Hello community, here is the log from the commit of package subversion for openSUSE:Factory checked in at 2015-12-17 15:54:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/subversion (Old) and /work/SRC/openSUSE:Factory/.subversion.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "subversion" Changes: -------- --- /work/SRC/openSUSE:Factory/subversion/subversion.changes 2015-11-05 11:35:51.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.subversion.new/subversion.changes 2015-12-17 15:54:51.000000000 +0100 @@ -1,0 +2,41 @@ +Tue Dec 15 16:56:10 UTC 2015 - [email protected] + +- Apache Subversion 1.9.3 + This release fixes two security issues: + * Remotely triggerable heap overflow and out-of-bounds read + caused by integer overflow in the svn:// protocol parser. + CVE-2015-5259 [boo#958299] + + * Remotely triggerable heap overflow and out-of-bounds read in + mod_dav_svn caused by integer overflow when parsing skel- + encoded request bodies. + CVE-2015-5343 [boo#958300] + Other changes: + * svn: fix possible crash in auth credentials cache + * cleanup: avoid unneeded memory growth during pristine cleanup + * diff: fix crash when repository is on server root + * fix translations for commit notifications + * ra_serf: fix crash in multistatus parser + * svn: report lock/unlock errors as failures + * svn: cleanup user deleted external registrations + * svn: allow simple resolving of binary file text conflicts + * svnlook: properly remove tempfiles on diff errors + * ra_serf: report built- and run-time versions of libserf + * ra_serf: set Content-Type header in outgoing requests + * svn: fix merging deletes of svn:eol-style CRLF/CR files + * ra_local: disable zero-copy code path + * mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm + * mod_dav_svn: fix display of process ID in cache statistics + * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests + * svnadmin dump: preserve no-op changes + * fsfs: avoid unneeded I/O when opening transactions + * javahl: fix ABI incompatibilty with 1.8 + * javahl: allow non-absolute paths in SVNClient.vacuum + * fix patch filter invocation in svn_client_patch() + * add @since information to config defines + * fix running the tests in compatibility mode + * clarify documentation of svn_fs_node_created_rev() + * fix overflow detection in svn_stringbuf_remove and _replace + * don't ignore some of the parameters to svn_ra_svn_create_conn3 + +------------------------------------------------------------------- Old: ---- subversion-1.9.2.tar.bz2 subversion-1.9.2.tar.bz2.asc New: ---- subversion-1.9.3.tar.bz2 subversion-1.9.3.tar.bz2.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ subversion.spec ++++++ --- /var/tmp/diff_new_pack.tN1si6/_old 2015-12-17 15:54:53.000000000 +0100 +++ /var/tmp/diff_new_pack.tN1si6/_new 2015-12-17 15:54:53.000000000 +0100 @@ -36,7 +36,7 @@ %bcond_without python_ctypes %bcond_with all_regression_tests Name: subversion -Version: 1.9.2 +Version: 1.9.3 Release: 0 Summary: Subversion version control system License: Apache-2.0 ++++++ subversion-1.9.2.tar.bz2 -> subversion-1.9.3.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/subversion/subversion-1.9.2.tar.bz2 /work/SRC/openSUSE:Factory/.subversion.new/subversion-1.9.3.tar.bz2 differ: char 11, line 1 ++++++ subversion.keyring ++++++ ++++ 761 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/subversion/subversion.keyring ++++ and /work/SRC/openSUSE:Factory/.subversion.new/subversion.keyring
