From ccae71ab8355f1013bf7ab3f2be006dc1a3ac13b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 31 2021 09:14:47 +0000 Subject: import subversion-1.10.2-4.module+el8.3.0+9886+ac338b6d --- diff --git a/SOURCES/subversion-1.10.2-CVE-2020-17525.patch b/SOURCES/subversion-1.10.2-CVE-2020-17525.patch new file mode 100644 index 0000000..82784bf --- /dev/null +++ b/SOURCES/subversion-1.10.2-CVE-2020-17525.patch @@ -0,0 +1,17 @@ + +https://bugzilla.redhat.com/show_bug.cgi?id=1922303 +https://github.com/apache/subversion/commit/c83d9e5db564bdbbd91a7eb1c9399f66f481361c + +--- a/subversion/libsvn_repos/config_file.c ++++ b/subversion/libsvn_repos/config_file.c +@@ -237,6 +237,10 @@ get_repos_config(svn_stream_t **stream, + { + /* Search for a repository in the full path. */ + repos_root_dirent = svn_repos_find_root_path(dirent, scratch_pool); ++ if (repos_root_dirent == NULL) ++ return svn_error_trace(handle_missing_file(stream, checksum, access, ++ url, must_exist, ++ svn_node_none)); + + /* Attempt to open a repository at repos_root_dirent. */ + SVN_ERR(svn_repos_open3(&access->repos, repos_root_dirent, NULL, diff --git a/SPECS/subversion.spec b/SPECS/subversion.spec index 1c2e656..564f8fb 100644 --- a/SPECS/subversion.spec +++ b/SPECS/subversion.spec @@ -37,7 +37,7 @@ Summary: A Modern Concurrent Version Control System Name: subversion Version: 1.10.2 -Release: 3%{?dist} +Release: 4%{?dist} License: ASL 2.0 Group: Development/Tools URL: https://subversion.apache.org/ @@ -56,6 +56,7 @@ Patch4: subversion-1.8.0-rubybind.patch Patch5: subversion-1.8.5-swigplWall.patch Patch6: subversion-1.10.2-CVE-2019-0203.patch Patch7: subversion-1.10.2-CVE-2018-11782.patch +Patch8: subversion-1.10.2-CVE-2020-17525.patch BuildRequires: autoconf, libtool, texinfo, which BuildRequires: swig >= 1.3.24, gettext %if %{with bdb} @@ -224,6 +225,7 @@ This package includes supplementary tools for use with Subversion. %patch5 -p1 -b .swigplWall %patch6 -p1 -b .cve0203 %patch7 -p1 -b .cve11782 +%patch8 -p1 -b .cve17525 %build # Regenerate the buildsystem, so that: @@ -546,6 +548,9 @@ make check-javahl %endif %changelog +* Wed Feb 10 2021 Joe Orton - 1.10.2-4 +- add security fix for CVE-2020-17525 + * Mon May 18 2020 Joe Orton - 1.10.2-3 - add security fix for CVE-2018-11782