summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarek Szuba <marecki@gentoo.org>2020-09-18 19:38:21 +0200
committerMarek Szuba <marecki@gentoo.org>2020-09-18 19:43:45 +0200
commit4a0003172e29b7c7d16a8dbffb7065c2cb1d72a2 (patch)
treec2b84b0f1af55b7417e187bd630228202ff9cad4 /net-libs/xrootd
parentnet-libs/xrootd: bump to 5.0.2 (diff)
downloadgentoo-4a0003172e29b7c7d16a8dbffb7065c2cb1d72a2.tar.gz
gentoo-4a0003172e29b7c7d16a8dbffb7065c2cb1d72a2.tar.bz2
gentoo-4a0003172e29b7c7d16a8dbffb7065c2cb1d72a2.zip
net-libs/xrootd: bump to 4.12.4
Also includes the http-key-leakage patch backported from 5.0.2. Bug: https://bugs.gentoo.org/743391 Signed-off-by: Marek Szuba <marecki@gentoo.org>
Diffstat (limited to 'net-libs/xrootd')
-rw-r--r--net-libs/xrootd/Manifest2
-rw-r--r--net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch41
-rw-r--r--net-libs/xrootd/xrootd-4.12.4.ebuild (renamed from net-libs/xrootd/xrootd-4.12.3.ebuild)8
3 files changed, 48 insertions, 3 deletions
diff --git a/net-libs/xrootd/Manifest b/net-libs/xrootd/Manifest
index afebf6d2494..0ac03ed45ac 100644
--- a/net-libs/xrootd/Manifest
+++ b/net-libs/xrootd/Manifest
@@ -1,5 +1,5 @@
DIST xrootd-4.12.0.tar.gz 2564041 BLAKE2B 6ea9c379aa482c81279168baa3e1381e880d34014fb3516c96961da64d54faf649295f024313ece445df9a62b6b5c818b7aa8a987025d3cd969188de072648c9 SHA512 5338c4fb5461918473dd4f41f4d29fae09a8fc6a9e2d8f00bb74d929dc5396fef73643462d1a4f1ba71ffe5cf92a1695a167ca3a766c674a9377dcf99aaa1778
-DIST xrootd-4.12.3.tar.gz 2574996 BLAKE2B 1ba6ecdee473fbe1f6367459dfe8324f38e2d72aa64ed349ccdcaa7616a3d70f0b647d2eac6babbcc0e1b673ff44a050c05f23e80fb89161f121fa6dd3484311 SHA512 e4f4ad744a71a7fc69a16f2114b6d5962ddf0b22bd86f7eb19703313d55242813f13be1a1f23c541b966674bdb4854f955843322525f37bc83647e8f2fbe076d
+DIST xrootd-4.12.4.tar.gz 2577360 BLAKE2B f2e4413bcbf02dccb1ac7b0ceec8fbc2bb8b1de838cd9753c9d61f76fc2d68e845a41075b63a4afe56b1a434cf89ecf4f4b8571fa9ae866a19e6bcadcc5dcd9b SHA512 8cbc5e5f270f39c48b7c75a15e2721ebb793f13419608834777f39bc0ee7dd8c4fad481367f997172dae5029d9e5e4e9d7870843bd5c9957fa9fe439592c4364
DIST xrootd-5.0.0.tar.gz 2754256 BLAKE2B c80a38ede3263ae669181f2173f6ee2bb0a347dc973cecc9dedf00867041190f7bceb7f475696e8cd3921c57d4c197b73ee57b29c9e78a027393ca61dca1b6d3 SHA512 75b69d3da2a6e477edbf5588afd943a91a2e1e86fcc98afc34d964c9231fc0224b4eec82336e9a7d5bd8bd0cd5c20e442ee37b8f6239f417b05efdf39038d93c
DIST xrootd-5.0.1.tar.gz 2759931 BLAKE2B 2bc76f660f7fb3c9202c37dc10f099f2bd06868b00c43e6015ebb0d9cf3edf8ac777f76c1f71d0f1f4b252cedd62c9aa74a449cb5f369492a5ee63813bb7924f SHA512 95e0fe97f66a320999d4c2dd2ac5be4e2ba7779f220aa521e4882925d5e9262c34991f0ecbd3c2449b97977ff4cdbdcd9477ed780d1a6dbf8fbd3f547b4932ba
DIST xrootd-5.0.2.tar.gz 2764503 BLAKE2B 35bc642d3601738135ff24a77f9bc8795568553856284ebe80d90315039d04109353d2e00310f8b8168f6b1176ee295c9116a7e6adaff33ca23383da9deecf17 SHA512 e58b5484c0fa9f83643e252eb8228f2061130b4f97964283a6adb8a81560841f3d44814572136023d944be6bdd97cff551e75bbfb04e6c9aafaa779ecb051255
diff --git a/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch b/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch
new file mode 100644
index 00000000000..953c6aa3b2b
--- /dev/null
+++ b/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch
@@ -0,0 +1,41 @@
+Backported from 5.0.2. Not quite sure if xrootd-4 is actually vulnerable
+to this - but just in case.
+
+From fff97c2dc6703dc1ba8b28b1bf67eeb278ff3e22 Mon Sep 17 00:00:00 2001
+From: Andrew Hanushevsky <abh@stanford.edu>
+Date: Wed, 2 Sep 2020 23:13:52 -0700
+Subject: [PATCH] [HTTP] Prevent secret key leakage if specified in the config
+ file.
+
+---
+ src/XrdHttp/XrdHttpProtocol.cc | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/XrdHttp/XrdHttpProtocol.cc b/src/XrdHttp/XrdHttpProtocol.cc
+index 66b89df20ed..5f50f2aeadd 100644
+--- a/src/XrdHttp/XrdHttpProtocol.cc
++++ b/src/XrdHttp/XrdHttpProtocol.cc
+@@ -1986,6 +1986,7 @@ int XrdHttpProtocol::xsslcafile(XrdOucStream & Config) {
+
+ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) {
+ char *val;
++ bool inFile = false;
+
+ // Get the path
+ //
+@@ -2001,6 +2002,7 @@ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) {
+ // otherwise, the token itself is the secretkey
+ if (val[0] == '/') {
+ struct stat st;
++ inFile = true;
+ if ( stat(val, &st) ) {
+ eDest.Emsg("Config", errno, "stat shared secret key file", val);
+ return 1;
+@@ -2059,6 +2061,7 @@ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) {
+ // Record the path
+ if (secretkey) free(secretkey);
+ secretkey = strdup(val);
++ if (!inFile) Config.noEcho();
+
+ return 0;
+ }
diff --git a/net-libs/xrootd/xrootd-4.12.3.ebuild b/net-libs/xrootd/xrootd-4.12.4.ebuild
index 17545ef3217..105a4611edc 100644
--- a/net-libs/xrootd/xrootd-4.12.3.ebuild
+++ b/net-libs/xrootd/xrootd-4.12.4.ebuild
@@ -42,12 +42,16 @@ REQUIRED_USE="
python? ( ${PYTHON_REQUIRED_USE} )
"
-PATCHES=( "${FILESDIR}"/xrootd-4.8.3-crc32.patch )
+PATCHES=(
+ "${FILESDIR}"/${PN}-4.8.3-crc32.patch
+ "${FILESDIR}"/${PN}-4.12.4-http_secret_leakage.patch
+)
# xrootd plugins are not intended to be linked with,
# they are to be loaded at runtime by xrootd,
# see https://github.com/xrootd/xrootd/issues/447
-QA_SONAME="/usr/lib.*/libXrd.*-$(ver_cut 1).so"
+QA_SONAME="/usr/lib.*/libXrd.*-$(ver_cut 1).so
+ /usr/lib.*/libXrdClTests\.so"
pkg_setup() {
use python && python_setup