Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

subversion-1.14.1-3.1 RPM for armv7hl

From OpenSuSE Ports Leap 15.5 for armv7hl

Name: subversion Distribution: openSUSE Step 15
Version: 1.14.1 Vendor: openSUSE
Release: 3.1 Build date: Mon Apr 25 00:12:14 2022
Group: Unspecified Build host: obs-arm-6
Size: 9466482 Source RPM: subversion-1.14.1-3.1.src.rpm
Summary: Subversion version control system
Subversion exists to be universally recognized and adopted as an open-source,
centralized version control system characterized by its reliability as a safe
haven for valuable data; the simplicity of its model and usage; and its ability
to support the needs of a wide variety of users and projects, from individuals
to large-scale enterprise operations.






* Tue Apr 05 2022
  - Fix CVE-2022-24070 mod_dav_svn is vulnerable to memory corruption
    (CVE-2022-24070, bsc#1197940)
    * subversion-CVE-2022-24070.patch
  - Fix CVE-2021-28544 SVN authz protected copyfrom paths regression
    (CVE-2021-28544, bsc#1197939)
    * subversion-CVE-2021-28544.patch
* Thu Mar 03 2022
  - Fix testCrash_RequestChannel_nativeRead_AfterException test on
    aarch64 and ppc64le, bsc#1195486 bsc#1193778
    * fix-javahl-test.patch
* Fri Nov 12 2021
  - The following issues have already been fixed in this package
    but weren't previously mentioned in the changes file:
    * bsc#1185052
* Wed Oct 20 2021
  - Change to using systemd-sysusers
* Thu Oct 14 2021
  - always build with kwallet support, no longer make a
    distrinction between openSUSE and SLE (boo#1191282)
* Wed Feb 10 2021
  - Update to 1.14.1
    * Fix non-deterministic generation of mergeinfo
    * Fix invalid SQL quoting in working copy upgrade system
    * Convert filename for editor from UTF-8 to the locale's encoding
    * Make the script work with Python 3
    * Fix an uninitialized read in FSFS
    * Fix a potential NULL dereference in the config file parser (bsc#1181687, CVE-2020-17525)
  - Rebase subversion-no-build-date.patch
* Tue Dec 01 2020
  - use system apache rpm macros
* Mon Oct 19 2020
  - Enable kde integration from 15-SP3 and newer releases jsc#SLE-11654
* Sat Sep 26 2020
  - update the path of the PIDFile in the svnserve.service file:
    change /var/run/svnserve/ to /run/svnserve/
* Fri Sep 25 2020
  - update the tmpfiles.d/ drop-in file as requested by the
    rpm output
    /usr/lib/tmpfiles.d/svnserve.conf:1: Line references path below
    legacy directory /var/run/, updating /var/run/svnserve → /run/svnserve;
* Wed Sep 23 2020
  - speed up testsuite run by using /dev/shm
  - disable output aggregation that spec-cleaner introduces in checks
* Wed Sep 09 2020
  - Fix jira reference to SLE-11901
* Fri Sep 04 2020
  - Add patch to remove dependency on kdelibs4support just to run
    kf5-config to find out that headers are in /usr/include and
    libraries are in /usr/lib(64) (jsc#SLE-11901):
    * remove-kdelibs4support-dependency.patch
* Mon Jul 27 2020
  - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
* Thu Jun 11 2020
  - Update to 1.14.0:
    * Support for Python 3.x
    * Support for Python 2.7 is being phased out
    * New Build-Time Dependency: py3c
    * Many enhancements and bug fixes
  - Drop patches:
    * subversion-1.12.0-swig-4.patch
    * ruby27-warnings.patch
    * ruby-includes.patch
  - Refresh patch subversion-no-build-date.patch
* Tue May 05 2020
  - Add disable-fs-fs-pack-test.patch in order
    to fix boo#1170834.
* Wed Apr 15 2020
  - Try to get building with ruby 2.7 bsc#1169446
  - Add patches:
    * ruby27-warnings.patch
    * ruby-includes.patch
* Tue Mar 31 2020
  - Fix boo#1167467 by gcc10-do-not-optimize-get_externals_to_pin.patch.
* Wed Jan 08 2020
  - Disable dependency on ctypesgen which is borked with new pythons
* Sun Nov 10 2019
  - Apache Subversion 1.13.0:
    * New 'svnadmin rev-size' command to report revision size
    * Performance improvement for 'svn st' etc., in WC SQLite DB
    * Fix 'svn patch' setting mode 0600 on patched files with props
    * Fix "svn diff --changelist ARG" broken in subdirectories
    * Fix misleading 'redirect cycle' error on a non-repository URL
    * svnserve: Report some errors that were previously ignored
    * Make server code more resilient to malformed paths and URLs
    * Make dump stream parser more resilient to malformed dump stream
    * mod_dav_svn: Fix missing Last-Modified header on 'external' GET requests
    * Fix excessive memory usage in some cases reading binary data
* Thu Sep 26 2019
  - Enable build and check with swig-3:
    * Only enable subversion-1.12.0-swig-4.patch for Tumbleweed
    * 'make check-swig-py' doesn't pass with swig-4
  - Enable 'make check-swig-rb' everywhere again
* Fri Jul 26 2019
  - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
    firewalld, see [1].
* Thu Jul 25 2019
  - Add patches to fix bsc#1142743 and bsc#1142721 CVE-2019-0203
    * CVE-2018-11782.patch
    * CVE-2019-0203.patch
* Thu Jul 25 2019
  - Update to 1.12.2:
    * Fix conflict resolver bug: local and incoming edits swapped. (r1863285)
    * Fix memory lifetime problem in a libsvn_wc error code path. (r1863287)
    * CVE-2018-11782 bsc#1142743
    * CVE-2019-0203 bsc#1142721
* Sun Jul 21 2019
  - Add subversion-1.12.0-swig-4.patch: Fix build with Swig 4
* Sat May 18 2019
  - Apache Subversion 1.12.0:
    * 'move vs. move' merge conflicts can now be resolve
    * 'svn --version --verbose' shows loaded libraries on Linux
    * 'svnrdump' can read/write a file instead of stdin/stdout
    * 'svn list' tries to not truncate the author's name
    * 'svn list' can show sizes in base-2 unit suffixes
    * 'svn info' shows the size of files in the repository
    * 'svn cleanup' can remove read-only directories
    * Repos-to-WC copy with --parents works with absent target
    * Repos-to-WC copy from foreign repo with peg/operative revs
    * Ignore empty group definitions in authz files
    * svnauthz: warn about empty groups in authz files
    * Storing passwords in plain text on disk is disabled by default
* Fri Apr 26 2019
  - bsc#1130588: Require shadow instead of old pwdutils
* Mon Mar 25 2019
  - Install pkgconfig into libdir instead of datadir with
* Fri Jan 18 2019
  - Apache Subversion 1.11.1:
    * Add conflict resolver support for added vs unversioned file
    * Add conflict resolver support for unversioned directories
    * Various client-side bug fixes for working copy operations
    * Server: fix unexpected SVN_ERR_FS_NOT_DIRECTORY errors
    * Server: fix mod_dav_svn's SVNUseUTF8 had no effect in some setups
    * Server: fix a crash in mod_http2
    * JavaHL bindings: Fix crash in client code when using external
  - Fixed a vulnerability that allowed malicious SVN clients to trigger a crash
    in mod_dav_svn by omitting the root path from a recursive directory listing
    request (CVE-2018-11803 bsc#1122842)
* Fri Jan 11 2019
  - Move the bash completion to /usr as per rpmlint warning
* Sat Nov 10 2018
  - Apache Subversion 1.11.0:
    * Shelving is no longer based on patch files
    * Shelves created on 1.10 are not compatible
    * New feature: Checkpointing
    * New viewspec output command
    * Improvements to tree conflict resolutio
    * 'patch' can now read non-pretty-printed svn:mergeinfo diffs
    * Better error when http:// URL is not a Subversion repository
    * Add 'schedule' and 'depth' items to 'svn info --show-item'
    * Allow the client cert password to be saved
    * Various bug fixes
    * On-disk caching of plaintext passwords and passphrases is now
      disabled by default, but users can explicitly allow this
      behavior via runtime configuration
  - drop upstreamed subversion-1.10.2-java10.patch
* Fri Oct 12 2018
  - Apache Subversion 1.10.3:
    * Store the HTTPS client cert password
    * Fix shelving when custom diff command is configured
    * Fix conflict resolver crashes
    * Fix conflict resolver endless scan in some cases
    * Fix "Accept incoming deletion" on locally deleted file
    * Fix "resolver adds unrelated moves to move target list"
    * Reject bad PUT before CHECKOUT in v1 HTTP protocol
    * Let 'svnadmin recover' prune the rep-cache even if disabled
    * Allow commands like 'svn ci --file X' to work when X is a FIFO
    * 'svnadmin verify --keep-going --quiet' shows an error summary
    * Fix error in german translation for 'svn help merge'
* Tue Sep 11 2018
  - Added patches:
    * subversion-1.10.2-java10.patch
      + Partly upstream patch to remove javah requirement to build
      Subversion Java bindings.
      + Apply only for builds with jdk10+ that don't have javah tool
      any more
    * subversion-1.10.2-javadoc.patch
      + Avoid loading Internet URLs during the build
  - Allow building with all Java versions starting with 1.6
* Thu Aug 23 2018
  - Apache Subversion 1.10.2:
    * Correctly claim to offer Gnome Keyring support with libsecret
    * Fix segfault using Gnome Keyring with libsecret
    * Fix JavaHL local refs capacity warning when unparsing externals
    * Prune externals after 'update --set-depth=exclude'
    * Fix "conflict resolver searches too far back ..."
  - Dropped patches that are included in the upstream release:
    * subversion-1.10.0-fix-svn-version-gnome-keyring.patch
* Wed Jul 25 2018
  - Use macro to compile python objects, do not do it by hand
* Fri Apr 27 2018
  - Remove useless build dependency on pkgconfig(bash-completion).
  - Make subversion-bash-completion requires bash-completion, not
* Sun Apr 15 2018
  - Apache Subversion 1.10.0:
    * new conflict resolver
    * Many bug fixes and enhancements
    * lz4 compression for the repositories
  - Packaging changes;
    * Convert dependencies to pkgconfig counterparts
    * Add dependency on liblz4 and utf8proc
    * Use %license (boo#1082318)
    * build with KDE5 KWallet support
  - Refresh patches:
    * subversion-1.8.0-rpath.patch
    * subversion-no-build-date.patch
    * subversion-fix-parallel-build-support-for-perl-bindings.patch
    * subversion-perl-underlinking.patch
  - dropped patches:
    * subversion-1.8.11-autocheck-time.patch, upstream
    * subversion-1.9.0-allow-httpd-2.4.6.patch, no longer required
  - Add subversion-1.10.0-fix-svn-version-gnome-keyring.patch to list
    GNOME keyring support in svn --version when using libsecret
* Tue Dec 19 2017
  - BuildConflict with jdk10 or higher. The build uses extensively
    the javah tool which is removed in jdk10.
* Thu Nov 23 2017
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Wed Nov 01 2017
  - Explicitly require python2
* Mon Oct 09 2017
  - Disable kwallet support on openSUSE built with openssl 1.1, because
    otherwise the libopenssl pulled in by libserf and libqt4 create
    a conflict (boo#1042629)
* Fri Aug 25 2017
  - Switch the KDE condition to match sle15 too
* Fri Aug 11 2017
  - Remove user changing option inherited from sysconfig from README
    * Was removed as it does not work on systemd, new section is there
      describing current approach
* Thu Aug 10 2017
  - Apache Subversion 1.9.7:
    * CVE-2017-9800: A remote attacker could have caused svn clients
      to execute arbitrary code via specially crafted URLs in
      svn:externals and svn:sync-from-url properties. (bsc#1051362)
* Wed Aug 09 2017
  - Apache Subversion 1.8.19 (bsc#1051362):
    * A malicious, compromised server or MITM may cause svn client to
      execute arbitrary commands by sending repository content with
      svn:externals definitions pointing to crafted svn+ssh URLs.
* Fri Jul 28 2017
  - Add instructions for running svnserve as a user different from
    "svn", and remove sysconfig variables that are no longer
    effective with the systemd unit. bsc#1049448
* Fri Jul 07 2017
  - Apache Subversion 1.9.6 (bsc#1026936):
    This change makes Subversion resilient to collision attacks,
    including SHA-1 collision attacks such as <>.
    * fsfs: never attempt to share directory representations
    * fsfs: make consistency independent of hash algorithms
    * cp/mv: improve error message when target is an unversioned dir
    * merge: reduce memory usage with large amounts of mergeinfo
    * 'svnadmin freeze': document the purpose more clearly
    * dump: fix segfault when a revision has no revprops
    * fsfs: improve error message upon failure to open rep-cache
    * work around an APR bug related to file truncation
    * javahl: follow redirects when opening a connection
* Fri Jul 07 2017
  - Apache Subversion 1.8.18 (bsc#1026936):
    This change makes Subversion resilient to collision attacks,
    including SHA-1 collision attacks such as <>.
    * fsfs: never attempt to share directory representations
    * fsfs: make consistency independent of hash algorithms
    * work around an APR bug related to file truncation
* Thu Jun 15 2017
  - Deleted all xinetd related entries as it is not desired anymore
    * its obsolete due to socket based service
    * socket based service is not needed at this pkg
* Mon Mar 13 2017
  - Update to build with new RPM in Factory
  - Provide the kwallet auth in main pkg in case kde integration is
  - Use apache2-rpm-macros to get the apache variables
* Thu Dec 22 2016
  - Package the 'svnauthz' binary.
* Wed Nov 30 2016
  - Apache Subversion 1.8.17:
    * bsc#1011552 CVE-2016-8734 Unrestricted XML entity expansion in
      mod_dontdothat and Subversion clients using http(s)://
    * Client-side bugfixes:
      + fix handling of newly secured subdirectories in working copy
      + ra_serf: fix deleting directories with many files
      + gpg-agent: properly handle passwords with percent characters
      + merge: fix crash when merging to a local add
    * Server-side bugfixes:
      + fsfs: fix possible data reconstruction error
      + svnlook: properly remove tempfiles on diff errors
    * Client-side and server-side bugfixes:
      + fix potential memory access bugs
    * Bindings bugfixes:
      + javahl: fix temporarily accepting SSL server certificates
      + swig-pl: do not corrupt "{DATE}" revision variable
      + swig-pl: fix possible stack corruption
    * Developer-visible changes:
      + fix inconsistent behavior of inherited property API
      + fix patch filter invocation in svn_client_patch()
      + fix potential build issue with invalid SVN_LOCALE_DIR
* Wed Nov 30 2016
  - Version update to 1.9.5:
    * bsc#1011552 CVE-2016-8734 Unrestricted XML entity expansion in
      mod_dontdothat and Subversion clients using http(s)://
  - Client-side bugfixes:
    * fix accessing non-existent paths during reintegrate merge (r1766699 et al)
    * fix handling of newly secured subdirectories in working copy (r1724448)
    * info: remove trailing whitespace in --show-item=revision (issue #4660)
    * fix recording wrong revisions for tree conflicts (r1734106)
    * gpg-agent: improve discovery of gpg-agent sockets (r1766327)
    * gpg-agent: fix file descriptor leak (r1766323)
    * resolve: fix --accept=mine-full for binary files (issue #4647)
    * merge: fix possible crash (issue #4652)
    * resolve: fix possible crash (r1748514)
    * fix potential crash in Win32 crash reporter (r1663253 et al)
  - Server-side bugfixes:
    * fsfs: fix "offset too large" error during pack (issue #4657)
    * svnserve: enable hook script environments (r1769152)
    * fsfs: fix possible data reconstruction error (issue #4658)
    * fix source of spurious 'incoming edit' tree conflicts (r1770108)
    * fsfs: improve caching for large directories (r1721285)
    * fsfs: fix crash when encountering all-zero checksums (r1759686)
    * fsfs: fix potential source of repository corruptions (r1756266)
    * mod_dav_svn: fix excessive memory usage with mod_headers/mod_deflate
      (issue #3084)
    * mod_dav_svn: reduce memory usage during GET requests (r1757529 et al)
    * fsfs: fix unexpected "database is locked" errors (r1741096 et al)
    * fsfs: fix opening old repositories without db/format files (r1720015)
  - Client-side and server-side bugfixes:
    * fix possible crash when reading invalid configuration files (r1715777)
  - Bindings bugfixes:
    * swig-pl: do not corrupt "{DATE}" revision variable (r1767768)
    * javahl: fix temporary accepting SSL server certificates (r1764851)
    * swig-pl: fix possible stack corruption (r1683266, r1683267)
  - Drop no longer needed patch:
    * subversion-1.8.11-swig-py-comment-3.patch
* Thu Aug 04 2016
  - Add patch to build with swig3 to fix build on sle12sp2+
    * subversion-swig3.patch
* Wed Jun 29 2016
  - Drop from After wrt bnc#983938
* Thu Apr 28 2016
  - Apache Subversion 1.9.4, fixing two server-side vulnerabilities:
    * CVE-2016-2167: svnserve/sasl may authenticate users using the
      wrong realm (boo#976849)
    * CVE-2016-2168: Remotely triggerable DoS vulnerability in
      mod_authz_svn during COPY/MOVE authorization check (boo#976850)
  - Client-side bugfixes:
    * diff: support '--summarize --ignore-properties'
    * checkout: fix performance regression on NFS
    * gpg-agent: properly handle passwords with percent characters
    * fix assertion about a non-canonical path
    * better input validation
    * commit: abort on Ctrl-C in plaintext password prompt
    * diff: produce proper forward binary diffs with --git
    * ra_serf: fix deleting directories with many files
  - Server-side bugfixes:
    * improve documentation for AuthzSVNGroupsFile and groups-db
    * fsfs: reduce peak memory usage when listing large directories
    * fsfs: fix a rare source of incomplete dump files and reports
  - Client-side and server-side bugfixes:
    * update INSTALL documentation file
    * fix potential memory access bugs
    * fix potential out of bounds read in svn_repos_get_logs5()
  - Bindings bugfixes:
    * ignore absent nodes in javahl version of svn status -u
  - API changes:
    * properly interpret parameters in svn_wc_get_diff_editor6()
* Wed Mar 02 2016
  - make the subversion package conflict with KWallet and Gnome
    Keyring packages with do not require matching subversion versions
    in SLE 12 and openSUSE Leap 42.1 and thus break the main package
    upon partial upgrade. Fix/workaround for boo#969159
* Tue Dec 15 2015
  - Apache Subversion 1.9.3
    This release fixes two security issues:
    * Remotely triggerable heap overflow and out-of-bounds read
      caused by integer overflow in the svn:// protocol parser.
      CVE-2015-5259 [boo#958299]
    * Remotely triggerable heap overflow and out-of-bounds read in
      mod_dav_svn caused by integer overflow when parsing skel-
      encoded request bodies.
      CVE-2015-5343 [boo#958300]
    Other changes:
    * svn: fix possible crash in auth credentials cache
    * cleanup: avoid unneeded memory growth during pristine cleanup
    * diff: fix crash when repository is on server root
    * fix translations for commit notifications
    * ra_serf: fix crash in multistatus parser
    * svn: report lock/unlock errors as failures
    * svn: cleanup user deleted external registrations
    * svn: allow simple resolving of binary file text conflicts
    * svnlook: properly remove tempfiles on diff errors
    * ra_serf: report built- and run-time versions of libserf
    * ra_serf: set Content-Type header in outgoing requests
    * svn: fix merging deletes of svn:eol-style CRLF/CR files
    * ra_local: disable zero-copy code path
    * mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm
    * mod_dav_svn: fix display of process ID in cache statistics
    * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests
    * svnadmin dump: preserve no-op changes
    * fsfs: avoid unneeded I/O when opening transactions
    * javahl: fix ABI incompatibilty with 1.8
    * javahl: allow non-absolute paths in SVNClient.vacuum
    * fix patch filter invocation in svn_client_patch()
    * add @since information to config defines
    * fix running the tests in compatibility mode
    * clarify documentation of svn_fs_node_created_rev()
    * fix overflow detection in svn_stringbuf_remove and _replace
    * don't ignore some of the parameters to svn_ra_svn_create_conn3
* Wed Oct 28 2015
  - Fix copy-and-paste error in Supplements for GNOME keyring
* Wed Sep 23 2015
  - Apache Subversion 1.9.2:
    * fix a numer of client-side crashes and bugs
    * checkout: remove unnecessary I/O operation
    * svn: show utf8proc version in svn --version --verbose
    * fix reporting for empty representations in svnfsfs stats
  - upstream keyring updated
* Thu Sep 03 2015
  - Apache Subversion 1.9.1:
    * Fix crash with GPG-agent with non-canonical $HOME
    * svn: expose expat and zlib versions in svn --version --verbose
    * svn: improve help text for 'svn info --show-item'
    * svnserve: fixed minor typo in help text
    * Fix an error leak in FSFS verification
    * Fix incomplete membuffer cache initialization
    * svnfsfs: fix some bugs and inconsistencies in load-index
    * Fix memory corruption in copy source SWIG bindings
  - drop subversion-1.8.14-httpd-version-number-detection.patch,
    change is upstream
  - adjust subversion-1.9.0-allow-httpd-2.4.6.patch for upstream
* Mon Aug 24 2015
  - Remove support for SLE11 from the spec file
  - Use supplements instead of suggests on the other side for the
    password store
  - Fix kde integration conditional to work nicely on openSUSE Leap
* Mon Aug 24 2015
  - Use suggests instead of recommends to avoid 180+ new pkgs on
    minimal setup due subversion-password-store bnc#942819
* Tue Aug 11 2015
  - Apache Subversion 1.9.0:
    * new FSFS format 7 with major overhaul for I/O reduction
    * prospective blame
    * FSX experimental repository back-end
    * many enhangements and bug fixes
  - subversion-devel now ships pkgconfig files
  - dependency changes:
    * serf 1.3.4
    * apr, apr-utl 1.3.x
    * httpd 2.2.x
    * java 1.6
    * Python 2.7
  - To continue to allow building against blacklisted httpd 2.4.6
    which has the required patches in openSUSE:13.1:Update, update
    subversion-1.8.9-allow-httpd-2.4.6.patch to
  - removed upstreamed patches:
    * subversion-1.8.10-fix-bashisms.patch
    * subversion-1.8.11-swig-py-comment.patch
    * subversion-1.8.11-swig-py-comment-2.patch
  - adjust subversion-no-build-date.patch
  - drop subversion-1.8.14-unused-var-authnrequired.patch
* Thu Aug 06 2015
  - Pass --enable-broken-httpd-auth to configure. Assumes all apache2
    packages contain security patches regardless of their version number.
    Should fix the build on SLES12 and perhaps elsewhere.
* Thu Aug 06 2015
  - fix mod_authz_svn build with -Wunused-variable
    * subversion-1.8.14-unused-var-authnrequired.patch
* Thu Aug 06 2015
  - Apache Subversion 1.8.14
    This release fixes two vulnerabilities:
    * mod_authz_svn: do not leak information in mixed anonymous/authenticated
      httpd (dav) configurations (CVE-2015-3184) bnc#939514
    * do not leak paths that were hidden by path-based authz (CVE-2015-3187)
    Non-security fixes:
    * document svn:autoprops
    * fix 'svn cp ^/A/D/H@1 ^/A' to properly create A
    * improve conflict prompts for binary files
    * improve performance of 'ls -v'
    * improved Sqlite 3.8.9 query performance
    * fixed issue #4580: 'svn -v st' on file externals reports "?" for user/rev
    * mod_dav_svn: do not ignore skel parsing errors
    * detect invalid svndiff data earlier
    * prevent possible repository corruption on power/disk failures
    * fixed issue #4577: Read error with some repository nodes
    * fixed issue #4531: server-side copy (over dav) is slow
    * swig-pl: fix some stack memory problems
  - Refreshed patch subversion-no-build-date.patch
  - Remove obsoleted patch subversion-1.8.13-fix-sqlite-3.8.9-tests.patch
  - Add patch subversion-1.8.14-httpd-version-number-detection.patch
* Sat May 16 2015
  - disable failing check-swig-rb
* Thu Apr 09 2015
  - fix tests with SQLite 3.8.9, adding
* Wed Apr 01 2015
  - Apply sec fixes for bnc#923793 bnc#923794 bnc#923795;
    CVE-2015-0202 CVE-2015-0248 CVE-2015-0251:
    * subversion-bnc923793.patch
    * subversion-bnc923794.patch
    * subversion-bnc923795.patch
* Tue Mar 31 2015
  - Apache Subversion 1.8.13
    This release fixes three vulerabilities:
    * Subversion HTTP servers with FSFS repositories were vulnerable
      to a remotely triggerable excessive memory use with certain
      REPORT requests.
      (bsc#923793 CVE-2015-0202)
    * Subversion mod_dav_svn and svnserve were vulnerable to a
      remotely triggerable assertion DoS vulnerability for certain
      requests with dynamically evaluated revision numbers.
      (bsc#923794 CVE-2015-0248)
    * Subversion HTTP servers allow spoofing svn:author property
      values for new revisions
      (bsc#923795 CVE-2015-0251)
  - Non-security updates:
    * fixes number of client and server side non-security bugs
    * improved working copy performanc
    * reduction of resource use
    * stability improvements
    * usability improvements
  - 1.8.12 was not released
* Fri Mar 20 2015
  - Improve installation of secure password storage plugins for
    KWallet and GNOME Keyring
  - Recommend installation of bash completion
* Tue Mar 10 2015
  - Fix running all regression tests with and when time is a shell built-in but not
    a command: add subversion-1.8.11-autocheck-time.patch
* Wed Mar 04 2015
  - fix sample configuration comments in subversion.conf [boo#916286]
* Mon Mar 02 2015
  - SLE 11 SP3 build with all regression tests
  - run swig-py tests where they pass
* Fri Feb 20 2015
  - fix build with swig 3.0.3 and later:
    * upstream subversion-1.8.11-swig-py-comment.patch
    * upstream subversion-1.8.11-swig-py-comment-2.patch
    * partial subversion-1.8.11-swig-py-comment-3.patch
    There remains a regression in swig 3.0.3 and later which causes
    check-swig-py to fail - disable these checks.
* Thu Jan 08 2015
  - fix sysconfig file generation (bnc#911620)
* Fri Jan 02 2015
  - Sec update bnc#909935 CVE-2014-3580, CVE-2014-8108
    * subversion-CVE-2014-3580.patch
    * subversion-CVE-2014-8108.patch
* Thu Dec 18 2014
  - Apache Subversion 1.8.11
  - This release addresses two security issues: [boo#909935]
    * CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests.
    * CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction
  - Client-side bugfixes:
    * checkout/update: fix file externals failing to follow history
      and subsequently silently failing
    * patch: don't skip targets in valid --git difs
    * diff: make property output in diffs stable
    * diff: fix diff of local copied directory with props
    * diff: fix changelist filter for repos-WC and WC-WC
    * remove broken conflict resolver menu options that always error
    * improve gpg-agent support
    * fix crash in eclipse IDE with GNOME Keyring
    * fix externals shadowing a versioned directory
    * fix problems working on unix file systems that don't support
    * upgrade: keep external registrations
    * cleanup: iprove performance of recorded timestamp fixups
    * translation updates for German
  - Server-side bugfixes:
    * disable revprop caching feature due to cache invalidation
    * skip generating uniquifiers if rep-sharing is not supported
    * mod_dav_svn: reject requests with missing repository paths
    * mod_dav_svn: reject requests with invalid virtual transaction
    * mod_dav_svn: avoid unneeded memory growth in resource walking
* Thu Nov 20 2014
  - fix bashisms in script
  - add patches:
    * subversion-1.8.10-fix-bashisms.patch
* Sat Nov 01 2014
  - Add a versioned runtime requirement for sqlite and pass it to
    configure via --enable-sqlite-compatibility-version to allow
    running with sqlite older than at build time but compatible.
  - make build with KDE / WKallet optional to fix build with SLE 12



Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jun 9 18:36:32 2024