Ubuntu
subversion package

Merge lp:~jtaylor/ubuntu/oneiric/subversion/sasl-crash-881862 into lp:ubuntu/oneiric/subversion

  1. Oneiric (11.10)
  2. sasl-crash-881862
  3. Merge into oneiric
Proposed by Julian Taylor
Status: Merged
Approved by: James Westby
Approved revision: 55
Merge reported by: James Westby
Merged at revision: not available
Proposed branch: lp:~jtaylor/ubuntu/oneiric/subversion/sasl-crash-881862
Merge into: lp:ubuntu/oneiric/subversion
Diff against target: 62 lines (+42/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/sasl-mem-handling (+34/-0)
debian/patches/series (+1/-0)
To merge this branch: bzr merge lp:~jtaylor/ubuntu/oneiric/subversion/sasl-crash-881862
Reviewer Review Type Date Requested Status
Serge Hallyn Approve
Micah Gersten (community) Needs Fixing
Ubuntu branches Pending
Review via email: mp+85228@code.launchpad.net

Description of the change

picked the sasl-mem-handling patch from 1.6.17dfsg-2 to fix crashes on repos using sasl auth, see the associated bugs.

To post a comment you must log in.
Revision history for this message
Micah Gersten (micahg) wrote :

Thank you for working on this. It seems like you're missing the DEP-3 headers in the patch (http://dep.debian.net/deps/dep3/), as well as a test case in the bug. Otherwise, this looks fine (though I haven't test built it yet).

review: Needs Fixing
lp:~jtaylor/ubuntu/oneiric/subversion/sasl-crash-881862 updated
55. By Julian Taylor

add dep3 patch headers to sasl patch

Revision history for this message
Julian Taylor (jtaylor) wrote :

sorry about that, added headers and updated the bug.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks, Julian, the updates look good. I'm waiting for the test build, and then will hit Approve and (seek someone to) upload.

Thank you for working on this.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Merged source builds, and tests passed for me.

review: Approve
Revision history for this message
Evan Broder (broder) wrote :

I've uploaded this to oneiric-proposed, but can't adjust the branch status

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2011-08-05 10:53:00 +0000
3+++ debian/changelog 2011-12-11 14:45:29 +0000
4@@ -1,3 +1,10 @@
5+subversion (1.6.12dfsg-4ubuntu5.1) oneiric-proposed; urgency=low
6+
7+ * patches/sasl-mem-handling: patch from 1.6.17dfsg-2 to fix a crash with
8+ svn:// URLs and SASL authentication. (LP: #881862)
9+
10+ -- Julian Taylor <jtaylor@ubuntu.com> Sat, 10 Dec 2011 16:45:12 +0100
11+
12 subversion (1.6.12dfsg-4ubuntu5) oneiric; urgency=low
13
14 * SECURITY UPDATE: denial of service via baselined WebDAV resource
15
16=== added file 'debian/patches/sasl-mem-handling'
17--- debian/patches/sasl-mem-handling 1970-01-01 00:00:00 +0000
18+++ debian/patches/sasl-mem-handling 2011-12-11 14:45:29 +0000
19@@ -0,0 +1,34 @@
20+Subject: Fix a memory lifetime issue with sasl
21+ causes SASL auth with svn:// URLs to crash.
22+Origin: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_ra_svn/cyrus_auth.c?r1=1160604&r2=1166678
23+Bug-Ubuntu: https://bugs.launchpad.net/bugs/881862
24+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631765
25+Applied-Upstream: r1166555, r1166678
26+
27+--- a/subversion/libsvn_ra_svn/cyrus_auth.c
28++++ b/subversion/libsvn_ra_svn/cyrus_auth.c
29+@@ -730,9 +730,7 @@ svn_ra_svn__do_cyrus_auth(svn_ra_svn__se
30+ const char *mechstring = "", *last_err = "", *realmstring;
31+ const char *local_addrport = NULL, *remote_addrport = NULL;
32+ svn_boolean_t success;
33+- /* Reserve space for 3 callbacks (for the username, password and the
34+- array terminator). */
35+- sasl_callback_t callbacks[3];
36++ sasl_callback_t *callbacks;
37+ cred_baton_t cred_baton;
38+ int i;
39+
40+@@ -768,6 +766,13 @@ svn_ra_svn__do_cyrus_auth(svn_ra_svn__se
41+ cred_baton.realmstring = realmstring;
42+ cred_baton.pool = pool;
43+
44++ /* Reserve space for 3 callbacks (for the username, password and the
45++ array terminator). These structures must persist until the
46++ disposal of the SASL context at pool cleanup, however the
47++ callback functions will not be invoked outside this function so
48++ other structures can have a shorter lifetime. */
49++ callbacks = apr_palloc(sess->conn->pool, sizeof(*callbacks) * 3);
50++
51+ /* Initialize the callbacks array. */
52+
53+ /* The username callback. */
54
55=== modified file 'debian/patches/series'
56--- debian/patches/series 2011-08-05 10:53:00 +0000
57+++ debian/patches/series 2011-12-11 14:45:29 +0000
58@@ -30,3 +30,4 @@
59 CVE-2011-1752.patch
60 CVE-2011-1783.patch
61 CVE-2011-1921.patch
62+sasl-mem-handling

Subscribers

People subscribed via source and target branches

to all changes: