|
|
|
|
Changelog for subversion-1.14.3-lp156.391.1.x86_64.rpm :
* Thu Sep 26 2024 Bernhard Wiedemann - Use strip-nondeterminism to normalize jar mtimes * Tue Jun 04 2024 Andreas Stieger - fix build with gcc14 (boo#1225929) subversion-1.14.3-gcc14.patch subversion-1.14.3-gcc14-2.patch * Sat Dec 30 2023 Dirk Müller - update to 1.14.3: * Fix svn:mergeinfo diff parser bug when parsing forward merges * Fix redirected URL handling with file externals * swig-rb: Fix uses of \'File.exist?\', deprecated since Ruby 2.1 * Build: Fix uses of deprecated Python APIs * Build: Retain ability to build SWIG Python 2 bindings * Fix reading WC lock status with svn_wc_status2_t * JavaHL: Add AATTDeprecated to silence compiler warnings * JavaHL: Fix crash in case of null message in getMessage * Fix build breakage of release tarballs by installed swig * Add regression test for issue #4711 \"invalid xml file\" * swig-py: Fix building with SWIG 4.1.0 (r1904167) * Makefile.in: Fix cleaning of __pycache__ dirs and *.pyc * swig-py: Avoid deprecated options to SWIG >= 4.1.0 (r1904198, r1904287) * swig-py: Use sysconfig to allow building with Python 3.12 * INSTALL: Document not to use SVN with APR 1.7.3 on Windows * Fix test suite broken by syntax error when --enable-sasl * swig-py: Fix issues #4916, #4917, #4918 (r1912500 et al) * swig-py: Improve error when no external diff (r1912724, -743, issue #1778) * autogen.sh: Fix building when Python is not named \"python\"- drop ruby32-fixes.patch, swig4.patch: upstream/obsolete- rebase all patches to -p1 to be able to switch to autosetup * Wed Jun 21 2023 Guillaume GARDET - Update _constraints to avoid some aarch64 workers for subversion:testsuite to avoid to hang * Fri Mar 10 2023 Dirk Müller - add swig4.patch for better support with SWIG 4.x (bsc#1209110) * Fri Jan 06 2023 Dirk Müller - add ruby32-fixes.patch (https://svn.apache.org/viewvc?view=revision&revision=1904472) * Thu Nov 17 2022 Dominique Leuenberger - Do not have the main package recommend the bash-completion sub-package, but rather have the subpackage supplement the combination of subversion and bash-completion. * Wed Apr 13 2022 Dirk Müller - split testsuite into _multibuild flavor to speedup dependent packages- rediff patches (no functional change) * Tue Apr 12 2022 Andreas Stieger - Apache Subversion 1.14.2: * CVE-2021-28544: SVN authz protected copyfrom paths regression (boo#1197939) * CVE-2022-24070: mod_dav_svn memory corruption (boo#1197940) * Fix -r option documentation for some svnadmin subcommands * Fix error message encoding when system() call fails * Fix assertion failure in conflict resolver * Support multiple working copy formats (1.8-onward, 1.15) * Mon Mar 07 2022 Danilo Spinella - Fix testCrash_RequestChannel_nativeRead_AfterException test on aarch64 and ppc64le, bsc#1195486 bsc#1193778 * fix-javahl-test.patch- * Wed Nov 24 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Modified: * svnserve.service * Fri Nov 12 2021 Danilo Spinella - The following issues have already been fixed in this package but weren\'t previously mentioned in the changes file: * bsc#1185052 * Wed Oct 20 2021 Callum Farmer - Change to using systemd-sysusers * Thu Oct 14 2021 Andreas Stieger - always build with kwallet support, no longer make a distrinction between openSUSE and SLE (boo#1191282) * Wed Feb 10 2021 Markéta Machová - Update to 1.14.1 * Fix non-deterministic generation of mergeinfo * Fix invalid SQL quoting in working copy upgrade system * Convert filename for editor from UTF-8 to the locale\'s encoding * Make the hot-backup.py script work with Python 3 * Fix an uninitialized read in FSFS * Fix a potential NULL dereference in the config file parser (bsc#1181687, CVE-2020-17525)- Rebase subversion-no-build-date.patch * Tue Dec 01 2020 pgajdosAATTsuse.com- use system apache rpm macros * Mon Oct 19 2020 Tomáš Chvátal - Enable kde integration from 15-SP3 and newer releases jsc#SLE-11654 * Sat Sep 26 2020 d_wernerAATTgmx.net- update the path of the PIDFile in the svnserve.service file: change /var/run/svnserve/svnserve.pid to /run/svnserve/svnserve.pid * Fri Sep 25 2020 d_wernerAATTgmx.net- update the tmpfiles.d/ drop-in file as requested by the rpm output /usr/lib/tmpfiles.d/svnserve.conf:1: Line references path below legacy directory /var/run/, updating /var/run/svnserve → /run/svnserve; * Wed Sep 23 2020 Dirk Mueller - speed up testsuite run by using /dev/shm- disable output aggregation that spec-cleaner introduces in checks * Wed Sep 09 2020 Antonio Larrosa - Fix jira reference to SLE-11901 * Fri Sep 04 2020 Antonio Larrosa - Add patch to remove dependency on kdelibs4support just to run kf5-config to find out that headers are in /usr/include and libraries are in /usr/lib(64) (jsc#SLE-11901): * remove-kdelibs4support-dependency.patch * Mon Jul 27 2020 Callum Farmer - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) * Thu Jun 11 2020 Tomáš Chvátal - Update to 1.14.0: * Support for Python 3.x * Support for Python 2.7 is being phased out * New Build-Time Dependency: py3c * Many enhancements and bug fixes- Drop patches: * subversion-1.12.0-swig-4.patch * ruby27-warnings.patch * ruby-includes.patch- Refresh patch subversion-no-build-date.patch * Tue May 05 2020 Martin Liška - Add disable-fs-fs-pack-test.patch in order to fix boo#1170834. * Wed Apr 15 2020 Tomáš Chvátal - Try to get building with ruby 2.7 bsc#1169446- Add patches: * ruby27-warnings.patch * ruby-includes.patch * Tue Mar 31 2020 Martin Liška - Fix boo#1167467 by gcc10-do-not-optimize-get_externals_to_pin.patch. * Wed Jan 08 2020 Tomáš Chvátal - Disable dependency on ctypesgen which is borked with new pythons * Sun Nov 10 2019 Andreas Stieger - Apache Subversion 1.13.0: * New \'svnadmin rev-size\' command to report revision size * Performance improvement for \'svn st\' etc., in WC SQLite DB * Fix \'svn patch\' setting mode 0600 on patched files with props * Fix \"svn diff --changelist ARG\" broken in subdirectories * Fix misleading \'redirect cycle\' error on a non-repository URL * svnserve: Report some errors that were previously ignored * Make server code more resilient to malformed paths and URLs * Make dump stream parser more resilient to malformed dump stream * mod_dav_svn: Fix missing Last-Modified header on \'external\' GET requests * Fix excessive memory usage in some cases reading binary data * Thu Sep 26 2019 Franz Sirl - Enable build and check with swig-3: * Only enable subversion-1.12.0-swig-4.patch for Tumbleweed * \'make check-swig-py\' doesn\'t pass with swig-4- Enable \'make check-swig-rb\' everywhere again * Fri Jul 26 2019 matthias.gerstnerAATTsuse.com- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html * Thu Jul 25 2019 Tomáš Chvátal - Add patches to fix bsc#1142743 and bsc#1142721 CVE-2019-0203 CVE-2018-11782: * CVE-2018-11782.patch * CVE-2019-0203.patch * Thu Jul 25 2019 Tomáš Chvátal - Update to 1.12.2: * Fix conflict resolver bug: local and incoming edits swapped. (r1863285) * Fix memory lifetime problem in a libsvn_wc error code path. (r1863287) * CVE-2018-11782 bsc#1142743 * CVE-2019-0203 bsc#1142721 * Sun Jul 21 2019 Antoine Belvire - Add subversion-1.12.0-swig-4.patch: Fix build with Swig 4 (boo#1135747). * Sat May 18 2019 Andreas Stieger - Apache Subversion 1.12.0: * \'move vs. move\' merge conflicts can now be resolve * \'svn --version --verbose\' shows loaded libraries on Linux * \'svnrdump\' can read/write a file instead of stdin/stdout * \'svn list\' tries to not truncate the author\'s name * \'svn list\' can show sizes in base-2 unit suffixes * \'svn info\' shows the size of files in the repository * \'svn cleanup\' can remove read-only directories * Repos-to-WC copy with --parents works with absent target * Repos-to-WC copy from foreign repo with peg/operative revs * Ignore empty group definitions in authz files * svnauthz: warn about empty groups in authz files * Storing passwords in plain text on disk is disabled by default * Fri Apr 26 2019 mvetterAATTsuse.com- bsc#1130588: Require shadow instead of old pwdutils * Mon Mar 25 2019 olafAATTaepfle.de- Install pkgconfig into libdir instead of datadir with subversion-pkgconfig.patch * Fri Jan 18 2019 astiegerAATTsuse.com- Apache Subversion 1.11.1: * Add conflict resolver support for added vs unversioned file * Add conflict resolver support for unversioned directories * Various client-side bug fixes for working copy operations * Server: fix unexpected SVN_ERR_FS_NOT_DIRECTORY errors * Server: fix mod_dav_svn\'s SVNUseUTF8 had no effect in some setups * Server: fix a crash in mod_http2 * JavaHL bindings: Fix crash in client code when using external diff- Fixed a vulnerability that allowed malicious SVN clients to trigger a crash in mod_dav_svn by omitting the root path from a recursive directory listing request (CVE-2018-11803 bsc#1122842) * Fri Jan 11 2019 Tomáš Chvátal - Move the bash completion to /usr as per rpmlint warning * Sat Nov 10 2018 astiegerAATTsuse.com- Apache Subversion 1.11.0: * Shelving is no longer based on patch files * Shelves created on 1.10 are not compatible * New feature: Checkpointing * New viewspec output command * Improvements to tree conflict resolutio * \'patch\' can now read non-pretty-printed svn:mergeinfo diffs * Better error when http:// URL is not a Subversion repository * Add \'schedule\' and \'depth\' items to \'svn info --show-item\' * Allow the client cert password to be saved * Various bug fixes * On-disk caching of plaintext passwords and passphrases is now disabled by default, but users can explicitly allow this behavior via runtime configuration- drop upstreamed subversion-1.10.2-java10.patch * Fri Oct 12 2018 astiegerAATTsuse.com- Apache Subversion 1.10.3: * Store the HTTPS client cert password * Fix shelving when custom diff command is configured * Fix conflict resolver crashes * Fix conflict resolver endless scan in some cases * Fix \"Accept incoming deletion\" on locally deleted file * Fix \"resolver adds unrelated moves to move target list\" * Reject bad PUT before CHECKOUT in v1 HTTP protocol * Let \'svnadmin recover\' prune the rep-cache even if disabled * Allow commands like \'svn ci --file X\' to work when X is a FIFO * \'svnadmin verify --keep-going --quiet\' shows an error summary * Fix error in german translation for \'svn help merge\' * Tue Sep 11 2018 Fridrich Strba - Added patches: * subversion-1.10.2-java10.patch + Partly upstream patch to remove javah requirement to build Subversion Java bindings. + Apply only for builds with jdk10+ that don\'t have javah tool any more * subversion-1.10.2-javadoc.patch + Avoid loading Internet URLs during the build- Allow building with all Java versions starting with 1.6 * Thu Aug 23 2018 astiegerAATTsuse.com- Apache Subversion 1.10.2: * Correctly claim to offer Gnome Keyring support with libsecret * Fix segfault using Gnome Keyring with libsecret * Fix JavaHL local refs capacity warning when unparsing externals * Prune externals after \'update --set-depth=exclude\' * Fix \"conflict resolver searches too far back ...\"- Dropped patches that are included in the upstream release: * subversion-1.10.0-fix-svn-version-gnome-keyring.patch * Wed Jul 25 2018 tchvatalAATTsuse.com- Use macro to compile python objects, do not do it by hand * Fri Apr 27 2018 antoine.belvireAATTopensuse.org- Remove useless build dependency on pkgconfig(bash-completion).- Make subversion-bash-completion requires bash-completion, not pkgconfig(bash-completion). * Sun Apr 15 2018 astiegerAATTsuse.com- Apache Subversion 1.10.0: * new conflict resolver * Many bug fixes and enhancements * lz4 compression for the repositories * https://subversion.apache.org/docs/release-notes/1.10.html- Packaging changes; * Convert dependencies to pkgconfig counterparts * Add dependency on liblz4 and utf8proc * Use %license (boo#1082318) * build with KDE5 KWallet support- Refresh patches: * subversion-1.8.0-rpath.patch * subversion-no-build-date.patch * subversion-fix-parallel-build-support-for-perl-bindings.patch * subversion-perl-underlinking.patch- dropped patches: * subversion-1.8.11-autocheck-time.patch, upstream * subversion-1.9.0-allow-httpd-2.4.6.patch, no longer required- Add subversion-1.10.0-fix-svn-version-gnome-keyring.patch to list GNOME keyring support in svn --version when using libsecret * Tue Dec 19 2017 fstrbaAATTsuse.com- BuildConflict with jdk10 or higher. The build uses extensively the javah tool which is removed in jdk10. * Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) * Wed Nov 01 2017 mpluskalAATTsuse.com- Explicitly require python2 * Mon Oct 09 2017 vcizekAATTsuse.com- Disable kwallet support on openSUSE built with openssl 1.1, because otherwise the libopenssl pulled in by libserf and libqt4 create a conflict (boo#1042629) * Fri Aug 25 2017 tchvatalAATTsuse.com- Switch the KDE condition to match sle15 too * Fri Aug 11 2017 tchvatalAATTsuse.com- Remove user changing option inherited from sysconfig from README * Was removed as it does not work on systemd, new section is there describing current approach * Thu Aug 10 2017 astiegerAATTsuse.com- Apache Subversion 1.9.7: * CVE-2017-9800: A remote attacker could have caused svn clients to execute arbitrary code via specially crafted URLs in svn:externals and svn:sync-from-url properties. (bsc#1051362) * Wed Aug 09 2017 tchvatalAATTsuse.com- Apache Subversion 1.8.19 (bsc#1051362): * A malicious, compromised server or MITM may cause svn client to execute arbitrary commands by sending repository content with svn:externals definitions pointing to crafted svn+ssh URLs. CVE-2017-9800 * Fri Jul 28 2017 astiegerAATTsuse.com- Add instructions for running svnserve as a user different from \"svn\", and remove sysconfig variables that are no longer effective with the systemd unit. bsc#1049448 * Fri Jul 07 2017 astiegerAATTsuse.com- Apache Subversion 1.9.6 (bsc#1026936): This change makes Subversion resilient to collision attacks, including SHA-1 collision attacks such as . https://subversion.apache.org/faq#shattered-sha1 * fsfs: never attempt to share directory representations * fsfs: make consistency independent of hash algorithms * cp/mv: improve error message when target is an unversioned dir * merge: reduce memory usage with large amounts of mergeinfo * \'svnadmin freeze\': document the purpose more clearly * dump: fix segfault when a revision has no revprops * fsfs: improve error message upon failure to open rep-cache * work around an APR bug related to file truncation * javahl: follow redirects when opening a connection * Fri Jul 07 2017 astiegerAATTsuse.com- Apache Subversion 1.8.18 (bsc#1026936): This change makes Subversion resilient to collision attacks, including SHA-1 collision attacks such as . https://subversion.apache.org/faq#shattered-sha1 * fsfs: never attempt to share directory representations * fsfs: make consistency independent of hash algorithms * work around an APR bug related to file truncation * Thu Jun 15 2017 nmoudraAATTsuse.com- Deleted all xinetd related entries as it is not desired anymore * its obsolete due to socket based service * socket based service is not needed at this pkg * Mon Mar 13 2017 tchvatalAATTsuse.com- Update to build with new RPM in Factory- Provide the kwallet auth in main pkg in case kde integration is disabled- Use apache2-rpm-macros to get the apache variables * Thu Dec 22 2016 stspAATTelego.de- Package the \'svnauthz\' binary. * Wed Nov 30 2016 astiegerAATTsuse.com- Apache Subversion 1.8.17: * bsc#1011552 CVE-2016-8734 Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// * Client-side bugfixes: + fix handling of newly secured subdirectories in working copy + ra_serf: fix deleting directories with many files + gpg-agent: properly handle passwords with percent characters + merge: fix crash when merging to a local add * Server-side bugfixes: + fsfs: fix possible data reconstruction error + svnlook: properly remove tempfiles on diff errors * Client-side and server-side bugfixes: + fix potential memory access bugs * Bindings bugfixes: + javahl: fix temporarily accepting SSL server certificates + swig-pl: do not corrupt \"{DATE}\" revision variable + swig-pl: fix possible stack corruption * Developer-visible changes: + fix inconsistent behavior of inherited property API + fix patch filter invocation in svn_client_patch() + fix potential build issue with invalid SVN_LOCALE_DIR * Wed Nov 30 2016 tchvatalAATTsuse.com- Version update to 1.9.5: * bsc#1011552 CVE-2016-8734 Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s)://- Client-side bugfixes: * fix accessing non-existent paths during reintegrate merge (r1766699 et al) * fix handling of newly secured subdirectories in working copy (r1724448) * info: remove trailing whitespace in --show-item=revision (issue #4660) * fix recording wrong revisions for tree conflicts (r1734106) * gpg-agent: improve discovery of gpg-agent sockets (r1766327) * gpg-agent: fix file descriptor leak (r1766323) * resolve: fix --accept=mine-full for binary files (issue #4647) * merge: fix possible crash (issue #4652) * resolve: fix possible crash (r1748514) * fix potential crash in Win32 crash reporter (r1663253 et al)- Server-side bugfixes: * fsfs: fix \"offset too large\" error during pack (issue #4657) * svnserve: enable hook script environments (r1769152) * fsfs: fix possible data reconstruction error (issue #4658) * fix source of spurious \'incoming edit\' tree conflicts (r1770108) * fsfs: improve caching for large directories (r1721285) * fsfs: fix crash when encountering all-zero checksums (r1759686) * fsfs: fix potential source of repository corruptions (r1756266) * mod_dav_svn: fix excessive memory usage with mod_headers/mod_deflate (issue #3084) * mod_dav_svn: reduce memory usage during GET requests (r1757529 et al) * fsfs: fix unexpected \"database is locked\" errors (r1741096 et al) * fsfs: fix opening old repositories without db/format files (r1720015)- Client-side and server-side bugfixes: * fix possible crash when reading invalid configuration files (r1715777)- Bindings bugfixes: * swig-pl: do not corrupt \"{DATE}\" revision variable (r1767768) * javahl: fix temporary accepting SSL server certificates (r1764851) * swig-pl: fix possible stack corruption (r1683266, r1683267)- Drop no longer needed patch: * subversion-1.8.11-swig-py-comment-3.patch * Thu Aug 04 2016 tchvatalAATTsuse.com- Add patch to build with swig3 to fix build on sle12sp2+ * subversion-swig3.patch * Wed Jun 29 2016 tchvatalAATTsuse.com- Drop syslog.target from After wrt bnc#983938 * Thu Apr 28 2016 astiegerAATTsuse.com- Apache Subversion 1.9.4, fixing two server-side vulnerabilities: * CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm (boo#976849) * CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check (boo#976850)- Client-side bugfixes: * diff: support \'--summarize --ignore-properties\' * checkout: fix performance regression on NFS * gpg-agent: properly handle passwords with percent characters * svn-graph.pl: fix assertion about a non-canonical path * hot-backup.py: better input validation * commit: abort on Ctrl-C in plaintext password prompt * diff: produce proper forward binary diffs with --git * ra_serf: fix deleting directories with many files- Server-side bugfixes: * improve documentation for AuthzSVNGroupsFile and groups-db * fsfs: reduce peak memory usage when listing large directories * fsfs: fix a rare source of incomplete dump files and reports- Client-side and server-side bugfixes: * update INSTALL documentation file * fix potential memory access bugs * fix potential out of bounds read in svn_repos_get_logs5()- Bindings bugfixes: * ignore absent nodes in javahl version of svn status -u- API changes: * properly interpret parameters in svn_wc_get_diff_editor6() * Wed Mar 02 2016 astiegerAATTsuse.com- make the subversion package conflict with KWallet and Gnome Keyring packages with do not require matching subversion versions in SLE 12 and openSUSE Leap 42.1 and thus break the main package upon partial upgrade. Fix/workaround for boo#969159 * Tue Dec 15 2015 astiegerAATTsuse.com- Apache Subversion 1.9.3 This release fixes two security issues: * Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser. CVE-2015-5259 [boo#958299] * Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel- encoded request bodies. CVE-2015-5343 [boo#958300] Other changes: * svn: fix possible crash in auth credentials cache * cleanup: avoid unneeded memory growth during pristine cleanup * diff: fix crash when repository is on server root * fix translations for commit notifications * ra_serf: fix crash in multistatus parser * svn: report lock/unlock errors as failures * svn: cleanup user deleted external registrations * svn: allow simple resolving of binary file text conflicts * svnlook: properly remove tempfiles on diff errors * ra_serf: report built- and run-time versions of libserf * ra_serf: set Content-Type header in outgoing requests * svn: fix merging deletes of svn:eol-style CRLF/CR files * ra_local: disable zero-copy code path * mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm * mod_dav_svn: fix display of process ID in cache statistics * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests * svnadmin dump: preserve no-op changes * fsfs: avoid unneeded I/O when opening transactions * javahl: fix ABI incompatibilty with 1.8 * javahl: allow non-absolute paths in SVNClient.vacuum * fix patch filter invocation in svn_client_patch() * add AATTsince information to config defines * fix running the tests in compatibility mode * clarify documentation of svn_fs_node_created_rev() * fix overflow detection in svn_stringbuf_remove and _replace * don\'t ignore some of the parameters to svn_ra_svn_create_conn3 * Wed Oct 28 2015 astiegerAATTsuse.com- Fix copy-and-paste error in Supplements for GNOME keyring integration * Wed Sep 23 2015 astiegerAATTsuse.com- Apache Subversion 1.9.2: * fix a numer of client-side crashes and bugs * checkout: remove unnecessary I/O operation * svn: show utf8proc version in svn --version --verbose * fix reporting for empty representations in svnfsfs stats- upstream keyring updated * Thu Sep 03 2015 astiegerAATTsuse.com- Apache Subversion 1.9.1: * Fix crash with GPG-agent with non-canonical $HOME * svn: expose expat and zlib versions in svn --version --verbose * svn: improve help text for \'svn info --show-item\' * svnserve: fixed minor typo in help text * Fix an error leak in FSFS verification * Fix incomplete membuffer cache initialization * svnfsfs: fix some bugs and inconsistencies in load-index * Fix memory corruption in copy source SWIG bindings- drop subversion-1.8.14-httpd-version-number-detection.patch, change is upstream- adjust subversion-1.9.0-allow-httpd-2.4.6.patch for upstream changes * Mon Aug 24 2015 tchvatalAATTsuse.com- Remove support for SLE11 from the spec file- Use supplements instead of suggests on the other side for the password store- Fix kde integration conditional to work nicely on openSUSE Leap * Mon Aug 24 2015 tchvatalAATTsuse.com- Use suggests instead of recommends to avoid 180+ new pkgs on minimal setup due subversion-password-store bnc#942819 * Tue Aug 11 2015 astiegerAATTsuse.com- Apache Subversion 1.9.0: * new FSFS format 7 with major overhaul for I/O reduction * prospective blame * FSX experimental repository back-end * many enhangements and bug fixes- subversion-devel now ships pkgconfig files- dependency changes: * serf 1.3.4 * apr, apr-utl 1.3.x * httpd 2.2.x * java 1.6 * Python 2.7- To continue to allow building against blacklisted httpd 2.4.6 which has the required patches in openSUSE:13.1:Update, update subversion-1.8.9-allow-httpd-2.4.6.patch to subversion-1.9.0-allow-httpd-2.4.6.patch- removed upstreamed patches: * subversion-1.8.10-fix-bashisms.patch * subversion-1.8.11-swig-py-comment.patch * subversion-1.8.11-swig-py-comment-2.patch- adjust subversion-no-build-date.patch- drop subversion-1.8.14-unused-var-authnrequired.patch * Thu Aug 06 2015 stspAATTelego.de- Pass --enable-broken-httpd-auth to configure. Assumes all apache2 packages contain security patches regardless of their version number. Should fix the build on SLES12 and perhaps elsewhere. * Thu Aug 06 2015 stspAATTelego.de- fix mod_authz_svn build with -Wunused-variable * subversion-1.8.14-unused-var-authnrequired.patch * Thu Aug 06 2015 stspAATTelego.de- Apache Subversion 1.8.14 This release fixes two vulnerabilities: * mod_authz_svn: do not leak information in mixed anonymous/authenticated httpd (dav) configurations (CVE-2015-3184) bnc#939514 * do not leak paths that were hidden by path-based authz (CVE-2015-3187) bnc#939517 Non-security fixes: * document svn:autoprops * fix \'svn cp ^/A/D/HAATT1 ^/A\' to properly create A * improve conflict prompts for binary files * improve performance of \'ls -v\' * improved Sqlite 3.8.9 query performance * fixed issue #4580: \'svn -v st\' on file externals reports \"?\" for user/rev * mod_dav_svn: do not ignore skel parsing errors * detect invalid svndiff data earlier * prevent possible repository corruption on power/disk failures * fixed issue #4577: Read error with some repository nodes * fixed issue #4531: server-side copy (over dav) is slow * swig-pl: fix some stack memory problems- Refreshed patch subversion-no-build-date.patch- Remove obsoleted patch subversion-1.8.13-fix-sqlite-3.8.9-tests.patch- Add patch subversion-1.8.14-httpd-version-number-detection.patch * Sat May 16 2015 astiegerAATTsuse.com- disable failing check-swig-rb * Thu Apr 09 2015 astiegerAATTsuse.com- fix tests with SQLite 3.8.9, adding subversion-1.8.13-fix-sqlite-3.8.9-tests.patch * Wed Apr 01 2015 tchvatalAATTsuse.com- Apply sec fixes for bnc#923793 bnc#923794 bnc#923795; CVE-2015-0202 CVE-2015-0248 CVE-2015-0251: * subversion-bnc923793.patch * subversion-bnc923794.patch * subversion-bnc923795.patch * Tue Mar 31 2015 astiegerAATTsuse.com- Apache Subversion 1.8.13 This release fixes three vulerabilities: * Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793 CVE-2015-0202) * Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794 CVE-2015-0248) * Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795 CVE-2015-0251)- Non-security updates: * fixes number of client and server side non-security bugs * improved working copy performanc * reduction of resource use * stability improvements * usability improvements- 1.8.12 was not released * Fri Mar 20 2015 astiegerAATTsuse.com- Improve installation of secure password storage plugins for KWallet and GNOME Keyring- Recommend installation of bash completion * Tue Mar 10 2015 astiegerAATTsuse.com- Fix running all regression tests with davautocheck.sh and svnserveautocheck.sh when time is a shell built-in but not a command: add subversion-1.8.11-autocheck-time.patch * Wed Mar 04 2015 astiegerAATTsuse.com- fix sample configuration comments in subversion.conf [boo#916286] * Mon Mar 02 2015 astiegerAATTsuse.com- SLE 11 SP3 build with all regression tests- run swig-py tests where they pass * Fri Feb 20 2015 astiegerAATTsuse.com- fix build with swig 3.0.3 and later: * upstream subversion-1.8.11-swig-py-comment.patch * upstream subversion-1.8.11-swig-py-comment-2.patch * partial subversion-1.8.11-swig-py-comment-3.patch There remains a regression in swig 3.0.3 and later which causes check-swig-py to fail - disable these checks. * Thu Jan 08 2015 bwiedemannAATTsuse.com- fix sysconfig file generation (bnc#911620) * Fri Jan 02 2015 tchvatalAATTsuse.com- Sec update bnc#909935 CVE-2014-3580, CVE-2014-8108 * subversion-CVE-2014-3580.patch * subversion-CVE-2014-8108.patch * Thu Dec 18 2014 andreas.stiegerAATTgmx.de- Apache Subversion 1.8.11- This release addresses two security issues: [boo#909935] * CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. * CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names.- Client-side bugfixes: * checkout/update: fix file externals failing to follow history and subsequently silently failing * patch: don\'t skip targets in valid --git difs * diff: make property output in diffs stable * diff: fix diff of local copied directory with props * diff: fix changelist filter for repos-WC and WC-WC * remove broken conflict resolver menu options that always error out * improve gpg-agent support * fix crash in eclipse IDE with GNOME Keyring * fix externals shadowing a versioned directory * fix problems working on unix file systems that don\'t support permissions * upgrade: keep external registrations * cleanup: iprove performance of recorded timestamp fixups * translation updates for German- Server-side bugfixes: * disable revprop caching feature due to cache invalidation problems * skip generating uniquifiers if rep-sharing is not supported * mod_dav_svn: reject requests with missing repository paths * mod_dav_svn: reject requests with invalid virtual transaction names * mod_dav_svn: avoid unneeded memory growth in resource walking * Thu Nov 20 2014 Led - fix bashisms in mailer-init.sh script- add patches: * subversion-1.8.10-fix-bashisms.patch * Sat Nov 01 2014 andreas.stiegerAATTgmx.de- Add a versioned runtime requirement for sqlite and pass it to configure via --enable-sqlite-compatibility-version to allow running with sqlite older than at build time but compatible.- make build with KDE / WKallet optional to fix build with SLE 12
|
|
|