subversion: fix for Security Advisory CVE-2013-1849

Reject operations on getcontentlength and getcontenttype properties
if the resource is an activity.

(From OE-Core rev: 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch

@@ -0,0 +1,25 @@
+Upstream-Status: Backport
+
+--- a/subversion/mod_dav_svn/liveprops.c
++++ b/subversion/mod_dav_svn/liveprops.c
+@@ -410,7 +410,8 @@ insert_prop(const dav_resource *resource
+         svn_filesize_t len = 0;
+ 
+         /* our property, but not defined on collection resources */
+-        if (resource->collection || resource->baselined)
++        if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
++            || resource->collection || resource->baselined)
+           return DAV_PROP_INSERT_NOTSUPP;
+ 
+         serr = svn_fs_file_length(&len, resource->info->root.root,
+@@ -434,7 +435,9 @@ insert_prop(const dav_resource *resource
+         svn_string_t *pval;
+         const char *mime_type = NULL;
+ 
+-        if (resource->baselined && resource->type == DAV_RESOURCE_TYPE_VERSION)
++        if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
++            || (resource->baselined
++                && resource->type == DAV_RESOURCE_TYPE_VERSION))
+           return DAV_PROP_INSERT_NOTSUPP;
+ 
+         if (resource->type == DAV_RESOURCE_TYPE_PRIVATE

meta/recipes-devtools/subversion/subversion_1.6.15.bb

@@ -13,6 +13,7 @@ SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
            file://disable-revision-install.patch \
            file://libtool2.patch \
            file://fix-install-depends.patch \
+           file://subversion-CVE-2013-1849.patch \
           "
 
 SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"