diffstat for subversion_1.9.3-2ubuntu1.1 subversion_1.9.3-2ubuntu1.2 debian/patches/perl-swig-crash | 188 +++++++++++++++++++++++++++++++++ subversion-1.9.3/debian/changelog | 7 + subversion-1.9.3/debian/patches/series | 1 3 files changed, 196 insertions(+) diff -u subversion-1.9.3/debian/changelog subversion-1.9.3/debian/changelog --- subversion-1.9.3/debian/changelog +++ subversion-1.9.3/debian/changelog @@ -1,3 +1,10 @@ +subversion (1.9.3-2ubuntu1.2) xenial; urgency=medium + + * Backport patches/perl-swig-crash from upstream to fix crashes with Perl + bindings, commonly seen when using git-svn (Closes: LP#1451028) + + -- James McCoy Wed, 14 Mar 2018 22:29:16 -0400 + subversion (1.9.3-2ubuntu1.1) xenial-security; urgency=medium * SECURITY UPDATE: Arbitrary code execution on clients through diff -u subversion-1.9.3/debian/patches/series subversion-1.9.3/debian/patches/series --- subversion-1.9.3/debian/patches/series +++ subversion-1.9.3/debian/patches/series @@ -23,0 +24 @@ +perl-swig-crash only in patch2: unchanged: --- subversion-1.9.3.orig/debian/patches/perl-swig-crash +++ subversion-1.9.3/debian/patches/perl-swig-crash @@ -0,0 +1,188 @@ +------------------------------------------------------------------------ +r1683266 | rschupp | 2015-06-03 05:50:59 -0400 (Wed, 03 Jun 2015) | 8 lines + +* subversion/bindings/swig/include/svn_types.swg: + Bracket calls with PUTBACK/SPAGAIN to helper functions + that call back into Perl: + - svn_swig_pl_make_stream + - svn_swig_pl_from_stream + - svn_swig_pl_from_md5 + Note: calls in typemaps need only SPAGAIN. + + +Index: trunk/subversion/bindings/swig/include/svn_types.swg +=================================================================== +--- trunk/subversion/bindings/swig/include/svn_types.swg (revision 1683265) ++++ trunk/subversion/bindings/swig/include/svn_types.swg (revision 1683266) +@@ -935,15 +935,24 @@ + #ifdef SWIGPERL + %typemap(in) svn_stream_t * { + svn_swig_pl_make_stream (&$1, $input); ++ SPAGAIN; + } + + %typemap(out) svn_stream_t * { +- $result = svn_swig_pl_from_stream ($1); ++ SV* tmp; ++ PUTBACK; ++ tmp = svn_swig_pl_from_stream ($1); ++ SPAGAIN; ++ $result = tmp; + argvi++; + } + + %typemap(argout) svn_stream_t ** { +- %append_output(svn_swig_pl_from_stream(*$1)); ++ SV *tmp; ++ PUTBACK; ++ tmp = svn_swig_pl_from_stream(*$1); ++ SPAGAIN; ++ %append_output(tmp); + } + #endif + +@@ -1116,7 +1125,11 @@ + } + + %typemap(argout) unsigned char *result_digest { +- %append_output(svn_swig_pl_from_md5($1)); ++ SV *tmp; ++ PUTBACK; ++ tmp = svn_swig_pl_from_md5($1); ++ SPAGAIN; ++ %append_output(tmp); + } + #endif + +------------------------------------------------------------------------ +r1683267 | rschupp | 2015-06-03 05:56:16 -0400 (Wed, 03 Jun 2015) | 8 lines + +* subversion/bindings/swig/core.i, subversion/bindings/swig/svn_client.i, + subversion/bindings/swig/include/svn_containers.swg, + subversion/bindings/swig/include/svn_string.swg, + subversion/bindings/swig/include/svn_types.swg: + Bracket calls with PUTBACK/SPAGAIN to helper function svn_swig_pl_make_pool + as it calls back into Perl. + Note: calls in typemaps need only SPAGAIN. + + +Index: trunk/subversion/bindings/swig/include/svn_containers.swg +=================================================================== +--- trunk/subversion/bindings/swig/include/svn_containers.swg (revision 1683266) ++++ trunk/subversion/bindings/swig/include/svn_containers.swg (revision 1683267) +@@ -269,8 +269,10 @@ + %typemap(in) apr_hash_t *PROPHASH + (apr_pool_t *_global_pool = NULL) + { +- if (_global_pool == NULL) ++ if (_global_pool == NULL) { + _global_pool = svn_swig_pl_make_pool((SV *)NULL); ++ SPAGAIN; ++ } + $1 = svn_swig_pl_hash_to_prophash($input, _global_pool); + } + %typemap(out) apr_hash_t *PROPHASH +Index: trunk/subversion/bindings/swig/include/svn_string.swg +=================================================================== +--- trunk/subversion/bindings/swig/include/svn_string.swg (revision 1683266) ++++ trunk/subversion/bindings/swig/include/svn_string.swg (revision 1683267) +@@ -90,6 +90,7 @@ + %typemap(in) svn_stringbuf_t * { + apr_size_t len; + char *buf; ++ apr_pool_t *pool; + + if (!SvOK($input)) { + $1 = NULL; +@@ -97,8 +98,9 @@ + buf = SvPV($input, len); + /* Another case of ugly pool handling, this should use the current + default pool, or make a new one if it doesn't exist yet */ +- $1 = svn_stringbuf_ncreate(buf,len, +- svn_swig_pl_make_pool ((SV *)NULL)); ++ pool = svn_swig_pl_make_pool ((SV *)NULL); ++ SPAGAIN; ++ $1 = svn_stringbuf_ncreate(buf,len, pool); + } else { + croak("Not a string"); + } +Index: trunk/subversion/bindings/swig/core.i +=================================================================== +--- trunk/subversion/bindings/swig/core.i (revision 1683266) ++++ trunk/subversion/bindings/swig/core.i (revision 1683267) +@@ -532,8 +532,10 @@ + $1 = NULL; + } + else if (SvPOK($input)) { +- if (_global_pool == NULL) ++ if (_global_pool == NULL) { + _global_pool = svn_swig_pl_make_pool((SV *)NULL); ++ SPAGAIN; ++ } + $1 = apr_pstrdup(_global_pool, SvPV_nolen($input)); + } + else { +Index: trunk/subversion/bindings/swig/include/svn_types.swg +=================================================================== +--- trunk/subversion/bindings/swig/include/svn_types.swg (revision 1683266) ++++ trunk/subversion/bindings/swig/include/svn_types.swg (revision 1683267) +@@ -548,6 +548,7 @@ + %typemap(in) apr_pool_t *pool ""; + %typemap(default) apr_pool_t *pool(apr_pool_t *_global_pool) { + _global_pool = $1 = svn_swig_pl_make_pool (ST(items-1)); ++ SPAGAIN; + } + #endif + #ifdef SWIGRUBY +@@ -1183,8 +1184,10 @@ + %typemap(in) svn_opt_revision_t * + (svn_opt_revision_t rev, apr_pool_t *_global_pool = NULL) + { +- if (_global_pool == NULL) ++ if (_global_pool == NULL) { + _global_pool = svn_swig_pl_make_pool((SV *)NULL); ++ SPAGAIN; ++ } + $1 = svn_swig_pl_set_revision(&rev, $input, TRUE, _global_pool); + } + #endif +Index: trunk/subversion/bindings/swig/svn_client.i +=================================================================== +--- trunk/subversion/bindings/swig/svn_client.i (revision 1683266) ++++ trunk/subversion/bindings/swig/svn_client.i (revision 1683267) +@@ -293,8 +293,9 @@ + */ + #ifdef SWIGPERL + %typemap(in) apr_hash_t *config { +- $1 = svn_swig_pl_objs_to_hash_by_name ($input, "svn_config_t *", +- svn_swig_pl_make_pool ((SV *)NULL)); ++ apr_pool_t *pool = svn_swig_pl_make_pool ((SV *)NULL); ++ SPAGAIN; ++ $1 = svn_swig_pl_objs_to_hash_by_name ($input, "svn_config_t *", pool); + } + + %typemap(out) apr_hash_t *config { +------------------------------------------------------------------------ +r1683269 | rschupp | 2015-06-03 05:59:38 -0400 (Wed, 03 Jun 2015) | 4 lines + +* subversion/bindings/swig/include/svn_types.swg: + Bracket calls with PUTBACK/SPAGAIN to helper function + svn_swig_pl_callback_thunk as it calls back into Perl. + + +Index: trunk/subversion/bindings/swig/include/svn_types.swg +=================================================================== +--- trunk/subversion/bindings/swig/include/svn_types.swg (revision 1683268) ++++ trunk/subversion/bindings/swig/include/svn_types.swg (revision 1683269) +@@ -423,9 +423,11 @@ + if (SvOK(exception_handler)) { + SV *callback_result; + ++ PUTBACK; + svn_swig_pl_callback_thunk (CALL_SV, exception_handler, + &callback_result, "S", $1, + $1_descriptor); ++ SPAGAIN; + } else { + $result = SWIG_NewPointerObj($1, $1_descriptor, 0); + argvi++;