rpms/subversion
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import subversion-1.10.2-2.module+el8.0.0+3900+919b6753

Browse Source
This commit is contained in:
CentOS Sources 2020-01-21 18:46:26 -05:00 committed by Stepan Oksanichenko
parent 2829c7c49b
commit d1a9976588
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
SOURCES/subversion-1.10.2-CVE-2019-0203.patch Normal file
View File

@ -0,0 +1,31 @@
diff --git a/subversion/svnserve/serve.c b/subversion/svnserve/serve.c
index 5192e7c..6159e22 100644
--- a/subversion/svnserve/serve.c
+++ b/subversion/svnserve/serve.c
@@ -4101,7 +4101,7 @@ construct_server_baton(server_baton_t **baton,
serve_params_t *params,
apr_pool_t *scratch_pool)
{
- svn_error_t *err, *io_err;
+ svn_error_t *err;
apr_uint64_t ver;
const char *client_url, *ra_client_string, *client_string;
svn_ra_svn__list_t *caplist;
@@ -4239,11 +4239,12 @@ construct_server_baton(server_baton_t **baton,
}
if (err)
{
- log_error(err, b);
- io_err = svn_ra_svn__write_cmd_failure(conn, scratch_pool, err);
- svn_error_clear(err);
- SVN_ERR(io_err);
- return svn_ra_svn__flush(conn, scratch_pool);
+ /* Report these errors to the client before closing the connection. */
+ err = svn_error_compose_create(err,
+ svn_ra_svn__write_cmd_failure(conn, scratch_pool, err));
+ err = svn_error_compose_create(err,
+ svn_ra_svn__flush(conn, scratch_pool));
+ return err;
}
SVN_ERR(svn_fs_get_uuid(b->repository->fs, &b->repository->uuid,

11
SPECS/subversion.spec
View File

@ -37,7 +37,7 @@
Summary: A Modern Concurrent Version Control System Summary: A Modern Concurrent Version Control System
Name: subversion Name: subversion
Version: 1.10.2 Version: 1.10.2
Release: 1%{?dist} Release: 2%{?dist}
License: ASL 2.0 License: ASL 2.0
Group: Development/Tools Group: Development/Tools
URL: https://subversion.apache.org/ URL: https://subversion.apache.org/
@ -54,6 +54,7 @@ Patch1: subversion-1.10.0-rpath.patch
Patch2: subversion-1.10.0-pie.patch Patch2: subversion-1.10.0-pie.patch
Patch4: subversion-1.8.0-rubybind.patch Patch4: subversion-1.8.0-rubybind.patch
Patch5: subversion-1.8.5-swigplWall.patch Patch5: subversion-1.8.5-swigplWall.patch
Patch6: subversion-1.10.2-CVE-2019-0203.patch
BuildRequires: autoconf, libtool, texinfo, which BuildRequires: autoconf, libtool, texinfo, which
BuildRequires: swig >= 1.3.24, gettext BuildRequires: swig >= 1.3.24, gettext
%if %{with bdb} %if %{with bdb}
@ -220,6 +221,7 @@ This package includes supplementary tools for use with Subversion.
%patch2 -p1 -b .pie %patch2 -p1 -b .pie
%patch4 -p1 -b .rubybind %patch4 -p1 -b .rubybind
%patch5 -p1 -b .swigplWall %patch5 -p1 -b .swigplWall
%patch6 -p1 -b .cve0203
%build %build
# Regenerate the buildsystem, so that: # Regenerate the buildsystem, so that:
@ -542,6 +544,13 @@ make check-javahl
%endif %endif
%changelog %changelog
* Wed Aug 7 2019 Joe Orton <jorton@redhat.com> - 1.10.2-2
- rebuild to ensure NVR ordering (#1696354)
* Thu Aug 01 2019 Lubos Uhliarik <luhliari@redhat.com> - 1.10.2-1.1
- Resolves: #1733442 - CVE-2019-0203 subversion:1.10/subversion: remote
unauthenticated denial-of-service in subversion svnserve
* Fri Jul 20 2018 Joe Orton <jorton@redhat.com> - 1.10.2-1 * Fri Jul 20 2018 Joe Orton <jorton@redhat.com> - 1.10.2-1
- update to 1.10.2 (#1603197) - update to 1.10.2 (#1603197)