Accepting request 265817 from home:AndreasStieger:branches:devel:tools:scm:svn

Apache Subversion 1.8.11 [boo#909935]
  * CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests.
  * CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction
    names.

OBS-URL: https://build.opensuse.org/request/show/265817
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm:svn/subversion?expand=0&rev=190

subversion-1.8.10.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1cc900c8a7974337c3ed389dc6b5c59012ec48c7d4107ae31fd7c929ded47dcc
-size 6899384

subversion-1.8.10.tar.bz2.asc

@@ -1,104 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
-Comment: GPGTools - http://gpgtools.org
-
-iQIcBAABCgAGBQJT3DoRAAoJEGLUj60WoN4B4A4P/jKbmO69Lnl85mSLKFAB6WQ5
-UjZ6LXAr5CyeOv6nbGvk091cK4o21nJcvGMseXs7LaSIDt+GlX7DknZP2ZuAiFJB
-eKS+vmYcD4QwhuXP+PuvjfAoSuYstDU/4uZkfhxo6tnVdejZoPO6oXReUyqm93cx
-YQm3TXrtxnzqpSHTLrcHmwnCpXbyIsvqLaAW7SSY65cpRJIRiEXNM4dIwoqmej1C
-O5QwRCap7THyGHIYLGBb4Td7d2svbkdpIqJQHaEtu0YT2PP9h28Zquj5ez8jkK93
-cgLGEZfluJdUuOAtEWhOsNY5/chkv/tNS80G7jsOFtiVJJ2G/A2tpPgsNOO86qK4
-lSdcsIi7XUe23NUR20z26eN5A+kH4ODbQ22Q3HTuFVEThfEnpkHXc8mHOpm2QiGz
-Uh5GDNr+oGuxfM3zP4Cl2SGb9NICor0t3s6/EWcRTF4T1+zIICioYybKiSMI5llJ
-H80uIkDhebxtAMcUs3vfmrpuVK+Bk3m2f74K9CWTl+yZzvifw7+NANIr3suoTp6U
-6/8ZAQdWw/ZXNsEvj9NLq91ycWxPUQrNjOBU0AR/3O40h+4T2rgJmZXnCwjJykvp
-yUU/+rUXigNZYRtos0UczdtQBiaR+aw2TqvY/vrbgihIOP/+Ko2KJtpVxEccNDqu
-8FaqvQ6yh+S9u9C/t1wr
-=CHBU
------END PGP SIGNATURE-----
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJT4MGnAAoJEMSmxiXMyOHf/jUP/2p4WDz4yr0hf7TcFGcTHEmW
-pfclsdNKrTfmuIIL1JKNOb+ov0+xHv8k7qJqkjA+2G/G35P8IPTn44u7qwBEYrwB
-wgbl5w4kszy9lHzr0Z+8MAUz4wbBkixqqKoteEhLnhT89ez4Hx3xdga0jqdwDqqK
-Bm3GNB6VwuThy6vKEHSK9712zTOC0oVy/ZYpYh6YMLKg+Ga3Zm6ZXK1uY5ns0ZrQ
-apftYVbWZyaNTVL53mAjBNW1VQoNLp2BqCwuolk6eiQEWbO2GeS5+h90hy+/jjhw
-LMzZkk5SRwp9i0OjYqgyEjs3M2sM9JK2bnUGBO2+fQ4WXPkn8fZH0kVVnijQaldB
-k+mYASEok332Ad2STBkGC3TvDInkQU4gVf/A8hJFlpPf1zUUuF1lGMnJQYBSUW0z
-a/1ULW3wMasEGwak58gZ88wwxp/EvXccrSSoGyPbKr0N+n4uLKqLh09hDd6JLJMN
-ZrzNu7c8ecBW8jPNCkbVdIvW+rDpMYt0NKsM//ZfzFYb3TLghrMRqvXszkXbkwEG
-i8TfFg23p0IlW8DED2U0G2azhtT/+rA9OK6/feUIrPNtceLFI6Y8y7bmh4tBK9ix
-ALkTWyy4PJ1Gk3E1U+goaZ2AnHv6ojE+YbhLWtEJDmpCYbAjdSG957Eh7hWNpDse
-MQWZBxA4TkzZp5t3bKag
-=E2Nu
------END PGP SIGNATURE-----
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJT4M0mAAoJEJnsdBtXkhrMZpcP/iknr6jmy4IaF8nlF4PjpatY
-Vtw4EjTDdgrIL5fbdf7gvcxID1xh3tTX+m9WsnG2NPUO3jGum5kdfPwGppi7r9PW
-AFbuz5yMD5PO1tZ02hfyGOVUCO1JhFx9BNCIYRr6Cyj2mT/pLxllQ32GMX+JcaVi
-jS6ww5kJP8lhyyN/fsIjIa48vqKB/Rbj+G02rPsKrjQDO5nVYvx7CN/QTFEFa8qM
-JyVUmM9fmeyuyFkbdvLi/C5JNslKt2F2MICCpAdCkaAdn7hBLHzHu4JKbmQPpfRM
-hkYHwWh5WaOR1xZSpvmrwjvhBLQZo0w33K7PQMxJzxtwssVVpJczv6J3p/ql0kVe
-pCY20969O2DS5ps9C2UPMa4RWI1dmX8kr8Fj/QE0yZ5/iU2h5TpDzsOz2lZkI1PG
-eQtuB5masrPOPm/8x92AIaswT7V70z6b/KbTUKE+jjoVo44H4hE4rSqgWKhswSPF
-wcvNQUKYLU2tRK/RFZ5GgzUlTA71Iegv+dpJ4p/F+OGNmtjxL1foAFetTKYUvqoH
-gLexaUBSqxCmatNvut5q5teZvLkBbzXQVRnPTrqCGP27OT+I/KnF12YdEB5XDmHD
-AW+vkge/9sutwtKuboTzptFjFVCNfLe92/D7ijKMFt5TMwqc86qeji7WP0XvNhmS
-O0bbjFmF2hG2XgqviZAG
-=iOns
------END PGP SIGNATURE-----
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.12 (GNU/Linux)
-
-iQEcBAABCAAGBQJT4oqEAAoJEHbXiOHtGlmcbgoH/2xKn6D3Sa26qLEgrqAbKKV2
-HznybHbM5fFLqdBIQLNYkNVJxwsuDv5l6XPt++HGdgAKmYkb+lMTQIkHFeRbS3b6
-N25BMNt9gGzaN03x2TSt4MjUO4ofsqB/aVIXLAHYLNzEDQV8sXmJcW/AlizP3h6L
-Ph5sScc5NhMBU4f2zI15ZElMgNdNYU9wYHapcAaGVzOmwl2wvyNmqgvxAyYp+WQS
-80c39X5eFDgYYZkA3gyA4Dqy/sOeMxobXE5afHZBjPtMPYZAXnmAMIsRkDg9dF/t
-GkmuiRPj/Zbl7CA2pymqGyLhQQjfzA1duFMqecqjxIh7g+0eluV+2oDcNrKQNx0=
-=NP+p
------END PGP SIGNATURE-----
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQEcBAABAgAGBQJT5e7pAAoJEE99uqmaWblzKfQIAMEkGzKzDtg4hbJk4ErT90Fl
-Oe5juOru+8SAA3qSFAUzmBaHD5/AY3+5qznwI9ufntiwLdbA/a3t9ZoZu5/Arsp8
-SASxlQnpygMSHgFRLbo7YfzAqvfgOBBt+dc9XjnO+Vyiq36WzuGumyfhw01LNXyt
-I2NYFBFKlgOrJ7ftR6wy1k/Y/gBIfVhkfEKLCU7luIRQUPZCaGXkddMpPtlnNOxE
-npLQr2vTmUqJBtARKuCwut9hpAv28u+Cv3LJqEVQH1FeZwnASujDuuKh0vkz6U9C
-dD0+PPAsSmmhSqbxdtWa34AdpJtriSq1caYaFLc21ljx4q1fTeTaJrbr4s4VX3g=
-=igqi
------END PGP SIGNATURE-----
------BEGIN PGP SIGNATURE-----
-Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
-Comment: GPGTools - http://gpgtools.org
-
-iQEcBAABCgAGBQJT5zeLAAoJECm4ktDIYoUBd40H/jbOYMaHTr0dmeVAxAFPKL6Y
-WS6AakEYLqC8O9viJH/o0KlqHAaCwQgW8koNQXktqp4lIczqjrzXMDul8ijj4PwY
-BK6f6If+0qf/OXwla4VEe2lCgopf7feqfx+paxPO3iTdHoH5h99LvHEfv00w0kgw
-Q5VZS4ON57ppHy2YPqhDvxnzyPXpuTiKLckVck6LZVMC1tFzKZZkGa8/hk+l0ePv
-/lxXe5IZCNCBbW1LoWJsbObo8FR0trvbV/QxnU0h3Li+W5p17lMNUxEqEZrpciir
-CGOJG7cVxapTF9oTnzq7gxo0VAR+YzC3Frho0yn4PuNrl2/j8WkxChj6uEkyJL0=
-=jT/h
------END PGP SIGNATURE-----
------BEGIN PGP SIGNATURE-----
-Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
-Comment: GPGTools - http://gpgtools.org
-
-iQIcBAABCgAGBQJT5zfDAAoJEBvKZYajR5Q/6PYP/0KE1k7lU3nvWEniMxlS5sDe
-6sGioT/sfE+WP80CN6lSnrYqPQ9zwiYXyLXoRpbXFxwdMNa/FlaYVuKLlm1QjrQo
-YH+L1Juc2na9a/RyjJFhDLiM9NHVdOAI+Y8DruDgFLE5fr0wXX8eS2xhkx5qOtNT
-DUhgc3BrREKkUmkC+KEFWpmGZ2lPktzVF49fGVTtzN96CMDb1MAlbdod1ovSUEvk
-3OkpWyEajbI1Jlb16IhP40EJui4pPR+NXMJuKz9yk/RMwqYdrTQNCJ9jIwroY0dl
-RINel4af/eyAW+J3b8CBmkT/wbj+bNLU4yqDPHtS33ROgDrlesK8Mh6TYXKtBFlk
-qYLproAInWTg/ytcNorgN7CHQ2c+qAGYO3kEszX9yHSffOBzugRR3+HbOi/iWWsa
-9NuSOT3j+qWRXa/gb7V6765XxBa7E/FpIVVWLj8zH6JicyCj/s009RGKLeHb3DnG
-uXn4dmhQeF0g2wCTc3M2TmPDD/R5oAQ0NQTBspVe/r4wA2r9CcnlqUap0bO6BeMx
-dntEz4EJhArcr+y9nVfXOpcOW9sNTUKTiNaU8qNIppk4YAbSPzXm6oN7oCPw1WnR
-Uk1NHifM3z1eKqJUXI7r7p/ihqYEiUMieY/JI0r5Myk2kVfzgypYxDTXcvdNEmb1
-wbmImtWCd5zTHFeukj8Q
-=GI1I
------END PGP SIGNATURE-----

subversion-1.8.11.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:10b056420e1f194c12840368f6bf58842e6200f9cb8cc5ebbf9be2e89e56e4d9
+size 6896225

subversion-1.8.11.tar.bz2.asc

@@ -0,0 +1,91 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
+Comment: GPGTools - http://gpgtools.org
+
+iQIcBAABCgAGBQJUhsCuAAoJEGLUj60WoN4B3ZQP+waAiBekRzdNMpVMoIeiwYQ6
+b7ckiviga4akuvuWr+YtMQy28CniA0fztk+4Hr3ZCv0NH+F6IC9RJ5szq2qdjxEK
+aGZ/ED2ci/zvHWzbbKWrqXetSbrJsLwPlADiLqp86Zvy0/yWdHPP9ZX9yoJYdRyB
+SJKV8iq51z+IbpFWFYzTTUSjSbdgpxFsJj2BCNWv4SKo5YcjosVfSaE8TUpvOL/2
+gO1OKCrjpmD7Jbh/xF+eK21/r3wvlkHs2r1uQXS2ZC7VNJ5RaQZFC4zTq9sLbhqF
+dM5//LvusKr6wSeJ1C2M8wURO4ZCB3T+0685XX3ZuNcXAqwRaAzzkZDpxk7LPAnt
+EJWK4QsclIUjpGmKVbS5XFq47MDCg6MarGUAOW9cH2Jr2hRbQ7LicSemBAHBsMi5
+17tB3TyIgaMiK+TLZsK4s1qkGFJCQwa/kYno7gRerefY5vEPDQLsfRq1SKRIuoJJ
+/+lz/SeFcH7Lm0ycOnuFw8bdWMfL7Ur6tfsW20to9F1TdRMEe6gmI/lOFHcsv3+K
+Kn08dSWJsKVuzTLqAjt+FjrkJyXcip8M/4oCY14XB2Gmeb0hDp83+5GhvDqi8TPR
+p5qMuqYExUJKU6XUCD9V4kJzt03GAgHWehPsTgtBYiIv9MjW3sQBn2MwEfzzpi0j
+D+Jo+h8I1UF/IGADWFpM
+=fzSr
+-----END PGP SIGNATURE-----
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJUhwl9AAoJEMSmxiXMyOHf+f8P+QF5IRdKJvYx2caSf1RgV35E
+JGsaXSDyG/097ye/vbpdoa0ylQ6zGY99bVPwjALO5+CesXUlcLvgayvhWyqwW38t
+m9BUzXDKl5E3I7P55R+F3oxYs0vSt+j4dASwcDK2kYwbaP6SrLR5NH311zuMQJRL
+DV7v8PdnzlAMqSkP892JeMt41Mrgn05axtDLxBghMl3cL1TyPA3iLuDQx1Rritj5
+fKKICbE3JAgEcNe2fApchwToTQ1PmQb7ydKZyEiI3nOYiSbx/sCrJI+hnq8Zpysv
+CdilI61/ZF2+rfx2tY4sk9TC89MSgkHY2ye+8Lj+BlpCFj5/176DtAZiOnB381i/
+/FnYZwoasTKfL599NLa6W6E6iftphkJHhtGOJmJGxS8pjmcd/DhSXOMuWiP7h76B
+xJeM5qpAog761PU6HksGVeXv+jVMavOnw0QM87/dUaPwUIMTOHZEf4k3Tin1NvjQ
+hgkUQEcr3botwimPPJ7V3o4giBw7RcaMcJX7KNjTKvo6jn71Vi//ah1BmyNH0XQJ
+Q1RpMFkr0z5WBedS9WMYVX4Jl6w8WBmx4svr95fkpkS/FLF2Okvd4ttbvnZpnsEm
+L3UIZgxtg4efP53Dc7SrZf1wAMY1sQ2KUaQLldGUhbGunyFtUBY8XOjQJdKJw2HF
+Rp8rysLK+pnKuWYvUmDj
+=UUab
+-----END PGP SIGNATURE-----
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAABAgAGBQJUhzR6AAoJEE99uqmaWblzWq0IAMs8MhTdvORV5+oKNJR8ZoTN
+tHtKaJqRJjQK82sMqsQYetMIyzK1Nuv6bvDAs+EA+mzjywhqYM6gQeHDGAwDU9p2
+Ows6zJQhmsuFU79crmK3045BetekkachzWU30QI/G14WUkh5c+fLZMt+wTSjUUqz
+uzgf2ZMUcwXjkaJrAmtbex/diSfOjXAPjHPazPG1SCLZG93ShLucaeNDnIAu//80
+XCJGU2oR5hkee2cuo8xAz7z93atPBBeGl9WdsGka75TDi5QfXkBrB3SfF0YLPdJG
+xjhid+2eqmy4xDKkh4KStOcZbcVSInMvB3f9fDqy2WfWlI3qbcAHURzG1gvn9lk=
+=teki
+-----END PGP SIGNATURE-----
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJUhs7ZAAoJEJnsdBtXkhrMdqEQAMtawk5iREn4tx2hJj5Zby6X
+juYpIJ4CRM5oCEJQOzZuAF53TLRbcGAb1x4IpqsY0jZLz/9Db3f4IE87q7zPAC+M
+MJtTt32lU1MpO49bKV7pMJmPc4YXbTqy4lDBXK7iZ0IkCG+M57MvXI7Wfq5EpyqZ
+DyDpKy2K/BM75FVD0kdEj3fds6CRVeN81IFDQtTSIthmd1SbJR/UOXje/3aRlV1j
+gxhUWLMSFlN9BxXUr7GaGjWF8PMiUB5iXxIF3xT1K8lGWVPhglxAW9mTvjCE5/df
+k3UfSWqtwtmASxa0cVAwqfqoPIiXk613sjA7/4ING3RoccMWTa7DxeVTcgELN/Eg
+6tyE54OLK6rgb1rtSptJyTrP1DiWmfySmMIwu9uru0DlIb+e9eg7rnW9fc4iXgUc
+1/U6dInHHkfNHEgYKEqXgiAQHJR2ep4kCa7d+5myK3fGpbg5+WtVjO9caa0SZQhs
+tiKxFJoo7CuW4K1BFmYegS0jJ/WRtfeaZW1UwsZ1kSIDjSBdRFs4ekKinjDHd/tP
+KYxfLXTiyKfWpy49Abpv8Bs5wUb/RYvH38+D562kXVglPlN1xHX0A7hUq+5+oxnQ
+s6IO3jsdIpm4r9PwHyMRqdAUFWJNAxkYVokYwMHtIRGBebcSQpRj6uzqK2kshvuJ
+6PMmK7eNzH3Vj/k2638S
+=5C6f
+-----END PGP SIGNATURE-----
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+iQEcBAABCAAGBQJUh03bAAoJEHbXiOHtGlmcbm8H/1DYCT5FZv3faaG5Ny/uJonv
+YNSRZj4nuK/my8PhX7GPMOdu7Bw4qPjg18cd8e/S3hYZVh7052j1DbxehC/WlHmH
+7rePxGsHiX1cxExa/2QKIgPfsTD8S9UEzdbUp4FIw0bJ5A3MGDMYB6/wzTnlmBD7
+yjB55fEMC/dnAQjh1Cbs5CBFD6akgZVrSdroPSSKqZ7B9SMp7lSt9V06q9KqtxNY
+hQuDhGHO6vPmQNHxBvUV22TEDKaabu0txXq8OC5/0i660rbFWg8CUXLfTRsmbtPa
+JSbhApBB/X5quOgS3r5aKWT7e8HgSqLiDpWm8Bu4OkyA//KknXhLOUWz6Mbg8TY=
+=jCY9
+-----END PGP SIGNATURE-----
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABCAAGBQJUjqhkAAoJEB+wZLhO7MSTtfIQAMpzOdFUzxfa3KBu6h3iCrN8
+jg8JXbkGlvV1mngCj8iV7IGAH4vTUkx4rcAmosH0EhkYZEZ6/59OYiIcBUlvNI1p
+gxNqW0GMv6k2YsmBGLCIoBYDvIeqtJ1qEGJu7tY1hMMnEaiGkhqVbfT8jFn/J9sv
+GNNFRMyPfOl5YdZIivLPtPexC69uDUyg/akm0Y8aIBofz2nVNAbEwjof0ZH1P39o
+MF15+ANPu1alfrl9y5d6qMMlRtPyldU+5IdWn10abcQu6TtjqIWQ1vZ+jAxy6pMH
+g7NGGM0J3f5oF7j2vKEsJWLOjo2bP92/DN3DdmoeF/41cQvD1/pUtuvA1PlHNDz7
+kvH6XehYXz3ZJSFBRFIRXgRezJvjSc5uHt0WkT4U6iopUOI5seDvPYXNw9fZ89/E
+qoB3No1r4Gjc972GtxFDK0pyENu9uFjfuNLXOdcCbjdC7GVjKC97EJcneHBqmqVO
+HwvA73UQRmYy4hQUwHjj0rKnO0tLWDNDXUoZCcywhHwuaut2I+yxceVFpjFndBSn
+L7ien7A4i89KmI0WeemwGNBqwULmh17lZ8g+QBuQZo2KLkI8zwGPbJKbxKvKu2Jz
+iJZQnphXF+mnlSKrPOx3UUJ+Tw5X2aS6VdYZtV2V7h3FM11gDT0OKJ2qBZv0+hWd
+s+II6a0n1KePT+tZSgxd
+=WHmY
+-----END PGP SIGNATURE-----

subversion.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Thu Dec 18 14:33:55 UTC 2014 - andreas.stieger@gmx.de
+
+- Apache Subversion 1.8.11
+- This release addresses two security issues: [boo#909935]
+  * CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests.
+  * CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction
+    names.
+- Client-side bugfixes:
+  * checkout/update: fix file externals failing to follow history
+    and subsequently silently failing
+  * patch: don't skip targets in valid --git difs
+  * diff: make property output in diffs stable
+  * diff: fix diff of local copied directory with props
+  * diff: fix changelist filter for repos-WC and WC-WC
+  * remove broken conflict resolver menu options that always error
+    out
+  * improve gpg-agent support
+  * fix crash in eclipse IDE with GNOME Keyring
+  * fix externals shadowing a versioned directory
+  * fix problems working on unix file systems that don't support
+    permissions
+  * upgrade: keep external registrations
+  * cleanup: iprove performance of recorded timestamp fixups
+  * translation updates for German
+- Server-side bugfixes:
+  * disable revprop caching feature due to cache invalidation
+    problems
+  * skip generating uniquifiers if rep-sharing is not supported
+  * mod_dav_svn: reject requests with missing repository paths
+  * mod_dav_svn: reject requests with invalid virtual transaction
+    names
+  * mod_dav_svn: avoid unneeded memory growth in resource walking
+
 -------------------------------------------------------------------
 Thu Nov 20 00:20:00 UTC 2014 - Led <ledest@gmail.com>
 

subversion.spec

@@ -36,7 +36,7 @@ BuildRequires:  pkgconfig(systemd)
 %bcond_without	python_ctypes
 %bcond_with	all_regression_tests
 Name:           subversion
-Version:        1.8.10
+Version:        1.8.11
 Release:        0
 Summary:        Subversion version control system
 License:        Apache-2.0