Fixes:
CVE-2014-0032 - mod_dav_svn is vunerable to a remotely triggerable
segfault DoS vulnerability when SVNListParentPath is on.
CVE-2014-3522 - Serf RA layer does not correctly validate certificates
with wildcards in them for HTTPS.
CVE-2014-3528 - Credentials cached with Subversion may be sent to the
wrong server.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Apache licenses are referred to in a variety of ways; standardise these,
choosing a form which does not contain whitespace.
Signed-off-by: Simon Dawson <spdawson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Upgrade to latest security-related bugfixes release.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Uses fork() in apr_proc_fork() which is used by almost all the packages
that use apr (log4cxx, subversion).
apr-util doesn't use fork or apr_proc_fork but it's of no use alone.
[Peter: also hide log4cxx comment if !BR2_USE_MMU]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
