aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch')
-rw-r--r--meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch
new file mode 100644
index 0000000000..f49b9a43a6
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch
@@ -0,0 +1,53 @@
+Upstream-Status: Backport
+
+Index: subversion/mod_dav_svn/lock.c
+===================================================================
+--- a/subversion/mod_dav_svn/lock.c (revision 1459696)
++++ b/subversion/mod_dav_svn/lock.c (working copy)
+@@ -634,7 +634,20 @@ append_locks(dav_lockdb *lockdb,
+ svn_lock_t *slock;
+ svn_error_t *serr;
+ dav_error *derr;
++ dav_svn_repos *repos = resource->info->repos;
++
++ /* We don't allow anonymous locks */
++ if (! repos->username)
++ return dav_new_error(resource->pool, HTTP_UNAUTHORIZED,
++ DAV_ERR_LOCK_SAVE_LOCK,
++ "Anonymous lock creation is not allowed.");
+
++ /* Not a path in the repository so can't lock it. */
++ if (! resource->info->repos_path)
++ return dav_new_error(resource->pool, HTTP_BAD_REQUEST,
++ DAV_ERR_LOCK_SAVE_LOCK,
++ "Attempted to lock path not in repository.");
++
+ /* If the resource's fs path is unreadable, we don't allow a lock to
+ be created on it. */
+ if (! dav_svn__allow_read_resource(resource, SVN_INVALID_REVNUM,
+@@ -657,7 +670,6 @@ append_locks(dav_lockdb *lockdb,
+ svn_fs_txn_t *txn;
+ svn_fs_root_t *txn_root;
+ const char *conflict_msg;
+- dav_svn_repos *repos = resource->info->repos;
+ apr_hash_t *revprop_table = apr_hash_make(resource->pool);
+ apr_hash_set(revprop_table, SVN_PROP_REVISION_AUTHOR,
+ APR_HASH_KEY_STRING, svn_string_create(repos->username,
+@@ -734,7 +746,7 @@ append_locks(dav_lockdb *lockdb,
+
+ /* Convert the dav_lock into an svn_lock_t. */
+ derr = dav_lock_to_svn_lock(&slock, lock, resource->info->repos_path,
+- info, resource->info->repos->is_svn_client,
++ info, repos->is_svn_client,
+ resource->pool);
+ if (derr)
+ return derr;
+@@ -741,7 +753,7 @@ append_locks(dav_lockdb *lockdb,
+
+ /* Now use the svn_lock_t to actually perform the lock. */
+ serr = svn_repos_fs_lock(&slock,
+- resource->info->repos->repos,
++ repos->repos,
+ slock->path,
+ slock->token,
+ slock->comment,