new file mode 100644

@@ -0,0 +1,113 @@

+Patch from: http://subversion.apache.org/security/CVE-2017-9800-advisory.txtPatches:

+

+========

+

+  Patch for Subversion 1.9.6:

+[[[

+Index: subversion/libsvn_ra_svn/client.c

+===================================================================

+--- a/subversion/libsvn_ra_svn/client.c	(revision 1803926)

+@@ -46,6 +46,7 @@

+ #include "svn_props.h"

+ #include "svn_mergeinfo.h"

+ #include "svn_version.h"

++#include "svn_ctype.h"

+ 

+ #include "svn_private_config.h"

+ 

+@@ -396,7 +397,7 @@

+        * versions have it too. If the user is using some other ssh

+        * implementation that doesn't accept it, they can override it

+        * in the [tunnels] section of the config. */

+-      val = "$SVN_SSH ssh -q";

++      val = "$SVN_SSH ssh -q --";

+     }

+ 

+   if (!val || !*val)

+@@ -441,7 +442,7 @@

+   for (n = 0; cmd_argv[n] != NULL; n++)

+     argv[n] = cmd_argv[n];

+ 

+-  argv[n++] = svn_path_uri_decode(hostinfo, pool);

++  argv[n++] = hostinfo;

+   argv[n++] = "svnserve";

+   argv[n++] = "-t";

+   argv[n] = NULL;

+@@ -802,7 +803,33 @@

+ }

+ 

+ 

++/* A simple whitelist to ensure the following are valid:

++ *   user@server

++ *   [::1]:22

++ *   server-name

++ *   server_name

++ *   127.0.0.1

++ * with an extra restriction that a leading '-' is invalid.

++ */

++static svn_boolean_t

++is_valid_hostinfo(const char *hostinfo)

++{

++  const char *p = hostinfo;

+ 

++  if (p[0] == '-')

++    return FALSE;

++

++  while (*p)

++    {

++      if (!svn_ctype_isalnum(*p) && !strchr(":.-_[]@", *p))

++        return FALSE;

++

++      ++p;

++    }

++

++  return TRUE;

++}

++

+ static svn_error_t *ra_svn_open(svn_ra_session_t *session,

+                                 const char **corrected_url,

+                                 const char *url,

+@@ -835,8 +862,18 @@

+           || (callbacks->check_tunnel_func && callbacks->open_tunnel_func

+               && !callbacks->check_tunnel_func(callbacks->tunnel_baton,

+                                                tunnel))))

+-    SVN_ERR(find_tunnel_agent(tunnel, uri.hostinfo, &tunnel_argv, config,

+-                              result_pool));

++    {

++      const char *decoded_hostinfo;

++

++      decoded_hostinfo = svn_path_uri_decode(uri.hostinfo, result_pool);

++

++      if (!is_valid_hostinfo(decoded_hostinfo))

++        return svn_error_createf(SVN_ERR_BAD_URL, NULL, _("Invalid host '%s'"),

++                                 uri.hostinfo);

++

++      SVN_ERR(find_tunnel_agent(tunnel, decoded_hostinfo, &tunnel_argv,

++                                config, result_pool));

++    }

+   else

+     tunnel_argv = NULL;

+ 

+Index: subversion/libsvn_subr/config_file.c

+===================================================================

+--- a/subversion/libsvn_subr/config_file.c	(revision 1803926)

+@@ -1248,12 +1248,12 @@

+         "### passed to the tunnel agent as <user>@<hostname>.)  If the"      NL

+         "### built-in ssh scheme were not predefined, it could be defined"   NL

+         "### as:"                                                            NL

+-        "# ssh = $SVN_SSH ssh -q"                                            NL

++        "# ssh = $SVN_SSH ssh -q --"                                         NL

+         "### If you wanted to define a new 'rsh' scheme, to be used with"    NL

+         "### 'svn+rsh:' URLs, you could do so as follows:"                   NL

+-        "# rsh = rsh"                                                        NL

++        "# rsh = rsh --"                                                     NL

+         "### Or, if you wanted to specify a full path and arguments:"        NL

+-        "# rsh = /path/to/rsh -l myusername"                                 NL

++        "# rsh = /path/to/rsh -l myusername --"                              NL

+         "### On Windows, if you are specifying a full path to a command,"    NL

+         "### use a forward slash (/) or a paired backslash (\\\\) as the"    NL

+         "### path separator.  A single backslash will be treated as an"      NL

+]]]

+

@@ -1,43 +1,45 @@

-Summary:    	The Apache Subversion control system

-Name:       	subversion

-Version:    	1.9.4

-Release:    	1%{?dist}

-License:    	Apache License 2.0

-URL:        	http://subversion.apache.org/

-Group:      	Utilities/System

-Vendor:     	VMware, Inc.

-Distribution: 	Photon

+Summary:        The Apache Subversion control system

+Name:           subversion

+Version:        1.9.4

+Release:        2%{?dist}

+License:        Apache License 2.0

+URL:            http://subversion.apache.org/

+Group:          Utilities/System

+Vendor:         VMware, Inc.

+Distribution:   Photon

 Source0:        http://archive.apache.org/dist/%{name}/%{name}-%{version}.tar.bz2

-%define sha1 subversion=bc7d51fdda43bea01e1272dfe9d23d0a9d6cd11c

-Requires:   	apr

-Requires:   	apr-util

-BuildRequires: 	apr-devel

-BuildRequires: 	apr-util

-BuildRequires: 	apr-util-devel

-BuildRequires: 	sqlite-autoconf

-BuildRequires: 	libtool

-BuildRequires: 	expat

+%define sha1    subversion=bc7d51fdda43bea01e1272dfe9d23d0a9d6cd11c

+Patch0:         subversion-CVE-2017-9800.patch

+Requires:       apr

+Requires:       apr-util

+BuildRequires:  apr-devel

+BuildRequires:  apr-util

+BuildRequires:  apr-util-devel

+BuildRequires:  sqlite-autoconf

+BuildRequires:  libtool

+BuildRequires:  expat

 %description

 The Apache version control system.

-%package	devel

-Summary:	Header and development files for mesos

-Requires:	%{name} = %{version}

+%package    devel

+Summary:    Header and development files for mesos

+Requires:   %{name} = %{version}

 %description    devel

  subversion-devel package contains header files, libraries.

 %prep

 %setup -q

+%patch0 -p1

 %build

-./configure --prefix=%{_prefix}                        	\

-	    --disable-static				\

-	    --with-apache-libexecdir 

+./configure --prefix=%{_prefix}         \

+            --disable-static            \

+            --with-apache-libexecdir

 make %{?_smp_mflags}

 %install

-make -j1 DESTDIR=%{buildroot} install 

+make -j1 DESTDIR=%{buildroot} install

 %find_lang %{name}

 %files -f %{name}.lang

 %defattr(-,root,root)

@@ -52,19 +54,21 @@ make -j1 DESTDIR=%{buildroot} install

 %exclude %{_libdir}/debug/

 %changelog

-*	Wed Nov 23 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 1.9.4-1

--	Upgraded to version 1.9.4, fixes CVE-2016-2167  CVE-2016-2168

-*	Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.9.3-6

--	GA - Bump release of all rpms

+*   Mon Aug 28 2017 Xiaolin Li <xiaolinl@vmware.com> 1.9.4-2

+-   Apply patch for CVE-2017-9800

+*   Wed Nov 23 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 1.9.4-1

+-   Upgraded to version 1.9.4, fixes CVE-2016-2167  CVE-2016-2168

+*   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.9.3-6

+-   GA - Bump release of all rpms

 *   Tue Feb 23 2016 Xiaolin Li <xiaolinl@vmware.com> 1.9.3-1

 -   Updated to version 1.9.3

-*	Tue Nov 10 2015 Xiaolin Li <xiaolinl@vmware.com> 1.8.13-5

--	Handled locale files with macro find_lang

-* 	Tue Sep 22 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 1.8.13-4

--	Updated build-requires after creating devel package for apr. 

+*   Tue Nov 10 2015 Xiaolin Li <xiaolinl@vmware.com> 1.8.13-5

+-   Handled locale files with macro find_lang

+*   Tue Sep 22 2015 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 1.8.13-4

+-   Updated build-requires after creating devel package for apr.

 *   Mon Sep 21 2015 Xiaolin Li <xiaolinl@vmware.com> 1.8.13-3

 -   Move .a, and .so files to devel pkg.

-*	Tue Sep 08 2015 Vinay Kulkarni <kulkarniv@vmware.com> 1.8.13-2

--	Move headers into devel pkg.

-*	Fri Jun 26 2015 Sarah Choi <sarahc@vmware.com> 1.8.13-1

--	Initial build. First version

+*   Tue Sep 08 2015 Vinay Kulkarni <kulkarniv@vmware.com> 1.8.13-2

+-   Move headers into devel pkg.

+*   Fri Jun 26 2015 Sarah Choi <sarahc@vmware.com> 1.8.13-1

+-   Initial build. First version