Author: svn-role
Date: Tue Mar 29 04:00:19 2022
New Revision: 1899329
URL: http://svn.apache.org/viewvc?rev=1899329&view=rev
Log:
Merge the 1.10.x-r1899227 branch:
* r1899227
Don't show unreadable copyfrom paths in 'svn log -v'
Justification:
Makes 'svn log -v' consistent with spec.
Branch:
1.10.x-r1899227
Votes:
+1: hartmannathan, dsahlberg, stsp
Modified:
subversion/branches/1.10.x/ (props changed)
subversion/branches/1.10.x/STATUS
subversion/branches/1.10.x/subversion/libsvn_repos/log.c
subversion/branches/1.10.x/subversion/tests/cmdline/authz_tests.py
Propchange: subversion/branches/1.10.x/
------------------------------------------------------------------------------
Merged /subversion/branches/1.10.x-r1899227:r1899231-1899328
Merged /subversion/trunk:r1899227
Modified: subversion/branches/1.10.x/STATUS
URL:
http://svn.apache.org/viewvc/subversion/branches/1.10.x/STATUS?rev=1899329&r1=1899328&r2=1899329&view=diff
==============================================================================
--- subversion/branches/1.10.x/STATUS (original)
+++ subversion/branches/1.10.x/STATUS Tue Mar 29 04:00:19 2022
@@ -31,15 +31,6 @@ Veto-blocked changes:
Approved changes:
=================
- * r1899227
- Don't show unreadable copyfrom paths in 'svn log -v'
- Justification:
- Makes 'svn log -v' consistent with spec.
- Branch:
- 1.10.x-r1899227
- Votes:
- +1: hartmannathan, dsahlberg, stsp
-
* r1883838, r1883989, r1886460, r1886582, r1892121
Add test coverage for CVE-2020-17525 (mod_authz_svn NULL deref)
Votes:
Modified: subversion/branches/1.10.x/subversion/libsvn_repos/log.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.10.x/subversion/libsvn_repos/log.c?rev=1899329&r1=1899328&r2=1899329&view=diff
==============================================================================
--- subversion/branches/1.10.x/subversion/libsvn_repos/log.c (original)
+++ subversion/branches/1.10.x/subversion/libsvn_repos/log.c Tue Mar 29
04:00:19 2022
@@ -337,42 +337,36 @@ detect_changed(svn_repos_revision_access
if ( (change->change_kind == svn_fs_path_change_add)
|| (change->change_kind == svn_fs_path_change_replace))
{
- const char *copyfrom_path = change->copyfrom_path;
- svn_revnum_t copyfrom_rev = change->copyfrom_rev;
-
/* the following is a potentially expensive operation since on FSFS
we will follow the DAG from ROOT to PATH and that requires
actually reading the directories along the way. */
if (!change->copyfrom_known)
{
- SVN_ERR(svn_fs_copied_from(©from_rev, ©from_path,
+ SVN_ERR(svn_fs_copied_from(&change->copyfrom_rev,
&change->copyfrom_path,
root, path, iterpool));
change->copyfrom_known = TRUE;
}
- if (copyfrom_path && SVN_IS_VALID_REVNUM(copyfrom_rev))
+ if (change->copyfrom_path &&
SVN_IS_VALID_REVNUM(change->copyfrom_rev))
{
- svn_boolean_t readable = TRUE;
-
if (callbacks->authz_read_func)
{
svn_fs_root_t *copyfrom_root;
+ svn_boolean_t readable;
SVN_ERR(svn_fs_revision_root(©from_root, fs,
- copyfrom_rev, iterpool));
+ change->copyfrom_rev,
iterpool));
SVN_ERR(callbacks->authz_read_func(&readable,
copyfrom_root,
- copyfrom_path,
+ change->copyfrom_path,
callbacks->authz_read_baton,
iterpool));
if (! readable)
- found_unreadable = TRUE;
- }
-
- if (readable)
- {
- change->copyfrom_path = copyfrom_path;
- change->copyfrom_rev = copyfrom_rev;
+ {
+ found_unreadable = TRUE;
+ change->copyfrom_path = NULL;
+ change->copyfrom_rev = SVN_INVALID_REVNUM;
+ }
}
}
}
Modified: subversion/branches/1.10.x/subversion/tests/cmdline/authz_tests.py
URL:
http://svn.apache.org/viewvc/subversion/branches/1.10.x/subversion/tests/cmdline/authz_tests.py?rev=1899329&r1=1899328&r2=1899329&view=diff
==============================================================================
--- subversion/branches/1.10.x/subversion/tests/cmdline/authz_tests.py
(original)
+++ subversion/branches/1.10.x/subversion/tests/cmdline/authz_tests.py Tue Mar
29 04:00:19 2022
@@ -1710,6 +1710,60 @@ def group_member_empty_string(sbox):
'--username', svntest.main.wc_author,
sbox.repo_url)
+@Skip(svntest.main.is_ra_type_file)
+def log_inaccessible_copyfrom(sbox):
+ "log doesn't leak inaccessible copyfrom paths"
+
+ sbox.build(empty=True)
+ sbox.simple_add_text('secret', 'private')
+ sbox.simple_commit(message='log message for r1')
+ sbox.simple_copy('private', 'public')
+ sbox.simple_commit(message='log message for r2')
+
+ svntest.actions.enable_revprop_changes(sbox.repo_dir)
+ # Remove svn:date and svn:author for predictable output.
+ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
+ '-r2', 'svn:date', sbox.repo_url)
+ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
+ '-r2', 'svn:author', sbox.repo_url)
+
+ write_restrictive_svnserve_conf(sbox.repo_dir)
+
+ # First test with blanket access.
+ write_authz_file(sbox,
+ {"/" : "* = rw"})
+ expected_output = svntest.verify.ExpectedOutput([
+
"------------------------------------------------------------------------\n",
+ "r2 | (no author) | (no date) | 1 line\n",
+ "Changed paths:\n",
+ " A /public (from /private:1)\n",
+ "\n",
+ "log message for r2\n",
+
"------------------------------------------------------------------------\n",
+ ])
+ svntest.actions.run_and_verify_svn(expected_output, [],
+ 'log', '-r2', '-v',
+ sbox.repo_url)
+
+ # Now test with an inaccessible copy source (/private).
+ write_authz_file(sbox,
+ {"/" : "* = rw"},
+ {"/private" : "* ="})
+ expected_output = svntest.verify.ExpectedOutput([
+
"------------------------------------------------------------------------\n",
+ "r2 | (no author) | (no date) | 1 line\n",
+ "Changed paths:\n",
+ # The copy is shown as a plain add with no copyfrom info.
+ " A /public\n",
+ "\n",
+ # No log message, as the revision is only partially visible.
+ "\n",
+
"------------------------------------------------------------------------\n",
+ ])
+ svntest.actions.run_and_verify_svn(expected_output, [],
+ 'log', '-r2', '-v',
+ sbox.repo_url)
+
########################################################################
# Run the tests
@@ -1749,6 +1803,7 @@ test_list = [ None,
remove_access_after_commit,
inverted_group_membership,
group_member_empty_string,
+ log_inaccessible_copyfrom,
]
serial_only = True
