diff --git a/SOURCES/subversion-1.14.1-r1926683.patch b/SOURCES/subversion-1.14.1-r1926683.patch new file mode 100644 index 0000000..4cffb97 --- /dev/null +++ b/SOURCES/subversion-1.14.1-r1926683.patch @@ -0,0 +1,60 @@ +From 1a7310fe38e049d228731d17690dc3c4455ea28b Mon Sep 17 00:00:00 2001 +From: Joe Orton +Date: Tue, 24 Jun 2025 09:44:06 +0000 +Subject: [PATCH] mod_dav_svn: Use mod_dav's DAVBasePath setting to determine + the repository root path, allowing SVN to be configured via LocationMatch + like: + + + DAV svn + SVNParentPath /srv/repos + DAVBasePath /repos + + +by mapping URL path "/repos/svnfoo" to the filesystem path of +"/srv/repos/svnfoo". This partially addresses issues like SVN-4790 +(with minimal added complexity), though does not provide as much +flexibility as discussed in SVN-2679. (resolves #28) + +* subversion/mod_dav_svn/mod_dav_svn.c + (dav_svn__get_root_dir): Retrieve and return the setting from + DavBasePath via dav_get_base_path() where that API is available + and DavBasePath is configured. + (dav_svn__translate_name): Use dav_svn__get_root_dir() to determine + the repos root for the same reason. + + +git-svn-id: https://svn.apache.org/repos/asf/subversion/trunk@1926683 13f79535-47bb-0310-9956-ffa450edef68 +--- + subversion/mod_dav_svn/mod_dav_svn.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/subversion/mod_dav_svn/mod_dav_svn.c b/subversion/mod_dav_svn/mod_dav_svn.c +index 72f4470f62624..9b13134f33545 100644 +--- a/subversion/mod_dav_svn/mod_dav_svn.c ++++ b/subversion/mod_dav_svn/mod_dav_svn.c +@@ -781,6 +781,15 @@ const char * + dav_svn__get_root_dir(request_rec *r) + { + dir_conf_t *conf; ++#ifdef AP_X_RH_DAV_GET_BASE_PATH ++ const char *base; ++ ++ /* Inherit the root path from mod_dav's DavBasePath iff configured ++ where e.g. LocationMatch is used for the repos. */ ++ base = dav_get_base_path(r); ++ if (base) ++ return base; ++#endif + + conf = ap_get_module_config(r->per_dir_config, &dav_svn_module); + return conf->root_dir; +@@ -1225,7 +1234,7 @@ static int dav_svn__translate_name(request_rec *r) + else + { + /* Retrieve path to repo and within repo for the request */ +- dav_error *err = dav_svn_split_uri(r, r->uri, conf->root_dir, ++ dav_error *err = dav_svn_split_uri(r, r->uri, dav_svn__get_root_dir(r), + &ignore_cleaned_uri, + &ignore_had_slash, &repos_basename, + &ignore_relative_path, &repos_path); diff --git a/SPECS/subversion.spec b/SPECS/subversion.spec index 32871af..379c17a 100644 --- a/SPECS/subversion.spec +++ b/SPECS/subversion.spec @@ -56,7 +56,7 @@ Summary: A Modern Concurrent Version Control System Name: subversion Version: 1.14.1 -Release: 5%{?dist} +Release: 7%{?dist} License: ASL 2.0 URL: https://subversion.apache.org/ Source0: https://downloads.apache.org/subversion/subversion-%{version}.tar.bz2 @@ -75,7 +75,7 @@ Patch5: subversion-1.8.5-swigplWall.patch Patch6: subversion-1.14.1-testnoautoprops.patch Patch7: subversion-1.14.1-fixjavatests.patch Patch8: subversion-1.14.1-CVE-2022-24070.patch - +Patch9: subversion-1.14.1-r1926683.patch BuildRequires: make BuildRequires: autoconf, libtool, texinfo, which, gcc, gcc-c++ @@ -180,8 +180,9 @@ passwords in the KDE Wallet. %package -n mod_dav_svn Summary: Apache httpd module for Subversion server Requires: httpd-mmn = %{_httpd_mmn} +Conflicts: httpd-core < 2.4.62-5 Requires: subversion-libs%{?_isa} = %{version}-%{release} -BuildRequires: httpd-devel >= 2.0.45 +BuildRequires: httpd-devel >= 2.4.62-5 %description -n mod_dav_svn The mod_dav_svn package allows access to a Subversion repository @@ -241,6 +242,7 @@ This package includes supplementary tools for use with Subversion. %patch6 -p1 -b .testnoautoprops %patch7 -p1 -b .fixjavatests %patch8 -p1 -b .cve24070 +%patch9 -p1 -b .r1926683 : : === Building: @@ -586,6 +588,14 @@ make check-javahl %endif %changelog +* Thu Jul 10 2025 Joe Orton - 1.14.1-7 +- mod_dav_svn: add conflicts to ensure compatible mod_dav + Related: RHEL-79948 + +* Wed Jul 09 2025 Joe Orton - 1.14.1-6 +- mod_dav_svn: inherit DavBasePath from httpd + Resolves: RHEL-79948 + * Tue Apr 26 2022 Richard Lescak - 1.14.1-5 - Fix for CVE-2022-24070 (#2076565)