import subversion-1.14.1-5.el9_0
This commit is contained in:
parent
586e69bd5f
commit
1cfff14766
41
SOURCES/subversion-1.14.1-CVE-2022-24070.patch
Normal file
41
SOURCES/subversion-1.14.1-CVE-2022-24070.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
--- subversion-1.14.1/subversion/libsvn_repos/authz.c
|
||||||
|
+++ subversion-1.14.1/subversion/libsvn_repos/authz.c
|
||||||
|
@@ -130,6 +130,30 @@
|
||||||
|
static svn_object_pool__t *filtered_pool = NULL;
|
||||||
|
static svn_atomic_t authz_pool_initialized = FALSE;
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * Ensure that we will initialize authz again if the pool which
|
||||||
|
+ * our authz caches depend on is cleared.
|
||||||
|
+ *
|
||||||
|
+ * HTTPD may run pre/post config hooks multiple times and clear
|
||||||
|
+ * its global configuration pool which our authz pools depend on.
|
||||||
|
+ * This happens in a non-threaded context during HTTPD's intialization
|
||||||
|
+ * and HTTPD's main loop, so it is safe to reset static variables here.
|
||||||
|
+ * (And any applications which cleared this pool while SVN threads
|
||||||
|
+ * were running would crash no matter what.)
|
||||||
|
+ *
|
||||||
|
+ * See issue #4880, "Use-after-free of object-pools in
|
||||||
|
+ * subversion/libsvn_repos/authz.c when used as httpd module"
|
||||||
|
+ */
|
||||||
|
+static apr_status_t
|
||||||
|
+deinit_authz(void *data)
|
||||||
|
+{
|
||||||
|
+ /* The two object pools run their own cleanup handlers. */
|
||||||
|
+ authz_pool = NULL;
|
||||||
|
+ filtered_pool = NULL;
|
||||||
|
+ authz_pool_initialized = FALSE;
|
||||||
|
+ return APR_SUCCESS;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* Implements svn_atomic__err_init_func_t. */
|
||||||
|
static svn_error_t *
|
||||||
|
synchronized_authz_initialize(void *baton, apr_pool_t *pool)
|
||||||
|
@@ -143,6 +167,7 @@
|
||||||
|
SVN_ERR(svn_object_pool__create(&authz_pool, multi_threaded, pool));
|
||||||
|
SVN_ERR(svn_object_pool__create(&filtered_pool, multi_threaded, pool));
|
||||||
|
|
||||||
|
+ apr_pool_cleanup_register(pool, NULL, deinit_authz, apr_pool_cleanup_null);
|
||||||
|
return SVN_NO_ERROR;
|
||||||
|
}
|
||||||
|
|
30
SOURCES/subversion-1.14.1-fixjavatests.patch
Normal file
30
SOURCES/subversion-1.14.1-fixjavatests.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
|
||||||
|
See upstream dev@subversion thread. Fixes intermittent failure of
|
||||||
|
javahl tests, particularly reproducible on aarch64.
|
||||||
|
|
||||||
|
Message-ID: <11de5f5c-5059-b973-95a1-385e7913a63a@syntevo.com>
|
||||||
|
From: Alexandr Miloslavskiy
|
||||||
|
|
||||||
|
--- subversion-1.14.1/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java.fixjavatests
|
||||||
|
+++ subversion-1.14.1/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java
|
||||||
|
@@ -4676,7 +4676,19 @@
|
||||||
|
// RuntimeException("Test exception") is expected here
|
||||||
|
}
|
||||||
|
|
||||||
|
- tunnelAgent.joinAndTest();
|
||||||
|
+ // In this test, there is a race condition that sometimes results in
|
||||||
|
+ // IOException when 'WAIT_TUNNEL' tries to read from a pipe that
|
||||||
|
+ // already has its read end closed. This is not an error, but
|
||||||
|
+ // it's hard to distinguish this case from other IOException which
|
||||||
|
+ // indicate a problem. To reproduce, simply wrap this test's body in
|
||||||
|
+ // a loop. The workaround is to ignore any detected IOException.
|
||||||
|
+ //
|
||||||
|
+ // tunnelAgent.joinAndTest();
|
||||||
|
+ try {
|
||||||
|
+ tunnelAgent.join();
|
||||||
|
+ } catch (InterruptedException e) {
|
||||||
|
+ e.printStackTrace ();
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
14
SOURCES/subversion-1.14.1-testnoautoprops.patch
Normal file
14
SOURCES/subversion-1.14.1-testnoautoprops.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
|
||||||
|
Fix intermittent failures when "svn add" guesses a near-empty file is binary and hence
|
||||||
|
the output is different.
|
||||||
|
|
||||||
|
--- subversion-1.14.1/subversion/tests/cmdline/svntest/main.py.testnoautoprops
|
||||||
|
+++ subversion-1.14.1/subversion/tests/cmdline/svntest/main.py
|
||||||
|
@@ -691,6 +691,7 @@
|
||||||
|
|
||||||
|
[miscellany]
|
||||||
|
interactive-conflicts = false
|
||||||
|
+enable-auto-props = no
|
||||||
|
"""
|
||||||
|
if exclusive_wc_locks:
|
||||||
|
config_contents += """
|
@ -56,7 +56,7 @@
|
|||||||
Summary: A Modern Concurrent Version Control System
|
Summary: A Modern Concurrent Version Control System
|
||||||
Name: subversion
|
Name: subversion
|
||||||
Version: 1.14.1
|
Version: 1.14.1
|
||||||
Release: 4.1%{?dist}
|
Release: 5%{?dist}
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: https://subversion.apache.org/
|
URL: https://subversion.apache.org/
|
||||||
Source0: https://downloads.apache.org/subversion/subversion-%{version}.tar.bz2
|
Source0: https://downloads.apache.org/subversion/subversion-%{version}.tar.bz2
|
||||||
@ -72,6 +72,11 @@ Patch2: subversion-1.14.0-testwarn.patch
|
|||||||
Patch3: subversion-1.14.0-soversion.patch
|
Patch3: subversion-1.14.0-soversion.patch
|
||||||
Patch4: subversion-1.8.0-rubybind.patch
|
Patch4: subversion-1.8.0-rubybind.patch
|
||||||
Patch5: subversion-1.8.5-swigplWall.patch
|
Patch5: subversion-1.8.5-swigplWall.patch
|
||||||
|
Patch6: subversion-1.14.1-testnoautoprops.patch
|
||||||
|
Patch7: subversion-1.14.1-fixjavatests.patch
|
||||||
|
Patch8: subversion-1.14.1-CVE-2022-24070.patch
|
||||||
|
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: autoconf, libtool, texinfo, which, gcc, gcc-c++
|
BuildRequires: autoconf, libtool, texinfo, which, gcc, gcc-c++
|
||||||
BuildRequires: swig >= 1.3.24, gettext
|
BuildRequires: swig >= 1.3.24, gettext
|
||||||
@ -233,6 +238,9 @@ This package includes supplementary tools for use with Subversion.
|
|||||||
%patch3 -p1 -b .soversion
|
%patch3 -p1 -b .soversion
|
||||||
%patch4 -p1 -b .rubybind
|
%patch4 -p1 -b .rubybind
|
||||||
%patch5 -p1 -b .swigplWall
|
%patch5 -p1 -b .swigplWall
|
||||||
|
%patch6 -p1 -b .testnoautoprops
|
||||||
|
%patch7 -p1 -b .fixjavatests
|
||||||
|
%patch8 -p1 -b .cve24070
|
||||||
|
|
||||||
:
|
:
|
||||||
: === Building:
|
: === Building:
|
||||||
@ -578,6 +586,9 @@ make check-javahl
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 26 2022 Richard Lescak <rlescak@redhat.com> - 1.14.1-5
|
||||||
|
- Fix for CVE-2022-24070 (#2076565)
|
||||||
|
|
||||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.14.1-4.1
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.14.1-4.1
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
Related: rhbz#1991688
|
Related: rhbz#1991688
|
||||||
|
Loading…
Reference in New Issue
Block a user