From cfba1fbfb2c394517f854b3be913afe8205d63843bc26f45c442b051a3977794 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <andreas.stieger@gmx.de>
Date: Sun, 7 Apr 2013 21:04:38 +0000
Subject: [PATCH] Accepting request 163080 from
 home:AndreasStieger:branches:devel:tools:scm:svn

update to 1.7.9 [bnc#813913]

OBS-URL: https://build.opensuse.org/request/show/163080
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm:svn/subversion?expand=0&rev=112
---
 subversion-1.7.8.tar.bz2       |  3 ---
 subversion-1.7.9.tar.bz2       |  3 +++
 subversion-no-build-date.patch | 19 ++++++++++++++----
 subversion.changes             | 36 ++++++++++++++++++++++++++++++++++
 subversion.spec                |  4 ++--
 5 files changed, 56 insertions(+), 9 deletions(-)
 delete mode 100644 subversion-1.7.8.tar.bz2
 create mode 100644 subversion-1.7.9.tar.bz2

diff --git a/subversion-1.7.8.tar.bz2 b/subversion-1.7.8.tar.bz2
deleted file mode 100644
index 450b12b..0000000
--- a/subversion-1.7.8.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fc83d4d98ccea8b7bfa8f5c20fff545c8baa7d035db930977550c51c6ca23686
-size 6023912
diff --git a/subversion-1.7.9.tar.bz2 b/subversion-1.7.9.tar.bz2
new file mode 100644
index 0000000..fa76452
--- /dev/null
+++ b/subversion-1.7.9.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f8454c585f99afed764232a5048d9b8bfd0a25a9ab8e339ea69fe1204c453ef4
+size 6040347
diff --git a/subversion-no-build-date.patch b/subversion-no-build-date.patch
index bb727d6..4ec36e8 100644
--- a/subversion-no-build-date.patch
+++ b/subversion-no-build-date.patch
@@ -1,7 +1,18 @@
-Index: subversion/libsvn_subr/opt.c
+From: Andreas Stieger <andreas.stieger@gmx.de>
+Date: 2013-04-07 21:09:15 +0100
+Subject: remove build date and time from binary
+Upstream: never
+
+Prevent unneccessary rebuilds by removing date and time macros.
+
+---
+ subversion/libsvn_subr/opt.c |    5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+Index: subversion-1.7.9/subversion/libsvn_subr/opt.c
 ===================================================================
---- subversion/libsvn_subr/opt.c.orig	2012-06-13 13:59:03.000000000 +0100
-+++ subversion/libsvn_subr/opt.c	2012-08-08 19:36:46.000000000 +0100
+--- subversion-1.7.9.orig/subversion/libsvn_subr/opt.c	2013-01-04 03:05:28.000000000 +0000
++++ subversion-1.7.9/subversion/libsvn_subr/opt.c	2013-04-07 21:09:14.000000000 +0100
 @@ -1084,9 +1084,8 @@ svn_opt__print_version_info(const char *
    if (quiet)
      return svn_cmdline_printf(pool, "%s\n", SVN_VER_NUMBER);
@@ -12,5 +23,5 @@ Index: subversion/libsvn_subr/opt.c
 +  SVN_ERR(svn_cmdline_printf(pool, _("%s, version %s\n\n"), pgm_name,
 +                             SVN_VERSION));
    SVN_ERR(svn_cmdline_fputs(
-              _("Copyright (C) 2012 The Apache Software Foundation.\n"
+              _("Copyright (C) 2013 The Apache Software Foundation.\n"
                 "This software consists of contributions made by many "
diff --git a/subversion.changes b/subversion.changes
index 3062acd..9f20193 100644
--- a/subversion.changes
+++ b/subversion.changes
@@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Sun Apr  7 20:15:46 UTC 2013 - andreas.stieger@gmx.de
+
+- update to 1.7.9 [bnc#813913], addressing remotely triggerable 
+  vulnerabilities in mod_dav_svn which may result in denial of service:
+  + CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
+  + CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
+  + CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs
+  + CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs
+  + CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT
+- further changes:
+  + Client-side bugfixes:
+    * improved error messages about svn:date and svn:author props.
+    * fix local_relpath assertion
+    * fix memory leak in `svn log` over svn://
+    * fix incorrect authz failure when using neon http library
+    * fix segfault when using kwallet
+  + Server-side bugfixes:
+    * svnserve will log the replayed rev not the low-water rev.
+    * mod_dav_svn will omit some property values for activity urls
+    * fix an assertion in mod_dav_svn when acting as a proxy on /
+    * improve memory usage when committing properties in mod_dav_svn
+    * fix svnrdump to load dump files with non-LF line endings
+    * fix assertion when rep-cache is inaccessible
+    * improved logic in mod_dav_svn's implementation of lock.
+    * avoid executing unnecessary code in log with limit
+- Developer-visible changes:
+  + General:
+    * fix an assertion in dav_svn_get_repos_path() on Windows
+    * fix get-deps.sh to correctly download zlib
+    * doxygen docs will now ignore prefixes when producing the index
+    * fix get-deps.sh on freebsd
+  + Bindings:
+    * javahl status api now respects the ignoreExternals boolean
+- refresh subversion-no-build-date.patch for upstream source changes
+
 -------------------------------------------------------------------
 Wed Mar 20 11:26:40 UTC 2013 - schwab@suse.de
 
diff --git a/subversion.spec b/subversion.spec
index 6d54046..43d8559 100644
--- a/subversion.spec
+++ b/subversion.spec
@@ -46,7 +46,7 @@
 %endif
 
 Name:           subversion
-Version:        1.7.8
+Version:        1.7.9
 Release:        0
 # in-tree SWIG version to use for the build:
 %define swig_version   1.3.36
@@ -337,7 +337,7 @@ popd #./sqlite-amalgamation
 %patch20
 %patch23 -p0
 %patch31
-%patch37
+%patch37 -p1
 %patch38
 %patch39 -p1
 %patch40 -p1