import openwsman-2.6.5-5.el8

2019-05-07 15:23:55 -04:00 · 2019-05-07 15:23:55 -04:00 · 704eefa6e0
commit 704eefa6e0
parent a2ddebd8e9
2 changed files with 88 additions and 2 deletions
--- a/SOURCES/openwsman-2.6.5-CVE-2019-3816.patch
+++ b/SOURCES/openwsman-2.6.5-CVE-2019-3816.patch
@ -0,0 +1,79 @@
+diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
+--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2019-03-13 10:20:07.376527798 +0100
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2019-03-13 10:20:07.380527801 +0100
+@@ -336,10 +336,12 @@ date_to_epoch(const char *s)
+ }
+ 
+ static void
+-remove_double_dots(char *s)
+remove_all_leading_dots(char *s)
+ {
+ 	char	*p = s;
+ 
+	while (*s != '\0' && *s == '.') s++;
+
+ 	while (*s != '\0') {
+ 		*p++ = *s++;
+ 		if (s[-1] == '/' || s[-1] == '\\')
+@@ -546,7 +548,7 @@ decide_what_to_do(struct conn *c)
+ 		*c->query++ = '\0';
+ 
+ 	_shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1);
+-	remove_double_dots(c->uri);
+	remove_all_leading_dots(c->uri);
+ 
+ 	root = c->ctx->options[OPT_ROOT];
+ 	if (strlen(c->uri) + strlen(root) >= sizeof(path)) {
+@@ -556,6 +558,7 @@ decide_what_to_do(struct conn *c)
+ 
+ 	(void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri);
+ 
+	DBG(("decide_what_to_do -> processed path: [%s]", path));
+ 	/* User may use the aliases - check URI for mount point */
+ 	if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) {
+ 		(void) _shttpd_snprintf(path, sizeof(path), "%.*s%s",
+@@ -572,7 +575,10 @@ decide_what_to_do(struct conn *c)
+ 	if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) {
+ 		_shttpd_setup_embedded_stream(c,
+ 		    ruri->callback, ruri->callback_data);
+-	} else
+	} else {
+		_shttpd_send_server_error(c, 403, "Forbidden");
+	}
+#if 0
+ 	if (strstr(path, HTPASSWD)) {
+ 		/* Do not allow to view passwords files */
+ 		_shttpd_send_server_error(c, 403, "Forbidden");
+@@ -656,6 +662,7 @@ decide_what_to_do(struct conn *c)
+ 	} else {
+ 		_shttpd_send_server_error(c, 500, "Internal Error");
+ 	}
+#endif
+ }
+ 
+ static int
+diff -up openwsman-2.6.5/src/server/wsmand.c.orig openwsman-2.6.5/src/server/wsmand.c
+--- openwsman-2.6.5/src/server/wsmand.c.orig	2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/wsmand.c	2019-03-13 10:20:07.380527801 +0100
+@@ -198,6 +198,10 @@ static void daemonize(void)
+ 	int fd;
+ 	char *pid;
+ 
+	/* Change our CWD to / */
+	i = chdir("/");
+	assert(i == 0);
+
+ 	if (wsmand_options_get_foreground_debug() > 0) {
+ 		return;
+ 	}
+@@ -214,10 +218,6 @@ static void daemonize(void)
+ 	log_pid = 0;
+ 	setsid();
+ 
+-	/* Change our CWD to / */
+-	i=chdir("/");
+-        assert(i == 0);
+-
+ 	/* Close all file descriptors. */
+ 	for (i = getdtablesize(); i >= 0; --i)
+ 		close(i);
--- a/SPECS/openwsman.spec
+++ b/SPECS/openwsman.spec
@ -3,7 +3,7 @@

 Name:		openwsman
 Version:	2.6.5
-Release:	4%{?dist}
+Release:	5%{?dist}
 Summary:	Open source Implementation of WS-Management

 License:	BSD
@ -20,6 +20,7 @@ Patch2:		openwsman-2.4.12-ruby-binding-build.patch
 Patch3:		openwsman-2.6.2-openssl-1.1-fix.patch
 Patch4:		openwsman-2.6.5-http-status-line.patch
 Patch5:		openwsman-2.6.5-fix-set-cipher-list-retval-check.patch
+Patch6:		openwsman-2.6.5-CVE-2019-3816.patch
 BuildRequires:	swig
 BuildRequires:	libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel
 BuildRequires:	python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter
@ -126,6 +127,7 @@ You can use it to send shell commands to a remote Windows hosts.
 %patch3 -p1 -b .openssl-1.1-fix
 %patch4 -p1 -b .http-status-line
 %patch5 -p1 -b .fix-set-cipher-list-retval-check
+%patch6 -p1 -b .CVE-2019-3816

 %build
 # Removing executable permissions on .c and .h files to fix rpmlint warnings. 
@ -282,6 +284,11 @@ rm -f /var/log/wsmand.log
 %{_bindir}/winrs

 %changelog
+* Mon Apr 01 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-5
+- Fix CVE-2019-3816
+  Resolves: #1693972
+- Remove Dist Tag from the oldest changelog entry
+
 * Thu Sep 20 2018 Tomas Orsava <torsava@redhat.com> - 2.6.5-4
 - Require the Python interpreter directly instead of using the package name
 - Related: rhbz#1619153
@ -581,5 +588,5 @@ rm -f /var/log/wsmand.log
 * Mon Sep 22 2008 Matt Domsch <Matt_Domsch@dell.com> - 2.1.0-1
 - update to 2.1.0, resolves security issues

-* Tue Aug 19 2008  <srinivas_ramanatha@dell.com> - 2.0.0-1%{?dist}
+* Tue Aug 19 2008  <srinivas_ramanatha@dell.com> - 2.0.0-1
 - Modified the spec file to adhere to fedora packaging guidelines.