File httpd-2.4.6-mod_dav-bnc864308-2-lock_token.patch of Package apache2.openSUSE_13.1_Update
From: Greg Stein <gstein@gmail.com>
Date: Thu, 03 Oct 2013 06:29:35 +0100
Subject: [PATCH] Makes mod_dav no longer require that the lock token be provided when the source of a COPY is locked
References: bnc#864308 https://issues.apache.org/bugzilla/show_bug.cgi?id=55306 http://svn.apache.org/viewvc?view=revision&revision=1528717
Upstream: committed
Apache httpd in openSUSE 13.1 is 2.4.6. The mod_dav in this version is
problematic for Apache Subversion, the Apache httpd version will be blacklisted
in future 1.8.x releases of svn and 1.9.
This patch fixes an issue with lock tokens when handling COPY.
------------------------------------------------------------------------
r1528718 | breser | 2013-10-03 06:29:35 +0100 (Thu, 03 Oct 2013) | 18 lines
Changed paths:
M /httpd/httpd/trunk/modules/dav/main/mod_dav.c
M /httpd/httpd/trunk/modules/dav/main/mod_dav.h
M /httpd/httpd/trunk/modules/dav/main/util.c
mod_dav: Fix PR 55306.
Makes mod_dav no longer require that the lock token be provided when the
source of a COPY is locked. The prior behavior was in violating of
RFC 4918 which says that the lock token is only required on resources
that may be modified by the method.
* modules/dav/main/mod_dav.h
(DAV_VALIDATE_NO_MODIFY): New flag to be passed to dav_validate_* functions.
* modules/dav/main/mod_dav.c
(dav_method_copymove): Use the new flag when calling dav_validate_request()
on the COPY source.
* modules/dav/main/util.c
(dav_validate_resource_state): Use the flag to decide to ignore if the lock
token is not provided.
------------------------------------------------------------------------
Index: trunk/modules/dav/main/mod_dav.c
===================================================================
--- trunk/modules/dav/main/mod_dav.c (revision 1528717)
+++ trunk/modules/dav/main/mod_dav.c (revision 1528718)
@@ -2774,7 +2774,8 @@
if ((err = dav_validate_request(r, resource, depth, NULL,
&multi_response,
(is_move ? DAV_VALIDATE_PARENT
- : DAV_VALIDATE_RESOURCE)
+ : DAV_VALIDATE_RESOURCE
+ | DAV_VALIDATE_NO_MODIFY)
| DAV_VALIDATE_USE_424,
NULL)) != NULL) {
err = dav_push_error(r->pool, err->status, 0,
Index: trunk/modules/dav/main/util.c
===================================================================
--- trunk/modules/dav/main/util.c (revision 1528717)
+++ trunk/modules/dav/main/util.c (revision 1528718)
@@ -954,13 +954,16 @@
/*
** For methods other than LOCK:
**
- ** If we have no locks, then <seen_locktoken> can be set to true --
+ ** If we have no locks or if the resource is not being modified
+ ** (per RFC 4918 the lock token is not required on resources
+ ** we are not changing), then <seen_locktoken> can be set to true --
** pretending that we've already met the requirement of seeing one
** of the resource's locks in the If: header.
**
** Otherwise, it must be cleared and we'll look for one.
*/
- seen_locktoken = (lock_list == NULL);
+ seen_locktoken = (lock_list == NULL
+ || flags & DAV_VALIDATE_NO_MODIFY);
}
/*
Index: trunk/modules/dav/main/mod_dav.h
===================================================================
--- trunk/modules/dav/main/mod_dav.h (revision 1528717)
+++ trunk/modules/dav/main/mod_dav.h (revision 1528718)
@@ -1297,6 +1297,9 @@
the 424 DAV:response */
#define DAV_VALIDATE_USE_424 0x0080 /* return 424 status, not 207 */
#define DAV_VALIDATE_IS_PARENT 0x0100 /* for internal use */
+#define DAV_VALIDATE_NO_MODIFY 0x0200 /* resource is not being modified
+ so allow even if lock token
+ is not provided */
/* Lock-null related public lock functions */
DAV_DECLARE(int) dav_get_resource_state(request_rec *r,
