Software / code / prosody
Annotate
tools/migration/Makefile @ 12181:783056b4e448 0.11 0.11.12
util.xml: Do not allow doctypes, comments or processing instructions
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Mon, 10 Jan 2022 18:23:54 +0100 |
| parent | 6574:cd0088c73daf |
| child | 10003:4d702f0c6273 |
| rev | line source |
|---|---|
|
4216
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 include ../../config.unix |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 BIN = $(DESTDIR)$(PREFIX)/bin |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 CONFIG = $(DESTDIR)$(SYSCONFDIR) |
|
6574
cd0088c73daf
configure, Makefile: Add --libdir option to ./configure, allowing you to override the $PREFIX/lib/ default. Fixes #470.
Matthew Wild <mwild1@gmail.com>
parents:
5402
diff
changeset
|
6 SOURCE = $(DESTDIR)$(LIBDIR)/prosody |
|
4216
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 DATA = $(DESTDIR)$(DATADIR) |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 MAN = $(DESTDIR)$(PREFIX)/share/man |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
|
6574
cd0088c73daf
configure, Makefile: Add --libdir option to ./configure, allowing you to override the $PREFIX/lib/ default. Fixes #470.
Matthew Wild <mwild1@gmail.com>
parents:
5402
diff
changeset
|
10 INSTALLEDSOURCE = $(LIBDIR)/prosody |
|
4216
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 INSTALLEDCONFIG = $(SYSCONFDIR) |
|
6574
cd0088c73daf
configure, Makefile: Add --libdir option to ./configure, allowing you to override the $PREFIX/lib/ default. Fixes #470.
Matthew Wild <mwild1@gmail.com>
parents:
5402
diff
changeset
|
12 INSTALLEDMODULES = $(LIBDIR)/prosody/modules |
|
4216
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 INSTALLEDDATA = $(DATADIR) |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
|
4224
8b8d2b8e4d0b
tools/migration/Makefile: Don't install main.lua (we already install it as prosody-migrator) (thanks Enrico)
Matthew Wild <mwild1@gmail.com>
parents:
4216
diff
changeset
|
15 SOURCE_FILES = migrator/*.lua |
|
4216
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 |
|
4229
f15b4e9ba688
tools/migration: Rename main.lua -> prosody-migrator.lua and update the Makefile
Matthew Wild <mwild1@gmail.com>
parents:
4224
diff
changeset
|
17 all: prosody-migrator.install migrator.cfg.lua.install prosody-migrator.lua $(SOURCE_FILES) |
|
4216
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 install: prosody-migrator.install migrator.cfg.lua.install |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 install -d $(BIN) $(CONFIG) $(SOURCE) $(SOURCE)/migrator |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 install -d $(MAN)/man1 |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 install -d $(SOURCE)/migrator |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 install -m755 ./prosody-migrator.install $(BIN)/prosody-migrator |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 install -m644 $(SOURCE_FILES) $(SOURCE)/migrator |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 test -e $(CONFIG)/migrator.cfg.lua || install -m644 migrator.cfg.lua.install $(CONFIG)/migrator.cfg.lua |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 clean: |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 rm -f prosody-migrator.install |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 rm -f migrator.cfg.lua.install |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 |
|
4229
f15b4e9ba688
tools/migration: Rename main.lua -> prosody-migrator.lua and update the Makefile
Matthew Wild <mwild1@gmail.com>
parents:
4224
diff
changeset
|
31 prosody-migrator.install: prosody-migrator.lua |
|
5402
cb6f0afd8468
tools/migration/Makefile: Apply Lua runtime override (see 53f741a5a73a)
Kim Alvefur <zash@zash.se>
parents:
4229
diff
changeset
|
32 sed "1s/\blua\b/$(RUNWITH)/; \ |
|
cb6f0afd8468
tools/migration/Makefile: Apply Lua runtime override (see 53f741a5a73a)
Kim Alvefur <zash@zash.se>
parents:
4229
diff
changeset
|
33 s|^CFG_SOURCEDIR=.*;$$|CFG_SOURCEDIR='$(INSTALLEDSOURCE)';|; \ |
|
4216
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 s|^CFG_CONFIGDIR=.*;$$|CFG_CONFIGDIR='$(INSTALLEDCONFIG)';|;" \ |
|
4229
f15b4e9ba688
tools/migration: Rename main.lua -> prosody-migrator.lua and update the Makefile
Matthew Wild <mwild1@gmail.com>
parents:
4224
diff
changeset
|
35 < prosody-migrator.lua > prosody-migrator.install |
|
4216
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 migrator.cfg.lua.install: migrator.cfg.lua |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 sed "s|^local data_path = .*;$$|local data_path = '$(INSTALLEDDATA)';|;" \ |
|
ff80a8471e86
tools/migration/*: Numerous changes and restructuring, and the addition of a Makefile
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 < migrator.cfg.lua > migrator.cfg.lua.install |
