total rebase
[anni] / patches / 6(2.5.3).diff
1 diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
2 index 8b0381d1101a269a5921ee3d78920fa66420018b..91e568a3201d71921b93a9d4d6da9c01224bedea 100644
3 --- a/.gitlab-ci.yml
4 +++ b/.gitlab-ci.yml
5 @@ -32,7 +32,13 @@ before_script:
6  after_script:
7    - rm -rf _build/*/lib/pleroma
8  
9 +.using-ci-base:
10 +  tags:
11 +    - amd64
12 +
13  build:
14 +  extends:
15 +  - .using-ci-base
16    stage: build
17    only:
18      changes: &build_changes_policy
19 @@ -44,6 +50,8 @@ build:
20    - mix compile --force
21  
22  spec-build:
23 +  extends:
24 +  - .using-ci-base
25    stage: test
26    only:
27      changes:
28 @@ -57,6 +65,8 @@ spec-build:
29    - mix pleroma.openapi_spec spec.json
30  
31  benchmark:
32 +  extends:
33 +  - .using-ci-base
34    stage: benchmark
35    when: manual
36    variables:
37 @@ -71,6 +81,8 @@ benchmark:
38      - mix pleroma.load_testing
39  
40  unit-testing:
41 +  extends:
42 +  - .using-ci-base
43    stage: test
44    only:
45      changes: *build_changes_policy
46 @@ -94,6 +106,8 @@ unit-testing:
47          path: coverage.xml
48  
49  unit-testing-erratic:
50 +  extends:
51 +  - .using-ci-base
52    stage: test
53    retry: 2
54    allow_failure: true
55 @@ -129,6 +143,8 @@ unit-testing-erratic:
56  #     - mix test --trace --only federated
57  
58  unit-testing-rum:
59 +  extends:
60 +  - .using-ci-base
61    stage: test
62    only:
63      changes: *build_changes_policy
64 @@ -162,6 +178,8 @@ lint:
65      - mix format --check-formatted
66  
67  analysis:
68 +  extends:
69 +  - .using-ci-base
70    stage: test
71    only:
72      changes: *build_changes_policy
73 diff --git a/CHANGELOG.md b/CHANGELOG.md
74 index f6fc6aaee23c312a43f67b5210688b28e1060554..468ec101293b462c8eddaddf375d0de9e8d68fcd 100644
75 --- a/CHANGELOG.md
76 +++ b/CHANGELOG.md
77 @@ -14,6 +14,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
78  
79  ### Removed
80  
81 +## 2.5.3
82 +
83 +### Security
84 +- Emoji pack loader sanitizes pack names
85 +- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories
86 +
87  ## 2.5.2
88  
89  ### Security
90 diff --git a/changelog.d/emoji-pack-sanitization.security b/changelog.d/emoji-pack-sanitization.security
91 new file mode 100644
92 index 0000000000000000000000000000000000000000..f3218abd4d78e57813b9259a62a73f73b32499a2
93 --- /dev/null
94 +++ b/changelog.d/emoji-pack-sanitization.security
95 @@ -0,0 +1 @@
96 +Emoji pack loader sanitizes pack names
97 diff --git a/changelog.d/otp_perms.security b/changelog.d/otp_perms.security
98 new file mode 100644
99 index 0000000000000000000000000000000000000000..a3da1c677b6c58beb60613a90615a6fa04c42955
100 --- /dev/null
101 +++ b/changelog.d/otp_perms.security
102 @@ -0,0 +1 @@
103 +- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories
104 \ No newline at end of file
105 diff --git a/lib/mix/tasks/pleroma/instance.ex b/lib/mix/tasks/pleroma/instance.ex
106 index 5c93f19ff5aa45c4908c33bb34963f53b5dfa79f..5d8b254a223e8d7b3fd8b07691dd8f9cbcc072e2 100644
107 --- a/lib/mix/tasks/pleroma/instance.ex
108 +++ b/lib/mix/tasks/pleroma/instance.ex
109 @@ -266,12 +266,20 @@ def run(["gen" | rest]) do
110        config_dir = Path.dirname(config_path)
111        psql_dir = Path.dirname(psql_path)
112  
113 +      # Note: Distros requiring group read (0o750) on those directories should
114 +      # pre-create the directories.
115        [config_dir, psql_dir, static_dir, uploads_dir]
116        |> Enum.reject(&File.exists?/1)
117 -      |> Enum.map(&File.mkdir_p!/1)
118 +      |> Enum.each(fn dir ->
119 +        File.mkdir_p!(dir)
120 +        File.chmod!(dir, 0o700)
121 +      end)
122  
123        shell_info("Writing config to #{config_path}.")
124  
125 +      # Sadly no fchmod(2) equivalent in Elixir…
126 +      File.touch!(config_path)
127 +      File.chmod!(config_path, 0o640)
128        File.write(config_path, result_config)
129        shell_info("Writing the postgres script to #{psql_path}.")
130        File.write(psql_path, result_psql)
131 @@ -290,8 +298,7 @@ def run(["gen" | rest]) do
132      else
133        shell_error(
134          "The task would have overwritten the following files:\n" <>
135 -          (Enum.map(will_overwrite, &"- #{&1}\n") |> Enum.join("")) <>
136 -          "Rerun with `--force` to overwrite them."
137 +          Enum.map_join(will_overwrite, &"- #{&1}\n") <> "Rerun with `--force` to overwrite them."
138        )
139      end
140    end
141 diff --git a/lib/pleroma/config/release_runtime_provider.ex b/lib/pleroma/config/release_runtime_provider.ex
142 index 91e5f1a540e2d034357262c3e68b67c681f95ef0..9ec0f975e8c9b9b6f1e827700f7e13d40bca8e72 100644
143 --- a/lib/pleroma/config/release_runtime_provider.ex
144 +++ b/lib/pleroma/config/release_runtime_provider.ex
145 @@ -20,6 +20,20 @@ def load(config, opts) do
146  
147      with_runtime_config =
148        if File.exists?(config_path) do
149 +        # <https://git.pleroma.social/pleroma/pleroma/-/issues/3135>
150 +        %File.Stat{mode: mode} = File.lstat!(config_path)
151 +
152 +        if Bitwise.band(mode, 0o007) > 0 do
153 +          raise "Configuration at #{config_path} has world-permissions, execute the following: chmod o= #{config_path}"
154 +        end
155 +
156 +        if Bitwise.band(mode, 0o020) > 0 do
157 +          raise "Configuration at #{config_path} has group-wise write permissions, execute the following: chmod g-w #{config_path}"
158 +        end
159 +
160 +        # Note: Elixir doesn't provides a getuid(2)
161 +        # so cannot forbid group-read only when config is owned by us
162 +
163          runtime_config = Config.Reader.read!(config_path)
164  
165          with_defaults
166 diff --git a/lib/pleroma/emoji/pack.ex b/lib/pleroma/emoji/pack.ex
167 index a361ea2009ae187df70c39889b145e7ed7f36dab..6e58f88981299916b913274173d3d5da11a97be5 100644
168 --- a/lib/pleroma/emoji/pack.ex
169 +++ b/lib/pleroma/emoji/pack.ex
170 @@ -285,6 +285,7 @@ def update_metadata(name, data) do
171  
172    @spec load_pack(String.t()) :: {:ok, t()} | {:error, :file.posix()}
173    def load_pack(name) do
174 +    name = Path.basename(name)
175      pack_file = Path.join([emoji_path(), name, "pack.json"])
176  
177      with {:ok, _} <- File.stat(pack_file),
178 diff --git a/mix.exs b/mix.exs
179 index 79fd9c9efebee61253cb417aed03fc95b52bf7be..d1cdb151dd25545b31f777e8c3b57e42db673357 100644
180 --- a/mix.exs
181 +++ b/mix.exs
182 @@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
183    def project do
184      [
185        app: :pleroma,
186 -      version: version("2.5.2"),
187 +      version: version("2.5.3"),
188        elixir: "~> 1.11",
189        elixirc_paths: elixirc_paths(Mix.env()),
190        compilers: [:phoenix, :gettext] ++ Mix.compilers(),
191 diff --git a/test/pleroma/config/release_runtime_provider_test.exs b/test/pleroma/config/release_runtime_provider_test.exs
192 index 4e0d4c838a661c307be24034d43cd65627c81de3..8ff578e6352684fc99dccf073f808f5a006ae636 100644
193 --- a/test/pleroma/config/release_runtime_provider_test.exs
194 +++ b/test/pleroma/config/release_runtime_provider_test.exs
195 @@ -17,6 +17,8 @@ test "loads release defaults config and warns about non-existent runtime config"
196      end
197  
198      test "merged runtime config" do
199 +      assert :ok == File.chmod!("test/fixtures/config/temp.secret.exs", 0o640)
200 +
201        merged =
202          ReleaseRuntimeProvider.load([], config_path: "test/fixtures/config/temp.secret.exs")
203  
204 @@ -25,6 +27,8 @@ test "merged runtime config" do
205      end
206  
207      test "merged exported config" do
208 +      assert :ok == File.chmod!("test/fixtures/config/temp.exported_from_db.secret.exs", 0o640)
209 +
210        ExUnit.CaptureIO.capture_io(fn ->
211          merged =
212            ReleaseRuntimeProvider.load([],
213 @@ -37,6 +41,9 @@ test "merged exported config" do
214      end
215  
216      test "runtime config is merged with exported config" do
217 +      assert :ok == File.chmod!("test/fixtures/config/temp.secret.exs", 0o640)
218 +      assert :ok == File.chmod!("test/fixtures/config/temp.exported_from_db.secret.exs", 0o640)
219 +
220        merged =
221          ReleaseRuntimeProvider.load([],
222            config_path: "test/fixtures/config/temp.secret.exs",
223 diff --git a/test/pleroma/emoji/pack_test.exs b/test/pleroma/emoji/pack_test.exs
224 index 18b99da75b3f68352f9c8915711cff7a9b4407f8..00001abfcdb32793ad9f637ebe83689b22e76f2c 100644
225 --- a/test/pleroma/emoji/pack_test.exs
226 +++ b/test/pleroma/emoji/pack_test.exs
227 @@ -90,4 +90,8 @@ test "add emoji file", %{pack: pack} do
228  
229      assert updated_pack.files_count == 1
230    end
231 +
232 +  test "load_pack/1 ignores path traversal in a forged pack name", %{pack: pack} do
233 +    assert {:ok, ^pack} = Pack.load_pack("../../../../../dump_pack")
234 +  end
235  end
236 diff --git a/test/pleroma/web/activity_pub/transmogrifier/emoji_react_handling_test.exs b/test/pleroma/web/activity_pub/transmogrifier/emoji_react_handling_test.exs
237 index 9d99df27c8e891d9ca8d1bd48fd938cb2c7e64fe..83bf59c6f3425944d3eb070ac1086b44fc59416d 100644
238 --- a/test/pleroma/web/activity_pub/transmogrifier/emoji_react_handling_test.exs
239 +++ b/test/pleroma/web/activity_pub/transmogrifier/emoji_react_handling_test.exs
240 @@ -65,7 +65,7 @@ test "it works for incoming unqualified emoji reactions" do
241      object = Object.get_by_ap_id(data["object"])
242  
243      assert object.data["reaction_count"] == 1
244 -    assert match?([[emoji, _]], object.data["reactions"])
245 +    assert match?([[^emoji, _]], object.data["reactions"])
246    end
247  
248    test "it reject invalid emoji reactions" do
249 diff --git a/test/pleroma/web/mastodon_api/update_credentials_test.exs b/test/pleroma/web/mastodon_api/update_credentials_test.exs
250 index 57fa0f0476d70f4e5069ab6526a0546085dc6fc8..40f79d10302a2912c7284d14fb55500dc0f32654 100644
251 --- a/test/pleroma/web/mastodon_api/update_credentials_test.exs
252 +++ b/test/pleroma/web/mastodon_api/update_credentials_test.exs
253 @@ -375,7 +375,7 @@ test "updates the user's background, upload_limit, returns a HTTP 413", %{
254            "pleroma_background_image" => new_background_oversized
255          })
256  
257 -      assert user_response = json_response_and_validate_schema(res, 413)
258 +      assert _user_response = json_response_and_validate_schema(res, 413)
259        assert user.background == %{}
260  
261        clear_config([:instance, :upload_limit], upload_limit)