diff -Nru cxxtools-2.2/ChangeLog cxxtools-2.2.1/ChangeLog --- cxxtools-2.2/ChangeLog 2013-04-21 19:18:36.000000000 +0000 +++ cxxtools-2.2.1/ChangeLog 2014-01-17 19:07:07.000000000 +0000 @@ -1,4 +1,13 @@ +2014-01-17 tommi@tntnet.org + + - release version 2.2.1 + +2013-12-14 tommi@tntnet.org + + - fix parsing double % in query parameters + 2013-04-21 tommi@tntnet.org + - release version 2.2 2013-04-17 tommi@tntnet.org diff -Nru cxxtools-2.2/Makefile.am cxxtools-2.2.1/Makefile.am --- cxxtools-2.2/Makefile.am 2013-04-21 20:36:43.000000000 +0000 +++ cxxtools-2.2.1/Makefile.am 2014-01-17 19:05:09.000000000 +0000 @@ -29,4 +29,5 @@ pkgconfig/cxxtools-xmlrpc.pc EXTRA_DIST = \ - Releasenotes-2.2.markdown + Releasenotes-2.2.markdown \ + Releasenotes-2.2.1.markdown diff -Nru cxxtools-2.2/Makefile.in cxxtools-2.2.1/Makefile.in --- cxxtools-2.2/Makefile.in 2013-04-21 20:36:47.000000000 +0000 +++ cxxtools-2.2.1/Makefile.in 2014-01-17 19:07:17.000000000 +0000 @@ -337,7 +337,8 @@ pkgconfig/cxxtools-xmlrpc.pc EXTRA_DIST = \ - Releasenotes-2.2.markdown + Releasenotes-2.2.markdown \ + Releasenotes-2.2.1.markdown all: all-recursive diff -Nru cxxtools-2.2/Releasenotes-2.2.1.markdown cxxtools-2.2.1/Releasenotes-2.2.1.markdown --- cxxtools-2.2/Releasenotes-2.2.1.markdown 1970-01-01 00:00:00.000000000 +0000 +++ cxxtools-2.2.1/Releasenotes-2.2.1.markdown 2014-01-17 19:05:09.000000000 +0000 @@ -0,0 +1,4 @@ +Releasenotes cxxtools 2.2.1 +=========================== + +2.2.1 is a bugfix release. It fixes a major bug when parsing query parameters in http communication. Query parameters containing two percent signs resulted in an recursive loop, which results in a crash. Since query parameters are typically received from the network, it is a major problem, since there is no control over the input parameters sent. diff -Nru cxxtools-2.2/aclocal.m4 cxxtools-2.2.1/aclocal.m4 --- cxxtools-2.2/aclocal.m4 2013-04-21 19:13:10.000000000 +0000 +++ cxxtools-2.2.1/aclocal.m4 2014-01-17 19:07:16.000000000 +0000 @@ -19,6 +19,113 @@ If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) +# longlong.m4 serial 14 +dnl Copyright (C) 1999-2007, 2009-2010 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl From Paul Eggert. + +# Define HAVE_LONG_LONG_INT if 'long long int' works. +# This fixes a bug in Autoconf 2.61, but can be removed once we +# assume 2.62 everywhere. + +# Note: If the type 'long long int' exists but is only 32 bits large +# (as on some very old compilers), HAVE_LONG_LONG_INT will not be +# defined. In this case you can treat 'long long int' like 'long int'. + +AC_DEFUN([AC_TYPE_LONG_LONG_INT], +[ + AC_CACHE_CHECK([for long long int], [ac_cv_type_long_long_int], + [AC_LINK_IFELSE( + [_AC_TYPE_LONG_LONG_SNIPPET], + [dnl This catches a bug in Tandem NonStop Kernel (OSS) cc -O circa 2004. + dnl If cross compiling, assume the bug isn't important, since + dnl nobody cross compiles for this platform as far as we know. + AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[@%:@include + @%:@ifndef LLONG_MAX + @%:@ define HALF \ + (1LL << (sizeof (long long int) * CHAR_BIT - 2)) + @%:@ define LLONG_MAX (HALF - 1 + HALF) + @%:@endif]], + [[long long int n = 1; + int i; + for (i = 0; ; i++) + { + long long int m = n << i; + if (m >> i != n) + return 1; + if (LLONG_MAX / 2 < m) + break; + } + return 0;]])], + [ac_cv_type_long_long_int=yes], + [ac_cv_type_long_long_int=no], + [ac_cv_type_long_long_int=yes])], + [ac_cv_type_long_long_int=no])]) + if test $ac_cv_type_long_long_int = yes; then + AC_DEFINE([HAVE_LONG_LONG_INT], [1], + [Define to 1 if the system has the type `long long int'.]) + fi +]) + +# Define HAVE_UNSIGNED_LONG_LONG_INT if 'unsigned long long int' works. +# This fixes a bug in Autoconf 2.61, but can be removed once we +# assume 2.62 everywhere. + +# Note: If the type 'unsigned long long int' exists but is only 32 bits +# large (as on some very old compilers), AC_TYPE_UNSIGNED_LONG_LONG_INT +# will not be defined. In this case you can treat 'unsigned long long int' +# like 'unsigned long int'. + +AC_DEFUN([AC_TYPE_UNSIGNED_LONG_LONG_INT], +[ + AC_CACHE_CHECK([for unsigned long long int], + [ac_cv_type_unsigned_long_long_int], + [AC_LINK_IFELSE( + [_AC_TYPE_LONG_LONG_SNIPPET], + [ac_cv_type_unsigned_long_long_int=yes], + [ac_cv_type_unsigned_long_long_int=no])]) + if test $ac_cv_type_unsigned_long_long_int = yes; then + AC_DEFINE([HAVE_UNSIGNED_LONG_LONG_INT], [1], + [Define to 1 if the system has the type `unsigned long long int'.]) + fi +]) + +# Expands to a C program that can be used to test for simultaneous support +# of 'long long' and 'unsigned long long'. We don't want to say that +# 'long long' is available if 'unsigned long long' is not, or vice versa, +# because too many programs rely on the symmetry between signed and unsigned +# integer types (excluding 'bool'). +AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET], +[ + AC_LANG_PROGRAM( + [[/* For now, do not test the preprocessor; as of 2007 there are too many + implementations with broken preprocessors. Perhaps this can + be revisited in 2012. In the meantime, code should not expect + #if to work with literals wider than 32 bits. */ + /* Test literals. */ + long long int ll = 9223372036854775807ll; + long long int nll = -9223372036854775807LL; + unsigned long long int ull = 18446744073709551615ULL; + /* Test constant expressions. */ + typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll) + ? 1 : -1)]; + typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1 + ? 1 : -1)]; + int i = 63;]], + [[/* Test availability of runtime routines for shift and division. */ + long long int llmax = 9223372036854775807ll; + unsigned long long int ullmax = 18446744073709551615ull; + return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i) + | (llmax / ll) | (llmax % ll) + | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i) + | (ullmax / ull) | (ullmax % ull));]]) +]) + # Copyright (C) 2002-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation diff -Nru cxxtools-2.2/configure cxxtools-2.2.1/configure --- cxxtools-2.2/configure 2013-04-21 19:13:11.000000000 +0000 +++ cxxtools-2.2.1/configure 2014-01-17 19:07:18.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for cxxtools 2.2. +# Generated by GNU Autoconf 2.69 for cxxtools 2.2.1. # # Report bugs to >. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='cxxtools' PACKAGE_TARNAME='cxxtools' -PACKAGE_VERSION='2.2' -PACKAGE_STRING='cxxtools 2.2' +PACKAGE_VERSION='2.2.1' +PACKAGE_STRING='cxxtools 2.2.1' PACKAGE_BUGREPORT='Tommi Maekitalo ' PACKAGE_URL='' @@ -1366,7 +1366,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures cxxtools 2.2 to adapt to many kinds of systems. +\`configure' configures cxxtools 2.2.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1436,7 +1436,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of cxxtools 2.2:";; + short | recursive ) echo "Configuration of cxxtools 2.2.1:";; esac cat <<\_ACEOF @@ -1548,7 +1548,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -cxxtools configure 2.2 +cxxtools configure 2.2.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2153,7 +2153,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by cxxtools $as_me 2.2, which was +It was created by cxxtools $as_me 2.2.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2977,7 +2977,7 @@ # Define the identity of the package. PACKAGE='cxxtools' - VERSION='2.2' + VERSION='2.2.1' cat >>confdefs.h <<_ACEOF @@ -6155,29 +6155,27 @@ done - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for unsigned long long int" >&5 -$as_echo_n "checking for unsigned long long int... " >&6; } -if ${ac_cv_type_unsigned_long_long_int+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5 +$as_echo_n "checking for long long int... " >&6; } +if ${ac_cv_type_long_long_int+:} false; then : $as_echo_n "(cached) " >&6 else - ac_cv_type_unsigned_long_long_int=yes - if test "x${ac_cv_prog_cc_c99-no}" = xno; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* For now, do not test the preprocessor; as of 2007 there are too many - implementations with broken preprocessors. Perhaps this can - be revisited in 2012. In the meantime, code should not expect - #if to work with literals wider than 32 bits. */ + implementations with broken preprocessors. Perhaps this can + be revisited in 2012. In the meantime, code should not expect + #if to work with literals wider than 32 bits. */ /* Test literals. */ long long int ll = 9223372036854775807ll; long long int nll = -9223372036854775807LL; unsigned long long int ull = 18446744073709551615ULL; /* Test constant expressions. */ typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll) - ? 1 : -1)]; + ? 1 : -1)]; typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1 - ? 1 : -1)]; + ? 1 : -1)]; int i = 63; int main () @@ -6186,73 +6184,46 @@ long long int llmax = 9223372036854775807ll; unsigned long long int ullmax = 18446744073709551615ull; return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i) - | (llmax / ll) | (llmax % ll) - | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i) - | (ullmax / ull) | (ullmax % ull)); + | (llmax / ll) | (llmax % ll) + | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i) + | (ullmax / ull) | (ullmax % ull)); ; return 0; } _ACEOF if ac_fn_cxx_try_link "$LINENO"; then : - -else - ac_cv_type_unsigned_long_long_int=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_unsigned_long_long_int" >&5 -$as_echo "$ac_cv_type_unsigned_long_long_int" >&6; } - if test $ac_cv_type_unsigned_long_long_int = yes; then - -$as_echo "#define HAVE_UNSIGNED_LONG_LONG_INT 1" >>confdefs.h - - fi - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5 -$as_echo_n "checking for long long int... " >&6; } -if ${ac_cv_type_long_long_int+:} false; then : - $as_echo_n "(cached) " >&6 -else + if test "$cross_compiling" = yes; then : ac_cv_type_long_long_int=yes - if test "x${ac_cv_prog_cc_c99-no}" = xno; then - ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int - if test $ac_cv_type_long_long_int = yes; then - if test "$cross_compiling" = yes; then : - : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include - #ifndef LLONG_MAX - # define HALF \ - (1LL << (sizeof (long long int) * CHAR_BIT - 2)) - # define LLONG_MAX (HALF - 1 + HALF) - #endif + #ifndef LLONG_MAX + # define HALF \ + (1LL << (sizeof (long long int) * CHAR_BIT - 2)) + # define LLONG_MAX (HALF - 1 + HALF) + #endif int main () { long long int n = 1; - int i; - for (i = 0; ; i++) - { - long long int m = n << i; - if (m >> i != n) - return 1; - if (LLONG_MAX / 2 < m) - break; - } - return 0; + int i; + for (i = 0; ; i++) + { + long long int m = n << i; + if (m >> i != n) + return 1; + if (LLONG_MAX / 2 < m) + break; + } + return 0; ; return 0; } _ACEOF if ac_fn_cxx_try_run "$LINENO"; then : - + ac_cv_type_long_long_int=yes else ac_cv_type_long_long_int=no fi @@ -6260,8 +6231,11 @@ conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi - fi +else + ac_cv_type_long_long_int=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5 $as_echo "$ac_cv_type_long_long_int" >&6; } @@ -6277,24 +6251,22 @@ if ${ac_cv_type_unsigned_long_long_int+:} false; then : $as_echo_n "(cached) " >&6 else - ac_cv_type_unsigned_long_long_int=yes - if test "x${ac_cv_prog_cc_c99-no}" = xno; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* For now, do not test the preprocessor; as of 2007 there are too many - implementations with broken preprocessors. Perhaps this can - be revisited in 2012. In the meantime, code should not expect - #if to work with literals wider than 32 bits. */ + implementations with broken preprocessors. Perhaps this can + be revisited in 2012. In the meantime, code should not expect + #if to work with literals wider than 32 bits. */ /* Test literals. */ long long int ll = 9223372036854775807ll; long long int nll = -9223372036854775807LL; unsigned long long int ull = 18446744073709551615ULL; /* Test constant expressions. */ typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll) - ? 1 : -1)]; + ? 1 : -1)]; typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1 - ? 1 : -1)]; + ? 1 : -1)]; int i = 63; int main () @@ -6303,22 +6275,21 @@ long long int llmax = 9223372036854775807ll; unsigned long long int ullmax = 18446744073709551615ull; return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i) - | (llmax / ll) | (llmax % ll) - | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i) - | (ullmax / ull) | (ullmax % ull)); + | (llmax / ll) | (llmax % ll) + | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i) + | (ullmax / ull) | (ullmax % ull)); ; return 0; } _ACEOF if ac_fn_cxx_try_link "$LINENO"; then : - + ac_cv_type_unsigned_long_long_int=yes else ac_cv_type_unsigned_long_long_int=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext - fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_unsigned_long_long_int" >&5 $as_echo "$ac_cv_type_unsigned_long_long_int" >&6; } @@ -18558,7 +18529,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by cxxtools $as_me 2.2, which was +This file was extended by cxxtools $as_me 2.2.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18624,7 +18595,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -cxxtools config.status 2.2 +cxxtools config.status 2.2.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru cxxtools-2.2/configure.in cxxtools-2.2.1/configure.in --- cxxtools-2.2/configure.in 2013-04-20 21:31:50.000000000 +0000 +++ cxxtools-2.2.1/configure.in 2014-01-17 19:05:09.000000000 +0000 @@ -1,4 +1,4 @@ -AC_INIT(cxxtools, 2.2, [Tommi Maekitalo ]) +AC_INIT(cxxtools, 2.2.1, [Tommi Maekitalo ]) AM_INIT_AUTOMAKE AC_PREREQ([2.5.9]) diff -Nru cxxtools-2.2/debian/changelog cxxtools-2.2.1/debian/changelog --- cxxtools-2.2/debian/changelog 2013-05-20 18:24:29.000000000 +0000 +++ cxxtools-2.2.1/debian/changelog 2014-01-21 16:55:58.000000000 +0000 @@ -1,3 +1,12 @@ +cxxtools (2.2.1-1) unstable; urgency=high + + * New upstream release + * CVE-2013-7298 remote denial of service in HTTP query parameter parsing + fixed (Closes: #735880) + * Bump Standards-Version 3.9.5 (No changes necessary) + + -- Kari Pahula Tue, 21 Jan 2014 18:55:56 +0200 + cxxtools (2.2-1) unstable; urgency=low * New upstream release (SONAME 9) diff -Nru cxxtools-2.2/debian/control cxxtools-2.2.1/debian/control --- cxxtools-2.2/debian/control 2013-05-20 18:23:48.000000000 +0000 +++ cxxtools-2.2.1/debian/control 2014-01-21 16:56:09.000000000 +0000 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Kari Pahula Build-Depends: libtool, libltdl-dev, dh-autoreconf, cdbs, debhelper (>= 9), gettext -Standards-Version: 3.9.4 +Standards-Version: 3.9.5 Homepage: http://www.tntnet.org/cxxtools.html Package: libcxxtools9 diff -Nru cxxtools-2.2/src/query_params.cpp cxxtools-2.2.1/src/query_params.cpp --- cxxtools-2.2/src/query_params.cpp 2013-04-20 09:42:39.000000000 +0000 +++ cxxtools-2.2.1/src/query_params.cpp 2013-12-26 09:47:53.000000000 +0000 @@ -134,10 +134,15 @@ if (_cnt == 0) { if (_state == state_keyesc) + { + _key += '%'; _state = state_key; + } else + { + _value += '%'; _state = state_value; - parse('%'); + } } else { diff -Nru cxxtools-2.2/test/query_params-test.cpp cxxtools-2.2.1/test/query_params-test.cpp --- cxxtools-2.2/test/query_params-test.cpp 2013-04-20 09:42:37.000000000 +0000 +++ cxxtools-2.2.1/test/query_params-test.cpp 2013-12-26 09:47:53.000000000 +0000 @@ -40,6 +40,7 @@ registerMethod("testCopy", *this, &QueryParamsTest::testCopy); registerMethod("testParseUrl", *this, &QueryParamsTest::testParseUrl); registerMethod("testParseUrlSpecialChar", *this, &QueryParamsTest::testParseUrlSpecialChar); + registerMethod("testParseDoublePercent", *this, &QueryParamsTest::testParseDoublePercent); registerMethod("testCount", *this, &QueryParamsTest::testCount); registerMethod("testCombine", *this, &QueryParamsTest::testCombine); registerMethod("testIterator", *this, &QueryParamsTest::testIterator); @@ -97,6 +98,14 @@ CXXTOOLS_UNIT_ASSERT_EQUALS(q["m\xa4kitalo"], "tommi "); } + void testParseDoublePercent() + { + cxxtools::QueryParams q; + q.parse_url("%%=%%%"); + CXXTOOLS_UNIT_ASSERT(q.has("%%")); + CXXTOOLS_UNIT_ASSERT_EQUALS(q["%%"], "%%%"); + } + void testCount() { cxxtools::QueryParams q;