commit subversion for openSUSE:Factory

h_root Mon, 08 Apr 2013 22:10:42 -0700

Hello community,

here is the log from the commit of package subversion for openSUSE:Factory 
checked in at 2013-04-09 07:10:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/subversion (Old)
 and      /work/SRC/openSUSE:Factory/.subversion.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "subversion", Maintainer is "dmuel...@suse.com"

Changes:
--------
--- /work/SRC/openSUSE:Factory/subversion/subversion.changes    2013-03-22 
09:22:02.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.subversion.new/subversion.changes       
2013-04-09 07:10:27.000000000 +0200
@@ -1,0 +2,36 @@
+Sun Apr  7 20:15:46 UTC 2013 - andreas.stie...@gmx.de
+
+- update to 1.7.9 [bnc#813913], addressing remotely triggerable 
+  vulnerabilities in mod_dav_svn which may result in denial of service:
+  + CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
+  + CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
+  + CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant 
URLs
+  + CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity 
URLs
+  + CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT
+- further changes:
+  + Client-side bugfixes:
+    * improved error messages about svn:date and svn:author props.
+    * fix local_relpath assertion
+    * fix memory leak in `svn log` over svn://
+    * fix incorrect authz failure when using neon http library
+    * fix segfault when using kwallet
+  + Server-side bugfixes:
+    * svnserve will log the replayed rev not the low-water rev.
+    * mod_dav_svn will omit some property values for activity urls
+    * fix an assertion in mod_dav_svn when acting as a proxy on /
+    * improve memory usage when committing properties in mod_dav_svn
+    * fix svnrdump to load dump files with non-LF line endings
+    * fix assertion when rep-cache is inaccessible
+    * improved logic in mod_dav_svn's implementation of lock.
+    * avoid executing unnecessary code in log with limit
+- Developer-visible changes:
+  + General:
+    * fix an assertion in dav_svn_get_repos_path() on Windows
+    * fix get-deps.sh to correctly download zlib
+    * doxygen docs will now ignore prefixes when producing the index
+    * fix get-deps.sh on freebsd
+  + Bindings:
+    * javahl status api now respects the ignoreExternals boolean
+- refresh subversion-no-build-date.patch for upstream source changes
+
+-------------------------------------------------------------------

Old:
----
  subversion-1.7.8.tar.bz2

New:
----
  subversion-1.7.9.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ subversion.spec ++++++
--- /var/tmp/diff_new_pack.Ok4Qe4/_old  2013-04-09 07:10:31.000000000 +0200
+++ /var/tmp/diff_new_pack.Ok4Qe4/_new  2013-04-09 07:10:31.000000000 +0200
@@ -46,7 +46,7 @@
 %endif
 
 Name:           subversion
-Version:        1.7.8
+Version:        1.7.9
 Release:        0
 # in-tree SWIG version to use for the build:
 %define swig_version   1.3.36
@@ -337,7 +337,7 @@
 %patch20
 %patch23 -p0
 %patch31
-%patch37
+%patch37 -p1
 %patch38
 %patch39 -p1
 %patch40 -p1

++++++ subversion-1.7.8.tar.bz2 -> subversion-1.7.9.tar.bz2 ++++++
++++ 6076 lines of diff (skipped)

++++++ subversion-no-build-date.patch ++++++
--- /var/tmp/diff_new_pack.Ok4Qe4/_old  2013-04-09 07:10:36.000000000 +0200
+++ /var/tmp/diff_new_pack.Ok4Qe4/_new  2013-04-09 07:10:36.000000000 +0200
@@ -1,7 +1,18 @@
-Index: subversion/libsvn_subr/opt.c
+From: Andreas Stieger <andreas.stie...@gmx.de>
+Date: 2013-04-07 21:09:15 +0100
+Subject: remove build date and time from binary
+Upstream: never
+
+Prevent unneccessary rebuilds by removing date and time macros.
+
+---
+ subversion/libsvn_subr/opt.c |    5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+Index: subversion-1.7.9/subversion/libsvn_subr/opt.c
 ===================================================================
---- subversion/libsvn_subr/opt.c.orig  2012-06-13 13:59:03.000000000 +0100
-+++ subversion/libsvn_subr/opt.c       2012-08-08 19:36:46.000000000 +0100
+--- subversion-1.7.9.orig/subversion/libsvn_subr/opt.c 2013-01-04 
03:05:28.000000000 +0000
++++ subversion-1.7.9/subversion/libsvn_subr/opt.c      2013-04-07 
21:09:14.000000000 +0100
 @@ -1084,9 +1084,8 @@ svn_opt__print_version_info(const char *
    if (quiet)
      return svn_cmdline_printf(pool, "%s\n", SVN_VER_NUMBER);
@@ -12,5 +23,5 @@
 +  SVN_ERR(svn_cmdline_printf(pool, _("%s, version %s\n\n"), pgm_name,
 +                             SVN_VERSION));
    SVN_ERR(svn_cmdline_fputs(
-              _("Copyright (C) 2012 The Apache Software Foundation.\n"
+              _("Copyright (C) 2013 The Apache Software Foundation.\n"
                 "This software consists of contributions made by many "

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit subversion for openSUSE:Factory

Reply via email to