subversion: fix for Security Advisory CVE-2013-1849
Reject operations on getcontentlength and getcontenttype properties if the resource is an activity. (From OE-Core rev: 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
210460d0f0
commit
4fc1cff43b
|
@ -0,0 +1,25 @@
|
|||
Upstream-Status: Backport
|
||||
|
||||
--- a/subversion/mod_dav_svn/liveprops.c
|
||||
+++ b/subversion/mod_dav_svn/liveprops.c
|
||||
@@ -410,7 +410,8 @@ insert_prop(const dav_resource *resource
|
||||
svn_filesize_t len = 0;
|
||||
|
||||
/* our property, but not defined on collection resources */
|
||||
- if (resource->collection || resource->baselined)
|
||||
+ if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
|
||||
+ || resource->collection || resource->baselined)
|
||||
return DAV_PROP_INSERT_NOTSUPP;
|
||||
|
||||
serr = svn_fs_file_length(&len, resource->info->root.root,
|
||||
@@ -434,7 +435,9 @@ insert_prop(const dav_resource *resource
|
||||
svn_string_t *pval;
|
||||
const char *mime_type = NULL;
|
||||
|
||||
- if (resource->baselined && resource->type == DAV_RESOURCE_TYPE_VERSION)
|
||||
+ if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
|
||||
+ || (resource->baselined
|
||||
+ && resource->type == DAV_RESOURCE_TYPE_VERSION))
|
||||
return DAV_PROP_INSERT_NOTSUPP;
|
||||
|
||||
if (resource->type == DAV_RESOURCE_TYPE_PRIVATE
|
|
@ -13,6 +13,7 @@ SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
|
|||
file://disable-revision-install.patch \
|
||||
file://libtool2.patch \
|
||||
file://fix-install-depends.patch \
|
||||
file://subversion-CVE-2013-1849.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"
|
||||
|
|
Loading…
Reference in New Issue