from mod_dontdothat README file mod_dontdothat is an Apache module that allows you to block specific types of Subversion requests. Specifically, it's designed to keep users from doing things that are particularly hard on the server, like checking out the root of the tree, or the tags or branches directories. It works by sticking an input filter in front of all REPORT requests and looking for dangerous types of requests. If it finds any, it returns a 403 Forbidden error. It is enabled via single httpd.conf directive, DontDoThatConfigFile: <Location /svn> DAV svn SVNParentPath /path/to/repositories DontDoThatConfigFile /path/to/config.file DontDoThatDisallowReplay off </Location> The file you give to DontDoThatConfigFile is a Subversion configuration file that contains the following sections. [recursive-actions] /*/trunk = allow / = deny /* = deny /*/tags = deny /*/branches = deny /*/* = deny /*/*/tags = deny /*/*/branches = deny As you might guess, this defines a set of patterns that control what the user is not allowed to do. Anything with a 'deny' after it is denied, and as a fallback mechanism anything with an 'allow' after it is special cased to be allowed, even if it matches something that is denied. Note that the wildcard portions of a rule only swallow a single directory, so /* will match /foo, but not /foo/bar. They also must be at the end of a directory segment, so /foo* or /* are valid, but /*foo is not. These rules are applied to any recursive action, which basically means any Subversion command that goes through the update-report, like update, diff, checkout, merge, etc. Fix: Patch attached with submission follows: How-To-Repeat: create a repo with ~100M in trunk create 20 tags svn co repo/tags your traffic will explode in a way you don't like if reach your included traffic amount
Responsible Changed From-To: freebsd-ports-bugs->lev Over to maintainer (via the GNATS Auto Assign Tool)
lev 2009-04-06 17:06:34 UTC FreeBSD ports repository Modified files: devel/subversion Makefile Makefile.common pkg-deinstall pkg-plist devel/subversion-freebsd Makefile Log: (1) Put svn_hacks-1.2.diff to local-distfiles (2) Add optional module mod_dontdothat (3) Fix order of apache module loading (4) Make deinstall script much mor robust, it should not trash Apache config in case of various errors. PR: ports/133366 [2] Submitted by: Many users [1], olli hauer <ohauer@gmx.de> [2], Dag-Erling Smorgrav <des@des.no> [3] Revision Changes Path 1.131 +3 -1 ports/devel/subversion-freebsd/Makefile 1.126 +24 -2 ports/devel/subversion/Makefile 1.18 +8 -2 ports/devel/subversion/Makefile.common 1.3 +23 -12 ports/devel/subversion/pkg-deinstall 1.40 +3 -1 ports/devel/subversion/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed with some changes, thanks!