Accepting request 163081 from devel:tools:scm:svn

update to 1.7.9 [bnc#813913] (forwarded request 163080 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/163081 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/subversion?expand=0&rev=95
2013-04-09 05:10:24 +00:00 · 2013-04-09 05:10:24 +00:00 · 6d74050b0c
commit 6d74050b0c
parent 3bd903004f cfba1fbfb2
5 changed files with 56 additions and 9 deletions
--- a/subversion-1.7.8.tar.bz2
+++ b/subversion-1.7.8.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fc83d4d98ccea8b7bfa8f5c20fff545c8baa7d035db930977550c51c6ca23686
-size 6023912
--- a/subversion-1.7.9.tar.bz2
+++ b/subversion-1.7.9.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f8454c585f99afed764232a5048d9b8bfd0a25a9ab8e339ea69fe1204c453ef4
+size 6040347
--- a/subversion-no-build-date.patch
+++ b/subversion-no-build-date.patch
@ -1,7 +1,18 @@
-Index: subversion/libsvn_subr/opt.c
+From: Andreas Stieger <andreas.stieger@gmx.de>
+Date: 2013-04-07 21:09:15 +0100
+Subject: remove build date and time from binary
+Upstream: never
+
+Prevent unneccessary rebuilds by removing date and time macros.
+
+---
+ subversion/libsvn_subr/opt.c |    5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+Index: subversion-1.7.9/subversion/libsvn_subr/opt.c
 ===================================================================
--- subversion/libsvn_subr/opt.c.orig	2012-06-13 13:59:03.000000000 +0100
-+++ subversion/libsvn_subr/opt.c	2012-08-08 19:36:46.000000000 +0100
+--- subversion-1.7.9.orig/subversion/libsvn_subr/opt.c	2013-01-04 03:05:28.000000000 +0000
+++ subversion-1.7.9/subversion/libsvn_subr/opt.c	2013-04-07 21:09:14.000000000 +0100
@@ -1084,9 +1084,8 @@ svn_opt__print_version_info(const char *
   if (quiet)
     return svn_cmdline_printf(pool, "%s\n", SVN_VER_NUMBER);
@ -12,5 +23,5 @@ Index: subversion/libsvn_subr/opt.c
 +  SVN_ERR(svn_cmdline_printf(pool, _("%s, version %s\n\n"), pgm_name,
 +                             SVN_VERSION));
   SVN_ERR(svn_cmdline_fputs(
-              _("Copyright (C) 2012 The Apache Software Foundation.\n"
+              _("Copyright (C) 2013 The Apache Software Foundation.\n"
                "This software consists of contributions made by many "
--- a/subversion.changes
+++ b/subversion.changes
@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Sun Apr  7 20:15:46 UTC 2013 - andreas.stieger@gmx.de
+
+- update to 1.7.9 [bnc#813913], addressing remotely triggerable 
+  vulnerabilities in mod_dav_svn which may result in denial of service:
+  + CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
+  + CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
+  + CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs
+  + CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs
+  + CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT
+- further changes:
+  + Client-side bugfixes:
+    * improved error messages about svn:date and svn:author props.
+    * fix local_relpath assertion
+    * fix memory leak in `svn log` over svn://
+    * fix incorrect authz failure when using neon http library
+    * fix segfault when using kwallet
+  + Server-side bugfixes:
+    * svnserve will log the replayed rev not the low-water rev.
+    * mod_dav_svn will omit some property values for activity urls
+    * fix an assertion in mod_dav_svn when acting as a proxy on /
+    * improve memory usage when committing properties in mod_dav_svn
+    * fix svnrdump to load dump files with non-LF line endings
+    * fix assertion when rep-cache is inaccessible
+    * improved logic in mod_dav_svn's implementation of lock.
+    * avoid executing unnecessary code in log with limit
+- Developer-visible changes:
+  + General:
+    * fix an assertion in dav_svn_get_repos_path() on Windows
+    * fix get-deps.sh to correctly download zlib
+    * doxygen docs will now ignore prefixes when producing the index
+    * fix get-deps.sh on freebsd
+  + Bindings:
+    * javahl status api now respects the ignoreExternals boolean
+- refresh subversion-no-build-date.patch for upstream source changes
+
 -------------------------------------------------------------------
 Wed Mar 20 11:26:40 UTC 2013 - schwab@suse.de

--- a/subversion.spec
+++ b/subversion.spec
@ -46,7 +46,7 @@
 %endif

 Name:           subversion
-Version:        1.7.8
+Version:        1.7.9
 Release:        0
 # in-tree SWIG version to use for the build:
 %define swig_version   1.3.36
@ -337,7 +337,7 @@ popd #./sqlite-amalgamation
 %patch20
 %patch23 -p0
 %patch31
-%patch37
+%patch37 -p1
 %patch38
 %patch39 -p1
 %patch40 -p1