1 files changed, 146 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch b/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch
new file mode 100644
index 0000000000..030ead6c66
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch
@@ -0,0 +1,146 @@
+From 61382fd8ea66000bd9ee8e203a6eab443220ee40 Mon Sep 17 00:00:00 2001
+From: Nathan Hartman <hartmannathan@apache.org>
+Date: Sun, 27 Mar 2022 05:59:18 +0000
+Subject: [PATCH] On the 1.14.x-r1899227 branch: Merge r1899227 from trunk
+ w/testlist variation
+git-svn-id: https://svn.apache.org/repos/asf/subversion/branches/1.14.x-r1899227@1899229 13f79535-47bb-0310-9956-ffa450edef68
+CVE: CVE-2021-28544 [https://github.com/apache/subversion/commit/61382fd8ea66000bd9ee8e203a6eab443220ee40]
+Upstream-Status: Backport
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ subversion/libsvn_repos/log.c           | 26 +++++-------
+ subversion/tests/cmdline/authz_tests.py | 55 +++++++++++++++++++++++++
+ 2 files changed, 65 insertions(+), 16 deletions(-)
+diff --git a/subversion/libsvn_repos/log.c b/subversion/libsvn_repos/log.c
+index d9a1fb1085e16..41ca8aed27174 100644
+--- a/subversion/libsvn_repos/log.c
+++ b/subversion/libsvn_repos/log.c
+@@ -337,42 +337,36 @@ detect_changed(svn_repos_revision_access_level_t *access_level,
+       if (   (change->change_kind == svn_fs_path_change_add)
+           || (change->change_kind == svn_fs_path_change_replace))
+         {
+-          const char *copyfrom_path = change->copyfrom_path;
+-          svn_revnum_t copyfrom_rev = change->copyfrom_rev;
+-
+           /* the following is a potentially expensive operation since on FSFS
+              we will follow the DAG from ROOT to PATH and that requires
+              actually reading the directories along the way. */
+           if (!change->copyfrom_known)
+             {
+-              SVN_ERR(svn_fs_copied_from(&copyfrom_rev, &copyfrom_path,
+              SVN_ERR(svn_fs_copied_from(&change->copyfrom_rev, &change->copyfrom_path,
+                                         root, path, iterpool));
+               change->copyfrom_known = TRUE;
+             }
+ 
+-          if (copyfrom_path && SVN_IS_VALID_REVNUM(copyfrom_rev))
+          if (change->copyfrom_path && SVN_IS_VALID_REVNUM(change->copyfrom_rev))
+             {
+-              svn_boolean_t readable = TRUE;
+-
+               if (callbacks->authz_read_func)
+                 {
+                   svn_fs_root_t *copyfrom_root;
+                  svn_boolean_t readable;
+ 
+                   SVN_ERR(svn_fs_revision_root(&copyfrom_root, fs,
+-                                               copyfrom_rev, iterpool));
+                                               change->copyfrom_rev, iterpool));
+                   SVN_ERR(callbacks->authz_read_func(&readable,
+                                                      copyfrom_root,
+-                                                     copyfrom_path,
+                                                     change->copyfrom_path,
+                                                      callbacks->authz_read_baton,
+                                                      iterpool));
+                   if (! readable)
+-                    found_unreadable = TRUE;
+-                }
+-
+-              if (readable)
+-                {
+-                  change->copyfrom_path = copyfrom_path;
+-                  change->copyfrom_rev = copyfrom_rev;
+                    {
+                      found_unreadable = TRUE;
+                      change->copyfrom_path = NULL;
+                      change->copyfrom_rev = SVN_INVALID_REVNUM;
+                    }
+                 }
+             }
+         }
+diff --git a/subversion/tests/cmdline/authz_tests.py b/subversion/tests/cmdline/authz_tests.py
+index 760cb3663d02f..92e8a5e1935c9 100755
+--- a/subversion/tests/cmdline/authz_tests.py
+++ b/subversion/tests/cmdline/authz_tests.py
+@@ -1731,6 +1731,60 @@ def empty_group(sbox):
+                                      '--username', svntest.main.wc_author,
+                                      sbox.repo_url)
+ 
+@Skip(svntest.main.is_ra_type_file)
+def log_inaccessible_copyfrom(sbox):
+  "log doesn't leak inaccessible copyfrom paths"
+
+  sbox.build(empty=True)
+  sbox.simple_add_text('secret', 'private')
+  sbox.simple_commit(message='log message for r1')
+  sbox.simple_copy('private', 'public')
+  sbox.simple_commit(message='log message for r2')
+
+  svntest.actions.enable_revprop_changes(sbox.repo_dir)
+  # Remove svn:date and svn:author for predictable output.
+  svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
+                                     '-r2', 'svn:date', sbox.repo_url)
+  svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
+                                     '-r2', 'svn:author', sbox.repo_url)
+
+  write_restrictive_svnserve_conf(sbox.repo_dir)
+
+  # First test with blanket access.
+  write_authz_file(sbox,
+                   {"/" : "* = rw"})
+  expected_output = svntest.verify.ExpectedOutput([
+    "------------------------------------------------------------------------\n",
+    "r2 | (no author) | (no date) | 1 line\n",
+    "Changed paths:\n",
+    "   A /public (from /private:1)\n",
+    "\n",
+    "log message for r2\n",
+    "------------------------------------------------------------------------\n",
+  ])
+  svntest.actions.run_and_verify_svn(expected_output, [],
+                                     'log', '-r2', '-v',
+                                     sbox.repo_url)
+
+  # Now test with an inaccessible copy source (/private).
+  write_authz_file(sbox,
+                   {"/" : "* = rw"},
+                   {"/private" : "* ="})
+  expected_output = svntest.verify.ExpectedOutput([
+    "------------------------------------------------------------------------\n",
+    "r2 | (no author) | (no date) | 1 line\n",
+    "Changed paths:\n",
+    # The copy is shown as a plain add with no copyfrom info.
+    "   A /public\n",
+    "\n",
+    # No log message, as the revision is only partially visible.
+    "\n",
+    "------------------------------------------------------------------------\n",
+  ])
+  svntest.actions.run_and_verify_svn(expected_output, [],
+                                     'log', '-r2', '-v',
+                                     sbox.repo_url)
+
+ 
+ ########################################################################
+ # Run the tests
+@@ -1771,6 +1825,7 @@ def empty_group(sbox):
+               inverted_group_membership,
+               group_member_empty_string,
+               empty_group,
+              log_inaccessible_copyfrom,
+              ]
+ serial_only = True
+

diff --git a/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch b/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch new file mode 100644 index 0000000000..030ead6c66 --- /dev/null +++ b/meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch
@@ -0,0 +1,146 @@
	1	From 61382fd8ea66000bd9ee8e203a6eab443220ee40 Mon Sep 17 00:00:00 2001
	2	From: Nathan Hartman <hartmannathan@apache.org>
	3	Date: Sun, 27 Mar 2022 05:59:18 +0000
	4	Subject: [PATCH] On the 1.14.x-r1899227 branch: Merge r1899227 from trunk
	5	w/testlist variation
	6
	7	git-svn-id: https://svn.apache.org/repos/asf/subversion/branches/1.14.x-r1899227@1899229 13f79535-47bb-0310-9956-ffa450edef68
	8
	9	CVE: CVE-2021-28544 [https://github.com/apache/subversion/commit/61382fd8ea66000bd9ee8e203a6eab443220ee40]
	10	Upstream-Status: Backport
	11	Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
	12	---
	13	subversion/libsvn_repos/log.c \| 26 +++++-------
	14	subversion/tests/cmdline/authz_tests.py \| 55 +++++++++++++++++++++++++
	15	2 files changed, 65 insertions(+), 16 deletions(-)
	16
	17	diff --git a/subversion/libsvn_repos/log.c b/subversion/libsvn_repos/log.c
	18	index d9a1fb1085e16..41ca8aed27174 100644
	19	--- a/subversion/libsvn_repos/log.c
	20	+++ b/subversion/libsvn_repos/log.c
	21	@@ -337,42 +337,36 @@ detect_changed(svn_repos_revision_access_level_t *access_level,
	22	if ( (change->change_kind == svn_fs_path_change_add)
	23	\|\| (change->change_kind == svn_fs_path_change_replace))
	24	{
	25	- const char *copyfrom_path = change->copyfrom_path;
	26	- svn_revnum_t copyfrom_rev = change->copyfrom_rev;
	27	-
	28	/* the following is a potentially expensive operation since on FSFS
	29	we will follow the DAG from ROOT to PATH and that requires
	30	actually reading the directories along the way. */
	31	if (!change->copyfrom_known)
	32	{
	33	- SVN_ERR(svn_fs_copied_from(&copyfrom_rev, &copyfrom_path,
	34	+ SVN_ERR(svn_fs_copied_from(&change->copyfrom_rev, &change->copyfrom_path,
	35	root, path, iterpool));
	36	change->copyfrom_known = TRUE;
	37	}
	38
	39	- if (copyfrom_path && SVN_IS_VALID_REVNUM(copyfrom_rev))
	40	+ if (change->copyfrom_path && SVN_IS_VALID_REVNUM(change->copyfrom_rev))
	41	{
	42	- svn_boolean_t readable = TRUE;
	43	-
	44	if (callbacks->authz_read_func)
	45	{
	46	svn_fs_root_t *copyfrom_root;
	47	+ svn_boolean_t readable;
	48
	49	SVN_ERR(svn_fs_revision_root(&copyfrom_root, fs,
	50	- copyfrom_rev, iterpool));
	51	+ change->copyfrom_rev, iterpool));
	52	SVN_ERR(callbacks->authz_read_func(&readable,
	53	copyfrom_root,
	54	- copyfrom_path,
	55	+ change->copyfrom_path,
	56	callbacks->authz_read_baton,
	57	iterpool));
	58	if (! readable)
	59	- found_unreadable = TRUE;
	60	- }
	61	-
	62	- if (readable)
	63	- {
	64	- change->copyfrom_path = copyfrom_path;
	65	- change->copyfrom_rev = copyfrom_rev;
	66	+ {
	67	+ found_unreadable = TRUE;
	68	+ change->copyfrom_path = NULL;
	69	+ change->copyfrom_rev = SVN_INVALID_REVNUM;
	70	+ }
	71	}
	72	}
	73	}
	74	diff --git a/subversion/tests/cmdline/authz_tests.py b/subversion/tests/cmdline/authz_tests.py
	75	index 760cb3663d02f..92e8a5e1935c9 100755
	76	--- a/subversion/tests/cmdline/authz_tests.py
	77	+++ b/subversion/tests/cmdline/authz_tests.py
	78	@@ -1731,6 +1731,60 @@ def empty_group(sbox):
	79	'--username', svntest.main.wc_author,
	80	sbox.repo_url)
	81
	82	+@Skip(svntest.main.is_ra_type_file)
	83	+def log_inaccessible_copyfrom(sbox):
	84	+ "log doesn't leak inaccessible copyfrom paths"
	85	+
	86	+ sbox.build(empty=True)
	87	+ sbox.simple_add_text('secret', 'private')
	88	+ sbox.simple_commit(message='log message for r1')
	89	+ sbox.simple_copy('private', 'public')
	90	+ sbox.simple_commit(message='log message for r2')
	91	+
	92	+ svntest.actions.enable_revprop_changes(sbox.repo_dir)
	93	+ # Remove svn:date and svn:author for predictable output.
	94	+ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
	95	+ '-r2', 'svn:date', sbox.repo_url)
	96	+ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
	97	+ '-r2', 'svn:author', sbox.repo_url)
	98	+
	99	+ write_restrictive_svnserve_conf(sbox.repo_dir)
	100	+
	101	+ # First test with blanket access.
	102	+ write_authz_file(sbox,
	103	+ {"/" : "* = rw"})
	104	+ expected_output = svntest.verify.ExpectedOutput([
	105	+ "------------------------------------------------------------------------\n",
	106	+ "r2 \| (no author) \| (no date) \| 1 line\n",
	107	+ "Changed paths:\n",
	108	+ " A /public (from /private:1)\n",
	109	+ "\n",
	110	+ "log message for r2\n",
	111	+ "------------------------------------------------------------------------\n",
	112	+ ])
	113	+ svntest.actions.run_and_verify_svn(expected_output, [],
	114	+ 'log', '-r2', '-v',
	115	+ sbox.repo_url)
	116	+
	117	+ # Now test with an inaccessible copy source (/private).
	118	+ write_authz_file(sbox,
	119	+ {"/" : "* = rw"},
	120	+ {"/private" : "* ="})
	121	+ expected_output = svntest.verify.ExpectedOutput([
	122	+ "------------------------------------------------------------------------\n",
	123	+ "r2 \| (no author) \| (no date) \| 1 line\n",
	124	+ "Changed paths:\n",
	125	+ # The copy is shown as a plain add with no copyfrom info.
	126	+ " A /public\n",
	127	+ "\n",
	128	+ # No log message, as the revision is only partially visible.
	129	+ "\n",
	130	+ "------------------------------------------------------------------------\n",
	131	+ ])
	132	+ svntest.actions.run_and_verify_svn(expected_output, [],
	133	+ 'log', '-r2', '-v',
	134	+ sbox.repo_url)
	135	+
	136
	137	########################################################################
	138	# Run the tests
	139	@@ -1771,6 +1825,7 @@ def empty_group(sbox):
	140	inverted_group_membership,
	141	group_member_empty_string,
	142	empty_group,
	143	+ log_inaccessible_copyfrom,
	144	]
	145	serial_only = True
	146