From: Yue Tao <[email protected]> Reject operations on getcontentlength and getcontenttype properties if the resource is an activity.
Signed-off-by: Yue Tao <[email protected]> Signed-off-by: Roy Li <[email protected]> --- .../subversion/subversion-CVE-2013-1849.patch | 25 ++++++++++++++++++++ .../subversion/subversion_1.6.15.bb | 3 ++- 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch new file mode 100644 index 0000000..734f9b0 --- /dev/null +++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch @@ -0,0 +1,25 @@ +Upstream-Status: Backport + +--- a/subversion/mod_dav_svn/liveprops.c ++++ b/subversion/mod_dav_svn/liveprops.c +@@ -410,7 +410,8 @@ insert_prop(const dav_resource *resource + svn_filesize_t len = 0; + + /* our property, but not defined on collection resources */ +- if (resource->collection || resource->baselined) ++ if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY ++ || resource->collection || resource->baselined) + return DAV_PROP_INSERT_NOTSUPP; + + serr = svn_fs_file_length(&len, resource->info->root.root, +@@ -434,7 +435,9 @@ insert_prop(const dav_resource *resource + svn_string_t *pval; + const char *mime_type = NULL; + +- if (resource->baselined && resource->type == DAV_RESOURCE_TYPE_VERSION) ++ if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY ++ || (resource->baselined ++ && resource->type == DAV_RESOURCE_TYPE_VERSION)) + return DAV_PROP_INSERT_NOTSUPP; + + if (resource->type == DAV_RESOURCE_TYPE_PRIVATE diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb b/meta/recipes-devtools/subversion/subversion_1.6.15.bb index f225671..919624b 100644 --- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb +++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb @@ -7,12 +7,13 @@ HOMEPAGE = "http://subversion.tigris.org"; BBCLASSEXTEND = "native" -PR = "r3" +PR = "r4" SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \ file://disable-revision-install.patch \ file://libtool2.patch \ file://fix-install-depends.patch \ + file://subversion-CVE-2013-1849.patch \ " SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69" -- 1.7.10.4 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
