From 1912fd5b833eb8d653da39e538d98b1edaf02926 Mon Sep 17 00:00:00 2001 From: fly_fzc <2385803914@qq.com> Date: Wed, 9 Oct 2024 11:05:29 +0800 Subject: [PATCH] fix CVE-2024-45720 (cherry picked from commit 4f9876bfc9f34a359cb0459be0e8f49470b24b41) --- backport-CVE-2024-45720.patch | 805 ++++++++++++++++++++++++++++++++++ subversion.spec | 6 +- 2 files changed, 810 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-45720.patch diff --git a/backport-CVE-2024-45720.patch b/backport-CVE-2024-45720.patch new file mode 100644 index 0000000..4f39e85 --- /dev/null +++ b/backport-CVE-2024-45720.patch @@ -0,0 +1,805 @@ +From df2748f7e2a973c67b0dd338bbe27d2d92a55130 Mon Sep 17 00:00:00 2001 +From: Stefan Sperling +Date: Tue, 8 Oct 2024 09:16:50 +0000 +Subject: [PATCH] Committing the fix for CVE-2024-45720 to trunk. + +(detailed log message remains to be filled in here) + +Patch by: kotkov, jun66j5 + + +git-svn-id: https://svn.apache.org/repos/asf/subversion/trunk@1921181 13f79535-47bb-0310-9956-ffa450edef68 +--- + build.conf | 4 +- + .../include/private/svn_cmdline_private.h | 28 +++++++++ + subversion/libsvn_subr/cmdline.c | 57 +++++++++++++++++++ + subversion/svn/svn.c | 10 +++- + subversion/svnadmin/svnadmin.c | 10 +++- + subversion/svnbench/svnbench.c | 10 +++- + subversion/svndumpfilter/svndumpfilter.c | 10 +++- + subversion/svnfsfs/svnfsfs.c | 10 +++- + subversion/svnlook/svnlook.c | 10 +++- + subversion/svnmucc/svnmucc.c | 10 +++- + subversion/svnrdump/svnrdump.c | 10 +++- + subversion/svnserve/svnserve.c | 11 +++- + subversion/svnsync/svnsync.c | 10 +++- + subversion/svnversion/svnversion.c | 10 +++- + .../svn-mergeinfo-normalizer.c | 10 +++- + tools/client-side/svnconflict/svnconflict.c | 10 +++- + .../svnraisetreeconflict.c | 10 +++- + tools/dev/wc-ng/svn-wc-db-tester.c | 10 +++- + tools/server-side/svnauthz.c | 12 +++- + 19 files changed, 217 insertions(+), 35 deletions(-) + +diff --git a/build.conf b/build.conf +index 1402000743..3dbb8db50b 100644 +--- a/build.conf ++++ b/build.conf +@@ -150,7 +150,7 @@ libs = libsvn_client libsvn_wc libsvn_ra libsvn_delta libsvn_diff libsvn_subr + apriconv apr + manpages = subversion/svn/svn.1 + install = bin +-msvc-libs = setargv.obj ++msvc-libs = wsetargv.obj + + # The subversion repository administration tool + [svnadmin] +@@ -160,7 +160,7 @@ path = subversion/svnadmin + install = bin + manpages = subversion/svnadmin/svnadmin.1 + libs = libsvn_repos libsvn_fs libsvn_delta libsvn_subr apriconv apr +-msvc-libs = setargv.obj ++msvc-libs = wsetargv.obj + + # The subversion repository dump filtering tool + [svndumpfilter] +diff --git a/subversion/include/private/svn_cmdline_private.h b/subversion/include/private/svn_cmdline_private.h +index ac5fb7b079..aa8bb7bcca 100644 +--- a/subversion/include/private/svn_cmdline_private.h ++++ b/subversion/include/private/svn_cmdline_private.h +@@ -278,6 +278,34 @@ svn_cmdline__stdin_readline(const char **result, + apr_pool_t *result_pool, + apr_pool_t *scratch_pool); + ++#if defined(WIN32) ++/* Normalizes Windows-specific command line arguments, such as those passed ++ to wmain(), to the environment-specific code page. */ ++svn_error_t * ++svn_cmdline__win32_get_cstring_argv(const char **cstring_argv_p[], ++ int argc, ++ const wchar_t *argv[], ++ apr_pool_t *result_pool); ++#endif ++ ++/* Default platform-agnostic handler that normalizes command line arguments ++ to the environment-specific code page. */ ++svn_error_t * ++svn_cmdline__default_get_cstring_argv(const char **cstring_argv_p[], ++ int argc, ++ const char *argv[], ++ apr_pool_t *result_pool); ++ ++#if defined(WIN32) && defined(_MSC_VER) ++typedef wchar_t svn_cmdline__argv_char_t; ++#define SVN_CMDLINE__MAIN wmain ++#define svn_cmdline__get_cstring_argv svn_cmdline__win32_get_cstring_argv ++#else ++typedef char svn_cmdline__argv_char_t; ++#define SVN_CMDLINE__MAIN main ++#define svn_cmdline__get_cstring_argv svn_cmdline__default_get_cstring_argv ++#endif ++ + #ifdef __cplusplus + } + #endif /* __cplusplus */ +diff --git a/subversion/libsvn_subr/cmdline.c b/subversion/libsvn_subr/cmdline.c +index 6bfc68b3b5..307f0bb865 100644 +--- a/subversion/libsvn_subr/cmdline.c ++++ b/subversion/libsvn_subr/cmdline.c +@@ -1898,3 +1898,60 @@ svn_cmdline__cancellation_exit(void) + #endif + } + } ++ ++#if defined(WIN32) ++ ++svn_error_t * ++svn_cmdline__win32_get_cstring_argv(const char **cstring_argv_p[], ++ int argc, ++ const wchar_t *argv[], ++ apr_pool_t *result_pool) ++{ ++ apr_array_header_t *cstring_argv; ++ int i; ++ ++ cstring_argv = apr_array_make(result_pool, argc + 1, sizeof(const char *)); ++ ++ for (i = 0; i < argc; i++) ++ { ++ const wchar_t *arg = argv[i]; ++ char *cstring_arg; ++ int rv; ++ ++ /* Passing -1 for the string length guarantees that the returned length ++ will account for a terminating null character. */ ++ rv = WideCharToMultiByte(CP_ACP, 0, arg, -1, NULL, 0, NULL, NULL); ++ if (rv <= 0) ++ { ++ return svn_error_wrap_apr(apr_get_os_error(), ++ _("Conversion from UTF-16 failed")); ++ } ++ ++ cstring_arg = apr_palloc(result_pool, rv); ++ rv = WideCharToMultiByte(CP_ACP, 0, arg, -1, cstring_arg, rv, NULL, NULL); ++ if (rv <= 0) ++ { ++ return svn_error_wrap_apr(apr_get_os_error(), ++ _("Conversion from UTF-16 failed")); ++ } ++ ++ APR_ARRAY_PUSH(cstring_argv, const char *) = cstring_arg; ++ } ++ ++ APR_ARRAY_PUSH(cstring_argv, const char *) = NULL; ++ ++ *cstring_argv_p = (const char **)cstring_argv->elts; ++ return SVN_NO_ERROR; ++} ++ ++#endif ++ ++svn_error_t * ++svn_cmdline__default_get_cstring_argv(const char **cstring_argv_p[], ++ int argc, ++ const char *argv[], ++ apr_pool_t *result_pool) ++{ ++ *cstring_argv_p = argv; ++ return SVN_NO_ERROR; ++} +diff --git a/subversion/svn/svn.c b/subversion/svn/svn.c +index 79a4f3b0f9..46c6327aba 100644 +--- a/subversion/svn/svn.c ++++ b/subversion/svn/svn.c +@@ -2200,7 +2200,10 @@ parse_compatible_version(svn_cl__opt_state_t* opt_state, + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + svn_error_t *err; + int opt_id; +@@ -2226,12 +2229,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + apr_hash_t *cfg_hash; + svn_membuf_t buf; + svn_boolean_t read_pass_from_stdin = FALSE; ++ const char **argv; + + received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int)); + + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + #if defined(WIN32) || defined(__CYGWIN__) + /* Set the working copy administrative directory name. */ + if (getenv("SVN_ASP_DOT_NET_HACK")) +@@ -3444,7 +3450,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/subversion/svnadmin/svnadmin.c b/subversion/svnadmin/svnadmin.c +index 25650cb7db..d54d3925b6 100644 +--- a/subversion/svnadmin/svnadmin.c ++++ b/subversion/svnadmin/svnadmin.c +@@ -3053,7 +3053,10 @@ subcommand_build_repcache(apr_getopt_t *os, void *baton, apr_pool_t *pool) + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + svn_error_t *err; + apr_status_t apr_err; +@@ -3065,12 +3068,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + apr_array_header_t *received_opts; + int i; + svn_boolean_t dash_F_arg = FALSE; ++ const char **argv; + + received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int)); + + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + /* Initialize the FS library. */ + SVN_ERR(svn_fs_initialize(pool)); + +@@ -3450,7 +3456,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/subversion/svnbench/svnbench.c b/subversion/svnbench/svnbench.c +index 4326edbfa7..3be98eeac7 100644 +--- a/subversion/svnbench/svnbench.c ++++ b/subversion/svnbench/svnbench.c +@@ -386,7 +386,10 @@ add_search_pattern_group(svn_cl__opt_state_t *opt_state, + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + svn_error_t *err; + int opt_id; +@@ -405,6 +408,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + ra_progress_baton_t ra_progress_baton = {0}; + svn_membuf_t buf; + svn_boolean_t read_pass_from_stdin = FALSE; ++ const char **argv; + + received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int)); + +@@ -414,6 +418,8 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + #if defined(WIN32) || defined(__CYGWIN__) + /* Set the working copy administrative directory name. */ + if (getenv("SVN_ASP_DOT_NET_HACK")) +@@ -979,7 +985,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/subversion/svndumpfilter/svndumpfilter.c b/subversion/svndumpfilter/svndumpfilter.c +index a948b3a4ce..272303be3c 100644 +--- a/subversion/svndumpfilter/svndumpfilter.c ++++ b/subversion/svndumpfilter/svndumpfilter.c +@@ -1291,7 +1291,10 @@ subcommand_include(apr_getopt_t *os, void *baton, apr_pool_t *pool) + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + svn_error_t *err; + apr_status_t apr_err; +@@ -1302,10 +1305,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + int opt_id; + apr_array_header_t *received_opts; + int i; ++ const char **argv; + + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int)); + + /* Initialize the FS library. */ +@@ -1564,7 +1570,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/subversion/svnfsfs/svnfsfs.c b/subversion/svnfsfs/svnfsfs.c +index 6fcb792cc5..1ff49fa9d2 100644 +--- a/subversion/svnfsfs/svnfsfs.c ++++ b/subversion/svnfsfs/svnfsfs.c +@@ -228,7 +228,10 @@ subcommand__help(apr_getopt_t *os, void *baton, apr_pool_t *pool) + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + svn_error_t *err; + apr_status_t apr_err; +@@ -239,12 +242,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + int opt_id; + apr_array_header_t *received_opts; + int i; ++ const char **argv; + + received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int)); + + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + /* Initialize the FS library. */ + SVN_ERR(svn_fs_initialize(pool)); + +@@ -473,7 +479,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/subversion/svnlook/svnlook.c b/subversion/svnlook/svnlook.c +index 59bd0f9c0a..3035783920 100644 +--- a/subversion/svnlook/svnlook.c ++++ b/subversion/svnlook/svnlook.c +@@ -2466,7 +2466,10 @@ subcommand_uuid(apr_getopt_t *os, void *baton, apr_pool_t *pool) + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + svn_error_t *err; + apr_status_t apr_err; +@@ -2477,12 +2480,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + int opt_id; + apr_array_header_t *received_opts; + int i; ++ const char **argv; + + received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int)); + + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + /* Initialize the FS library. */ + SVN_ERR(svn_fs_initialize(pool)); + +@@ -2850,7 +2856,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/subversion/svnmucc/svnmucc.c b/subversion/svnmucc/svnmucc.c +index c3e9d26ac5..3cf5dc38ea 100644 +--- a/subversion/svnmucc/svnmucc.c ++++ b/subversion/svnmucc/svnmucc.c +@@ -467,7 +467,10 @@ log_message_func(const char **log_msg, + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + apr_array_header_t *actions = apr_array_make(pool, 1, + sizeof(struct action *)); +@@ -533,10 +536,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + struct log_message_baton lmb; + int i; + svn_boolean_t read_pass_from_stdin = FALSE; ++ const char **argv; + + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + /* Initialize the RA library. */ + SVN_ERR(svn_ra_initialize(pool)); + +@@ -980,7 +986,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/subversion/svnrdump/svnrdump.c b/subversion/svnrdump/svnrdump.c +index 500a5f9ea3..aa88b4f0af 100644 +--- a/subversion/svnrdump/svnrdump.c ++++ b/subversion/svnrdump/svnrdump.c +@@ -784,7 +784,10 @@ validate_and_resolve_revisions(opt_baton_t *opt_baton, + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + svn_error_t *err = SVN_NO_ERROR; + const svn_opt_subcommand_desc3_t *subcommand = NULL; +@@ -806,6 +809,9 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + apr_array_header_t *received_opts; + int i; + svn_boolean_t read_pass_from_stdin = FALSE; ++ const char **argv; ++ ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); + + opt_baton = apr_pcalloc(pool, sizeof(*opt_baton)); + opt_baton->start_revision.kind = svn_opt_revision_unspecified; +@@ -1155,7 +1161,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/subversion/svnserve/svnserve.c b/subversion/svnserve/svnserve.c +index a69155fa74..1cdb751b30 100644 +--- a/subversion/svnserve/svnserve.c ++++ b/subversion/svnserve/svnserve.c +@@ -721,7 +721,10 @@ check_lib_versions(void) + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + enum run_mode run_mode = run_mode_unspecified; + svn_boolean_t foreground = FALSE; +@@ -760,6 +763,8 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + svn_node_kind_t kind; + apr_size_t min_thread_count = THREADPOOL_MIN_SIZE; + apr_size_t max_thread_count = THREADPOOL_MAX_SIZE; ++ const char **argv; ++ + #ifdef SVN_HAVE_SASL + SVN_ERR(cyrus_init(pool)); + #endif +@@ -767,6 +772,8 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + /* Initialize the FS library. */ + SVN_ERR(svn_fs_initialize(pool)); + +@@ -1422,7 +1429,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/subversion/svnsync/svnsync.c b/subversion/svnsync/svnsync.c +index 7c1c0efbf7..12b1c989e1 100644 +--- a/subversion/svnsync/svnsync.c ++++ b/subversion/svnsync/svnsync.c +@@ -1963,7 +1963,10 @@ help_cmd(apr_getopt_t *os, void *baton, apr_pool_t *pool) + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + const svn_opt_subcommand_desc3_t *subcommand = NULL; + apr_array_header_t *received_opts; +@@ -1978,10 +1981,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + apr_array_header_t *config_options = NULL; + const char *source_prop_encoding = NULL; + svn_boolean_t force_interactive = FALSE; ++ const char **argv; + + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + SVN_ERR(svn_ra_initialize(pool)); + + /* Initialize the option baton. */ +@@ -2402,7 +2408,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/subversion/svnversion/svnversion.c b/subversion/svnversion/svnversion.c +index da65800467..111db531fd 100644 +--- a/subversion/svnversion/svnversion.c ++++ b/subversion/svnversion/svnversion.c +@@ -124,7 +124,10 @@ check_lib_versions(void) + * program. Obviously we don't want to have to run svn when building svn. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + const char *wc_path, *trail_url; + const char *local_abspath; +@@ -146,10 +149,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + N_("no progress (only errors) to stderr")}, + {0, 0, 0, 0} + }; ++ const char **argv; + + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + #if defined(WIN32) || defined(__CYGWIN__) + /* Set the working copy administrative directory name. */ + if (getenv("SVN_ASP_DOT_NET_HACK")) +@@ -289,7 +295,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c b/tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c +index 529621bf7e..1973c6ea3d 100644 +--- a/tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c ++++ b/tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c +@@ -408,7 +408,10 @@ svn_min__check_cancel(void *baton) + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + svn_error_t *err; + int opt_id; +@@ -425,12 +428,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + svn_boolean_t force_interactive = FALSE; + apr_hash_t *cfg_hash; + svn_boolean_t read_pass_from_stdin = FALSE; ++ const char **argv; + + received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int)); + + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + #if defined(WIN32) || defined(__CYGWIN__) + /* Set the working copy administrative directory name. */ + if (getenv("SVN_ASP_DOT_NET_HACK")) +@@ -946,7 +952,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/tools/client-side/svnconflict/svnconflict.c b/tools/client-side/svnconflict/svnconflict.c +index 572e0f1c72..be934f23c4 100644 +--- a/tools/client-side/svnconflict/svnconflict.c ++++ b/tools/client-side/svnconflict/svnconflict.c +@@ -632,7 +632,10 @@ svnconflict_resolve_tree(apr_getopt_t *os, void *baton, apr_pool_t *pool) + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + svn_error_t *err; + int opt_id; +@@ -647,12 +650,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + svn_config_t *cfg_config; + apr_hash_t *cfg_hash; + svn_boolean_t read_pass_from_stdin = FALSE; ++ const char **argv; + + received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int)); + + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + #if defined(WIN32) || defined(__CYGWIN__) + /* Set the working copy administrative directory name. */ + if (getenv("SVN_ASP_DOT_NET_HACK")) +@@ -949,7 +955,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/tools/dev/svnraisetreeconflict/svnraisetreeconflict.c b/tools/dev/svnraisetreeconflict/svnraisetreeconflict.c +index a68b5d2d8e..784c9bd8e9 100644 +--- a/tools/dev/svnraisetreeconflict/svnraisetreeconflict.c ++++ b/tools/dev/svnraisetreeconflict/svnraisetreeconflict.c +@@ -302,7 +302,10 @@ check_lib_versions(void) + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + apr_getopt_t *os; + const apr_getopt_option_t options[] = +@@ -313,10 +316,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + {0, 0, 0, 0} + }; + apr_array_header_t *remaining_argv; ++ const char **argv; + + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + #if defined(WIN32) || defined(__CYGWIN__) + /* Set the working copy administrative directory name. */ + if (getenv("SVN_ASP_DOT_NET_HACK")) +@@ -383,7 +389,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/tools/dev/wc-ng/svn-wc-db-tester.c b/tools/dev/wc-ng/svn-wc-db-tester.c +index ba63b63680..43cb6b0764 100644 +--- a/tools/dev/wc-ng/svn-wc-db-tester.c ++++ b/tools/dev/wc-ng/svn-wc-db-tester.c +@@ -156,7 +156,10 @@ check_lib_versions(void) + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + apr_getopt_t *os; + const apr_getopt_option_t options[] = +@@ -167,10 +170,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + {0, 0, 0, 0} + }; + apr_array_header_t *remaining_argv; ++ const char **argv; + + /* Check library versions */ + SVN_ERR(check_lib_versions()); + ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); ++ + #if defined(WIN32) || defined(__CYGWIN__) + /* Set the working copy administrative directory name. */ + if (getenv("SVN_ASP_DOT_NET_HACK")) +@@ -237,7 +243,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; +diff --git a/tools/server-side/svnauthz.c b/tools/server-side/svnauthz.c +index 310757ca46..94d28cc4be 100644 +--- a/tools/server-side/svnauthz.c ++++ b/tools/server-side/svnauthz.c +@@ -490,7 +490,10 @@ canonicalize_access_file(const char **canonicalized_access_file, + * return SVN_NO_ERROR. + */ + static svn_error_t * +-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) ++sub_main(int *exit_code, ++ int argc, ++ const svn_cmdline__argv_char_t *cmdline_argv[], ++ apr_pool_t *pool) + { + svn_error_t *err; + +@@ -499,6 +502,9 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + apr_getopt_t *os; + apr_array_header_t *received_opts; + int i; ++ const char **argv; ++ ++ SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool)); + + /* Initialize the FS library. */ + SVN_ERR(svn_fs_initialize(pool)); +@@ -752,14 +758,14 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool) + } + + int +-main(int argc, const char *argv[]) ++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[]) + { + apr_pool_t *pool; + int exit_code = EXIT_SUCCESS; + svn_error_t *err; + + /* Initialize the app. Send all error messages to 'stderr'. */ +- if (svn_cmdline_init(argv[0], stderr) != EXIT_SUCCESS) ++ if (svn_cmdline_init("svnauthz", stderr) != EXIT_SUCCESS) + return EXIT_FAILURE; + + pool = svn_pool_create(NULL); +-- +2.33.0 + diff --git a/subversion.spec b/subversion.spec index 34417f8..f635ecc 100644 --- a/subversion.spec +++ b/subversion.spec @@ -10,7 +10,7 @@ Summary: Subversion, a version control system. Name: subversion Version: 1.14.3 -Release: 4 +Release: 5 License: ASL 2.0 URL: https://subversion.apache.org/ @@ -25,6 +25,7 @@ Patch5: subversion-1.14.3-fix-build-errors.patch %if "%{?toolchain}" == "clang" Patch6: support-clang-build.patch %endif +Patch7: backport-CVE-2024-45720.patch BuildRequires: autoconf libtool texinfo which swig gettext apr-devel apr-util-devel libserf-devel cyrus-sasl-devel sqlite-devel file-devel utf8proc-devel lz4-devel apr-util-openssl dbus-devel, libsecret-devel httpd-devel Requires: httpd @@ -318,6 +319,9 @@ make check-javahl %endif %changelog +* Wed Oct 09 2024 fuanan - 1.14.3-5 +- fix CVE-2024-45720 + * Mon Apr 1 2024 luofeng - 1.14.3-4 - Type:enhencement - CVE:NA -- Gitee