[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#741395: wheezy-pu: package subversion/1.6.17dfsg-4+deb7u6

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

The last upload for CVE-2014-0032 was buggy.  I'd like to upload the
below changes to fix that.

diffstat for subversion_1.6.17dfsg-4+deb7u5 subversion_1.6.17dfsg-4+deb7u6

 changelog             |    7 +++++++
 patches/CVE-2014-0032 |   16 +++++-----------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff -u subversion-1.6.17dfsg/debian/changelog subversion-1.6.17dfsg/debian/changelog
--- subversion-1.6.17dfsg/debian/changelog
+++ subversion-1.6.17dfsg/debian/changelog
@@ -1,3 +1,10 @@
+subversion (1.6.17dfsg-4+deb7u6) wheezy; urgency=medium
+
+  * Fix “undefined symbol: dav_svn__new_error” regression in previous upload.
+    (Closes: #741314)
+
+ -- James McCoy <jamessan@debian.org>  Tue, 11 Mar 2014 21:06:58 -0400
+
 subversion (1.6.17dfsg-4+deb7u5) wheezy; urgency=medium
 
   * Add patch CVE-2014-0032: mod_dav_svn crash when handling certain requests
diff -u subversion-1.6.17dfsg/debian/patches/CVE-2014-0032 subversion-1.6.17dfsg/debian/patches/CVE-2014-0032
--- subversion-1.6.17dfsg/debian/patches/CVE-2014-0032
+++ subversion-1.6.17dfsg/debian/patches/CVE-2014-0032
@@ -11,7 +11,7 @@
 
 --- a/subversion/mod_dav_svn/repos.c
 +++ b/subversion/mod_dav_svn/repos.c
-@@ -1672,6 +1672,25 @@
+@@ -1672,6 +1672,19 @@
  
        if (strcmp(parentpath, uri) == 0)
          {
@@ -19,19 +19,13 @@
 +           * httpd uses the same method_number for HEAD as GET */
 +          if (r->method_number != M_GET)
 +            {
-+              int status;
-+
-+              /* Marshal the error back to the client by generating by
-+               * way of the dav_svn__error_response_tag trick. */
-+              err = dav_svn__new_error(r->pool, HTTP_METHOD_NOT_ALLOWED,
-+                                       SVN_ERR_APMOD_MALFORMED_URI,
-+                                       "The URI does not contain the name "
-+                                       "of a repository.");
 +              /* can't use r->allowed since the default handler isn't called */
 +              apr_table_setn(r->headers_out, "Allow", "GET,HEAD");
-+              status = dav_svn__error_response_tag(r, err);
 +
-+              return dav_push_error(r->pool, status, err->error_id, NULL, err);
++              return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED,
++                                   SVN_ERR_APMOD_MALFORMED_URI,
++                                   "The URI does not contain the name "
++                                   "of a repository.");
 +            }
 +
            err = get_parentpath_resource(r, root_path, resource);

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: