Bug#741395: wheezy-pu: package subversion/1.6.17dfsg-4+deb7u6
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu
The last upload for CVE-2014-0032 was buggy. I'd like to upload the
below changes to fix that.
diffstat for subversion_1.6.17dfsg-4+deb7u5 subversion_1.6.17dfsg-4+deb7u6
changelog | 7 +++++++
patches/CVE-2014-0032 | 16 +++++-----------
2 files changed, 12 insertions(+), 11 deletions(-)
diff -u subversion-1.6.17dfsg/debian/changelog subversion-1.6.17dfsg/debian/changelog
--- subversion-1.6.17dfsg/debian/changelog
+++ subversion-1.6.17dfsg/debian/changelog
@@ -1,3 +1,10 @@
+subversion (1.6.17dfsg-4+deb7u6) wheezy; urgency=medium
+
+ * Fix “undefined symbol: dav_svn__new_error” regression in previous upload.
+ (Closes: #741314)
+
+ -- James McCoy <jamessan@debian.org> Tue, 11 Mar 2014 21:06:58 -0400
+
subversion (1.6.17dfsg-4+deb7u5) wheezy; urgency=medium
* Add patch CVE-2014-0032: mod_dav_svn crash when handling certain requests
diff -u subversion-1.6.17dfsg/debian/patches/CVE-2014-0032 subversion-1.6.17dfsg/debian/patches/CVE-2014-0032
--- subversion-1.6.17dfsg/debian/patches/CVE-2014-0032
+++ subversion-1.6.17dfsg/debian/patches/CVE-2014-0032
@@ -11,7 +11,7 @@
--- a/subversion/mod_dav_svn/repos.c
+++ b/subversion/mod_dav_svn/repos.c
-@@ -1672,6 +1672,25 @@
+@@ -1672,6 +1672,19 @@
if (strcmp(parentpath, uri) == 0)
{
@@ -19,19 +19,13 @@
+ * httpd uses the same method_number for HEAD as GET */
+ if (r->method_number != M_GET)
+ {
-+ int status;
-+
-+ /* Marshal the error back to the client by generating by
-+ * way of the dav_svn__error_response_tag trick. */
-+ err = dav_svn__new_error(r->pool, HTTP_METHOD_NOT_ALLOWED,
-+ SVN_ERR_APMOD_MALFORMED_URI,
-+ "The URI does not contain the name "
-+ "of a repository.");
+ /* can't use r->allowed since the default handler isn't called */
+ apr_table_setn(r->headers_out, "Allow", "GET,HEAD");
-+ status = dav_svn__error_response_tag(r, err);
+
-+ return dav_push_error(r->pool, status, err->error_id, NULL, err);
++ return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED,
++ SVN_ERR_APMOD_MALFORMED_URI,
++ "The URI does not contain the name "
++ "of a repository.");
+ }
+
err = get_parentpath_resource(r, root_path, resource);
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: