Accepting request 537770 from home:hillwood:branches:server:proxy

- Add fix-Command-Execution-in-ss-manager.patch * Fix boo#1065619 and CVE-2017-15924 OBS-URL: https://build.opensuse.org/request/show/537770 OBS-URL: https://build.opensuse.org/package/show/server:proxy/shadowsocks-libev?expand=0&rev=10
2017-10-31 04:03:09 +00:00 · 2017-10-31 04:03:09 +00:00 · 5ea5503a33
commit 5ea5503a33
parent 2b8ba54585
3 changed files with 89 additions and 13 deletions
--- a/fix-Command-Execution-in-ss-manager.patch
+++ b/fix-Command-Execution-in-ss-manager.patch
@ -0,0 +1,65 @@
+diff -Nur shadowsocks-libev-3.1.0/src/manager.c shadowsocks-libev-3.1.0-new/src/manager.c
+--- shadowsocks-libev-3.1.0/src/manager.c	2017-09-06 09:19:47.000000000 +0800
+++ shadowsocks-libev-3.1.0-new/src/manager.c	2017-10-31 11:29:51.122235135 +0800
+@@ -92,7 +92,7 @@
+ }
+ 
+ static void
+-build_config(char *prefix, struct server *server)
+build_config(char *prefix, struct manager_ctx *manager, struct server *server)
+ {
+     char *path    = NULL;
+     int path_size = strlen(prefix) + strlen(server->port) + 20;
+@@ -110,11 +110,18 @@
+     fprintf(f, "{\n");
+     fprintf(f, "\"server_port\":%d,\n", atoi(server->port));
+     fprintf(f, "\"password\":\"%s\"", server->password);
+-    if (server->fast_open[0]) fprintf(f, ",\n\"fast_open\": %s", server->fast_open);
+-    if (server->mode)   fprintf(f, ",\n\"mode\":\"%s\"", server->mode);
+-    if (server->method) fprintf(f, ",\n\"method\":\"%s\"", server->method);
+-    if (server->plugin) fprintf(f, ",\n\"plugin\":\"%s\"", server->plugin);
+-    if (server->plugin_opts) fprintf(f, ",\n\"plugin_opts\":\"%s\"", server->plugin_opts);
+    if (server->method)
+        fprintf(f, ",\n\"method\":\"%s\"", server->method);
+    else if (manager->method)
+        fprintf(f, ",\n\"method\":\"%s\"", manager->method);
+    if (server->fast_open[0])
+        fprintf(f, ",\n\"fast_open\": %s", server->fast_open);
+    if (server->mode)
+        fprintf(f, ",\n\"mode\":\"%s\"", server->mode);
+    if (server->plugin)
+        fprintf(f, ",\n\"plugin\":\"%s\"", server->plugin);
+    if (server->plugin_opts)
+        fprintf(f, ",\n\"plugin_opts\":\"%s\"", server->plugin_opts);
+     fprintf(f, "\n}\n");
+     fclose(f);
+     ss_free(path);
+@@ -124,17 +131,17 @@
+ construct_command_line(struct manager_ctx *manager, struct server *server)
+ {
+     static char cmd[BUF_SIZE];
+-    char *method = manager->method;
+     int i;
+    int port;
+ 
+-    build_config(working_dir, server);
+    port = atoi(server->port);
+
+    build_config(working_dir, manager, server);
+ 
+-    if (server->method) method = server->method;
+     memset(cmd, 0, BUF_SIZE);
+     snprintf(cmd, BUF_SIZE,
+-             "%s -m %s --manager-address %s -f %s/.shadowsocks_%s.pid -c %s/.shadowsocks_%s.conf",
+-             executable, method, manager->manager_address,
+-             working_dir, server->port, working_dir, server->port);
+             "%s --manager-address %s -f %s/.shadowsocks_%d.pid -c %s/.shadowsocks_%d.conf",
+             executable, manager->manager_address, working_dir, port, working_dir, port);
+ 
+     if (manager->acl != NULL) {
+         int len = strlen(cmd);
+@@ -1211,3 +1218,4 @@
+ 
+     return 0;
+ }
+
--- a/shadowsocks-libev.changes
+++ b/shadowsocks-libev.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Oct 31 03:31:56 UTC 2017 - hillwood@opensuse.org
+
+- Add fix-Command-Execution-in-ss-manager.patch
+  * Fix boo#1065619 and CVE-2017-15924
+
 -------------------------------------------------------------------
 Sat Sep 28 03:03:17 UTC 2017 - hillwood@opensuse.org

--- a/shadowsocks-libev.spec
+++ b/shadowsocks-libev.spec
@ -1,7 +1,7 @@
 #
 # spec file for package shadowsocks-libev
 #
-# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -15,15 +15,18 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #

+
 %define libver 2
 Name:           shadowsocks-libev
 Version:        3.1.0
 Release:        0
-License:        GPL-3.0+
 Summary:        Libev port of Shadowsocks
-Url:            https://github.com/shadowsocks/shadowsocks-libev
+License:        GPL-3.0+
 Group:          Productivity/Networking/Web/Proxy
+Url:            https://github.com/shadowsocks/shadowsocks-libev
 Source0:        https://github.com/shadowsocks/shadowsocks-libev/releases/download/v%{version}/%{name}-%{version}.tar.gz
+# PATFH-FIX-SUSE fix-Command-Execution-in-ss-manager.patch hillwood@opensuse.org --Fix boo#1065619 and CVE-2017-15924
+Patch0:         fix-Command-Execution-in-ss-manager.patch
 Source1:        %{name}-config.json
 Source2:        %{name}-client.service
 Source3:        %{name}-server.service
@ -32,12 +35,12 @@ Source5:        %{name}-nat.service
 Source6:        %{name}-manager.service
 Source7:        %{name}-redir.service
 BuildRequires:  libtool
-BuildRequires:  pkgconfig(openssl)
-BuildRequires:  pkgconfig(libsodium) >= 1.0.4
-BuildRequires:  pkgconfig(libpcre)
+BuildRequires:  mbedtls-devel
 BuildRequires:  pkgconfig(libcares)
 BuildRequires:  pkgconfig(libev)
-BuildRequires:  mbedtls-devel
+BuildRequires:  pkgconfig(libpcre)
+BuildRequires:  pkgconfig(libsodium) >= 1.0.4
+BuildRequires:  pkgconfig(openssl)
 %if 0%{?fedora} >= 24
 BuildRequires:  pkgconfig
 %else
@ -47,8 +50,8 @@ BuildRequires:  pkg-config
 BuildRequires:  ghostscript-core
 %endif
 BuildRequires:  asciidoc
-BuildRequires:  xmlto
 BuildRequires:  systemd
+BuildRequires:  xmlto
 Recommends:     simple-obfs
 %{?systemd_requires}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@ -59,6 +62,7 @@ for embedded devices and low end boxes.

 %package -n lib%{name}%{libver}
 Summary:        Libev port of Shadowsocks
+Group:          Productivity/Networking/Web/Proxy

 %description -n lib%{name}%{libver}
 shadowsocks-libev is a lightweight secured scoks5 proxy 
@ -69,7 +73,7 @@ This package provides libraries for it.
 %package doc
 Summary:        Documents for shadowsocks-libev
 Group:          Documentation/HTML
-Requires:      %{name} = %{version}
+Requires:       %{name} = %{version}
 BuildArch:      noarch

 %description doc
@ -79,9 +83,9 @@ for embedded devices and low end boxes.
 This package provides Documents for it.

 %package devel
-Summary:       Development headers for shadowsocks-libev
-Group:         Development/Libraries/C and C++
-Requires:      lib%{name}%{libver} = %{version}
+Summary:        Development headers for shadowsocks-libev
+Group:          Development/Libraries/C and C++
+Requires:       lib%{name}%{libver} = %{version}

 %description devel
 shadowsocks-libev is a lightweight secured scoks5 proxy
@ -91,6 +95,7 @@ This package provides development headers for it.

 %prep
 %setup -q
+%patch0 -p1

 %build
 %configure --prefix=%{_prefix} \
@ -129,7 +134,7 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcshadowsocks-libev-tunnel
 %{service_add_post %{name}-server.service %{name}-client.service \
    %{name}-manager.service %{name}-nat.service %{name}-redir.service \
    %{name}-tunnel.service}
- 
+
 %preun
 %{service_del_preun %{name}-server.service %{name}-client.service \
    %{name}-manager.service %{name}-nat.service %{name}-redir.service \