← Back to branch summary

~ubuntu-branches/debian/sid/subversion/sid

« back to all changes in this revision

Viewing changes to debian/patches/apache_module_dependency

  • Committer: Package Import Robot
  • Author(s): James McCoy
  • Date: 2015-08-07 21:32:47 UTC
  • mfrom: (0.2.15) (4.1.7 experimental)
  • Revision ID: package-import@ubuntu.com-20150807213247-ozyewtmgsr6tkewl
Tags: 1.9.0-1
http://bugs.debian.org/791844
* Upload to unstable
* New upstream release.
  + Security fixes
    - CVE-2015-3184: Mixed anonymous/authenticated path-based authz with
      httpd 2.4
    - CVE-2015-3187: svn_repos_trace_node_locations() reveals paths hidden
      by authz
* Add >= 2.7 requirement for python-all-dev Build-Depends, needed to run
  tests.
* Remove Build-Conflicts against ruby-test-unit.  (Closes: #791844)
* Remove patches/apache_module_dependency in favor of expressing the
  dependencies in authz_svn.load/dav_svn.load.
* Build-Depend on apache2-dev (>= 2.4.16) to ensure ap_some_authn_required()
  is available when building mod_authz_svn and Depend on apache2-bin (>=
  2.4.16) for runtime support.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/apache_module_dependency
1
 
apache_module_dependency: Dynamically bind two mod_dav_svn functions in
2
 
mod_authz_svn, so that it works even if mod_authz_svn is loaded first.
3
 
 
4
 
This is related to splitting mod_authz_svn out of dav_svn.load into its
5
 
own authz_svn.load.  Since a2enmod does not reorder modules based on
6
 
dependencies, mod_authz_svn is loaded first.
7
 
 
8
 
--- a/subversion/include/mod_dav_svn.h
9
 
+++ b/subversion/include/mod_dav_svn.h
10
 
@@ -30,6 +30,7 @@
11
 
 
12
 
 #include <httpd.h>
13
 
 #include <mod_dav.h>
14
 
+#include <apr_optional.h>
15
 
 
16
 
 
17
 
 #ifdef __cplusplus
18
 
@@ -83,6 +84,15 @@
19
 
                                                  const char **repos_basename,
20
 
                                                  const char **relative_path,
21
 
                                                  const char **repos_path);
22
 
+APR_DECLARE_OPTIONAL_FN(dav_error *, dav_svn_split_uri,
23
 
+                        (request_rec *r,
24
 
+                         const char *uri,
25
 
+                         const char *root_path,
26
 
+                         const char **cleaned_uri,
27
 
+                         int *trailing_slash,
28
 
+                         const char **repos_name,
29
 
+                         const char **relative_path,
30
 
+                         const char **repos_path));
31
 
 
32
 
 
33
 
 /**
34
 
@@ -91,6 +101,10 @@
35
 
 AP_MODULE_DECLARE(dav_error *) dav_svn_get_repos_path(request_rec *r,
36
 
                                                       const char *root_path,
37
 
                                                       const char **repos_path);
38
 
+APR_DECLARE_OPTIONAL_FN(dav_error *, dav_svn_get_repos_path,
39
 
+                        (request_rec *r,
40
 
+                         const char *root_path,
41
 
+                         const char **repos_path));
42
 
 
43
 
 #ifdef __cplusplus
44
 
 }
45
 
--- a/subversion/mod_authz_svn/mod_authz_svn.c
46
 
+++ b/subversion/mod_authz_svn/mod_authz_svn.c
47
 
@@ -22,7 +22,7 @@
48
 
  * ====================================================================
49
 
  */
50
 
 
51
 
-
52
 
+#define DAV_SVN_LOAD_OPTIONAL 1
53
 
 
54
 
 #include <httpd.h>
55
 
 #include <http_config.h>
56
 
@@ -67,6 +67,13 @@
57
 
   const char *force_username_case;
58
 
 } authz_svn_config_rec;
59
 
 
60
 
+#if DAV_SVN_LOAD_OPTIONAL
61
 
+static APR_OPTIONAL_FN_TYPE(dav_svn_get_repos_path) *get_repos_path;
62
 
+static APR_OPTIONAL_FN_TYPE(dav_svn_split_uri) *split_uri;
63
 
+#define dav_svn_get_repos_path get_repos_path
64
 
+#define dav_svn_split_uri split_uri
65
 
+#endif
66
 
+
67
 
 /*
68
 
  * Configuration
69
 
  */
70
 
@@ -937,6 +944,16 @@
71
 
   return OK;
72
 
 }
73
 
 
74
 
+#if DAV_SVN_LOAD_OPTIONAL
75
 
+#undef dav_svn_get_repos_path
76
 
+#undef dav_svn_split_uri
77
 
+static void import_dav_svn(void)
78
 
+{
79
 
+  get_repos_path = APR_RETRIEVE_OPTIONAL_FN(dav_svn_get_repos_path);
80
 
+  split_uri = APR_RETRIEVE_OPTIONAL_FN(dav_svn_split_uri);
81
 
+}
82
 
+#endif
83
 
+
84
 
 /*
85
 
  * Module flesh
86
 
  */
87
 
@@ -958,6 +975,9 @@
88
 
                        AUTHZ_SVN__SUBREQ_BYPASS_PROV_NAME,
89
 
                        AUTHZ_SVN__SUBREQ_BYPASS_PROV_VER,
90
 
                        (void*)subreq_bypass);
91
 
+#if DAV_SVN_LOAD_OPTIONAL
92
 
+  ap_hook_optional_fn_retrieve(import_dav_svn,NULL,NULL,APR_HOOK_MIDDLE);
93
 
+#endif
94
 
 }
95
 
 
96
 
 module AP_MODULE_DECLARE_DATA authz_svn_module =
97
 
--- a/subversion/mod_dav_svn/mod_dav_svn.c
98
 
+++ b/subversion/mod_dav_svn/mod_dav_svn.c
99
 
@@ -1330,6 +1330,9 @@
100
 
 static void
101
 
 register_hooks(apr_pool_t *pconf)
102
 
 {
103
 
+  APR_REGISTER_OPTIONAL_FN(dav_svn_get_repos_path);
104
 
+  APR_REGISTER_OPTIONAL_FN(dav_svn_split_uri);
105
 
+
106
 
   ap_hook_pre_config(init_dso, NULL, NULL, APR_HOOK_REALLY_FIRST);
107
 
   ap_hook_post_config(init, NULL, NULL, APR_HOOK_MIDDLE);
108