diff --git a/.subversion.metadata b/.subversion.metadata
index ad24608..39aa7d9 100644
--- a/.subversion.metadata
+++ b/.subversion.metadata
@@ -1 +1 @@
-844bb756ec505edaa12b9610832bcd21567139f1 SOURCES/subversion-1.7.13.tar.bz2
+b35254a844d0b221a3fd8e80974ac75119d77b94 SOURCES/subversion-1.7.14.tar.bz2
diff --git a/SOURCES/subversion-1.7.14-CVE-2014-0032.patch b/SOURCES/subversion-1.7.14-CVE-2014-0032.patch
new file mode 100644
index 0000000..a82149b
--- /dev/null
+++ b/SOURCES/subversion-1.7.14-CVE-2014-0032.patch
@@ -0,0 +1,33 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0032
+
+http://svn.apache.org/viewvc?view=revision&revision=1558692
+
+--- subversion-1.7.14/subversion/mod_dav_svn/repos.c.cve0032
++++ subversion-1.7.14/subversion/mod_dav_svn/repos.c
+@@ -1959,6 +1959,25 @@ get_resource(request_rec *r,
+ of private resource, iff the SVNListParentPath directive is 'on'. */
+ if (dav_svn__is_parentpath_list(r))
+ {
++ /* Only allow GET and HEAD on the parentpath resource
++ * httpd uses the same method_number for HEAD as GET */
++ if (r->method_number != M_GET)
++ {
++ int status;
++
++ /* Marshall the error back to the client by generating by
++ * way of the dav_svn__error_response_tag trick. */
++ err = dav_svn__new_error(r->pool, HTTP_METHOD_NOT_ALLOWED,
++ SVN_ERR_APMOD_MALFORMED_URI,
++ "The URI does not contain the name "
++ "of a repository.");
++ /* can't use r->allowed since the default handler isn't called */
++ apr_table_setn(r->headers_out, "Allow", "GET,HEAD");
++ status = dav_svn__error_response_tag(r, err);
++
++ return dav_push_error(r->pool, status, err->error_id, NULL, err);
++ }
++
+ err = get_parentpath_resource(r, resource);
+ if (err)
+ return err;
diff --git a/SPECS/subversion.spec b/SPECS/subversion.spec
index afaf535..17c2103 100644
--- a/SPECS/subversion.spec
+++ b/SPECS/subversion.spec
@@ -9,12 +9,6 @@
%define perl_vendorarch %(eval "`%{__perl} -V:installvendorarch`"; echo $installvendorarch)
-%if 0%{?fedora} < 18
-%define dbdevel db4-devel
-%else
-%define dbdevel libdb-devel
-%endif
-
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
@@ -25,8 +19,8 @@
Summary: A Modern Concurrent Version Control System
Name: subversion
-Version: 1.7.13
-Release: 1%{?dist}
+Version: 1.7.14
+Release: 6%{?dist}
License: ASL 2.0
Group: Development/Tools
URL: http://subversion.apache.org/
@@ -47,8 +41,9 @@ Patch8: subversion-1.7.4-sqlitever.patch
Patch9: subversion-1.7.9-rubybind.patch
Patch10: subversion-1.7.9-swighash.patch
Patch11: subversion-1.7.10-aarch64.patch
+Patch12: subversion-1.7.14-CVE-2014-0032.patch
BuildRequires: autoconf, libtool, python, python-devel, texinfo, which
-BuildRequires: %{dbdevel} >= 4.1.25, swig >= 1.3.24, gettext
+BuildRequires: libdb-devel, swig >= 1.3.24, gettext
BuildRequires: apr-devel >= 1.3.0, apr-util-devel >= 1.3.0
BuildRequires: neon-devel >= 0:0.24.7-1, cyrus-sasl-devel
BuildRequires: sqlite-devel >= 3.4.0, file-devel, systemd-units
@@ -187,6 +182,7 @@ This package includes supplementary tools for use with Subversion.
%patch9 -p1 -b .rubybind
%patch10 -p1 -b .swighash
%patch11 -p1 -b .aarch64
+%patch12 -p1 -b .cve0032
%build
# Regenerate the buildsystem, so that:
@@ -478,6 +474,24 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
+* Wed Mar 5 2014 Joe Orton <jorton@redhat.com> - 1.7.14-6
+- drop dependency on db4-devel (#1072969)
+
+* Tue Feb 11 2014 Joe Orton <jorton@redhat.com> - 1.7.14-5
+- add fix for CVE-2014-0032
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.7.14-4
+- Mass rebuild 2014-01-24
+
+* Mon Jan 13 2014 Joe Orton <jorton@redhat.com> - 1.7.14-3
+- rebuild for #1029360
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.7.14-2
+- Mass rebuild 2013-12-27
+
+* Tue Nov 26 2013 Joe Orton <jorton@redhat.com> - 1.7.14-1
+- update to 1.7.14 (#1034377)
+
* Tue Sep 3 2013 Joe Orton <jorton@redhat.com> - 1.7.13-1
- update to 1.7.13 (#1003070)
- move bash completions out of /etc (#922993)