Fri May 25 23:29:36 UTC 201814.1

patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.1.txz:  Rebuilt.
  Handle removal of US/Pacific-New timezone. If we see that the machine is
  using this, it will be automatically switched to US/Pacific.

1 files changed, 32 insertions, 0 deletions

diff --git a/patches/source/subversion/subversion.CVE-2016-2168.diff b/patches/source/subversion/subversion.CVE-2016-2168.diff
new file mode 100644
index 000000000..24741ca66
--- /dev/null
+++ b/patches/source/subversion/subversion.CVE-2016-2168.diff
@@ -0,0 +1,32 @@
+--- ./subversion/mod_authz_svn/mod_authz_svn.c.orig	2015-07-26 19:23:40.000000000 -0500
++++ ./subversion/mod_authz_svn/mod_authz_svn.c	2016-04-30 15:03:26.649048795 -0500
+@@ -415,6 +415,8 @@
+ 
+   if (r->method_number == M_MOVE || r->method_number == M_COPY)
+     {
++      apr_status_t status;
++
+       dest_uri = apr_table_get(r->headers_in, "Destination");
+ 
+       /* Decline MOVE or COPY when there is no Destination uri, this will
+@@ -423,7 +425,19 @@
+       if (!dest_uri)
+         return DECLINED;
+ 
+-      apr_uri_parse(r->pool, dest_uri, &parsed_dest_uri);
++      status = apr_uri_parse(r->pool, dest_uri, &parsed_dest_uri);
++      if (status)
++        {
++          ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
++                        "Invalid URI in Destination header");
++          return HTTP_BAD_REQUEST;
++        }
++      if (!parsed_dest_uri.path)
++        {
++          ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
++                        "Invalid URI in Destination header");
++          return HTTP_BAD_REQUEST;
++        }
+ 
+       ap_unescape_url(parsed_dest_uri.path);
+       dest_uri = parsed_dest_uri.path;