1 files changed, 130 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch b/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch
new file mode 100644
index 0000000000..a54d6944ed
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch
@@ -0,0 +1,130 @@
+Upstream-Status: Backport
+Index: tools/server-side/mod_dontdothat/mod_dontdothat.c
+===================================================================
+--- a/tools/server-side/mod_dontdothat/mod_dontdothat.c (revision 1239695)
+++ b/tools/server-side/mod_dontdothat/mod_dontdothat.c (revision 1542078)
+@@ -30,12 +30,15 @@
+ #include <util_filter.h>
+ #include <ap_config.h>
+ #include <apr_strings.h>
+#include <apr_uri.h>
+ 
+ #include <expat.h>
+ 
+ #include "mod_dav_svn.h"
+ #include "svn_string.h"
+ #include "svn_config.h"
+#include "svn_path.h"
+#include "private/svn_fspath.h"
+ 
+ module AP_MODULE_DECLARE_DATA dontdothat_module;
+ 
+@@ -161,26 +164,71 @@
+     }
+ }
+ 
+/* duplicate of dav_svn__log_err() from mod_dav_svn/util.c */
+static void
+log_dav_err(request_rec *r,
+            dav_error *err,
+            int level)
+{
+    dav_error *errscan;
+
+    /* Log the errors */
+    /* ### should have a directive to log the first or all */
+    for (errscan = err; errscan != NULL; errscan = errscan->prev) {
+        apr_status_t status;
+
+        if (errscan->desc == NULL)
+            continue;
+
+#if AP_MODULE_MAGIC_AT_LEAST(20091119,0)
+        status = errscan->aprerr;
+#else
+        status = errscan->save_errno;
+#endif
+
+        ap_log_rerror(APLOG_MARK, level, status, r,
+                      "%s  [%d, #%d]",
+                      errscan->desc, errscan->status, errscan->error_id);
+    }
+}
+
+ static svn_boolean_t
+ is_this_legal(dontdothat_filter_ctx *ctx, const char *uri)
+ {
+   const char *relative_path;
+   const char *cleaned_uri;
+   const char *repos_name;
+  const char *uri_path;
+   int trailing_slash;
+   dav_error *derr;
+ 
+-  /* Ok, so we need to skip past the scheme, host, etc. */
+-  uri = ap_strstr_c(uri, "://");
+-  if (uri)
+-    uri = ap_strchr_c(uri + 3, '/');
+  /* uri can be an absolute uri or just a path, we only want the path to match
+   * against */
+  if (uri && svn_path_is_url(uri))
+    {
+      apr_uri_t parsed_uri;
+      apr_status_t rv = apr_uri_parse(ctx->r->pool, uri, &parsed_uri);
+      if (APR_SUCCESS != rv)
+        {
+          /* Error parsing the URI, log and reject request. */
+          ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, ctx->r,
+                        "mod_dontdothat: blocked request after failing "
+                        "to parse uri: '%s'", uri);
+          return FALSE;
+        }
+      uri_path = parsed_uri.path;
+    }
+  else
+    {
+      uri_path = uri;
+    }
+ 
+-  if (uri)
+  if (uri_path)
+     {
+       const char *repos_path;
+ 
+       derr = dav_svn_split_uri(ctx->r,
+-                               uri,
+                               uri_path,
+                                ctx->cfg->base_path,
+                                &cleaned_uri,
+                                &trailing_slash,
+@@ -194,7 +242,7 @@
+           if (! repos_path)
+             repos_path = "";
+ 
+-          repos_path = apr_psprintf(ctx->r->pool, "/%s", repos_path);
+          repos_path = svn_fspath__canonicalize(repos_path, ctx->r->pool);
+ 
+           /* First check the special cases that are always legal... */
+           for (idx = 0; idx < ctx->allow_recursive_ops->nelts; ++idx)
+@@ -228,7 +276,20 @@
+                 }
+             }
+         }
+      else
+        {
+          log_dav_err(ctx->r, derr, APLOG_ERR);
+          return FALSE;
+        }
+
+     }
+  else
+    {
+      ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r,
+                    "mod_dontdothat: empty uri passed to is_this_legal(), "
+                    "module bug?");
+      return FALSE;
+    }
+ 
+   return TRUE;
+ }

diff --git a/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch b/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch new file mode 100644 index 0000000000..a54d6944ed --- /dev/null +++ b/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch
@@ -0,0 +1,130 @@
	1	Upstream-Status: Backport
	2
	3	Index: tools/server-side/mod_dontdothat/mod_dontdothat.c
	4	===================================================================
	5	--- a/tools/server-side/mod_dontdothat/mod_dontdothat.c (revision 1239695)
	6	+++ b/tools/server-side/mod_dontdothat/mod_dontdothat.c (revision 1542078)
	7	@@ -30,12 +30,15 @@
	8	#include <util_filter.h>
	9	#include <ap_config.h>
	10	#include <apr_strings.h>
	11	+#include <apr_uri.h>
	12
	13	#include <expat.h>
	14
	15	#include "mod_dav_svn.h"
	16	#include "svn_string.h"
	17	#include "svn_config.h"
	18	+#include "svn_path.h"
	19	+#include "private/svn_fspath.h"
	20
	21	module AP_MODULE_DECLARE_DATA dontdothat_module;
	22
	23	@@ -161,26 +164,71 @@
	24	}
	25	}
	26
	27	+/* duplicate of dav_svn__log_err() from mod_dav_svn/util.c */
	28	+static void
	29	+log_dav_err(request_rec *r,
	30	+ dav_error *err,
	31	+ int level)
	32	+{
	33	+ dav_error *errscan;
	34	+
	35	+ /* Log the errors */
	36	+ /* ### should have a directive to log the first or all */
	37	+ for (errscan = err; errscan != NULL; errscan = errscan->prev) {
	38	+ apr_status_t status;
	39	+
	40	+ if (errscan->desc == NULL)
	41	+ continue;
	42	+
	43	+#if AP_MODULE_MAGIC_AT_LEAST(20091119,0)
	44	+ status = errscan->aprerr;
	45	+#else
	46	+ status = errscan->save_errno;
	47	+#endif
	48	+
	49	+ ap_log_rerror(APLOG_MARK, level, status, r,
	50	+ "%s [%d, #%d]",
	51	+ errscan->desc, errscan->status, errscan->error_id);
	52	+ }
	53	+}
	54	+
	55	static svn_boolean_t
	56	is_this_legal(dontdothat_filter_ctx ctx, const char uri)
	57	{
	58	const char *relative_path;
	59	const char *cleaned_uri;
	60	const char *repos_name;
	61	+ const char *uri_path;
	62	int trailing_slash;
	63	dav_error *derr;
	64
	65	- /* Ok, so we need to skip past the scheme, host, etc. */
	66	- uri = ap_strstr_c(uri, "://");
	67	- if (uri)
	68	- uri = ap_strchr_c(uri + 3, '/');
	69	+ /* uri can be an absolute uri or just a path, we only want the path to match
	70	+ * against */
	71	+ if (uri && svn_path_is_url(uri))
	72	+ {
	73	+ apr_uri_t parsed_uri;
	74	+ apr_status_t rv = apr_uri_parse(ctx->r->pool, uri, &parsed_uri);
	75	+ if (APR_SUCCESS != rv)
	76	+ {
	77	+ /* Error parsing the URI, log and reject request. */
	78	+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, ctx->r,
	79	+ "mod_dontdothat: blocked request after failing "
	80	+ "to parse uri: '%s'", uri);
	81	+ return FALSE;
	82	+ }
	83	+ uri_path = parsed_uri.path;
	84	+ }
	85	+ else
	86	+ {
	87	+ uri_path = uri;
	88	+ }
	89
	90	- if (uri)
	91	+ if (uri_path)
	92	{
	93	const char *repos_path;
	94
	95	derr = dav_svn_split_uri(ctx->r,
	96	- uri,
	97	+ uri_path,
	98	ctx->cfg->base_path,
	99	&cleaned_uri,
	100	&trailing_slash,
	101	@@ -194,7 +242,7 @@
	102	if (! repos_path)
	103	repos_path = "";
	104
	105	- repos_path = apr_psprintf(ctx->r->pool, "/%s", repos_path);
	106	+ repos_path = svn_fspath__canonicalize(repos_path, ctx->r->pool);
	107
	108	/* First check the special cases that are always legal... */
	109	for (idx = 0; idx < ctx->allow_recursive_ops->nelts; ++idx)
	110	@@ -228,7 +276,20 @@
	111	}
	112	}
	113	}
	114	+ else
	115	+ {
	116	+ log_dav_err(ctx->r, derr, APLOG_ERR);
	117	+ return FALSE;
	118	+ }
	119	+
	120	}
	121	+ else
	122	+ {
	123	+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r,
	124	+ "mod_dontdothat: empty uri passed to is_this_legal(), "
	125	+ "module bug?");
	126	+ return FALSE;
	127	+ }
	128
	129	return TRUE;
	130	}