From fcb07fae8fbe4f74f39739cb193dd374e90cca2a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sep 29 2020 07:02:20 +0000 Subject: import subversion-1.7.14-16.el7 --- diff --git a/SOURCES/subversion-1.7.14-CVE-2018-11782.patch b/SOURCES/subversion-1.7.14-CVE-2018-11782.patch new file mode 100644 index 0000000..5f1cb9f --- /dev/null +++ b/SOURCES/subversion-1.7.14-CVE-2018-11782.patch @@ -0,0 +1,89 @@ + +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-11782 + +--- subversion-1.7.14/subversion/libsvn_ra_svn/client.c.cve11782 ++++ subversion-1.7.14/subversion/libsvn_ra_svn/client.c +@@ -2542,6 +2542,7 @@ + { + svn_ra_svn__session_baton_t *sess_baton = session->priv; + svn_ra_svn_conn_t *conn = sess_baton->conn; ++ svn_error_t *err; + + /* Transmit the parameters. */ + SVN_ERR(svn_ra_svn_write_cmd(conn, pool, "get-deleted-rev", "crr", +@@ -2551,7 +2552,20 @@ + SVN_ERR(handle_unsupported_cmd(handle_auth_request(sess_baton, pool), + _("'get-deleted-rev' not implemented"))); + +- return svn_ra_svn_read_cmd_response(conn, pool, "r", revision_deleted); ++ err = svn_error_trace(svn_ra_svn_read_cmd_response(conn, pool, "r", ++ revision_deleted)); ++ /* The protocol does not allow for a reply of SVN_INVALID_REVNUM directly. ++ Instead, a new enough server returns SVN_ERR_ENTRY_MISSING_REVISION to ++ indicate the answer to the query is SVN_INVALID_REVNUM. (An older server ++ closes the connection and returns SVN_ERR_RA_SVN_CONNECTION_CLOSED.) */ ++ if (err && err->apr_err == SVN_ERR_ENTRY_MISSING_REVISION) ++ { ++ *revision_deleted = SVN_INVALID_REVNUM; ++ svn_error_clear(err); ++ } ++ else ++ SVN_ERR(err); ++ return SVN_NO_ERROR; + } + + +--- subversion-1.7.14/subversion/svnserve/serve.c.cve11782 ++++ subversion-1.7.14/subversion/svnserve/serve.c +@@ -2875,8 +2875,21 @@ + svn_relpath_canonicalize(path, pool), pool); + SVN_ERR(log_command(b, conn, pool, "get-deleted-rev")); + SVN_ERR(trivial_auth_request(conn, pool, b)); +- SVN_ERR(svn_repos_deleted_rev(b->fs, full_path, peg_revision, end_revision, +- &revision_deleted, pool)); ++ SVN_CMD_ERR(svn_repos_deleted_rev(b->fs, full_path, peg_revision, ++ end_revision, &revision_deleted, pool)); ++ ++ /* The protocol does not allow for a reply of SVN_INVALID_REVNUM directly. ++ Instead, return SVN_ERR_ENTRY_MISSING_REVISION. A new enough client ++ knows that this means the answer to the query is SVN_INVALID_REVNUM. ++ (An older client reports this as an error.) */ ++ if (revision_deleted == SVN_INVALID_REVNUM) ++ SVN_CMD_ERR(svn_error_createf(SVN_ERR_ENTRY_MISSING_REVISION, NULL, ++ "svn protocol command 'get-deleted-rev': " ++ "path '%s' was not deleted in r%ld-%ld; " ++ "NOTE: newer clients handle this case " ++ "and do not report it as an error", ++ full_path, peg_revision, end_revision)); ++ + SVN_ERR(svn_ra_svn_write_cmd_response(conn, pool, "r", revision_deleted)); + return SVN_NO_ERROR; + } +@@ -3086,7 +3099,7 @@ + svn_error_t *serve(svn_ra_svn_conn_t *conn, serve_params_t *params, + apr_pool_t *pool) + { +- svn_error_t *err, *io_err; ++ svn_error_t *err; + apr_uint64_t ver; + const char *uuid, *client_url, *ra_client_string, *client_string; + apr_array_header_t *caplist, *cap_words; +@@ -3198,12 +3211,12 @@ + } + if (err) + { +- log_error(err, b.log_file, svn_ra_svn_conn_remote_host(conn), +- b.user, NULL, pool); +- io_err = svn_ra_svn_write_cmd_failure(conn, pool, err); +- svn_error_clear(err); +- SVN_ERR(io_err); +- return svn_ra_svn_flush(conn, pool); ++ /* Report these errors to the client before closing the connection. */ ++ err = svn_error_compose_create(err, ++ svn_ra_svn_write_cmd_failure(conn, pool, err)); ++ err = svn_error_compose_create(err, ++ svn_ra_svn_flush(conn, pool)); ++ return err; + } + + /* Log the open. */ diff --git a/SPECS/subversion.spec b/SPECS/subversion.spec index dbf413d..13ed2f3 100644 --- a/SPECS/subversion.spec +++ b/SPECS/subversion.spec @@ -22,7 +22,7 @@ Summary: A Modern Concurrent Version Control System Name: subversion Version: 1.7.14 -Release: 14%{?dist} +Release: 16%{?dist} License: ASL 2.0 Group: Development/Tools URL: http://subversion.apache.org/ @@ -55,6 +55,7 @@ Patch20: subversion-1.7.14-CVE-2017-9800.patch Patch21: subversion-1.7.14-r1439592+.patch Patch22: subversion-1.7.14-r1708699.patch Patch23: subversion-1.7.14-r1564900.patch +Patch24: subversion-1.7.14-CVE-2018-11782.patch BuildRequires: autoconf, libtool, python, python-devel, texinfo, which BuildRequires: libdb-devel, swig >= 1.3.24, gettext BuildRequires: apr-devel >= 1.3.0, apr-util-devel >= 1.3.0 @@ -208,6 +209,7 @@ This package includes supplementary tools for use with Subversion. %patch21 -p1 -b .r1439592+ %patch22 -p1 -b .r1708699 %patch23 -p1 -b .r1564900 +%patch24 -p1 -b .cve11782 %build # Regenerate the buildsystem, so that: @@ -507,6 +509,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog +* Tue Apr 14 2020 Joe Orton - 1.7.14-16 +- add security fix for CVE-2018-11782 + * Wed Oct 25 2017 Joe Orton - 1.7.14-14 - remove installed backup files (#1379593)