packages/subversion
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:844ab4ece4fcbb40cb5d248e223fd8987456ffc9
Branches Tags
packages:main
...
compare: packages:60a467b6c2134215bb05cf68e3f68cf432ab0950
Branches Tags
packages:main

10 Commits
844ab4ece4 ... 60a467b6c2

Author SHA1 Message Date
openeuler-ci-bot
60a467b6c2
!64 fix CVE-2024-46901 
From: @fly_fzc 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-12-09 08:39:53 +00:00
fly_fzc
6c73d38287 fix CVE-2024-46901 2024-12-09 11:07:03 +08:00
openeuler-ci-bot
994d3649ec
!58 fix CVE-2024-45720 
From: @fly_fzc 
Reviewed-by: @gaoruoshu 
Signed-off-by: @gaoruoshu
 2024-10-18 06:55:57 +00:00
fly_fzc
b1a4548827 fix CVE-2024-45720 2024-10-09 10:41:34 +08:00
openeuler-ci-bot
7dfb2f5ff5
!50 移除 help子包中不规范的Requires 
From: @fly_fzc 
Reviewed-by: @gaoruoshu 
Signed-off-by: @gaoruoshu
 2024-04-09 08:32:12 +00:00
fly_fzc
5cca26051e Remove non-standard requires from the help subpackage 2024-04-08 09:07:00 +08:00
openeuler-ci-bot
b6a8c15d21
!29 Fix compile warning: LICENSE and NOTICE files are repeat packed 
From: @fly_fzc 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2023-02-03 03:33:36 +00:00
fly_fzc
fd08d377b7 Fix compile warning: LICENSE and NOTICE files are repeat packed 2023-02-03 09:47:01 +08:00
openeuler-ci-bot
b80907a77b
!23 fix CVE-2021-28544 CVE-2022-24070 
From: @panxh_purple 
Reviewed-by: @xiezhipeng1 
Signed-off-by: @xiezhipeng1
 2022-04-24 07:52:49 +00:00
panxiaohe
c9ac8e9c11 fix CVE-2021-28544 CVE-2022-24070 2022-04-22 11:53:16 +08:00
5 changed files with 1264 additions and 4 deletions
Show Stats Expand all files Collapse all files

138
backport-CVE-2021-28544.patch Normal file
View File

@ -0,0 +1,138 @@
Description: Subversion servers reveal 'copyfrom' paths that should be hidden
according to configured path-based authorization (authz) rules. When a node
has been copied from a protected location, users with access to the copy can
see the 'copyfrom' path of the original. This also reveals the fact that the
node was copied. Only the 'copyfrom' path is revealed; not its contents. Both
httpd and svnserve servers are vulnerable.
Author: Stefan Sperling <stsp@apache.org>
Origin: upstream
Last-Update: 2022-04-04
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/subversion/libsvn_repos/log.c
+++ b/subversion/libsvn_repos/log.c
@@ -337,42 +337,36 @@ detect_changed(svn_repos_revision_access
if ( (change->change_kind == svn_fs_path_change_add)
|| (change->change_kind == svn_fs_path_change_replace))
{
- const char *copyfrom_path = change->copyfrom_path;
- svn_revnum_t copyfrom_rev = change->copyfrom_rev;
-
/* the following is a potentially expensive operation since on FSFS
we will follow the DAG from ROOT to PATH and that requires
actually reading the directories along the way. */
if (!change->copyfrom_known)
{
- SVN_ERR(svn_fs_copied_from(&copyfrom_rev, &copyfrom_path,
+ SVN_ERR(svn_fs_copied_from(&change->copyfrom_rev, &change->copyfrom_path,
root, path, iterpool));
change->copyfrom_known = TRUE;
}
- if (copyfrom_path && SVN_IS_VALID_REVNUM(copyfrom_rev))
+ if (change->copyfrom_path && SVN_IS_VALID_REVNUM(change->copyfrom_rev))
{
- svn_boolean_t readable = TRUE;
-
if (callbacks->authz_read_func)
{
svn_fs_root_t *copyfrom_root;
+ svn_boolean_t readable;
SVN_ERR(svn_fs_revision_root(&copyfrom_root, fs,
- copyfrom_rev, iterpool));
+ change->copyfrom_rev, iterpool));
SVN_ERR(callbacks->authz_read_func(&readable,
copyfrom_root,
- copyfrom_path,
+ change->copyfrom_path,
callbacks->authz_read_baton,
iterpool));
if (! readable)
- found_unreadable = TRUE;
- }
-
- if (readable)
- {
- change->copyfrom_path = copyfrom_path;
- change->copyfrom_rev = copyfrom_rev;
+ {
+ found_unreadable = TRUE;
+ change->copyfrom_path = NULL;
+ change->copyfrom_rev = SVN_INVALID_REVNUM;
+ }
}
}
}
--- subversion-1.13.0.orig/subversion/tests/cmdline/authz_tests.py
+++ subversion-1.13.0/subversion/tests/cmdline/authz_tests.py
@@ -1524,6 +1524,61 @@ def authz_del_from_subdir(sbox):
'rm', sbox.repo_url + '/A/mu',
'-m', '')
+# test for the bug also known as CVE-2021-28544
+@Skip(svntest.main.is_ra_type_file)
+def log_inaccessible_copyfrom(sbox):
+ "log doesn't leak inaccessible copyfrom paths"
+
+ sbox.build(empty=True)
+ sbox.simple_add_text('secret', 'private')
+ sbox.simple_commit(message='log message for r1')
+ sbox.simple_copy('private', 'public')
+ sbox.simple_commit(message='log message for r2')
+
+ svntest.actions.enable_revprop_changes(sbox.repo_dir)
+ # Remove svn:date and svn:author for predictable output.
+ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
+ '-r2', 'svn:date', sbox.repo_url)
+ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
+ '-r2', 'svn:author', sbox.repo_url)
+
+ write_restrictive_svnserve_conf(sbox.repo_dir)
+
+ # First test with blanket access.
+ write_authz_file(sbox,
+ {"/" : "* = rw"})
+ expected_output = svntest.verify.ExpectedOutput([
+ "------------------------------------------------------------------------\n",
+ "r2 | (no author) | (no date) | 1 line\n",
+ "Changed paths:\n",
+ " A /public (from /private:1)\n",
+ "\n",
+ "log message for r2\n",
+ "------------------------------------------------------------------------\n",
+ ])
+ svntest.actions.run_and_verify_svn(expected_output, [],
+ 'log', '-r2', '-v',
+ sbox.repo_url)
+
+ # Now test with an inaccessible copy source (/private).
+ write_authz_file(sbox,
+ {"/" : "* = rw"},
+ {"/private" : "* ="})
+ expected_output = svntest.verify.ExpectedOutput([
+ "------------------------------------------------------------------------\n",
+ "r2 | (no author) | (no date) | 1 line\n",
+ "Changed paths:\n",
+ # The copy is shown as a plain add with no copyfrom info.
+ " A /public\n",
+ "\n",
+ # No log message, as the revision is only partially visible.
+ "\n",
+ "------------------------------------------------------------------------\n",
+ ])
+ svntest.actions.run_and_verify_svn(expected_output, [],
+ 'log', '-r2', '-v',
+ sbox.repo_url)
+
@SkipUnless(svntest.main.is_ra_type_dav) # dontdothat is dav only
def log_diff_dontdothat(sbox):
@@ -1771,6 +1826,7 @@ test_list = [ None,
inverted_group_membership,
group_member_empty_string,
empty_group,
+ log_inaccessible_copyfrom,
]
serial_only = True

61
backport-CVE-2022-24070.patch Normal file
View File

@ -0,0 +1,61 @@
Description: Fix issue #4880 "Use-after-free of object-pools when used as httpd module"
Ensure that we initialize authz again if the pool which our authz
caches depend on is cleared. Apache HTTPD may run pre/post config
hooks multiple times and clear its global configuration pool which
our authz caching pools depend on.
Reported-by: Thomas Weißschuh (thomas {at} t-8ch dot de)
Thomas has also confirmed that this patch fixes the problem.
* subversion/libsvn_repos/authz.c
(deinit_authz): New pool cleanup handler which resets authz initialization
in case the parent pool of our authz caches is cleared.
(synchronized_authz_initialize): Register new pool cleanup handler.
Author: Stefan Sperling <stsp@apache.org>
Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1894734
Bug: https://issues.apache.org/jira/browse/SVN-4880
Last-Update: 2022-04-04
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/subversion/libsvn_repos/authz.c
+++ b/subversion/libsvn_repos/authz.c
@@ -130,6 +130,30 @@
static svn_object_pool__t *filtered_pool = NULL;
static svn_atomic_t authz_pool_initialized = FALSE;
+/*
+ * Ensure that we will initialize authz again if the pool which
+ * our authz caches depend on is cleared.
+ *
+ * HTTPD may run pre/post config hooks multiple times and clear
+ * its global configuration pool which our authz pools depend on.
+ * This happens in a non-threaded context during HTTPD's intialization
+ * and HTTPD's main loop, so it is safe to reset static variables here.
+ * (And any applications which cleared this pool while SVN threads
+ * were running would crash no matter what.)
+ *
+ * See issue #4880, "Use-after-free of object-pools in
+ * subversion/libsvn_repos/authz.c when used as httpd module"
+ */
+static apr_status_t
+deinit_authz(void *data)
+{
+ /* The two object pools run their own cleanup handlers. */
+ authz_pool = NULL;
+ filtered_pool = NULL;
+ authz_pool_initialized = FALSE;
+ return APR_SUCCESS;
+}
+
/* Implements svn_atomic__err_init_func_t. */
static svn_error_t *
synchronized_authz_initialize(void *baton, apr_pool_t *pool)
@@ -143,6 +167,7 @@
SVN_ERR(svn_object_pool__create(&authz_pool, multi_threaded, pool));
SVN_ERR(svn_object_pool__create(&filtered_pool, multi_threaded, pool));
+ apr_pool_cleanup_register(pool, NULL, deinit_authz, apr_pool_cleanup_null);
return SVN_NO_ERROR;
}

805
backport-CVE-2024-45720.patch Normal file
View File

@ -0,0 +1,805 @@
From df2748f7e2a973c67b0dd338bbe27d2d92a55130 Mon Sep 17 00:00:00 2001
From: Stefan Sperling <stsp@apache.org>
Date: Tue, 8 Oct 2024 09:16:50 +0000
Subject: [PATCH] Committing the fix for CVE-2024-45720 to trunk.
(detailed log message remains to be filled in here)
Patch by: kotkov, jun66j5
git-svn-id: https://svn.apache.org/repos/asf/subversion/trunk@1921181 13f79535-47bb-0310-9956-ffa450edef68
---
build.conf | 4 +-
.../include/private/svn_cmdline_private.h | 28 +++++++++
subversion/libsvn_subr/cmdline.c | 57 +++++++++++++++++++
subversion/svn/svn.c | 10 +++-
subversion/svnadmin/svnadmin.c | 10 +++-
subversion/svnbench/svnbench.c | 10 +++-
subversion/svndumpfilter/svndumpfilter.c | 10 +++-
subversion/svnfsfs/svnfsfs.c | 10 +++-
subversion/svnlook/svnlook.c | 10 +++-
subversion/svnmucc/svnmucc.c | 10 +++-
subversion/svnrdump/svnrdump.c | 10 +++-
subversion/svnserve/svnserve.c | 11 +++-
subversion/svnsync/svnsync.c | 10 +++-
subversion/svnversion/svnversion.c | 10 +++-
.../svn-mergeinfo-normalizer.c | 10 +++-
tools/client-side/svnconflict/svnconflict.c | 10 +++-
.../svnraisetreeconflict.c | 10 +++-
tools/dev/wc-ng/svn-wc-db-tester.c | 10 +++-
tools/server-side/svnauthz.c | 12 +++-
19 files changed, 217 insertions(+), 35 deletions(-)
diff --git a/build.conf b/build.conf
index 1402000743..3dbb8db50b 100644
--- a/build.conf
+++ b/build.conf
@@ -150,7 +150,7 @@ libs = libsvn_client libsvn_wc libsvn_ra libsvn_delta libsvn_diff libsvn_subr
apriconv apr
manpages = subversion/svn/svn.1
install = bin
-msvc-libs = setargv.obj
+msvc-libs = wsetargv.obj
# The subversion repository administration tool
[svnadmin]
@@ -160,7 +160,7 @@ path = subversion/svnadmin
install = bin
manpages = subversion/svnadmin/svnadmin.1
libs = libsvn_repos libsvn_fs libsvn_delta libsvn_subr apriconv apr
-msvc-libs = setargv.obj
+msvc-libs = wsetargv.obj
# The subversion repository dump filtering tool
[svndumpfilter]
diff --git a/subversion/include/private/svn_cmdline_private.h b/subversion/include/private/svn_cmdline_private.h
index ac5fb7b079..aa8bb7bcca 100644
--- a/subversion/include/private/svn_cmdline_private.h
+++ b/subversion/include/private/svn_cmdline_private.h
@@ -278,6 +278,34 @@ svn_cmdline__stdin_readline(const char **result,
apr_pool_t *result_pool,
apr_pool_t *scratch_pool);
+#if defined(WIN32)
+/* Normalizes Windows-specific command line arguments, such as those passed
+ to wmain(), to the environment-specific code page. */
+svn_error_t *
+svn_cmdline__win32_get_cstring_argv(const char **cstring_argv_p[],
+ int argc,
+ const wchar_t *argv[],
+ apr_pool_t *result_pool);
+#endif
+
+/* Default platform-agnostic handler that normalizes command line arguments
+ to the environment-specific code page. */
+svn_error_t *
+svn_cmdline__default_get_cstring_argv(const char **cstring_argv_p[],
+ int argc,
+ const char *argv[],
+ apr_pool_t *result_pool);
+
+#if defined(WIN32) && defined(_MSC_VER)
+typedef wchar_t svn_cmdline__argv_char_t;
+#define SVN_CMDLINE__MAIN wmain
+#define svn_cmdline__get_cstring_argv svn_cmdline__win32_get_cstring_argv
+#else
+typedef char svn_cmdline__argv_char_t;
+#define SVN_CMDLINE__MAIN main
+#define svn_cmdline__get_cstring_argv svn_cmdline__default_get_cstring_argv
+#endif
+
#ifdef __cplusplus
}
#endif /* __cplusplus */
diff --git a/subversion/libsvn_subr/cmdline.c b/subversion/libsvn_subr/cmdline.c
index 6bfc68b3b5..307f0bb865 100644
--- a/subversion/libsvn_subr/cmdline.c
+++ b/subversion/libsvn_subr/cmdline.c
@@ -1898,3 +1898,60 @@ svn_cmdline__cancellation_exit(void)
#endif
}
}
+
+#if defined(WIN32)
+
+svn_error_t *
+svn_cmdline__win32_get_cstring_argv(const char **cstring_argv_p[],
+ int argc,
+ const wchar_t *argv[],
+ apr_pool_t *result_pool)
+{
+ apr_array_header_t *cstring_argv;
+ int i;
+
+ cstring_argv = apr_array_make(result_pool, argc + 1, sizeof(const char *));
+
+ for (i = 0; i < argc; i++)
+ {
+ const wchar_t *arg = argv[i];
+ char *cstring_arg;
+ int rv;
+
+ /* Passing -1 for the string length guarantees that the returned length
+ will account for a terminating null character. */
+ rv = WideCharToMultiByte(CP_ACP, 0, arg, -1, NULL, 0, NULL, NULL);
+ if (rv <= 0)
+ {
+ return svn_error_wrap_apr(apr_get_os_error(),
+ _("Conversion from UTF-16 failed"));
+ }
+
+ cstring_arg = apr_palloc(result_pool, rv);
+ rv = WideCharToMultiByte(CP_ACP, 0, arg, -1, cstring_arg, rv, NULL, NULL);
+ if (rv <= 0)
+ {
+ return svn_error_wrap_apr(apr_get_os_error(),
+ _("Conversion from UTF-16 failed"));
+ }
+
+ APR_ARRAY_PUSH(cstring_argv, const char *) = cstring_arg;
+ }
+
+ APR_ARRAY_PUSH(cstring_argv, const char *) = NULL;
+
+ *cstring_argv_p = (const char **)cstring_argv->elts;
+ return SVN_NO_ERROR;
+}
+
+#endif
+
+svn_error_t *
+svn_cmdline__default_get_cstring_argv(const char **cstring_argv_p[],
+ int argc,
+ const char *argv[],
+ apr_pool_t *result_pool)
+{
+ *cstring_argv_p = argv;
+ return SVN_NO_ERROR;
+}
diff --git a/subversion/svn/svn.c b/subversion/svn/svn.c
index 79a4f3b0f9..46c6327aba 100644
--- a/subversion/svn/svn.c
+++ b/subversion/svn/svn.c
@@ -2200,7 +2200,10 @@ parse_compatible_version(svn_cl__opt_state_t* opt_state,
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
svn_error_t *err;
int opt_id;
@@ -2226,12 +2229,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
apr_hash_t *cfg_hash;
svn_membuf_t buf;
svn_boolean_t read_pass_from_stdin = FALSE;
+ const char **argv;
received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
#if defined(WIN32) || defined(__CYGWIN__)
/* Set the working copy administrative directory name. */
if (getenv("SVN_ASP_DOT_NET_HACK"))
@@ -3444,7 +3450,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/subversion/svnadmin/svnadmin.c b/subversion/svnadmin/svnadmin.c
index 25650cb7db..d54d3925b6 100644
--- a/subversion/svnadmin/svnadmin.c
+++ b/subversion/svnadmin/svnadmin.c
@@ -3053,7 +3053,10 @@ subcommand_build_repcache(apr_getopt_t *os, void *baton, apr_pool_t *pool)
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
svn_error_t *err;
apr_status_t apr_err;
@@ -3065,12 +3068,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
apr_array_header_t *received_opts;
int i;
svn_boolean_t dash_F_arg = FALSE;
+ const char **argv;
received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
/* Initialize the FS library. */
SVN_ERR(svn_fs_initialize(pool));
@@ -3450,7 +3456,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/subversion/svnbench/svnbench.c b/subversion/svnbench/svnbench.c
index 4326edbfa7..3be98eeac7 100644
--- a/subversion/svnbench/svnbench.c
+++ b/subversion/svnbench/svnbench.c
@@ -386,7 +386,10 @@ add_search_pattern_group(svn_cl__opt_state_t *opt_state,
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
svn_error_t *err;
int opt_id;
@@ -405,6 +408,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
ra_progress_baton_t ra_progress_baton = {0};
svn_membuf_t buf;
svn_boolean_t read_pass_from_stdin = FALSE;
+ const char **argv;
received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
@@ -414,6 +418,8 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
#if defined(WIN32) || defined(__CYGWIN__)
/* Set the working copy administrative directory name. */
if (getenv("SVN_ASP_DOT_NET_HACK"))
@@ -979,7 +985,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/subversion/svndumpfilter/svndumpfilter.c b/subversion/svndumpfilter/svndumpfilter.c
index a948b3a4ce..272303be3c 100644
--- a/subversion/svndumpfilter/svndumpfilter.c
+++ b/subversion/svndumpfilter/svndumpfilter.c
@@ -1291,7 +1291,10 @@ subcommand_include(apr_getopt_t *os, void *baton, apr_pool_t *pool)
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
svn_error_t *err;
apr_status_t apr_err;
@@ -1302,10 +1305,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
int opt_id;
apr_array_header_t *received_opts;
int i;
+ const char **argv;
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
/* Initialize the FS library. */
@@ -1564,7 +1570,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/subversion/svnfsfs/svnfsfs.c b/subversion/svnfsfs/svnfsfs.c
index 6fcb792cc5..1ff49fa9d2 100644
--- a/subversion/svnfsfs/svnfsfs.c
+++ b/subversion/svnfsfs/svnfsfs.c
@@ -228,7 +228,10 @@ subcommand__help(apr_getopt_t *os, void *baton, apr_pool_t *pool)
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
svn_error_t *err;
apr_status_t apr_err;
@@ -239,12 +242,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
int opt_id;
apr_array_header_t *received_opts;
int i;
+ const char **argv;
received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
/* Initialize the FS library. */
SVN_ERR(svn_fs_initialize(pool));
@@ -473,7 +479,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/subversion/svnlook/svnlook.c b/subversion/svnlook/svnlook.c
index 59bd0f9c0a..3035783920 100644
--- a/subversion/svnlook/svnlook.c
+++ b/subversion/svnlook/svnlook.c
@@ -2466,7 +2466,10 @@ subcommand_uuid(apr_getopt_t *os, void *baton, apr_pool_t *pool)
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
svn_error_t *err;
apr_status_t apr_err;
@@ -2477,12 +2480,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
int opt_id;
apr_array_header_t *received_opts;
int i;
+ const char **argv;
received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
/* Initialize the FS library. */
SVN_ERR(svn_fs_initialize(pool));
@@ -2850,7 +2856,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/subversion/svnmucc/svnmucc.c b/subversion/svnmucc/svnmucc.c
index c3e9d26ac5..3cf5dc38ea 100644
--- a/subversion/svnmucc/svnmucc.c
+++ b/subversion/svnmucc/svnmucc.c
@@ -467,7 +467,10 @@ log_message_func(const char **log_msg,
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
apr_array_header_t *actions = apr_array_make(pool, 1,
sizeof(struct action *));
@@ -533,10 +536,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
struct log_message_baton lmb;
int i;
svn_boolean_t read_pass_from_stdin = FALSE;
+ const char **argv;
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
/* Initialize the RA library. */
SVN_ERR(svn_ra_initialize(pool));
@@ -980,7 +986,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/subversion/svnrdump/svnrdump.c b/subversion/svnrdump/svnrdump.c
index 500a5f9ea3..aa88b4f0af 100644
--- a/subversion/svnrdump/svnrdump.c
+++ b/subversion/svnrdump/svnrdump.c
@@ -784,7 +784,10 @@ validate_and_resolve_revisions(opt_baton_t *opt_baton,
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
svn_error_t *err = SVN_NO_ERROR;
const svn_opt_subcommand_desc3_t *subcommand = NULL;
@@ -806,6 +809,9 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
apr_array_header_t *received_opts;
int i;
svn_boolean_t read_pass_from_stdin = FALSE;
+ const char **argv;
+
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
opt_baton = apr_pcalloc(pool, sizeof(*opt_baton));
opt_baton->start_revision.kind = svn_opt_revision_unspecified;
@@ -1155,7 +1161,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/subversion/svnserve/svnserve.c b/subversion/svnserve/svnserve.c
index a69155fa74..1cdb751b30 100644
--- a/subversion/svnserve/svnserve.c
+++ b/subversion/svnserve/svnserve.c
@@ -721,7 +721,10 @@ check_lib_versions(void)
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
enum run_mode run_mode = run_mode_unspecified;
svn_boolean_t foreground = FALSE;
@@ -760,6 +763,8 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
svn_node_kind_t kind;
apr_size_t min_thread_count = THREADPOOL_MIN_SIZE;
apr_size_t max_thread_count = THREADPOOL_MAX_SIZE;
+ const char **argv;
+
#ifdef SVN_HAVE_SASL
SVN_ERR(cyrus_init(pool));
#endif
@@ -767,6 +772,8 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
/* Initialize the FS library. */
SVN_ERR(svn_fs_initialize(pool));
@@ -1422,7 +1429,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/subversion/svnsync/svnsync.c b/subversion/svnsync/svnsync.c
index 7c1c0efbf7..12b1c989e1 100644
--- a/subversion/svnsync/svnsync.c
+++ b/subversion/svnsync/svnsync.c
@@ -1963,7 +1963,10 @@ help_cmd(apr_getopt_t *os, void *baton, apr_pool_t *pool)
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
const svn_opt_subcommand_desc3_t *subcommand = NULL;
apr_array_header_t *received_opts;
@@ -1978,10 +1981,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
apr_array_header_t *config_options = NULL;
const char *source_prop_encoding = NULL;
svn_boolean_t force_interactive = FALSE;
+ const char **argv;
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
SVN_ERR(svn_ra_initialize(pool));
/* Initialize the option baton. */
@@ -2402,7 +2408,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/subversion/svnversion/svnversion.c b/subversion/svnversion/svnversion.c
index da65800467..111db531fd 100644
--- a/subversion/svnversion/svnversion.c
+++ b/subversion/svnversion/svnversion.c
@@ -124,7 +124,10 @@ check_lib_versions(void)
* program. Obviously we don't want to have to run svn when building svn.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
const char *wc_path, *trail_url;
const char *local_abspath;
@@ -146,10 +149,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
N_("no progress (only errors) to stderr")},
{0, 0, 0, 0}
};
+ const char **argv;
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
#if defined(WIN32) || defined(__CYGWIN__)
/* Set the working copy administrative directory name. */
if (getenv("SVN_ASP_DOT_NET_HACK"))
@@ -289,7 +295,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c b/tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c
index 529621bf7e..1973c6ea3d 100644
--- a/tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c
+++ b/tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c
@@ -408,7 +408,10 @@ svn_min__check_cancel(void *baton)
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
svn_error_t *err;
int opt_id;
@@ -425,12 +428,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
svn_boolean_t force_interactive = FALSE;
apr_hash_t *cfg_hash;
svn_boolean_t read_pass_from_stdin = FALSE;
+ const char **argv;
received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
#if defined(WIN32) || defined(__CYGWIN__)
/* Set the working copy administrative directory name. */
if (getenv("SVN_ASP_DOT_NET_HACK"))
@@ -946,7 +952,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/tools/client-side/svnconflict/svnconflict.c b/tools/client-side/svnconflict/svnconflict.c
index 572e0f1c72..be934f23c4 100644
--- a/tools/client-side/svnconflict/svnconflict.c
+++ b/tools/client-side/svnconflict/svnconflict.c
@@ -632,7 +632,10 @@ svnconflict_resolve_tree(apr_getopt_t *os, void *baton, apr_pool_t *pool)
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
svn_error_t *err;
int opt_id;
@@ -647,12 +650,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
svn_config_t *cfg_config;
apr_hash_t *cfg_hash;
svn_boolean_t read_pass_from_stdin = FALSE;
+ const char **argv;
received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
#if defined(WIN32) || defined(__CYGWIN__)
/* Set the working copy administrative directory name. */
if (getenv("SVN_ASP_DOT_NET_HACK"))
@@ -949,7 +955,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/tools/dev/svnraisetreeconflict/svnraisetreeconflict.c b/tools/dev/svnraisetreeconflict/svnraisetreeconflict.c
index a68b5d2d8e..784c9bd8e9 100644
--- a/tools/dev/svnraisetreeconflict/svnraisetreeconflict.c
+++ b/tools/dev/svnraisetreeconflict/svnraisetreeconflict.c
@@ -302,7 +302,10 @@ check_lib_versions(void)
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
apr_getopt_t *os;
const apr_getopt_option_t options[] =
@@ -313,10 +316,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
{0, 0, 0, 0}
};
apr_array_header_t *remaining_argv;
+ const char **argv;
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
#if defined(WIN32) || defined(__CYGWIN__)
/* Set the working copy administrative directory name. */
if (getenv("SVN_ASP_DOT_NET_HACK"))
@@ -383,7 +389,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/tools/dev/wc-ng/svn-wc-db-tester.c b/tools/dev/wc-ng/svn-wc-db-tester.c
index ba63b63680..43cb6b0764 100644
--- a/tools/dev/wc-ng/svn-wc-db-tester.c
+++ b/tools/dev/wc-ng/svn-wc-db-tester.c
@@ -156,7 +156,10 @@ check_lib_versions(void)
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
apr_getopt_t *os;
const apr_getopt_option_t options[] =
@@ -167,10 +170,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
{0, 0, 0, 0}
};
apr_array_header_t *remaining_argv;
+ const char **argv;
/* Check library versions */
SVN_ERR(check_lib_versions());
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+
#if defined(WIN32) || defined(__CYGWIN__)
/* Set the working copy administrative directory name. */
if (getenv("SVN_ASP_DOT_NET_HACK"))
@@ -237,7 +243,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
diff --git a/tools/server-side/svnauthz.c b/tools/server-side/svnauthz.c
index 310757ca46..94d28cc4be 100644
--- a/tools/server-side/svnauthz.c
+++ b/tools/server-side/svnauthz.c
@@ -490,7 +490,10 @@ canonicalize_access_file(const char **canonicalized_access_file,
* return SVN_NO_ERROR.
*/
static svn_error_t *
-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+sub_main(int *exit_code,
+ int argc,
+ const svn_cmdline__argv_char_t *cmdline_argv[],
+ apr_pool_t *pool)
{
svn_error_t *err;
@@ -499,6 +502,9 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
apr_getopt_t *os;
apr_array_header_t *received_opts;
int i;
+ const char **argv;
+
+ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
/* Initialize the FS library. */
SVN_ERR(svn_fs_initialize(pool));
@@ -752,14 +758,14 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
}
int
-main(int argc, const char *argv[])
+SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
{
apr_pool_t *pool;
int exit_code = EXIT_SUCCESS;
svn_error_t *err;
/* Initialize the app. Send all error messages to 'stderr'. */
- if (svn_cmdline_init(argv[0], stderr) != EXIT_SUCCESS)
+ if (svn_cmdline_init("svnauthz", stderr) != EXIT_SUCCESS)
return EXIT_FAILURE;
pool = svn_pool_create(NULL);
--
2.33.0

239
backport-CVE-2024-46901.patch Normal file
View File

@ -0,0 +1,239 @@
From 953982c839d91366b9591f00a5d1e5abb431c9bd Mon Sep 17 00:00:00 2001
From: Daniel Sahlberg <dsahlberg@apache.org>
Date: Sun, 8 Dec 2024 23:49:59 +0000
Subject: [PATCH] Commit the patches for CVE-2024-46901
TODO: Pls help me update the log message
git-svn-id: https://svn.apache.org/repos/asf/subversion/trunk@1922383 13f79535-47bb-0310-9956-ffa450edef68
---
.../include/private/svn_repos_private.h | 8 +++
subversion/libsvn_repos/commit.c | 3 +-
subversion/libsvn_repos/repos.c | 10 +++
subversion/mod_dav_svn/lock.c | 7 +++
subversion/mod_dav_svn/repos.c | 30 +++++++++
subversion/tests/cmdline/mod_dav_svn_tests.py | 62 +++++++++++++++++++
6 files changed, 118 insertions(+), 2 deletions(-)
diff --git a/subversion/include/private/svn_repos_private.h b/subversion/include/private/svn_repos_private.h
index 5faaab6485..f80100ac56 100644
--- a/subversion/include/private/svn_repos_private.h
+++ b/subversion/include/private/svn_repos_private.h
@@ -390,6 +390,14 @@ svn_repos__get_dump_editor(const svn_delta_editor_t **editor,
const char *update_anchor_relpath,
apr_pool_t *pool);
+/* Validate that the given PATH is a valid pathname that can be stored in
+ * a Subversion repository, according to the name constraints used by the
+ * svn_repos_* layer.
+ */
+svn_error_t *
+svn_repos__validate_new_path(const char *path,
+ apr_pool_t *scratch_pool);
+
#ifdef __cplusplus
}
#endif /* __cplusplus */
diff --git a/subversion/libsvn_repos/commit.c b/subversion/libsvn_repos/commit.c
index dca8887a93..486dedd092 100644
--- a/subversion/libsvn_repos/commit.c
+++ b/subversion/libsvn_repos/commit.c
@@ -308,8 +308,7 @@ add_file_or_directory(const char *path,
svn_boolean_t was_copied = FALSE;
const char *full_path;
- /* Reject paths which contain control characters (related to issue #4340). */
- SVN_ERR(svn_path_check_valid(path, pool));
+ SVN_ERR(svn_repos__validate_new_path(path, pool));
full_path = svn_fspath__join(eb->base_path,
svn_relpath_canonicalize(path, pool), pool);
diff --git a/subversion/libsvn_repos/repos.c b/subversion/libsvn_repos/repos.c
index 2c2267674e..1c9d8dc660 100644
--- a/subversion/libsvn_repos/repos.c
+++ b/subversion/libsvn_repos/repos.c
@@ -2092,3 +2092,13 @@ svn_repos__fs_type(const char **fs_type,
svn_dirent_join(repos_path, SVN_REPOS__DB_DIR, pool),
pool);
}
+
+svn_error_t *
+svn_repos__validate_new_path(const char *path,
+ apr_pool_t *scratch_pool)
+{
+ /* Reject paths which contain control characters (related to issue #4340). */
+ SVN_ERR(svn_path_check_valid(path, scratch_pool));
+
+ return SVN_NO_ERROR;
+}
diff --git a/subversion/mod_dav_svn/lock.c b/subversion/mod_dav_svn/lock.c
index 7e9c94b64d..d2a6aa9021 100644
--- a/subversion/mod_dav_svn/lock.c
+++ b/subversion/mod_dav_svn/lock.c
@@ -36,6 +36,7 @@
#include "svn_pools.h"
#include "svn_props.h"
#include "private/svn_log.h"
+#include "private/svn_repos_private.h"
#include "dav_svn.h"
@@ -717,6 +718,12 @@ append_locks(dav_lockdb *lockdb,
/* Commit a 0-byte file: */
+ if ((serr = svn_repos__validate_new_path(resource->info->repos_path,
+ resource->pool)))
+ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
+ "Request specifies an invalid path.",
+ resource->pool);
+
if ((serr = dav_svn__get_youngest_rev(&rev, repos, resource->pool)))
return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR,
"Could not determine youngest revision",
diff --git a/subversion/mod_dav_svn/repos.c b/subversion/mod_dav_svn/repos.c
index 4eec268f9a..d39b6c7d14 100644
--- a/subversion/mod_dav_svn/repos.c
+++ b/subversion/mod_dav_svn/repos.c
@@ -2928,6 +2928,16 @@ open_stream(const dav_resource *resource,
if (kind == svn_node_none) /* No existing file. */
{
+ serr = svn_repos__validate_new_path(resource->info->repos_path,
+ resource->pool);
+
+ if (serr != NULL)
+ {
+ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
+ "Request specifies an invalid path.",
+ resource->pool);
+ }
+
serr = svn_fs_make_file(resource->info->root.root,
resource->info->repos_path,
resource->pool);
@@ -4120,6 +4130,14 @@ create_collection(dav_resource *resource)
return err;
}
+ if ((serr = svn_repos__validate_new_path(resource->info->repos_path,
+ resource->pool)) != NULL)
+ {
+ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
+ "Request specifies an invalid path.",
+ resource->pool);
+ }
+
if ((serr = svn_fs_make_dir(resource->info->root.root,
resource->info->repos_path,
resource->pool)) != NULL)
@@ -4194,6 +4212,12 @@ copy_resource(const dav_resource *src,
return err;
}
+ serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool);
+ if (serr)
+ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
+ "Request specifies an invalid path.",
+ dst->pool);
+
src_repos_path = svn_repos_path(src->info->repos->repos, src->pool);
dst_repos_path = svn_repos_path(dst->info->repos->repos, dst->pool);
@@ -4430,6 +4454,12 @@ move_resource(dav_resource *src,
if (err)
return err;
+ serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool);
+ if (serr)
+ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
+ "Request specifies an invalid path.",
+ dst->pool);
+
/* Copy the src to the dst. */
serr = svn_fs_copy(src->info->root.root, /* the root object of src rev*/
src->info->repos_path, /* the relative path of src */
diff --git a/subversion/tests/cmdline/mod_dav_svn_tests.py b/subversion/tests/cmdline/mod_dav_svn_tests.py
index 9628fa9fc0..2489f30310 100755
--- a/subversion/tests/cmdline/mod_dav_svn_tests.py
+++ b/subversion/tests/cmdline/mod_dav_svn_tests.py
@@ -686,6 +686,67 @@ def propfind_propname(sbox):
)
actual_response = r.read()
verify_xml_response(expected_response, actual_response)
+@SkipUnless(svntest.main.is_ra_type_dav)
+def create_name_with_control_chars(sbox):
+ "test creating items with control chars in names"
+
+ sbox.build(create_wc=False)
+
+ h = svntest.main.create_http_connection(sbox.repo_url)
+
+ # POST /repos/!svn/me
+ # Create a new transaction.
+ req_body = (
+ '(create-txn-with-props '
+ '(svn:txn-client-compat-version 6 1.14.4 '
+ 'svn:txn-user-agent 45 SVN/1.14.4 (x86-microsoft-windows) serf/1.3.9 '
+ 'svn:log 0 ))'
+ )
+ headers = {
+ 'Authorization': 'Basic ' + base64.b64encode(b'jconstant:rayjandom').decode(),
+ 'Content-Type': 'application/vnd.svn-skel',
+ }
+ h.request('POST', sbox.repo_url + '/!svn/me', req_body, headers)
+ r = h.getresponse()
+ if r.status != httplib.CREATED:
+ raise svntest.Failure('Unexpected status: %d %s' % (r.status, r.reason))
+ txn_name = r.getheader('SVN-Txn-Name')
+ r.read()
+
+ # MKCOL /repos/!svn/txn/TXN_NAME/tab%09name
+ # Must fail with a 400 Bad Request.
+ headers = {
+ 'Authorization': 'Basic ' + base64.b64encode(b'jconstant:rayjandom').decode(),
+ }
+ h.request('MKCOL', sbox.repo_url + '/!svn/txr/' + txn_name + '/tab%09name', None, headers)
+ r = h.getresponse()
+ if r.status != httplib.BAD_REQUEST:
+ raise svntest.Failure('Unexpected status: %d %s' % (r.status, r.reason))
+ r.read()
+
+ # PUT /repos/!svn/txn/TXN_NAME/tab%09name
+ # Must fail with a 400 Bad Request.
+ headers = {
+ 'Authorization': 'Basic ' + base64.b64encode(b'jconstant:rayjandom').decode(),
+ }
+ h.request('PUT', sbox.repo_url + '/!svn/txr/' + txn_name + '/tab%09name', None, headers)
+ r = h.getresponse()
+ if r.status != httplib.BAD_REQUEST:
+ raise svntest.Failure('Unexpected status: %d %s' % (r.status, r.reason))
+ r.read()
+
+ # COPY /repos/!svn/rvr/1/iota -> /repos/!svn/txn/TXN_NAME/tab%09name
+ # Must fail with a 400 Bad Request.
+ headers = {
+ 'Authorization': 'Basic ' + base64.b64encode(b'jconstant:rayjandom').decode(),
+ 'Destination': sbox.repo_url + '/!svn/txr/' + txn_name + '/tab%09name'
+ }
+ h.request('COPY', sbox.repo_url + '/!svn/rvr/1/iota', None, headers)
+ r = h.getresponse()
+ if r.status != httplib.BAD_REQUEST:
+ raise svntest.Failure('Unexpected status: %d %s' % (r.status, r.reason))
+ r.read()
+
########################################################################
# Run the tests
@@ -700,6 +761,7 @@ test_list = [ None,
propfind_404,
propfind_allprop,
propfind_propname,
+ create_name_with_control_chars,
]
serial_only = True
--
2.33.0

25
subversion.spec
View File

@ -10,13 +10,17 @@
Summary: Subversion, a version control system.
Name: subversion
Version: 1.12.2
Release: 3
Release: 8
License: ASL 2.0
URL: https://subversion.apache.org/
Source0: https://www.apache.org/dist/subversion/subversion-%{version}.tar.bz2
Patch1: backport-CVE-2020-17525.patch
Patch2: backport-CVE-2021-28544.patch
Patch3: backport-CVE-2022-24070.patch
Patch4: backport-CVE-2024-45720.patch
Patch5: backport-CVE-2024-46901.patch
BuildRequires: autoconf libtool texinfo which swig gettext apr-devel apr-util-devel libserf-devel cyrus-sasl-devel sqlite-devel file-devel utf8proc-devel lz4-devel apr-util-openssl dbus-devel, libsecret-devel httpd-devel git
Requires: httpd
@ -45,8 +49,8 @@ Requires: apr-devel%{?_isa}, apr-util-devel%{?_isa}
%description devel
Development package for subversion.
%package_help
Requires: subversion = %{version}-%{release}
%package -n python2-%{name}
%{?python_provide:%python_provide python2-subversion}
@ -265,8 +269,6 @@ make check-javahl
%{_bindir}/*
%{_datadir}/bash-completion/
%dir %{_sysconfdir}/subversion
%{!?_licensedir:%global license %%doc}
%license LICENSE NOTICE
%{_libdir}/libsvn*.so.*
%exclude %{_libdir}/libsvn_swig_perl*
%exclude %{_libdir}/libsvn_swig_ruby*
@ -310,6 +312,21 @@ make check-javahl
%endif
%changelog
* Mon Dec 09 2024 fuanan <fuanan3@h-partners.com> - 1.12.2-8
- fix CVE-2024-46901
* Wed Oct 09 2024 fuanan <fuanan3@h-partners.com> - 1.12.2-7
- fix CVE-2024-45720
* Mon Apr 08 2024 fuanan <fuanan3@h-partners.com> - 1.12.2-6
- Remove non-standard requires from the help subpackage
* Fri Feb 03 2023 fuanan <fuanan3@h-partners.com> - 1.12.2-5
- Fix compile warning: LICENSE and NOTICE files are repeat packed
* Fri Apr 22 2022 panxiaohe<panxh.life@foxmail.com> - 1.12.2-4
- fix CVE-2021-28544 CVE-2022-24070
* Tue Feb 23 2021 yixiangzhike<zhangxingliang3@huawei.com> - 1.12.2-3
- fix CVE-2020-17525