Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
gradle.32934
gradle-CVE-2019-15052.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gradle-CVE-2019-15052.patch of Package gradle.32934
--- gradle-4.4.1/subprojects/build-cache-http/src/main/java/org/gradle/caching/http/internal/DefaultHttpBuildCacheServiceFactory.java 2024-03-26 07:40:41.413892314 +0100 +++ gradle-4.4.1/subprojects/build-cache-http/src/main/java/org/gradle/caching/http/internal/DefaultHttpBuildCacheServiceFactory.java 2024-03-26 08:16:01.318058239 +0100 @@ -64,6 +64,7 @@ if (credentialsPresent(credentials)) { DefaultBasicAuthentication basicAuthentication = new DefaultBasicAuthentication("basic"); basicAuthentication.setCredentials(credentials); + basicAuthentication.addHost(url.getHost(), url.getPort()); authentications = Collections.<Authentication>singleton(basicAuthentication); } --- gradle-4.4.1/subprojects/core/src/main/java/org/gradle/internal/authentication/AbstractAuthentication.java 2024-03-26 07:40:40.987222689 +0100 +++ gradle-4.4.1/subprojects/core/src/main/java/org/gradle/internal/authentication/AbstractAuthentication.java 2024-03-26 08:11:51.403094079 +0100 @@ -16,9 +16,14 @@ package org.gradle.internal.authentication; +import com.google.common.collect.Sets; import org.gradle.api.credentials.Credentials; import org.gradle.authentication.Authentication; +import java.util.Collection; +import java.util.Objects; +import java.util.Set; + public abstract class AbstractAuthentication implements AuthenticationInternal { private final String name; private final Class<? extends Credentials> supportedCredentialType; @@ -23,18 +28,20 @@ private final String name; private final Class<? extends Credentials> supportedCredentialType; private final Class<? extends Authentication> type; + private Credentials credentials; + private final Set<HostAndPort> hosts; + public AbstractAuthentication(String name, Class<? extends Authentication> type) { - this.name = name; - this.supportedCredentialType = null; - this.type = type; + this(name, type, null); } public AbstractAuthentication(String name, Class<? extends Authentication> type, Class<? extends Credentials> supportedCredential) { this.name = name; this.supportedCredentialType = supportedCredential; this.type = type; + this.hosts = Sets.newHashSet(); } @Override @@ -66,4 +73,54 @@ public String toString() { return String.format("'%s'(%s)", getName(), getType().getSimpleName()); } + + + @Override + public Collection<HostAndPort> getHostsForAuthentication() { + return hosts; + } + + + @Override + public void addHost(String host, int port) { + hosts.add(new DefaultHostAndPort(host, port)); + } + + private static class DefaultHostAndPort implements HostAndPort { + private final String host; + private final int port; + + DefaultHostAndPort(String host, int port) { + this.host = host; + this.port = port; + } + + @Override + public String getHost() { + return host; + } + + @Override + public int getPort() { + return port; + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + DefaultHostAndPort that = (DefaultHostAndPort) o; + return getPort() == that.getPort() && + Objects.equals(getHost(), that.getHost()); + } + + @Override + public int hashCode() { + return Objects.hash(getHost(), getPort()); + } + } } --- gradle-4.4.1/subprojects/core/src/main/java/org/gradle/internal/authentication/AuthenticationInternal.java 2024-03-26 07:40:40.987222689 +0100 +++ gradle-4.4.1/subprojects/core/src/main/java/org/gradle/internal/authentication/AuthenticationInternal.java 2024-03-26 08:11:51.403094079 +0100 @@ -20,6 +20,8 @@ import org.gradle.api.credentials.Credentials; import org.gradle.authentication.Authentication; +import java.util.Collection; + @NonExtensible public interface AuthenticationInternal extends Authentication { boolean supports(Credentials credentials); @@ -31,4 +33,25 @@ Class<? extends Authentication> getType(); boolean requiresCredentials(); + + void addHost(String host, int port); + + Collection<HostAndPort> getHostsForAuthentication(); + + interface HostAndPort { + + /** + * The hostname that the credentials are required for. + * + * null means "any host" + */ + String getHost(); + + /** + * The port that the credentials are required for + * + * -1 means "any port" + */ + int getPort(); + } } --- gradle-4.4.1/subprojects/dependency-management/src/main/java/org/gradle/api/internal/artifacts/repositories/AbstractAuthenticationSupportedRepository.java 2024-03-26 07:40:40.453885657 +0100 +++ gradle-4.4.1/subprojects/dependency-management/src/main/java/org/gradle/api/internal/artifacts/repositories/AbstractAuthenticationSupportedRepository.java 2024-03-26 09:28:23.666252731 +0100 @@ -21,10 +21,13 @@ import org.gradle.api.credentials.Credentials; import org.gradle.authentication.Authentication; import org.gradle.internal.artifacts.repositories.AuthenticationSupportedInternal; +import org.gradle.internal.authentication.AuthenticationInternal; import org.gradle.internal.reflect.Instantiator; import javax.annotation.Nullable; +import java.net.URI; import java.util.Collection; +import java.util.Collections; public abstract class AbstractAuthenticationSupportedRepository extends AbstractArtifactRepository implements AuthenticationSupportedInternal { private final AuthenticationSupporter delegate; @@ -76,6 +79,21 @@ @Override public Collection<Authentication> getConfiguredAuthentication() { - return delegate.getConfiguredAuthentication(); + Collection<Authentication> configuredAuthentication = delegate.getConfiguredAuthentication(); + + for (Authentication authentication : configuredAuthentication) { + AuthenticationInternal authenticationInternal = (AuthenticationInternal) authentication; + for (URI repositoryUrl : getRepositoryUrls()) { + // only care about HTTP hosts right now + if (repositoryUrl.getScheme().startsWith("http")) { + authenticationInternal.addHost(repositoryUrl.getHost(), repositoryUrl.getPort()); + } + } + } + return configuredAuthentication; + } + + protected Collection<URI> getRepositoryUrls() { + return Collections.emptyList(); } } --- gradle-4.4.1/subprojects/dependency-management/src/main/java/org/gradle/api/internal/artifacts/repositories/DefaultIvyArtifactRepository.java 2024-03-26 07:40:40.453885657 +0100 +++ gradle-4.4.1/subprojects/dependency-management/src/main/java/org/gradle/api/internal/artifacts/repositories/DefaultIvyArtifactRepository.java 2024-03-26 09:32:04.764408347 +0100 @@ -15,6 +15,7 @@ */ package org.gradle.api.internal.artifacts.repositories; +import com.google.common.collect.ImmutableList; import groovy.lang.Closure; import org.gradle.api.Action; import org.gradle.api.ActionConfiguration; @@ -54,6 +55,7 @@ import org.gradle.util.ConfigureUtil; import java.net.URI; +import java.util.Collection; import java.util.LinkedHashSet; import java.util.Set; @@ -189,6 +191,31 @@ return baseUrl == null ? null : fileResolver.resolveUri(baseUrl); } + + @Override + protected Collection<URI> getRepositoryUrls() { + // Ivy can resolve files from multiple hosts, so we need to look at all + // of the possible URLs used by the Ivy resolver to identify all of the repositories + ImmutableList.Builder<URI> builder = ImmutableList.builder(); + URI root = getUrl(); + if (root != null) { + builder.add(root); + } + for (String pattern : additionalPatternsLayout.artifactPatterns) { + URI baseUri = new ResolvedPattern(pattern, fileResolver).baseUri; + if (baseUri!=null) { + builder.add(baseUri); + } + } + for (String pattern : additionalPatternsLayout.ivyPatterns) { + URI baseUri = new ResolvedPattern(pattern, fileResolver).baseUri; + if (baseUri!=null) { + builder.add(baseUri); + } + } + return builder.build(); + } + @Override public void setUrl(URI url) { baseUrl = url; --- gradle-4.4.1/subprojects/dependency-management/src/main/java/org/gradle/api/internal/artifacts/repositories/DefaultMavenArtifactRepository.java 2024-03-26 07:40:40.453885657 +0100 +++ gradle-4.4.1/subprojects/dependency-management/src/main/java/org/gradle/api/internal/artifacts/repositories/DefaultMavenArtifactRepository.java 2024-03-26 09:31:17.924088427 +0100 @@ -15,12 +15,14 @@ */ package org.gradle.api.internal.artifacts.repositories; +import com.google.common.collect.ImmutableList; import com.google.common.collect.Lists; import org.gradle.api.InvalidUserDataException; import org.gradle.api.Transformer; import org.gradle.api.artifacts.repositories.AuthenticationContainer; import org.gradle.api.artifacts.repositories.MavenArtifactRepository; import org.gradle.api.internal.ExperimentalFeatures; +import org.gradle.api.internal.InstantiatorFactory; import org.gradle.api.internal.artifacts.ImmutableModuleIdentifierFactory; import org.gradle.api.internal.artifacts.ModuleVersionPublisher; import org.gradle.api.internal.artifacts.ivyservice.ivyresolve.ConfiguredModuleComponentRepository; @@ -40,6 +42,7 @@ import java.net.URI; import java.util.ArrayList; +import java.util.Collection; import java.util.LinkedHashSet; import java.util.List; import java.util.Set; @@ -152,6 +155,18 @@ return createRealResolver(); } + @Override + protected Collection<URI> getRepositoryUrls() { + // In a similar way to Ivy, Maven may use other hosts for additional artifacts, but not POMs + ImmutableList.Builder<URI> builder = ImmutableList.builder(); + URI root = getUrl(); + if (root != null) { + builder.add(root); + } + builder.addAll(getArtifactUrls()); + return builder.build(); + } + protected MavenResolver createRealResolver() { URI rootUri = getUrl(); if (rootUri == null) { --- gradle-4.4.1/subprojects/resources-http/src/main/java/org/gradle/internal/resource/transport/http/HttpClientConfigurer.java 2024-03-26 07:40:41.393892176 +0100 +++ gradle-4.4.1/subprojects/resources-http/src/main/java/org/gradle/internal/resource/transport/http/HttpClientConfigurer.java 2024-03-26 09:15:06.421058834 +0100 @@ -117,7 +117,7 @@ private void configureCredentials(HttpClientBuilder builder, CredentialsProvider credentialsProvider, Collection<Authentication> authentications) { if(authentications.size() > 0) { - useCredentials(credentialsProvider, AuthScope.ANY_HOST, AuthScope.ANY_PORT, authentications); + useCredentials(credentialsProvider, authentications); // Use preemptive authorisation if no other authorisation has been established builder.addInterceptorFirst(new PreemptiveAuth(new BasicScheme(), isPreemptiveEnabled(authentications))); @@ -131,31 +131,49 @@ for (HttpProxySettings.HttpProxy proxy : Lists.newArrayList(httpProxy, httpsProxy)) { if (proxy != null) { if (proxy.credentials != null) { - useCredentials(credentialsProvider, proxy.host, proxy.port, Collections.singleton(new AllSchemesAuthentication(proxy.credentials))); + AllSchemesAuthentication authentication = new AllSchemesAuthentication(proxy.credentials); + authentication.addHost(proxy.host, proxy.port); + useCredentials(credentialsProvider, Collections.singleton(authentication)); } } } builder.setRoutePlanner(new SystemDefaultRoutePlanner(ProxySelector.getDefault())); } - private void useCredentials(CredentialsProvider credentialsProvider, String host, int port, Collection<? extends Authentication> authentications) { - Credentials httpCredentials; - + private void useCredentials(CredentialsProvider credentialsProvider, Collection<? extends Authentication> authentications) { for (Authentication authentication : authentications) { + AuthenticationInternal authenticationInternal = (AuthenticationInternal) authentication; + String scheme = getAuthScheme(authentication); - PasswordCredentials credentials = getPasswordCredentials(authentication); + org.gradle.api.credentials.Credentials credentials = authenticationInternal.getCredentials(); + + Collection<AuthenticationInternal.HostAndPort> hostsForAuthentication = authenticationInternal.getHostsForAuthentication(); + assert !hostsForAuthentication.isEmpty() : "Credentials and authentication required for a HTTP repository, but no hosts were defined for the authentication?"; + + for (AuthenticationInternal.HostAndPort hostAndPort : hostsForAuthentication) { + String host = hostAndPort.getHost(); + int port = hostAndPort.getPort(); + + assert host != null : "HTTP credentials and authentication require a host scope to be defined as well"; + + if (credentials instanceof PasswordCredentials) { + PasswordCredentials passwordCredentials = (PasswordCredentials) credentials; if (authentication instanceof AllSchemesAuthentication) { - NTLMCredentials ntlmCredentials = new NTLMCredentials(credentials); - httpCredentials = new NTCredentials(ntlmCredentials.getUsername(), ntlmCredentials.getPassword(), ntlmCredentials.getWorkstation(), ntlmCredentials.getDomain()); + NTLMCredentials ntlmCredentials = new NTLMCredentials(passwordCredentials); + Credentials httpCredentials = new NTCredentials(ntlmCredentials.getUsername(), ntlmCredentials.getPassword(), ntlmCredentials.getWorkstation(), ntlmCredentials.getDomain()); credentialsProvider.setCredentials(new AuthScope(host, port, AuthScope.ANY_REALM, AuthSchemes.NTLM), httpCredentials); - LOGGER.debug("Using {} and {} for authenticating against '{}:{}' using {}", credentials, ntlmCredentials, host, port, AuthSchemes.NTLM); + LOGGER.debug("Using {} and {} for authenticating against '{}:{}' using {}", passwordCredentials, ntlmCredentials, host, port, AuthSchemes.NTLM); } - httpCredentials = new UsernamePasswordCredentials(credentials.getUsername(), credentials.getPassword()); + Credentials httpCredentials = new UsernamePasswordCredentials(passwordCredentials.getUsername(), passwordCredentials.getPassword()); credentialsProvider.setCredentials(new AuthScope(host, port, AuthScope.ANY_REALM, scheme), httpCredentials); - LOGGER.debug("Using {} for authenticating against '{}:{}' using {}", credentials, host, port, scheme); + LOGGER.debug("Using {} for authenticating against '{}:{}' using {}", passwordCredentials, host, port, scheme); + } else { + throw new IllegalArgumentException(String.format("Credentials must be an instance of: %s", PasswordCredentials.class.getCanonicalName())); + } + } } } @@ -256,11 +274,10 @@ CredentialsProvider credentialsProvider = (CredentialsProvider) context.getAttribute(HttpClientContext.CREDS_PROVIDER); HttpHost targetHost = (HttpHost) context.getAttribute(HttpCoreContext.HTTP_TARGET_HOST); Credentials credentials = credentialsProvider.getCredentials(new AuthScope(targetHost.getHostName(), targetHost.getPort())); - if (credentials == null) { - throw new HttpException("No credentials for preemptive authentication"); - } + if (credentials != null) { authState.update(authScheme, credentials); } } } + } }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor