From 8df5cb567db0d6f0e58adaab72c32c8a82ca9a7c2b4d86e922c91f2525c6b658 Mon Sep 17 00:00:00 2001 From: Stefan Sperling Date: Wed, 1 Jun 2011 21:59:29 +0000 Subject: [PATCH] - update to 1.6.17 includes security fixes [CVE-2011-1752, CVE-2011-1783, CVE-2011-1921] User-visible changes: * improve checkout speed on Windows (issue #3719) * make 'blame -g' more efficient on with large mergeinfo (r1094692) * avoid some invalid handle exceptions on Windows (r1095654) * preserve log message with a non-zero editor exit (r1072084) * fix FSFS cache performance on 64-bit platforms (r1103665) * make svn cleanup tolerate obstructed directories (r1091881) * fix deadlock in multithreaded servers serving FSFS repositories (r1104093) * detect very occasional corruption and abort commit (issue #3845) * fixed: file externals cause non-inheritable mergeinfo (issue #3843) * fixed: file externals cause mixed-revision working copies (issue #3816) * fix crash in mod_dav_svn with GETs of baselined resources (r1104126) See CVE-2011-1752, and descriptive advisory at http://subversion.apache.org/security/CVE-2011-1752-advisory.txt * fixed: write-through proxy could direcly commit to slave (r917523) * detect a particular corruption condition in FSFS (r1100213) * improve error message when clients refer to unkown revisions (r939000) * bugfixes and optimizations to the DAV mirroring code (r878607) * fixed: locked and deleted file causes tree conflict (issue #3525) * fixed: update touches locked file with svn:keywords property (issue #3471) * fix svnsync handling of directory copyfrom (issue #3641) * fix 'log -g' excessive duplicate output (issue #3650) * fix svnsync copyfrom handling bug with BDB (r1036429) * server-side validation of svn:mergeinfo syntax during commit (issue #3895) * fix remotely triggerable mod_dav_svn DoS See CVE-2011-1783, and descriptive advisory at http://subversion.apache.org/security/CVE-2011-1783-advisory.txt OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm:svn/subversion?expand=0&rev=47 --- subversion-1.6.16.tar.bz2 | 3 --- subversion-1.6.17.tar.bz2 | 3 +++ subversion.changes | 40 +++++++++++++++++++++++++++++++++++++++ subversion.spec | 2 +- 4 files changed, 44 insertions(+), 4 deletions(-) delete mode 100644 subversion-1.6.16.tar.bz2 create mode 100644 subversion-1.6.17.tar.bz2 diff --git a/subversion-1.6.16.tar.bz2 b/subversion-1.6.16.tar.bz2 deleted file mode 100644 index 42a3bb0..0000000 --- a/subversion-1.6.16.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dce4897d62d0dc29ab03834ed1d66ede95c07702e32a0042f96c24c6f1213386 -size 5509729 diff --git a/subversion-1.6.17.tar.bz2 b/subversion-1.6.17.tar.bz2 new file mode 100644 index 0000000..32251c8 --- /dev/null +++ b/subversion-1.6.17.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d629c657e171616d30cc0cbddf1011a065770813bfc32f78c6940d09ca868124 +size 5504298 diff --git a/subversion.changes b/subversion.changes index 8e01b4c..837b747 100644 --- a/subversion.changes +++ b/subversion.changes @@ -1,3 +1,43 @@ +------------------------------------------------------------------- +Mon May 30 14:07:41 UTC 2011 - stsp@elego.de + +- update to 1.6.17 + includes security fixes [CVE-2011-1752, CVE-2011-1783, CVE-2011-1921] + User-visible changes: + * improve checkout speed on Windows (issue #3719) + * make 'blame -g' more efficient on with large mergeinfo (r1094692) + * avoid some invalid handle exceptions on Windows (r1095654) + * preserve log message with a non-zero editor exit (r1072084) + * fix FSFS cache performance on 64-bit platforms (r1103665) + * make svn cleanup tolerate obstructed directories (r1091881) + * fix deadlock in multithreaded servers serving FSFS repositories (r1104093) + * detect very occasional corruption and abort commit (issue #3845) + * fixed: file externals cause non-inheritable mergeinfo (issue #3843) + * fixed: file externals cause mixed-revision working copies (issue #3816) + * fix crash in mod_dav_svn with GETs of baselined resources (r1104126) + See CVE-2011-1752, and descriptive advisory at + http://subversion.apache.org/security/CVE-2011-1752-advisory.txt + * fixed: write-through proxy could direcly commit to slave (r917523) + * detect a particular corruption condition in FSFS (r1100213) + * improve error message when clients refer to unkown revisions (r939000) + * bugfixes and optimizations to the DAV mirroring code (r878607) + * fixed: locked and deleted file causes tree conflict (issue #3525) + * fixed: update touches locked file with svn:keywords property (issue #3471) + * fix svnsync handling of directory copyfrom (issue #3641) + * fix 'log -g' excessive duplicate output (issue #3650) + * fix svnsync copyfrom handling bug with BDB (r1036429) + * server-side validation of svn:mergeinfo syntax during commit (issue #3895) + * fix remotely triggerable mod_dav_svn DoS + See CVE-2011-1783, and descriptive advisory at + http://subversion.apache.org/security/CVE-2011-1783-advisory.txt + * fix potential leak of authz-protected file contents + See CVE-2011-1921, and descriptive advisory at + http://subversion.apache.org/security/CVE-2011-1921-advisory.txt + Developer-visible changes: + * fix reporting FS-level post-commit processing errors (r1104098) + * fix JVM recognition on OS X Snow Leopard (10.6) (r1028084) + * allow building on Windows with recent Expat (r1074572) + ------------------------------------------------------------------- Thu Apr 21 15:57:51 CEST 2011 - pth@suse.de diff --git a/subversion.spec b/subversion.spec index c44f2c7..d00df42 100644 --- a/subversion.spec +++ b/subversion.spec @@ -41,7 +41,7 @@ %endif # suse_version > 1030 Name: subversion -Version: 1.6.16 +Version: 1.6.17 Release: 1 # in-tree SWIG version to use for the build: %define swig_version 1.3.36