diff options
| author | Alexander Kanavin <alexander.kanavin@linux.intel.com> | 2015-12-07 19:46:49 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-12-12 23:31:43 +0000 |
| commit | b57f57ea092f93bd7e1268b04c7d3c4af2149a77 (patch) | |
| tree | 46248c17ff4426abc484d805e01e2e7f13af5589 /meta/recipes-devtools | |
| parent | e1315da2d402e77623ed80d2761daf1df306aa45 (diff) | |
| download | openembedded-core-b57f57ea092f93bd7e1268b04c7d3c4af2149a77.tar.gz openembedded-core-b57f57ea092f93bd7e1268b04c7d3c4af2149a77.tar.bz2 openembedded-core-b57f57ea092f93bd7e1268b04c7d3c4af2149a77.zip | |
subversion: update to 1.9.2
Drop backported CVE fix patches
libtool2.patch has been rebased and renamed to 0001-Fix-libtool-name-in-configure.ac.patch
LICENSE checksum has been updated because more 3rd party attributions have been added to it,
it's otherwise still Apache 2.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-devtools')
| -rw-r--r-- | meta/recipes-devtools/subversion/subversion-1.8.13/libtool2.patch | 15 | ||||
| -rw-r--r-- | meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3184.patch | 2094 | ||||
| -rw-r--r-- | meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3187.patch | 346 | ||||
| -rw-r--r-- | meta/recipes-devtools/subversion/subversion/0001-Fix-libtool-name-in-configure.ac.patch | 29 | ||||
| -rw-r--r-- | meta/recipes-devtools/subversion/subversion/disable_macos.patch (renamed from meta/recipes-devtools/subversion/subversion-1.8.13/disable_macos.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-devtools/subversion/subversion/serf.m4-Regex-modified-to-allow-D-in-paths.patch (renamed from meta/recipes-devtools/subversion/subversion-1.8.13/serf.m4-Regex-modified-to-allow-D-in-paths.patch) | 14 | ||||
| -rw-r--r-- | meta/recipes-devtools/subversion/subversion_1.9.2.bb (renamed from meta/recipes-devtools/subversion/subversion_1.8.13.bb) | 12 |
7 files changed, 41 insertions, 2469 deletions
diff --git a/meta/recipes-devtools/subversion/subversion-1.8.13/libtool2.patch b/meta/recipes-devtools/subversion/subversion-1.8.13/libtool2.patch deleted file mode 100644 index 5cd572bfc8..0000000000 --- a/meta/recipes-devtools/subversion/subversion-1.8.13/libtool2.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Inappropriate [embedded specific] - ---- a/configure.ac 2011-10-20 21:56:02.230663987 +0200 -+++ b/configure.ac 2011-08-17 15:01:30.000000000 +0200 -@@ -227,8 +227,8 @@ - LIBTOOL="$sh_libtool" - SVN_LIBTOOL="$sh_libtool" - else -- sh_libtool="$abs_builddir/libtool" -- SVN_LIBTOOL="\$(SHELL) $sh_libtool" -+ sh_libtool="$abs_builddir/$host_alias-libtool" -+ SVN_LIBTOOL="\$(SHELL) \$(abs_builddir)/$host_alias-libtool" - fi - AC_SUBST(SVN_LIBTOOL) - diff --git a/meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3184.patch b/meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3184.patch deleted file mode 100644 index 0663bd2719..0000000000 --- a/meta/recipes-devtools/subversion/subversion-1.8.13/subversion-CVE-2015-3184.patch +++ /dev/null @@ -1,2094 +0,0 @@ -Fix CVE-2015-3184 - -Patch is from: -http://subversion.apache.org/security/CVE-2015-3184-advisory.txt - -Upstream-Status: Backport - -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> - -Index: Makefile.in -=================================================================== ---- a/Makefile.in (revision 1691883) -+++ b/Makefile.in (working copy) -@@ -357,6 +357,7 @@ TEST_SHLIB_VAR_SWIG_RB=\ - fi; - - APXS = @APXS@ -+HTTPD_VERSION = @HTTPD_VERSION@ - - PYTHON = @PYTHON@ - PERL = @PERL@ -@@ -509,6 +510,9 @@ check: bin @TRANSFORM_LIBTOOL_SCRIPTS@ $(TEST_DEPS - if test "$(HTTP_LIBRARY)" != ""; then \ - flags="--http-library $(HTTP_LIBRARY) $$flags"; \ - fi; \ -+ if test "$(HTTPD_VERSION)" != ""; then \ -+ flags="--httpd-version $(HTTPD_VERSION) $$flags"; \ -+ fi; \ - if test "$(SERVER_MINOR_VERSION)" != ""; then \ - flags="--server-minor-version $(SERVER_MINOR_VERSION) $$flags"; \ - fi; \ -Index: build/ac-macros/apache.m4 -=================================================================== ---- a/build/ac-macros/apache.m4 (revision 1691883) -+++ b/build/ac-macros/apache.m4 (working copy) -@@ -160,6 +160,20 @@ if test -n "$APXS" && test "$APXS" != "no"; then - BUILD_APACHE_RULE=apache-mod - INSTALL_APACHE_RULE=install-mods-shared - INSTALL_APACHE_MODS=true -+ HTTPD="`$APXS -q sbindir`/`$APXS -q PROGNAME`" -+ if ! test -e $HTTPD ; then -+ HTTPD="`$APXS -q bindir`/`$APXS -q PROGNAME`" -+ fi -+ HTTPD_VERSION=["`$HTTPD -v | $SED -e 's@^.*/\([0-9.]*\)\(.*$\)@\1@ ; 1q'`"] -+ AC_ARG_ENABLE(broken-httpd-auth, -+ AS_HELP_STRING([--enable-broken-httpd-auth], -+ [Allow building against httpd 2.4 with broken auth]), -+ [broken_httpd_auth=$enableval],[broken_httpd_auth=no]) -+ if test "$enable_broken_httpd_auth" = "yes"; then -+ AC_MSG_NOTICE([Building with broken httpd auth]) -+ AC_DEFINE(SVN_ALLOW_BROKEN_HTTPD_AUTH, 1, -+ [Defined to allow building against httpd 2.4 with broken auth]) -+ fi - - case $host in - *-*-cygwin*) -@@ -178,6 +192,7 @@ AC_SUBST(APACHE_LDFLAGS) - AC_SUBST(APACHE_INCLUDES) - AC_SUBST(APACHE_LIBEXECDIR) - AC_SUBST(INSTALL_APACHE_MODS) -+AC_SUBST(HTTPD_VERSION) - - # there aren't any flags that interest us ... - #if test -n "$APXS" && test "$APXS" != "no"; then -Index: build/run_tests.py -=================================================================== ---- a/build/run_tests.py (revision 1691883) -+++ b/build/run_tests.py (working copy) -@@ -29,6 +29,7 @@ - [--fs-type=<fs-type>] [--fsfs-packing] [--fsfs-sharding=<n>] - [--list] [--milestone-filter=<regex>] [--mode-filter=<type>] - [--server-minor-version=<version>] [--http-proxy=<host>:<port>] -+ [--httpd-version=<version>] - [--config-file=<file>] [--ssl-cert=<file>] - <abs_srcdir> <abs_builddir> - <prog ...> -@@ -125,7 +126,7 @@ class TestHarness: - fsfs_sharding=None, fsfs_packing=None, - list_tests=None, svn_bin=None, mode_filter=None, - milestone_filter=None, set_log_level=None, ssl_cert=None, -- http_proxy=None): -+ http_proxy=None, httpd_version=None): - '''Construct a TestHarness instance. - - ABS_SRCDIR and ABS_BUILDDIR are the source and build directories. -@@ -178,6 +179,7 @@ class TestHarness: - self.log = None - self.ssl_cert = ssl_cert - self.http_proxy = http_proxy -+ self.httpd_version = httpd_version - if not sys.stdout.isatty() or sys.platform == 'win32': - TextColors.disable() - -@@ -481,6 +483,8 @@ class TestHarness: - svntest.main.options.ssl_cert = self.ssl_cert - if self.http_proxy is not None: - svntest.main.options.http_proxy = self.http_proxy -+ if self.httpd_version is not None: -+ svntest.main.options.httpd_version = self.httpd_version - - svntest.main.options.srcdir = self.srcdir - -@@ -645,7 +649,7 @@ def main(): - 'enable-sasl', 'parallel', 'config-file=', - 'log-to-stdout', 'list', 'milestone-filter=', - 'mode-filter=', 'set-log-level=', 'ssl-cert=', -- 'http-proxy=']) -+ 'http-proxy=', 'httpd-version=']) - except getopt.GetoptError: - args = [] - -@@ -656,9 +660,9 @@ def main(): - base_url, fs_type, verbose, cleanup, enable_sasl, http_library, \ - server_minor_version, fsfs_sharding, fsfs_packing, parallel, \ - config_file, log_to_stdout, list_tests, mode_filter, milestone_filter, \ -- set_log_level, ssl_cert, http_proxy = \ -+ set_log_level, ssl_cert, http_proxy, httpd_version = \ - None, None, None, None, None, None, None, None, None, None, None, \ -- None, None, None, None, None, None, None -+ None, None, None, None, None, None, None, None - for opt, val in opts: - if opt in ['-u', '--url']: - base_url = val -@@ -696,6 +700,8 @@ def main(): - ssl_cert = val - elif opt in ['--http-proxy']: - http_proxy = val -+ elif opt in ['--httpd-version']: -+ httpd_version = val - else: - raise getopt.GetoptError - -@@ -712,7 +718,7 @@ def main(): - fsfs_sharding, fsfs_packing, list_tests, - mode_filter=mode_filter, milestone_filter=milestone_filter, - set_log_level=set_log_level, ssl_cert=ssl_cert, -- http_proxy=http_proxy) -+ http_proxy=http_proxy, httpd_version=httpd_version) - - failed = th.run(args[2:]) - if failed: -Index: subversion/mod_authz_svn/mod_authz_svn.c -=================================================================== ---- a/subversion/mod_authz_svn/mod_authz_svn.c (revision 1691883) -+++ b/subversion/mod_authz_svn/mod_authz_svn.c (working copy) -@@ -48,6 +48,23 @@ - #include "svn_dirent_uri.h" - #include "private/svn_fspath.h" - -+/* The apache headers define these and they conflict with our definitions. */ -+#ifdef PACKAGE_BUGREPORT -+#undef PACKAGE_BUGREPORT -+#endif -+#ifdef PACKAGE_NAME -+#undef PACKAGE_NAME -+#endif -+#ifdef PACKAGE_STRING -+#undef PACKAGE_STRING -+#endif -+#ifdef PACKAGE_TARNAME -+#undef PACKAGE_TARNAME -+#endif -+#ifdef PACKAGE_VERSION -+#undef PACKAGE_VERSION -+#endif -+#include "svn_private_config.h" - - #ifdef APLOG_USE_MODULE - APLOG_USE_MODULE(authz_svn); -@@ -67,6 +84,30 @@ typedef struct authz_svn_config_rec { - const char *force_username_case; - } authz_svn_config_rec; - -+#if AP_MODULE_MAGIC_AT_LEAST(20060110,0) /* version where -+ ap_some_auth_required breaks */ -+# if AP_MODULE_MAGIC_AT_LEAST(20120211,47) /* first version with -+ force_authn hook and -+ ap_some_authn_required() which -+ allows us to work without -+ ap_some_auth_required() */ -+# define USE_FORCE_AUTHN 1 -+# define IN_SOME_AUTHN_NOTE "authz_svn-in-some-authn" -+# define FORCE_AUTHN_NOTE "authz_svn-force-authn" -+# else -+ /* ap_some_auth_required() is busted and no viable alternative exists */ -+# ifndef SVN_ALLOW_BROKEN_HTTPD_AUTH -+# error This version of httpd has a security hole with mod_authz_svn -+# else -+ /* user wants to build anyway */ -+# define USE_FORCE_AUTHN 0 -+# endif -+# endif -+#else -+ /* old enough that ap_some_auth_required() still works */ -+# define USE_FORCE_AUTHN 0 -+#endif -+ - /* - * Configuration - */ -@@ -819,9 +860,51 @@ access_checker(request_rec *r) - &authz_svn_module); - const char *repos_path = NULL; - const char *dest_repos_path = NULL; -- int status; -+ int status, authn_required; - -+#if USE_FORCE_AUTHN -+ /* Use the force_authn() hook available in 2.4.x to work securely -+ * given that ap_some_auth_required() is no longer functional for our -+ * purposes in 2.4.x. -+ */ -+ int authn_configured; -+ - /* We are not configured to run */ -+ if (!conf->anonymous || apr_table_get(r->notes, IN_SOME_AUTHN_NOTE) -+ || (! (conf->access_file || conf->repo_relative_access_file))) -+ return DECLINED; -+ -+ /* Authentication is configured */ -+ authn_configured = ap_auth_type(r) != NULL; -+ if (authn_configured) -+ { -+ /* If the user is trying to authenticate, let him. It doesn't -+ * make much sense to grant anonymous access but deny authenticated -+ * users access, even though you can do that with '$anon' in the -+ * access file. -+ */ -+ if (apr_table_get(r->headers_in, -+ (PROXYREQ_PROXY == r->proxyreq) -+ ? "Proxy-Authorization" : "Authorization")) -+ { -+ /* Set the note to force authn regardless of what access_checker_ex -+ hook requires */ -+ apr_table_setn(r->notes, FORCE_AUTHN_NOTE, (const char*)1); -+ -+ /* provide the proper return so the access_checker hook doesn't -+ * prevent the code from continuing on to the other auth hooks */ -+ if (ap_satisfies(r) != SATISFY_ANY) -+ return OK; -+ else -+ return HTTP_FORBIDDEN; -+ } -+ } -+ -+#else -+ /* Support for older versions of httpd that have a working -+ * ap_some_auth_required() */ -+ -+ /* We are not configured to run */ - if (!conf->anonymous - || (! (conf->access_file || conf->repo_relative_access_file))) - return DECLINED; -@@ -834,9 +917,10 @@ access_checker(request_rec *r) - if (ap_satisfies(r) != SATISFY_ANY) - return DECLINED; - -- /* If the user is trying to authenticate, let him. If anonymous -- * access is allowed, so is authenticated access, by definition -- * of the meaning of '*' in the access file. -+ /* If the user is trying to authenticate, let him. It doesn't -+ * make much sense to grant anonymous access but deny authenticated -+ * users access, even though you can do that with '$anon' in the -+ * access file. - */ - if (apr_table_get(r->headers_in, - (PROXYREQ_PROXY == r->proxyreq) -@@ -848,6 +932,7 @@ access_checker(request_rec *r) - return HTTP_FORBIDDEN; - } - } -+#endif - - /* If anon access is allowed, return OK */ - status = req_check_access(r, conf, &repos_path, &dest_repos_path); -@@ -856,7 +941,26 @@ access_checker(request_rec *r) - if (!conf->authoritative) - return DECLINED; - -+#if USE_FORCE_AUTHN -+ if (authn_configured) { -+ /* We have to check to see if authn is required because if so we must -+ * return UNAUTHORIZED (401) rather than FORBIDDEN (403) since returning -+ * the 403 leaks information about what paths may exist to -+ * unauthenticated users. We must set a note here in order -+ * to use ap_some_authn_rquired() without triggering an infinite -+ * loop since the call will trigger this function to be called again. */ -+ apr_table_setn(r->notes, IN_SOME_AUTHN_NOTE, (const char*)1); -+ authn_required = ap_some_authn_required(r); -+ apr_table_unset(r->notes, IN_SOME_AUTHN_NOTE); -+ if (authn_required) -+ { -+ ap_note_auth_failure(r); -+ return HTTP_UNAUTHORIZED; -+ } -+ } -+#else - if (!ap_some_auth_required(r)) -+#endif - log_access_verdict(APLOG_MARK, r, 0, repos_path, dest_repos_path); - - return HTTP_FORBIDDEN; -@@ -937,6 +1041,17 @@ auth_checker(request_rec *r) - return OK; - } - -+#if USE_FORCE_AUTHN -+static int -+force_authn(request_rec *r) -+{ -+ if (apr_table_get(r->notes, FORCE_AUTHN_NOTE)) -+ return OK; -+ -+ return DECLINED; -+} -+#endif -+ - /* - * Module flesh - */ -@@ -953,6 +1068,9 @@ register_hooks(apr_pool_t *p) - * give SSLOptions +FakeBasicAuth a chance to work. */ - ap_hook_check_user_id(check_user_id, mod_ssl, NULL, APR_HOOK_FIRST); - ap_hook_auth_checker(auth_checker, NULL, NULL, APR_HOOK_FIRST); -+#if USE_FORCE_AUTHN -+ ap_hook_force_authn(force_authn, NULL, NULL, APR_HOOK_FIRST); -+#endif - ap_register_provider(p, - AUTHZ_SVN__SUBREQ_BYPASS_PROV_GRP, - AUTHZ_SVN__SUBREQ_BYPASS_PROV_NAME, -Index: subversion/tests/cmdline/README -=================================================================== ---- a/subversion/tests/cmdline/README (revision 1691883) -+++ b/subversion/tests/cmdline/README (working copy) -@@ -83,6 +83,133 @@ paths adjusted appropriately: - Require valid-user - </Location> - -+ <Location /authz-test-work/anon> -+ DAV svn -+ SVNParentPath /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/local_tmp -+ AuthzSVNAccessFile /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/authz -+ SVNListParentPath On -+ # This may seem unnecessary but granting access to everyone here is necessary -+ # to exercise a bug with httpd 2.3.x+. The "Require all granted" syntax is -+ # new to 2.3.x+ which we can detect with the mod_authz_core.c module -+ # signature. Use the "Allow from all" syntax with older versions for symmetry. -+ <IfModule mod_authz_core.c> -+ Require all granted -+ </IfModule> -+ <IfModule !mod_authz_core.c> -+ Allow from all -+ </IfMOdule> -+ </Location> -+ <Location /authz-test-work/mixed> -+ DAV svn -+ SVNParentPath /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/local_tmp -+ AuthzSVNAccessFile /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/authz -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile /usr/local/apache2/conf/users -+ Require valid-user -+ Satisfy Any -+ </Location> -+ <Location /authz-test-work/mixed-noauthwhenanon> -+ DAV svn -+ SVNParentPath /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/local_tmp -+ AuthzSVNAccessFile /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/authz -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile /usr/local/apache2/conf/users -+ Require valid-user -+ AuthzSVNNoAuthWhenAnonymousAllowed On -+ </Location> -+ <Location /authz-test-work/authn> -+ DAV svn -+ SVNParentPath /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/local_tmp -+ AuthzSVNAccessFile /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/authz -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile /usr/local/apache2/conf/users -+ Require valid-user -+ </Location> -+ <Location /authz-test-work/authn-anonoff> -+ DAV svn -+ SVNParentPath /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/local_tmp -+ AuthzSVNAccessFile /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/authz -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile /usr/local/apache2/conf/users -+ Require valid-user -+ AuthzSVNAnonymous Off -+ </Location> -+ <Location /authz-test-work/authn-lcuser> -+ DAV svn -+ SVNParentPath /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/local_tmp -+ AuthzSVNAccessFile /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/authz -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile /usr/local/apache2/conf/users -+ Require valid-user -+ AuthzForceUsernameCase Lower -+ </Location> -+ <Location /authz-test-work/authn-lcuser> -+ DAV svn -+ SVNParentPath /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/local_tmp -+ AuthzSVNAccessFile /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/authz -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile /usr/local/apache2/conf/users -+ Require valid-user -+ AuthzForceUsernameCase Lower -+ </Location> -+ <Location /authz-test-work/authn-group> -+ DAV svn -+ SVNParentPath /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/local_tmp -+ AuthzSVNAccessFile /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/authz -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile /usr/local/apache2/conf/users -+ AuthGroupFile /usr/local/apache2/conf/groups -+ Require group random -+ AuthzSVNAuthoritative Off -+ </Location> -+ <IfModule mod_authz_core.c> -+ <Location /authz-test-work/sallrany> -+ DAV svn -+ SVNParentPath /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/local_tmp -+ AuthzSVNAccessFile /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/authz -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile /usr/local/apache2/conf/users -+ AuthzSendForbiddenOnFailure On -+ Satisfy All -+ <RequireAny> -+ Require valid-user -+ Require expr req('ALLOW') == '1' -+ </RequireAny> -+ </Location> -+ <Location /authz-test-work/sallrall> -+ DAV svn -+ SVNParentPath /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/local_tmp -+ AuthzSVNAccessFile /home/yourusernamehere/projects/svn/subversion/tests/cmdline/svn-test-work/authz -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile /usr/local/apache2/conf/users -+ AuthzSendForbiddenOnFailure On -+ Satisfy All -+ <RequireAll> -+ Require valid-user -+ Require expr req('ALLOW') == '1' -+ </RequireAll> -+ </Location> -+ </IfModule> -+ -+ - RedirectMatch permanent ^/svn-test-work/repositories/REDIRECT-PERM-(.*)$ /svn-test-work/repositories/$1 - RedirectMatch ^/svn-test-work/repositories/REDIRECT-TEMP-(.*)$ /svn-test-work/repositories/$1 - -@@ -101,8 +228,17 @@ just drop the following 2-line snippet into the - ---------------------------- - jrandom:xCGl35kV9oWCY - jconstant:xCGl35kV9oWCY -+JRANDOM:xCGl35kV9oWCY -+JCONSTANT:xCGl35kV9oWCY - ---------------------------- - -+and these lines into the -+/usr/local/apache/conf/groups file: -+---------------------------- -+random: jrandom -+constant: jconstant -+---------------------------- -+ - Now, (re)start Apache and run the tests over mod_dav_svn. - - You can run a test script over DAV: -@@ -138,6 +274,8 @@ Note [1]: It would be quite too much to expect tho - ---------------------------- - jrandom:$apr1$3p1.....$FQW6RceW5QhJ2blWDQgKn0 - jconstant:$apr1$jp1.....$Usrqji1c9H6AbOxOGAzzb0 -+ JRANDOM:$apr1$3p1.....$FQW6RceW5QhJ2blWDQgKn0 -+ JCONSTANT:$apr1$jp1.....$Usrqji1c9H6AbOxOGAzzb0 - ---------------------------- - - -Index: subversion/tests/cmdline/davautocheck.sh -=================================================================== ---- a/subversion/tests/cmdline/davautocheck.sh (revision 1691883) -+++ b/subversion/tests/cmdline/davautocheck.sh (working copy) -@@ -289,8 +289,6 @@ LOAD_MOD_AUTHN_CORE="$(get_loadmodule_config mod_a - || fail "Authn_Core module not found." - LOAD_MOD_AUTHZ_CORE="$(get_loadmodule_config mod_authz_core)" \ - || fail "Authz_Core module not found." --LOAD_MOD_AUTHZ_HOST="$(get_loadmodule_config mod_authz_host)" \ -- || fail "Authz_Host module not found." - LOAD_MOD_UNIXD=$(get_loadmodule_config mod_unixd) \ - || fail "UnixD module not found" - } -@@ -298,6 +296,10 @@ LOAD_MOD_AUTHN_FILE="$(get_loadmodule_config mod_a - || fail "Authn_File module not found." - LOAD_MOD_AUTHZ_USER="$(get_loadmodule_config mod_authz_user)" \ - || fail "Authz_User module not found." -+LOAD_MOD_AUTHZ_GROUPFILE="$(get_loadmodule_config mod_authz_groupfile)" \ -+ || fail "Authz_GroupFile module not found." -+LOAD_MOD_AUTHZ_HOST="$(get_loadmodule_config mod_authz_host)" \ -+ || fail "Authz_Host module not found." - } - if [ ${APACHE_MPM:+set} ]; then - LOAD_MOD_MPM=$(get_loadmodule_config mod_mpm_$APACHE_MPM) \ -@@ -328,6 +330,7 @@ HTTPD_ERROR_LOG="$HTTPD_ROOT/error_log" - HTTPD_MIME_TYPES="$HTTPD_ROOT/mime.types" - BASE_URL="http://localhost:$HTTPD_PORT" - HTTPD_USERS="$HTTPD_ROOT/users" -+HTTPD_GROUPS="$HTTPD_ROOT/groups" - - mkdir "$HTTPD_ROOT" \ - || fail "couldn't create temporary directory '$HTTPD_ROOT'" -@@ -388,6 +391,14 @@ fi - say "Adding users for lock authentication" - $HTPASSWD -bc $HTTPD_USERS jrandom rayjandom - $HTPASSWD -b $HTTPD_USERS jconstant rayjandom -+$HTPASSWD -b $HTTPD_USERS JRANDOM rayjandom -+$HTPASSWD -b $HTTPD_USERS JCONSTANT rayjandom -+ -+say "Adding groups for mod_authz_svn tests" -+cat > "$HTTPD_GROUPS" <<__EOF__ -+random: jrandom -+constant: jconstant -+__EOF__ - - touch $HTTPD_MIME_TYPES - -@@ -405,7 +416,9 @@ $LOAD_MOD_AUTHN_CORE - $LOAD_MOD_AUTHN_FILE - $LOAD_MOD_AUTHZ_CORE - $LOAD_MOD_AUTHZ_USER -+$LOAD_MOD_AUTHZ_GROUPFILE - $LOAD_MOD_AUTHZ_HOST -+$LOAD_MOD_ACCESS_COMPAT - LoadModule authz_svn_module "$MOD_AUTHZ_SVN" - - __EOF__ -@@ -497,6 +510,161 @@ CustomLog "$HTTPD_ROOT/ops" "%t %u %{SVN - SVNAdvertiseV2Protocol ${ADVERTISE_V2_PROTOCOL} - ${SVN_PATH_AUTHZ_LINE} - </Location> -+<Location /authz-test-work/anon> -+ DAV svn -+ SVNParentPath "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/local_tmp" -+ AuthzSVNAccessFile "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz" -+ SVNAdvertiseV2Protocol ${ADVERTISE_V2_PROTOCOL} -+ SVNCacheRevProps ${CACHE_REVPROPS_SETTING} -+ SVNListParentPath On -+ # This may seem unnecessary but granting access to everyone here is necessary -+ # to exercise a bug with httpd 2.3.x+. The "Require all granted" syntax is -+ # new to 2.3.x+ which we can detect with the mod_authz_core.c module -+ # signature. Use the "Allow from all" syntax with older versions for symmetry. -+ <IfModule mod_authz_core.c> -+ Require all granted -+ </IfModule> -+ <IfModule !mod_authz_core.c> -+ Allow from all -+ </IfMOdule> -+ ${SVN_PATH_AUTHZ_LINE} -+</Location> -+<Location /authz-test-work/mixed> -+ DAV svn -+ SVNParentPath "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/local_tmp" -+ AuthzSVNAccessFile "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz" -+ SVNAdvertiseV2Protocol ${ADVERTISE_V2_PROTOCOL} -+ SVNCacheRevProps ${CACHE_REVPROPS_SETTING} -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile $HTTPD_USERS -+ Require valid-user -+ Satisfy Any -+ ${SVN_PATH_AUTHZ_LINE} -+</Location> -+<Location /authz-test-work/mixed-noauthwhenanon> -+ DAV svn -+ SVNParentPath "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/local_tmp" -+ AuthzSVNAccessFile "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz" -+ SVNAdvertiseV2Protocol ${ADVERTISE_V2_PROTOCOL} -+ SVNCacheRevProps ${CACHE_REVPROPS_SETTING} -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile $HTTPD_USERS -+ Require valid-user -+ AuthzSVNNoAuthWhenAnonymousAllowed On -+ SVNPathAuthz On -+</Location> -+<Location /authz-test-work/authn> -+ DAV svn -+ SVNParentPath "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/local_tmp" -+ AuthzSVNAccessFile "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz" -+ SVNAdvertiseV2Protocol ${ADVERTISE_V2_PROTOCOL} -+ SVNCacheRevProps ${CACHE_REVPROPS_SETTING} -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile $HTTPD_USERS -+ Require valid-user -+ ${SVN_PATH_AUTHZ_LINE} -+</Location> -+<Location /authz-test-work/authn-anonoff> -+ DAV svn -+ SVNParentPath "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/local_tmp" -+ AuthzSVNAccessFile "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz" -+ SVNAdvertiseV2Protocol ${ADVERTISE_V2_PROTOCOL} -+ SVNCacheRevProps ${CACHE_REVPROPS_SETTING} -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile $HTTPD_USERS -+ Require valid-user -+ AuthzSVNAnonymous Off -+ SVNPathAuthz On -+</Location> -+<Location /authz-test-work/authn-lcuser> -+ DAV svn -+ SVNParentPath "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/local_tmp" -+ AuthzSVNAccessFile "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz" -+ SVNAdvertiseV2Protocol ${ADVERTISE_V2_PROTOCOL} -+ SVNCacheRevProps ${CACHE_REVPROPS_SETTING} -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile $HTTPD_USERS -+ Require valid-user -+ AuthzForceUsernameCase Lower -+ ${SVN_PATH_AUTHZ_LINE} -+</Location> -+<Location /authz-test-work/authn-lcuser> -+ DAV svn -+ SVNParentPath "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/local_tmp" -+ AuthzSVNAccessFile "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz" -+ SVNAdvertiseV2Protocol ${ADVERTISE_V2_PROTOCOL} -+ SVNCacheRevProps ${CACHE_REVPROPS_SETTING} -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile $HTTPD_USERS -+ Require valid-user -+ AuthzForceUsernameCase Lower -+ ${SVN_PATH_AUTHZ_LINE} -+</Location> -+<Location /authz-test-work/authn-group> -+ DAV svn -+ SVNParentPath "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/local_tmp" -+ AuthzSVNAccessFile "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz" -+ SVNAdvertiseV2Protocol ${ADVERTISE_V2_PROTOCOL} -+ SVNCacheRevProps ${CACHE_REVPROPS_SETTING} -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile $HTTPD_USERS -+ AuthGroupFile $HTTPD_GROUPS -+ Require group random -+ AuthzSVNAuthoritative Off -+ SVNPathAuthz On -+</Location> -+<IfModule mod_authz_core.c> -+ <Location /authz-test-work/sallrany> -+ DAV svn -+ SVNParentPath "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/local_tmp" -+ AuthzSVNAccessFile "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz" -+ SVNAdvertiseV2Protocol ${ADVERTISE_V2_PROTOCOL} -+ SVNCacheRevProps ${CACHE_REVPROPS_SETTING} -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile $HTTPD_USERS -+ AuthzSendForbiddenOnFailure On -+ Satisfy All -+ <RequireAny> -+ Require valid-user -+ Require expr req('ALLOW') == '1' -+ </RequireAny> -+ ${SVN_PATH_AUTHZ_LINE} -+ </Location> -+ <Location /authz-test-work/sallrall> -+ DAV svn -+ SVNParentPath "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/local_tmp" -+ AuthzSVNAccessFile "$ABS_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz" -+ SVNAdvertiseV2Protocol ${ADVERTISE_V2_PROTOCOL} -+ SVNCacheRevProps ${CACHE_REVPROPS_SETTING} -+ SVNListParentPath On -+ AuthType Basic -+ AuthName "Subversion Repository" -+ AuthUserFile $HTTPD_USERS -+ AuthzSendForbiddenOnFailure On -+ Satisfy All -+ <RequireAll> -+ Require valid-user -+ Require expr req('ALLOW') == '1' -+ </RequireAll> -+ ${SVN_PATH_AUTHZ_LINE} -+ </Location> -+</IfModule> - RedirectMatch permanent ^/svn-test-work/repositories/REDIRECT-PERM-(.*)\$ /svn-test-work/repositories/\$1 - RedirectMatch ^/svn-test-work/repositories/REDIRECT-TEMP-(.*)\$ /svn-test-work/repositories/\$1 - __EOF__ -Index: subversion/tests/cmdline/mod_authz_svn_tests.py -=================================================================== ---- a/subversion/tests/cmdline/mod_authz_svn_tests.py (nonexistent) -+++ b/subversion/tests/cmdline/mod_authz_svn_tests.py (working copy) -@@ -0,0 +1,1073 @@ -+#!/usr/bin/env python -+# -+# mod_authz_svn_tests.py: testing mod_authz_svn -+# -+# Subversion is a tool for revision control. -+# See http://subversion.apache.org for more information. -+# -+# ==================================================================== -+# Licensed to the Apache Software Foundation (ASF) under one -+# or more contributor license agreements. See the NOTICE file -+# distributed with this work for additional information -+# regarding copyright ownership. The ASF licenses this file -+# to you under the Apache License, Version 2.0 (the -+# "License"); you may not use this file except in compliance -+# with the License. You may obtain a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, -+# software distributed under the License is distributed on an -+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -+# KIND, either express or implied. See the License for the -+# specific language governing permissions and limitations -+# under the License. -+###################################################################### -+ -+# General modules -+import os, re, logging -+ -+logger = logging.getLogger() -+ -+# Our testing module -+import svntest -+ -+# (abbreviation) -+Skip = svntest.testcase.Skip_deco -+SkipUnless = svntest.testcase.SkipUnless_deco -+XFail = svntest.testcase.XFail_deco -+Issues = svntest.testcase.Issues_deco -+Issue = svntest.testcase.Issue_deco -+Wimp = svntest.testcase.Wimp_deco -+ -+ls_of_D_no_H = '''<html><head><title>repos - Revision 1: /A/D</title></head> -+<body> -+ <h2>repos - Revision 1: /A/D</h2> -+ <ul> -+ <li><a href="../">..</a></li> -+ <li><a href="G/">G/</a></li> -+ <li><a href="gamma">gamma</a></li> -+ </ul> -+</body></html>''' -+ -+ls_of_D_H = '''<html><head><title>repos - Revision 1: /A/D</title></head> -+<body> -+ <h2>repos - Revision 1: /A/D</h2> -+ <ul> -+ <li><a href="../">..</a></li> -+ <li><a href="G/">G/</a></li> -+ <li><a href="H/">H/</a></li> -+ <li><a href="gamma">gamma</a></li> -+ </ul> -+</body></html>''' -+ -+ls_of_H = '''<html><head><title>repos - Revision 1: /A/D/H</title></head> -+<body> -+ <h2>repos - Revision 1: /A/D/H</h2> -+ <ul> -+ <li><a href="../">..</a></li> -+ <li><a href="chi">chi</a></li> -+ <li><a href="omega">omega</a></li> -+ <li><a href="psi">psi</a></li> -+ </ul> -+</body></html>''' -+ -+user1 = svntest.main.wc_author -+user1_upper = user1.upper() -+user1_pass = svntest.main.wc_passwd -+user1_badpass = 'XXX' -+assert user1_pass != user1_badpass, "Passwords can't match" -+user2 = svntest.main.wc_author2 -+user2_upper = user2.upper() -+user2_pass = svntest.main.wc_passwd -+user2_badpass = 'XXX' -+assert user2_pass != user2_badpass, "Passwords can't match" -+ -+def write_authz_file(sbox): -+ svntest.main.write_authz_file(sbox, { -+ '/': '$anonymous = r\n' + -+ 'jrandom = rw\n' + -+ |