transmission: fix RCE via dns rebinding attach #33874

andir · 2018-01-14T23:26:31Z

Motivation for this change

For further details see [1] & [2].

[1] transmission/transmission#468
[2] http://www.openwall.com/lists/oss-security/2018/01/12/1

(cherry picked from commit 50f48fc)

Things done

Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
Built on platform(s)
- NixOS
- macOS
- other Linux distributions
Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
Tested execution of all binary files (usually in ./result/bin/)
Fits CONTRIBUTING.md.

For further details see [1] & [2]. [1] transmission/transmission#468 [2] http://www.openwall.com/lists/oss-security/2018/01/12/1 (cherry picked from commit 50f48fc)

andir · 2018-01-14T23:27:33Z

@GrahamcOfBorg test bittorrent

GrahamcOfBorg

Failure for system: x86_64-linux

killing client2 (pid 144)
killing tracker (pid 155)
killing client1 (pid 165)
killing router (pid 177)
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/tmp/nix-build-vm-test-run-bittorrent.drv-0/vde1.ctl': Directory not empty
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/tmp/nix-build-vm-test-run-bittorrent.drv-0/vde2.ctl': Directory not empty
builder for ‘/nix/store/f3bv7k4advq51x4zpi168gx53za13mw2-vm-test-run-bittorrent.drv’ failed with exit code 4
error: build of ‘/nix/store/f3bv7k4advq51x4zpi168gx53za13mw2-vm-test-run-bittorrent.drv’ failed

andir · 2018-01-14T23:43:35Z

@GrahamcOfBorg build transmission

GrahamcOfBorg

Success for system: x86_64-darwin

make[2]: Entering directory '/private/tmp/nix-build-transmission-2.92.drv-0/transmission-2.92'
make[2]: Nothing to be done for 'install-exec-am'.
make[2]: Nothing to be done for 'install-data-am'.
make[2]: Leaving directory '/private/tmp/nix-build-transmission-2.92.drv-0/transmission-2.92'
make[1]: Leaving directory '/private/tmp/nix-build-transmission-2.92.drv-0/transmission-2.92'
post-installation fixup
gzipping man pages under /nix/store/v5apahijqm42raxiinhgbh8133f8vxnf-transmission-2.92/share/man/
stripping (with flags -S) in /nix/store/v5apahijqm42raxiinhgbh8133f8vxnf-transmission-2.92/bin
patching script interpreter paths in /nix/store/v5apahijqm42raxiinhgbh8133f8vxnf-transmission-2.92
/nix/store/v5apahijqm42raxiinhgbh8133f8vxnf-transmission-2.92

GrahamcOfBorg

Success for system: x86_64-linux

shrinking /nix/store/wwr3c44vxhsyrkddjdrx5r0cqhia3fgk-transmission-2.92/bin/transmission-show
shrinking /nix/store/wwr3c44vxhsyrkddjdrx5r0cqhia3fgk-transmission-2.92/bin/transmission-daemon
shrinking /nix/store/wwr3c44vxhsyrkddjdrx5r0cqhia3fgk-transmission-2.92/bin/transmission-edit
shrinking /nix/store/wwr3c44vxhsyrkddjdrx5r0cqhia3fgk-transmission-2.92/bin/transmission-create
shrinking /nix/store/wwr3c44vxhsyrkddjdrx5r0cqhia3fgk-transmission-2.92/bin/transmission-cli
gzipping man pages under /nix/store/wwr3c44vxhsyrkddjdrx5r0cqhia3fgk-transmission-2.92/share/man/
stripping (with flags -S) in /nix/store/wwr3c44vxhsyrkddjdrx5r0cqhia3fgk-transmission-2.92/bin 
patching script interpreter paths in /nix/store/wwr3c44vxhsyrkddjdrx5r0cqhia3fgk-transmission-2.92
checking for references to /tmp/nix-build-transmission-2.92.drv-0 in /nix/store/wwr3c44vxhsyrkddjdrx5r0cqhia3fgk-transmission-2.92...
/nix/store/wwr3c44vxhsyrkddjdrx5r0cqhia3fgk-transmission-2.92

GrahamcOfBorg

Success for system: aarch64-linux

shrinking /nix/store/qsd39067d0mx4qsb0vczbvj2ax19kqzq-transmission-2.92/bin/transmission-remote
shrinking /nix/store/qsd39067d0mx4qsb0vczbvj2ax19kqzq-transmission-2.92/bin/transmission-daemon
shrinking /nix/store/qsd39067d0mx4qsb0vczbvj2ax19kqzq-transmission-2.92/bin/transmission-show
shrinking /nix/store/qsd39067d0mx4qsb0vczbvj2ax19kqzq-transmission-2.92/bin/transmission-edit
shrinking /nix/store/qsd39067d0mx4qsb0vczbvj2ax19kqzq-transmission-2.92/bin/transmission-create
gzipping man pages under /nix/store/qsd39067d0mx4qsb0vczbvj2ax19kqzq-transmission-2.92/share/man/
stripping (with flags -S) in /nix/store/qsd39067d0mx4qsb0vczbvj2ax19kqzq-transmission-2.92/bin
patching script interpreter paths in /nix/store/qsd39067d0mx4qsb0vczbvj2ax19kqzq-transmission-2.92
checking for references to /build in /nix/store/qsd39067d0mx4qsb0vczbvj2ax19kqzq-transmission-2.92...
/nix/store/qsd39067d0mx4qsb0vczbvj2ax19kqzq-transmission-2.92

transmission: fix RCE via dns rebinding attach

764a220

For further details see [1] & [2]. [1] transmission/transmission#468 [2] http://www.openwall.com/lists/oss-security/2018/01/12/1 (cherry picked from commit 50f48fc)

GrahamcOfBorg reviewed Jan 14, 2018

View reviewed changes

GrahamcOfBorg added 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10 labels Jan 14, 2018

GrahamcOfBorg reviewed Jan 14, 2018

View reviewed changes

andir merged commit 746b3a5 into NixOS:release-17.09 Jan 14, 2018

andir deleted the 17.09/transmission-dns-rebinding-rce branch January 14, 2018 23:54

GrahamcOfBorg reviewed Jan 15, 2018

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

transmission: fix RCE via dns rebinding attach #33874

transmission: fix RCE via dns rebinding attach #33874

andir commented Jan 14, 2018

andir commented Jan 14, 2018

GrahamcOfBorg left a comment

andir commented Jan 14, 2018

GrahamcOfBorg left a comment

GrahamcOfBorg left a comment

GrahamcOfBorg left a comment

transmission: fix RCE via dns rebinding attach #33874

transmission: fix RCE via dns rebinding attach #33874

Conversation

andir commented Jan 14, 2018

Motivation for this change

Things done

andir commented Jan 14, 2018

GrahamcOfBorg left a comment

Choose a reason for hiding this comment

andir commented Jan 14, 2018

GrahamcOfBorg left a comment

Choose a reason for hiding this comment

GrahamcOfBorg left a comment

Choose a reason for hiding this comment

GrahamcOfBorg left a comment

Choose a reason for hiding this comment