- CVE-2013-4277 fix

Approved by: lev@ (explicit) Security: f8a913cc-1322-11e3-8ffa-20cf30e32f6d CVE-2013-4277
svn path=/head/; revision=326073
2024-12-29 05:38:00 +00:00 · 2013-09-02 20:10:18 +00:00 · 2013-09-02 20:10:18 +00:00 · a05ea92118 · 2021-03-31 03:12:20 +00:00
commit a05ea92118
parent efd0697549
2 changed files with 15 additions and 1 deletions
--- a/devel/subversion16/Makefile.common
+++ b/devel/subversion16/Makefile.common
@ -3,7 +3,7 @@

 PORTNAME=	subversion
 PORTVERSION=	#please edit Makefile.inc for PORTVERSION, so ../svnmerge can stay in sync.
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES+=	devel
 MASTER_SITES=	http://subversion.tigris.org/downloads/:main \
 		http://svnbook.red-bean.com/en/1.5/:book
--- a/devel/subversion16/files/patch-subversionsvnservemain.c
+++ b/devel/subversion16/files/patch-subversionsvnservemain.c
@ -0,0 +1,14 @@
+--- ./subversion/svnserve/main.c.orig	2013-09-02 21:08:27.000000000 +0200
+++ ./subversion/svnserve/main.c	2013-09-02 21:11:37.000000000 +0200
+@@ -317,8 +317,10 @@
+   const char *contents = apr_psprintf(pool, "%" APR_PID_T_FMT "\n",
+                                              getpid());
+ 
+/* CVE-2013-4277 fix */
+  SVN_ERR(svn_io_remove_file(filename, pool));
+   SVN_ERR(svn_io_file_open(&file, filename,
+-                           APR_WRITE | APR_CREATE | APR_TRUNCATE,
+                           APR_WRITE | APR_CREATE | APR_EXCL,
+                            APR_OS_DEFAULT, pool));
+   SVN_ERR(svn_io_file_write_full(file, contents, strlen(contents), NULL,
+                                  pool));