summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/subversion
diff options
context:
space:
mode:
authorYue Tao <Yue.Tao@windriver.com>2014-04-04 13:35:31 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-05-21 09:08:59 +0100
commit4fc1cff43b6babd898ff4c7f0217b8aa19ea2c5b (patch)
tree87d32c60360d459813934be97ca4c0097cdc4222 /meta/recipes-devtools/subversion
parent210460d0f03e6b43a1176fd1707f726f00bc041b (diff)
downloadpoky-4fc1cff43b6babd898ff4c7f0217b8aa19ea2c5b.tar.gz
subversion: fix for Security Advisory CVE-2013-1849
Reject operations on getcontentlength and getcontenttype properties if the resource is an activity. (From OE-Core rev: 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/subversion')
-rw-r--r--meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch25
-rw-r--r--meta/recipes-devtools/subversion/subversion_1.6.15.bb1
2 files changed, 26 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
new file mode 100644
index 0000000000..734f9b02e4
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
@@ -0,0 +1,25 @@
1Upstream-Status: Backport
2
3--- a/subversion/mod_dav_svn/liveprops.c
4+++ b/subversion/mod_dav_svn/liveprops.c
5@@ -410,7 +410,8 @@ insert_prop(const dav_resource *resource
6 svn_filesize_t len = 0;
7
8 /* our property, but not defined on collection resources */
9- if (resource->collection || resource->baselined)
10+ if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
11+ || resource->collection || resource->baselined)
12 return DAV_PROP_INSERT_NOTSUPP;
13
14 serr = svn_fs_file_length(&len, resource->info->root.root,
15@@ -434,7 +435,9 @@ insert_prop(const dav_resource *resource
16 svn_string_t *pval;
17 const char *mime_type = NULL;
18
19- if (resource->baselined && resource->type == DAV_RESOURCE_TYPE_VERSION)
20+ if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
21+ || (resource->baselined
22+ && resource->type == DAV_RESOURCE_TYPE_VERSION))
23 return DAV_PROP_INSERT_NOTSUPP;
24
25 if (resource->type == DAV_RESOURCE_TYPE_PRIVATE
diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
index f225671d0f..74cd149750 100644
--- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
@@ -13,6 +13,7 @@ SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
13 file://disable-revision-install.patch \ 13 file://disable-revision-install.patch \
14 file://libtool2.patch \ 14 file://libtool2.patch \
15 file://fix-install-depends.patch \ 15 file://fix-install-depends.patch \
16 file://subversion-CVE-2013-1849.patch \
16 " 17 "
17 18
18SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69" 19SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"