Package: darcs-server
Version: 2.0.2-2
Severity: important
The heart of this package is a Perl CGI script.
Perl's taint checking has become stricter between 5.8 and 5.10:
perl#45671: printf should check taintedness of its template
http://rt.perl.org/rt3/Public/Bug/Display.html?id=45671
In this CGI script, $name is tainted in:
line 231: printf $fh qq( <$type name="$name" modified="$mtime" ts="$ts"
/>\n);
line 250: printf $fh qq( <repository name="$name" />\n);
With those two fixed, it's showing the list of repositories, but only giving
a blank page when I browse in to them. I'll log another bug if I work out
what else is wrong.
There are other printfs in it that look problematic, but I'm not hitting them
yet.
darcs-server appears to be completely broken with Perl 5.10. Setting this
bug non-RC as it shares the source package with the main darcs binary.
Steve
Two patches attached - one fixes the printfs that I have hit, one should fix
a couple of others which look problematic, but I haven't hit them yet.
Please remember that it's not working properly for me yet.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26 (SMP w/1 CPU core; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages darcs-server depends on:
ii darcs 2.0.2-2 an advanced revision control syste
ii sudo 1.6.9p17-1 Provide limited super user privile
ii xsltproc 1.1.24-2 XSLT command line processor
Versions of packages darcs-server recommends:
ii apache2 2.2.9-7 Apache HTTP Server metapackage
ii apache2-mpm-worker [httpd] 2.2.9-7 Apache HTTP Server - high speed th
ii exim4 4.69-6 metapackage to ease Exim MTA (v4)
ii exim4-daemon-light [mail-tran 4.69-6 lightweight Exim MTA (v4) daemon
ii gnupg 1.4.9-3 GNU privacy guard - a free PGP rep
darcs-server suggests no packages.
-- no debconf information
Thu Sep 11 00:06:59 BST 2008 Steve Cotton <[EMAIL PROTECTED]>
* insecure printfs - fix the two that I can currently hit
diff -rN -u old-unstable/tools/cgi/darcs.cgi.in
new-unstable/tools/cgi/darcs.cgi.in
--- old-unstable/tools/cgi/darcs.cgi.in 2008-09-11 00:13:35.000000000 +0100
+++ new-unstable/tools/cgi/darcs.cgi.in 2008-09-11 00:13:35.000000000 +0100
@@ -228,7 +228,7 @@
} else {
($name, $type) = (basename($file), 'file');
}
- printf $fh qq( <$type name="$name" modified="$mtime" ts="$ts" />\n);
+ print $fh qq( <$type name="$name" modified="$mtime" ts="$ts" />\n);
}
closedir(DH);
print $fh "</files>\n";
@@ -247,7 +247,7 @@
while( defined (my $name = readdir(DH)) ) {
next if $name =~ /^\.\.?$/;
if (-d "$repository_root/$name/_darcs") {
- printf $fh qq( <repository name="$name" />\n);
+ print $fh qq( <repository name="$name" />\n);
}
}
closedir(DH);
Thu Sep 11 00:08:32 BST 2008 Steve Cotton <[EMAIL PROTECTED]>
* insecure printfs - fix the two that I have not yet hit
diff -rN -u old-unstable/tools/cgi/darcs.cgi.in
new-unstable/tools/cgi/darcs.cgi.in
--- old-unstable/tools/cgi/darcs.cgi.in 2008-09-11 00:13:48.000000000 +0100
+++ new-unstable/tools/cgi/darcs.cgi.in 2008-09-11 00:13:48.000000000 +0100
@@ -139,10 +139,10 @@
my ($fh, $repo, $dir, $file) = @_;
my ($full_path, $path) = '/';
- printf $fh qq(<?xml version="1.0" encoding="$xml_encoding"?>\n);
+ print $fh qq(<?xml version="1.0" encoding="$xml_encoding"?>\n);
- printf $fh qq(<darcs repository="$repo" target="%s/%s%s">\n),
- $repo, ($dir ? "$dir/" : ''), ($file ? "$file" : '');
+ print $fh qq(<darcs repository="$repo" target="), $repo, "/",
+ ($dir ? "$dir/" : ''), ($file ? "$file" : ''), qq(">\n);
print $fh qq(<path>\n);
foreach $path (split('/', "$repo/$dir")) {
