[gentoo-commits] repo/gentoo:master commit in: net-libs/xrootd/, net-libs/xrootd/files/

Fri, 18 Sep 2020 10:45:09 -0700 

commit:     4a0003172e29b7c7d16a8dbffb7065c2cb1d72a2
Author:     Marek Szuba <marecki <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 18 17:38:21 2020 +0000
Commit:     Marek Szuba <marecki <AT> gentoo <DOT> org>
CommitDate: Fri Sep 18 17:43:45 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a000317

net-libs/xrootd: bump to 4.12.4

Also includes the http-key-leakage patch backported from 5.0.2.

Bug: https://bugs.gentoo.org/743391
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>

 net-libs/xrootd/Manifest                           |  2 +-
 .../files/xrootd-4.12.4-http_secret_leakage.patch  | 41 ++++++++++++++++++++++
 .../{xrootd-4.12.3.ebuild => xrootd-4.12.4.ebuild} |  8 +++--
 3 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/net-libs/xrootd/Manifest b/net-libs/xrootd/Manifest
index afebf6d2494..0ac03ed45ac 100644
--- a/net-libs/xrootd/Manifest
+++ b/net-libs/xrootd/Manifest
@@ -1,5 +1,5 @@
 DIST xrootd-4.12.0.tar.gz 2564041 BLAKE2B 
6ea9c379aa482c81279168baa3e1381e880d34014fb3516c96961da64d54faf649295f024313ece445df9a62b6b5c818b7aa8a987025d3cd969188de072648c9
 SHA512 
5338c4fb5461918473dd4f41f4d29fae09a8fc6a9e2d8f00bb74d929dc5396fef73643462d1a4f1ba71ffe5cf92a1695a167ca3a766c674a9377dcf99aaa1778
-DIST xrootd-4.12.3.tar.gz 2574996 BLAKE2B 
1ba6ecdee473fbe1f6367459dfe8324f38e2d72aa64ed349ccdcaa7616a3d70f0b647d2eac6babbcc0e1b673ff44a050c05f23e80fb89161f121fa6dd3484311
 SHA512 
e4f4ad744a71a7fc69a16f2114b6d5962ddf0b22bd86f7eb19703313d55242813f13be1a1f23c541b966674bdb4854f955843322525f37bc83647e8f2fbe076d
+DIST xrootd-4.12.4.tar.gz 2577360 BLAKE2B 
f2e4413bcbf02dccb1ac7b0ceec8fbc2bb8b1de838cd9753c9d61f76fc2d68e845a41075b63a4afe56b1a434cf89ecf4f4b8571fa9ae866a19e6bcadcc5dcd9b
 SHA512 
8cbc5e5f270f39c48b7c75a15e2721ebb793f13419608834777f39bc0ee7dd8c4fad481367f997172dae5029d9e5e4e9d7870843bd5c9957fa9fe439592c4364
 DIST xrootd-5.0.0.tar.gz 2754256 BLAKE2B 
c80a38ede3263ae669181f2173f6ee2bb0a347dc973cecc9dedf00867041190f7bceb7f475696e8cd3921c57d4c197b73ee57b29c9e78a027393ca61dca1b6d3
 SHA512 
75b69d3da2a6e477edbf5588afd943a91a2e1e86fcc98afc34d964c9231fc0224b4eec82336e9a7d5bd8bd0cd5c20e442ee37b8f6239f417b05efdf39038d93c
 DIST xrootd-5.0.1.tar.gz 2759931 BLAKE2B 
2bc76f660f7fb3c9202c37dc10f099f2bd06868b00c43e6015ebb0d9cf3edf8ac777f76c1f71d0f1f4b252cedd62c9aa74a449cb5f369492a5ee63813bb7924f
 SHA512 
95e0fe97f66a320999d4c2dd2ac5be4e2ba7779f220aa521e4882925d5e9262c34991f0ecbd3c2449b97977ff4cdbdcd9477ed780d1a6dbf8fbd3f547b4932ba
 DIST xrootd-5.0.2.tar.gz 2764503 BLAKE2B 
35bc642d3601738135ff24a77f9bc8795568553856284ebe80d90315039d04109353d2e00310f8b8168f6b1176ee295c9116a7e6adaff33ca23383da9deecf17
 SHA512 
e58b5484c0fa9f83643e252eb8228f2061130b4f97964283a6adb8a81560841f3d44814572136023d944be6bdd97cff551e75bbfb04e6c9aafaa779ecb051255

diff --git a/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch 
b/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch
new file mode 100644
index 00000000000..953c6aa3b2b
--- /dev/null
+++ b/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch
@@ -0,0 +1,41 @@
+Backported from 5.0.2. Not quite sure if xrootd-4 is actually vulnerable
+to this - but just in case.
+
+From fff97c2dc6703dc1ba8b28b1bf67eeb278ff3e22 Mon Sep 17 00:00:00 2001
+From: Andrew Hanushevsky <a...@stanford.edu>
+Date: Wed, 2 Sep 2020 23:13:52 -0700
+Subject: [PATCH] [HTTP] Prevent secret key leakage if specified in the config
+ file.
+
+---
+ src/XrdHttp/XrdHttpProtocol.cc | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/XrdHttp/XrdHttpProtocol.cc b/src/XrdHttp/XrdHttpProtocol.cc
+index 66b89df20ed..5f50f2aeadd 100644
+--- a/src/XrdHttp/XrdHttpProtocol.cc
++++ b/src/XrdHttp/XrdHttpProtocol.cc
+@@ -1986,6 +1986,7 @@ int XrdHttpProtocol::xsslcafile(XrdOucStream & Config) {
+ 
+ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) {
+   char *val;
++  bool inFile = false;
+ 
+   // Get the path
+   //
+@@ -2001,6 +2002,7 @@ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) {
+   // otherwise, the token itself is the secretkey
+   if (val[0] == '/') {
+     struct stat st;
++    inFile = true;
+     if ( stat(val, &st) ) {
+       eDest.Emsg("Config", errno, "stat shared secret key file", val);
+       return 1;
+@@ -2059,6 +2061,7 @@ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) {
+   // Record the path
+   if (secretkey) free(secretkey);
+   secretkey = strdup(val);
++  if (!inFile) Config.noEcho();
+ 
+   return 0;
+ }

diff --git a/net-libs/xrootd/xrootd-4.12.3.ebuild 
b/net-libs/xrootd/xrootd-4.12.4.ebuild
similarity index 92%
rename from net-libs/xrootd/xrootd-4.12.3.ebuild
rename to net-libs/xrootd/xrootd-4.12.4.ebuild
index 17545ef3217..105a4611edc 100644
--- a/net-libs/xrootd/xrootd-4.12.3.ebuild
+++ b/net-libs/xrootd/xrootd-4.12.4.ebuild
@@ -42,12 +42,16 @@ REQUIRED_USE="
        python? ( ${PYTHON_REQUIRED_USE} )
 "
 
-PATCHES=( "${FILESDIR}"/xrootd-4.8.3-crc32.patch )
+PATCHES=(
+       "${FILESDIR}"/${PN}-4.8.3-crc32.patch
+       "${FILESDIR}"/${PN}-4.12.4-http_secret_leakage.patch
+)
 
 # xrootd plugins are not intended to be linked with,
 # they are to be loaded at runtime by xrootd,
 # see https://github.com/xrootd/xrootd/issues/447
-QA_SONAME="/usr/lib.*/libXrd.*-$(ver_cut 1).so"
+QA_SONAME="/usr/lib.*/libXrd.*-$(ver_cut 1).so
+       /usr/lib.*/libXrdClTests\.so"
 
 pkg_setup() {
        use python && python_setup

Reply via email to