diff options
Diffstat (limited to 'meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch')
-rw-r--r-- | meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch b/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch new file mode 100644 index 0000000000..030ead6c66 --- /dev/null +++ b/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch @@ -0,0 +1,146 @@ +From 61382fd8ea66000bd9ee8e203a6eab443220ee40 Mon Sep 17 00:00:00 2001 +From: Nathan Hartman <hartmannathan@apache.org> +Date: Sun, 27 Mar 2022 05:59:18 +0000 +Subject: [PATCH] On the 1.14.x-r1899227 branch: Merge r1899227 from trunk + w/testlist variation + +git-svn-id: https://svn.apache.org/repos/asf/subversion/branches/1.14.x-r1899227@1899229 13f79535-47bb-0310-9956-ffa450edef68 + +CVE: CVE-2021-28544 [https://github.com/apache/subversion/commit/61382fd8ea66000bd9ee8e203a6eab443220ee40] +Upstream-Status: Backport +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + subversion/libsvn_repos/log.c | 26 +++++------- + subversion/tests/cmdline/authz_tests.py | 55 +++++++++++++++++++++++++ + 2 files changed, 65 insertions(+), 16 deletions(-) + +diff --git a/subversion/libsvn_repos/log.c b/subversion/libsvn_repos/log.c +index d9a1fb1085e16..41ca8aed27174 100644 +--- a/subversion/libsvn_repos/log.c ++++ b/subversion/libsvn_repos/log.c +@@ -337,42 +337,36 @@ detect_changed(svn_repos_revision_access_level_t *access_level, + if ( (change->change_kind == svn_fs_path_change_add) + || (change->change_kind == svn_fs_path_change_replace)) + { +- const char *copyfrom_path = change->copyfrom_path; +- svn_revnum_t copyfrom_rev = change->copyfrom_rev; +- + /* the following is a potentially expensive operation since on FSFS + we will follow the DAG from ROOT to PATH and that requires + actually reading the directories along the way. */ + if (!change->copyfrom_known) + { +- SVN_ERR(svn_fs_copied_from(©from_rev, ©from_path, ++ SVN_ERR(svn_fs_copied_from(&change->copyfrom_rev, &change->copyfrom_path, + root, path, iterpool)); + change->copyfrom_known = TRUE; + } + +- if (copyfrom_path && SVN_IS_VALID_REVNUM(copyfrom_rev)) ++ if (change->copyfrom_path && SVN_IS_VALID_REVNUM(change->copyfrom_rev)) + { +- svn_boolean_t readable = TRUE; +- + if (callbacks->authz_read_func) + { + svn_fs_root_t *copyfrom_root; ++ svn_boolean_t readable; + + SVN_ERR(svn_fs_revision_root(©from_root, fs, +- copyfrom_rev, iterpool)); ++ change->copyfrom_rev, iterpool)); + SVN_ERR(callbacks->authz_read_func(&readable, + copyfrom_root, +- copyfrom_path, ++ change->copyfrom_path, + callbacks->authz_read_baton, + iterpool)); + if (! readable) +- found_unreadable = TRUE; +- } +- +- if (readable) +- { +- change->copyfrom_path = copyfrom_path; +- change->copyfrom_rev = copyfrom_rev; ++ { ++ found_unreadable = TRUE; ++ change->copyfrom_path = NULL; ++ change->copyfrom_rev = SVN_INVALID_REVNUM; ++ } + } + } + } +diff --git a/subversion/tests/cmdline/authz_tests.py b/subversion/tests/cmdline/authz_tests.py +index 760cb3663d02f..92e8a5e1935c9 100755 +--- a/subversion/tests/cmdline/authz_tests.py ++++ b/subversion/tests/cmdline/authz_tests.py +@@ -1731,6 +1731,60 @@ def empty_group(sbox): + '--username', svntest.main.wc_author, + sbox.repo_url) + ++@Skip(svntest.main.is_ra_type_file) ++def log_inaccessible_copyfrom(sbox): ++ "log doesn't leak inaccessible copyfrom paths" ++ ++ sbox.build(empty=True) ++ sbox.simple_add_text('secret', 'private') ++ sbox.simple_commit(message='log message for r1') ++ sbox.simple_copy('private', 'public') ++ sbox.simple_commit(message='log message for r2') ++ ++ svntest.actions.enable_revprop_changes(sbox.repo_dir) ++ # Remove svn:date and svn:author for predictable output. ++ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop', ++ '-r2', 'svn:date', sbox.repo_url) ++ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop', ++ '-r2', 'svn:author', sbox.repo_url) ++ ++ write_restrictive_svnserve_conf(sbox.repo_dir) ++ ++ # First test with blanket access. ++ write_authz_file(sbox, ++ {"/" : "* = rw"}) ++ expected_output = svntest.verify.ExpectedOutput([ ++ "------------------------------------------------------------------------\n", ++ "r2 | (no author) | (no date) | 1 line\n", ++ "Changed paths:\n", ++ " A /public (from /private:1)\n", ++ "\n", ++ "log message for r2\n", ++ "------------------------------------------------------------------------\n", ++ ]) ++ svntest.actions.run_and_verify_svn(expected_output, [], ++ 'log', '-r2', '-v', ++ sbox.repo_url) ++ ++ # Now test with an inaccessible copy source (/private). ++ write_authz_file(sbox, ++ {"/" : "* = rw"}, ++ {"/private" : "* ="}) ++ expected_output = svntest.verify.ExpectedOutput([ ++ "------------------------------------------------------------------------\n", ++ "r2 | (no author) | (no date) | 1 line\n", ++ "Changed paths:\n", ++ # The copy is shown as a plain add with no copyfrom info. ++ " A /public\n", ++ "\n", ++ # No log message, as the revision is only partially visible. ++ "\n", ++ "------------------------------------------------------------------------\n", ++ ]) ++ svntest.actions.run_and_verify_svn(expected_output, [], ++ 'log', '-r2', '-v', ++ sbox.repo_url) ++ + + ######################################################################## + # Run the tests +@@ -1771,6 +1825,7 @@ def empty_group(sbox): + inverted_group_membership, + group_member_empty_string, + empty_group, ++ log_inaccessible_copyfrom, + ] + serial_only = True + |