From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu May 30 21:20:00 2013
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id AC4B76D3
 for <freebsd-ports-bugs@smarthost.ysv.freebsd.org>;
 Thu, 30 May 2013 21:20:00 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 8DD4E9B6
 for <freebsd-ports-bugs@smarthost.ysv.freebsd.org>;
 Thu, 30 May 2013 21:20:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r4ULK0JZ059415
 for <freebsd-ports-bugs@freefall.freebsd.org>; Thu, 30 May 2013 21:20:00 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r4ULK0Ih059414;
 Thu, 30 May 2013 21:20:00 GMT (envelope-from gnats)
Resent-Date: Thu, 30 May 2013 21:20:00 GMT
Resent-Message-Id: <201305302120.r4ULK0Ih059414@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
 Olli Hauer <ohauer@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 0E2005A7;
 Thu, 30 May 2013 21:17:51 +0000 (UTC)
 (envelope-from ohauer@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 01126971;
 Thu, 30 May 2013 21:17:51 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r4ULHo77059337;
 Thu, 30 May 2013 21:17:50 GMT
 (envelope-from ohauer@freefall.freebsd.org)
Received: (from ohauer@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r4ULHoxn059336;
 Thu, 30 May 2013 21:17:50 GMT (envelope-from ohauer)
Message-Id: <201305302117.r4ULHoxn059336@freefall.freebsd.org>
Date: Thu, 30 May 2013 21:17:50 GMT
From: Olli Hauer <ohauer@FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: ports/179125: devel/subversion possible DoS against svnserve
Cc: lev@FreeBSD.org
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2013 21:20:00 -0000


>Number:         179125
>Category:       ports
>Synopsis:       devel/subversion possible DoS against svnserve
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 30 21:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Olli Hauer
>Release:        FreeBSD 8.3-RELEASE-p3 amd64
>Organization:
>Environment:

>Description:
Fix a possible DoS against svnserve

Noted by: Boris Lytochkin <lytboris_at_yandex-team.ru> on the
users@subversion list
http://svn.haxx.se/users/archive-2013-05/0119.shtml

Patch shaped from:
http://svn.apache.org/viewvc?view=revision&revision=1485047

The patch will be included in subversion-1.8 and 1.7.10, as far as
I know there will be no patch for subversion-1.6.x since 1.6 is EOL 
with the first release of subversion-1.8

I'm running the patch now for over a week in prod. without any issues.

In case the patch is mangled here is a copy.
http://people.freebsd.org/~ohauer/diffs/subversion-1.7.9_2.diff

>How-To-Repeat:

>Fix:

--- subversion-1.7.9_2.diff begins here ---
Index: Makefile
===================================================================
--- Makefile	(revision 319448)
+++ Makefile	(working copy)
@@ -4,7 +4,7 @@
 MAINTAINER=	lev@FreeBSD.org
 COMMENT=	Version control system
 
-CONFLICTS_INSTALL=	subversion-devel-[0-9]* subversion-freebsd-[0-9]*
+CONFLICTS_INSTALL=	subversion-1.[6|8]-[0-9]*
 
 USE_RC_SUBR=	svnserve
 
Index: Makefile.common
===================================================================
--- Makefile.common	(revision 319448)
+++ Makefile.common	(working copy)
@@ -3,7 +3,7 @@
 
 PORTNAME=	subversion
 PORTVERSION=	1.7.9
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES+=	devel
 MASTER_SITES=	${MASTER_SITE_APACHE:S/$/:main/} \
 		${MASTER_SITE_LOCAL:S/$/:book/}
@@ -19,7 +19,7 @@
 
 LICENSE=	AL2
 
-CONFLICTS_INSTALL+=	${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}-1.6.[0-9]*
+CONFLICTS_INSTALL+=	${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}-1.[6|8].[0-9]*
 
 LIB_DEPENDS+=		sqlite3.8:${PORTSDIR}/databases/sqlite3 \
 			expat:${PORTSDIR}/textproc/expat2
@@ -30,7 +30,7 @@
 			--with-expat=/usr/local/include:/usr/local/lib:expat
 
 .if defined(SVN_BUILD_BINDINGS)
-CONFLICTS_BUILD+=	${PORTNAME}-1.6.[0-9]*
+CONFLICTS_BUILD+=	${PORTNAME}-1.[6|8].[0-9]*
 LIB_DEPENDS+=		svn_client-1.0:${PORTSDIR}/devel/subversion
 OPTIONSFILE=		${PORT_DBDIR}/${PORTNAME}/options
 OPTIONS=		# Dirty hack: if OPTIONS is not defined, OPTIONSFILE will not be included
Index: files/patch-subversion__svnserve__main.c
===================================================================
--- files/patch-subversion__svnserve__main.c	(revision 0)
+++ files/patch-subversion__svnserve__main.c	(working copy)
@@ -0,0 +1,25 @@
+Prevent svnserve from exiting when a client connection is aborted.
+
+Justification:
+ DoS against svnserve possible.
+
+Noted by: Boris Lytochkin <lytboris_at_yandex-team.ru>
+ on the users@subversion list
+ http://svn.haxx.se/users/archive-2013-05/0119.shtml
+
+Patch shaped from:
+ http://svn.apache.org/viewvc?view=revision&revision=1485047
+===========================================================================
+--- ./subversion/svnserve/main.c.orig	2013-05-23 20:10:51.000000000 +0200
++++ ./subversion/svnserve/main.c	2013-05-23 20:14:45.000000000 +0200
+@@ -928,7 +928,9 @@
+                                          connection_pool) == APR_CHILD_DONE)
+             ;
+         }
+-      if (APR_STATUS_IS_EINTR(status))
++      if (APR_STATUS_IS_EINTR(status)
++          || APR_STATUS_IS_ECONNABORTED(status)
++          || APR_STATUS_IS_ECONNRESET(status))
+         {
+           svn_pool_destroy(connection_pool);
+           continue;
--- subversion-1.7.9_2.diff ends here ---



>Release-Note:
>Audit-Trail:
>Unformatted: