- Add patches to fix bsc#1142743 and bsc#1142721 CVE-2019-0203
CVE-2018-11782:
* CVE-2018-11782.patch
* CVE-2019-0203.patch
- Apache Subversion 1.8.19 (bsc#1051362):
* A malicious, compromised server or MITM may cause svn client to
execute arbitrary commands by sending repository content with
svn:externals definitions pointing to crafted svn+ssh URLs.
CVE-2017-9800
- Apache Subversion 1.8.18 (bsc#1026936):
This change makes Subversion resilient to collision attacks,
including SHA-1 collision attacks such as <http://shattered.io/>.
https://subversion.apache.org/faq#shattered-sha1
* fsfs: never attempt to share directory representations
* fsfs: make consistency independent of hash algorithms
* work around an APR bug related to file truncation
- Package the 'svnauthz' binary.
- Apache Subversion 1.8.17:
* bsc#1011552 CVE-2016-8734 Unrestricted XML entity expansion in
mod_dontdothat and Subversion clients using http(s)://
* Client-side bugfixes:
+ fix handling of newly secured subdirectories in working copy
+ ra_serf: fix deleting directories with many files
+ gpg-agent: properly handle passwords with percent characters
+ merge: fix crash when merging to a local add
* Server-side bugfixes:
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm:svn/subversion?expand=0&rev=310
This commit is contained in:
Tomáš Chvátal
Git OBS Bridge
parent
63245fabb0
commit
da5c6eceac
@ -6,6 +6,14 @@ Fri Jul 26 10:03:14 UTC 2019 - matthias.gerstner@suse.com
|
||||
|
||||
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 25 08:26:09 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Add patches to fix bsc#1142743 and bsc#1142721 CVE-2019-0203
|
||||
CVE-2018-11782:
|
||||
* CVE-2018-11782.patch
|
||||
* CVE-2019-0203.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 25 07:52:01 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
@ -210,6 +218,15 @@ Thu Aug 10 15:04:45 UTC 2017 - astieger@suse.com
|
||||
to execute arbitrary code via specially crafted URLs in
|
||||
svn:externals and svn:sync-from-url properties. (bsc#1051362)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 9 10:34:08 UTC 2017 - tchvatal@suse.com
|
||||
|
||||
- Apache Subversion 1.8.19 (bsc#1051362):
|
||||
* A malicious, compromised server or MITM may cause svn client to
|
||||
execute arbitrary commands by sending repository content with
|
||||
svn:externals definitions pointing to crafted svn+ssh URLs.
|
||||
CVE-2017-9800
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 28 14:18:49 UTC 2017 - astieger@suse.com
|
||||
|
||||
@ -234,6 +251,17 @@ Fri Jul 7 11:17:13 UTC 2017 - astieger@suse.com
|
||||
* work around an APR bug related to file truncation
|
||||
* javahl: follow redirects when opening a connection
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 7 11:17:13 UTC 2017 - astieger@suse.com
|
||||
|
||||
- Apache Subversion 1.8.18 (bsc#1026936):
|
||||
This change makes Subversion resilient to collision attacks,
|
||||
including SHA-1 collision attacks such as <http://shattered.io/>.
|
||||
https://subversion.apache.org/faq#shattered-sha1
|
||||
* fsfs: never attempt to share directory representations
|
||||
* fsfs: make consistency independent of hash algorithms
|
||||
* work around an APR bug related to file truncation
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 15 14:37:29 UTC 2017 - nmoudra@suse.com
|
||||
|
||||
@ -249,6 +277,36 @@ Mon Mar 13 10:28:41 UTC 2017 - tchvatal@suse.com
|
||||
disabled
|
||||
- Use apache2-rpm-macros to get the apache variables
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 22 14:14:01 UTC 2016 - stsp@elego.de
|
||||
|
||||
- Package the 'svnauthz' binary.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 30 12:03:57 UTC 2016 - astieger@suse.com
|
||||
|
||||
- Apache Subversion 1.8.17:
|
||||
* bsc#1011552 CVE-2016-8734 Unrestricted XML entity expansion in
|
||||
mod_dontdothat and Subversion clients using http(s)://
|
||||
* Client-side bugfixes:
|
||||
+ fix handling of newly secured subdirectories in working copy
|
||||
+ ra_serf: fix deleting directories with many files
|
||||
+ gpg-agent: properly handle passwords with percent characters
|
||||
+ merge: fix crash when merging to a local add
|
||||
* Server-side bugfixes:
|
||||
+ fsfs: fix possible data reconstruction error
|
||||
+ svnlook: properly remove tempfiles on diff errors
|
||||
* Client-side and server-side bugfixes:
|
||||
+ fix potential memory access bugs
|
||||
* Bindings bugfixes:
|
||||
+ javahl: fix temporarily accepting SSL server certificates
|
||||
+ swig-pl: do not corrupt "{DATE}" revision variable
|
||||
+ swig-pl: fix possible stack corruption
|
||||
* Developer-visible changes:
|
||||
+ fix inconsistent behavior of inherited property API
|
||||
+ fix patch filter invocation in svn_client_patch()
|
||||
+ fix potential build issue with invalid SVN_LOCALE_DIR
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 30 07:42:07 UTC 2016 - tchvatal@suse.com
|
||||
|
||||
@ -288,6 +346,12 @@ Wed Nov 30 07:42:07 UTC 2016 - tchvatal@suse.com
|
||||
- Drop no longer needed patch:
|
||||
* subversion-1.8.11-swig-py-comment-3.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 4 14:42:36 UTC 2016 - tchvatal@suse.com
|
||||
|
||||
- Add patch to build with swig3 to fix build on sle12sp2+
|
||||
* subversion-swig3.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 29 10:52:11 UTC 2016 - tchvatal@suse.com
|
||||
|
||||
@ -495,6 +559,15 @@ Thu Apr 9 18:12:48 UTC 2015 - astieger@suse.com
|
||||
- fix tests with SQLite 3.8.9, adding
|
||||
subversion-1.8.13-fix-sqlite-3.8.9-tests.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 1 12:13:37 UTC 2015 - tchvatal@suse.com
|
||||
|
||||
- Apply sec fixes for bnc#923793 bnc#923794 bnc#923795;
|
||||
CVE-2015-0202 CVE-2015-0248 CVE-2015-0251:
|
||||
* subversion-bnc923793.patch
|
||||
* subversion-bnc923794.patch
|
||||
* subversion-bnc923795.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 31 12:00:00 UTC 2015 - astieger@suse.com
|
||||
|
||||
@ -559,6 +632,13 @@ Thu Jan 8 15:41:32 UTC 2015 - bwiedemann@suse.com
|
||||
|
||||
- fix sysconfig file generation (bnc#911620)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 2 09:46:08 UTC 2015 - tchvatal@suse.com
|
||||
|
||||
- Sec update bnc#909935 CVE-2014-3580, CVE-2014-8108
|
||||
* subversion-CVE-2014-3580.patch
|
||||
* subversion-CVE-2014-8108.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 18 14:33:55 UTC 2014 - andreas.stieger@gmx.de
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user