* [PATCH 0/6 v2] backport 6 CVE patches for subversion
@ 2014-05-19 5:27 rongqing.li
2014-05-19 5:27 ` [PATCH 1/6] subversion: fix for Security Advisory CVE-2013-1849 rongqing.li
` (5 more replies)
0 siblings, 6 replies; 8+ messages in thread
From: rongqing.li @ 2014-05-19 5:27 UTC (permalink / raw)
To: openembedded-core
From: Roy Li <rongqing.li@windriver.com>
Diff with v1: add Upstream-status in two patches
The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib roy/subversion-1
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/subversion-1
Yue Tao (6):
subversion: fix for Security Advisory CVE-2013-1849
subversion: fix for Security Advisory CVE-2013-4505
subversion: fix for Security Advisory CVE-2013-4131
subversion: fix for Security Advisory CVE-2013-1845
subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846
subversion: fix for Security Advisory CVE-2013-4277
.../subversion-CVE-2013-4131.patch | 42 +++++
.../subversion-CVE-2013-4277.patch | 15 ++
.../subversion-CVE-2013-4505.patch | 130 +++++++++++++++
.../subversion/subversion-CVE-2013-1845.patch | 171 ++++++++++++++++++++
.../subversion-CVE-2013-1847-CVE-2013-1846.patch | 53 ++++++
.../subversion/subversion-CVE-2013-1849.patch | 25 +++
.../subversion/subversion-CVE-2013-4277.patch | 15 ++
.../subversion/subversion-CVE-2013-4505.patch | 127 +++++++++++++++
.../subversion/subversion_1.6.15.bb | 6 +-
.../subversion/subversion_1.7.10.bb | 3 +
10 files changed, 586 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4131.patch
create mode 100644 meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4277.patch
create mode 100644 meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch
create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1845.patch
create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch
create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4277.patch
create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch
--
1.7.10.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/6] subversion: fix for Security Advisory CVE-2013-1849
2014-05-19 5:27 [PATCH 0/6 v2] backport 6 CVE patches for subversion rongqing.li
@ 2014-05-19 5:27 ` rongqing.li
2014-05-19 5:27 ` [PATCH 2/6] subversion: fix for Security Advisory CVE-2013-4505 rongqing.li
` (4 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: rongqing.li @ 2014-05-19 5:27 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <Yue.Tao@windriver.com>
Reject operations on getcontentlength and getcontenttype properties
if the resource is an activity.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
.../subversion/subversion-CVE-2013-1849.patch | 25 ++++++++++++++++++++
.../subversion/subversion_1.6.15.bb | 1 +
2 files changed, 26 insertions(+)
create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
new file mode 100644
index 0000000..734f9b0
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
@@ -0,0 +1,25 @@
+Upstream-Status: Backport
+
+--- a/subversion/mod_dav_svn/liveprops.c
++++ b/subversion/mod_dav_svn/liveprops.c
+@@ -410,7 +410,8 @@ insert_prop(const dav_resource *resource
+ svn_filesize_t len = 0;
+
+ /* our property, but not defined on collection resources */
+- if (resource->collection || resource->baselined)
++ if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
++ || resource->collection || resource->baselined)
+ return DAV_PROP_INSERT_NOTSUPP;
+
+ serr = svn_fs_file_length(&len, resource->info->root.root,
+@@ -434,7 +435,9 @@ insert_prop(const dav_resource *resource
+ svn_string_t *pval;
+ const char *mime_type = NULL;
+
+- if (resource->baselined && resource->type == DAV_RESOURCE_TYPE_VERSION)
++ if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
++ || (resource->baselined
++ && resource->type == DAV_RESOURCE_TYPE_VERSION))
+ return DAV_PROP_INSERT_NOTSUPP;
+
+ if (resource->type == DAV_RESOURCE_TYPE_PRIVATE
diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
index f225671..74cd149 100644
--- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
@@ -13,6 +13,7 @@ SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
file://disable-revision-install.patch \
file://libtool2.patch \
file://fix-install-depends.patch \
+ file://subversion-CVE-2013-1849.patch \
"
SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"
--
1.7.10.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/6] subversion: fix for Security Advisory CVE-2013-4505
2014-05-19 5:27 [PATCH 0/6 v2] backport 6 CVE patches for subversion rongqing.li
2014-05-19 5:27 ` [PATCH 1/6] subversion: fix for Security Advisory CVE-2013-1849 rongqing.li
@ 2014-05-19 5:27 ` rongqing.li
2014-05-19 5:27 ` [PATCH 3/6] subversion: fix for Security Advisory CVE-2013-4131 rongqing.li
` (3 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: rongqing.li @ 2014-05-19 5:27 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <Yue.Tao@windriver.com>
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
.../subversion-CVE-2013-4505.patch | 130 ++++++++++++++++++++
.../subversion/subversion-CVE-2013-4505.patch | 127 +++++++++++++++++++
.../subversion/subversion_1.6.15.bb | 2 +-
.../subversion/subversion_1.7.10.bb | 1 +
4 files changed, 259 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch
create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch
diff --git a/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch b/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch
new file mode 100644
index 0000000..a54d694
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch
@@ -0,0 +1,130 @@
+Upstream-Status: Backport
+
+Index: tools/server-side/mod_dontdothat/mod_dontdothat.c
+===================================================================
+--- a/tools/server-side/mod_dontdothat/mod_dontdothat.c (revision 1239695)
++++ b/tools/server-side/mod_dontdothat/mod_dontdothat.c (revision 1542078)
+@@ -30,12 +30,15 @@
+ #include <util_filter.h>
+ #include <ap_config.h>
+ #include <apr_strings.h>
++#include <apr_uri.h>
+
+ #include <expat.h>
+
+ #include "mod_dav_svn.h"
+ #include "svn_string.h"
+ #include "svn_config.h"
++#include "svn_path.h"
++#include "private/svn_fspath.h"
+
+ module AP_MODULE_DECLARE_DATA dontdothat_module;
+
+@@ -161,26 +164,71 @@
+ }
+ }
+
++/* duplicate of dav_svn__log_err() from mod_dav_svn/util.c */
++static void
++log_dav_err(request_rec *r,
++ dav_error *err,
++ int level)
++{
++ dav_error *errscan;
++
++ /* Log the errors */
++ /* ### should have a directive to log the first or all */
++ for (errscan = err; errscan != NULL; errscan = errscan->prev) {
++ apr_status_t status;
++
++ if (errscan->desc == NULL)
++ continue;
++
++#if AP_MODULE_MAGIC_AT_LEAST(20091119,0)
++ status = errscan->aprerr;
++#else
++ status = errscan->save_errno;
++#endif
++
++ ap_log_rerror(APLOG_MARK, level, status, r,
++ "%s [%d, #%d]",
++ errscan->desc, errscan->status, errscan->error_id);
++ }
++}
++
+ static svn_boolean_t
+ is_this_legal(dontdothat_filter_ctx *ctx, const char *uri)
+ {
+ const char *relative_path;
+ const char *cleaned_uri;
+ const char *repos_name;
++ const char *uri_path;
+ int trailing_slash;
+ dav_error *derr;
+
+- /* Ok, so we need to skip past the scheme, host, etc. */
+- uri = ap_strstr_c(uri, "://");
+- if (uri)
+- uri = ap_strchr_c(uri + 3, '/');
++ /* uri can be an absolute uri or just a path, we only want the path to match
++ * against */
++ if (uri && svn_path_is_url(uri))
++ {
++ apr_uri_t parsed_uri;
++ apr_status_t rv = apr_uri_parse(ctx->r->pool, uri, &parsed_uri);
++ if (APR_SUCCESS != rv)
++ {
++ /* Error parsing the URI, log and reject request. */
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, ctx->r,
++ "mod_dontdothat: blocked request after failing "
++ "to parse uri: '%s'", uri);
++ return FALSE;
++ }
++ uri_path = parsed_uri.path;
++ }
++ else
++ {
++ uri_path = uri;
++ }
+
+- if (uri)
++ if (uri_path)
+ {
+ const char *repos_path;
+
+ derr = dav_svn_split_uri(ctx->r,
+- uri,
++ uri_path,
+ ctx->cfg->base_path,
+ &cleaned_uri,
+ &trailing_slash,
+@@ -194,7 +242,7 @@
+ if (! repos_path)
+ repos_path = "";
+
+- repos_path = apr_psprintf(ctx->r->pool, "/%s", repos_path);
++ repos_path = svn_fspath__canonicalize(repos_path, ctx->r->pool);
+
+ /* First check the special cases that are always legal... */
+ for (idx = 0; idx < ctx->allow_recursive_ops->nelts; ++idx)
+@@ -228,7 +276,20 @@
+ }
+ }
+ }
++ else
++ {
++ log_dav_err(ctx->r, derr, APLOG_ERR);
++ return FALSE;
++ }
++
+ }
++ else
++ {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r,
++ "mod_dontdothat: empty uri passed to is_this_legal(), "
++ "module bug?");
++ return FALSE;
++ }
+
+ return TRUE;
+ }
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch
new file mode 100644
index 0000000..7d73a6b
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch
@@ -0,0 +1,127 @@
+Upstream-Status: Backport
+
+--- ./contrib/server-side/mod_dontdothat/mod_dontdothat.c.old 2014-04-15 10:18:54.692655905 +0800
++++ ./contrib/server-side/mod_dontdothat/mod_dontdothat.c 2014-04-15 10:29:55.559603676 +0800
+@@ -25,12 +25,15 @@
+ #include <util_filter.h>
+ #include <ap_config.h>
+ #include <apr_strings.h>
++#include <apr_uri.h>
+
+ #include <expat.h>
+
+ #include "mod_dav_svn.h"
+ #include "svn_string.h"
+ #include "svn_config.h"
++#include "svn_path.h"
++#include "private/svn_fspath.h"
+
+ module AP_MODULE_DECLARE_DATA dontdothat_module;
+
+@@ -156,26 +159,71 @@ matches(const char *wc, const char *p)
+ }
+ }
+
++/* duplicate of dav_svn__log_err() from mod_dav_svn/util.c */
++static void
++log_dav_err(request_rec *r,
++ dav_error *err,
++ int level)
++{
++ dav_error *errscan;
++
++ /* Log the errors */
++ /* ### should have a directive to log the first or all */
++ for (errscan = err; errscan != NULL; errscan = errscan->prev) {
++ apr_status_t status;
++
++ if (errscan->desc == NULL)
++ continue;
++
++#if AP_MODULE_MAGIC_AT_LEAST(20091119,0)
++ status = errscan->aprerr;
++#else
++ status = errscan->save_errno;
++#endif
++
++ ap_log_rerror(APLOG_MARK, level, status, r,
++ "%s [%d, #%d]",
++ errscan->desc, errscan->status, errscan->error_id);
++ }
++}
++
+ static svn_boolean_t
+ is_this_legal(dontdothat_filter_ctx *ctx, const char *uri)
+ {
+ const char *relative_path;
+ const char *cleaned_uri;
+ const char *repos_name;
++ const char *uri_path;
+ int trailing_slash;
+ dav_error *derr;
+
+- /* Ok, so we need to skip past the scheme, host, etc. */
+- uri = ap_strstr_c(uri, "://");
+- if (uri)
+- uri = ap_strchr_c(uri + 3, '/');
++ /* uri can be an absolute uri or just a path, we only want the path to match
++ * against */
++ if (uri && svn_path_is_url(uri))
++ {
++ apr_uri_t parsed_uri;
++ apr_status_t rv = apr_uri_parse(ctx->r->pool, uri, &parsed_uri);
++ if (APR_SUCCESS != rv)
++ {
++ /* Error parsing the URI, log and reject request. */
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, ctx->r,
++ "mod_dontdothat: blocked request after failing "
++ "to parse uri: '%s'", uri);
++ return FALSE;
++ }
++ uri_path = parsed_uri.path;
++ }
++ else
++ {
++ uri_path = uri;
++ }
+
+- if (uri)
++ if (uri_path)
+ {
+ const char *repos_path;
+
+ derr = dav_svn_split_uri(ctx->r,
+- uri,
++ uri_path,
+ ctx->cfg->base_path,
+ &cleaned_uri,
+ &trailing_slash,
+@@ -189,7 +237,7 @@ is_this_legal(dontdothat_filter_ctx *ctx
+ if (! repos_path)
+ repos_path = "";
+
+- repos_path = apr_psprintf(ctx->r->pool, "/%s", repos_path);
++ repos_path = svn_fspath__canonicalize(repos_path, ctx->r->pool);
+
+ /* First check the special cases that are always legal... */
+ for (idx = 0; idx < ctx->allow_recursive_ops->nelts; ++idx)
+@@ -223,6 +271,19 @@ is_this_legal(dontdothat_filter_ctx *ctx
+ }
+ }
+ }
++ else
++ {
++ log_dav_err(ctx->r, derr, APLOG_ERR);
++ return FALSE;
++ }
++
++ }
++ else
++ {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r,
++ "mod_dontdothat: empty uri passed to is_this_legal(), "
++ "module bug?");
++ return FALSE;
+ }
+
+ return TRUE;
diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
index 74cd149..cb36276 100644
--- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
@@ -14,7 +14,7 @@ SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
file://libtool2.patch \
file://fix-install-depends.patch \
file://subversion-CVE-2013-1849.patch \
- "
+ file://subversion-CVE-2013-4505.patch"
SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"
SRC_URI[sha256sum] = "b2919d603a5f3c19f42e3265c4b930e2376c43b3969b90ef9c42b2f72d5aaa45"
diff --git a/meta/recipes-devtools/subversion/subversion_1.7.10.bb b/meta/recipes-devtools/subversion/subversion_1.7.10.bb
index acef3bd..011d51b 100644
--- a/meta/recipes-devtools/subversion/subversion_1.7.10.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.7.10.bb
@@ -14,6 +14,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://fix-install-depends.patch \
file://allow-updated-neon.patch \
file://neon.m4-fix-includes-and-cflags.patch \
+ file://subversion-CVE-2013-4505.patch \
"
SRC_URI[md5sum] = "4088a77e14232876c9b4ff1541e6e200"
SRC_URI[sha256sum] = "c1df222bec83d014d17785e2ceba6bc80962f64b280967de0285836d8d77a8e7"
--
1.7.10.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 3/6] subversion: fix for Security Advisory CVE-2013-4131
2014-05-19 5:27 [PATCH 0/6 v2] backport 6 CVE patches for subversion rongqing.li
2014-05-19 5:27 ` [PATCH 1/6] subversion: fix for Security Advisory CVE-2013-1849 rongqing.li
2014-05-19 5:27 ` [PATCH 2/6] subversion: fix for Security Advisory CVE-2013-4505 rongqing.li
@ 2014-05-19 5:27 ` rongqing.li
2014-05-19 5:27 ` [PATCH 4/6] subversion: fix for Security Advisory CVE-2013-1845 rongqing.li
` (2 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: rongqing.li @ 2014-05-19 5:27 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <Yue.Tao@windriver.com>
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
root.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
.../subversion-CVE-2013-4131.patch | 42 ++++++++++++++++++++
.../subversion/subversion_1.7.10.bb | 1 +
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4131.patch
diff --git a/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4131.patch b/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4131.patch
new file mode 100644
index 0000000..88bd25e
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4131.patch
@@ -0,0 +1,42 @@
+Upstream-Status: Backport
+
+Index: subversion/mod_dav_svn/repos.c
+===================================================================
+--- a/subversion/mod_dav_svn/repos.c (revision 1503527)
++++ b/subversion/mod_dav_svn/repos.c (revision 1503528)
+@@ -2408,21 +2408,12 @@
+ svn_boolean_t is_urlpath,
+ apr_pool_t *pool)
+ {
+- apr_size_t len;
+- char *tmp = apr_pstrdup(pool, path);
+-
+- len = strlen(tmp);
+-
+- if (len > 0)
++ if (*path != '\0') /* not an empty string */
+ {
+- /* Remove any trailing slash; else svn_path_dirname() asserts. */
+- if (tmp[len-1] == '/')
+- tmp[len-1] = '\0';
+-
+ if (is_urlpath)
+- return svn_urlpath__dirname(tmp, pool);
++ return svn_urlpath__dirname(path, pool);
+ else
+- return svn_fspath__dirname(tmp, pool);
++ return svn_fspath__dirname(path, pool);
+ }
+
+ return path;
+@@ -2458,7 +2449,9 @@
+ parent->versioned = 1;
+ parent->hooks = resource->hooks;
+ parent->pool = resource->pool;
+- parent->uri = get_parent_path(resource->uri, TRUE, resource->pool);
++ parent->uri = get_parent_path(svn_urlpath__canonicalize(resource->uri,
++ resource->pool),
++ TRUE, resource->pool);
+ parent->info = parentinfo;
+
+ parentinfo->uri_path =
diff --git a/meta/recipes-devtools/subversion/subversion_1.7.10.bb b/meta/recipes-devtools/subversion/subversion_1.7.10.bb
index 011d51b..2d06263 100644
--- a/meta/recipes-devtools/subversion/subversion_1.7.10.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.7.10.bb
@@ -15,6 +15,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://allow-updated-neon.patch \
file://neon.m4-fix-includes-and-cflags.patch \
file://subversion-CVE-2013-4505.patch \
+ file://subversion-CVE-2013-4131.patch \
"
SRC_URI[md5sum] = "4088a77e14232876c9b4ff1541e6e200"
SRC_URI[sha256sum] = "c1df222bec83d014d17785e2ceba6bc80962f64b280967de0285836d8d77a8e7"
--
1.7.10.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 4/6] subversion: fix for Security Advisory CVE-2013-1845
2014-05-19 5:27 [PATCH 0/6 v2] backport 6 CVE patches for subversion rongqing.li
` (2 preceding siblings ...)
2014-05-19 5:27 ` [PATCH 3/6] subversion: fix for Security Advisory CVE-2013-4131 rongqing.li
@ 2014-05-19 5:27 ` rongqing.li
2014-05-19 5:27 ` [PATCH 5/6] subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846 rongqing.li
2014-05-19 5:27 ` [PATCH 6/6] subversion: fix for Security Advisory CVE-2013-4277 rongqing.li
5 siblings, 0 replies; 8+ messages in thread
From: rongqing.li @ 2014-05-19 5:27 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <Yue.Tao@windriver.com>
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
.../subversion/subversion-CVE-2013-1845.patch | 171 ++++++++++++++++++++
.../subversion/subversion_1.6.15.bb | 3 +-
2 files changed, 173 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1845.patch
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1845.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1845.patch
new file mode 100644
index 0000000..29aeea5
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1845.patch
@@ -0,0 +1,171 @@
+Upstream-Status: Backport
+
+Index: subversion/mod_dav_svn/dav_svn.h
+===================================================================
+--- a/subversion/mod_dav_svn/dav_svn.h (revision 1461956)
++++ b/subversion/mod_dav_svn/dav_svn.h (working copy)
+@@ -254,6 +254,9 @@ struct dav_resource_private {
+ interface (ie: /path/to/item?p=PEGREV]? */
+ svn_boolean_t pegged;
+
++ /* Cache any revprop change error */
++ svn_error_t *revprop_error;
++
+ /* Pool to allocate temporary data from */
+ apr_pool_t *pool;
+ };
+Index: subversion/mod_dav_svn/deadprops.c
+===================================================================
+--- a/subversion/mod_dav_svn/deadprops.c (revision 1461956)
++++ b/subversion/mod_dav_svn/deadprops.c (working copy)
+@@ -49,8 +49,7 @@ struct dav_db {
+
+
+ struct dav_deadprop_rollback {
+- dav_prop_name name;
+- svn_string_t value;
++ int dummy;
+ };
+
+
+@@ -134,6 +133,7 @@ save_value(dav_db *db, const dav_prop_name *name,
+ {
+ const char *propname;
+ svn_error_t *serr;
++ apr_pool_t *subpool;
+
+ /* get the repos-local name */
+ get_repos_propname(db, name, &propname);
+@@ -151,10 +151,14 @@ save_value(dav_db *db, const dav_prop_name *name,
+ }
+
+ /* Working Baseline or Working (Version) Resource */
++
++ /* A subpool to cope with mod_dav making multiple calls, e.g. during
++ PROPPATCH with multiple values. */
++ subpool = svn_pool_create(db->resource->pool);
+ if (db->resource->baselined)
+ if (db->resource->working)
+ serr = svn_repos_fs_change_txn_prop(db->resource->info->root.txn,
+- propname, value, db->resource->pool);
++ propname, value, subpool);
+ else
+ {
+ /* ### VIOLATING deltaV: you can't proppatch a baseline, it's
+@@ -168,19 +172,29 @@ save_value(dav_db *db, const dav_prop_name *name,
+ propname, value, TRUE, TRUE,
+ db->authz_read_func,
+ db->authz_read_baton,
+- db->resource->pool);
++ subpool);
+
++ /* mod_dav doesn't handle the returned error very well, it
++ generates its own generic error that will be returned to
++ the client. Cache the detailed error here so that it can
++ be returned a second time when the rollback mechanism
++ triggers. */
++ if (serr)
++ db->resource->info->revprop_error = svn_error_dup(serr);
++
+ /* Tell the logging subsystem about the revprop change. */
+ dav_svn__operational_log(db->resource->info,
+ svn_log__change_rev_prop(
+ db->resource->info->root.rev,
+ propname,
+- db->resource->pool));
++ subpool));
+ }
+ else
+ serr = svn_repos_fs_change_node_prop(db->resource->info->root.root,
+ get_repos_path(db->resource->info),
+- propname, value, db->resource->pool);
++ propname, value, subpool);
++ svn_pool_destroy(subpool);
++
+ if (serr != NULL)
+ return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR,
+ NULL,
+@@ -395,6 +409,7 @@ db_remove(dav_db *db, const dav_prop_name *name)
+ {
+ svn_error_t *serr;
+ const char *propname;
++ apr_pool_t *subpool;
+
+ /* get the repos-local name */
+ get_repos_propname(db, name, &propname);
+@@ -403,6 +418,10 @@ db_remove(dav_db *db, const dav_prop_name *name)
+ if (propname == NULL)
+ return NULL;
+
++ /* A subpool to cope with mod_dav making multiple calls, e.g. during
++ PROPPATCH with multiple values. */
++ subpool = svn_pool_create(db->resource->pool);
++
+ /* Working Baseline or Working (Version) Resource */
+ if (db->resource->baselined)
+ if (db->resource->working)
+@@ -419,11 +438,12 @@ db_remove(dav_db *db, const dav_prop_name *name)
+ propname, NULL, TRUE, TRUE,
+ db->authz_read_func,
+ db->authz_read_baton,
+- db->resource->pool);
++ subpool);
+ else
+ serr = svn_repos_fs_change_node_prop(db->resource->info->root.root,
+ get_repos_path(db->resource->info),
+- propname, NULL, db->resource->pool);
++ propname, NULL, subpool);
++ svn_pool_destroy(subpool);
+ if (serr != NULL)
+ return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR,
+ "could not remove a property",
+@@ -598,19 +618,14 @@ db_get_rollback(dav_db *db,
+ const dav_prop_name *name,
+ dav_deadprop_rollback **prollback)
+ {
+- dav_error *err;
+- dav_deadprop_rollback *ddp;
+- svn_string_t *propval;
++ /* This gets called by mod_dav in preparation for a revprop change.
++ mod_dav_svn doesn't need to make any changes during rollback, but
++ we want the rollback mechanism to trigger. Making changes in
++ response to post-revprop-change hook errors would be positively
++ wrong. */
+
+- if ((err = get_value(db, name, &propval)) != NULL)
+- return err;
++ *prollback = apr_palloc(db->p, sizeof(dav_deadprop_rollback));
+
+- ddp = apr_palloc(db->p, sizeof(*ddp));
+- ddp->name = *name;
+- ddp->value.data = propval ? propval->data : NULL;
+- ddp->value.len = propval ? propval->len : 0;
+-
+- *prollback = ddp;
+ return NULL;
+ }
+
+@@ -618,12 +633,20 @@ db_get_rollback(dav_db *db,
+ static dav_error *
+ db_apply_rollback(dav_db *db, dav_deadprop_rollback *rollback)
+ {
+- if (rollback->value.data == NULL)
+- {
+- return db_remove(db, &rollback->name);
+- }
++ dav_error *derr;
+
+- return save_value(db, &rollback->name, &rollback->value);
++ if (! db->resource->info->revprop_error)
++ return NULL;
++
++ /* Returning the original revprop change error here will cause this
++ detailed error to get returned to the client in preference to the
++ more generic error created by mod_dav. */
++ derr = dav_svn__convert_err(db->resource->info->revprop_error,
++ HTTP_INTERNAL_SERVER_ERROR, NULL,
++ db->resource->pool);
++ db->resource->info->revprop_error = NULL;
++
++ return derr;
+ }
diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
index cb36276..11bf5ee 100644
--- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
@@ -14,7 +14,8 @@ SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
file://libtool2.patch \
file://fix-install-depends.patch \
file://subversion-CVE-2013-1849.patch \
- file://subversion-CVE-2013-4505.patch"
+ file://subversion-CVE-2013-4505.patch \
+ file://subversion-CVE-2013-1845.patch"
SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"
SRC_URI[sha256sum] = "b2919d603a5f3c19f42e3265c4b930e2376c43b3969b90ef9c42b2f72d5aaa45"
--
1.7.10.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 5/6] subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846
2014-05-19 5:27 [PATCH 0/6 v2] backport 6 CVE patches for subversion rongqing.li
` (3 preceding siblings ...)
2014-05-19 5:27 ` [PATCH 4/6] subversion: fix for Security Advisory CVE-2013-1845 rongqing.li
@ 2014-05-19 5:27 ` rongqing.li
2014-05-19 5:27 ` [PATCH 6/6] subversion: fix for Security Advisory CVE-2013-4277 rongqing.li
5 siblings, 0 replies; 8+ messages in thread
From: rongqing.li @ 2014-05-19 5:27 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <Yue.Tao@windriver.com>
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
.../subversion-CVE-2013-1847-CVE-2013-1846.patch | 53 ++++++++++++++++++++
.../subversion/subversion_1.6.15.bb | 3 +-
2 files changed, 55 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch
new file mode 100644
index 0000000..f49b9a4
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch
@@ -0,0 +1,53 @@
+Upstream-Status: Backport
+
+Index: subversion/mod_dav_svn/lock.c
+===================================================================
+--- a/subversion/mod_dav_svn/lock.c (revision 1459696)
++++ b/subversion/mod_dav_svn/lock.c (working copy)
+@@ -634,7 +634,20 @@ append_locks(dav_lockdb *lockdb,
+ svn_lock_t *slock;
+ svn_error_t *serr;
+ dav_error *derr;
++ dav_svn_repos *repos = resource->info->repos;
++
++ /* We don't allow anonymous locks */
++ if (! repos->username)
++ return dav_new_error(resource->pool, HTTP_UNAUTHORIZED,
++ DAV_ERR_LOCK_SAVE_LOCK,
++ "Anonymous lock creation is not allowed.");
+
++ /* Not a path in the repository so can't lock it. */
++ if (! resource->info->repos_path)
++ return dav_new_error(resource->pool, HTTP_BAD_REQUEST,
++ DAV_ERR_LOCK_SAVE_LOCK,
++ "Attempted to lock path not in repository.");
++
+ /* If the resource's fs path is unreadable, we don't allow a lock to
+ be created on it. */
+ if (! dav_svn__allow_read_resource(resource, SVN_INVALID_REVNUM,
+@@ -657,7 +670,6 @@ append_locks(dav_lockdb *lockdb,
+ svn_fs_txn_t *txn;
+ svn_fs_root_t *txn_root;
+ const char *conflict_msg;
+- dav_svn_repos *repos = resource->info->repos;
+ apr_hash_t *revprop_table = apr_hash_make(resource->pool);
+ apr_hash_set(revprop_table, SVN_PROP_REVISION_AUTHOR,
+ APR_HASH_KEY_STRING, svn_string_create(repos->username,
+@@ -734,7 +746,7 @@ append_locks(dav_lockdb *lockdb,
+
+ /* Convert the dav_lock into an svn_lock_t. */
+ derr = dav_lock_to_svn_lock(&slock, lock, resource->info->repos_path,
+- info, resource->info->repos->is_svn_client,
++ info, repos->is_svn_client,
+ resource->pool);
+ if (derr)
+ return derr;
+@@ -741,7 +753,7 @@ append_locks(dav_lockdb *lockdb,
+
+ /* Now use the svn_lock_t to actually perform the lock. */
+ serr = svn_repos_fs_lock(&slock,
+- resource->info->repos->repos,
++ repos->repos,
+ slock->path,
+ slock->token,
+ slock->comment,
diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
index 11bf5ee..b86e578 100644
--- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
@@ -15,7 +15,8 @@ SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
file://fix-install-depends.patch \
file://subversion-CVE-2013-1849.patch \
file://subversion-CVE-2013-4505.patch \
- file://subversion-CVE-2013-1845.patch"
+ file://subversion-CVE-2013-1845.patch \
+ file://subversion-CVE-2013-1847-CVE-2013-1846.patch"
SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"
SRC_URI[sha256sum] = "b2919d603a5f3c19f42e3265c4b930e2376c43b3969b90ef9c42b2f72d5aaa45"
--
1.7.10.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 6/6] subversion: fix for Security Advisory CVE-2013-4277
2014-05-19 5:27 [PATCH 0/6 v2] backport 6 CVE patches for subversion rongqing.li
` (4 preceding siblings ...)
2014-05-19 5:27 ` [PATCH 5/6] subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846 rongqing.li
@ 2014-05-19 5:27 ` rongqing.li
5 siblings, 0 replies; 8+ messages in thread
From: rongqing.li @ 2014-05-19 5:27 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <Yue.Tao@windriver.com>
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
.../subversion-1.7.10/subversion-CVE-2013-4277.patch | 15 +++++++++++++++
.../subversion/subversion-CVE-2013-4277.patch | 15 +++++++++++++++
meta/recipes-devtools/subversion/subversion_1.6.15.bb | 3 ++-
meta/recipes-devtools/subversion/subversion_1.7.10.bb | 1 +
4 files changed, 33 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4277.patch
create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4277.patch
diff --git a/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4277.patch b/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4277.patch
new file mode 100644
index 0000000..a5900d8
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4277.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport
+
+--- a/subversion/svnserve/main.c
++++ b/subversion/svnserve/main.c
+@@ -403,8 +403,9 @@ static svn_error_t *write_pid_file(const
+ const char *contents = apr_psprintf(pool, "%" APR_PID_T_FMT "\n",
+ getpid());
+
++ SVN_ERR(svn_io_remove_file2(filename, TRUE, pool));
+ SVN_ERR(svn_io_file_open(&file, filename,
+- APR_WRITE | APR_CREATE | APR_TRUNCATE,
++ APR_WRITE | APR_CREATE | APR_EXCL,
+ APR_OS_DEFAULT, pool));
+ SVN_ERR(svn_io_file_write_full(file, contents, strlen(contents), NULL,
+ pool));
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4277.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4277.patch
new file mode 100644
index 0000000..21b8ef0
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4277.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport
+
+--- a/subversion/svnserve/main.c
++++ b/subversion/svnserve/main.c
+@@ -403,8 +403,9 @@ static svn_error_t *write_pid_file(const
+ const char *contents = apr_psprintf(pool, "%" APR_PID_T_FMT "\n",
+ getpid());
+
++ SVN_ERR(svn_io_remove_file(filename, pool));
+ SVN_ERR(svn_io_file_open(&file, filename,
+- APR_WRITE | APR_CREATE | APR_TRUNCATE,
++ APR_WRITE | APR_CREATE | APR_EXCL,
+ APR_OS_DEFAULT, pool));
+ SVN_ERR(svn_io_file_write_full(file, contents, strlen(contents), NULL,
+ pool));
diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
index b86e578..1bc6374 100644
--- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
@@ -16,7 +16,8 @@ SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
file://subversion-CVE-2013-1849.patch \
file://subversion-CVE-2013-4505.patch \
file://subversion-CVE-2013-1845.patch \
- file://subversion-CVE-2013-1847-CVE-2013-1846.patch"
+ file://subversion-CVE-2013-1847-CVE-2013-1846.patch \
+ file://subversion-CVE-2013-4277.patch"
SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"
SRC_URI[sha256sum] = "b2919d603a5f3c19f42e3265c4b930e2376c43b3969b90ef9c42b2f72d5aaa45"
diff --git a/meta/recipes-devtools/subversion/subversion_1.7.10.bb b/meta/recipes-devtools/subversion/subversion_1.7.10.bb
index 2d06263..e745ce7 100644
--- a/meta/recipes-devtools/subversion/subversion_1.7.10.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.7.10.bb
@@ -16,6 +16,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://neon.m4-fix-includes-and-cflags.patch \
file://subversion-CVE-2013-4505.patch \
file://subversion-CVE-2013-4131.patch \
+ file://subversion-CVE-2013-4277.patch \
"
SRC_URI[md5sum] = "4088a77e14232876c9b4ff1541e6e200"
SRC_URI[sha256sum] = "c1df222bec83d014d17785e2ceba6bc80962f64b280967de0285836d8d77a8e7"
--
1.7.10.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 1/6] subversion: fix for Security Advisory CVE-2013-1849
2014-05-16 6:00 [PATCH 0/6] subversion: backport 6 CVE patches rongqing.li
@ 2014-05-16 6:00 ` rongqing.li
0 siblings, 0 replies; 8+ messages in thread
From: rongqing.li @ 2014-05-16 6:00 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <Yue.Tao@windriver.com>
Reject operations on getcontentlength and getcontenttype properties
if the resource is an activity.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
.../subversion/subversion-CVE-2013-1849.patch | 25 ++++++++++++++++++++
.../subversion/subversion_1.6.15.bb | 3 ++-
2 files changed, 27 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
new file mode 100644
index 0000000..734f9b0
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
@@ -0,0 +1,25 @@
+Upstream-Status: Backport
+
+--- a/subversion/mod_dav_svn/liveprops.c
++++ b/subversion/mod_dav_svn/liveprops.c
+@@ -410,7 +410,8 @@ insert_prop(const dav_resource *resource
+ svn_filesize_t len = 0;
+
+ /* our property, but not defined on collection resources */
+- if (resource->collection || resource->baselined)
++ if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
++ || resource->collection || resource->baselined)
+ return DAV_PROP_INSERT_NOTSUPP;
+
+ serr = svn_fs_file_length(&len, resource->info->root.root,
+@@ -434,7 +435,9 @@ insert_prop(const dav_resource *resource
+ svn_string_t *pval;
+ const char *mime_type = NULL;
+
+- if (resource->baselined && resource->type == DAV_RESOURCE_TYPE_VERSION)
++ if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
++ || (resource->baselined
++ && resource->type == DAV_RESOURCE_TYPE_VERSION))
+ return DAV_PROP_INSERT_NOTSUPP;
+
+ if (resource->type == DAV_RESOURCE_TYPE_PRIVATE
diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
index f225671..919624b 100644
--- a/meta/recipes-devtools/subversion/subversion_1.6.15.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
@@ -7,12 +7,13 @@ HOMEPAGE = "http://subversion.tigris.org"
BBCLASSEXTEND = "native"
-PR = "r3"
+PR = "r4"
SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
file://disable-revision-install.patch \
file://libtool2.patch \
file://fix-install-depends.patch \
+ file://subversion-CVE-2013-1849.patch \
"
SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"
--
1.7.10.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2014-05-19 5:27 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-05-19 5:27 [PATCH 0/6 v2] backport 6 CVE patches for subversion rongqing.li
2014-05-19 5:27 ` [PATCH 1/6] subversion: fix for Security Advisory CVE-2013-1849 rongqing.li
2014-05-19 5:27 ` [PATCH 2/6] subversion: fix for Security Advisory CVE-2013-4505 rongqing.li
2014-05-19 5:27 ` [PATCH 3/6] subversion: fix for Security Advisory CVE-2013-4131 rongqing.li
2014-05-19 5:27 ` [PATCH 4/6] subversion: fix for Security Advisory CVE-2013-1845 rongqing.li
2014-05-19 5:27 ` [PATCH 5/6] subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846 rongqing.li
2014-05-19 5:27 ` [PATCH 6/6] subversion: fix for Security Advisory CVE-2013-4277 rongqing.li
-- strict thread matches above, loose matches on Subject: below --
2014-05-16 6:00 [PATCH 0/6] subversion: backport 6 CVE patches rongqing.li
2014-05-16 6:00 ` [PATCH 1/6] subversion: fix for Security Advisory CVE-2013-1849 rongqing.li
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.