From 08948bd18d9adcaf39736eea94a74a36b710d5cc Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 27 Sep 2022 07:14:26 -0400 Subject: [PATCH] import subversion-1.10.2-5.module+el8.6.0+15157+188c9801 --- .../subversion-1.10.2-CVE-2022-24070.patch | 41 +++++++++++++++++++ SPECS/subversion.spec | 8 +++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 SOURCES/subversion-1.10.2-CVE-2022-24070.patch diff --git a/SOURCES/subversion-1.10.2-CVE-2022-24070.patch b/SOURCES/subversion-1.10.2-CVE-2022-24070.patch new file mode 100644 index 0000000..0d29883 --- /dev/null +++ b/SOURCES/subversion-1.10.2-CVE-2022-24070.patch @@ -0,0 +1,41 @@ +--- subversion-1.10.2/subversion/libsvn_repos/authz.c ++++ subversion-1.10.2/subversion/libsvn_repos/authz.c +@@ -130,6 +130,30 @@ + static svn_object_pool__t *filtered_pool = NULL; + static svn_atomic_t authz_pool_initialized = FALSE; + ++/* ++ * Ensure that we will initialize authz again if the pool which ++ * our authz caches depend on is cleared. ++ * ++ * HTTPD may run pre/post config hooks multiple times and clear ++ * its global configuration pool which our authz pools depend on. ++ * This happens in a non-threaded context during HTTPD's intialization ++ * and HTTPD's main loop, so it is safe to reset static variables here. ++ * (And any applications which cleared this pool while SVN threads ++ * were running would crash no matter what.) ++ * ++ * See issue #4880, "Use-after-free of object-pools in ++ * subversion/libsvn_repos/authz.c when used as httpd module" ++ */ ++static apr_status_t ++deinit_authz(void *data) ++{ ++ /* The two object pools run their own cleanup handlers. */ ++ authz_pool = NULL; ++ filtered_pool = NULL; ++ authz_pool_initialized = FALSE; ++ return APR_SUCCESS; ++} ++ + /* Implements svn_atomic__err_init_func_t. */ + static svn_error_t * + synchronized_authz_initialize(void *baton, apr_pool_t *pool) +@@ -143,6 +167,7 @@ + SVN_ERR(svn_object_pool__create(&authz_pool, multi_threaded, pool)); + SVN_ERR(svn_object_pool__create(&filtered_pool, multi_threaded, pool)); + ++ apr_pool_cleanup_register(pool, NULL, deinit_authz, apr_pool_cleanup_null); + return SVN_NO_ERROR; + } + diff --git a/SPECS/subversion.spec b/SPECS/subversion.spec index 564f8fb..47bd86e 100644 --- a/SPECS/subversion.spec +++ b/SPECS/subversion.spec @@ -37,7 +37,7 @@ Summary: A Modern Concurrent Version Control System Name: subversion Version: 1.10.2 -Release: 4%{?dist} +Release: 5%{?dist} License: ASL 2.0 Group: Development/Tools URL: https://subversion.apache.org/ @@ -57,6 +57,8 @@ Patch5: subversion-1.8.5-swigplWall.patch Patch6: subversion-1.10.2-CVE-2019-0203.patch Patch7: subversion-1.10.2-CVE-2018-11782.patch Patch8: subversion-1.10.2-CVE-2020-17525.patch +Patch9: subversion-1.10.2-CVE-2022-24070.patch + BuildRequires: autoconf, libtool, texinfo, which BuildRequires: swig >= 1.3.24, gettext %if %{with bdb} @@ -226,6 +228,7 @@ This package includes supplementary tools for use with Subversion. %patch6 -p1 -b .cve0203 %patch7 -p1 -b .cve11782 %patch8 -p1 -b .cve17525 +%patch9 -p1 -b .cve24070 %build # Regenerate the buildsystem, so that: @@ -548,6 +551,9 @@ make check-javahl %endif %changelog +* Wed May 04 2022 Richard Lescak - 1.10.2-5 +- add security fix for CVE-2022-24070 + * Wed Feb 10 2021 Joe Orton - 1.10.2-4 - add security fix for CVE-2020-17525