~ubuntu-branches/debian/stretch/subversion/stretch

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2013-2112.patch

Committer: Package Import Robot
Author(s): James McCoy
Date: 2013-10-18 23:23:06 UTC
mfrom: (17.1.9 sid)
Revision ID: package-import@ubuntu.com-20131018232306-etbd7h4i0stghrd5

Tags: 1.7.13-2

http://bugs.debian.org/726717

Remove unnecessary libapache2-svn.prem. (Closes: #726717)

files added:
debian/libapache2-mod-svn.README.Debian

debian/libapache2-mod-svn.dirs

debian/libapache2-mod-svn.examples

debian/libapache2-mod-svn.install

debian/libapache2-mod-svn.lintian-overrides

debian/libapache2-mod-svn.postinst

debian/libapache2-mod-svn.preinst

debian/subversion.postinst

debian/subversion.preinst

debian/subversion.prerm

files removed:
debian/libapache2-svn.README.Debian

debian/libapache2-svn.dirs

debian/libapache2-svn.examples

debian/libapache2-svn.install

debian/libapache2-svn.lintian-overrides

debian/libapache2-svn.postinst

debian/libapache2-svn.preinst

debian/libapache2-svn.prerm

debian/patches/CVE-2013-1968.patch

debian/patches/CVE-2013-2112.patch

debian/patches/chunksize-integer.patch

files modified:
CHANGES

build-outputs.mk

build/ac-macros/gssapi.m4

configure

debian/changelog

debian/control

debian/patches/series

debian/rules

get-deps.sh

subversion/bindings/javahl/native/JNIUtil.cpp

subversion/bindings/javahl/src/org/apache/subversion/javahl/types/LogDate.java

subversion/bindings/javahl/src/org/tigris/subversion/javahl/LogDate.java

subversion/bindings/swig/include/svn_types.swg

subversion/bindings/swig/perl/libsvn_swig_perl/swigutil_pl.c

subversion/bindings/swig/perl/native/core.c

subversion/bindings/swig/perl/native/svn_client.c

subversion/bindings/swig/perl/native/svn_delta.c

subversion/bindings/swig/perl/native/svn_fs.c

subversion/bindings/swig/perl/native/svn_ra.c

subversion/bindings/swig/perl/native/svn_repos.c

subversion/bindings/swig/perl/native/svn_wc.c

subversion/bindings/swig/python/core.c

subversion/bindings/swig/python/fs.py

subversion/bindings/swig/python/svn_fs.c

subversion/bindings/swig/ruby/core.c

subversion/bindings/swig/ruby/svn_client.c

subversion/bindings/swig/ruby/svn_delta.c

subversion/bindings/swig/ruby/svn_fs.c

subversion/bindings/swig/ruby/svn_ra.c

subversion/bindings/swig/ruby/svn_repos.c

subversion/bindings/swig/ruby/svn_wc.c

subversion/include/svn_version.h

subversion/libsvn_client/blame.c

subversion/libsvn_client/client.h

subversion/libsvn_client/externals.c

subversion/libsvn_client/merge.c

subversion/libsvn_client/repos_diff_summarize.c

subversion/libsvn_client/status.c

subversion/libsvn_client/update.c

subversion/libsvn_diff/diff_file.c

subversion/libsvn_fs/fs-loader.c

subversion/libsvn_fs_fs/tree.c

subversion/libsvn_ra_serf/util.c

subversion/libsvn_subr/io.c

subversion/libsvn_subr/nls.c

subversion/libsvn_subr/subst.c

subversion/libsvn_wc/adm_ops.c

subversion/libsvn_wc/diff_editor.c

subversion/libsvn_wc/diff_local.c

subversion/libsvn_wc/update_editor.c

subversion/mod_dav_svn/mod_dav_svn.c

subversion/mod_dav_svn/repos.c

subversion/mod_dav_svn/version.c

subversion/po/zh_CN.po

subversion/svn/main.c

subversion/svnserve/main.c

subversion/tests/cmdline/blame_tests.py

subversion/tests/cmdline/diff_tests.py

subversion/tests/cmdline/externals_tests.py

subversion/tests/cmdline/merge_tests.py

subversion/tests/cmdline/revert_tests.py

subversion/tests/libsvn_diff/diff-diff3-test.c

subversion/tests/libsvn_fs/fs-test.c

Show diffs side-by-side

added added

removed removed

debian/patches/CVE-2013-2112.patch

Description: Fix CVE-2013-2112

Subversion's svnserve server process may exit when an incoming TCP connection

is closed early in the connection process.

This can lead to disruption for users of the server.

Origin: upstream, http://subversion.apache.org/security/CVE-2013-2112-advisory.txt

Bug-Debian: http://bugs.debian.org/711033

Forwarded: not-needed

Author: Salvatore Bonaccorso <carnil@debian.org>

Last-Update: 2013-06-06

--- a/subversion/svnserve/main.c

+++ b/subversion/svnserve/main.c

@@ -928,7 +928,9 @@

connection_pool) == APR_CHILD_DONE)

;

}

- if (APR_STATUS_IS_EINTR(status))

+ if (APR_STATUS_IS_EINTR(status)

+ || APR_STATUS_IS_ECONNABORTED(status)

+ || APR_STATUS_IS_ECONNRESET(status))

{

svn_pool_destroy(connection_pool);

continue;

Older »