Fixes:
CVE-2016-2167 - svnserve/sasl may authenticate users using the wrong
realm.
CVE-2016-2168 - Remotely triggerable DoS vulnerability in mod_authz_svn
during COPY/MOVE authorization check.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Bump to version 1.9.2.
- Update the hash file.
- Use a tar.bz2 tarball to save space and bandwidth.
- Fix a typo in the berkeley-db configure option.
- Remove non-existent configure options: neon, gssapi and ssl.
- Remove neon dependency: is not needed to build subversion.
- Tweak the 0001-dont-mangle-cflags.patch for the 1.9.2 version and to
patch configure.ac instead of configure.
- Add a new 0002-disable-macos-specific-features.patch to remove a
configure check for Mach-O (and two more) which breaks the build when
cross-compiling.
- Enable autoreconf since we are patching the configure.ac.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests.
CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names.
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2014-0032 - mod_dav_svn is vunerable to a remotely triggerable
segfault DoS vulnerability when SVNListParentPath is on.
CVE-2014-3522 - Serf RA layer does not correctly validate certificates
with wildcards in them for HTTPS.
CVE-2014-3528 - Credentials cached with Subversion may be sent to the
wrong server.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Apache licenses are referred to in a variety of ways; standardise these,
choosing a form which does not contain whitespace.
Signed-off-by: Simon Dawson <spdawson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Upgrade to latest security-related bugfixes release.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
