Hello community, here is the log from the commit of package subversion.3986 for openSUSE:13.2:Update checked in at 2015-08-26 19:25:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/subversion.3986 (Old) and /work/SRC/openSUSE:13.2:Update/.subversion.3986.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "subversion.3986" Changes: -------- New Changes file: --- /dev/null 2015-08-24 19:43:32.284261900 +0200 +++ /work/SRC/openSUSE:13.2:Update/.subversion.3986.new/subversion.changes 2015-08-26 19:26:00.000000000 +0200 @@ -0,0 +1,3799 @@ +------------------------------------------------------------------- +Mon Aug 24 10:56:02 UTC 2015 - [email protected] + +- Use suggests instead of recommends to avoid 180+ new pkgs on + minimal setup due subversion-password-store bnc#942819 + +------------------------------------------------------------------- +Thu Aug 6 11:28:23 UTC 2015 - [email protected] + +- Pass --enable-broken-httpd-auth to configure. Assumes all apache2 + packages contain security patches regardless of their version number. + Should fix the build on SLES12 and perhaps elsewhere. + +------------------------------------------------------------------- +Thu Aug 6 11:10:50 UTC 2015 - [email protected] + +- fix mod_authz_svn build with -Wunused-variable + * subversion-1.8.14-unused-var-authnrequired.patch + +------------------------------------------------------------------- +Thu Aug 6 10:48:33 UTC 2015 - [email protected] + +- Apache Subversion 1.8.14 + This release fixes two vulnerabilities: + * mod_authz_svn: do not leak information in mixed anonymous/authenticated + httpd (dav) configurations (CVE-2015-3184) bnc#939514 + * do not leak paths that were hidden by path-based authz (CVE-2015-3187) + bnc#939517 + Non-security fixes: + * document svn:autoprops + * fix 'svn cp ^/A/D/H@1 ^/A' to properly create A + * improve conflict prompts for binary files + * improve performance of 'ls -v' + * improved Sqlite 3.8.9 query performance + * fixed issue #4580: 'svn -v st' on file externals reports "?" for user/rev + * mod_dav_svn: do not ignore skel parsing errors + * detect invalid svndiff data earlier + * prevent possible repository corruption on power/disk failures + * fixed issue #4577: Read error with some repository nodes + * fixed issue #4531: server-side copy (over dav) is slow + * swig-pl: fix some stack memory problems +- Refreshed patch subversion-no-build-date.patch +- Remove obsoleted patch subversion-1.8.13-fix-sqlite-3.8.9-tests.patch +- Add patch subversion-1.8.14-httpd-version-number-detection.patch + +------------------------------------------------------------------- +Sat May 16 18:08:29 UTC 2015 - [email protected] + +- disable failing check-swig-rb + +------------------------------------------------------------------- +Thu Apr 9 18:12:48 UTC 2015 - [email protected] + +- fix tests with SQLite 3.8.9, adding + subversion-1.8.13-fix-sqlite-3.8.9-tests.patch + +------------------------------------------------------------------- +Tue Mar 31 12:00:00 UTC 2015 - [email protected] + +- Apache Subversion 1.8.13 + This release fixes three vulerabilities: + * Subversion HTTP servers with FSFS repositories were vulnerable + to a remotely triggerable excessive memory use with certain + REPORT requests. + (bsc#923793 CVE-2015-0202) + * Subversion mod_dav_svn and svnserve were vulnerable to a + remotely triggerable assertion DoS vulnerability for certain + requests with dynamically evaluated revision numbers. + (bsc#923794 CVE-2015-0248) + * Subversion HTTP servers allow spoofing svn:author property + values for new revisions + (bsc#923795 CVE-2015-0251) +- Non-security updates: + * fixes number of client and server side non-security bugs + * improved working copy performanc + * reduction of resource use + * stability improvements + * usability improvements +- 1.8.12 was not released + +------------------------------------------------------------------- +Fri Mar 20 21:10:19 UTC 2015 - [email protected] + +- Improve installation of secure password storage plugins for + KWallet and GNOME Keyring +- Recommend installation of bash completion + +------------------------------------------------------------------- +Tue Mar 10 20:09:16 UTC 2015 - [email protected] + +- Fix running all regression tests with davautocheck.sh and + svnserveautocheck.sh when time is a shell built-in but not + a command: add subversion-1.8.11-autocheck-time.patch + +------------------------------------------------------------------- +Wed Mar 4 18:12:54 UTC 2015 - [email protected] + +- fix sample configuration comments in subversion.conf [boo#916286] + +------------------------------------------------------------------- +Mon Mar 2 08:08:44 UTC 2015 - [email protected] + +- SLE 11 SP3 build with all regression tests +- run swig-py tests where they pass + +------------------------------------------------------------------- +Fri Feb 20 15:59:32 UTC 2015 - [email protected] + +- fix build with swig 3.0.3 and later: + * upstream subversion-1.8.11-swig-py-comment.patch + * upstream subversion-1.8.11-swig-py-comment-2.patch + * partial subversion-1.8.11-swig-py-comment-3.patch + There remains a regression in swig 3.0.3 and later which causes + check-swig-py to fail - disable these checks. + +------------------------------------------------------------------- +Thu Jan 8 15:41:32 UTC 2015 - [email protected] + +- fix sysconfig file generation (bnc#911620) + +------------------------------------------------------------------- +Thu Dec 18 14:33:55 UTC 2014 - [email protected] + +- Apache Subversion 1.8.11 +- This release addresses two security issues: [boo#909935] + * CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. + * CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction + names. +- Client-side bugfixes: + * checkout/update: fix file externals failing to follow history + and subsequently silently failing + * patch: don't skip targets in valid --git difs + * diff: make property output in diffs stable + * diff: fix diff of local copied directory with props + * diff: fix changelist filter for repos-WC and WC-WC + * remove broken conflict resolver menu options that always error + out + * improve gpg-agent support + * fix crash in eclipse IDE with GNOME Keyring + * fix externals shadowing a versioned directory + * fix problems working on unix file systems that don't support + permissions + * upgrade: keep external registrations + * cleanup: iprove performance of recorded timestamp fixups + * translation updates for German +- Server-side bugfixes: + * disable revprop caching feature due to cache invalidation + problems + * skip generating uniquifiers if rep-sharing is not supported + * mod_dav_svn: reject requests with missing repository paths + * mod_dav_svn: reject requests with invalid virtual transaction + names + * mod_dav_svn: avoid unneeded memory growth in resource walking + +------------------------------------------------------------------- +Thu Nov 20 00:20:00 UTC 2014 - Led <[email protected]> + +- fix bashisms in mailer-init.sh script +- add patches: + * subversion-1.8.10-fix-bashisms.patch + +------------------------------------------------------------------- +Sat Nov 1 22:56:00 UTC 2014 - [email protected] + +- Add a versioned runtime requirement for sqlite and pass it to + configure via --enable-sqlite-compatibility-version to allow + running with sqlite older than at build time but compatible. +- make build with KDE / WKallet optional to fix build with SLE 12 + +------------------------------------------------------------------- +Sat Sep 27 22:56:01 UTC 2014 - [email protected] + +- enable build with python-ctypesgen + +------------------------------------------------------------------- +Wed Sep 17 13:10:50 UTC 2014 - [email protected] + +- INSTALL#SQLite says 'Subversion 1.8 requires SQLite version 3.7.12 or above'; + therefore I lowered the sqlite requirement to make the subversion run on + older system versions, tooi. [bnc#897033] + +------------------------------------------------------------------- +Tue Sep 9 06:57:54 UTC 2014 - [email protected] + +- Re-enable optional running full regression test suite, + cleanup of dependencies only for network based tests. +- make build with ctypesgen optional, off as it is not in Factory + +------------------------------------------------------------------- +Mon Sep 8 22:41:18 UTC 2014 - [email protected] + +- move autogen to %build to not break quilt setup + +------------------------------------------------------------------- +Thu Sep 4 13:38:53 UTC 2014 - [email protected] + +- Use python_sitearch properly ++++ 3602 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.2:Update/.subversion.3986.new/subversion.changes New: ---- _constraints contrib-1485350.tar.bz2 subversion-1.8.0-rpath.patch subversion-1.8.10-fix-bashisms.patch subversion-1.8.11-autocheck-time.patch subversion-1.8.11-swig-py-comment-2.patch subversion-1.8.11-swig-py-comment-3.patch subversion-1.8.11-swig-py-comment.patch subversion-1.8.14-httpd-version-number-detection.patch subversion-1.8.14-unused-var-authnrequired.patch subversion-1.8.14.tar.bz2 subversion-1.8.14.tar.bz2.asc subversion-1.8.9-allow-httpd-2.4.6.patch subversion-fix-parallel-build-support-for-perl-bindings.patch subversion-no-build-date.patch subversion-perl-underlinking.patch subversion-swig-perl-Wall.patch subversion-swig-perl-install_vendor.patch subversion.README.SUSE subversion.changes subversion.conf subversion.keyring subversion.libtool-verbose.patch subversion.rcsvnserve subversion.rpmlintrc subversion.spec subversion.svndiff.sh subversion.svngrep.sh subversion.sysconfig.svnserve subversion.sysconfig.svnserve.remoteaccess subversion.xinetd.svnserve svnserve.service svnserve.tmpfiles ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ subversion.spec ++++++ ++++ 615 lines (skipped) ++++++ subversion-1.8.0-rpath.patch ++++++ Prevent the linker from adding an rpath to shared libraries. Original patch by David Kimdon <[email protected]>. The basic theory is: - Split the $(LINK) makefile macro into $(LINK) and $(LINK_LIB). - Comment out LD_RUN_PATH in the Perl makefiles. - Use libtool instead of apxs to install the apache modules. libtool relinks without rpath in this case, apxs obviously doesn't. --- a/Makefile.in +++ b/Makefile.in @@ -216,10 +216,10 @@ # special compilation for files destined for cxxhl COMPILE_CXXHL_CXX = $(LIBTOOL) $(LTCXXFLAGS) --mode=compile $(COMPILE_CXX) $(LT_CFLAGS) $(CXXHL_INCLUDES) -o $@ -c -LINK = $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LT_LDFLAGS) $(CFLAGS) $(LDFLAGS) -rpath $(libdir) -LINK_LIB = $(LINK) $(LT_SO_VERSION) -LINK_CXX = $(LIBTOOL) $(LTCXXFLAGS) --mode=link $(CXX) $(LT_LDFLAGS) $(CXXFLAGS) $(LDFLAGS) -rpath $(libdir) -LINK_CXX_LIB = $(LINK_CXX) $(LT_SO_VERSION) +LINK = $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LT_LDFLAGS) $(CFLAGS) $(LDFLAGS) +LINK_LIB = $(LINK) $(LT_SO_VERSION) -rpath $(libdir) +LINK_CXX = $(LIBTOOL) $(LTCXXFLAGS) --mode=link $(CXX) $(LT_LDFLAGS) $(CXXFLAGS) $(LDFLAGS) +LINK_CXX_LIB = $(LINK_CXX) $(LT_SO_VERSION) -rpath $(libdir) # special link rule for mod_dav_svn LINK_APACHE_MOD = $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LT_LDFLAGS) $(CFLAGS) $(LDFLAGS) -rpath $(APACHE_LIBEXECDIR) -avoid-version -module $(APACHE_LDFLAGS) @@ -777,7 +777,9 @@ ./config.status subversion/bindings/swig/perl/native/Makefile.PL $(SWIG_PL_DIR)/native/Makefile: $(SWIG_PL_DIR)/native/Makefile.PL - cd $(SWIG_PL_DIR)/native; $(PERL) Makefile.PL + cd $(SWIG_PL_DIR)/native; \ + $(PERL) Makefile.PL INSTALLDIRS=vendor; \ + sed -i -e '/^LD_RUN_PATH/s/^/#/' Makefile Makefile.[a-z]* # There is a "readlink -f" command on some systems for the same purpose, # but it's not as portable (e.g. Mac OS X doesn't have it). These should --- a/build.conf +++ b/build.conf @@ -502,7 +502,7 @@ lang = python path = subversion/bindings/swig/python/libsvn_swig_py libs = libsvn_client libsvn_wc libsvn_ra libsvn_delta libsvn_subr apriconv apr -link-cmd = $(LINK) +link-cmd = $(LINK_LIB) $(SWIG_PY_LIBS) install = swig-py-lib # need special build rule to include -DSWIGPYTHON compile-cmd = $(COMPILE_SWIG_PY) @@ -525,7 +525,7 @@ lang = ruby path = subversion/bindings/swig/ruby/libsvn_swig_ruby libs = libsvn_client libsvn_wc libsvn_delta libsvn_subr apriconv apr -link-cmd = $(LINK) $(SWIG_RB_LIBS) +link-cmd = $(LINK_LIB) $(SWIG_RB_LIBS) install = swig-rb-lib # need special build rule to include compile-cmd = $(COMPILE_SWIG_RB) --- a/build/generator/gen_base.py +++ b/build/generator/gen_base.py @@ -415,7 +415,7 @@ self.install = options.get('install') self.compile_cmd = options.get('compile-cmd') self.sources = options.get('sources', '*.c *.cpp') - self.link_cmd = options.get('link-cmd', '$(LINK)') + self.link_cmd = options.get('link-cmd', '$(LINK_LIB)') self.external_lib = options.get('external-lib') self.external_project = options.get('external-project') @@ -467,6 +467,7 @@ extmap = self.gen_obj._extension_map self.objext = extmap['exe', 'object'] self.filename = build_path_join(self.path, name + extmap['exe', 'target']) + self.link_cmd = '$(LINK)' self.manpages = options.get('manpages', '') self.testing = options.get('testing') ++++++ subversion-1.8.10-fix-bashisms.patch ++++++ From: Oleksandr Chumachenko <[email protected]> Date: Thu Nov 20 19:44:10 2014 UTC Subject: [PATCH] Remove bashism in mailer.py test suite References: http://svn.apache.org/viewvc?view=revision&revision=r1640795 Upstream: committed * mailer/tests/mailer-init.sh Change echo -e to more portable printf --- tools/hook-scripts/mailer/tests/mailer-init.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: subversion-1.8.10/tools/hook-scripts/mailer/tests/mailer-init.sh =================================================================== --- subversion-1.8.10.orig/tools/hook-scripts/mailer/tests/mailer-init.sh 2013-02-25 03:30:54.000000000 +0000 +++ subversion-1.8.10/tools/hook-scripts/mailer/tests/mailer-init.sh 2014-11-20 19:00:52.000000000 +0000 @@ -101,14 +101,14 @@ echo change C6 >> dir6/file4 svn commit -m "copy dir, then make a change" # add a binary file and set property to binary value -echo -e "\x00\x01\x02\x03\x04" > file11 +printf "\x00\x01\x02\x03\x04\n" > file11 svn add file11 svn ps svn:mime-type application/octect-stream file11 svn ps prop2 -F file11 file9 svn commit -m "add binary file" # change the binary file and set property to non binary value -echo -e "\x20\x01\x02\x20" > file11 +printf "\x20\x01\x02\x20\n" > file11 svn ps prop2 propval2 file9 svn commit -m "change binary file" ++++++ subversion-1.8.11-autocheck-time.patch ++++++ ------------------------------------------------------------------------ r1665652 | astieger | 2015-03-10 20:19:04 +0100 (Tue, 10 Mar 2015) | 13 lines Changed paths: M /subversion/trunk/subversion/tests/cmdline/davautocheck.sh M /subversion/trunk/subversion/tests/cmdline/svnserveautocheck.sh Follow-up to r1421594: Fix (svnserve|dav)autocheck when time is only a built-in. Some shells do not treat variable contents as a keyword, which in the case of time makes the script fail if it is a built-in but not a command. * subversion/tests/cmdline/svnserveautocheck.sh, subversion/tests/cmdline/davautocheck.sh: Turn TIME_CMD into a function. Approved by: breser, danielsh This is the version of the patch backported to the 1.8 branch. ------------------------------------------------------------------------ --- subversion/tests/cmdline/davautocheck.sh | 10 +++------- subversion/tests/cmdline/svnserveautocheck.sh | 10 +++------- 2 files changed, 6 insertions(+), 14 deletions(-) Index: subversion-1.8.11/subversion/tests/cmdline/davautocheck.sh =================================================================== --- subversion-1.8.11.orig/subversion/tests/cmdline/davautocheck.sh 2015-03-10 21:05:56.000000000 +0100 +++ subversion-1.8.11/subversion/tests/cmdline/davautocheck.sh 2015-03-10 21:06:50.000000000 +0100 @@ -534,11 +534,7 @@ if [ $# -eq 1 ] && [ "x$1" = 'x--no-test exit fi -if type time > /dev/null; then - TIME_CMD=time -else - TIME_CMD="" -fi +if type time > /dev/null ; then TIME_CMD() { time "$@"; } ; else TIME_CMD() { "$@"; } ; fi say "starting the tests..." @@ -557,13 +553,13 @@ else fi if [ $# = 0 ]; then - $TIME_CMD make check "BASE_URL=$BASE_URL" $SSL_MAKE_VAR + TIME_CMD make check "BASE_URL=$BASE_URL" $SSL_MAKE_VAR r=$? else (cd "$ABS_BUILDDIR/subversion/tests/cmdline/" TEST="$1" shift - $TIME_CMD "$ABS_SRCDIR/subversion/tests/cmdline/${TEST}_tests.py" "--url=$BASE_URL" $SSL_TEST_ARG "$@") + TIME_CMD "$ABS_SRCDIR/subversion/tests/cmdline/${TEST}_tests.py" "--url=$BASE_URL" $SSL_TEST_ARG "$@") r=$? fi Index: subversion-1.8.11/subversion/tests/cmdline/svnserveautocheck.sh =================================================================== --- subversion-1.8.11.orig/subversion/tests/cmdline/svnserveautocheck.sh 2015-03-10 21:05:50.000000000 +0100 +++ subversion-1.8.11/subversion/tests/cmdline/svnserveautocheck.sh 2015-03-10 21:05:56.000000000 +0100 @@ -92,11 +92,7 @@ random_port() { fi } -if type time > /dev/null; then - TIME_CMD=time -else - TIME_CMD="" -fi +if type time > /dev/null ; then TIME_CMD() { time "$@"; } ; else TIME_CMD() { "$@"; } ; fi SVNSERVE_PORT=$(random_port) while netstat -an | grep $SVNSERVE_PORT | grep 'LISTEN'; do @@ -119,13 +115,13 @@ fi BASE_URL=svn://127.0.0.1:$SVNSERVE_PORT if [ $# = 0 ]; then - $TIME_CMD make check "BASE_URL=$BASE_URL" + TIME_CMD make check "BASE_URL=$BASE_URL" r=$? else cd "$ABS_BUILDDIR/subversion/tests/cmdline/" TEST="$1" shift - $TIME_CMD "./${TEST}_tests.py" "--url=$BASE_URL" $* + TIME_CMD "./${TEST}_tests.py" "--url=$BASE_URL" $* r=$? cd - > /dev/null fi ++++++ subversion-1.8.11-swig-py-comment-2.patch ++++++ ------------------------------------------------------------------------ r1658347 | brane | 2015-02-09 11:23:53 +0100 (Mon, 09 Feb 2015) | 6 lines Changed paths: M /subversion/trunk/subversion/bindings/swig/svn_delta.i Partial fix for bindings build with Swig 3.0.x; fixes swig-pl and swig-rb. * subversion/bindings/swig/svn_delta.i: Escape Python code block so that Swig doesn't error out on the comments, thinking they're unknown directives. ------------------------------------------------------------------------ Index: subversion/bindings/swig/svn_delta.i =================================================================== --- subversion/bindings/swig/svn_delta.i (revision 1658346) +++ subversion/bindings/swig/svn_delta.i (revision 1658347) @@ -205,11 +205,11 @@ %include svn_delta_h.swg #ifdef SWIGPYTHON -%pythoncode { +%pythoncode %{ # This function is for backwards compatibility only. # Use svn_txdelta_window_t.ops instead. svn_txdelta_window_t_ops_get = svn_txdelta_window_t._ops_get -} +%} #endif #ifdef SWIGRUBY ++++++ subversion-1.8.11-swig-py-comment-3.patch ++++++ Index: subversion-1.8.11/subversion/bindings/swig/include/proxy.swg =================================================================== --- subversion-1.8.11.orig/subversion/bindings/swig/include/proxy.swg +++ subversion-1.8.11/subversion/bindings/swig/include/proxy.swg @@ -83,13 +83,10 @@ value = _swig_getattr(self, self.__class__, name) - # If we got back a different object than we have, we need to copy all our - # metadata into it, so that it looks identical members = self.__dict__.get("_members") if members is not None: _copy_metadata_deep(value, members.get(name)) - # Verify that the new object is good _assert_valid_deep(value) return value @@ -98,9 +95,6 @@ """Set an attribute on this object""" self.assert_valid() - # Save a copy of the object, so that the garbage - # collector won't kill the object while it's in - # SWIG-land self.__dict__.setdefault("_members",{})[name] = value return _swig_setattr(self, self.__class__, name, value) ++++++ subversion-1.8.11-swig-py-comment.patch ++++++ ------------------------------------------------------------------------ r1655262 | rhuijben | 2015-01-28 12:37:54 +0100 (Wed, 28 Jan 2015) | 6 lines Changed paths: M /subversion/trunk/subversion/bindings/swig/core.i * subversion/bindings/swig/core.i Use C style comments in a file that is processed like C, to avoid errors with newer swig versions that use stricter processing rules. Found by: astieger ------------------------------------------------------------------------ Index: subversion/bindings/swig/core.i =================================================================== --- subversion/bindings/swig/core.i (revision 1655261) +++ subversion/bindings/swig/core.i (revision 1655262) @@ -800,10 +800,11 @@ #endif #ifdef SWIGPYTHON -# The auth baton depends on the providers, so we preserve a -# reference to them inside the wrapper. This way, if all external -# references to the providers are gone, they will still be alive, -# keeping the baton valid. +/* The auth baton depends on the providers, so we preserve a + reference to them inside the wrapper. This way, if all external + references to the providers are gone, they will still be alive, + keeping the baton valid. + */ %feature("pythonappend") svn_auth_open %{ val.__dict__["_deps"] = list(args[0]) %} ++++++ subversion-1.8.14-httpd-version-number-detection.patch ++++++ diff -ur subversion-1.8.14.orig/build/ac-macros/apache.m4 subversion-1.8.14/build/ac-macros/apache.m4 --- subversion-1.8.14.orig/build/ac-macros/apache.m4 Mon Jul 27 02:23:40 2015 +++ subversion-1.8.14/build/ac-macros/apache.m4 Tue Jul 28 11:08:30 2015 @@ -164,7 +164,7 @@ if ! test -e $HTTPD ; then HTTPD="`$APXS -q bindir`/`$APXS -q PROGNAME`" fi - HTTPD_VERSION=["`$HTTPD -v | $SED -e 's@^.*/\([0-9.]*\)\(.*$\)@\1@ ; 1q'`"] + HTTPD_VERSION=["`$HTTPD -v | $SED -e 's/^.*Apache\/\([0-9.]*\).*$/\1/' -e 1q`"] AC_ARG_ENABLE(broken-httpd-auth, AS_HELP_STRING([--enable-broken-httpd-auth], [Allow building against httpd 2.4 with broken auth]), ++++++ subversion-1.8.14-unused-var-authnrequired.patch ++++++ --- subversion/mod_authz_svn/mod_authz_svn.c.orig 2015-08-06 13:03:43.000000000 +0200 +++ subversion/mod_authz_svn/mod_authz_svn.c 2015-08-06 13:04:35.000000000 +0200 @@ -860,13 +860,14 @@ &authz_svn_module); const char *repos_path = NULL; const char *dest_repos_path = NULL; - int status, authn_required; + int status; #if USE_FORCE_AUTHN /* Use the force_authn() hook available in 2.4.x to work securely * given that ap_some_auth_required() is no longer functional for our * purposes in 2.4.x. */ + int authn_required; int authn_configured; /* We are not configured to run */ ++++++ subversion-1.8.9-allow-httpd-2.4.6.patch ++++++ From: Andreas Stieger <[email protected]> Date: Wed, 07 May 2014 20:55:04 +0100 Subject: Allow building against blacklisted Apache httpd 2.4.6 References: [bnc#864308] Upstream: no Apache httpd in openSUSE 13.1 is 2.4.6. The mod_dav in this version is problematic for Apache Subversion and it is blacklisted in via configure macros in the 1.8.9 release of svn and up. The relevant patches have been applied to the apache2 package in openSUSE:13.1:Update and the update has been released, [bnc#864308]. This patch enables building Subversion against this fixed package. --- build/ac-macros/apache.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: subversion-1.8.9/build/ac-macros/apache.m4 =================================================================== --- subversion-1.8.9.orig/build/ac-macros/apache.m4 2014-04-24 05:01:08.000000000 +0100 +++ subversion-1.8.9/build/ac-macros/apache.m4 2014-05-07 20:52:04.000000000 +0100 @@ -128,7 +128,7 @@ if test -n "$APXS" && test "$APXS" != "n AC_MSG_CHECKING([mod_dav version]) old_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $SVN_APR_INCLUDES" - blacklisted_versions_regex=["\"2\" \"\.\" (\"2\" \"\.\" \"25\"|\"4\" \"\.\" \"[56]\")"] + blacklisted_versions_regex=["\"2\" \"\.\" (\"2\" \"\.\" \"25\"|\"4\" \"\.\" \"[5]\")"] AC_EGREP_CPP([apache_version= *$blacklisted_versions_regex], [ #include "$APXS_INCLUDE/ap_release.h" ++++++ subversion-fix-parallel-build-support-for-perl-bindings.patch ++++++ --- Makefile.in 2011-07-16 13:50:53.000000000 +0200 +++ Makefile.in.new 2012-03-11 12:13:57.000000000 +0100 @@ -732,7 +732,7 @@ extraclean-swig-headers: clean-swig-headers $(EXTRACLEAN_SWIG_HEADERS) -$(SWIG_PL_DIR)/native/Makefile.PL: $(SWIG_SRC_DIR)/perl/native/Makefile.PL.in +$(SWIG_PL_DIR)/native/Makefile.PL: $(SWIG_SRC_DIR)/perl/native/Makefile.PL.in libsvn_swig_perl ./config.status subversion/bindings/swig/perl/native/Makefile.PL $(SWIG_PL_DIR)/native/Makefile: $(SWIG_PL_DIR)/native/Makefile.PL ++++++ subversion-no-build-date.patch ++++++ From: Andreas Stieger <[email protected]> Date: Wed, 06 Mar 2013 00:05:08 +0000 Subject: Remove volatile build information Upstream: never Prevent unneccessary rebuilds of binary packages differing only by date, time and build host. --- subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java | 4 ++-- subversion/libsvn_subr/opt.c | 8 ++------ subversion/libsvn_subr/version.c | 4 ++-- subversion/tests/cmdline/getopt_tests_data/svn--version--verbose_stdout | 1 - subversion/tests/cmdline/getopt_tests_data/svn--version_stdout | 1 - 5 files changed, 6 insertions(+), 12 deletions(-) Index: subversion-1.8.9/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java =================================================================== --- subversion-1.8.9.orig/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java 2014-05-07 20:10:17.000000000 +0100 +++ subversion-1.8.9/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java 2014-05-07 20:10:26.000000000 +0100 @@ -140,10 +140,10 @@ public class BasicTests extends SVNTests { VersionExtended vx = client.getVersionExtended(false); String result = vx.getBuildDate(); - if (result == null || result.trim().length() == 0) + if (result == null) throw new Exception("Build date empty"); result = vx.getBuildTime(); - if (result == null || result.trim().length() == 0) + if (result == null) throw new Exception("Build time empty"); result = vx.getBuildHost(); if (result == null || result.trim().length() == 0) Index: subversion-1.8.9/subversion/libsvn_subr/opt.c =================================================================== --- subversion-1.8.9.orig/subversion/libsvn_subr/opt.c 2014-05-07 20:10:17.000000000 +0100 +++ subversion-1.8.9/subversion/libsvn_subr/opt.c 2014-05-07 20:10:26.000000000 +0100 @@ -1114,12 +1114,8 @@ svn_opt__print_version_info(const char * if (quiet) return svn_cmdline_printf(pool, "%s\n", SVN_VER_NUMBER); - SVN_ERR(svn_cmdline_printf(pool, _("%s, version %s\n" - " compiled %s, %s on %s\n\n"), - pgm_name, SVN_VERSION, - svn_version_ext_build_date(info), - svn_version_ext_build_time(info), - svn_version_ext_build_host(info))); + SVN_ERR(svn_cmdline_printf(pool, _("%s, version %s\n\n"), + pgm_name, SVN_VERSION)); SVN_ERR(svn_cmdline_printf(pool, "%s\n", svn_version_ext_copyright(info))); if (footer) Index: subversion-1.8.9/subversion/libsvn_subr/version.c =================================================================== --- subversion-1.8.9.orig/subversion/libsvn_subr/version.c 2014-05-07 20:10:17.000000000 +0100 +++ subversion-1.8.9/subversion/libsvn_subr/version.c 2014-05-07 20:10:26.000000000 +0100 @@ -132,8 +132,8 @@ svn_version_extended(svn_boolean_t verbo { svn_version_extended_t *info = apr_pcalloc(pool, sizeof(*info)); - info->build_date = __DATE__; - info->build_time = __TIME__; + info->build_date = ""; + info->build_time = ""; info->build_host = SVN_BUILD_HOST; info->copyright = apr_pstrdup (pool, _("Copyright (C) 2015 The Apache Software Foundation.\n" Index: subversion-1.8.9/subversion/tests/cmdline/getopt_tests_data/svn--version--verbose_stdout =================================================================== --- subversion-1.8.9.orig/subversion/tests/cmdline/getopt_tests_data/svn--version--verbose_stdout 2014-05-07 20:10:17.000000000 +0100 +++ subversion-1.8.9/subversion/tests/cmdline/getopt_tests_data/svn--version--verbose_stdout 2014-05-07 20:10:26.000000000 +0100 @@ -1,5 +1,4 @@ svn, version 1.8.0-dev (under development) - compiled Sep 10 2012, 14:00:24 on i386-apple-darwin11.4.0 Copyright (C) 2012 The Apache Software Foundation. This software consists of contributions made by many people; Index: subversion-1.8.9/subversion/tests/cmdline/getopt_tests_data/svn--version_stdout =================================================================== --- subversion-1.8.9.orig/subversion/tests/cmdline/getopt_tests_data/svn--version_stdout 2014-05-07 20:10:17.000000000 +0100 +++ subversion-1.8.9/subversion/tests/cmdline/getopt_tests_data/svn--version_stdout 2014-05-07 20:10:26.000000000 +0100 @@ -1,5 +1,4 @@ svn, version 0.16.0 (r3987) - compiled Dec 5 2002, 00:02:51 Copyright (C) 2010 The Apache Software Foundation. This software consists of contributions made by many people; ++++++ subversion-perl-underlinking.patch ++++++ diff -urN subversion-1.8.10.old/Makefile.in subversion-1.8.10/Makefile.in --- subversion-1.8.10.old/Makefile.in 2014-08-19 14:05:55.226069730 +0200 +++ subversion-1.8.10/Makefile.in 2014-08-19 14:55:21.696069376 +0200 @@ -791,7 +791,7 @@ if test "`$(READLINK_PL) $(SWIG_PL_DIR)`" != "`$(READLINK_PL) $(SWIG_PL_SRC_DIR)`"; then \ ln -sf $(SWIG_PL_SRC_DIR)/native/*.c $(SWIG_PL_DIR)/native; \ fi - cd $(SWIG_PL_DIR)/native; $(MAKE) OPTIMIZE="" OTHERLDFLAGS="$(SWIG_LDFLAGS)" + cd $(SWIG_PL_DIR)/native; $(MAKE) check-swig-pl: swig-pl swig-pl-lib cd $(SWIG_PL_DIR)/native; $(MAKE) test diff -urN subversion-1.8.10.old/subversion/bindings/swig/perl/native/Makefile.PL.in subversion-1.8.10/subversion/bindings/swig/perl/native/Makefile.PL.in --- subversion-1.8.10.old/subversion/bindings/swig/perl/native/Makefile.PL.in 2014-08-19 14:05:55.198069730 +0200 +++ subversion-1.8.10/subversion/bindings/swig/perl/native/Makefile.PL.in 2014-08-19 14:41:23.190069476 +0200 @@ -86,7 +86,7 @@ " -I$svnlib_builddir", " -I$swig_srcdir -g"), OBJECT => q/$(O_FILES)/, - LIBS => [join(' ', $apr_ldflags, + LIBS => [join(' ', $apr_ldflags, '-lpthread -lapr-1 -lperl', (map {"-L$_"} @ldpaths), @ldmodules, '-lsvn_swig_perl-1', `$swig -perl -ldflags`)], ++++++ subversion-swig-perl-Wall.patch ++++++ Don't drop -Wall in the swig Perl bindings, otherwise building with e.g. -Wformat-security might break. https://bugzilla.redhat.com/show_bug.cgi?id=1037341 --- subversion-1.8.5/subversion/bindings/swig/perl/native/Makefile.PL.in.swigplWall +++ subversion-1.8.5/subversion/bindings/swig/perl/native/Makefile.PL.in @@ -54,7 +54,6 @@ my $includes = ' -I/usr/include/apr-1 # SWIG is using C++ style comments in an extern "C" code. $cflags =~ s/-ansi\s+//g; $cflags =~ s/-std=c89\s+//g; -$cflags =~ s/-Wall//g; $cflags =~ s/-Wunused//g; $cflags =~ s/-Wshadow//g; $cflags =~ s/-Wstrict-prototypes//g; ++++++ subversion-swig-perl-install_vendor.patch ++++++ Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: subversion-1.8.0-rc2/Makefile.in =================================================================== --- subversion-1.8.0-rc2.orig/Makefile.in 2013-05-14 20:24:53.000000000 +0100 +++ subversion-1.8.0-rc2/Makefile.in 2013-05-14 20:24:54.000000000 +0100 @@ -780,7 +780,7 @@ check-swig-pl: swig-pl swig-pl-lib cd $(SWIG_PL_DIR)/native; $(MAKE) test install-swig-pl: swig-pl install-swig-pl-lib - cd $(SWIG_PL_DIR)/native; $(MAKE) install + cd $(SWIG_PL_DIR)/native; $(MAKE) install_vendor EXTRACLEAN_SWIG_PL=rm -f $(SWIG_PL_SRC_DIR)/native/svn_*.c \ $(SWIG_PL_SRC_DIR)/native/core.c ++++++ subversion.README.SUSE ++++++ Quickstart document for Apache Subversion on openSUSE. For the full documentation, install the package subversion-doc and see /usr/share/doc/packages/subversion/html/book/svn-book.html An online version can be found at http://svnbook.red-bean.com/ Topics: 0. upgrading to Apache Subversion 1.8 1. mini-howto 2. allowing anonymous read access 3. serving several repositories with SVNParentPath 4. serving the repositories at "/" 5. running svnserve 6. quickstart for mod_dontdothat ================================================================================ 0. upgrading to Apache Subversion 1.8 - concerns when upgrading from earlier versions * Upgrading the Working Copy 1.8 introduces a new working copy format. One-time execution of "svn upgrade" required. After that, clients earlier than 1.8 will be unable to use the working copy. Working copy must have been created using 1.6 or 1.7. For details, please see: https://subversion.apache.org/docs/release-notes/1.8.html#wc-upgrade * Upgrading the Repository 1.8 can read and write repositories created by earlier versions. "svnadmin upgrade" may be used to upgrade to FSFS format 6 of 1.8, after which the repository will be no longer be usable for 1.7 servers. An optional dump/load cycle may be used to apply FSFS improvements to past revisions. https://subversion.apache.org/docs/release-notes/1.8.html#compatibility https://subversion.apache.org/docs/release-notes/1.8.html#fsfs-enhancements * Required configuration changes when using mod_dav_svn with Apache httpd2: The MaxKeepAliveRequests option in httpd.conf needs to be increased from 100 (the default) to at least 1000 (there is no reason why it could not be 10000). This will improve performance by allowing serf clients to use fewer TCP connections to the server. Clients using neon will also work fine with this configuration. ================================================================================ 1. mini-howto To run a subversion server, you need to configure apache2 to load two modules: mod_dav and mod_dav_svn. zypper in subversion-server a2enmod dav a2enmod dav_svn A default/example configuration of the dav_svn module can be found in /etc/apache2/conf.d/subversion.conf. The current default configuration automatically includes this file the default server configuration. The MaxKeepAliveRequests option in httpd.conf needs to be increased from 100 (the default) to at least 1000 (there is no reason why it could not be 10000). This will improve performance by allowing serf clients to use fewer TCP connections to the server. Clients using neon will also work fine with this configuration. Create some directories to contain the repositories and other files: mkdir -p /srv/svn/repos mkdir -p /srv/svn/user_access mkdir -p /srv/svn/html Edit /etc/apache2/conf.d/subversion.conf and uncomment the desired sections. The first section "project related HTML files" is optional and will allow you to return some static content when /repos is accessed alone. If you do not need this, discard this section. If instead you wish to show a list of repositories, set "SVNListParentPath on" later. See for details: http://svnbook.red-bean.com/en/1.8/svn.serverconfig.httpd.html#svn.serverconfig.httpd.extra.browsing.reposlisting The section following that will configure a repository to be served out of the path /srv/svn/repos/myproject1. Note that the location "/repo/myproject1" and "SVNPath" is specified explicitly, see section 3 for an alternative. To create the repository itself: cd /srv/svn/repos svnadmin create project1 chown -R wwwrun:www project1/{db,locks} If using svnserve is not planned, /srv/svn/repos may be owned by wwrun:www. Otherwise see instruction in the svnserve section on how to use the user and group svn. The webserver must be (re)started: rcapache2 restart To create the user access files: touch /srv/svn/user_access/project1_passwdfile chown root:www /srv/svn/user_access/project1_passwdfile chmod 640 /srv/svn/user_access/project1_passwdfile htpasswd2 /srv/svn/user_access/project1_passwdfile user1 htpasswd2 /srv/svn/user_access/project1_passwdfile user2 Create the group file for project1: /srv/svn/user_access/project1_groupfile project1_committers: user2 project1_readers: user1 user2 You can test access by: svn info http://127.0.0.1/repos/project1 ================================================================================ 2. allowing anonymous read access To allow anonymous read access, remove the <Limit GET...> section and move the three Auth* statements into the <LimitExcept GET...> section. ================================================================================ 3. serving several repositories with SVNParentPath When serving several repositories, instead of specifying each location with SVNPath in a separate location, you can use SVNParentPath with a single location. Change the <Location ...> directive form the template to start with the following: <Location /repos/> DAV svn SVNParentPath /srv/svn/repos SVNListParentPath on Do not forget to restart the apache service to make the configuration effective. service apache2 restart ================================================================================ 4. serving the repositories at "/" Include the configuration into the relevant vhost configuration. Uncomment the section in the template files labeled 'Hosting svn at "/"' and adjust as required. Note that this example uses "SVNParentPath" as given in the previous section. ================================================================================ 5. running svnserve Subversion repositories can be via the svnserve daemon and a special network protocol. svnserve should not run as root user. The startup scripts expects a user/group named 'svn', configureable via /etc/sysconfig/svnserve. The subversion package now creates a user and group svn. If you want to expose the repository via both svnserve and mod_dav_svn (Apache httpd) in parallel, ensure that the apache user is part of the svn group. usermod -A svn wwwrun This requires a restart of the apache2 service to become effective. Change the permissions to let the svn group write, and set the setgid flag on the repositories. chown -R svn:svn /srv/svn/repos chmod -R g+ws /srv/svn/repos Then proceed to create repositories using svnadmin create described above. In either case, if using svnserve, ensure that the repositories are owned by svn:svn. The settings files with the options passed to the daemon is is located in: /etc/sysconfig/svnserve To start, ensure proper ownership of repositories and run: service svnserve start For further information about multi-method repository access, see http://svnbook.red-bean.com/en/1.8/svn.serverconfig.multimethod.html You can test repository access by: svn info svn://127.0.0.1/project1 Please note that by default, svnserve is configured to be started with -R, meaning read-only access only. Remove to allow write access, after you have configured access via /srv/svn/repos/repo1/conf/svnserve.conf To configue authentication for svnserve, see http://svnbook.red-bean.com/en/1.8/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth ================================================================================ 6. quickstart for mod_dontdothat The apache module mod_dontdothat can be used to prevent users from causing high load on the server, e.g. checking out the root of the tree or the tags or branches directories. Make sure mod_dontdothat is loaded: $ a2enmod dontdothat Add configuration for the module, e.g. <Location /> DAV svn SVNParentPath /srv/svn/repos/ SVNListParentPath on # [...other configuration...] <IfModule mod_dontdothat.c> DontDoThatConfigFile /srv/svn/mod_dontdothat.config DontDoThatDisallowReplay off </IfModule> </Location> Restart apache to make the change effective. A fairly standard file /srv/svn/mod_dontdothat.config may contain: [recursive-actions] /*/trunk = allow / = deny /* = deny /*/tags = deny /*/branches = deny /*/* = deny /*/*/tags = deny /*/*/branches = deny This allows checking out of /trunk and each branch, but disallows checking out all branches or the complete repository at once. ++++++ subversion.conf ++++++ # Example configuration for a subversion repository # Install the package subversion-doc and see # /usr/share/doc/packages/subversion for the full documentation # An online version can be found at http://svnbook.red-bean.com/ # <IfModule mod_dav_svn.c> ## ## project related HTML files ## #<IfModule mod_alias.c> #Alias /repos /srv/svn/html #</IfModule> #<Directory /srv/svn/html> # Options +Indexes +Multiviews -FollowSymLinks # IndexOptions FancyIndexing \ # ScanHTMLTitles \ # NameWidth=* \ # DescriptionWidth=* \ # SuppressLastModified \ # SuppressSize # # order allow,deny # allow from all #</Directory> #<Location /repos/myproject1> # DAV svn # SVNPath /srv/svn/repos/myproject1 # # AuthType Basic # AuthName "Authorization Realm" # AuthUserFile /srv/svn/user_access/myproject1_passwdfile # AuthGroupFile /srv/svn/user_access/myproject1_groupfile # # # Limit read access to certain people # <Limit GET PROPFIND OPTIONS REPORT> # # uncomment to require SSL connection for password protection. # # SSLRequireSSL # Require group project1_committers # Require group project1_readers # </Limit> # # # Limit write permission to list of valid users. # <LimitExcept GET PROPFIND OPTIONS REPORT> # # uncomment to require SSL connection for password protection. # # SSLRequireSSL # Require group project1_committers # </LimitExcept> # #</Location> ## ## Hosting svn at "/" ## #<VirtualHost *> # ServerName svn.example.com # ErrorLog /var/log/apache2/svn.example.com-error_log # TransferLog /var/log/apache2/svn.example.com-access_log # # # # Do not set DocumentRoot. It is not needed here and just causes trouble. # # # # Map the error documents back to their defaults. # # Otherwise mod_dav_svn tries to find a "error" repository. # # # ErrorDocument 400 default # ErrorDocument 401 default # ErrorDocument 403 default # ErrorDocument 404 default # ErrorDocument 405 default # ErrorDocument 408 default # ErrorDocument 410 default # ErrorDocument 411 default # ErrorDocument 412 default # ErrorDocument 413 default # ErrorDocument 414 default # ErrorDocument 415 default # ErrorDocument 500 default # ErrorDocument 501 default # ErrorDocument 502 default # ErrorDocument 503 default # # # <Location /> # DAV svn # SVNParentPath /srv/svn/repos/ # SVNListParentPath on # AuthType Basic # AuthName "subversion repository" # AuthBasicProvider file # AuthUserFile /srv/svn/auth/svn.example.org.htpasswd # SetOutputFilter DEFLATE # <LimitExcept GET PROPFIND OPTIONS REPORT> # Require valid-user # </LimitExcept> # # # # Optional configuration for mod_dontdothat # # prevent users from causing high load on the server, e.g. checking out # # the root of the tree or the tags or branches directories # # # #<IfModule mod_dontdothat.c> # # DontDoThatConfigFile /srv/svn/mod_dontdothat.config # # DontDoThatDisallowReplay off # #</IfModule> # </Location> #</VirtualHost> </IfModule> ++++++ subversion.keyring ++++++ ++++ 13754 lines (skipped) ++++++ subversion.libtool-verbose.patch ++++++ --- Makefile.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: subversion-nightly/Makefile.in =================================================================== --- subversion-nightly.orig/Makefile.in 2013-03-15 12:21:46.000000000 +0000 +++ subversion-nightly/Makefile.in 2013-03-17 20:02:04.000000000 +0000 @@ -112,8 +112,8 @@ EXEEXT = @EXEEXT@ SHELL = @SHELL@ LIBTOOL = @SVN_LIBTOOL@ -LTFLAGS = --tag=CC --silent -LTCXXFLAGS = --tag=CXX --silent +LTFLAGS = --tag=CC +LTCXXFLAGS = --tag=CXX LT_CFLAGS = @LT_CFLAGS@ LT_LDFLAGS = @LT_LDFLAGS@ LT_SO_VERSION = @SVN_LT_SOVERSION@ ++++++ subversion.rcsvnserve ++++++ #! /bin/sh # Copyright (c) 1995-2011 SuSE Linux AG, Nuernberg, Germany. # All rights reserved. # # /etc/init.d/svnserve # and its symbolic link # /usr/sbin/rcsvnserve # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # # Note: This script uses functions rc_XXX defined in /etc/rc.status on # UnitedLinux (UL) based Linux distributions. If you want to base your # script on this template and ensure that it works on non UL based LSB # compliant Linux distributions, you either have to provide the rc.status # functions from UL or change the script to work without them. ### BEGIN INIT INFO # Provides: svnserve # Required-Start: # Should-Start: $time ypbind sendmail $syslog $remote_fs # Required-Stop: $syslog $remote_fs # Should-Stop: $time ypbind sendmail # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: svnserve # Description: readonly access to a subversion repository ### END INIT INFO # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: # http://www.linuxbase.org/spec/refspecs/LSB_1.2.0/gLSB/scrptnames.html # A registry has been set up to manage the init script namespace. # http://www.lanana.org/ # Please use the names already registered or register one or use a # vendor prefix. # Check for missing binaries (stale symlinks should not happen) SVNSERVE_BIN=/usr/bin/svnserve test -x $SVNSERVE_BIN || exit 5 # Check for existence of needed config file and read it SVNSERVE_CONFIG=/etc/sysconfig/svnserve test -r $SVNSERVE_CONFIG || exit 6 . $SVNSERVE_CONFIG # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks # rc_splash arg sets the boot splash screen to arg (if active) . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting svnserve " ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. UID_ENT="$(/usr/bin/getent passwd $SVNSERVE_USERID)" GID_ENT="$(/usr/bin/getent group $SVNSERVE_GROUPID)" if test -z "$SVNSERVE_USERID" -o -z "$UID_ENT" then echo echo "User $SVNSERVE_USERID does not exist." echo "Please check $SVNSERVE_CONFIG before starting this service." rc_failed elif test -z "$SVNSERVE_GROUPID" -o -z "$GID_ENT" then echo echo "Group $SVNSERVE_GROUPID does not exist." echo "Please check $SVNSERVE_CONFIG before starting this service." rc_failed else startproc -u "$SVNSERVE_USERID" -g "$SVNSERVE_GROUPID" -e $SVNSERVE_BIN $SVNSERVE_OPTIONS fi # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down svnserve " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. killproc -TERM $SVNSERVE_BIN # Remember status and be verbose rc_status -v ;; try-restart) ## Do a restart only if the service was active before. ## Note: try-restart is not (yet) part of LSB (as of 1.2) $0 status >/dev/null && $0 restart # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) echo -n "Reload service svnserve " $0 stop && $0 start #rc_status ;; status) echo -n "Checking for service svnserve " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. checkproc $SVNSERVE_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload}" exit 1 ;; esac rc_exit ++++++ subversion.rpmlintrc ++++++ # libsvn_subr calls exit as part of the default malfunction handler. # That's OK. Library users are expected to override the default handler. addFilter("subversion.*shared-lib-calls-exit.*libsvn_subr-1.so.*") ++++++ subversion.svndiff.sh ++++++ #!/bin/bash # stupid svn has no 'svn diff -v -R $bignum' to grab all info for a single patch export TZ=UTC export LANG=C export LC_ALL=C shopt -s extglob case "$1" in r+([0-9])) rev=${1#?} shift ;; +([0-9])) rev=$1 shift ;; esac if test -z "$rev" then echo "Usage: $0 <svnrepo revision number>" exit 1 fi revprev=$(($rev - 1 )) svn log -v -r $rev "$@" svn diff -r $revprev:$rev "$@" ++++++ subversion.svngrep.sh ++++++ #!/bin/sh find \( -path '*/.pc' -o -path '*/.svn' -o -path '*/.git' -o -path '*/.hg' \) -prune -o -type f -print0 | xargs -0 grep "$@" ++++++ subversion.sysconfig.svnserve ++++++ ## Path: Network/Subversion/svnserve ## Description: Basic configuration for svnserve ## Type: string ## Default "-d -R -r /srv/svn/repos" # # Default options for the svnserve process. # The -R option enforces read-only access, i.e. write operations to the # repository (such as commits) will not be allowed. # Authentication should be configured before allowing write access. # See http://svnbook.red-bean.com/en/1.8/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth # SVNSERVE_OPTIONS="-d -R -r /srv/svn/repos" ## Type: string ## Default "svn" # # svnserve should run as unprivileged user. # If you want to expose the repository via both svnserve and mod_dav_svn # (Apache httpd) in parallel, ensure that the apache user is part of the # svn group and the setgid flag is set on the repositories # usermod -A svn wwwrun # chmod -R g+s /srv/svn/repos # See http://svnbook.red-bean.com/en/1.8/svn.serverconfig.multimethod.html # SVNSERVE_USERID="svn" ## Type: string ## Default "svn" # # svnserve should run as unprivileged user. # If you want to expose the repository via both svnserve and mod_dav_svn # (Apache httpd) in parallel, ensure that the apache user is part of the # svn group and the setgid flag is set on the repositories # usermod -A svn wwwrun # chmod -R g+s /srv/svn/repos # See http://svnbook.red-bean.com/en/1.8/svn.serverconfig.multimethod.html # SVNSERVE_GROUPID="svn" ++++++ subversion.sysconfig.svnserve.remoteaccess ++++++ ## Name: svnserve ## Description: Open ports for svnserve TCP="svn" ++++++ subversion.xinetd.svnserve ++++++ # default: off # description: readonly access to a subversion repository service svn { disable = yes socket_type = stream protocol = tcp wait = no user = svn group = svn groups = yes server = /usr/bin/svnserve server_args = --read-only --root=/srv/svn/repos --inetd } ++++++ svnserve.service ++++++ [Unit] Description=Subversion protocol daemon After=syslog.target network.target [Service] Type=forking EnvironmentFile=/etc/sysconfig/svnserve User=svn Group=svn PIDFile=/var/run/svnserve/svnserve.pid ExecStart=/usr/bin/svnserve --daemon --pid-file=/var/run/svnserve/svnserve.pid $SVNSERVE_OPTIONS [Install] WantedBy=multi-user.target ++++++ svnserve.tmpfiles ++++++ D /var/run/svnserve 0755 svn svn -
