# ./pullrev.sh 1667248
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0251
http://svn.apache.org/viewvc?view=revision&revision=1667248
--- subversion-1.7.14/subversion/mod_dav_svn/deadprops.c
+++ subversion-1.7.14/subversion/mod_dav_svn/deadprops.c
@@ -160,6 +160,23 @@
}
+static svn_error_t *
+change_txn_prop(svn_fs_txn_t *txn,
+ const char *propname,
+ const svn_string_t *value,
+ apr_pool_t *scratch_pool)
+{
+ if (strcmp(propname, SVN_PROP_REVISION_AUTHOR) == 0)
+ return svn_error_create(SVN_ERR_RA_DAV_REQUEST_FAILED, NULL,
+ "Attempted to modify 'svn:author' property "
+ "on a transaction");
+
+ SVN_ERR(svn_repos_fs_change_txn_prop(txn, propname, value, scratch_pool));
+
+ return SVN_NO_ERROR;
+}
+
+
static dav_error *
save_value(dav_db *db, const dav_prop_name *name,
const svn_string_t *const *old_value_p,
@@ -210,9 +227,8 @@
{
if (db->resource->working)
{
- serr = svn_repos_fs_change_txn_prop(resource->info->root.txn,
- propname, value,
- subpool);
+ serr = change_txn_prop(resource->info->root.txn, propname,
+ value, subpool);
}
else
{
@@ -251,8 +267,8 @@
}
else if (resource->info->restype == DAV_SVN_RESTYPE_TXN_COLLECTION)
{
- serr = svn_repos_fs_change_txn_prop(resource->info->root.txn,
- propname, value, subpool);
+ serr = change_txn_prop(resource->info->root.txn, propname,
+ value, subpool);
}
else
{
@@ -561,8 +577,8 @@
/* Working Baseline or Working (Version) Resource */
if (db->resource->baselined)
if (db->resource->working)
- serr = svn_repos_fs_change_txn_prop(db->resource->info->root.txn,
- propname, NULL, subpool);
+ serr = change_txn_prop(db->resource->info->root.txn, propname,
+ NULL, subpool);
else
/* ### VIOLATING deltaV: you can't proppatch a baseline, it's
not a working resource! But this is how we currently