Next | Query returned 215 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2024-02-10 15:42:40 by Takahiro Kambe | Files touched by this commit (21)
Log message:
Bump revision by changing default version of Ruby.
   2023-12-29 12:30:53 by Adam Ciarcinski | Files touched by this commit (11) | Package updated
Log message:
subversion: updated to 1.14.3

Version 1.14.3

User-visible changes:
 - Client-side bugfixes:
   * Fix svn:mergeinfo diff parser bug when parsing forward merges
   * Fix redirected URL handling with file externals

 - Server-side bugfixes:
   (none)

Developer-visible changes:
   * swig-rb: Fix uses of 'File.exist?', deprecated since Ruby 2.1
   * Build: Fix uses of deprecated Python APIs
   * Build: Retain ability to build SWIG Python 2 bindings
   * Fix reading WC lock status with svn_wc_status2_t
   * JavaHL: Add @Deprecated to silence compiler warnings
   * JavaHL: Fix crash in case of null message in getMessage
   * Fix build breakage of release tarballs by installed swig
   * Add regression test for issue 4711 "invalid xml file"
   * swig-py: Fix building with SWIG 4.1.0
   * Makefile.in: Fix cleaning of __pycache__ dirs and *.pyc
   * swig-py: Avoid deprecated options to SWIG >= 4.1.0
   * swig-py: Use sysconfig to allow building with Python 3.12
   * INSTALL: Document not to use SVN with APR 1.7.3 on Windows
   * Fix test suite broken by syntax error when --enable-sasl
   * swig-py: Improve error when no external diff
   * autogen.sh: Fix building when Python is not named "python"
   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2023-10-23 16:26:46 by Michael Baeuerle | Files touched by this commit (20)
Log message:
Recursive revbump for new ABI major version of converters/utf8proc
   2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247)
Log message:
*: recursive bump for Python 3.11 as new default
   2022-08-17 21:59:39 by Roland Illig | Files touched by this commit (1)
Log message:
subversion: remove unknown configure option '--with-neon'
   2022-06-30 13:19:02 by Nia Alarie | Files touched by this commit (524)
Log message:
*: Revbump packages that use Python at runtime without a PKGNAME prefix
   2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952)
Log message:
*: recursive bump for perl 5.36
   2022-04-12 23:40:36 by Thomas Klausner | Files touched by this commit (1) | Package updated
Log message:
subversion: reset PKGREVISION after update
   2022-04-12 18:24:29 by Benny Siegert | Files touched by this commit (7) | Package updated
Log message:
subversion: update to 1.4.2 (security).

HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:

CVE-2021-28544
"SVN authz protected copyfrom paths regression"

The full security advisory for CVE-2021-28544 is available at:
    https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
    https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc

A brief summary of this advisory follows:

   Subversion servers reveal 'copyfrom' paths that should be hidden according to
   configured path-based authorization (authz) rules.  When a node has been
   copied from a protected location, users with access to the copy can see the
   `copyfrom' path of the original.  This also reveals the fact that
   the node was copied.
   Only the 'copyfrom' path is revealed; not its contents. Both httpd
   and svnserve
   servers are vulnerable.

   We recommend all users to upgrade to a known fixed release of the
   Subversion server.

   This issue was reported by Evgeny Kotkov

CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"

The full security advisory for CVE-2022-24070 is available at:
    https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
    https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc

A brief summary of this advisory follows:

   While looking up path-based authorization rules, mod_dav_svn servers
   may attempt to use memory which has already been freed.

   We recommend all users to upgrade to a known fixed release of the
   Subversion server.

   This issue was reported by Thomas Weißschuh

Next | Query returned 215 messages, browsing 1 to 10 | Previous