mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-20 00:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

subversion: fix CVE-2021-28544

Browse Source 
(From OE-Core rev: 7fdd4d2dc019071525349fbb153e2e80f6583217)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Lee Chee Yang
2022-09-21 15:18:36 +08:00
committed by Richard Purdie
parent f9a63709b0
commit a8ee7ba022
2 changed files with 147 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
meta/recipes-devtools/subversion/subversion/CVE-2021-28544.patch Normal file
View File

@@ -0,0 +1,146 @@
From 61382fd8ea66000bd9ee8e203a6eab443220ee40 Mon Sep 17 00:00:00 2001
From: Nathan Hartman <hartmannathan@apache.org>
Date: Sun, 27 Mar 2022 05:59:18 +0000
Subject: [PATCH] On the 1.14.x-r1899227 branch: Merge r1899227 from trunk
w/testlist variation
git-svn-id: https://svn.apache.org/repos/asf/subversion/branches/1.14.x-r1899227@1899229 13f79535-47bb-0310-9956-ffa450edef68
CVE: CVE-2021-28544 [https://github.com/apache/subversion/commit/61382fd8ea66000bd9ee8e203a6eab443220ee40]
Upstream-Status: Backport
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
subversion/libsvn_repos/log.c | 26 +++++-------
subversion/tests/cmdline/authz_tests.py | 55 +++++++++++++++++++++++++
2 files changed, 65 insertions(+), 16 deletions(-)
diff --git a/subversion/libsvn_repos/log.c b/subversion/libsvn_repos/log.c
index d9a1fb1085e16..41ca8aed27174 100644
--- a/subversion/libsvn_repos/log.c
+++ b/subversion/libsvn_repos/log.c
@@ -337,42 +337,36 @@ detect_changed(svn_repos_revision_access_level_t *access_level,
if ( (change->change_kind == svn_fs_path_change_add)
|| (change->change_kind == svn_fs_path_change_replace))
{
- const char *copyfrom_path = change->copyfrom_path;
- svn_revnum_t copyfrom_rev = change->copyfrom_rev;
-
/* the following is a potentially expensive operation since on FSFS
we will follow the DAG from ROOT to PATH and that requires
actually reading the directories along the way. */
if (!change->copyfrom_known)
{
- SVN_ERR(svn_fs_copied_from(&copyfrom_rev, &copyfrom_path,
+ SVN_ERR(svn_fs_copied_from(&change->copyfrom_rev, &change->copyfrom_path,
root, path, iterpool));
change->copyfrom_known = TRUE;
}
- if (copyfrom_path && SVN_IS_VALID_REVNUM(copyfrom_rev))
+ if (change->copyfrom_path && SVN_IS_VALID_REVNUM(change->copyfrom_rev))
{
- svn_boolean_t readable = TRUE;
-
if (callbacks->authz_read_func)
{
svn_fs_root_t *copyfrom_root;
+ svn_boolean_t readable;
SVN_ERR(svn_fs_revision_root(&copyfrom_root, fs,
- copyfrom_rev, iterpool));
+ change->copyfrom_rev, iterpool));
SVN_ERR(callbacks->authz_read_func(&readable,
copyfrom_root,
- copyfrom_path,
+ change->copyfrom_path,
callbacks->authz_read_baton,
iterpool));
if (! readable)
- found_unreadable = TRUE;
- }
-
- if (readable)
- {
- change->copyfrom_path = copyfrom_path;
- change->copyfrom_rev = copyfrom_rev;
+ {
+ found_unreadable = TRUE;
+ change->copyfrom_path = NULL;
+ change->copyfrom_rev = SVN_INVALID_REVNUM;
+ }
}
}
}
diff --git a/subversion/tests/cmdline/authz_tests.py b/subversion/tests/cmdline/authz_tests.py
index 760cb3663d02f..92e8a5e1935c9 100755
--- a/subversion/tests/cmdline/authz_tests.py
+++ b/subversion/tests/cmdline/authz_tests.py
@@ -1731,6 +1731,60 @@ def empty_group(sbox):
'--username', svntest.main.wc_author,
sbox.repo_url)
+@Skip(svntest.main.is_ra_type_file)
+def log_inaccessible_copyfrom(sbox):
+ "log doesn't leak inaccessible copyfrom paths"
+
+ sbox.build(empty=True)
+ sbox.simple_add_text('secret', 'private')
+ sbox.simple_commit(message='log message for r1')
+ sbox.simple_copy('private', 'public')
+ sbox.simple_commit(message='log message for r2')
+
+ svntest.actions.enable_revprop_changes(sbox.repo_dir)
+ # Remove svn:date and svn:author for predictable output.
+ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
+ '-r2', 'svn:date', sbox.repo_url)
+ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
+ '-r2', 'svn:author', sbox.repo_url)
+
+ write_restrictive_svnserve_conf(sbox.repo_dir)
+
+ # First test with blanket access.
+ write_authz_file(sbox,
+ {"/" : "* = rw"})
+ expected_output = svntest.verify.ExpectedOutput([
+ "------------------------------------------------------------------------\n",
+ "r2 | (no author) | (no date) | 1 line\n",
+ "Changed paths:\n",
+ " A /public (from /private:1)\n",
+ "\n",
+ "log message for r2\n",
+ "------------------------------------------------------------------------\n",
+ ])
+ svntest.actions.run_and_verify_svn(expected_output, [],
+ 'log', '-r2', '-v',
+ sbox.repo_url)
+
+ # Now test with an inaccessible copy source (/private).
+ write_authz_file(sbox,
+ {"/" : "* = rw"},
+ {"/private" : "* ="})
+ expected_output = svntest.verify.ExpectedOutput([
+ "------------------------------------------------------------------------\n",
+ "r2 | (no author) | (no date) | 1 line\n",
+ "Changed paths:\n",
+ # The copy is shown as a plain add with no copyfrom info.
+ " A /public\n",
+ "\n",
+ # No log message, as the revision is only partially visible.
+ "\n",
+ "------------------------------------------------------------------------\n",
+ ])
+ svntest.actions.run_and_verify_svn(expected_output, [],
+ 'log', '-r2', '-v',
+ sbox.repo_url)
+
########################################################################
# Run the tests
@@ -1771,6 +1825,7 @@ def empty_group(sbox):
inverted_group_membership,
group_member_empty_string,
empty_group,
+ log_inaccessible_copyfrom,
]
serial_only = True

1
meta/recipes-devtools/subversion/subversion_1.13.0.bb
View File

@@ -13,6 +13,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0001-Fix-libtool-name-in-configure.ac.patch \
file://serfmacro.patch \
file://CVE-2020-17525.patch \
file://CVE-2021-28544.patch \
"
SRC_URI[md5sum] = "3004b4dae18bf45a0b6ea4ef8820064d"