2 files changed, 26 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
new file mode 100644
index 0000000000..734f9b02e4
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
@@ -0,0 +1,25 @@
+Upstream-Status: Backport
+--- a/subversion/mod_dav_svn/liveprops.c
+++ b/subversion/mod_dav_svn/liveprops.c
+@@ -410,7 +410,8 @@ insert_prop(const dav_resource *resource
+         svn_filesize_t len = 0;
+ 
+         /* our property, but not defined on collection resources */
+-        if (resource->collection || resource->baselined)
+        if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
+            || resource->collection || resource->baselined)
+           return DAV_PROP_INSERT_NOTSUPP;
+ 
+         serr = svn_fs_file_length(&len, resource->info->root.root,
+@@ -434,7 +435,9 @@ insert_prop(const dav_resource *resource
+         svn_string_t *pval;
+         const char *mime_type = NULL;
+ 
+-        if (resource->baselined && resource->type == DAV_RESOURCE_TYPE_VERSION)
+        if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
+            || (resource->baselined
+                && resource->type == DAV_RESOURCE_TYPE_VERSION))
+           return DAV_PROP_INSERT_NOTSUPP;
+ 
+         if (resource->type == DAV_RESOURCE_TYPE_PRIVATE
diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
index f225671d0f..74cd149750 100644
--- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
@@ -13,6 +13,7 @@ SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
           file://disable-revision-install.patch \
           file://libtool2.patch \
           file://fix-install-depends.patch \
+           file://subversion-CVE-2013-1849.patch \
          "
 SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"

diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch new file mode 100644 index 0000000000..734f9b02e4 --- /dev/null +++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
@@ -0,0 +1,25 @@
		1	Upstream-Status: Backport
		2
		3	--- a/subversion/mod_dav_svn/liveprops.c
		4	+++ b/subversion/mod_dav_svn/liveprops.c
		5	@@ -410,7 +410,8 @@ insert_prop(const dav_resource *resource
		6	svn_filesize_t len = 0;
		7
		8	/* our property, but not defined on collection resources */
		9	- if (resource->collection \|\| resource->baselined)
		10	+ if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
		11	+ \|\| resource->collection \|\| resource->baselined)
		12	return DAV_PROP_INSERT_NOTSUPP;
		13
		14	serr = svn_fs_file_length(&len, resource->info->root.root,
		15	@@ -434,7 +435,9 @@ insert_prop(const dav_resource *resource
		16	svn_string_t *pval;
		17	const char *mime_type = NULL;
		18
		19	- if (resource->baselined && resource->type == DAV_RESOURCE_TYPE_VERSION)
		20	+ if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
		21	+ \|\| (resource->baselined
		22	+ && resource->type == DAV_RESOURCE_TYPE_VERSION))
		23	return DAV_PROP_INSERT_NOTSUPP;
		24
		25	if (resource->type == DAV_RESOURCE_TYPE_PRIVATE


diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb b/meta/recipes-devtools/subversion/subversion_1.6.15.bb index f225671d0f..74cd149750 100644 --- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb +++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
@@ -13,6 +13,7 @@ SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
13	file://disable-revision-install.patch \	13	file://disable-revision-install.patch \
14	file://libtool2.patch \	14	file://libtool2.patch \
15	file://fix-install-depends.patch \	15	file://fix-install-depends.patch \
		16	file://subversion-CVE-2013-1849.patch \
16	"	17	"
17		18
18	SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"	19	SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"