 -0700 |
commit | 3152fcc3bbd4cabf01c7e70766a305ce4c725881 (patch) | |
tree | 59b07e5d76b8023848dff79ce5fe6b83cd536925 /patches/source/subversion | |
parent | 9664bee729d487bcc0a0bc35859f8e13d5421c75 (diff) | |
download | current-3152fcc3bbd4cabf01c7e70766a305ce4c725881.tar.gz current-3152fcc3bbd4cabf01c7e70766a305ce4c725881.tar.xz |
Fri May 25 23:29:36 UTC 201814.0
patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.0.txz: Rebuilt.
Handle removal of US/Pacific-New timezone. If we see that the machine is
using this, it will be automatically switched to US/Pacific.
Diffstat (limited to 'patches/source/subversion')
-rwxr-xr-x | patches/source/subversion/get-svn-book.sh | 9 | ||||
-rw-r--r-- | patches/source/subversion/slack-desc | 19 | ||||
-rw-r--r-- | patches/source/subversion/subversion.CVE-2015-5343.diff | 16 | ||||
-rw-r--r-- | patches/source/subversion/subversion.CVE-2016-2167.diff | 11 | ||||
-rw-r--r-- | patches/source/subversion/subversion.CVE-2016-2168.diff | 32 | ||||
-rw-r--r-- | patches/source/subversion/subversion.CVE-2017-9800.diff | 105 | ||||
-rwxr-xr-x | patches/source/subversion/subversion.SlackBuild | 183 |
7 files changed, 375 insertions, 0 deletions
diff --git a/patches/source/subversion/get-svn-book.sh b/patches/source/subversion/get-svn-book.sh new file mode 100755 index 000000000..e88530d32 --- /dev/null +++ b/patches/source/subversion/get-svn-book.sh @@ -0,0 +1,9 @@ +#!/bin/sh +CWD=`pwd` + +# Add the latest copy of the Subversion book: +( cd $CWD + lftpget http://svnbook.red-bean.com/en/1.7/svn-book-html.tar.bz2 + chmod 644 svn-book-html.tar.bz2 +) + diff --git a/patches/source/subversion/slack-desc b/patches/source/subversion/slack-desc new file mode 100644 index 000000000..af2ef0b61 --- /dev/null +++ b/patches/source/subversion/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +subversion: subversion (a version control system) +subversion: +subversion: Subversion is a version control system which allows you to keep old +subversion: versions of files and directories (usually source code), and keep a +subversion: log of who, when, and why changes occurred, similar to other such +subversion: systems like CVS, RCS or SCCS. Subversion keeps all the information +subversion: to permit extracting previous versions of those files at any time. +subversion: +subversion: For more information about the Subversion project, visit: +subversion: http://subversion.apache.org +subversion: diff --git a/patches/source/subversion/subversion.CVE-2015-5343.diff b/patches/source/subversion/subversion.CVE-2015-5343.diff new file mode 100644 index 000000000..59482aeec --- /dev/null +++ b/patches/source/subversion/subversion.CVE-2015-5343.diff @@ -0,0 +1,16 @@ +--- ./subversion/mod_dav_svn/util.c.orig 2013-11-14 15:11:33.000000000 -0600 ++++ ./subversion/mod_dav_svn/util.c 2016-04-05 13:02:22.610756129 -0500 +@@ -753,7 +753,12 @@ + + if (content_length) + { +- buf = svn_stringbuf_create_ensure(content_length, pool); ++ /* Do not allocate more than 1 MB until we receive request body. */ ++ apr_size_t alloc_len = 1 * 1024 *1024; ++ if (content_length < alloc_len) ++ alloc_len = (apr_size_t) content_length; ++ ++ buf = svn_stringbuf_create_ensure(alloc_len, pool); + } + else + { diff --git a/patches/source/subversion/subversion.CVE-2016-2167.diff b/patches/source/subversion/subversion.CVE-2016-2167.diff new file mode 100644 index 000000000..891cc59aa --- /dev/null +++ b/patches/source/subversion/subversion.CVE-2016-2167.diff @@ -0,0 +1,11 @@ +--- ./subversion/svnserve/cyrus_auth.c.orig 2014-01-26 22:04:31.000000000 -0600 ++++ ./subversion/svnserve/cyrus_auth.c 2016-04-30 15:00:31.936038054 -0500 +@@ -73,6 +73,8 @@ + { + /* The only valid realm is user_realm (i.e. the repository's realm). + If the user gave us another realm, complain. */ ++ if (realm_len != inlen-(pos-in+1)) ++ return SASL_BADPROT; + if (strncmp(pos+1, user_realm, inlen-(pos-in+1)) != 0) + return SASL_BADPROT; + } diff --git a/patches/source/subversion/subversion.CVE-2016-2168.diff b/patches/source/subversion/subversion.CVE-2016-2168.diff new file mode 100644 index 000000000..24741ca66 --- /dev/null +++ b/patches/source/subversion/subversion.CVE-2016-2168.diff @@ -0,0 +1,32 @@ +--- ./subversion/mod_authz_svn/mod_authz_svn.c.orig 2015-07-26 19:23:40.000000000 -0500 ++++ ./subversion/mod_authz_svn/mod_authz_svn.c 2016-04-30 15:03:26.649048795 -0500 +@@ -415,6 +415,8 @@ + + if (r->method_number == M_MOVE || r->method_number == M_COPY) + { ++ apr_status_t status; ++ + dest_uri = apr_table_get(r->headers_in, "Destination"); + + /* Decline MOVE or COPY when there is no Destination uri, this will +@@ -423,7 +425,19 @@ + if (!dest_uri) + return DECLINED; + +- apr_uri_parse(r->pool, dest_uri, &parsed_dest_uri); ++ status = apr_uri_parse(r->pool, dest_uri, &parsed_dest_uri); ++ if (status) ++ { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, ++ "Invalid URI in Destination header"); ++ return HTTP_BAD_REQUEST; ++ } ++ if (!parsed_dest_uri.path) ++ { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "Invalid URI in Destination header"); ++ return HTTP_BAD_REQUEST; ++ } + + ap_unescape_url(parsed_dest_uri.path); + dest_uri = parsed_dest_uri.path; diff --git a/patches/source/subversion/subversion.CVE-2017-9800.diff b/patches/source/subversion/subversion.CVE-2017-9800.diff new file mode 100644 index 000000000..56562213a --- /dev/null +++ b/patches/source/subversion/subversion.CVE-2017-9800.diff @@ -0,0 +1,105 @@ +Patch for Subversion 1.8.18 (works on 1.7.x with an offset) +Index: subversion/libsvn_ra_svn/client.c +=================================================================== +--- subversion/libsvn_ra_svn/client.c (revision 1803926) ++++ subversion/libsvn_ra_svn/client.c (working copy) +@@ -46,6 +46,7 @@ + #include "svn_props.h" + #include "svn_mergeinfo.h" + #include "svn_version.h" ++#include "svn_ctype.h" + + #include "svn_private_config.h" + +@@ -395,7 +396,7 @@ + * versions have it too. If the user is using some other ssh + * implementation that doesn't accept it, they can override it + * in the [tunnels] section of the config. */ +- val = "$SVN_SSH ssh -q"; ++ val = "$SVN_SSH ssh -q --"; + } + + if (!val || !*val) +@@ -435,7 +436,7 @@ + ; + *argv = apr_palloc(pool, (n + 4) * sizeof(char *)); + memcpy((void *) *argv, cmd_argv, n * sizeof(char *)); +- (*argv)[n++] = svn_path_uri_decode(hostinfo, pool); ++ (*argv)[n++] = hostinfo; + (*argv)[n++] = "svnserve"; + (*argv)[n++] = "-t"; + (*argv)[n] = NULL; +@@ -716,7 +717,33 @@ + } + + ++/* A simple whitelist to ensure the following are valid: ++ * user@server ++ * [::1]:22 ++ * server-name ++ * server_name ++ * 127.0.0.1 ++ * with an extra restriction that a leading '-' is invalid. ++ */ ++static svn_boolean_t ++is_valid_hostinfo(const char *hostinfo) ++{ ++ const char *p = hostinfo; + ++ if (p[0] == '-') ++ return FALSE; ++ ++ while (*p) ++ { ++ if (!svn_ctype_isalnum(*p) && !strchr(":.-_[]@", *p)) ++ return FALSE; ++ ++ ++p; ++ } ++ ++ return TRUE; ++} ++ + static svn_error_t *ra_svn_open(svn_ra_session_t *session, + const char **corrected_url, + const char *url, +@@ -740,8 +767,17 @@ + parse_tunnel(url, &tunnel, pool); + + if (tunnel) +- SVN_ERR(find_tunnel_agent(tunnel, uri.hostinfo, &tunnel_argv, config, +- pool)); ++ { ++ const char *decoded_hostinfo; ++ ++ decoded_hostinfo = svn_path_uri_decode(uri.hostinfo, pool); ++ if (!is_valid_hostinfo(decoded_hostinfo)) ++ return svn_error_createf(SVN_ERR_BAD_URL, NULL, _("Invalid host '%s'"), ++ uri.hostinfo); ++ ++ SVN_ERR(find_tunnel_agent(tunnel, decoded_hostinfo, &tunnel_argv, ++ config, pool)); ++ } + else + tunnel_argv = NULL; + +Index: subversion/libsvn_subr/config_file.c +=================================================================== +--- subversion/libsvn_subr/config_file.c (revision 1803926) ++++ subversion/libsvn_subr/config_file.c (working copy) +@@ -1134,12 +1134,12 @@ + "### passed to the tunnel agent as <user>@<hostname>.) If the" NL + "### built-in ssh scheme were not predefined, it could be defined" NL + "### as:" NL +- "# ssh = $SVN_SSH ssh -q" NL ++ "# ssh = $SVN_SSH ssh -q --" NL + "### If you wanted to define a new 'rsh' scheme, to be used with" NL + "### 'svn+rsh:' URLs, you could do so as follows:" NL +- "# rsh = rsh" NL ++ "# rsh = rsh --" NL + "### Or, if you wanted to specify a full path and arguments:" NL +- "# rsh = /path/to/rsh -l myusername" NL ++ "# rsh = /path/to/rsh -l myusername --" NL + "### On Windows, if you are specifying a full path to a command," NL + "### use a forward slash (/) or a paired backslash (\\\\) as the" NL + "### path separator. A single backslash will be treated as an" NL diff --git a/patches/source/subversion/subversion.SlackBuild b/patches/source/subversion/subversion.SlackBuild new file mode 100755 index 000000000..e612e9be6 --- /dev/null +++ b/patches/source/subversion/subversion.SlackBuild @@ -0,0 +1,183 @@ +#!/bin/sh + +# Copyright 2008, 2009, 2010, 2011, 2012, 2016 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +VERSION=${VERSION:-$(echo subversion-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-3_slack14.0} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i486 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +NUMJOBS=${NUMJOBS:-" -j7 "} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/package-subversion + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf subversion-$VERSION +tar xvf $CWD/subversion-$VERSION.tar.?z* || exit 1 +cd subversion-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +zcat $CWD/subversion.CVE-2015-5343.diff.gz | patch -p1 --verbose || exit 1 +zcat $CWD/subversion.CVE-2016-2167.diff.gz | patch -p1 --verbose || exit 1 +zcat $CWD/subversion.CVE-2016-2168.diff.gz | patch -p1 --verbose || exit 1 +zcat $CWD/subversion.CVE-2017-9800.diff.gz | patch -p0 --verbose || exit 1 + +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --mandir=/usr/man \ + --docdir=/usr/doc/subversion-$VERSION \ + --enable-shared \ + --disable-static \ + --with-apr=/usr \ + --with-apr-util=/usr \ + --with-apxs=/usr/bin/apxs \ + --with-neon=/usr \ + --with-zlib=/usr \ + --with-pic \ + --with-ssl \ + --build=$ARCH-slackware-linux || exit 1 + +# Not currently compiling with gcc-4.7.1, but we'll try it again later: +# --with-kwallet \ +# + +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 +make install-tools DESTDIR=$PKG || exit 1 +make install-docs DESTDIR=$PKG || exit 1 + +# Install python bindings +make swig-py +make install-swig-py DESTDIR=$PKG +PYTHON_VER=$(python -c 'import sys; print "%d.%d" % sys.version_info[:2]') +mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/python${PYTHON_VER}/site-packages +mv $PKG/usr/lib${LIBDIRSUFFIX}/svn-python/* \ + $PKG/usr/lib${LIBDIRSUFFIX}/python${PYTHON_VER}/site-packages +rmdir $PKG/usr/lib${LIBDIRSUFFIX}/svn-python + +# Perl bindings +make swig-pl-lib +make install-swig-pl-lib DESTDIR=$PKG +( cd subversion/bindings/swig/perl/native + perl Makefile.PL + make install_vendor DESTDIR=$PKG +) +eval $(perl '-V:archlib') +mv $PKG/$archlib/perllocal.pod $PKG/$archlib/subversion.pod + +# Ruby bindings +make swig-rb +make install-swig-rb DESTDIR=$PKG + +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +rm -rf $PKG/usr/info +# Something doesn't honor --mandir +mv $PKG/usr/share/man/man3 $PKG/usr/man +gzip -9 $PKG/usr/man/man?/* +rmdir $PKG/usr/share/man + +# What is this junk for? Since I don't know, I'll erase it. :-) +rm -rf $PKG/usr/build + +mkdir -p $PKG/usr/doc/subversion-$VERSION +cp -a \ + BUGS COMMITTERS COPYING* HACKING INSTALL README TRANSLATING doc \ + $PKG/usr/doc/subversion-$VERSION +# too big && useless for most || if you think not, can be found in the source tarball +rm -rf $PKG/usr/doc/subversion-$VERSION/doc/tools +# Add the HTML svn book: +( cd $PKG/usr/doc/subversion-$VERSION + tar xf $CWD/svn-book-html.tar.bz2 + mv svn-book-html book + cd book + chown -R root:root . + find . -type d -exec chmod 0755 {} \; + find . -type f -exec chmod 0644 {} \; + find . -perm 2755 -exec chmod 0755 {} \; + find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; +) + +# If there's a CHANGES file, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r CHANGES ]; then + DOCSDIR=$(echo $PKG/usr/doc/*-$VERSION) + cat CHANGES | head -n 1000 > $DOCSDIR/CHANGES + touch -r CHANGES $DOCSDIR/CHANGES +fi + +# This removes our DESTDIR from the packlist filenames, to keep perl's +# internal inventories consistent and correct. +find $PKG -name .packlist | while read plist ; do + sed -e "s%$PKG%%g" \ + -e "s%/share/man%/man%g" \ + -re "s%\.([1-9]n?|3pm)$%&.gz%g # extend man filenames for .gz" \ + ${plist} > ${plist}.new + mv -f ${plist}.new ${plist} +done + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/subversion-$VERSION-$ARCH-$BUILD.txz + |