Hello community, here is the log from the commit of package subversion for openSUSE:Factory checked in at 2019-08-19 23:02:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/subversion (Old) and /work/SRC/openSUSE:Factory/.subversion.new.22127 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "subversion" Mon Aug 19 23:02:36 2019 rev:167 rq:724598 version:1.12.2 Changes: -------- --- /work/SRC/openSUSE:Factory/subversion/subversion.changes 2019-08-05 11:18:39.722504155 +0200 +++ /work/SRC/openSUSE:Factory/.subversion.new.22127/subversion.changes 2019-08-19 23:02:38.107441074 +0200 @@ -9,0 +10,8 @@ +Thu Jul 25 08:26:09 UTC 2019 - Tomáš Chvátal <[email protected]> + +- Add patches to fix bsc#1142743 and bsc#1142721 CVE-2019-0203 + CVE-2018-11782: + * CVE-2018-11782.patch + * CVE-2019-0203.patch + +------------------------------------------------------------------- @@ -213,0 +222,9 @@ +Wed Aug 9 10:34:08 UTC 2017 - [email protected] + +- Apache Subversion 1.8.19 (bsc#1051362): + * A malicious, compromised server or MITM may cause svn client to + execute arbitrary commands by sending repository content with + svn:externals definitions pointing to crafted svn+ssh URLs. + CVE-2017-9800 + +------------------------------------------------------------------- @@ -237,0 +255,11 @@ +Fri Jul 7 11:17:13 UTC 2017 - [email protected] + +- Apache Subversion 1.8.18 (bsc#1026936): + This change makes Subversion resilient to collision attacks, + including SHA-1 collision attacks such as <http://shattered.io/>. + https://subversion.apache.org/faq#shattered-sha1 + * fsfs: never attempt to share directory representations + * fsfs: make consistency independent of hash algorithms + * work around an APR bug related to file truncation + +------------------------------------------------------------------- @@ -252,0 +281,30 @@ +Thu Dec 22 14:14:01 UTC 2016 - [email protected] + +- Package the 'svnauthz' binary. + +------------------------------------------------------------------- +Wed Nov 30 12:03:57 UTC 2016 - [email protected] + +- Apache Subversion 1.8.17: + * bsc#1011552 CVE-2016-8734 Unrestricted XML entity expansion in + mod_dontdothat and Subversion clients using http(s):// + * Client-side bugfixes: + + fix handling of newly secured subdirectories in working copy + + ra_serf: fix deleting directories with many files + + gpg-agent: properly handle passwords with percent characters + + merge: fix crash when merging to a local add + * Server-side bugfixes: + + fsfs: fix possible data reconstruction error + + svnlook: properly remove tempfiles on diff errors + * Client-side and server-side bugfixes: + + fix potential memory access bugs + * Bindings bugfixes: + + javahl: fix temporarily accepting SSL server certificates + + swig-pl: do not corrupt "{DATE}" revision variable + + swig-pl: fix possible stack corruption + * Developer-visible changes: + + fix inconsistent behavior of inherited property API + + fix patch filter invocation in svn_client_patch() + + fix potential build issue with invalid SVN_LOCALE_DIR + +------------------------------------------------------------------- @@ -291,0 +350,6 @@ +Thu Aug 4 14:42:36 UTC 2016 - [email protected] + +- Add patch to build with swig3 to fix build on sle12sp2+ + * subversion-swig3.patch + +------------------------------------------------------------------- @@ -498,0 +563,9 @@ +Wed Apr 1 12:13:37 UTC 2015 - [email protected] + +- Apply sec fixes for bnc#923793 bnc#923794 bnc#923795; + CVE-2015-0202 CVE-2015-0248 CVE-2015-0251: + * subversion-bnc923793.patch + * subversion-bnc923794.patch + * subversion-bnc923795.patch + +------------------------------------------------------------------- @@ -560,0 +634,7 @@ + +------------------------------------------------------------------- +Fri Jan 2 09:46:08 UTC 2015 - [email protected] + +- Sec update bnc#909935 CVE-2014-3580, CVE-2014-8108 + * subversion-CVE-2014-3580.patch + * subversion-CVE-2014-8108.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------
