Next | Query returned 189 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2017-08-13 00:04:32 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Subversion 1.9.7:

This is a stable security release of the Apache Subversion open source
version control system.  It fixes one security issue:

    CVE-2017-9800:
    Arbitrary code execution on clients through malicious svn+ssh URLs in
    svn:externals and svn:sync-from-url
    http://subversion.apache.org/security/C … visory.txt
   2017-07-07 06:51:47 by Adam Ciarcinski | Files touched by this commit (9)
Log message:
Version 1.9.6

User-visible changes:
 - Client-side bugfixes:
   * cp/mv: improve error message when target is an unversioned dir
   * merge: reduce memory usage with large amounts of mergeinfo

 - Server-side bugfixes:
   * 'svnadmin freeze': document the purpose more clearly
   * dump: fix segfault when a revision has no revprops
   * fsfs: improve error message upon failure to open rep-cache
   * fsfs: never attempt to share directory representations
   * fsfs: make consistency independent of hash algorithms
	This change makes Subversion resilient to collision attacks, including
	SHA-1 collision attacks such as <http://shattered.io/>.  See also our
	documentation at <https://subversion.apache.org/faq#shattered-sha1> and
	<https://subversion.apache.org/docs/release-notes/1.9#shattered-sha1>.

 - Client-side and server-side bugfixes:
   * work around an APR bug related to file truncation

 - Bindings bugfixes:
   * javahl: follow redirects when opening a connection

Developer-visible changes:
 - General:
   * win_tests.py: make the --bin option work, rather than abort
     (regression introduced in 1.9.2)
   * windows: support building with 'zlibstat.lib' in install-layout

 - API changes:
   (none)
   2016-11-29 21:12:41 by Benny Siegert | Files touched by this commit (6) | Package updated
Log message:
Update Subversion to 1.9.5.

This release fixes one security issue:

   CVE-2016-8734:
   Unrestricted XML entity expansion in mod_dontdothat and Subversion
   clients using http(s)://
   http://subversion.apache.org/security/C … visory.txt
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
   2016-05-01 02:48:33 by Ryo ONODERA | Files touched by this commit (8) | Package updated
Log message:
Update Subversion to 1.9.4

Changelog:
Version 1.9.4
(28 Apr 2016, from /branches/1.9.x)
http://svn.apache.org/repos/asf/subversion/tags/1.9.4

 User-visible changes:
  - Client-side bugfixes:
    * diff: support '--summarize --ignore-properties' (part of issue #4567)
    * checkout: fix performance regression on NFS (r1710167)
    * gpg-agent: properly handle passwords with percent characters (issue #4611)
    * svn-graph.pl: fix assertion about a non-canonical path (r1729060 et al)
    * hot-backup.py: better input validation (r1721174, r1721175)
    * commit: abort on Ctrl-C in plaintext password prompt (issue #4624)
    * diff: produce proper forward binary diffs with --git (r1704292, r1704573)
    * ra_serf: fix deleting directories with many files (issue #4557)

  - Server-side bugfixes:
    * improve documentation for AuthzSVNGroupsFile and groups-db (r1730856)
    * fsfs: reduce peak memory usage when listing large directories (r1725180)
    * fsfs: fix a rare source of incomplete dump files and reports (r1717876)

  - Client-side and server-side bugfixes:
    * update INSTALL documentation file (r1703470 et al)
    * fix potential memory access bugs (r1722860 et al)
    * fix potential out of bounds read in svn_repos_get_logs5() (r1738259)

  - Bindings bugfixes:
    * ignore absent nodes in javahl version of svn status -u (r1720643)

 Developer-visible changes:
  - General:
    * fix ruby test suite to work with test-unit gem (r1714790)
    * allow building against KDE4 without conflict with KDE5 (r1734926)
    * fix update_tests.py#76 with SVNPathAuthz short_circuit (r1736432)
    * build system tweaks:
    * tweak how symbolic error names in maintainer mode (r1735179)
    * fix inconsistent behavior of inherited property API (r1717874 et al)

  - API changes:
    * properly interpret parameters in svn_wc_get_diff_editor6() (r1728308)
   2016-02-15 08:36:14 by Thomas Klausner | Files touched by this commit (2)
Log message:
Remove empty patch-configure.

From David Shao in PR 50807.
   2015-12-18 18:49:06 by Adam Ciarcinski | Files touched by this commit (9)
Log message:
Changes 1.9.3:

This release fixes two security issues:

    CVE-2015-5259:
    Remotely triggerable heap overflow and out-of-bounds read caused by
    integer overflow in the svn:// protocol parser.
    http://subversion.apache.org/security/C … visory.txt

    CVE-2015-5343:
    Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn
    caused by integer overflow when parsing skel-encoded request bodies.
    http://subversion.apache.org/security/C … visory.txt
   2015-11-03 04:29:40 by Alistair G. Crooks | Files touched by this commit (1995)
Log message:
Add SHA512 digests for distfiles for devel category

Issues found with existing distfiles:
	distfiles/eclipse-sourceBuild-srcIncluded-3.0.1.zip
	distfiles/fortran-utils-1.1.tar.gz
	distfiles/ivykis-0.39.tar.gz
	distfiles/enum-1.11.tar.gz
	distfiles/pvs-3.2-libraries.tgz
	distfiles/pvs-3.2-linux.tgz
	distfiles/pvs-3.2-solaris.tgz
	distfiles/pvs-3.2-system.tgz
No changes made to these distinfo files.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-10-07 07:48:10 by Richard PALO | Files touched by this commit (4)
Log message:
rework p5-subversion workaround to deal with netbsd issue found by wiz@
instead of creating LDFLAGS for SWIG_PL, just reuse SWIG_PL_INCLUDES
which contains already any -fstack-protector* flag necessary to link.
   2015-09-29 13:52:48 by Richard PALO | Files touched by this commit (5)
Log message:
Shelling perl in the Makefile can be problematic since pbulk-index may
invoke the Makefile prior to having the perl dependency installed.

Instead, gather ldopts during configure and pass them to libsvn_swig_perl
in order to build with the necessary ldflags.

Next | Query returned 189 messages, browsing 1 to 10 | Previous