packages/subversion
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2020-17525

Browse Source
This commit is contained in:
yixiangzhike 2021-02-22 17:28:32 +08:00
parent 1d5d5a485e
commit e627ee86fd
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
backport-CVE-2020-17525.patch Normal file
View File

@ -0,0 +1,26 @@
From: Stefan Sperling <stsp@apache.org>
Date: Fri, 29 Jan 2021 13:17:15 +0000
Subject: Fix a potential NULL dereference in the config file parser.
* subversion/libsvn_repos/config_file.c
(get_repos_config): svn_repos_find_root_path() may return NULL.
Check the return value accordingly.
---
subversion/libsvn_repos/config_file.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/subversion/libsvn_repos/config_file.c b/subversion/libsvn_repos/config_file.c
index 9187277..2414db9 100644
--- a/subversion/libsvn_repos/config_file.c
+++ b/subversion/libsvn_repos/config_file.c
@@ -237,6 +237,10 @@ get_repos_config(svn_stream_t **stream,
{
/* Search for a repository in the full path. */
repos_root_dirent = svn_repos_find_root_path(dirent, scratch_pool);
+ if (repos_root_dirent == NULL)
+ return svn_error_trace(handle_missing_file(stream, checksum, access,
+ url, must_exist,
+ svn_node_none));
/* Attempt to open a repository at repos_root_dirent. */
SVN_ERR(svn_repos_open3(&access->repos, repos_root_dirent, NULL,

10
subversion.spec
View File

@ -10,12 +10,14 @@
Summary: Subversion, a version control system. Summary: Subversion, a version control system.
Name: subversion Name: subversion
Version: 1.14.0 Version: 1.14.0
Release: 1 Release: 2
License: ASL 2.0 License: ASL 2.0
URL: https://subversion.apache.org/ URL: https://subversion.apache.org/
Source0: https://www.apache.org/dist/subversion/subversion-%{version}.tar.bz2 Source0: https://www.apache.org/dist/subversion/subversion-%{version}.tar.bz2
Patch1: backport-CVE-2020-17525.patch
BuildRequires: autoconf libtool texinfo which swig gettext libdb-devel apr-devel apr-util-devel libserf-devel cyrus-sasl-devel sqlite-devel file-devel utf8proc-devel lz4-devel apr-util-openssl dbus-devel, libsecret-devel httpd-devel git BuildRequires: autoconf libtool texinfo which swig gettext libdb-devel apr-devel apr-util-devel libserf-devel cyrus-sasl-devel sqlite-devel file-devel utf8proc-devel lz4-devel apr-util-openssl dbus-devel, libsecret-devel httpd-devel git
Requires: httpd Requires: httpd
@ -310,6 +312,12 @@ make check-javahl
%endif %endif
%changelog %changelog
* Mon Feb 22 2021 yixiangzhike<zhangxingliang3@huawei.com> - 1.14.0-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Fix CVE-2020-17525
* Sat Aug 1 2020 yang_zhuang_zhuang<yangzhuangzhuang1@huawei.com> - 1.14.0-1 * Sat Aug 1 2020 yang_zhuang_zhuang<yangzhuangzhuang1@huawei.com> - 1.14.0-1
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA