Fixes:
CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests.
CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names.
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2014-0032 - mod_dav_svn is vunerable to a remotely triggerable
segfault DoS vulnerability when SVNListParentPath is on.
CVE-2014-3522 - Serf RA layer does not correctly validate certificates
with wildcards in them for HTTPS.
CVE-2014-3528 - Credentials cached with Subversion may be sent to the
wrong server.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Apache licenses are referred to in a variety of ways; standardise these,
choosing a form which does not contain whitespace.
Signed-off-by: Simon Dawson <spdawson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Upgrade to latest security-related bugfixes release.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>