summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch')
-rw-r--r--meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch146
1 files changed, 146 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch b/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch
new file mode 100644
index 0000000000..030ead6c66
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch
@@ -0,0 +1,146 @@
1From 61382fd8ea66000bd9ee8e203a6eab443220ee40 Mon Sep 17 00:00:00 2001
2From: Nathan Hartman <hartmannathan@apache.org>
3Date: Sun, 27 Mar 2022 05:59:18 +0000
4Subject: [PATCH] On the 1.14.x-r1899227 branch: Merge r1899227 from trunk
5 w/testlist variation
6
7git-svn-id: https://svn.apache.org/repos/asf/subversion/branches/1.14.x-r1899227@1899229 13f79535-47bb-0310-9956-ffa450edef68
8
9CVE: CVE-2021-28544 [https://github.com/apache/subversion/commit/61382fd8ea66000bd9ee8e203a6eab443220ee40]
10Upstream-Status: Backport
11Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
12---
13 subversion/libsvn_repos/log.c | 26 +++++-------
14 subversion/tests/cmdline/authz_tests.py | 55 +++++++++++++++++++++++++
15 2 files changed, 65 insertions(+), 16 deletions(-)
16
17diff --git a/subversion/libsvn_repos/log.c b/subversion/libsvn_repos/log.c
18index d9a1fb1085e16..41ca8aed27174 100644
19--- a/subversion/libsvn_repos/log.c
20+++ b/subversion/libsvn_repos/log.c
21@@ -337,42 +337,36 @@ detect_changed(svn_repos_revision_access_level_t *access_level,
22 if ( (change->change_kind == svn_fs_path_change_add)
23 || (change->change_kind == svn_fs_path_change_replace))
24 {
25- const char *copyfrom_path = change->copyfrom_path;
26- svn_revnum_t copyfrom_rev = change->copyfrom_rev;
27-
28 /* the following is a potentially expensive operation since on FSFS
29 we will follow the DAG from ROOT to PATH and that requires
30 actually reading the directories along the way. */
31 if (!change->copyfrom_known)
32 {
33- SVN_ERR(svn_fs_copied_from(&copyfrom_rev, &copyfrom_path,
34+ SVN_ERR(svn_fs_copied_from(&change->copyfrom_rev, &change->copyfrom_path,
35 root, path, iterpool));
36 change->copyfrom_known = TRUE;
37 }
38
39- if (copyfrom_path && SVN_IS_VALID_REVNUM(copyfrom_rev))
40+ if (change->copyfrom_path && SVN_IS_VALID_REVNUM(change->copyfrom_rev))
41 {
42- svn_boolean_t readable = TRUE;
43-
44 if (callbacks->authz_read_func)
45 {
46 svn_fs_root_t *copyfrom_root;
47+ svn_boolean_t readable;
48
49 SVN_ERR(svn_fs_revision_root(&copyfrom_root, fs,
50- copyfrom_rev, iterpool));
51+ change->copyfrom_rev, iterpool));
52 SVN_ERR(callbacks->authz_read_func(&readable,
53 copyfrom_root,
54- copyfrom_path,
55+ change->copyfrom_path,
56 callbacks->authz_read_baton,
57 iterpool));
58 if (! readable)
59- found_unreadable = TRUE;
60- }
61-
62- if (readable)
63- {
64- change->copyfrom_path = copyfrom_path;
65- change->copyfrom_rev = copyfrom_rev;
66+ {
67+ found_unreadable = TRUE;
68+ change->copyfrom_path = NULL;
69+ change->copyfrom_rev = SVN_INVALID_REVNUM;
70+ }
71 }
72 }
73 }
74diff --git a/subversion/tests/cmdline/authz_tests.py b/subversion/tests/cmdline/authz_tests.py
75index 760cb3663d02f..92e8a5e1935c9 100755
76--- a/subversion/tests/cmdline/authz_tests.py
77+++ b/subversion/tests/cmdline/authz_tests.py
78@@ -1731,6 +1731,60 @@ def empty_group(sbox):
79 '--username', svntest.main.wc_author,
80 sbox.repo_url)
81
82+@Skip(svntest.main.is_ra_type_file)
83+def log_inaccessible_copyfrom(sbox):
84+ "log doesn't leak inaccessible copyfrom paths"
85+
86+ sbox.build(empty=True)
87+ sbox.simple_add_text('secret', 'private')
88+ sbox.simple_commit(message='log message for r1')
89+ sbox.simple_copy('private', 'public')
90+ sbox.simple_commit(message='log message for r2')
91+
92+ svntest.actions.enable_revprop_changes(sbox.repo_dir)
93+ # Remove svn:date and svn:author for predictable output.
94+ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
95+ '-r2', 'svn:date', sbox.repo_url)
96+ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
97+ '-r2', 'svn:author', sbox.repo_url)
98+
99+ write_restrictive_svnserve_conf(sbox.repo_dir)
100+
101+ # First test with blanket access.
102+ write_authz_file(sbox,
103+ {"/" : "* = rw"})
104+ expected_output = svntest.verify.ExpectedOutput([
105+ "------------------------------------------------------------------------\n",
106+ "r2 | (no author) | (no date) | 1 line\n",
107+ "Changed paths:\n",
108+ " A /public (from /private:1)\n",
109+ "\n",
110+ "log message for r2\n",
111+ "------------------------------------------------------------------------\n",
112+ ])
113+ svntest.actions.run_and_verify_svn(expected_output, [],
114+ 'log', '-r2', '-v',
115+ sbox.repo_url)
116+
117+ # Now test with an inaccessible copy source (/private).
118+ write_authz_file(sbox,
119+ {"/" : "* = rw"},
120+ {"/private" : "* ="})
121+ expected_output = svntest.verify.ExpectedOutput([
122+ "------------------------------------------------------------------------\n",
123+ "r2 | (no author) | (no date) | 1 line\n",
124+ "Changed paths:\n",
125+ # The copy is shown as a plain add with no copyfrom info.
126+ " A /public\n",
127+ "\n",
128+ # No log message, as the revision is only partially visible.
129+ "\n",
130+ "------------------------------------------------------------------------\n",
131+ ])
132+ svntest.actions.run_and_verify_svn(expected_output, [],
133+ 'log', '-r2', '-v',
134+ sbox.repo_url)
135+
136
137 ########################################################################
138 # Run the tests
139@@ -1771,6 +1825,7 @@ def empty_group(sbox):
140 inverted_group_membership,
141 group_member_empty_string,
142 empty_group,
143+ log_inaccessible_copyfrom,
144 ]
145 serial_only = True
146