Changelog for
subversion-1.7.10-2.8.1.x86_64.rpm :
* Fri May 31 2013 andreas.stiegerAATTgmx.de- update to 1.7.10 [bnc#821505] CVE-2013-1968 CVE-2013-2088 CVE-2013-2112 - Client-side bugfixes:
* fix \'svn revert\' \"no such table: revert_list\" spurious error
* fix \'svn diff\' doesn\'t show some locally added files
* fix changelist filtering when --changelist values aren\'t UTF8
* fix \'svn diff --git\' shows wrong copyfrom
* fix \'svn diff -x-w\' shows wrong changes
* fix \'svn blame\' sometimes shows every line as modified
* fix regression in \'svn status -u\' output for externals
* fix file permissions change on commit of file with keywords
* improve some fatal error messages
* fix externals not removed when working copy is made shallow - Server-side bugfixes:
* fix repository corruption due to newline in filename
* fix svnserve exiting when a client connection is aborted
* fix svnserve memory use after clear
* fix repository corruption on power/disk failure on Windows - Developer visible changes:
* make get-deps.sh compatible with Solaris /bin/sh
* fix infinite recursion bug in get-deps.sh
* fix uninitialised output parameter of svn_fs_commit_txn() - Bindings:
* fix JavaHL thread-safety bug
* Sun Apr 07 2013 andreas.stiegerAATTgmx.de- update to 1.7.9 [bnc#813913], addressing remotely triggerable vulnerabilities in mod_dav_svn which may result in denial of service: + CVE-2013-1845: mod_dav_svn excessive memory usage from property changes + CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs + CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs + CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs + CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT- further changes: + Client-side bugfixes:
* improved error messages about svn:date and svn:author props.
* fix local_relpath assertion
* fix memory leak in `svn log` over svn://
* fix incorrect authz failure when using neon http library
* fix segfault when using kwallet + Server-side bugfixes:
* svnserve will log the replayed rev not the low-water rev.
* mod_dav_svn will omit some property values for activity urls
* fix an assertion in mod_dav_svn when acting as a proxy on /
* improve memory usage when committing properties in mod_dav_svn
* fix svnrdump to load dump files with non-LF line endings
* fix assertion when rep-cache is inaccessible
* improved logic in mod_dav_svn\'s implementation of lock.
* avoid executing unnecessary code in log with limit- Developer-visible changes: + General:
* fix an assertion in dav_svn_get_repos_path() on Windows
* fix get-deps.sh to correctly download zlib
* doxygen docs will now ignore prefixes when producing the index
* fix get-deps.sh on freebsd + Bindings:
* javahl status api now respects the ignoreExternals boolean- refresh subversion-no-build-date.patch for upstream source changes
* Mon Dec 17 2012 andreas.stiegerAATTgmx.de- update to 1.7.8 [bnc#794676] + Client- and server-side bugfixes:
* Fix typos in pt_BR, es and zh_TW translations + Client-side bugfixes:
* add missing attributes to \"svn log -v --xml\" output
* fix svn patch ignoring hunks after no trailing newline
* fix hang with ra_serf during error processing
* ignore file externals with mergeinfo when merging
* fix SEGV with \"svnmucc cp rev arg\" during argv processing
* fix conflict handling on symlinks + Server-side bugfixes:
* properly detect threading availability
* fix \"svnadmin load --bypass-prop-validation\"
* fix parsing of [groupsfoo] sections in authz file
* add Vary: header to GET responses to improve cacheability
* fix fs_fs to cleanup after failed rep transmission
* fix mod_dav_svn to complain about revisions > HEAD + Developer-visible changes:
* fix incorrect status returned by 1.6 API
* fix compilation with g++ 4.7- drop subversion-1.7.5-libsvn_auth_kwallet-r1345740.patch as it was merged upstream- update annotation of subversion-1.7.4-ruby-1.9-RbConfig.patch- remove excess logging from optional regression tests to reduce spurious build failures in OBS due to size of log- remove commands trailing \"make check\" which masked build failures- add subversion-1.7.8-TestHarness_run_py_test_exit_code.patch to ensure \"make check\" fails when certain Python tests fail
* Sat Dec 08 2012 andreas.stiegerAATTgmx.de- for package maintainers, add support to run regression tests over ra_neon and ra_serf (http://) via Apache / mod_dav_svn when built --with=regression_tests
* Sat Oct 06 2012 andreas.stiegerAATTgmx.de- update to upstream 1.7.7: User-visible changes: - Client- and server-side bugfixes:
* fix memory read bug
* update Chinese translation - Client-side bugfixes:
* fix issues with applying Git patch files
* fix status does not descend into dir externals after upgrade
* fix file externals don\'t update with old mod_dav_svn
* fix external diff tool duplicates Index: lines with \'svn diff\'
* fix GNOME keyring library fails with very old glib
* fix unknown password stores in config file cause error
* fix assertions in ra_serf running against server root
* fix ra_serf checkout/export aborts early on Windows - Server-side bugfixes:
* fix an assert with SVNAutoVersioning in mod_dav_svn
* fix unbounded memory use with SVNPathAuthz short_circuit
* fix svndumpfilter exclude --targets requires leading slash
* fix connection ttl for memcache should be 50 seconds
* stabilize order of paths in dumpfiles with APR 1.4.6 Developer-visible changes: - General:
* print \"All tests successful\" at the end of \'make check\'
* fix sandbox violation in a test
* fix tests fail when running within a format 30 WC
* fix return value of svn_client_update4() incorrect
* fix make check summary missing test failures
* fix build does not fail when apache httpd is not available - Bindings:
* fix swig-pl build fails with swig 2.0.7 and newer.
* fix swig-py runtime problems with swig 2.0.5 and newer- refresh subversion-1.7.4-ruby-1.9-RbConfig.patch- refresh subversion-1.7.5-libsvn_auth_kwallet-r1345740.patch
* Wed Aug 15 2012 andreas.stiegerAATTgmx.de- update to upstream 1.7.6: User-visible changes: - Client-side bugfixes:
* Fix \"svn status -u --depth empty FILE\"
* Fix example output of \'svn help status\'
* svn propset of svn:eol-style might not notice related text changes
* sort output of \'svn propget -R\'
* sort output of \'svn proplist\'
* sort output of \'svn status\'
* avoid a filestat per working copy find operation
* optimize \'svn upgrade\' performance on large working copies
* allow \'file:///C:\\repos\' style arguments on Windows, like 1.6
* fix ra_serf against Subversion 1.2 servers
* fix \'svn upgrade\' on working copies with certain tree conflicts
* avoid workqueue references to system temp dir
* allow non-existant canonical paths
* fix \'svn revert --depth files\' to operate on files
* fix ra_serf XML namespace handling against malicious server
* fix relocate with server-relative externals
* change two asserts into errors for TortoiseSVN
* don\'t attempt to anchor an operation outside a wc root - Server-side bugfixes:
* partial sync drops properties when converting to adds
* replaying a copy and delete of an unreadable child fails
* allow svnlook to operate on r0
* make FSFS revision files independent of APR hash order - Other tool improvements and bugfixes:
* move mod_dontdothat to install-tools Developer-visible changes: - General:
* fix running tests against httpd 2.4
* use constant struct initialisers for C89 compatibility - Bindings:
* JavaHL: Don\'t assert on some invalid input
* JavaHL: Add missing new in 1.7 notifications- refresh subversion-no-build-date.patch
* Tue Jun 12 2012 andreas.stiegerAATTgmx.de- make build against neon optional, default on, like serf
* Thu Jun 07 2012 andreas.stiegerAATTgmx.de- add subversion-1.7.5-libsvn_auth_kwallet-r1345740.patch from trunk to fix build with gcc 4.7- move checks for schemes handled by ra modules into %check section- do not run regression tests by default:
* too many failed builds
* doesn\'t include http tests- only require iproute2 when running regression tests
* Mon May 21 2012 andreas.stiegerAATTgmx.de- Allow unit tests to be run for Factory: --with=regression_tests replacing the inline conditional
* Thu May 17 2012 andreas.stiegerAATTgmx.de- update to upstream 1.7.5 User-visible changes: - Client- and server-side bugfixes:
* http: report deleted-revision upon delete during update - Client-side bugfixes:
* avoid potential segfault when canonicalizing properties
* improve memory and file-handle management with externals (issue #4130)
* serf: convert assertions to \"MERGE failed\" errors
* fix undefined behaviour during multi-segment reverse merges (issue #4144)
* fix potential use of already freed memory during diff operation
* improve performance of scan for the working copy root
* cmdline: fix segfault during \'svn diff\' argument processing
* fix regression from 1.6 in update with --depth option (issue #4136)
* propset: avoid undefined behaviour in error path
* reset sqlite statements, partly for sqlite-3.7.11 compat
* fix assertion during \'svn diff -r BASE:HEAD ^/trunk\' (issue #4161)
* notify upon \'update\' just removing locks on files
* neon: fix potential use of freed memory during commits
* \'status --xml\' doesn\'t show repository deletes correctly (issue #4167)
* fix assert on svn:externals with drive letter on Windows (issue #4073)
* fix \'svn update --depth=empty\' against 1.4 servers (issue #4046)
* handle missing svn:date reported by svnserve gracefully
* fix merges which first add a subtree and then delete it (issue #4166)
* fix a regression with checkout of file externals (issue #4087)
* don\'t add spurious mergeinfo to subtrees in edge-case merge (issue #4169)
* improve performance of status on large working copies (issue #4178) - Server-side bugfixes:
* fix non-fatal FSFS corruption bug with concurrent commits (issue #4129)
* mod_dav_svn: raise an error on MERGE of non-existent resource
* mod_dav_svn: support compiling/running under httpd-2.4 (r1232267)
* mod_dav_svn: forbid BDB repositories under httpd\'s event MPM (issue #4157) - Other tool improvements and bugfixes:
* emacs support: updates to dsvn.el and vc-svn.el Developer-visible changes: - General:
* windows example distribution scripts: include svnrdump
* fix running the test suite with jsvn - Bindings:
* swig-py tests: avoid FAILs on APR hash order
* swig-rb tests: avoid FAILs on APR hash order
* swig-pl: Improved perl detection in gen-make.py
* Fri May 11 2012 andreas.stiegerAATTgmx.de- Subversion currently does not compile Ruby bindings for 1.9 disable to fix build in Factory- add subversion-1.7.4-ruby-1.9-RbConfig.patch to use RbConfig instead of Config which is deprecated in Ruby 1.9- fix conditional configuration for serf support- add check that ra_serf is built as configure failed silently
* Thu Mar 08 2012 andreas.stiegerAATTgmx.de- update to upstream 1.7.4 User-visible changes:
* fix \'svn log --diff\' for moved paths
* fix ra_serf problem with reading directory entries via HTTPv2
* prepend \"sqlite:\" to error messages from SQLite
* fix randomly missing \"Merged via\" notifications in \'svn log -g\'
* fix spurious conflict when merging deleted symbolic link (issue #4052)
* fix URL-to-WC copy of externals on Windows (issue #4123)
* improve an FSFS sanity-check error message
* fix regressions with symlinks pointing at externals (issue #4102)
* fix \'svn log --diff\' output ordering issue on Windows Developer-visible changes:
* don\'t build mod_dontdothat if not building with httpd
* fix the testsuite to avoid FAILs on APR hash order
* Sat Mar 03 2012 andreas.stiegerAATTgmx.de- add bash completion subpackage
* Tue Feb 21 2012 cooloAATTsuse.com- Apache-2 is not a license in spdx.org, pick Apache-2.0
* Mon Feb 13 2012 andreas.stiegerAATTgmx.de- refresh subversion-no-build-date.patch- add mod_dontdothat to subversion-server package- add section to README.SuSE about mod_dontdothat- add inactive sample mod_dontdothat configuration to subversion.conf- update to upstream 1.7.3 General:
* ship mod_dontdothat with the standard release User-visible changes:
* fix segfault on \'svn rm $ROOT_URL\' (issue #4074)
* replace a couple of assertions in favor of errors (r1207858, -949)
* fix a server assert after being upgraded (r1210195)
* fix segfault on \'svn mkdir svn://localhost\' (r1211483)
* make \'svnadmin recover\' prune the rep cache (r1213331, et al)
* make svnmucc use values from --config-dir option
* update and clarify the merge help text (r1154121, et al)
* replace wc assertion with informative error (r1222521, -693)
* copy permissions correctly for FSFS dirs (r1229252)
* improve \'svn log --with-all-revprops\' over ra-dav (issue #4082)
* fix segfault when remapping a file external (issue #4093)
* fix segfault caused by obstructing unversioned dir (r1229677)
* fix regression on first update of external dir with \'-r\' (issue #4053)
* fix various EOL-handling problems in \'svn patch\' (issues #3814, #3991)
* fix segfault in \'svn revert\' (r1229303)
* improve correctness of \'svn patch --dry-run\' (r1231944, -5)
* enforce revisions given in \'svn:externals\' (issue #4053)
* fix potential corruption on 32-bit FSFS with large files (r1230212)
* make \'svn status --xml\' show new files (issue #4097)
* fix \'svn mergeinfo\' correctness (issue #4050)
* return the correct status for non-present nodes (r1232202, -07, -21, -22)
* improve SASL error messages (r1236343, et al)
* improve server cert error code for ra_serf (r1232413)
* fix SVNParentPath listings for parent path symlinks (r1221767, -80)
* fix mod_dav_svn\'s handling of POST errors (issue #4086)
* log some mod_dav_svn errors, rather than ignoring them (r1237720, -9596)
* relax requirements for canonicalization in mod_dav_svn (r1236173)
* fix a rare source of FSFS corruption (r1240752)
* allow committing the result of some copy operations (issue #4059)
* prevent one-byte buffer overflow in base64 decoding (r1242337) Developer-visible changes:
* JavaHL: Add missing notify action, fixing an exception (r1221793)
* fix swig-py memory leak (r1235264, -296, -302, -736)
* fix spurious test suite failure (r1220742, -50)
* allow running tests on UNC shares (r1225491)
* bindings: see platform-specific password providers (r1242660, -1)
* skip \'svnrdump dump\' tests over ra_serf (r1242537)
* convert a few ra_serf assertions to errors (r1242607)
* Wed Dec 21 2011 andreas.stiegerAATTgmx.de- update license to Apache-2- run regression tests for 12.1 again- allow builds --without regression_tests- subversion.libtool-verbose.patch refresh for moved source lines- subversion-swig-perl-install_vendor.patch refresh for moved source lines- subversion.libtool-pie-flags.patch refresh for moved source lines- subversion.perl.LD_RUN_PATH.patch refresh for moved source lines- subversion-no-build-date.patch refresh for moved source lines- subversion-neon-systemproxy.patch adjust to changed upstream sources, remove one chunk which would create duplicated lines in patched result
* Tue Dec 06 2011 andreas.stiegerAATTgmx.de- update to upstream 1.7.2 User-visible changes:
* fix working copy corruption after interrupted update/switch (issue #4040)
* avoid segfaults against pre-1.5 servers (r1186928)
* improve configure error message if apr-util uses old or no bdb (r1186784)
* make \'svn patch\' ignore \'/dev/null\' targets for compat with git (r1197998)
* fix \'svn patch\' segfault on patch that skips and deletes files (r1199950)
* omit \"Committed revision N.\" output from \'svn commit --quiet\' (r1200837)
* fix authz denial when svnserve root is a repository (issue #4060)
* fix uninitialized memory read in client diff code (r1201002)
* avoid potential segfault during merges (r1202807)
* fix an assertion failure when a symlink is updated (r1186944, -81, -83)
* make working copy operations fail if nodes have no base checksum (r1202630)
* fix nested
s when using v2 protocol (r1203546, -651, -653)
* make mod_dav_svn ignore non-Subversion POST requests (r1187695)
* avoid reading freed memory (r1204478)
* recognize empty (only byte order mark) UTF-8 files as text (issue #4064)
* fix 1.7 client regression when operating against a 1.0.x server (r1199876)
* remove empty parent dirs of removed externals on update (issue #4044)
* make \'svn diff -c N\' work for files added in rN (issue #2873)
* plug a memory leak in the bdb backend (r1205726)
* fix \'svn import\' with native eol-style and inconsistent EOLs (r1205193)
* fix reading beyond the end of a string in bdb backend (r1205839, -48)
* don\'t assert when committing an incomplete directory (issue #4042) Developer-visible changes:
* JavaHL: allow \'status -u\' to function properly (r1189190, -395)
* don\'t put \'\\r\' characters in our generate sql headers (r1189580)
* properly define WIN64 on Windows x64 builds (r1188609)
* better adherence to C89 in enum definitions (r1189665)
* bump copyright year in Windows DLLs (r1189261)
* log a better error when opening rep-cache.db fails (r1204610, -73)
* Thu Dec 01 2011 dmuellerAATTsuse.de- only hide ctypesgen for Facory builds
* Tue Nov 22 2011 cooloAATTsuse.com- add libtool as buildrequire to avoid implicit dependency
* Sun Oct 23 2011 dmuellerAATTsuse.de- update to 1.7.1
* Based on many fixes by stsp.elego.de, many thanks!
* License changed to Apache License, version 2
* Detecting MIME types with libmagic
* Optimizations of diff, merge and blame
* See http://subversion.apache.org/docs/release-notes/1.7 for details
* Fri Oct 21 2011 dmuellerAATTsuse.de- merge in fixes from stsp.elego.de:
* Simplify tools install and ship a smaller amount of tools. Should fix rpmlint complaining about .libs/ directories and various other illegal files ending up in the package. Users are better off downloading the scripts previously shipped in this package directly from the upstream svn repository.
* Fri Oct 21 2011 dmuellerAATTsuse.de- merge in package description fixes from stsp.elego.de, thanks!
* Fri Oct 21 2011 dmuellerAATTsuse.de- reenable gnome-keyring/kde4-keyring support for older distros (bnc#713919)
* Thu Sep 29 2011 stspAATTelego.de- pass the serf configure option to subversion\'s configure script, not to swig\'s configure script
* Tue Aug 23 2011 dmuellerAATTsuse.de- add bconditional for libserf support
* Fri Aug 19 2011 dmuellerAATTsuse.de- fix swig bindings building (bnc#710878)
* Fri Aug 12 2011 dmuellerAATTsuse.de- run regression tests again, but only for fsfs, as bdb is slow and often runs out of memory
* Tue Aug 02 2011 dmuellerAATTsuse.de- add versioned runtime dependency on sqlite3 libraries- make init script executable
* Sat Jul 30 2011 dmuellerAATTsuse.de- annotate changelog with bugs and CVE\'s fixed via individual backports on the maintained code streams
* Wed Jul 27 2011 dmuellerAATTsuse.de- remove intree copies of sqlite and swig if version is new enough- disable kwallet/gnome-keyring support for SLE11 (to be package list compatible)
* Mon May 30 2011 stspAATTelego.de- update to 1.6.17 (bnc#698205): includes security fixes [CVE-2011-1752, CVE-2011-1783, CVE-2011-1921] User-visible changes:
* improve checkout speed on Windows (issue #3719)
* make \'blame -g\' more efficient on with large mergeinfo (r1094692)
* avoid some invalid handle exceptions on Windows (r1095654)
* preserve log message with a non-zero editor exit (r1072084)
* fix FSFS cache performance on 64-bit platforms (r1103665)
* make svn cleanup tolerate obstructed directories (r1091881)
* fix deadlock in multithreaded servers serving FSFS repositories (r1104093)
* detect very occasional corruption and abort commit (issue #3845)
* fixed: file externals cause non-inheritable mergeinfo (issue #3843)
* fixed: file externals cause mixed-revision working copies (issue #3816)
* fix crash in mod_dav_svn with GETs of baselined resources (r1104126) See CVE-2011-1752, and descriptive advisory at http://subversion.apache.org/security/CVE-2011-1752-advisory.txt
* fixed: write-through proxy could direcly commit to slave (r917523)
* detect a particular corruption condition in FSFS (r1100213)
* improve error message when clients refer to unkown revisions (r939000)
* bugfixes and optimizations to the DAV mirroring code (r878607)
* fixed: locked and deleted file causes tree conflict (issue #3525)
* fixed: update touches locked file with svn:keywords property (issue #3471)
* fix svnsync handling of directory copyfrom (issue #3641)
* fix \'log -g\' excessive duplicate output (issue #3650)
* fix svnsync copyfrom handling bug with BDB (r1036429)
* server-side validation of svn:mergeinfo syntax during commit (issue #3895)
* fix remotely triggerable mod_dav_svn DoS See CVE-2011-1783, and descriptive advisory at http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
* fix potential leak of authz-protected file contents See CVE-2011-1921, and descriptive advisory at http://subversion.apache.org/security/CVE-2011-1921-advisory.txt Developer-visible changes:
* fix reporting FS-level post-commit processing errors (r1104098)
* fix JVM recognition on OS X Snow Leopard (10.6) (r1028084)
* allow building on Windows with recent Expat (r1074572)
* Thu Apr 21 2011 pthAATTsuse.de- Use getent to check for existance of user and group (bnc#688968).
* Thu Feb 24 2011 stspAATTelego.de- update to 1.6.16 (bnc#676949, bnc#662030): includes security fixes [CVE-2010-4539, CVE-2010-4644, CVE-2011-0715] User-visible changes:
* more improvement to the \'blame -g\' memory leak from 1.6.15 (r1041438)
* avoid a crash in mod_dav_svn when using locks (r1071239, -307) See CVE-2011-0715, and descriptive advisory at http://subversion.apache.org/security/CVE-2011-0715-advisory.txt
* avoid unnecessary globbing for performance (r1068988)
* don\'t add tree conflicts when one already exists (issue #3486)
* fix potential crash when requesting mergeinfo (r902467)
* don\'t attempt to resolve prop conflicts in \'merge --dry-run\' (r880146)
* more fixes for issue #3270. Developer-visible changes:
* ensure report_info_t is properly initialized by ra_serf (r1058722)
* locate errors properly on a malfunction (r1053208)
* fix output param timing of svn_fs_commit_txn() on fsfs (r1051751)
* for svn_fs_commit_txn(), set invalid rev on failed commit (r1051632, -8)
* fix sporadic Ruby bindings test failures (r1038792)
* fix JavaHL JVM object leak when dumping large revisions (r947006)
* use Perl to resolve symlinks when building swig-pl (r1039040)
* allow Perl bindings to build within a symlinked working copy (r1036534)
* don\'t overwrite the LD_LIBRARY_PATH during make check-swig-pl (r946355)
* improve unit tests for some fs functions (r1051744, -5, -3185, -241)
* Mon Jan 31 2011 stspAATTelego.de- use proper capitalisation and punctuation in /etc/sysconfig/svnserve
* Mon Jan 31 2011 stspAATTelego.de- fix misleading text in /etc/sysconfig/svnserve (+1 from mrueckert)
* Wed Jan 19 2011 dmuellerAATTsuse.de- fix typo in readme (bnc#661584)
* Mon Dec 27 2010 dmuellerAATTsuse.de- fix build against 11.4
* Mon Dec 06 2010 dmuellerAATTsuse.de- fix synax error (bnc#657354)
* Wed Nov 24 2010 stspAATTelego.de- update to 1.6.15 (bnc#649861): includes security fixes [CVE-2010-3315] User-visible changes:
* hide unreadable dirs in mod_dav_svn\'s GET response (r996884)
* make \'svnmucc propsetf\' actually work (r1005446)
* limit memory fragmentation in svnserve (r1022675)
* fix \'svn export\' regression from 1.6.13 (r1032970)
* fix \'svn export\' mistakenly uri-encodes paths (issue #3745)
* fix server-side memory leaks triggered by \'blame -g\' (r1032808)
* prevent crash in mod_dav_svn when using SVNParentPath (r1033166)
* allow \'log -g\' to continue in the face of invalid mergeinfo (r1028108)
* filter unreadable paths for \'svn ls\' and \'svn co\' (r997026, -070, -474)
* fix abort in \'svn blame -g\' (issue #3666)
* fix file handle leak in ruby bindings (issue #3512)
* remove check for 1.7-style working copies (issue #3729) Developer-visible changes:
* improve some swig parameter mapping (r984565, r1035745)
* improve test accuracy over dav (r991534, r877814)
* create fails.log for test runs (r964349)
* improve detection of \'svnversion\' when buildling (r877219, et al)
* don\'t violate API layering in dumpstream logic (issue #3733)
* don\'t report working copy installs as switched (r1033921)- project website changed from subversion.tigris.org to subversion.apache.org
* Wed Nov 24 2010 dmuellerAATTsuse.de- correct instructions on how to create the svn account (bnc#655094)
* Sat Oct 02 2010 pascal.bleserAATTopensuse.org- fixes CVE-2010-3315: http://subversion.apache.org/security/CVE-2010-3315-advisory.txt (only affects certain scenarios when using \"SVNPathAuthz short_circuit\")- update to 1.6.13:
* don\'t drop properties during foreign-repo merges (issue #3623)
* improve auto-props failure error message (r961970)
* improve error message for 403 status with ra_neon (r876615)
* don\'t allow \'merge --reintegrate\' for 2-url merges (r959004)
* improve handling of missing fsfs.conf during hotcopy (r980811, -1449)
* escape unsafe characters in a URL during export (issue #3683)
* don\'t leak stale locks in FSFS (r959760)
* better detect broken working copies during update over ra_neon (r979045)
* fsfs: make rev files read-only (r981921)
* properly canonicalize a URL (r984928, -31)
* fix wc corruption with \'commit --depth=empty\' (issue #3700)
* permissions fixes when doing reintegrate merges (related to issue #3242)
* fix mergeinfo miscalculation during 2-url merges (issue #3648)
* fix error transmission problems in svnserve (r997457, -66)
* fixed: record-only merges create self-referential mergeinfo (issue #3646)
* fixed: \'SVNPathAuthz short_circuit\' unsolicited read access (issue #3695)
* make \'svnmucc propset\' handle existing and non-existing URLs (r1000607)
* add new \'propsetf\' subcommand to svnmucc (r1000612)
* emit a warning about copied dirs during ci with limited depth (r1002094)
* make ruby bindings compatible with Ruby 1.9 (r957507)
* use the repos verify API in JavaHL (r948916)
* teach ra_serf to parse md5 checksums with update editors (r979429)
* let ra_serf work with current serf releases (r879757, r880320, r943796)
* Mon Sep 27 2010 dimstarAATTopensuse.org- Add subversion-neon-systemproxy.patch: Use Neon\'s system-proxy feature that was introduced in neon 0.29. In the background, neon uses libproxy to get the right information from the session.
* Mon Sep 20 2010 cristian.rodriguezAATTopensuse.org- Do not include build date in binaries- refresh patches
* Tue Jun 22 2010 pascal.bleserAATTopensuse.org- update to 1.6.12:
* further improvements for issue #3242 (\"Subversion demands unnecessary access to parent directories of operations\")
* allow deletion of uris which need character escaping (issue #3636)
* fix errors with \'svn mkdir --parents\' (issue #3649)
* update address to which crash reports are sent (r901304)
* fix handling of peg revision\'d copy targets (issue #3651)
* more improvements to \'svn merge --reintegrate\' (r935631)
* allow copying of broken symlinks (issue #3303)
* improve rep-sharing performance on high-concurrency repos (issue #3506)
* fixed: added subtrees with mergeinfo break reintegrate (issue #3654)
* fixed: assertion triggered by tree-conflicted externals (issue #3469)- rolling back the in-tree sqlite-amalgamation from 3.6.17 to 3.6.13 (which is the version recommended by upstream)- added check in spec file to make sure we use the recommended sqlite (-amalgamation) version
* Sun Apr 18 2010 pascal.bleserAATTopensuse.org- update to 1.6.11:
* fix for repositories mounted via NFS
* enable TCP keep-alives in svnserve
* tighten restrictions on revprops for \'svnadmin verify\'
* make ra_serf give better out-of-date information
* improve error message upon connection failure with svn+ssh://
* allow \'svn log\' on an uncommitted copy/move destination
* make \'svnadmin hotcopy\' copy the fsfs config file
* mergeinfo improvements with non-inheritable mergeinfo
* make mergeinfo queries not require access to the repo root
* update URLs to refer the the new apache.org repository
* update relative externals during a switch
* fix \'merge --reintegrate\' with self-referential mergeinfo
* improve wc-ng working copy detection
* improve handling of mergeinfo when using serf
* fixed: \'svnlook plist --revprop\' with \'-t TXN_NAME\'
* fixed: file external from URL cannot overwrite existing item
* fixed: potential memory error in \'svn status\'
* fixed: merge records mergeinfo from natural history gaps
* fixed: theoretical possibility of DB corruption
* Sun Jan 24 2010 pascal.bleserAATTopensuse.org- update to 1.6.9: User-visible changes:
* allow multiple external updates over ra_svn (issue #3487)
* fix a segmentation fault when using FSFS (r881905)
* support Berkeley DB 4.8 (r879688)
* various autoprop improvements (r880274, -5)
* improve usage of svn+ssh:// on Windows (issue #2580)
* teach 1.6.x to recognize 1.7 working copies (1.6.x-future- proof branch)
* update help text for \'svn update\' and \'svn switch\' (r886164)
* make \'svnadmin load --parent-dir\' create valid mergeinfo (r888979)
* tolerate relative merge source paths in mergeinfo (r889840)
* teach mod_dav_svn to support the Label header (issue #3519)
* fixed: svnsync leaves stale sync-locks on mirrors (r884842)
* fix applicability of \'svn resolve --accept=theirs-conflict\' (r880525)
* fixed: segfault in \'svn resolve\' (r896522)
* fix commit failure against an out-of-date mirror (r900797) Developer-visible changes:
* update ruby bindings test expectation (r880162)
* don\'t allow rangelist and mergeinfo API to modify input args (r879093)
* Mon Jan 04 2010 vuntzAATTopensuse.org- Change gnome-keyring-devel BuildRequires to libgnome-keyring-devel on 11.3 and later, following the module split upstream.
* Thu Oct 22 2009 stspAATTelego.de- update to 1.6.6: User-visible changes:
* fix crash during \'svn update\' (r39673)
* respect Apache\'s ServerSignature directive (r40008, -21, -31)
* don\'t add a file with mixed line endings, and then abort (issue #2713)
* support Neon 0.29.
* fix a crash in \'svn rm --force\' (r37953)
* handle tree conflicts involving replacements (issue #3486)
* allow non-threadsafe sqlite if APR has no threads (r39301)
* print newline before plaintext SSL cert / password prompts (r38982, r39302)
* improve merge performance with implicit subtree mergeinfo (issue #3443)
* fix \"libsvn_ra_svn/marshal.c assertion failed (opt || cstr)\" (issue #3485)
* make file externals work for binary files (issue #3368)
* perform MIME type matching case-insensitively (issue #3479)
* do not treat non-existent revisions as HEAD in \'svn export\' (issue #3400)
* revert r36720\'s default MIME type change back to \"text/plain\" (issue #3508)
* improve \"tree conflict already exists\" error message (r38872)
* fix failure to commit replacement of a directory (issue #3281)
* fix mod_dav_svn parent dir links to preserve peg revisions (issue #3425) Developer-visible changes:
* fix 2 failing tests in ruby bindings (r38886)
* do not require GNU grep for build (issue #3453)
* use \'$SED\' instead of \'sed\' in build scripts (issue #3458)
* add svn.client.{log5,merge_peg3} to python bindings (r39635, -6, -7)
* include the time of a test run in tests.log (r39887)- Rename subversion-1.6.5-rpmlintrc to subversion.rpmlintrc.- Drop subversion.allowed-neon.patch in favour of --disable-neon-version-check configure flag.- Drop subversion-make-check-log-to-stdout.patch, it doesn\'t apply anymore. It was mainly for debugging test suite hangs on Factory. We don\'t run tests on factory anymore.
* Mon Aug 24 2009 stspAATTelego.de- add patch to fix failing regression test in ruby bindings- rename rpmlintrc file
* Sun Aug 23 2009 pascal.bleserAATTopensuse.org- update to 1.6.5:
* fix mod_dav_svn directory view links to preserve peg revisions
* properly escape lock comments over ra_neon
* allow syncing copies of \'/\' over ra_neon and ra_serf
* make \'svnlook diff\' show empty added or deleted files
* fix building with Apache 2.4
* fix possible data loss on ext4 and GPFS filesystems
* resolve symlinks when checking for ~/.subversion
* don\'t let svn+ssh SIGKILL ssh processes
* allow PLAIN and LOGIN mechanisms with SASL in svnserve
* fix peg revision parsing in filenames like \'dir/AATTfile.txt\'
* don\'t pretend to do tree conflict resolution
* fix data corruption when syncing from svnserve to mod_dav_svn
* fix GNOME Keyring with \'--non-interactive\' option
* fixed: false \"File \'...\' already exists\" error during commit- bump in-tree sqlite-amalgamation from 3.6.16 to 3.6.17
* Sat Aug 08 2009 pascal.bleserAATTopensuse.org- bump in-tree sqlite-amalgamation from 3.6.14.2 to 3.6.16- use a trap function in check section to make sure the svnserve process is killed- use a random free port for testing the svnserve process
* Fri Aug 07 2009 stspAATTelego.de- update to 1.6.4 (bnc#528714):
* Security fix [CVE-2009-2411]
* Fri Jul 24 2009 dmuellerAATTsuse.de- fix typo in dav svn default configuration (bnc#517143)
* Tue Jul 21 2009 stspAATTelego.de- Don\'t run regression tests on OpenSUSE Factory. It takes too long which causes problems for the build service because the subversion package is being rebuilt often.
* Fri Jul 17 2009 stspAATTelego.de- To help us figure out why the test suite sometimes hangs on the build service, add a patch which allows logging to stdout and stderr, instead of logging to tests.log, during make check.
* Mon Jul 06 2009 stspAATTelego.de- Run regression tests over both filesystem backends (FSFS and BDB), and over svn:// as well as file://
* Mon Jul 06 2009 stspAATTelego.de- Now that the project repositories have been configured correctly on the build service, OpenSUSE 10.3 should also have a JDK.
* Fri Jul 03 2009 stspAATTelego.de- Make python-xml an explicit build requirement since the regression tests need it to run.
* Fri Jul 03 2009 stspAATTelego.de- Make regression tests clean up temporary test data (repositories, working copies, etc.) to avoid build failures due to running out of disk space. This trades time against space -- the build will take longer.
* Fri Jul 03 2009 stspAATTelego.de- The build service keeps complaining that \"nothing provides java-1_6_0-sun-devel\". Attempt to make it happy by only building Java bindings on SUSE versions which have OpenJDK.
* Fri Jul 03 2009 stspAATTelego.de- write tests.log to stdout if make check fails to aid debugging of test failures on the build service
* Fri Jul 03 2009 stspAATTelego.de- run all regression tests (ra_local only for now)- filter a false positive rpmlint warning- update to 1.6.3 User-visible changes:
* fix segfault in WC->URL copy (r37646, -56)
* let \'svnadmin load\' tolerate mergeinfo with \"\\r\
\" (r37768)
* make svnsync normalize svn:
* props to LF line endings (issue #3404)
* better integration with external merge tools (r36178)
* return a friendly error message for \'svn diff\' (r37735)
* update dsvn.el for 1.6 (r37774)
* don\'t allow setting of props on out-of-date dirs under neon (r37745)
* improve BASH completion (r36450, -52, -70, -79, -538)
* improve some DAV-based error messages (issue #3414)
* always show tree conflicts with \'svn st\' (issue #3382)
* improve correctness of \'svn mergeinfo\' (issue #3126)
* decrease the amount of memory needed for large commits (r37894, -6)
* work around an APR buffer overflow seen by svnsync (r37622)
* ra_svn clients now use TCP keep-alives if available (issue #3347)
* improve \'svn merge\' perf by reducing server contact (r37491, -593, -618)
* stop propagating self-referential mergeinfo in reintegrate merges (r37931)
* fix NLS detection where -liconv is required for bindtextdomain() (r37827)
* don\'t delete unversioned files with \'rm --keel-local\' (r38015, -17, -19)
* bump apr and apr-util versions included in deps to latest. (r37941)
* avoid temp file name collisions with ra_serf, ra_neon (r37972)
* fixed: potential segfault with noop file merges (r37779)
* fixed: incorrect output with \'svn blame -g\' (r37719, -23, -41)
* fixed: bindings don\'t load FS libs when module search enabled (issue #3413)
* fixed: potential abort() in the working copy library (r37857)
* fixed: memory leak in hash reading functions (r37868, -979) Developer-visible changes:
* improve memory usage in file-to-stringbuf APIs (r37907)
* reduce memory usage for temp string manipulation (r38010)
* Mon Jun 29 2009 dmuellerAATTsuse.de- fix package names to be able to remove the rpmlintrc
* Fri Jun 19 2009 cooloAATTnovell.com- disable as-needed for this package as it fails to build with it
* Mon Jun 15 2009 poemlAATTsuse.de- make Subversion\'s configure script detect Berkeley DB again. With apu-1-config 1.3.7, the --libs output doesn\'t return -ldb any longer, and Subversion was relying on this. See this long thread: http://mail-archives.apache.org/mod_mbox/apr-dev/200906.mbox/%3c1244533468.25532.110.camelAATTshrek.rexursive.com%3e Building with --with-berkeley-db makes it work again.
* Tue Jun 09 2009 dmuellerAATTsuse.de- remove ctypesgen package - not in factory yet
* Fri Jun 05 2009 wrAATTopensuse.org- update svnmerge.py to the latest version
* not using popen2 anymore which was deprecated
* Wed Jun 03 2009 dmuellerAATTsuse.de- merge into Factory
* Tue May 26 2009 pascal.bleserAATTopensuse.org- update to sqlite-amalgamation 3.6.14.2
* Fri May 15 2009 pascal.bleserAATTopensuse.org- enable in-tree sqlite-amalgamation again, as the required sqlite3 package screws up zypper (bnc#504251)
* Mon May 11 2009 pascal.bleserAATTopensuse.org- bump in-tree sqlite-amalgamation to the recommended version for Subversion 1.6.2: 3.6.13- update to 1.6.2:
* vastly improve memory usage with \'svn merge\' (issue #3393)
* make default depth for merge \'infinity\' (r37156)
* make \'status --quiet\' show tree conflicts (issue #3396)
* allow \'--set-depth infinity\' to expand shallow subtrees (r37169)
* return an error if attempting to reintegrate from/to the repo root (r37385)
* don\'t store bogus mergeinfo for \'--ignore-ancestry\', foreign merges (r37333)
* don\'t allow merge of difference between two repos (r37519)
* avoid potential segfault with subtree mergeinfo (r36613)
* recommend sqlite 3.6.13 (r37245)
* avoid unnecessary server query for implicit mergeinfo (r36509)
* avoid unnecessary server query during reverse merges (r36527)
* set depth=infinity on \'svn add\' items with restricted depth (r37607)
* fixed: commit log message template missing paths (issue #3399)
* fixed: segfault on merge with servers < 1.6 (r37363)
* fixed: repeat merge failures with non-inheritable mergeinfo (issue #3392)
* fixed: another memory leak when performing mergeinfo-aware merges (r37398)
* fixed: incorrect mergeinfo on children of shallow merges (issue #3407)
* fixed: pool lifetime issues in the BDB backend (r37137)
* Thu May 07 2009 pascal.bleserAATTopensuse.org- build and install the following binaries from tools/server-side into subversion-tools:
* svn-populate-node-origins-index
* svnauthz-validate- add support for building Subversion 1.6.x on SLE 9, by using the package \"python25\" and patching all python scripts accordingly, to use #!/usr/bin/python2.5 instead of /usr/bin/python or /usr/bin/env python
* Wed Apr 15 2009 dmuellerAATTsuse.de- update to 1.6.1 User-visible changes:
* recommend Neon 0.28.4. (r36388)
* improve performance of \'svn merge --ignore-ancestry\' (r36256)
* improve \'svn merge\' performance with subtree mergeinfo (r36444)
* correctly proxy LOCK and UNLOCK requests (r36159)
* prevent a crash when updating old working copies (r36751)
* don\'t let svnmerge.py delete a nonexistent property (r36086, -767, -769)
* don\'t fail when upgrading pre-1.2 repositories (r36851, -7)
* allow escaping of separator characters in autoprops (r36763, -84)
* improve tempfile creation robustness on Windows (r36442, -3)
* fix change-svn-wc-format.py for 1.6.x working copies (r36874, -5)
* improve configure\'s detection of Berkeley DB (r36741, -2)
* don\'t allow foreign merges to add foreign mergeinfo (issue #3383)
* improve performance of \'svn update\' on large files (r36389, et. al.)
* fixed: error leak and potential crash (r36860)
* fixed: parent directory handling on Windows (r36049, -50, -51, -131)
* fixed: unintialized memory errors (r36252, -3)
* fixed: potential working copy corruption (r36714)
* fixed: working copy upgrade error (r36302)
* fixed: pointer dereference error (r36783)
* fixed: error diff\'ing large data with ignored whitespace (r36816)
* fixed: potential hang in ra_serf (r36913)
* fixed: problem with merge and non-inheritable mergeinfo (r36879)
* fixed: repeated merging of conflicted properties fails (issue #3250)
* fixed: excluding an absent directory segfaults (issue #3391) Developer-visible changes:
* ensure svn_subst_translate_cstring2() properly flushes data (r36747)
* make serf report a base checksum to apply_textdelta (r36890)
* syntax updates for strict C89 compilers (r36799)
* update RPM scripts for RHEL4 (r36834)
* allow tests to be run with Python 2.6.1 on Windows (r36149, -50, -51, -56)
* allow building JavaHL with Visual Studio 2008 (r36954)
* stop setting default translation domain in JavaHL (r36955)
* fixed: warning with Python 2.6 and ctypes bindings (r36559)
* fixed: undefined references to svn_fs_path_change2_create() (r36823)
* Mon Mar 30 2009 pascal.bleserAATTopensuse.org- fix build on SLE10- don\'t build on SLE9, its python is too old (requires >= 2.4)- build gnome-keyring and kde4 kwallet authentication store plugins as subpackages- added explicit BuildRequires for cyrus-sasl-devel- use an in-tree sqlite 3.6.11 as recommended instead of the system-wide version- removed the %changelog from the spec file, was very long, and we have a .changes file anyway- rpmlint happiness:
* added a patch to remove a pointless shebang in the python bindings
* removed dot at end of Summary in subpackages- removed the License: tag in each subpackage
* Sun Mar 22 2009 pascal.bleserAATTopensuse.org- build the new ctypes python bindings- upgraded in-tree SWIG to the recommended version for building SVN: 1.3.36 (required to build the Ruby bindings)- 1.6.0 in a separate repository for now- update to 1.6.0:
* the working copy format has been upgraded: this means that 1.5 and older Subversion clients will not be able to work with working copies produced by Subversion 1.6; working copies are upgraded automatically
* the repository filesystem formats have changed, meaning that 1.5 and older versions of Subversion tools that normally access a repository directly (e.g. svnserve, mod_dav_svn, svnadmin) won\'t be able to read a repository created by Subversion 1.6; but, repositories are not upgraded automatically (use \"svnadmin upgrade\")
* improved output of \"svn proplist --verbose\"
* \"svn propget\" now accepts the --verbose option
* changed output of \"svn status\": now contains the additional seventh column which informs whether the item is the victim of a tree conflict; an additional line with more detailed description of a tree conflict is displayed after each item remaining in tree conflict
* subversion prompts before storing passwords in plaintext form
* passwords can be stored in KWallet (KDE 4) and GNOME Keyring
* SSL client certificate passphrases can be stored in KWallet, GNOME Keyring in encrypted form or in plaintext form
* repository root relative URLs (client)
* improvements to \"svn:externals\": support for files and usual shell quoting rules in external definitions
* detection of tree conflicts: Subversion 1.6 recognizes a new kind of conflict, known as a \"tree conflict\"; such conflicts manifest at the level of directory structure, rather than file content
* several improvements to both the Berkeley DB and FSFS backends, designed to improve storage space, and can result in drastically smaller repositories: + sharing multiple common representations + FSFS repositories: packing completed shards + FSFS repositories: support for Memcached + BDB repositories: reverse deltas
* ctypes Python bindings
* improved interactive conflict resolution
* sparse directory exclusion
* logging support for svnserve
* new public \"historical\" HTTP URI syntax for mod_dav_svn
* the \"svn log\" command can now take multiple revision arguments in one invocation
* --trust-server-cert option: added to svn and svnsync, so that non-interactive operations can work with self-signed certificates not backed by a known trust authority
* Sun Mar 08 2009 pascal.bleserAATTopensuse.org- enable build of ruby bindings by using an in-tree SWIG 1.3.33- update to 1.5.6:
* allow colons within mergeinfo path names (r35040)
* make it impossible to add .svn to wc via \'svn add --parents\' (r35143, -5)
* copy properties of added but uncommitted files (r32448)
* improve performance of log operation on < 1.5 servers (r35566)
* allow commits over Neon of files >2GB (POSIX only) (r34919, -24)
* allow serf from behind MS ISA proxy servers (r35981)
* prevent svnmerge-migrate-history.py from committing bogus mergeinfo (r35516)