Attachment 190649 Details for Bug 225917 – svn diff for net/transmission-*

[patch] svn diff for net/transmission-*

patch-net-p2p_transmission-cli-2.93 (text/plain), 14.21 KB, created by Bernard Spil on 2018-02-15 15:06:05 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Bernard Spil

Created: 2018-02-15 15:06:05 UTC

Size: 14.21 KB

patch

obsolete

>Index: net-p2p/transmission-cli/Makefile
>===================================================================
>--- net-p2p/transmission-cli/Makefile	(revision 461920)
>+++ net-p2p/transmission-cli/Makefile	(working copy)
>@@ -1,8 +1,8 @@
> # $FreeBSD$
> 
> PORTNAME=	transmission
>-PORTVERSION=	2.92
>-PORTREVISION?=	3
>+PORTVERSION=	2.93
>+PORTREVISION?=	0
> CATEGORIES?=	net-p2p
> MASTER_SITES=	https://github.com/transmission/transmission-releases/raw/master/ \
> 		http://transmission.cachefly.net/
>Index: net-p2p/transmission-cli/distinfo
>===================================================================
>--- net-p2p/transmission-cli/distinfo	(revision 461920)
>+++ net-p2p/transmission-cli/distinfo	(working copy)
>@@ -1,2 +1,3 @@
>-SHA256 (transmission-2.92.tar.xz) = 3a8d045c306ad9acb7bf81126939b9594553a388482efa0ec1bfb67b22acd35f
>-SIZE (transmission-2.92.tar.xz) = 3378116
>+TIMESTAMP = 1518561250
>+SHA256 (transmission-2.93.tar.xz) = 8815920e0a4499bcdadbbe89a4115092dab42ce5199f71ff9a926cfd12b9b90b
>+SIZE (transmission-2.93.tar.xz) = 3363868
>Index: net-p2p/transmission-cli/files/patch-fix_dns_rebinding_vuln
>===================================================================
>--- net-p2p/transmission-cli/files/patch-fix_dns_rebinding_vuln	(revision 461920)
>+++ net-p2p/transmission-cli/files/patch-fix_dns_rebinding_vuln	(nonexistent)
>@@ -1,302 +0,0 @@
>-Fix a weakness that allows remote code execution via the Transmission
>-RPC server using DNS rebinding:
>-
>-https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
>-
>-Patch adapted from Tavis Ormandy's patch on the Transmission master
>-branch to the Transmission 2.92 release by Leo Famulari
>-<leo@famulari.name>:
>-
>-https://github.com/transmission/transmission/pull/468/commits
>-
>-From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001
>-From: Tavis Ormandy <taviso@google.com>
>-Date: Thu, 11 Jan 2018 10:00:41 -0800
>-Subject: [PATCH] mitigate dns rebinding attacks against daemon
>-
>----
>- libtransmission/quark.c | 2 + 
>- libtransmission/quark.h | 2 + 
>- libtransmission/rpc-server.c | 116 +++++++++++++++++++++++++++++++++++++----
>- libtransmission/rpc-server.h | 4 ++
>- libtransmission/session.c | 2 + 
>- libtransmission/transmission.h | 1 + 
>- libtransmission/web.c | 3 ++
>- 7 files changed, 121 insertions(+), 9 deletions(-)
>-
>-diff --git a/libtransmission/quark.c b/libtransmission/quark.c
>-index 30cc2bca4..b4fd7aabd 100644
>---- libtransmission/quark.c.orig
>-+++ libtransmission/quark.c
>-@@ -289,6 +289,8 @@ static const struct tr_key_struct my_static[] =
>- { "rpc-authentication-required", 27 },
>- { "rpc-bind-address", 16 },
>- { "rpc-enabled", 11 },
>-+ { "rpc-host-whitelist", 18 },
>-+ { "rpc-host-whitelist-enabled", 26 },
>- { "rpc-password", 12 },
>- { "rpc-port", 8 },
>- { "rpc-url", 7 },
>-diff --git a/libtransmission/quark.h b/libtransmission/quark.h
>-index 7f5212733..17464be8f 100644
>---- libtransmission/quark.h.orig
>-+++ libtransmission/quark.h
>-@@ -291,6 +291,8 @@ enum
>- TR_KEY_rpc_authentication_required,
>- TR_KEY_rpc_bind_address,
>- TR_KEY_rpc_enabled,
>-+ TR_KEY_rpc_host_whitelist,
>-+ TR_KEY_rpc_host_whitelist_enabled,
>- TR_KEY_rpc_password,
>- TR_KEY_rpc_port,
>- TR_KEY_rpc_url,
>-diff --git a/libtransmission/rpc-server.c b/libtransmission/rpc-server.c
>-index a3485f3fa..292cd5fce 100644
>---- libtransmission/rpc-server.c.orig
>-+++ libtransmission/rpc-server.c
>-@@ -52,6 +52,7 @@ struct tr_rpc_server
>- bool isEnabled;
>- bool isPasswordEnabled;
>- bool isWhitelistEnabled;
>-+ bool isHostWhitelistEnabled;
>- tr_port port;
>- char * url;
>- struct in_addr bindAddress;
>-@@ -63,6 +64,7 @@ struct tr_rpc_server
>- char * password;
>- char * whitelistStr;
>- tr_list * whitelist;
>-+ tr_list * hostWhitelist;
>- 
>- char * sessionId;
>- time_t sessionIdExpiresAt;
>-@@ -588,6 +590,49 @@ isAddressAllowed (const tr_rpc_server * server, const char * address)
>- return false;
>- }
>- 
>-+static bool isHostnameAllowed(tr_rpc_server const* server, struct evhttp_request* req)
>-+{
>-+ /* If password auth is enabled, any hostname is permitted. */
>-+ if (server->isPasswordEnabled)
>-+ {
>-+ return true;
>-+ }
>-+
>-+ char const* const host = evhttp_find_header(req->input_headers, "Host");
>-+
>-+ // If whitelist is disabled, no restrictions.
>-+ if (!server->isHostWhitelistEnabled)
>-+ return true;
>-+
>-+ /* No host header, invalid request. */
>-+ if (host == NULL)
>-+ {
>-+ return false;
>-+ }
>-+
>-+ /* Host header might include the port. */
>-+ char* const hostname = tr_strndup(host, strcspn(host, ":"));
>-+
>-+ /* localhost or ipaddress is always acceptable. */
>-+ if (strcmp(hostname, "localhost") == 0 || strcmp(hostname, "localhost.") == 0 || tr_addressIsIP(hostname))
>-+ {
>-+ tr_free(hostname);
>-+ return true;
>-+ }
>-+
>-+ /* Otherwise, hostname must be whitelisted. */
>-+ for (tr_list* l = server->hostWhitelist; l != NULL; l = l->next) {
>-+ if (tr_wildmat(hostname, l->data))
>-+ {
>-+ tr_free(hostname);
>-+ return true;
>-+ }
>-+ }
>-+
>-+ tr_free(hostname);
>-+ return false;
>-+}
>-+
>- static bool
>- test_session_id (struct tr_rpc_server * server, struct evhttp_request * req)
>- {
>-@@ -663,6 +708,23 @@ handle_request (struct evhttp_request * req, void * arg)
>- handle_upload (req, server);
>- }
>- #ifdef REQUIRE_SESSION_ID
>-+ else if (!isHostnameAllowed(server, req))
>-+ {
>-+ char* tmp = tr_strdup_printf(
>-+ "Transmission received your request, but the hostname was unrecognized."
>-+ "To fix this, choose one of the following options:"
>-+ "<ul>"
>-+ "<li>Enable password authentication, then any hostname is allowed.</li>"
>-+ "<li>Add the hostname you want to use to the whitelist in settings.</li>"
>-+ "</ul>"
>-+ "If you're editing settings.json, see the 'rpc-host-whitelist' and 'rpc-host-whitelist-enabled' entries."
>-+ "This requirement has been added to help prevent "
>-+ "<a href=\"https://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding</a> "
>-+ "attacks.");
>-+ send_simple_response(req, 421, tmp);
>-+ tr_free(tmp);
>-+ }
>-+
>- else if (!test_session_id (server, req))
>- {
>- const char * sessionId = get_current_session_id (server);
>-@@ -674,7 +736,7 @@ handle_request (struct evhttp_request * req, void * arg)
>- "<li> When you get this 409 error message, resend your request with the updated header"
>- "</ol>"
>- "This requirement has been added to help prevent "
>-- "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
>-+ "<a href=\"https://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
>- "attacks."
>- "<code>%s: %s</code>",
>- TR_RPC_SESSION_ID_HEADER, sessionId);
>-@@ -875,19 +937,14 @@ tr_rpcGetUrl (const tr_rpc_server * server)
>- return server->url ? server->url : "";
>- }
>- 
>--void
>--tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
>-+static void
>-+tr_rpcSetList (char const* whitelistStr, tr_list** list)
>- {
>- void * tmp;
>- const char * walk;
>- 
>-- /* keep the string */
>-- tmp = server->whitelistStr;
>-- server->whitelistStr = tr_strdup (whitelistStr);
>-- tr_free (tmp);
>--
>- /* clear out the old whitelist entries */
>-- while ((tmp = tr_list_pop_front (&server->whitelist)))
>-+ while ((tmp = tr_list_pop_front (list)) != NULL)
>- tr_free (tmp);
>- 
>- /* build the new whitelist entries */
>-@@ -896,7 +953,7 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
>- const char * delimiters = " ,;";
>- const size_t len = strcspn (walk, delimiters);
>- char * token = tr_strndup (walk, len);
>-- tr_list_append (&server->whitelist, token);
>-+ tr_list_append (list, token);
>- if (strcspn (token, "+-") < len)
>- tr_logAddNamedInfo (MY_NAME, "Adding address to whitelist: %s (And it has a '+' or '-'! Are you using an old ACL by mistake?)", token);
>- else
>-@@ -909,6 +966,21 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
>- }
>- }
>- 
>-+void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelistStr)
>-+{
>-+ tr_rpcSetList(whitelistStr, &server->hostWhitelist);
>-+}
>-+
>-+void tr_rpcSetWhitelist(tr_rpc_server* server, char const* whitelistStr)
>-+{
>-+ /* keep the string */
>-+ char* const tmp = server->whitelistStr;
>-+ server->whitelistStr = tr_strdup(whitelistStr);
>-+ tr_free(tmp);
>-+
>-+ tr_rpcSetList(whitelistStr, &server->whitelist);
>-+}
>-+
>- const char*
>- tr_rpcGetWhitelist (const tr_rpc_server * server)
>- {
>-@@ -930,6 +1002,11 @@ tr_rpcGetWhitelistEnabled (const tr_rpc_server * server)
>- return server->isWhitelistEnabled;
>- }
>- 
>-+void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled)
>-+{
>-+ server->isHostWhitelistEnabled = isEnabled;
>-+}
>-+
>- /****
>- ***** PASSWORD
>- ****/
>-@@ -1063,6 +1140,28 @@ tr_rpcInit (tr_session * session, tr_variant * settings)
>- else
>- tr_rpcSetWhitelistEnabled (s, boolVal);
>- 
>-+ key = TR_KEY_rpc_host_whitelist_enabled;
>-+
>-+ if (!tr_variantDictFindBool(settings, key, &boolVal))
>-+ {
>-+ missing_settings_key(key);
>-+ }
>-+ else
>-+ {
>-+ tr_rpcSetHostWhitelistEnabled(s, boolVal);
>-+ }
>-+
>-+ key = TR_KEY_rpc_host_whitelist;
>-+
>-+ if (!tr_variantDictFindStr(settings, key, &str, NULL) && str != NULL)
>-+ {
>-+ missing_settings_key(key);
>-+ }
>-+ else
>-+ {
>-+ tr_rpcSetHostWhitelist(s, str);
>-+ }
>-+
>- key = TR_KEY_rpc_authentication_required;
>- if (!tr_variantDictFindBool (settings, key, &boolVal))
>- missing_settings_key (key);
>-diff --git a/libtransmission/rpc-server.h b/libtransmission/rpc-server.h
>-index e0302c5ea..8c9e6b24e 100644
>---- libtransmission/rpc-server.h.orig
>-+++ libtransmission/rpc-server.h
>-@@ -49,6 +49,10 @@ void tr_rpcSetWhitelist (tr_rpc_server * server,
>- 
>- const char* tr_rpcGetWhitelist (const tr_rpc_server * server);
>- 
>-+void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled);
>-+
>-+void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelist);
>-+
>- void tr_rpcSetPassword (tr_rpc_server * server,
>- const char * password);
>- 
>-diff --git a/libtransmission/session.c b/libtransmission/session.c
>-index 844cadba8..58b717913 100644
>---- libtransmission/session.c.orig
>-+++ libtransmission/session.c
>-@@ -359,6 +359,8 @@ tr_sessionGetDefaultSettings (tr_variant * d)
>- tr_variantDictAddStr (d, TR_KEY_rpc_username, "");
>- tr_variantDictAddStr (d, TR_KEY_rpc_whitelist, TR_DEFAULT_RPC_WHITELIST);
>- tr_variantDictAddBool (d, TR_KEY_rpc_whitelist_enabled, true);
>-+ tr_variantDictAddStr(d, TR_KEY_rpc_host_whitelist, TR_DEFAULT_RPC_HOST_WHITELIST);
>-+ tr_variantDictAddBool(d, TR_KEY_rpc_host_whitelist_enabled, true);
>- tr_variantDictAddInt (d, TR_KEY_rpc_port, atoi (TR_DEFAULT_RPC_PORT_STR));
>- tr_variantDictAddStr (d, TR_KEY_rpc_url, TR_DEFAULT_RPC_URL_STR);
>- tr_variantDictAddBool (d, TR_KEY_scrape_paused_torrents_enabled, true);
>-diff --git a/libtransmission/transmission.h b/libtransmission/transmission.h
>-index 4f76adfd6..e213a8f4e 100644
>---- libtransmission/transmission.h.orig
>-+++ libtransmission/transmission.h
>-@@ -123,6 +123,7 @@ const char* tr_getDefaultDownloadDir (void);
>- #define TR_DEFAULT_BIND_ADDRESS_IPV4 "0.0.0.0"
>- #define TR_DEFAULT_BIND_ADDRESS_IPV6 "::"
>- #define TR_DEFAULT_RPC_WHITELIST "127.0.0.1"
>-+#define TR_DEFAULT_RPC_HOST_WHITELIST ""
>- #define TR_DEFAULT_RPC_PORT_STR "9091"
>- #define TR_DEFAULT_RPC_URL_STR "/transmission/"
>- #define TR_DEFAULT_PEER_PORT_STR "51413"
>-diff --git a/libtransmission/web.c b/libtransmission/web.c
>-index ee495e9fc..c7f062730 100644
>---- libtransmission/web.c.orig
>-+++ libtransmission/web.c
>-@@ -594,6 +594,7 @@ tr_webGetResponseStr (long code)
>- case 415: return "Unsupported Media Type";
>- case 416: return "Requested Range Not Satisfiable";
>- case 417: return "Expectation Failed";
>-+ case 421: return "Misdirected Request";
>- case 500: return "Internal Server Error";
>- case 501: return "Not Implemented";
>- case 502: return "Bad Gateway";
>
>Property changes on: net-p2p/transmission-cli/files/patch-fix_dns_rebinding_vuln
>___________________________________________________________________
>Deleted: fbsd:nokeywords
>## -1 +0,0 ##
>-yes
>\ No newline at end of property
>Deleted: svn:eol-style
>## -1 +0,0 ##
>-native
>\ No newline at end of property
>Deleted: svn:mime-type
>## -1 +0,0 ##
>-text/plain
>\ No newline at end of property
>Index: net-p2p/transmission-daemon/Makefile
>===================================================================
>--- net-p2p/transmission-daemon/Makefile	(revision 461920)
>+++ net-p2p/transmission-daemon/Makefile	(working copy)
>@@ -1,6 +1,5 @@
> # $FreeBSD$
> 
>-PORTREVISION=	4
> PKGNAMESUFFIX=	-daemon
> 
> MAINTAINER=	crees@FreeBSD.org
>Index: net-p2p/transmission-gtk/Makefile
>===================================================================
>--- net-p2p/transmission-gtk/Makefile	(revision 461920)
>+++ net-p2p/transmission-gtk/Makefile	(working copy)
>@@ -1,6 +1,5 @@
> # $FreeBSD$
> 
>-PORTREVISION=	4
> PKGNAMESUFFIX=	-gtk
> 
> MAINTAINER=	crees@FreeBSD.org
>Index: net-p2p/transmission-qt4/Makefile
>===================================================================
>--- net-p2p/transmission-qt4/Makefile	(revision 461920)
>+++ net-p2p/transmission-qt4/Makefile	(working copy)
>@@ -1,6 +1,5 @@
> # $FreeBSD$
> 
>-PORTREVISION=	6
> PKGNAMESUFFIX=	-qt4
> 
> MAINTAINER=	crees@FreeBSD.org
>Index: net-p2p/transmission-qt5/Makefile
>===================================================================
>--- net-p2p/transmission-qt5/Makefile	(revision 461920)
>+++ net-p2p/transmission-qt5/Makefile	(working copy)
>@@ -1,6 +1,5 @@
> # $FreeBSD$
> 
>-PORTREVISION=	1
> PKGNAMESUFFIX=	-qt5
> 
> MAINTAINER=	crees@FreeBSD.org

Actions: View | Diff

Attachments on bug 225917: 190649