2013-06-29 10:56:56 by OBATA Akio | Files touched by this commit (5) |
Log message:
Update subversion to 1.7.10.
This release addresses three security issues:
CVE-2013-1968: fsfs repository corruption caused by newline characters in \
filenames
CVE-2013-2088: contrib hook-scripts can allow arbitrary code execution
CVE-2013-2112: svnserve remotely triggerable DoS.
Version 1.7.10
(30 May 2013, from /branches/1.7.x)
http://svn.apache.org/repos/asf/subversion/tags/1.7.10
User-visible changes:
- Client-side bugfixes:
* fix 'svn revert' "no such table: revert_list" spurious error \
(issue #4168)
* fix 'svn diff' doesn't show some locally added files (issue #3797)
* fix changelist filtering when --changelist values aren't UTF8 (r1475724)
* fix 'svn diff --git' shows wrong copyfrom (issue #4294)
* fix 'svn diff -x-w' shows wrong changes (issues #4133 and #4270, r1427278)
* fix 'svn blame' sometimes shows every line as modified (issue #4034)
* fix regression in 'svn status -u' output for externals (r1434750)
* fix file permissions change on commit of file with keywords (issue #4331)
* improve some fatal error messages (r1465975)
* fix externals not removed when working copy is made shallow (issue #3741)
- Server-side bugfixes:
* fix repository corruption due to newline in filename (issue #4340)
* fix svnserve exiting when a client connection is aborted (r1482759)
* fix svnserve memory use after clear (issue #4365)
* fix repository corruption on power/disk failure on Windows (r1483781)
Developer-visible changes
- General:
* make get-deps.sh compatible with Solaris /bin/sh (r1451678)
* fix infinite recursion bug in get-deps.sh (r1421541, r1424977)
* fix uninitialised output parameter of svn_fs_commit_txn() (r1461743)
- Bindings:
* fix JavaHL thread-safety bug (r1476359)
|
2013-05-31 14:42:58 by Thomas Klausner | Files touched by this commit (2880) |
Log message:
Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
|
2013-04-13 14:57:40 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
Update to 1.7.9
Changelog:
Version 1.7.9
(04 Apr 2013, from /branches/1.7.x)
http://svn.apache.org/repos/asf/subversion/tags/1.7.9
User-visible changes
- Client-side bugfixes:
* improved error messages about svn:date and svn:author props. (r1440620)
* fix local_relpath assertion (issue #4257)
* fix memory leak in `svn log` over svn:// (r1458341)
* fix incorrect authz failure when using neon http library (issue #4332)
* fix segfault when using kwallet (r1421103)
- Server-side bugfixes:
* svnserve will log the replayed rev not the low-water rev. (r1461278)
* mod_dav_svn will omit some property values for activity urls (r1453780)
* fix an assertion in mod_dav_svn when acting as a proxy on / (issue #4272)
* improve memory usage when committing properties in mod_dav_svn (r1443929)
* fix svnrdump to load dump files with non-LF line endings (issue #4263)
* fix assertion when rep-cache is inaccessible (r1422100)
* improved logic in mod_dav_svn's implementation of lock. (r1455352)
* avoid executing unnecessary code in log with limit (r1459599)
Developer-visible changes:
- General:
* fix an assertion in dav_svn_get_repos_path() on Windows (r1425368)
* fix get-deps.sh to correctly download zlib (r13520131)
* doxygen docs will now ignore prefixes when producing the index (r1429201)
* fix get-deps.sh on freebsd (r1423646)
- Bindings:
* javahl status api now respects the ignoreExternals boolean (r1435361)
This release addesses five security issues:
CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
CVE-2013-1847: mod_dav_svn crashes on LOCK requests against
non-existant URLs
CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against
activity URLs
CVE-2013-1884: mod_dav_svn crashes on out of range limit in log
REPORT request
|
2013-02-09 14:22:11 by Ryo ONODERA | Files touched by this commit (15) |
Log message:
Update to 1.7.8.
Change to 1.7.x branch.
Many changes are introduced.
See http://subversion.apache.org/docs/release-notes/1.7.html .
|
2013-01-20 13:29:52 by Ryo ONODERA | Files touched by this commit (4) |
Log message:
Update to 1.9.20
Changelog:
Version 1.6.20
(04 Jan 2013, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.20
User-visible changes
- Client- and server-side bugfixes:
* Fix typos in pt_BR, es and zh_TW translations (r1402417)
- Server-side bugfixes:
* add Vary: header to GET responses to improve cacheability (r1390653)
* fix fs_fs to cleanup after failed rep transmission (r1403964, et al)
* fix an assert with SVNAutoVersioning in mod_dav_svn (issue #4231)
Version 1.6.19
(10 Sep 2012, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.19
- Client-side bugfixes:
* handle missing svn:date reported by svnserve gracefully (r1306111)
- Server-side bugfixes:
* fix possible server hang if a hook script fails to start (r1330410)
* fix write-through proxy commit regression introduced in 1.6.17 (r1088602)
* partial sync drops properties when converting to adds (issue #4184)
- Developer-visible changes:
* fix the testsuite to avoid FAILs on APR hash order (r1230714, et al)
Version 1.6.18
(29 Mar 2012, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.18
User-visible changes:
* reject invalid svn:mergeinfo at commit time over DAV (issue #3953)
* fix reintegrate merge regression introduced in 1.6.13 (issue #3957)
* make the stderr output of the post-commit hook XML-safe (r893478)
* fix a rare source of FSFS corruption (r1240752)
* plug a memory leak in the bdb backend (r1205726)
* server-side performance fix for "log -g" (r1152282)
* fix description of svndumpfilter's --targets option (r1151911)
* fix datastream corruption during resumed transfer in ra_serf (r1154733)
* fix a crash in ra_svn SASL authentication (r1166555, -678)
* fix potential corruption on 32-bit FSFS with large files (r1230212)
* make website links point to subversion.apache.org (r896893, -901, r915036)
* fix non-fatal FSFS corruption bug with concurrent commits (issue #4129)
Developer-visible changes:
* fix sqlite distfile retrieval in get-deps.sh (r1134734)
* fix swig-py memory leak (r1235264, -296, -302, -736)
* allow passing --with-jdk to gen-make.py on Windows (r966167)
|
2012-12-20 19:39:14 by Greg Troxel | Files touched by this commit (1) | |
Log message:
Replace comment about volunteers to test language bindings.
(This is a comment-only change.)
I used to maintain the subversion packages, but am no longer actively
doing so. I basically removed my name from the comment soliciting
volunteers to test the language binding part of updates, and updated
the text.
|
2012-10-03 23:59:10 by Thomas Klausner | Files touched by this commit (2798) |
Log message:
Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.
I hope that's all of them.
|
2012-04-13 23:17:38 by Sergey Svishchev | Files touched by this commit (3) |
Log message:
PR/43732 -- add svnserve.sh rc.d script (untested).
|
2012-03-11 04:38:52 by Mark Davies | Files touched by this commit (3) |
Log message:
Add subversion patch Revision 1145203. Ensure the
Perl extension is built using the Perl compiler flags.
Fixes use of "git svn" on Linux.
Bump PKGREVISION of p5-subversion package.
|
2011-06-03 15:26:50 by Takahiro Kambe | Files touched by this commit (9) | |
Log message:
Update subversion pacakges to 1.6.17.
Version 1.6.17
(01 Jun 2011, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.17
User-visible changes:
* improve checkout speed on Windows (issue #3719)
* make 'blame -g' more efficient on with large mergeinfo (r1094692)
* avoid some invalid handle exceptions on Windows (r1095654)
* preserve log message with a non-zero editor exit (r1072084)
* fix FSFS cache performance on 64-bit platforms (r1103665)
* make svn cleanup tolerate obstructed directories (r1091881)
* fix deadlock in multithreaded servers serving FSFS repositories (r1104093)
* detect very occasional corruption and abort commit (issue #3845)
* fixed: file externals cause non-inheritable mergeinfo (issue #3843)
* fixed: file externals cause mixed-revision working copies (issue #3816)
* fix crash in mod_dav_svn with GETs of baselined resources (r1104126)
See CVE-2011-1752, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-1752-advisory.txt
* fixed: write-through proxy could direcly commit to slave (r917523)
* detect a particular corruption condition in FSFS (r1100213)
* improve error message when clients refer to unkown revisions (r939000)
* bugfixes and optimizations to the DAV mirroring code (r878607)
* fixed: locked and deleted file causes tree conflict (issue #3525)
* fixed: update touches locked file with svn:keywords property (issue #3471)
* fix svnsync handling of directory copyfrom (issue #3641)
* fix 'log -g' excessive duplicate output (issue #3650)
* fix svnsync copyfrom handling bug with BDB (r1036429)
* server-side validation of svn:mergeinfo syntax during commit (issue #3895)
* fix remotely triggerable mod_dav_svn DoS
See CVE-2011-1783, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
* fix potential leak of authz-protected file contents
See CVE-2011-1921, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
Developer-visible changes:
* fix reporting FS-level post-commit processing errors (r1104098)
* fix JVM recognition on OS X Snow Leopard (10.6) (r1028084)
* allow building on Windows with recent Expat (r1074572)
|