From 1cfff14766385d5ab5b54782c9648d9a848ff314 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 27 Sep 2022 08:02:16 -0400 Subject: [PATCH] import subversion-1.14.1-5.el9_0 --- .../subversion-1.14.1-CVE-2022-24070.patch | 41 +++++++++++++++++++ SOURCES/subversion-1.14.1-fixjavatests.patch | 30 ++++++++++++++ .../subversion-1.14.1-testnoautoprops.patch | 14 +++++++ SPECS/subversion.spec | 13 +++++- 4 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 SOURCES/subversion-1.14.1-CVE-2022-24070.patch create mode 100644 SOURCES/subversion-1.14.1-fixjavatests.patch create mode 100644 SOURCES/subversion-1.14.1-testnoautoprops.patch diff --git a/SOURCES/subversion-1.14.1-CVE-2022-24070.patch b/SOURCES/subversion-1.14.1-CVE-2022-24070.patch new file mode 100644 index 0000000..e13af5e --- /dev/null +++ b/SOURCES/subversion-1.14.1-CVE-2022-24070.patch @@ -0,0 +1,41 @@ +--- subversion-1.14.1/subversion/libsvn_repos/authz.c ++++ subversion-1.14.1/subversion/libsvn_repos/authz.c +@@ -130,6 +130,30 @@ + static svn_object_pool__t *filtered_pool = NULL; + static svn_atomic_t authz_pool_initialized = FALSE; + ++/* ++ * Ensure that we will initialize authz again if the pool which ++ * our authz caches depend on is cleared. ++ * ++ * HTTPD may run pre/post config hooks multiple times and clear ++ * its global configuration pool which our authz pools depend on. ++ * This happens in a non-threaded context during HTTPD's intialization ++ * and HTTPD's main loop, so it is safe to reset static variables here. ++ * (And any applications which cleared this pool while SVN threads ++ * were running would crash no matter what.) ++ * ++ * See issue #4880, "Use-after-free of object-pools in ++ * subversion/libsvn_repos/authz.c when used as httpd module" ++ */ ++static apr_status_t ++deinit_authz(void *data) ++{ ++ /* The two object pools run their own cleanup handlers. */ ++ authz_pool = NULL; ++ filtered_pool = NULL; ++ authz_pool_initialized = FALSE; ++ return APR_SUCCESS; ++} ++ + /* Implements svn_atomic__err_init_func_t. */ + static svn_error_t * + synchronized_authz_initialize(void *baton, apr_pool_t *pool) +@@ -143,6 +167,7 @@ + SVN_ERR(svn_object_pool__create(&authz_pool, multi_threaded, pool)); + SVN_ERR(svn_object_pool__create(&filtered_pool, multi_threaded, pool)); + ++ apr_pool_cleanup_register(pool, NULL, deinit_authz, apr_pool_cleanup_null); + return SVN_NO_ERROR; + } + diff --git a/SOURCES/subversion-1.14.1-fixjavatests.patch b/SOURCES/subversion-1.14.1-fixjavatests.patch new file mode 100644 index 0000000..b7a79b0 --- /dev/null +++ b/SOURCES/subversion-1.14.1-fixjavatests.patch @@ -0,0 +1,30 @@ + +See upstream dev@subversion thread. Fixes intermittent failure of +javahl tests, particularly reproducible on aarch64. + +Message-ID: <11de5f5c-5059-b973-95a1-385e7913a63a@syntevo.com> +From: Alexandr Miloslavskiy + +--- subversion-1.14.1/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java.fixjavatests ++++ subversion-1.14.1/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java +@@ -4676,7 +4676,19 @@ + // RuntimeException("Test exception") is expected here + } + +- tunnelAgent.joinAndTest(); ++ // In this test, there is a race condition that sometimes results in ++ // IOException when 'WAIT_TUNNEL' tries to read from a pipe that ++ // already has its read end closed. This is not an error, but ++ // it's hard to distinguish this case from other IOException which ++ // indicate a problem. To reproduce, simply wrap this test's body in ++ // a loop. The workaround is to ignore any detected IOException. ++ // ++ // tunnelAgent.joinAndTest(); ++ try { ++ tunnelAgent.join(); ++ } catch (InterruptedException e) { ++ e.printStackTrace (); ++ } + } + + /** diff --git a/SOURCES/subversion-1.14.1-testnoautoprops.patch b/SOURCES/subversion-1.14.1-testnoautoprops.patch new file mode 100644 index 0000000..96dd59d --- /dev/null +++ b/SOURCES/subversion-1.14.1-testnoautoprops.patch @@ -0,0 +1,14 @@ + +Fix intermittent failures when "svn add" guesses a near-empty file is binary and hence +the output is different. + +--- subversion-1.14.1/subversion/tests/cmdline/svntest/main.py.testnoautoprops ++++ subversion-1.14.1/subversion/tests/cmdline/svntest/main.py +@@ -691,6 +691,7 @@ + + [miscellany] + interactive-conflicts = false ++enable-auto-props = no + """ + if exclusive_wc_locks: + config_contents += """ diff --git a/SPECS/subversion.spec b/SPECS/subversion.spec index 6cbda6f..32871af 100644 --- a/SPECS/subversion.spec +++ b/SPECS/subversion.spec @@ -56,7 +56,7 @@ Summary: A Modern Concurrent Version Control System Name: subversion Version: 1.14.1 -Release: 4.1%{?dist} +Release: 5%{?dist} License: ASL 2.0 URL: https://subversion.apache.org/ Source0: https://downloads.apache.org/subversion/subversion-%{version}.tar.bz2 @@ -72,6 +72,11 @@ Patch2: subversion-1.14.0-testwarn.patch Patch3: subversion-1.14.0-soversion.patch Patch4: subversion-1.8.0-rubybind.patch Patch5: subversion-1.8.5-swigplWall.patch +Patch6: subversion-1.14.1-testnoautoprops.patch +Patch7: subversion-1.14.1-fixjavatests.patch +Patch8: subversion-1.14.1-CVE-2022-24070.patch + + BuildRequires: make BuildRequires: autoconf, libtool, texinfo, which, gcc, gcc-c++ BuildRequires: swig >= 1.3.24, gettext @@ -233,6 +238,9 @@ This package includes supplementary tools for use with Subversion. %patch3 -p1 -b .soversion %patch4 -p1 -b .rubybind %patch5 -p1 -b .swigplWall +%patch6 -p1 -b .testnoautoprops +%patch7 -p1 -b .fixjavatests +%patch8 -p1 -b .cve24070 : : === Building: @@ -578,6 +586,9 @@ make check-javahl %endif %changelog +* Tue Apr 26 2022 Richard Lescak - 1.14.1-5 +- Fix for CVE-2022-24070 (#2076565) + * Tue Aug 10 2021 Mohan Boddu - 1.14.1-4.1 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688