From d1b55fb889ffd12922649de51177b29f3af4f44b612010ef4722e05656bc8ae5 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <andreas.stieger@gmx.de>
Date: Mon, 25 Nov 2013 18:39:31 +0000
Subject: [PATCH] CVE redaction for 1.8.5 [bnc#850747]

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm:svn/subversion?expand=0&rev=155
---
 subversion.changes | 11 ++++++++++-
 subversion.spec    |  1 +
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/subversion.changes b/subversion.changes
index 14137ee..80c0f2a 100644
--- a/subversion.changes
+++ b/subversion.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Nov 25 18:33:46 UTC 2013 - andreas.stieger@gmx.de
+
+- CVE redaction for 1.8.5 [bnc#850747]
+
 -------------------------------------------------------------------
 Mon Nov 25 08:00:00 UTC 2013 - andreas.stieger@gmx.de
 
@@ -7,7 +12,11 @@ Mon Nov 25 08:00:00 UTC 2013 - andreas.stieger@gmx.de
 -------------------------------------------------------------------
 Mon Nov 25 00:00:00 UTC 2013 - andreas.stieger@gmx.de
 
-- update to 1.8.5 [bnc#850747]
+- update to 1.8.5 [bnc#850747], addressing two security issues:
+    * CVE-2013-4505: mod_dontdothat does not restrict requests from
+                     serf clients.
+    * CVE-2013-4558: mod_dav_svn assertion triggered by
+                     autoversioning commits.
   - Client-side bugfixes:
     * fix externals that point at redirected locations
     * diff: fix assertion with move inside a copy
diff --git a/subversion.spec b/subversion.spec
index a7bae98..3025f35 100644
--- a/subversion.spec
+++ b/subversion.spec
@@ -17,6 +17,7 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
+
 # svn 1.8 supports ruby 1.8 >= 1.8.2 or 1.9.3 specifically. openSUSE 13.2 
 # has ruby 2.0 - Ruby bindings to be re-enabled when svn is ported to ruby 2.0
 %define with_ruby          0%{?suse_version} > 1110 && 0%{?suse_version} <= 1310