ports/179125: devel/subversion possible DoS against svnserve
Olli Hauer
ohauer at FreeBSD.org
Thu May 30 21:20:00 UTC 2013
>Number: 179125
>Category: ports
>Synopsis: devel/subversion possible DoS against svnserve
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu May 30 21:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Olli Hauer
>Release: FreeBSD 8.3-RELEASE-p3 amd64
>Organization:
>Environment:
>Description:
Fix a possible DoS against svnserve
Noted by: Boris Lytochkin <lytboris_at_yandex-team.ru> on the
users at subversion list
http://svn.haxx.se/users/archive-2013-05/0119.shtml
Patch shaped from:
http://svn.apache.org/viewvc?view=revision&revision=1485047
The patch will be included in subversion-1.8 and 1.7.10, as far as
I know there will be no patch for subversion-1.6.x since 1.6 is EOL
with the first release of subversion-1.8
I'm running the patch now for over a week in prod. without any issues.
In case the patch is mangled here is a copy.
http://people.freebsd.org/~ohauer/diffs/subversion-1.7.9_2.diff
>How-To-Repeat:
>Fix:
--- subversion-1.7.9_2.diff begins here ---
Index: Makefile
===================================================================
--- Makefile (revision 319448)
+++ Makefile (working copy)
@@ -4,7 +4,7 @@
MAINTAINER= lev at FreeBSD.org
COMMENT= Version control system
-CONFLICTS_INSTALL= subversion-devel-[0-9]* subversion-freebsd-[0-9]*
+CONFLICTS_INSTALL= subversion-1.[6|8]-[0-9]*
USE_RC_SUBR= svnserve
Index: Makefile.common
===================================================================
--- Makefile.common (revision 319448)
+++ Makefile.common (working copy)
@@ -3,7 +3,7 @@
PORTNAME= subversion
PORTVERSION= 1.7.9
-PORTREVISION?= 1
+PORTREVISION?= 2
CATEGORIES+= devel
MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:main/} \
${MASTER_SITE_LOCAL:S/$/:book/}
@@ -19,7 +19,7 @@
LICENSE= AL2
-CONFLICTS_INSTALL+= ${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}-1.6.[0-9]*
+CONFLICTS_INSTALL+= ${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}-1.[6|8].[0-9]*
LIB_DEPENDS+= sqlite3.8:${PORTSDIR}/databases/sqlite3 \
expat:${PORTSDIR}/textproc/expat2
@@ -30,7 +30,7 @@
--with-expat=/usr/local/include:/usr/local/lib:expat
.if defined(SVN_BUILD_BINDINGS)
-CONFLICTS_BUILD+= ${PORTNAME}-1.6.[0-9]*
+CONFLICTS_BUILD+= ${PORTNAME}-1.[6|8].[0-9]*
LIB_DEPENDS+= svn_client-1.0:${PORTSDIR}/devel/subversion
OPTIONSFILE= ${PORT_DBDIR}/${PORTNAME}/options
OPTIONS= # Dirty hack: if OPTIONS is not defined, OPTIONSFILE will not be included
Index: files/patch-subversion__svnserve__main.c
===================================================================
--- files/patch-subversion__svnserve__main.c (revision 0)
+++ files/patch-subversion__svnserve__main.c (working copy)
@@ -0,0 +1,25 @@
+Prevent svnserve from exiting when a client connection is aborted.
+
+Justification:
+ DoS against svnserve possible.
+
+Noted by: Boris Lytochkin <lytboris_at_yandex-team.ru>
+ on the users at subversion list
+ http://svn.haxx.se/users/archive-2013-05/0119.shtml
+
+Patch shaped from:
+ http://svn.apache.org/viewvc?view=revision&revision=1485047
+===========================================================================
+--- ./subversion/svnserve/main.c.orig 2013-05-23 20:10:51.000000000 +0200
++++ ./subversion/svnserve/main.c 2013-05-23 20:14:45.000000000 +0200
+@@ -928,7 +928,9 @@
+ connection_pool) == APR_CHILD_DONE)
+ ;
+ }
+- if (APR_STATUS_IS_EINTR(status))
++ if (APR_STATUS_IS_EINTR(status)
++ || APR_STATUS_IS_ECONNABORTED(status)
++ || APR_STATUS_IS_ECONNRESET(status))
+ {
+ svn_pool_destroy(connection_pool);
+ continue;
--- subversion-1.7.9_2.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list