89e51bc625
Fixes the following security issues: - CVE-2021-28544: SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the `copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. https://subversion.apache.org/security/CVE-2021-28544-advisory.txt - CVE-2022-24070: Subversion's mod_dav_svn is vulnerable to memory corruption While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. https://subversion.apache.org/security/CVE-2022-24070-advisory.txt Drop no longer needed patch and autoreconf, as this is now fixed upstream: https://svn.apache.org/viewvc?view=revision&revision=1881534 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
---|---|---|
.. | ||
Config.in | ||
subversion.hash | ||
subversion.mk |