Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package zookeeper The request for the late unblock is as recommended by the Security Team to address CVE-2017-5637, Debian bug #863811 [1]. debdiffs of the source and binary packages are attached. Thank you for your consideration! unblock zookeeper/3.4.9-3 [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863811
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files in second .changes but not in first
-----------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/24/16ffa9ef208db893730679980f1bcd330c913f.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/2a/62854afcb658cc731103d62f11ae8a772452c5.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/38/96aa5abd8bd388bb162a8c3a033df8edf39cb1.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/b2/4a63f7099c7a2ca718e894ee7652c34e5ca12e.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/f5/f70d8fb91d2eede1f9d74a104017924343f44f.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/fa/a1d4a32847f5e3ddd50e499c952008c3167eb0.debug
Files in first .changes but not in second
-----------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/03/55289ad3aece3705a1bf2d9ab5ceeaeff1390b.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/09/40d37d3c6e2f0db7a4b4f069d15b2fe8b25fae.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/50/5e011d2b48782f1991deb9b4adaf7b3286c9e0.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/5a/d1ab6bdebc04fab89778c9ed422d13313e5319.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/84/ecce0d1328ff56a19ba0fecc8884e50dcb5f62.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/90/d659e606be6bbccf4dc9102d48c208275af794.debug
Control files of package libzookeeper-java: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Installed-Size: [-1420-] {+1424+}
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package libzookeeper-java-doc: lines which differ (wdiff format)
---------------------------------------------------------------------------------
Installed-Size: [-11290-] {+11296+}
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package libzookeeper-mt-dev: lines which differ (wdiff format)
-------------------------------------------------------------------------------
Depends: libzookeeper-mt2 (= [-3.4.9-2)-] {+3.4.9-3)+}
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package libzookeeper-mt2: lines which differ (wdiff format)
----------------------------------------------------------------------------
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package libzookeeper-mt2-dbgsym: lines which differ (wdiff format)
-----------------------------------------------------------------------------------
Build-Ids: [-90d659e606be6bbccf4dc9102d48c208275af794-] {+2416ffa9ef208db893730679980f1bcd330c913f+}
Depends: libzookeeper-mt2 (= [-3.4.9-2)-] {+3.4.9-3)+}
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package libzookeeper-st-dev: lines which differ (wdiff format)
-------------------------------------------------------------------------------
Depends: libzookeeper-st2 (= [-3.4.9-2)-] {+3.4.9-3)+}
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package libzookeeper-st2: lines which differ (wdiff format)
----------------------------------------------------------------------------
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package libzookeeper-st2-dbgsym: lines which differ (wdiff format)
-----------------------------------------------------------------------------------
Build-Ids: [-84ecce0d1328ff56a19ba0fecc8884e50dcb5f62-] {+faa1d4a32847f5e3ddd50e499c952008c3167eb0+}
Depends: libzookeeper-st2 (= [-3.4.9-2)-] {+3.4.9-3)+}
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package libzookeeper2: lines which differ (wdiff format)
-------------------------------------------------------------------------
Depends: libzookeeper-mt2 (= [-3.4.9-2)-] {+3.4.9-3)+}
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package python-zookeeper: lines which differ (wdiff format)
----------------------------------------------------------------------------
Depends: libzookeeper-mt2 (= [-3.4.9-2),-] {+3.4.9-3),+} python (<< 2.8), python (>= 2.7~), python:any (<< 2.8), python:any (>= 2.7~), libc6 (>= 2.14)
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package python-zookeeper-dbgsym: lines which differ (wdiff format)
-----------------------------------------------------------------------------------
Build-Ids: [-0940d37d3c6e2f0db7a4b4f069d15b2fe8b25fae-] {+f5f70d8fb91d2eede1f9d74a104017924343f44f+}
Depends: python-zookeeper (= [-3.4.9-2)-] {+3.4.9-3)+}
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package zookeeper: lines which differ (wdiff format)
---------------------------------------------------------------------
Depends: adduser, default-jre-headless | java6-runtime-headless, libzookeeper-java (= [-3.4.9-2)-] {+3.4.9-3)+}
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package zookeeper-bin: lines which differ (wdiff format)
-------------------------------------------------------------------------
Depends: libzookeeper-mt2 (= [-3.4.9-2),-] {+3.4.9-3),+} libc6 (>= 2.14), libgcc1 (>= 1:3.0), liblog4cxx10v5, libstdc++6 (>= 5.2), libxml2 (>= 2.7.4)
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package zookeeper-bin-dbgsym: lines which differ (wdiff format)
--------------------------------------------------------------------------------
Build-Ids: [-0355289ad3aece3705a1bf2d9ab5ceeaeff1390b 505e011d2b48782f1991deb9b4adaf7b3286c9e0 5ad1ab6bdebc04fab89778c9ed422d13313e5319-] {+2a62854afcb658cc731103d62f11ae8a772452c5 3896aa5abd8bd388bb162a8c3a033df8edf39cb1 b24a63f7099c7a2ca718e894ee7652c34e5ca12e+}
Depends: zookeeper-bin (= [-3.4.9-2)-] {+3.4.9-3)+}
Version: [-3.4.9-2-] {+3.4.9-3+}
Control files of package zookeeperd: lines which differ (wdiff format)
----------------------------------------------------------------------
Depends: lsb-base (>= 3.2-14), zookeeper (= [-3.4.9-2),-] {+3.4.9-3),+} init-system-helpers (>= 1.18~)
Version: [-3.4.9-2-] {+3.4.9-3+}
diff -Nru zookeeper-3.4.9/debian/changelog zookeeper-3.4.9/debian/changelog
--- zookeeper-3.4.9/debian/changelog 2016-10-16 20:50:15.000000000 -0700
+++ zookeeper-3.4.9/debian/changelog 2017-06-01 16:26:44.000000000 -0700
@@ -1,3 +1,11 @@
+zookeeper (3.4.9-3) unstable; urgency=medium
+
+ * Team upload.
+ * Apply patch for CVE-2017-5637 (Closes: #863811)
+ "wchp" and "wchc" are now disabled by default.
+
+ -- tony mancill <tmancill@debian.org> Thu, 01 Jun 2017 16:26:44 -0700
+
zookeeper (3.4.9-2) unstable; urgency=medium
* Team upload.
diff -Nru zookeeper-3.4.9/debian/patches/10-CVE-2017-5637.patch zookeeper-3.4.9/debian/patches/10-CVE-2017-5637.patch
--- zookeeper-3.4.9/debian/patches/10-CVE-2017-5637.patch 1969-12-31 16:00:00.000000000 -0800
+++ zookeeper-3.4.9/debian/patches/10-CVE-2017-5637.patch 2017-06-01 16:26:44.000000000 -0700
@@ -0,0 +1,599 @@
+Description: apply patch for CVE-2017-5637
+Source: https://patch-diff.githubusercontent.com/raw/apache/zookeeper/pull/183.patch
+Forwarded: non-needed
+From 2ce4ebdb05172097b01ab8f03ed5a76b0494e7d5 Mon Sep 17 00:00:00 2001
+From: Michael Han <hanm@apache.org>
+Date: Mon, 6 Mar 2017 12:58:01 -0800
+Subject: [PATCH 1/2] ZOOKEEPER-2693: DOS attack on wchp/wchc four letter words
+ (4lw). Initial commit for branch-3.4.
+
+---
+ .../documentation/content/xdocs/zookeeperAdmin.xml | 34 +++
+ .../org/apache/zookeeper/server/NIOServerCnxn.java | 33 ++-
+ .../apache/zookeeper/server/NettyServerCnxn.java | 32 ++-
+ .../org/apache/zookeeper/server/ServerCnxn.java | 94 +++++++-
+ src/java/test/org/apache/zookeeper/ZKTestCase.java | 4 +
+ .../test/FourLetterWordsWhiteListTest.java | 252 +++++++++++++++++++++
+ 6 files changed, 439 insertions(+), 10 deletions(-)
+ create mode 100644 src/java/test/org/apache/zookeeper/test/FourLetterWordsWhiteListTest.java
+
+diff --git a/src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml b/src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml
+index 5aefa9a11..56697b923 100644
+--- a/src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml
++++ b/src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml
+@@ -1042,6 +1042,40 @@ server.3=zoo3:2888:3888</programlisting>
+ </note>
+ </listitem>
+ </varlistentry>
++
++ <varlistentry>
++ <term>4lw.commands.whitelist</term>
++
++ <listitem>
++ <para>(Java system property: <emphasis
++ role="bold">zookeeper.4lw.commands.whitelist</emphasis>)</para>
++
++ <para><emphasis role="bold">New in 3.4.10:</emphasis>
++ This property contains a list of comma separated
++ <ulink url="#sc_4lw">Four Letter Words</ulink> commands. It is introduced
++ to provide fine grained control over the set of commands ZooKeeper can execute,
++ so users can turn off certain commands if necessary.
++ By default it contains all supported four letter word commands except "wchp" and "wchc",
++ if the property is not specified. If the property is specified, then only commands listed
++ in the whitelist are enabled.
++ </para>
++
++ <para>Here's an example of the configuration that enables stat, ruok, conf, and isro
++ command while disabling the rest of Four Letter Words command:</para>
++ <programlisting>
++ 4lw.commands.whitelist=stat, ruok, conf, isro
++ </programlisting>
++
++ <para>Users can also use asterisk option so they don't have to include every command one by one in the list.
++ As an example, this will enable all four letter word commands:
++ </para>
++ <programlisting>
++ 4lw.commands.whitelist=*
++ </programlisting>
++
++ </listitem>
++ </varlistentry>
++
+ </variablelist>
+ <para></para>
+ </section>
+diff --git a/src/java/main/org/apache/zookeeper/server/NIOServerCnxn.java b/src/java/main/org/apache/zookeeper/server/NIOServerCnxn.java
+index 4ea7fb273..456d4c2f1 100644
+--- a/src/java/main/org/apache/zookeeper/server/NIOServerCnxn.java
++++ b/src/java/main/org/apache/zookeeper/server/NIOServerCnxn.java
+@@ -825,18 +825,30 @@ public void commandRun() {
+ }
+ }
+
++ private class NopCommand extends CommandThread {
++ private String msg;
++
++ public NopCommand(PrintWriter pw, String msg) {
++ super(pw);
++ this.msg = msg;
++ }
++
++ @Override
++ public void commandRun() {
++ pw.println(msg);
++ }
++ }
++
+ /** Return if four letter word found and responded to, otw false **/
+ private boolean checkFourLetterWord(final SelectionKey k, final int len)
+ throws IOException
+ {
+ // We take advantage of the limited size of the length to look
+ // for cmds. They are all 4-bytes which fits inside of an int
+- String cmd = cmd2String.get(len);
+- if (cmd == null) {
++ if (!ServerCnxn.isKnown(len)) {
+ return false;
+ }
+- LOG.info("Processing " + cmd + " command from "
+- + sock.socket().getRemoteSocketAddress());
++
+ packetReceived();
+
+ /** cancel the selection key to remove the socket handling
+@@ -858,6 +870,19 @@ private boolean checkFourLetterWord(final SelectionKey k, final int len)
+
+ final PrintWriter pwriter = new PrintWriter(
+ new BufferedWriter(new SendBufferWriter()));
++
++ String cmd = ServerCnxn.getCommandString(len);
++ // ZOOKEEPER-2693: don't execute 4lw if it's not enabled.
++ if (!ServerCnxn.isEnabled(cmd)) {
++ LOG.debug("Command {} is not executed because it is not in the whitelist.", cmd);
++ NopCommand nopCmd = new NopCommand(pwriter, cmd + " is not executed because it is not in the whitelist.");
++ nopCmd.start();
++ return true;
++ }
++
++ LOG.info("Processing " + cmd + " command from "
++ + sock.socket().getRemoteSocketAddress());
++
+ if (len == ruokCmd) {
+ RuokCommand ruok = new RuokCommand(pwriter);
+ ruok.start();
+diff --git a/src/java/main/org/apache/zookeeper/server/NettyServerCnxn.java b/src/java/main/org/apache/zookeeper/server/NettyServerCnxn.java
+index 32fc371e6..203f0e60b 100644
+--- a/src/java/main/org/apache/zookeeper/server/NettyServerCnxn.java
++++ b/src/java/main/org/apache/zookeeper/server/NettyServerCnxn.java
+@@ -618,23 +618,47 @@ public void commandRun() {
+ }
+ }
+
++ private class NopCommand extends CommandThread {
++ private String msg;
++
++ public NopCommand(PrintWriter pw, String msg) {
++ super(pw);
++ this.msg = msg;
++ }
++
++ @Override
++ public void commandRun() {
++ pw.println(msg);
++ }
++ }
++
+ /** Return if four letter word found and responded to, otw false **/
+ private boolean checkFourLetterWord(final Channel channel,
+ ChannelBuffer message, final int len) throws IOException
+ {
+ // We take advantage of the limited size of the length to look
+ // for cmds. They are all 4-bytes which fits inside of an int
+- String cmd = cmd2String.get(len);
+- if (cmd == null) {
++ if (!ServerCnxn.isKnown(len)) {
+ return false;
+ }
++
+ channel.setInterestOps(0).awaitUninterruptibly();
+- LOG.info("Processing " + cmd + " command from "
+- + channel.getRemoteAddress());
+ packetReceived();
+
+ final PrintWriter pwriter = new PrintWriter(
+ new BufferedWriter(new SendBufferWriter()));
++
++ String cmd = ServerCnxn.getCommandString(len);
++ // ZOOKEEPER-2693: don't execute 4lw if it's not enabled.
++ if (!ServerCnxn.isEnabled(cmd)) {
++ LOG.debug("Command {} is not executed because it is not in the whitelist.", cmd);
++ NopCommand nopCmd = new NopCommand(pwriter, cmd + " is not executed because it is not in the whitelist.");
++ nopCmd.start();
++ return true;
++ }
++
++ LOG.info("Processing " + cmd + " command from " + channel.getRemoteAddress());
++
+ if (len == ruokCmd) {
+ RuokCommand ruok = new RuokCommand(pwriter);
+ ruok.start();
+diff --git a/src/java/main/org/apache/zookeeper/server/ServerCnxn.java b/src/java/main/org/apache/zookeeper/server/ServerCnxn.java
+index 6dd509b16..6b93e93f1 100644
+--- a/src/java/main/org/apache/zookeeper/server/ServerCnxn.java
++++ b/src/java/main/org/apache/zookeeper/server/ServerCnxn.java
+@@ -26,10 +26,17 @@
+ import java.util.ArrayList;
+ import java.util.Collections;
+ import java.util.Date;
++import java.util.Map;
+ import java.util.HashMap;
++import java.util.Set;
++import java.util.HashSet;
++import java.util.Arrays;
+ import java.util.List;
+ import java.util.concurrent.atomic.AtomicLong;
+
++import org.slf4j.Logger;
++import org.slf4j.LoggerFactory;
++
+ import org.apache.jute.Record;
+ import org.apache.zookeeper.WatchedEvent;
+ import org.apache.zookeeper.Watcher;
+@@ -227,8 +234,91 @@ public String toString() {
+ protected final static int isroCmd = ByteBuffer.wrap("isro".getBytes())
+ .getInt();
+
+- protected final static HashMap<Integer, String> cmd2String =
+- new HashMap<Integer, String>();
++ protected final static Map<Integer, String> cmd2String = new HashMap<Integer, String>();
++
++ private static final String ZOOKEEPER_4LW_COMMANDS_WHITELIST = "zookeeper.4lw.commands.whitelist";
++
++ private static final Logger LOG = LoggerFactory.getLogger(ServerCnxn.class);
++
++ private static final Set<String> whiteListedCommands = new HashSet<String>();
++
++ private static boolean whiteListInitialized = false;
++
++ // @VisibleForTesting
++ public static void resetWhiteList() {
++ whiteListInitialized = false;
++ whiteListedCommands.clear();
++ }
++
++ /**
++ * Return the string representation of the specified command code.
++ */
++ public static String getCommandString(int command) {
++ return cmd2String.get(command);
++ }
++
++ /**
++ * Check if the specified command code is from a known command.
++ *
++ * @param command The integer code of command.
++ * @return true if the specified command is known, false otherwise.
++ */
++ public static boolean isKnown(int command) {
++ return cmd2String.containsKey(command);
++ }
++
++ /**
++ * Check if the specified command is enabled.
++ *
++ * In ZOOKEEPER-2693 we introduce a configuration option to only
++ * allow a specific set of white listed commands to execute.
++ * A command will only be executed if it is also configured
++ * in the white list.
++ *
++ * @param command The command string.
++ * @return true if the specified command is enabled.
++ */
++ public static boolean isEnabled(String command) {
++ if (whiteListInitialized) {
++ return whiteListedCommands.contains(command);
++ }
++
++ String commands = System.getProperty(ZOOKEEPER_4LW_COMMANDS_WHITELIST);
++ if (commands != null) {
++ String[] list = commands.split(",");
++ for (String cmd : list) {
++ if (cmd.trim().equals("*")) {
++ for (Map.Entry<Integer, String> entry : cmd2String.entrySet()) {
++ whiteListedCommands.add(entry.getValue());
++ }
++ break;
++ }
++ if (!cmd.trim().isEmpty()) {
++ whiteListedCommands.add(cmd.trim());
++ }
++ }
++ } else {
++ for (Map.Entry<Integer, String> entry : cmd2String.entrySet()) {
++ String cmd = entry.getValue();
++ if (cmd.equals("wchc") || cmd.equals("wchp")) {
++ // ZOOKEEPER-2693 / disable these exploitable commands by default.
++ continue;
++ }
++ whiteListedCommands.add(cmd);
++ }
++ }
++
++ // Readonly mode depends on "isro".
++ if (System.getProperty("readonlymode.enabled", "false").equals("true")) {
++ whiteListedCommands.add("isro");
++ }
++ // zkServer.sh depends on "srvr".
++ whiteListedCommands.add("srvr");
++ whiteListInitialized = true;
++ LOG.info("The list of known four letter word commands is : {}", Arrays.asList(cmd2String));
++ LOG.info("The list of enabled four letter word commands is : {}", Arrays.asList(whiteListedCommands));
++ return whiteListedCommands.contains(command);
++ }
+
+ // specify all of the commands that are available
+ static {
+diff --git a/src/java/test/org/apache/zookeeper/ZKTestCase.java b/src/java/test/org/apache/zookeeper/ZKTestCase.java
+index 97e2db6ee..9098fc47e 100644
+--- a/src/java/test/org/apache/zookeeper/ZKTestCase.java
++++ b/src/java/test/org/apache/zookeeper/ZKTestCase.java
+@@ -52,6 +52,10 @@ protected String getTestName() {
+ @Override
+ public void starting(FrameworkMethod method) {
+ testName = method.getName();
++ // ZOOKEEPER-2693 disables all 4lw by default.
++ // Here we enable the 4lw which ZooKeeper tests depends.
++ System.setProperty("zookeeper.4lw.commands.whitelist", "*");
++
+ LOG.info("STARTING " + testName);
+ }
+
+diff --git a/src/java/test/org/apache/zookeeper/test/FourLetterWordsWhiteListTest.java b/src/java/test/org/apache/zookeeper/test/FourLetterWordsWhiteListTest.java
+new file mode 100644
+index 000000000..613346f2e
+--- /dev/null
++++ b/src/java/test/org/apache/zookeeper/test/FourLetterWordsWhiteListTest.java
+@@ -0,0 +1,252 @@
++/**
++ * Licensed to the Apache Software Foundation (ASF) under one
++ * or more contributor license agreements. See the NOTICE file
++ * distributed with this work for additional information
++ * regarding copyright ownership. The ASF licenses this file
++ * to you under the Apache License, Version 2.0 (the
++ * "License"); you may not use this file except in compliance
++ * with the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++package org.apache.zookeeper.test;
++
++import java.io.IOException;
++
++import org.apache.zookeeper.TestableZooKeeper;
++import org.apache.zookeeper.server.ServerCnxn;
++import static org.apache.zookeeper.client.FourLetterWordMain.send4LetterWord;
++import org.junit.Assert;
++import org.junit.Rule;
++import org.junit.Test;
++import org.junit.rules.Timeout;
++import org.slf4j.Logger;
++import org.slf4j.LoggerFactory;
++
++public class FourLetterWordsWhiteListTest extends ClientBase {
++ protected static final Logger LOG =
++ LoggerFactory.getLogger(FourLetterWordsTest.class);
++
++ @Rule
++ public Timeout timeout = new Timeout(30000);
++
++ /*
++ * ZOOKEEPER-2693: test white list of four letter words.
++ * For 3.5.x default white list is empty. Verify that is
++ * the case (except 'stat' command which is enabled in ClientBase
++ * which other tests depend on.).
++ */
++ @Test(timeout=30000)
++ public void testFourLetterWordsAllDisabledByDefault() throws Exception {
++ stopServer();
++ ServerCnxn.resetWhiteList();
++ System.setProperty("zookeeper.4lw.commands.whitelist", "stat");
++ startServer();
++
++ // Default white list for 3.5.x is empty, so all command should fail.
++ verifyAllCommandsFail();
++
++ TestableZooKeeper zk = createClient();
++
++ verifyAllCommandsFail();
++
++ zk.getData("/", true, null);
++
++ verifyAllCommandsFail();
++
++ zk.close();
++
++ verifyFuzzyMatch("stat", "Outstanding");
++ verifyAllCommandsFail();
++ }
++
++ @Test(timeout=30000)
++ public void testFourLetterWordsEnableSomeCommands() throws Exception {
++ stopServer();
++ ServerCnxn.resetWhiteList();
++ System.setProperty("zookeeper.4lw.commands.whitelist", "stat, ruok, isro");
++ startServer();
++ // stat, ruok and isro are white listed.
++ verifyFuzzyMatch("stat", "Outstanding");
++ verifyExactMatch("ruok", "imok");
++ verifyExactMatch("isro", "rw");
++
++ // Rest of commands fail.
++ verifyExactMatch("conf", generateExpectedMessage("conf"));
++ verifyExactMatch("cons", generateExpectedMessage("cons"));
++ verifyExactMatch("crst", generateExpectedMessage("crst"));
++ verifyExactMatch("dump", generateExpectedMessage("dump"));
++ verifyExactMatch("envi", generateExpectedMessage("envi"));
++ verifyExactMatch("gtmk", generateExpectedMessage("gtmk"));
++ verifyExactMatch("stmk", generateExpectedMessage("stmk"));
++ verifyExactMatch("srst", generateExpectedMessage("srst"));
++ verifyExactMatch("wchc", generateExpectedMessage("wchc"));
++ verifyExactMatch("wchp", generateExpectedMessage("wchp"));
++ verifyExactMatch("wchs", generateExpectedMessage("wchs"));
++ verifyExactMatch("mntr", generateExpectedMessage("mntr"));
++ }
++
++ @Test(timeout=30000)
++ public void testISROEnabledWhenReadOnlyModeEnabled() throws Exception {
++ stopServer();
++ ServerCnxn.resetWhiteList();
++ System.setProperty("zookeeper.4lw.commands.whitelist", "stat");
++ System.setProperty("readonlymode.enabled", "true");
++ startServer();
++ verifyExactMatch("isro", "rw");
++ System.clearProperty("readonlymode.enabled");
++ }
++
++ @Test(timeout=30000)
++ public void testFourLetterWordsInvalidConfiguration() throws Exception {
++ stopServer();
++ ServerCnxn.resetWhiteList();
++ System.setProperty("zookeeper.4lw.commands.whitelist", "foo bar" +
++ " foo,,, " +
++ "bar :.,@#$%^&*() , , , , bar, bar, stat, ");
++ startServer();
++
++ // Just make sure we are good when admin made some mistakes in config file.
++ verifyAllCommandsFail();
++ // But still, what's valid in white list will get through.
++ verifyFuzzyMatch("stat", "Outstanding");
++ }
++
++ @Test(timeout=30000)
++ public void testFourLetterWordsEnableAllCommandsThroughAsterisk() throws Exception {
++ stopServer();
++ ServerCnxn.resetWhiteList();
++ System.setProperty("zookeeper.4lw.commands.whitelist", "*");
++ startServer();
++ verifyAllCommandsSuccess();
++ }
++
++ @Test(timeout=30000)
++ public void testFourLetterWordsEnableAllCommandsThroughExplicitList() throws Exception {
++ stopServer();
++ ServerCnxn.resetWhiteList();
++ System.setProperty("zookeeper.4lw.commands.whitelist",
++ "ruok, envi, conf, stat, srvr, cons, dump," +
++ "wchs, wchp, wchc, srst, crst, " +
++ "mntr, gtmk, isro, stmk");
++ startServer();
++ verifyAllCommandsSuccess();
++ }
++
++ private void verifyAllCommandsSuccess() throws Exception {
++ verifyExactMatch("ruok", "imok");
++ verifyFuzzyMatch("envi", "java.version");
++ verifyFuzzyMatch("conf", "clientPort");
++ verifyFuzzyMatch("stat", "Outstanding");
++ verifyFuzzyMatch("srvr", "Outstanding");
++ verifyFuzzyMatch("cons", "queued");
++ verifyFuzzyMatch("dump", "Session");
++ verifyFuzzyMatch("wchs", "watches");
++ verifyFuzzyMatch("wchp", "");
++ verifyFuzzyMatch("wchc", "");
++
++ verifyFuzzyMatch("srst", "reset");
++ verifyFuzzyMatch("crst", "reset");
++
++ verifyFuzzyMatch("stat", "Outstanding");
++ verifyFuzzyMatch("srvr", "Outstanding");
++ verifyFuzzyMatch("cons", "queued");
++ verifyFuzzyMatch("gtmk", "306");
++ verifyFuzzyMatch("isro", "rw");
++
++ TestableZooKeeper zk = createClient();
++ String sid = getHexSessionId(zk.getSessionId());
++
++ verifyFuzzyMatch("stat", "queued");
++ verifyFuzzyMatch("srvr", "Outstanding");
++ verifyFuzzyMatch("cons", sid);
++ verifyFuzzyMatch("dump", sid);
++
++ zk.getData("/", true, null);
++
++ verifyFuzzyMatch("stat", "queued");
++ verifyFuzzyMatch("srvr", "Outstanding");
++ verifyFuzzyMatch("cons", sid);
++ verifyFuzzyMatch("dump", sid);
++
++ verifyFuzzyMatch("wchs", "watching 1");
++ verifyFuzzyMatch("wchp", sid);
++ verifyFuzzyMatch("wchc", sid);
++ zk.close();
++
++ verifyExactMatch("ruok", "imok");
++ verifyFuzzyMatch("envi", "java.version");
++ verifyFuzzyMatch("conf", "clientPort");
++ verifyFuzzyMatch("stat", "Outstanding");
++ verifyFuzzyMatch("srvr", "Outstanding");
++ verifyFuzzyMatch("cons", "queued");
++ verifyFuzzyMatch("dump", "Session");
++ verifyFuzzyMatch("wchs", "watch");
++ verifyFuzzyMatch("wchp", "");
++ verifyFuzzyMatch("wchc", "");
++
++ verifyFuzzyMatch("srst", "reset");
++ verifyFuzzyMatch("crst", "reset");
++
++ verifyFuzzyMatch("stat", "Outstanding");
++ verifyFuzzyMatch("srvr", "Outstanding");
++ verifyFuzzyMatch("cons", "queued");
++ verifyFuzzyMatch("mntr", "zk_server_state\tstandalone");
++ verifyFuzzyMatch("mntr", "num_alive_connections");
++ verifyFuzzyMatch("stat", "Connections");
++ verifyFuzzyMatch("srvr", "Connections");
++ }
++
++ private void verifyAllCommandsFail() throws Exception {
++ verifyExactMatch("ruok", generateExpectedMessage("ruok"));
++ verifyExactMatch("conf", generateExpectedMessage("conf"));
++ verifyExactMatch("cons", generateExpectedMessage("cons"));
++ verifyExactMatch("crst", generateExpectedMessage("crst"));
++ verifyExactMatch("dump", generateExpectedMessage("dump"));
++ verifyExactMatch("envi", generateExpectedMessage("envi"));
++ verifyExactMatch("gtmk", generateExpectedMessage("gtmk"));
++ verifyExactMatch("stmk", generateExpectedMessage("stmk"));
++ verifyExactMatch("srst", generateExpectedMessage("srst"));
++ verifyExactMatch("wchc", generateExpectedMessage("wchc"));
++ verifyExactMatch("wchp", generateExpectedMessage("wchp"));
++ verifyExactMatch("wchs", generateExpectedMessage("wchs"));
++ verifyExactMatch("mntr", generateExpectedMessage("mntr"));
++ verifyExactMatch("isro", generateExpectedMessage("isro"));
++
++ // srvr is enabled by default due to the sad fact zkServer.sh uses it.
++ verifyFuzzyMatch("srvr", "Outstanding");
++ }
++
++ private void verifyFuzzyMatch(String cmd, String expected) throws IOException {
++ String resp = sendRequest(cmd);
++ LOG.info("cmd " + cmd + " expected " + expected + " got " + resp);
++ Assert.assertTrue(resp.contains(expected));
++ }
++
++ private String generateExpectedMessage(String command) {
++ return command + " is not executed because it is not in the whitelist.";
++ }
++
++ private void verifyExactMatch(String cmd, String expected) throws IOException {
++ String resp = sendRequest(cmd);
++ LOG.info("cmd " + cmd + " expected an exact match of " + expected + "; got " + resp);
++ Assert.assertTrue(resp.trim().equals(expected));
++ }
++
++ private String sendRequest(String cmd) throws IOException {
++ HostPort hpobj = ClientBase.parseHostPortList(hostPort).get(0);
++ return send4LetterWord(hpobj.host, hpobj.port, cmd);
++ }
++
++ private String sendRequest(String cmd, int timeout) throws IOException {
++ HostPort hpobj = ClientBase.parseHostPortList(hostPort).get(0);
++ return send4LetterWord(hpobj.host, hpobj.port, cmd, timeout);
++ }
++}
+
+From d060ddcfe9f3b24eebd7b2b0742be3070a1f245f Mon Sep 17 00:00:00 2001
+From: Michael Han <hanm@apache.org>
+Date: Mon, 6 Mar 2017 19:08:09 -0800
+Subject: [PATCH 2/2] update doc.
+
+---
+ src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml b/src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml
+index 56697b923..fb00fae24 100644
+--- a/src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml
++++ b/src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml
+@@ -1701,6 +1701,16 @@ imok
+ usage limit that would cause the system to swap.</para>
+ </listitem>
+ </varlistentry>
++
++ <varlistentry>
++ <term>Publicly accessible deployment</term>
++ <listitem>
++ <para>
++ A ZooKeeper ensemble is expected to operate in a trusted computing environment.
++ It is thus recommended to deploy ZooKeeper behind a firewall.
++ </para>
++ </listitem>
++ </varlistentry>
+ </variablelist>
+ </section>
+
diff -Nru zookeeper-3.4.9/debian/patches/series zookeeper-3.4.9/debian/patches/series
--- zookeeper-3.4.9/debian/patches/series 2016-10-16 20:50:15.000000000 -0700
+++ zookeeper-3.4.9/debian/patches/series 2017-06-01 16:26:44.000000000 -0700
@@ -7,3 +7,4 @@
07-remove-non-reproducible-manifest-entries.patch
08-reproducible-javadoc.patch
09-spell-check.patch
+10-CVE-2017-5637.patch
Attachment:
signature.asc
Description: PGP signature