diff options
author | Lee Chee Yang <chee.yang.lee@intel.com> | 2022-09-21 15:18:36 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-09-23 16:22:59 +0100 |
commit | a8ee7ba022ed4f3cbc49cfce72511ee81d7acf00 (patch) | |
tree | 8e877048dbeebd47075c3a27b9cf2fd7f1dd8666 /meta/recipes-devtools/subversion/subversion | |
parent | f9a63709b08931f7f10422eb8af929b89ec4f84e (diff) | |
download | poky-a8ee7ba022ed4f3cbc49cfce72511ee81d7acf00.tar.gz |
subversion: fix CVE-2021-28544
(From OE-Core rev: 7fdd4d2dc019071525349fbb153e2e80f6583217)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/subversion/subversion')
-rw-r--r-- | meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch b/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch new file mode 100644 index 0000000000..030ead6c66 --- /dev/null +++ b/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch | |||
@@ -0,0 +1,146 @@ | |||
1 | From 61382fd8ea66000bd9ee8e203a6eab443220ee40 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nathan Hartman <hartmannathan@apache.org> | ||
3 | Date: Sun, 27 Mar 2022 05:59:18 +0000 | ||
4 | Subject: [PATCH] On the 1.14.x-r1899227 branch: Merge r1899227 from trunk | ||
5 | w/testlist variation | ||
6 | |||
7 | git-svn-id: https://svn.apache.org/repos/asf/subversion/branches/1.14.x-r1899227@1899229 13f79535-47bb-0310-9956-ffa450edef68 | ||
8 | |||
9 | CVE: CVE-2021-28544 [https://github.com/apache/subversion/commit/61382fd8ea66000bd9ee8e203a6eab443220ee40] | ||
10 | Upstream-Status: Backport | ||
11 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
12 | --- | ||
13 | subversion/libsvn_repos/log.c | 26 +++++------- | ||
14 | subversion/tests/cmdline/authz_tests.py | 55 +++++++++++++++++++++++++ | ||
15 | 2 files changed, 65 insertions(+), 16 deletions(-) | ||
16 | |||
17 | diff --git a/subversion/libsvn_repos/log.c b/subversion/libsvn_repos/log.c | ||
18 | index d9a1fb1085e16..41ca8aed27174 100644 | ||
19 | --- a/subversion/libsvn_repos/log.c | ||
20 | +++ b/subversion/libsvn_repos/log.c | ||
21 | @@ -337,42 +337,36 @@ detect_changed(svn_repos_revision_access_level_t *access_level, | ||
22 | if ( (change->change_kind == svn_fs_path_change_add) | ||
23 | || (change->change_kind == svn_fs_path_change_replace)) | ||
24 | { | ||
25 | - const char *copyfrom_path = change->copyfrom_path; | ||
26 | - svn_revnum_t copyfrom_rev = change->copyfrom_rev; | ||
27 | - | ||
28 | /* the following is a potentially expensive operation since on FSFS | ||
29 | we will follow the DAG from ROOT to PATH and that requires | ||
30 | actually reading the directories along the way. */ | ||
31 | if (!change->copyfrom_known) | ||
32 | { | ||
33 | - SVN_ERR(svn_fs_copied_from(©from_rev, ©from_path, | ||
34 | + SVN_ERR(svn_fs_copied_from(&change->copyfrom_rev, &change->copyfrom_path, | ||
35 | root, path, iterpool)); | ||
36 | change->copyfrom_known = TRUE; | ||
37 | } | ||
38 | |||
39 | - if (copyfrom_path && SVN_IS_VALID_REVNUM(copyfrom_rev)) | ||
40 | + if (change->copyfrom_path && SVN_IS_VALID_REVNUM(change->copyfrom_rev)) | ||
41 | { | ||
42 | - svn_boolean_t readable = TRUE; | ||
43 | - | ||
44 | if (callbacks->authz_read_func) | ||
45 | { | ||
46 | svn_fs_root_t *copyfrom_root; | ||
47 | + svn_boolean_t readable; | ||
48 | |||
49 | SVN_ERR(svn_fs_revision_root(©from_root, fs, | ||
50 | - copyfrom_rev, iterpool)); | ||
51 | + change->copyfrom_rev, iterpool)); | ||
52 | SVN_ERR(callbacks->authz_read_func(&readable, | ||
53 | copyfrom_root, | ||
54 | - copyfrom_path, | ||
55 | + change->copyfrom_path, | ||
56 | callbacks->authz_read_baton, | ||
57 | iterpool)); | ||
58 | if (! readable) | ||
59 | - found_unreadable = TRUE; | ||
60 | - } | ||
61 | - | ||
62 | - if (readable) | ||
63 | - { | ||
64 | - change->copyfrom_path = copyfrom_path; | ||
65 | - change->copyfrom_rev = copyfrom_rev; | ||
66 | + { | ||
67 | + found_unreadable = TRUE; | ||
68 | + change->copyfrom_path = NULL; | ||
69 | + change->copyfrom_rev = SVN_INVALID_REVNUM; | ||
70 | + } | ||
71 | } | ||
72 | } | ||
73 | } | ||
74 | diff --git a/subversion/tests/cmdline/authz_tests.py b/subversion/tests/cmdline/authz_tests.py | ||
75 | index 760cb3663d02f..92e8a5e1935c9 100755 | ||
76 | --- a/subversion/tests/cmdline/authz_tests.py | ||
77 | +++ b/subversion/tests/cmdline/authz_tests.py | ||
78 | @@ -1731,6 +1731,60 @@ def empty_group(sbox): | ||
79 | '--username', svntest.main.wc_author, | ||
80 | sbox.repo_url) | ||
81 | |||
82 | +@Skip(svntest.main.is_ra_type_file) | ||
83 | +def log_inaccessible_copyfrom(sbox): | ||
84 | + "log doesn't leak inaccessible copyfrom paths" | ||
85 | + | ||
86 | + sbox.build(empty=True) | ||
87 | + sbox.simple_add_text('secret', 'private') | ||
88 | + sbox.simple_commit(message='log message for r1') | ||
89 | + sbox.simple_copy('private', 'public') | ||
90 | + sbox.simple_commit(message='log message for r2') | ||
91 | + | ||
92 | + svntest.actions.enable_revprop_changes(sbox.repo_dir) | ||
93 | + # Remove svn:date and svn:author for predictable output. | ||
94 | + svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop', | ||
95 | + '-r2', 'svn:date', sbox.repo_url) | ||
96 | + svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop', | ||
97 | + '-r2', 'svn:author', sbox.repo_url) | ||
98 | + | ||
99 | + write_restrictive_svnserve_conf(sbox.repo_dir) | ||
100 | + | ||
101 | + # First test with blanket access. | ||
102 | + write_authz_file(sbox, | ||
103 | + {"/" : "* = rw"}) | ||
104 | + expected_output = svntest.verify.ExpectedOutput([ | ||
105 | + "------------------------------------------------------------------------\n", | ||
106 | + "r2 | (no author) | (no date) | 1 line\n", | ||
107 | + "Changed paths:\n", | ||
108 | + " A /public (from /private:1)\n", | ||
109 | + "\n", | ||
110 | + "log message for r2\n", | ||
111 | + "------------------------------------------------------------------------\n", | ||
112 | + ]) | ||
113 | + svntest.actions.run_and_verify_svn(expected_output, [], | ||
114 | + 'log', '-r2', '-v', | ||
115 | + sbox.repo_url) | ||
116 | + | ||
117 | + # Now test with an inaccessible copy source (/private). | ||
118 | + write_authz_file(sbox, | ||
119 | + {"/" : "* = rw"}, | ||
120 | + {"/private" : "* ="}) | ||
121 | + expected_output = svntest.verify.ExpectedOutput([ | ||
122 | + "------------------------------------------------------------------------\n", | ||
123 | + "r2 | (no author) | (no date) | 1 line\n", | ||
124 | + "Changed paths:\n", | ||
125 | + # The copy is shown as a plain add with no copyfrom info. | ||
126 | + " A /public\n", | ||
127 | + "\n", | ||
128 | + # No log message, as the revision is only partially visible. | ||
129 | + "\n", | ||
130 | + "------------------------------------------------------------------------\n", | ||
131 | + ]) | ||
132 | + svntest.actions.run_and_verify_svn(expected_output, [], | ||
133 | + 'log', '-r2', '-v', | ||
134 | + sbox.repo_url) | ||
135 | + | ||
136 | |||
137 | ######################################################################## | ||
138 | # Run the tests | ||
139 | @@ -1771,6 +1825,7 @@ def empty_group(sbox): | ||
140 | inverted_group_membership, | ||
141 | group_member_empty_string, | ||
142 | empty_group, | ||
143 | + log_inaccessible_copyfrom, | ||
144 | ] | ||
145 | serial_only = True | ||
146 | |||