diff --git a/subversion-1.6.12.tar.bz2 b/subversion-1.6.12.tar.bz2 deleted file mode 100644 index 61483cc..0000000 --- a/subversion-1.6.12.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8ebf17fb173ff9c482a72deaaf756c3ca595c99da15fc8f1f8f4310609284c8f -size 5476628 diff --git a/subversion-1.6.13.tar.bz2 b/subversion-1.6.13.tar.bz2 new file mode 100644 index 0000000..b94e11d --- /dev/null +++ b/subversion-1.6.13.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3a30327bdb04109f369586196ee4a6993cdab2cfa85c3134549f02c229bf0d15 +size 5513370 diff --git a/subversion-neon-systemproxy.patch b/subversion-neon-systemproxy.patch new file mode 100644 index 0000000..d775852 --- /dev/null +++ b/subversion-neon-systemproxy.patch @@ -0,0 +1,50 @@ +Index: subversion/libsvn_ra_neon/session.c +=================================================================== +--- subversion/libsvn_ra_neon/session.c.orig ++++ subversion/libsvn_ra_neon/session.c +@@ -885,6 +885,17 @@ svn_ra_neon__open(svn_ra_session_t *sess + } + #endif + } ++#ifdef SVN_NEON_0_29 ++ else ++ { ++ /* If we do not have any proxy specified for this host and ++ we're running a new enough neon implementation, we use ++ neon's session proxy autodetection (via libproxy). */ ++ ne_session_system_proxy(sess, 0); ++ ne_session_system_proxy(sess2, 0); ++ } ++#endif ++ + + if (!timeout) + timeout = DEFAULT_HTTP_TIMEOUT; +Index: build/ac-macros/neon.m4 +=================================================================== +--- build/ac-macros/neon.m4.orig ++++ build/ac-macros/neon.m4 +@@ -69,6 +69,11 @@ AC_DEFUN(SVN_LIB_NEON, + [Define to 1 if you have Neon 0.28 or later.]) + fi + ++ if test -n ["`echo "$NEON_VERSION" | grep '^0\.29\.'`"] ; then ++ AC_DEFINE_UNQUOTED([SVN_NEON_0_29], [1], ++ [Define to 1 if you have Neon 0.29 or later.]) ++ fi ++ + for svn_allowed_neon in $NEON_ALLOWED_LIST; do + if test -n "`echo "$NEON_VERSION" | grep "^$svn_allowed_neon"`" || + test "$svn_allowed_neon" = "any"; then +@@ -160,6 +165,11 @@ AC_DEFUN(SVN_NEON_CONFIG, + [Define to 1 if you have Neon 0.28 or later.]) + fi + ++ if test -n ["`echo "$NEON_VERSION" | grep '^0\.29\.'`"] ; then ++ AC_DEFINE_UNQUOTED([SVN_NEON_0_29], [1], ++ [Define to 1 if you have Neon 0.29 or later.]) ++ fi ++ + for svn_allowed_neon in $NEON_ALLOWED_LIST; do + if test -n "`echo "$NEON_VERSION" | grep "^$svn_allowed_neon"`" || + test "$svn_allowed_neon" = "any"; then diff --git a/subversion.changes b/subversion.changes index cf45deb..a2180ff 100644 --- a/subversion.changes +++ b/subversion.changes @@ -1,3 +1,42 @@ +------------------------------------------------------------------- +Sat Oct 2 20:36:52 UTC 2010 - pascal.bleser@opensuse.org + +- fixes CVE-2010-3315: + http://subversion.apache.org/security/CVE-2010-3315-advisory.txt + (only affects certain scenarios when using "SVNPathAuthz short_circuit") + +- update to 1.6.13: + * don't drop properties during foreign-repo merges (issue #3623) + * improve auto-props failure error message (r961970) + * improve error message for 403 status with ra_neon (r876615) + * don't allow 'merge --reintegrate' for 2-url merges (r959004) + * improve handling of missing fsfs.conf during hotcopy (r980811, -1449) + * escape unsafe characters in a URL during export (issue #3683) + * don't leak stale locks in FSFS (r959760) + * better detect broken working copies during update over ra_neon (r979045) + * fsfs: make rev files read-only (r981921) + * properly canonicalize a URL (r984928, -31) + * fix wc corruption with 'commit --depth=empty' (issue #3700) + * permissions fixes when doing reintegrate merges (related to issue #3242) + * fix mergeinfo miscalculation during 2-url merges (issue #3648) + * fix error transmission problems in svnserve (r997457, -66) + * fixed: record-only merges create self-referential mergeinfo (issue #3646) + * fixed: 'SVNPathAuthz short_circuit' unsolicited read access (issue #3695) + * make 'svnmucc propset' handle existing and non-existing URLs (r1000607) + * add new 'propsetf' subcommand to svnmucc (r1000612) + * emit a warning about copied dirs during ci with limited depth (r1002094) + * make ruby bindings compatible with Ruby 1.9 (r957507) + * use the repos verify API in JavaHL (r948916) + * teach ra_serf to parse md5 checksums with update editors (r979429) + * let ra_serf work with current serf releases (r879757, r880320, r943796) + +------------------------------------------------------------------- +Mon Sep 27 10:31:48 UTC 2010 - dimstar@opensuse.org + +- Add subversion-neon-systemproxy.patch: Use Neon's system-proxy + feature that was introduced in neon 0.29. In the background, neon + uses libproxy to get the right information from the session. + ------------------------------------------------------------------- Mon Sep 20 16:22:25 UTC 2010 - cristian.rodriguez@opensuse.org diff --git a/subversion.spec b/subversion.spec index 0a59428..8f1497d 100644 --- a/subversion.spec +++ b/subversion.spec @@ -1,5 +1,5 @@ # -# spec file for package subversion (Version 1.6.12) +# spec file for package subversion (Version 1.6.13) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2009-2010 Pascal Bleser @@ -41,7 +41,7 @@ %endif # suse_version > 1030 Name: subversion -Version: 1.6.12 +Version: 1.6.13 Release: 1 # in-tree SWIG version to use for the build: %define swig_version 1.3.36 @@ -159,6 +159,8 @@ Patch33: subversion.header_wrappers.patch Patch35: subversion.java14.patch Patch36: subversion-ctypes-remove_shebang.patch Patch37: subversion-no-build-date.patch +# PATCH-FEATURE-UPSTREAM subversion-neon-systemproxy.patch dimstar@opensuse.org -- Use system proxy offered by neon, if no specific config is used (Thus, actually using libproxy in the background to use 'the right proxy' as configured in the system). +Patch38: subversion-neon-systemproxy.patch # %if %with_ruby %if %{!?rb_arch:1}0 @@ -223,7 +225,7 @@ http://subversion.tigris.org/tools_contrib.html %package perl -License: ASLv.. ; Subversion License, http://subversion.tigris.org/license-1.html +License: ASLv2 ; Subversion License, http://subversion.tigris.org/license-1.html Group: Development/Tools/Version Control Summary: Allows Perl scripts to directly use Subversion repositories Requires: subversion = %{version} @@ -236,7 +238,7 @@ Provides Perl (SWIG) support for Subversion. %package python -License: ASLv.. ; Subversion License, http://subversion.tigris.org/license-1.html +License: ASLv2 ; Subversion License, http://subversion.tigris.org/license-1.html Group: Development/Tools/Version Control Summary: Allows Python scripts to directly use Subversion repositories Requires: subversion = %{version} @@ -345,6 +347,7 @@ popd #./sqlite-amalgamation %patch35 %patch36 -p0 %patch37 +%patch38 %if 0%{?sles_version} == 9 %__grep -rwl '/usr/bin/python' . | xargs %__sed -i 's|/usr/bin/python|%{_usr}/bin/python2.5|g' %__grep -rwl '/usr/bin/env python' . | xargs %__sed -i 's|/usr/bin/env python|%{_usr}/bin/python2.5|g' @@ -358,6 +361,8 @@ SQLITE_RECOMMENDED_VER=$(grep -E '^SQLITE_RECOMMENDED_VER=' configure.ac|cut -f2 } %build +# Re-boot strap, needed for patch37 +./autogen.sh # This package failed when testing with -Wl,-as-needed being default. # So we disable it here, if you want to retest, just delete this comment and the line below. export SUSE_ASNEEDED=0