1 files changed, 127 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch
new file mode 100644
index 0000000000..7d73a6b2f3
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch
@@ -0,0 +1,127 @@
+Upstream-Status: Backport
+--- ./contrib/server-side/mod_dontdothat/mod_dontdothat.c.old   2014-04-15 10:18:54.692655905 +0800
+++ ./contrib/server-side/mod_dontdothat/mod_dontdothat.c       2014-04-15 10:29:55.559603676 +0800
+@@ -25,12 +25,15 @@
+ #include <util_filter.h>
+ #include <ap_config.h>
+ #include <apr_strings.h>
+#include <apr_uri.h>
+ 
+ #include <expat.h>
+ 
+ #include "mod_dav_svn.h"
+ #include "svn_string.h"
+ #include "svn_config.h"
+#include "svn_path.h"
+#include "private/svn_fspath.h"
+ 
+ module AP_MODULE_DECLARE_DATA dontdothat_module;
+ 
+@@ -156,26 +159,71 @@ matches(const char *wc, const char *p)
+     }
+ }
+ 
+/* duplicate of dav_svn__log_err() from mod_dav_svn/util.c */
+static void
+log_dav_err(request_rec *r,
+            dav_error *err,
+            int level)
+{
+    dav_error *errscan;
+
+    /* Log the errors */
+    /* ### should have a directive to log the first or all */
+    for (errscan = err; errscan != NULL; errscan = errscan->prev) {
+        apr_status_t status;
+
+        if (errscan->desc == NULL)
+            continue;
+
+#if AP_MODULE_MAGIC_AT_LEAST(20091119,0)
+        status = errscan->aprerr;
+#else
+        status = errscan->save_errno;
+#endif
+
+        ap_log_rerror(APLOG_MARK, level, status, r,
+                      "%s  [%d, #%d]",
+                      errscan->desc, errscan->status, errscan->error_id);
+    }
+}
+
+ static svn_boolean_t
+ is_this_legal(dontdothat_filter_ctx *ctx, const char *uri)
+ {
+   const char *relative_path;
+   const char *cleaned_uri;
+   const char *repos_name;
+  const char *uri_path;
+   int trailing_slash;
+   dav_error *derr;
+ 
+-  /* Ok, so we need to skip past the scheme, host, etc. */
+-  uri = ap_strstr_c(uri, "://");
+-  if (uri)
+-    uri = ap_strchr_c(uri + 3, '/');
+  /* uri can be an absolute uri or just a path, we only want the path to match
+   * against */
+  if (uri && svn_path_is_url(uri))
+    {
+      apr_uri_t parsed_uri;
+      apr_status_t rv = apr_uri_parse(ctx->r->pool, uri, &parsed_uri);
+      if (APR_SUCCESS != rv)
+        {
+          /* Error parsing the URI, log and reject request. */
+          ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, ctx->r,
+                        "mod_dontdothat: blocked request after failing "
+                        "to parse uri: '%s'", uri);
+          return FALSE;
+        }
+      uri_path = parsed_uri.path;
+    }
+  else
+    {
+      uri_path = uri;
+    }
+ 
+-  if (uri)
+  if (uri_path)
+     {
+       const char *repos_path;
+ 
+       derr = dav_svn_split_uri(ctx->r,
+-                               uri,
+                               uri_path,
+                                ctx->cfg->base_path,
+                                &cleaned_uri,
+                                &trailing_slash,
+@@ -189,7 +237,7 @@ is_this_legal(dontdothat_filter_ctx *ctx
+           if (! repos_path)
+             repos_path = "";
+ 
+-          repos_path = apr_psprintf(ctx->r->pool, "/%s", repos_path);
+          repos_path = svn_fspath__canonicalize(repos_path, ctx->r->pool);
+ 
+           /* First check the special cases that are always legal... */
+           for (idx = 0; idx < ctx->allow_recursive_ops->nelts; ++idx)
+@@ -223,6 +271,19 @@ is_this_legal(dontdothat_filter_ctx *ctx
+                 }
+             }
+         }
+      else
+        {
+          log_dav_err(ctx->r, derr, APLOG_ERR);
+          return FALSE;
+        }
+
+    }
+  else
+    {
+      ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r,
+                    "mod_dontdothat: empty uri passed to is_this_legal(), "
+                    "module bug?");
+      return FALSE;
+     }
+ 
+   return TRUE;

diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch new file mode 100644 index 0000000000..7d73a6b2f3 --- /dev/null +++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch
@@ -0,0 +1,127 @@
	1	Upstream-Status: Backport
	2
	3	--- ./contrib/server-side/mod_dontdothat/mod_dontdothat.c.old 2014-04-15 10:18:54.692655905 +0800
	4	+++ ./contrib/server-side/mod_dontdothat/mod_dontdothat.c 2014-04-15 10:29:55.559603676 +0800
	5	@@ -25,12 +25,15 @@
	6	#include <util_filter.h>
	7	#include <ap_config.h>
	8	#include <apr_strings.h>
	9	+#include <apr_uri.h>
	10
	11	#include <expat.h>
	12
	13	#include "mod_dav_svn.h"
	14	#include "svn_string.h"
	15	#include "svn_config.h"
	16	+#include "svn_path.h"
	17	+#include "private/svn_fspath.h"
	18
	19	module AP_MODULE_DECLARE_DATA dontdothat_module;
	20
	21	@@ -156,26 +159,71 @@ matches(const char wc, const char p)
	22	}
	23	}
	24
	25	+/* duplicate of dav_svn__log_err() from mod_dav_svn/util.c */
	26	+static void
	27	+log_dav_err(request_rec *r,
	28	+ dav_error *err,
	29	+ int level)
	30	+{
	31	+ dav_error *errscan;
	32	+
	33	+ /* Log the errors */
	34	+ /* ### should have a directive to log the first or all */
	35	+ for (errscan = err; errscan != NULL; errscan = errscan->prev) {
	36	+ apr_status_t status;
	37	+
	38	+ if (errscan->desc == NULL)
	39	+ continue;
	40	+
	41	+#if AP_MODULE_MAGIC_AT_LEAST(20091119,0)
	42	+ status = errscan->aprerr;
	43	+#else
	44	+ status = errscan->save_errno;
	45	+#endif
	46	+
	47	+ ap_log_rerror(APLOG_MARK, level, status, r,
	48	+ "%s [%d, #%d]",
	49	+ errscan->desc, errscan->status, errscan->error_id);
	50	+ }
	51	+}
	52	+
	53	static svn_boolean_t
	54	is_this_legal(dontdothat_filter_ctx ctx, const char uri)
	55	{
	56	const char *relative_path;
	57	const char *cleaned_uri;
	58	const char *repos_name;
	59	+ const char *uri_path;
	60	int trailing_slash;
	61	dav_error *derr;
	62
	63	- /* Ok, so we need to skip past the scheme, host, etc. */
	64	- uri = ap_strstr_c(uri, "://");
	65	- if (uri)
	66	- uri = ap_strchr_c(uri + 3, '/');
	67	+ /* uri can be an absolute uri or just a path, we only want the path to match
	68	+ * against */
	69	+ if (uri && svn_path_is_url(uri))
	70	+ {
	71	+ apr_uri_t parsed_uri;
	72	+ apr_status_t rv = apr_uri_parse(ctx->r->pool, uri, &parsed_uri);
	73	+ if (APR_SUCCESS != rv)
	74	+ {
	75	+ /* Error parsing the URI, log and reject request. */
	76	+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, ctx->r,
	77	+ "mod_dontdothat: blocked request after failing "
	78	+ "to parse uri: '%s'", uri);
	79	+ return FALSE;
	80	+ }
	81	+ uri_path = parsed_uri.path;
	82	+ }
	83	+ else
	84	+ {
	85	+ uri_path = uri;
	86	+ }
	87
	88	- if (uri)
	89	+ if (uri_path)
	90	{
	91	const char *repos_path;
	92
	93	derr = dav_svn_split_uri(ctx->r,
	94	- uri,
	95	+ uri_path,
	96	ctx->cfg->base_path,
	97	&cleaned_uri,
	98	&trailing_slash,
	99	@@ -189,7 +237,7 @@ is_this_legal(dontdothat_filter_ctx *ctx
	100	if (! repos_path)
	101	repos_path = "";
	102
	103	- repos_path = apr_psprintf(ctx->r->pool, "/%s", repos_path);
	104	+ repos_path = svn_fspath__canonicalize(repos_path, ctx->r->pool);
	105
	106	/* First check the special cases that are always legal... */
	107	for (idx = 0; idx < ctx->allow_recursive_ops->nelts; ++idx)
	108	@@ -223,6 +271,19 @@ is_this_legal(dontdothat_filter_ctx *ctx
	109	}
	110	}
	111	}
	112	+ else
	113	+ {
	114	+ log_dav_err(ctx->r, derr, APLOG_ERR);
	115	+ return FALSE;
	116	+ }
	117	+
	118	+ }
	119	+ else
	120	+ {
	121	+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r,
	122	+ "mod_dontdothat: empty uri passed to is_this_legal(), "
	123	+ "module bug?");
	124	+ return FALSE;
	125	}
	126
	127	return TRUE;