From 8895d80edb06af0bf2a68f156d2202f6c3ec8d44e1e1c343e072fa99ee3ffe9f Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Fri, 30 Aug 2013 16:07:38 +0000 Subject: [PATCH] Accepting request 196924 from home:AndreasStieger:branches:devel:tools:scm:svn Apache Subversion 1.8.3 OBS-URL: https://build.opensuse.org/request/show/196924 OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm:svn/subversion?expand=0&rev=137 --- subversion-1.8.1.tar.bz2 | 3 -- subversion-1.8.1.tar.bz2.asc | 40 ------------------ subversion-1.8.3.tar.bz2 | 3 ++ subversion-1.8.3.tar.bz2.asc | 80 ++++++++++++++++++++++++++++++++++++ subversion.changes | 51 +++++++++++++++++++++++ subversion.spec | 2 +- 6 files changed, 135 insertions(+), 44 deletions(-) delete mode 100644 subversion-1.8.1.tar.bz2 delete mode 100644 subversion-1.8.1.tar.bz2.asc create mode 100644 subversion-1.8.3.tar.bz2 create mode 100644 subversion-1.8.3.tar.bz2.asc diff --git a/subversion-1.8.1.tar.bz2 b/subversion-1.8.1.tar.bz2 deleted file mode 100644 index 82ea87b..0000000 --- a/subversion-1.8.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:faaaaedba25777331e761884598af1dd9fe33631d6415b2e0ba5348867c4edb4 -size 6770843 diff --git a/subversion-1.8.1.tar.bz2.asc b/subversion-1.8.1.tar.bz2.asc deleted file mode 100644 index 444a6f6..0000000 --- a/subversion-1.8.1.tar.bz2.asc +++ /dev/null @@ -1,40 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG/MacGPG2 v2.0.19 (Darwin) -Comment: GPGTools - http://gpgtools.org - -iQIcBAABCgAGBQJR5imvAAoJEGLUj60WoN4BvzwP/AieFknMq4fcOOdEpVbju13h -lVJ+zgLz2/1v63on0sIQlTtObLhmSGKwg5Ltd0IjOnMIuIOtkdJR7xCsYTPmSuXn -qnVw6gPeleuo4qPds7nh9Mw6J9nF/pZOiOQQl6K0W+rUO78Paq/MmNYRZmbCuHjN -HTX8wl54jMQQasG5CvW/3Yr2bBPyxdiOnIdcWmfeb5gSGJSjmG+68wTZy8UAE1PK -DYb+S4hkf29JguioFU5kQ0zvl53WEPsMcwL4V++46ZP5UtPohGlTgMTiy/58pPpx -YUfFdO2lLMyvGz5ba7+BSBgkU6rkxYWr25Xh3gXlsAIK7Afe2g4Y5gUY4sMGAdQR -WJjCxkFuWfEKzcKJzVd3rvgGRB4tpFweNLg0wgb0N84yUG6g66LFt5gCIchdCNFY -M4raStNMNivNpmRmJ3O5W3YoHZtGD6xS3bf9eBS8wO3vHGqGx+h3FCK9RHbOXUO0 -XX7MF5PfHHkS0KKvAYnQiRxEWhkS1M7pR+wjngHgaTYb7oJI1t4g8J0uhTFDyfVp -IeWApWDnEatBCIB0G96eakTxJtREHSTADNNjdu3GV+2dUzLXuUKGAZTSC9RbN/qt -AHzs/JbbPPvMS9DuVv44Np1x2DmYSiO9zT5Fe501VD6Juv7oi91tD775nKV04sT9 -MMCkWNct74QP4LNb3wkz -=Ro31 ------END PGP SIGNATURE----- ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.12 (GNU/Linux) - -iQEcBAABCAAGBQJR5mILAAoJEHbXiOHtGlmc1FAH/R7npMLg5K/HcZx6QNzHmYE6 -JNGBlHSUr9SSs18IyC4DIpHS3XMWWYfkXGOUYdxerZSPpmd807i0ZutBt+Yg+A0h -rE0+xte1TIG7UTQRNCn4Eu+4rgTBuDGgAU2+oQHzmAdGWvKfBNwhLz8PF/G65lDt -0zPoeLdraUNYK4KmdiEUFv/AuLmn8bHj53aTIrrmvwKXw0ISOzRf2beFqRhVFhk1 -a483oP4uEeQdXNUwrA+Am4Ac6HZtoXrdWkTvjcEUnrNGgFacvO2fsjIUgEOUUZ5i -BBnvAE6YmEF2FVcjvqSn3zEA6WqRt8bLIKs4C+b2mir8g/bFNEcGmOEJIvk2rLA= -=1Svv ------END PGP SIGNATURE----- ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.13 (OpenBSD) - -iQEcBAABAgAGBQJR5o84AAoJEE99uqmaWblzP6AH/jijn3mD23xyWvlh8KgH2Yim -l/eWH2vVL0BEnMA9cJSfQCVTEz1YZpctoXI4IMNrzvNSxFYBuInXqxndw+JSeECQ -OHpgIgabycAfUPU8WB0vfazDH1h+7TWrOcCNy1scPR9KN28gbTd0O9/mC/jh+puh -5z1Xkjqe2ZnIoHnf/4MPDbA6OI6cKbVh055n9ylZNNbpewYHCCywmk0IGH5PCL/G -KoY1AQvGgIHwwWvE3V7A+Gqnn22bJBkx6clSyndHtXMv4VSjzN4Ek7Z//HqrVBG1 -1R+nns70OWFsFgw3RNyNyIQ1WRNUvcmY3ia6RKa8XE/8UGJlz7JkQr1KBME26JY= -=WmJm ------END PGP SIGNATURE----- diff --git a/subversion-1.8.3.tar.bz2 b/subversion-1.8.3.tar.bz2 new file mode 100644 index 0000000..e1cc2a5 --- /dev/null +++ b/subversion-1.8.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fd8817b3d96530dfcc7f0a0b5d42f80f2b704ed23aaab580b72a146383d6271b +size 6773731 diff --git a/subversion-1.8.3.tar.bz2.asc b/subversion-1.8.3.tar.bz2.asc new file mode 100644 index 0000000..168b000 --- /dev/null +++ b/subversion-1.8.3.tar.bz2.asc @@ -0,0 +1,80 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG/MacGPG2 v2.0.20 (Darwin) +Comment: GPGTools - http://gpgtools.org + +iQIcBAABCgAGBQJSFnjcAAoJEGLUj60WoN4BcBQQAKD+UZ6nFz0YI5jxxES2OGMk +H3ru1arrTpFrkHUedZ2ln4bONpLbcbJfvU81ySIqvKJ6Fz2mCGgv/ikAFvoPkmrl +Qjhp2Z7J1XMAkCXGG6xX0eyeSaq6vMFCPGoGhnVtzEcSW3rK+uaenPlozOm+Cn8o +Qtw6TTCndtwJt6FqB1Nq/00TKXjknKRfmawNRElH86OSGGIVDlzGKK1u4rnrRcIY +J+XYD4GQc873ezdxG6NSik0ZBxvGO1yM3pM4vufM55xU2LxtLzkhs8G0x5yHYPWI +0UBqBP7i1QlqeBr+O+892Xv2yPtGyfTLf22vAfJLCyWpiJyhsi9SP+zWqTKjr+rf +TYlTG5CPQfZf2k0YEJVeeuUHj/Oy47lgRSLJkFe6GQMsmM/h6XcAD2i27+RvClWE +t57qaymdtKcV4MNWfVE+9+qyq4T0MNhazyve/gV8YguJgGm0tR8jMu+kxVjLXMpk +A61skc3YoD71dIfdR9GivMxd1M2lLhCvYi+mJu8OMLYcUmLou5QA1ufKF7UsVPRH +ucaubS66dkobMBftYUSXspd51i+VqZPh4iVCRItG9UXUeyQt9nY9xSAdeYunr+6u +ab+C7EagTPaLCbYqCNFItJcO2k04loiM3uxrT7O0DPjsAzuI0QDPwDGKLJtEfXcX +hdOixrNLnynss4+j5gvu +=8MQg +-----END PGP SIGNATURE----- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) + +iQEcBAABCAAGBQJSFy9dAAoJEHbXiOHtGlmcvgMH/0mtPsSmILWIMiXm8KliT30x +CRmmb0/bDdDnV35+ifivDYycPquxDH50Gx+ZHIXrdcUjZI4425/SeuPsKCUAmbcN +veY9AnvpmWVIMOl1j4ua9WbxPKKfaIBnPOky9vV0h2cIulFJrTALlFjQgwKAobpX +J7PMuaQLliR0D84WFNw71CFEdh6gr5RIXjJ+nLZnZkSE0SVbNiA1gKu0lVha23gV +cABe1VhHbmBEvHLoz2i8WhZ6ZcHe0EjYWxWPbn7AkOhk7RaTvk8qhsMai3xTGGff +ZNmoViNQUe83YyIdxvhRLn2ksNZfupTDteDwORenOPnl2/M6vmiA/4d0qLP/Mj8= +=i6Zt +-----END PGP SIGNATURE----- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iQIcBAABCAAGBQJSHJ/zAAoJEB+wZLhO7MSTrv8P/j50HTrlUiCUuJRTgwTwaLpR +hmfFN6JCbrLg+hxGhILMZNF0yxRtt4Qb7schwk2O91EsMjh67FJX7meYjHbK7SwO +U++s4n41LFhUD8pOMxiXWk7h4G1mSX3k86CUbwbghMs01jHB9uDiXUPLMjh5/u9F +iDPI+nm56LGt3FaY/aBYKWZVkEJrgPAINwCClzoPTBdw17SJi/VTL3QVDayrGR7Q +U2S5s9RH44WZ4wb2TwoBFY5Qk7/vE4MosM8EOHTLEQCMvFz+zF5QI0c0Lzf5Vqj8 +gZRf/TneUWx4RGJ0BomzDRGMXBasCZPdHsnqjXnTPwrlJqZRRaGxbaBS07cI7AoK +Jn2akAE+zXiYD7c8o90puf6r5AF/VKtg2KeFw2dB7/AKEvV/TPcodvYqIHO/IOmr +ZDY5JU+QYPtduvw4O3sl2rODAeX0ZlVyClhUD0GVvsyvq6M6IM0iSWoW0aqYJ6I8 +UfYuX7PVgLeJrJ92UM79rJx4wivGJDZ33/L/6U3N0m2YYPDajUbBwpmV6Y5x2iyn +EvYvGTyq6eyvFYruHDigBrpwJdZgM7+ioyxMg4v6/z3tDjg+G+Dsgz5yXQ5Nq7F6 +7lBcydwWVcCgLIA40WDK1RkFPj4pLf4tTZjhELuz8JOvQ88LmFbK1NXG7fnJWHbW +Usl6ANVeK7vXV2rAMEl8 +=Bq2/ +-----END PGP SIGNATURE----- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.20 (FreeBSD) + +iQIcBAABAgAGBQJSHgGDAAoJEMSmxiXMyOHfBlQP/1HldhPQBv6FwwX8E2a+DxiG +GAGNv4eWeDLV+IkTaiFnPqtA6PNUqU32QkrJ/w81yNfGLrcevX16EXQwfFaYmJAf +AJAjZjQgry8agQJU2g0suowZZkQIXz8ODr2XyiVpEX13/o8YRiXWLtVcWncKtPsh +tVjZbRiz1ftWI58+ZoDZtBoZ9h+bkuuduIlfDMEx8NVIE5SS9Ni/tL8pBaYUmbQe +wcOxxJ7/8PE6TWwtqabK4VG96XtpNnWY7FYrtKrZjA1jyi+4e0BfTc7sSalOrpNo +j0E+6L305PcCj8JDaEzbZwSGx0Yt1UHNF01mK3HhO+npzp2VeaT3fsusd+TrhBct +4sZDGmdw2ZP2BbwGIriirPd8uV9hvgBmnyzqqH3zJYQAWYYVJ2G4cfHinv1zfPmP +pYkHEb0d5rT5dVy+bkb8PZccMEizbSQZ3G/kEoNATnsRySRoIVn20dlJcvyDgXHp +JKanorpDoWPITntNvj/MgxXCjk0wBEXDCX+LvtrWRRhAwSnu/NwsGbTl5i353AW5 +HM2gjWEFl5W9tGirxzKuwPccsgdhe0//JW5eRBP5PNN3l60Sae3g3mKAlSjGO7vY +QwDr+zfUVU+tZYtnQFhcGkbC+SPi/9258SaYqFf9eQNHa041VQ3E0AXlsuuWerjM +ThCCBshTgMljzUmLg5sZ +=2vpF +-----END PGP SIGNATURE----- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (MingW32) + +iQIcBAABAgAGBQJSH4KTAAoJEJGfb2H2rYFHy2QQANA+TLkvTc8xJSTJEKLPhDGK +hbmmfKjHXQ8PtuvDW92Si0j5zwHMlblXvRLhl4AY/WagdPa0CiEpDs7gda9KAcQI +hsGg0gFDLGLrIGeGP6RHpOCJdAmCMBJiV+q00c7n6meCuE/YP9O1ttyrms7oEOoG +7x1eZRUq9lnrvag1lh3lnNa6f84XIaVD8ZWmf63fHgCu1BA0lfvH5sZyxztoVi8A +N1v9xv3Jwa46S11no8P6aFhQGg3qSG9V//cO/stz0hj43ZtaoHlpFflgp9f08aBV +r3R3M9n7TbD6wmtvFWrBdQBo/KDApbg9ehXmyA8BOv29IY6t8lubteVsVDd2DlV8 +uZL25pnrHFs7/cyJBnRfIB2kQwkbFnXYPVexPUInoyG1mUl25+qiRld9s9W13CR8 +tlFEMmxqikKcc99ystXp16ZuwoPLRQhOGQt6++eoPYhdRWP9nn+s5kzF8mXKxPcL +vKRAXN8mlH6KgSrrkCicFsJAZnRXneKY7XR4TN89Wts3f5ClKyPUrlOkNPKjMN0o +Y150LvXHf+SwdxtL3pB4c0Stv5glginampAWNxigrxEWg/dq/QY+b/ADKAAcYSA/ +3GYvRo/le5vxb3EJJw9h1pprhlRsyyKgXNvKjLSdvSpHylIiR8b+RIajAfk5pBfN +gCkBaJWMIrSX2i0yn84/ +=sUSb +-----END PGP SIGNATURE----- diff --git a/subversion.changes b/subversion.changes index 44a9e6c..99e0335 100644 --- a/subversion.changes +++ b/subversion.changes @@ -1,3 +1,54 @@ +------------------------------------------------------------------- +Fri Aug 30 16:00:16 UTC 2013 - andreas.stieger@gmx.de + +- update to 1.8.3 + CVE-2013-4246: fsfs: corruption from editing packed revision properties + CVE-2013-4262: admin-side tools: symlink attack against pid file + CVE-2013-4277: svnserve: symlink attack against pid file +- User-visible changes: + - Client- and server-side bugfixes: + * translation updates for Swedish + * enforce strict version equality between tools and libraries + * consistently output revisions as "r%ld" in error messags + - Client-side bugfixes: + * status: always use absolute paths in XML output + * ra_serf: 'svn log -v' fails with a 1.2.x server + * ra_serf: fix crash when committing cp with deep deletion + * diff: issue an error for files that can't fit in memory + * svnmucc: generate proper error for mismatched URLs + * update: fix a crash when a temp file doesn't exist + * commit & update: improve sleep for timestamps performance + * diff: continue on missing or obstructing files + * ra_serf: use runtime serf version for User-Agent + * ra_serf: ignore case when checking certificate common names + * ra_serf: format distinguished names properly + * ra_serf: do not retry HTTP requests if we started to parse them + * ra_serf: output ssl cert verification failure reason + * ra_serf: allow session reuse after SVN_ERR_CEASE_INVOCATION + * ra_serf: include library version in '--version' output + * info: fix spurious error on wc root with child in conflict + - Server-side bugfixes: + * svnserve: fix creation of pid files + * svnadmin: fix output encoding in non-UTF8 environments + * svnsync: fix high memory usage when running over ra_serf + * mod_dav_svn: do not map requests to filesystem + * svnauthz: improve help strings + * fsfs: fixed manifest file growth with revprop changes + * fsfs: fix packed revprops causing loss of revprops + - Other tool improvements and bugfixes: + * svnwcsub/irkerbridge: fix symlink attack via pid file + + Developer-visible changes: + - General: + * describe APR unimplemented errors as coming from APR + * mod_dav_svn: update INSTALL to reflect configure defaults + * davautocheck: use the correct apxs binary by default + - API changes: + * svn_config_walk_auth_data() config_dir arg: permit NULL) + - Bindings: + * swig-pl: fix SVN::Client not honoring config file settings + * swig-pl & swig-py: disable unusable svn_fs_set_warning_func + ------------------------------------------------------------------- Wed Jul 24 17:37:14 UTC 2013 - andreas.stieger@gmx.de diff --git a/subversion.spec b/subversion.spec index 3a54342..1c3fd33 100644 --- a/subversion.spec +++ b/subversion.spec @@ -46,7 +46,7 @@ %define svnuser svn Name: subversion -Version: 1.8.1 +Version: 1.8.3 Release: 0 # in-tree SWIG version to use for the build: %define swig_version 1.3.36