da5c6eceac
CVE-2018-11782:
* CVE-2018-11782.patch
* CVE-2019-0203.patch
- Apache Subversion 1.8.19 (bsc#1051362):
* A malicious, compromised server or MITM may cause svn client to
execute arbitrary commands by sending repository content with
svn:externals definitions pointing to crafted svn+ssh URLs.
CVE-2017-9800
- Apache Subversion 1.8.18 (bsc#1026936):
This change makes Subversion resilient to collision attacks,
including SHA-1 collision attacks such as <http://shattered.io/>.
https://subversion.apache.org/faq#shattered-sha1
* fsfs: never attempt to share directory representations
* fsfs: make consistency independent of hash algorithms
* work around an APR bug related to file truncation
- Package the 'svnauthz' binary.
- Apache Subversion 1.8.17:
* bsc#1011552 CVE-2016-8734 Unrestricted XML entity expansion in
mod_dontdothat and Subversion clients using http(s)://
* Client-side bugfixes:
+ fix handling of newly secured subdirectories in working copy
+ ra_serf: fix deleting directories with many files
+ gpg-agent: properly handle passwords with percent characters
+ merge: fix crash when merging to a local add
* Server-side bugfixes:
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm:svn/subversion?expand=0&rev=310