I finally found the time to take a deeper look at this. Turns out this bug is caused by CVE-2015-3184.patch. The SVN guys figured it out long ago, and fixed it: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c?r1=1695681&r2=1708699
I attach a modified version of that patch. It cures the bug if applied at the end of the patch chain in 1.8.8-1ubuntu3.3. The package you need to reinstall after rebuilding is libapache2-mod-svn. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3184 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1487398 Title: Kerberos authentication no longer works following upgrade 1.8.8-1ubuntu3.1 to 1.8.8-1ubuntu3.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1487398/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
