Change log for subversion package in Debian
| 1 → 75 of 127 results | First • Previous • Next • Last |
subversion (1.14.3-1) unstable; urgency=medium * Update to new upstream version 1.14.3. -- James McCoy <email address hidden> Mon, 01 Jan 2024 12:21:16 -0500
Available diffs
- diff from 1.14.2-5 to 1.14.3-1 (60.0 KiB)
subversion (1.14.2-5) unstable; urgency=medium
* Add future=+lfs build options to ensure use of 64-bit filesystem APIs
* Add commented example for SVNListParentPath in dav_svn.conf
(Closes: #1031229)
* Remove BUILD directory and other detritus during clean (Closes: #1046849)
* Backport upstream patch to fix missing version in pkg-config files
(Closes: #1055242)
+ autogen.sh: export environment variable "PYTHON", for autoheader and autoconf
* Skip dh_autoreconf, since we already call autogen.sh
-- James McCoy <email address hidden> Fri, 03 Nov 2023 19:34:37 -0400
Available diffs
subversion (1.14.2-4) unstable; urgency=medium * Backport patch to fix building with swig 4.1 (Closes: #1023529) -- James McCoy <email address hidden> Sat, 12 Nov 2022 15:30:30 -0500
Available diffs
- diff from 1.14.2-3 to 1.14.2-4 (1.5 KiB)
- diff from 1.14.2-3build2 (in Ubuntu) to 1.14.2-4 (1.6 KiB)
| Published in buster-release |
subversion (1.10.4-1+deb10u3) buster-security; urgency=high
* Security Fixes:
- CVE-2021-28544: Don't show unreadable copyfrom paths in 'svn log -v'
- CVE-2022-24070: Fix issue #4880 "Use-after-free of object-pools when
used as httpd module"
-- James McCoy <email address hidden> Wed, 06 Apr 2022 21:09:19 -0400
subversion (1.14.2-3) unstable; urgency=medium * Re-enable the ability to store plaintext passwords (Closes: #995692) * Bump debhelper-compat to 13 * Adjust lacks-unversioned-link-to-shared-library overrides * Adjust package-contains-upstream-installation-documentation override * Document uninstalled files in debian/not-installed -- James McCoy <email address hidden> Tue, 12 Jul 2022 10:03:54 -0400
Available diffs
- diff from 1.14.2-2 to 1.14.2-3 (1.3 KiB)
| Published in bullseye-release |
subversion (1.14.1-3+deb11u1) bullseye-security; urgency=high
* Security Fixes:
- CVE-2021-28544: Don't show unreadable copyfrom paths in 'svn log -v'
- CVE-2022-24070: Fix issue #4880 "Use-after-free of object-pools when
used as httpd module"
* Switch gpb.conf and Vcs-Git to debian/bullseye branch
-- James McCoy <email address hidden> Tue, 05 Apr 2022 19:23:59 -0400
subversion (1.14.2-2) unstable; urgency=medium
* Skip building java bindings on kfreebsd-*. Thanks to Laurent Bigonville
for the suggestion (Closes: #1012379)
* Skip building ruby bindings on ia64 and kfreebsd-*
* Disable kwallet support on kfreebsd-*
* Use autogen-swig-{pl,py,rb} targets instead of autogen-swig
(Closes: #986174)
* Declare compliance with Policy 4.6.1, no changes needed
* Fix handling of verbose/terse build logs
-- James McCoy <email address hidden> Mon, 06 Jun 2022 20:42:25 -0400
Available diffs
- diff from 1.14.2-1 to 1.14.2-2 (2.8 KiB)
subversion (1.14.2-1) unstable; urgency=high
* Update to new upstream version 1.14.2.
+ Security Fixes:
- CVE-2021-28544: Don't show unreadable copyfrom paths in 'svn log -v'
- CVE-2022-24070: Fix issue #4880 "Use-after-free of object-pools when
used as httpd module"
* libsvn1: Add wildcard to symbols-declares-dependency-on-other-package override
* subversion-tools: Adjust wildcards for ruby-script-but-no-ruby-dep
* Declare compliance with Policy 4.6.0, no changes needed
* Update upstream signing keys
* Re-enable testCrash_RequestChannel_nativeRead_AfterException, fixed
upstream
-- James McCoy <email address hidden> Tue, 12 Apr 2022 08:38:19 -0400
Available diffs
- diff from 1.14.1-3build4 (in Ubuntu) to 1.14.2-1 (390.7 KiB)
| Superseded in buster-release |
subversion (1.10.4-1+deb10u2) buster-security; urgency=high
* Backport security fixes from upstream:
+ CVE-2020-17525: Remote unauthenticated denial-of-service in Subversion
mod_authz_svn (Closes: #982464)
-- James McCoy <email address hidden> Wed, 10 Feb 2021 15:15:45 -0500
subversion (1.14.1-3) unstable; urgency=medium
* Correctly disable testCrash_RequestChannel_nativeRead_AfterException
(Closes: #982684)
-- James McCoy <email address hidden> Wed, 17 Feb 2021 21:52:03 -0500
Available diffs
- diff from 1.14.0-3build2 (in Ubuntu) to 1.14.1-3 (77.6 KiB)
- diff from 1.14.1-1 to 1.14.1-3 (1.0 KiB)
subversion (1.14.1-2) unstable; urgency=medium
* Temporarily disable testCrash_RequestChannel_nativeRead_AfterException
(Closes: #982684)
* rules: Remove clean from .PHONY
-- James McCoy <email address hidden> Wed, 17 Feb 2021 07:46:16 -0500
subversion (1.14.1-1) unstable; urgency=high
* Update to new upstream version 1.14.1.
+ Fix FTBFS with OpenJDK 17 (Closes: #982084)
+ Security fix:
- CVE-2020-17525: Remote unauthenticated denial-of-service in Subversion
mod_authz_svn (Closes: #982464)
-- James McCoy <email address hidden> Wed, 10 Feb 2021 21:17:14 -0500
Available diffs
subversion (1.14.0-3) unstable; urgency=medium
* Rename python suffixes to the versioned python suffix.
Thanks to Matthias Klose for the patch (Closes: #972197)
* Rename python-script-but-no-python-dep override to python3 version
-- James McCoy <email address hidden> Sat, 31 Oct 2020 20:44:20 -0400
Available diffs
subversion (1.14.0-2) unstable; urgency=medium
* Backport patch from upstream to fix FTBFS (Closes: #966989)
- Fix crash in JavaHL JNI wrapper caused by object lifetimes
* svn_load_dirs.1: Use correct groff macro for single-quote
* Update lintian overrides to account for renamed tags
-- James McCoy <email address hidden> Mon, 17 Aug 2020 13:01:19 -0400
Available diffs
- diff from 1.14.0-1 to 1.14.0-2 (2.2 KiB)
subversion (1.14.0-1) unstable; urgency=medium * Update to new upstream version 1.14.0. * Install NOTICE as required by Apache license * rules: Disable dh_auto_test for Arch: all builds -- James McCoy <email address hidden> Wed, 03 Jun 2020 22:21:57 -0400
Available diffs
- diff from 1.13.0-4 to 1.14.0-1 (704.3 KiB)
subversion (1.13.0-4) unstable; urgency=medium
* Disable building python-subversion if SWIG 4.0 is installed
(Closes: #954866)
* Remove python-subversion from subversion-tool's Recommends
-- James McCoy <email address hidden> Sat, 25 Apr 2020 08:58:28 -0400
Available diffs
- diff from 1.13.0-3 to 1.13.0-4 (2.2 KiB)
| Deleted in experimental-release (Reason: None provided.) |
subversion (1.14.0~rc2-3) experimental; urgency=medium * copyright: Add details for build/ac-macros/ax_boost_* * Stop installing NOTICE, since debian/copyright has all the information -- James McCoy <email address hidden> Wed, 22 Apr 2020 07:57:45 -0400
| Superseded in experimental-release |
subversion (1.14.0~rc2-2) experimental; urgency=medium
* Ship svnshell as an example, not under /usr/bin/
* Switch to using dh instead of plain debhelper
* Fix an error leak in debian/patches/last-changed-date-charset. Thanks to
Daniel Shahaf for the patch. (Closes: #956921)
-- James McCoy <email address hidden> Tue, 21 Apr 2020 23:05:17 -0400
| Superseded in experimental-release |
subversion (1.14.0~rc2-1) experimental; urgency=medium
* Update to new upstream version 1.14.0~rc2.
+ Fix crash when using git-svn with kwallet. (Closes: #945443)
+ Escape filenames when invoking $SVN_EDITOR. (Closes: #577118)
+ Transition Python bindings from python 2 to python 3. (Closes: #739790, #938578)
* Remove python-subversion from subversion-tool's Recommends, since nothing
uses the Python bindings.
* Replace python-subversion with python3-subversion
+ Build-Depend on swig (>= 3.0.10), instead of swig3.0 (Closes: #954866)
+ Add new Build-Depends on py3c
+ Build-Depend on python3-all-dev instead of python-all-dev
* rules: Run tests in parallel according to DEB_BUILD_OPTIONS setting
* libsvn1.symbols: Update for 1.14 API changes
* Add support for pkg.subversion.noruby Build-Profile
* Build-Conflict against incompatible libsvn1/libsvn-dev
* lintian: Override concatenated-upstream-signatures
* Update release notes for 1.9 - 1.13 and add 1.14
-- James McCoy <email address hidden> Sun, 12 Apr 2020 15:37:14 -0400
subversion (1.13.0-3) unstable; urgency=medium [ James McCoy ] * rules: Use "pyversions -s" instead of "pyversions -i" * Build with swig3.0 to fix FTBFS with swig4.0 (Closes: #951893) * Declare compliance with Policy 4.5.0, no changes needed * Build-Depend on debhelper-compat (= 12) [ Dimitri John Ledkov ] * swig.m4: Do not include ruby include subdir -- James McCoy <email address hidden> Tue, 24 Mar 2020 08:33:36 -0400
Available diffs
| Published in stretch-release |
subversion (1.9.5-1+deb9u5) stretch-security; urgency=medium
* Non-maintainer upload.
* Backport upstream fix for segfault with new mod_http2 from DSA-4509-1.
Closes: #936034
-- Stefan Fritsch <email address hidden> Mon, 30 Sep 2019 09:03:27 +0200
subversion (1.13.0-2) unstable; urgency=medium [ James McCoy ] * gbp.conf: Do not number patches [ Steve Langasek ] * use python2 as the interpreter now for tests, not python (Closes: #948770) -- James McCoy <email address hidden> Sun, 19 Jan 2020 08:59:14 -0500
Available diffs
subversion (1.13.0-1) unstable; urgency=medium
* New upstream release
* debian/watch:
+ Monitor 1.13.x versions
* Update upstream signing keys
* debian/control:
+ Bump minimum jdk version to 1.8
+ Switch to junit4 for Java tests
+ Bump libsvn-dev Build-Conflicts to << 1.13~
+ Remove obsolete Build-Depends on apache2-dev
+ Fix a typos in the pkg.subversion.nokde profile name
* Declare compliance with Policy 4.4.1, no changes needed
* Fix FTBFS on certain archs due to PIC/PIE interaction.
Thanks to Thorsten Glaser for the patch (Closes: #942798)
* libsvn1.symbols:
+ Mark private/experimental symbols as optional
+ Update symbols for 1.11, 1.12, and 1.13
* debian/tests:
+ Replace $ADTTMP with $AUTOPKGTEST_TMP
* Add fetch-keys script to update/minimize signing-key.asc
* Add a pkg.subversion.nojava build profile
-- James McCoy <email address hidden> Thu, 28 Nov 2019 22:11:05 -0500
Available diffs
| Superseded in stretch-release |
subversion (1.9.5-1+deb9u4) stretch-security; urgency=high
* Backport security fixes from upstream:
+ CVE-2018-11782: Remotely triggerable DoS vulnerability in svnserve
'get-deleted-rev'.
+ CVE-2018-0203: Remote unauthenticated denial-of-service in Subversion
svnserve.
-- James McCoy <email address hidden> Mon, 29 Jul 2019 22:45:42 -0400
| Superseded in buster-release |
subversion (1.10.4-1+deb10u1) buster-security; urgency=high
* Backport security fixes from upstream:
+ CVE-2018-11782: Remotely triggerable DoS vulnerability in svnserve
'get-deleted-rev'.
+ CVE-2018-0203: Remote unauthenticated denial-of-service in Subversion
svnserve.
-- James McCoy <email address hidden> Sat, 27 Jul 2019 22:44:06 -0400
subversion (1.10.6-1) unstable; urgency=medium
* Update to new upstream version 1.10.6.
+ Security fix
- CVE-2018-11782: Remotely triggerable DoS vulnerability in svnserve
'get-deleted-rev'
- CVE-2019-0203: Remote unauthenticated denial-of-service in Subversion
svnserve
* Support a pkg.subversion.nokde build profile.
Thanks to Jason Duerstock for the patch (Closes: #929326)
-- James McCoy <email address hidden> Wed, 31 Jul 2019 07:01:38 -0400
Available diffs
subversion (1.10.4-1) unstable; urgency=medium
* Update to new upstream version 1.10.4 (Closes: #919767)
+ Security fix
- CVE-2018-11803: Malicious SVN clients can crash mod_dav_svn
* d/copyright: Convert to copyright format 1.0
* Replace hand-written postinst/rm with maintscript helper
* lintian: Minimize the upstream signing key
* Declare compliance with Policy 4.3.0, no changes needed
-- James McCoy <email address hidden> Tue, 22 Jan 2019 22:41:34 -0500
| Superseded in stretch-release |
subversion (1.9.5-1+deb9u3) stretch; urgency=medium
* Backport r1827688, fixing a regression introduced in the fixes for SHA1
collisions, where commits would incorrectly fail with a "Filesystem is
corrupt" error if the delta length is a multiple of 16K.
-- James McCoy <email address hidden> Fri, 20 Jul 2018 22:35:40 -0400
subversion (1.10.3-1) unstable; urgency=medium
* Update to new upstream version 1.10.3.
* lintian:
+ Update libapache2-mod-svn override due to tag being renamed
+ Add libsvn1 override for package-name-doesnt-match-sonames
* libsvn-{java,dev}: Use absolute target path for symlink_to_dir calls
(Closes: #910233)
* rules: Allow quiet builds when DEB_BUILD_OPTIONS=terse
* Declare compliance with Policy 4.2.1
* libsvn-java: Remove obsolete libsvn-jni Conflicts/Replaces
* Update release notes
-- James McCoy <email address hidden> Sat, 20 Oct 2018 14:27:55 -0400
| Deleted in experimental-release (Reason: None provided.) |
subversion (1.11.0~rc2-1) experimental; urgency=medium
* Update to new upstream version 1.11.0~rc2.
+ Drop java patch now that upstream can build against Java 10
* control:
+ Bump minimum Java version to 1.8
+ Bump Build-Conflicts on libsvn-dev
* Add 1.11 release notes and update others
* libsvn1: Add new symbols, remove obsolete experimental shelving APIs
* lintian:
+ Update libapache2-mod-svn override due to tag being renamed
+ Add libsvn1 override for package-name-doesnt-match-sonames
* libsvn-{java,dev}: Use absolute target path for symlink_to_dir calls
(Closes: #910233)
* rules: Allow quiet builds when DEB_BUILD_OPTIONS=terse
* Declare compliance with Policy 4.2.1
* libsvn-java: Remove obsolete libsvn-jni Conflicts/Replaces
-- James McCoy <email address hidden> Tue, 09 Oct 2018 22:21:31 -0400
subversion (1.10.2-1) unstable; urgency=medium * New upstream release * Switch to dgit-maint-debrebase(7) workflow * debian/tests: Use $AUTOPKGTEST_TMP if $ADTTMP is not set * debian/tests: Add a basic test for svnserve -- James McCoy <email address hidden> Sat, 04 Aug 2018 12:28:03 -0400
| Superseded in stretch-release |
subversion (1.9.5-1+deb9u2) stretch; urgency=medium
* Backport r1759116, working around an issue in APR's trunc API. This is a
prerequisite for the SHA1/shattered fixes.
* Backport r1794527 and r1796725 to prevent the possibility of rep-sharing
between a directory rep and a file/prop rep.
* Backport r1795993 and r1796470 to reject commits which would introduce
hash collisions with existing data, thus addressing the SHA1/shattered
issue.
-- James McCoy <email address hidden> Sat, 30 Jun 2018 09:44:22 -0400
| Published in jessie-release |
subversion (1.8.10-6+deb8u6) jessie; urgency=medium
* Backport patches/perl-swig-crash from upstream to fix crashes with Perl
bindings, commonly seen when using git-svn (Closes: #780246, #534763).
-- James McCoy <email address hidden> Mon, 26 Feb 2018 22:00:47 -0500
subversion (1.10.0-2) unstable; urgency=medium
* Build native java bindings using javac instead of javah.
Thanks to Emmanuel Bourg (Closes: #897555)
-- James McCoy <email address hidden> Sat, 16 Jun 2018 10:00:22 -0400
subversion (1.10.0-1) unstable; urgency=medium * Upload new upstream release to unstable * control: Adjust debhelper Build-Depends to ease backporting -- James McCoy <email address hidden> Wed, 18 Apr 2018 12:29:55 -0400
| Deleted in experimental-release (Reason: None provided.) |
subversion (1.10.0~rc2-1) experimental; urgency=medium
* New upstream pre-release
+ Fix test failure on alpha due to unaligned memory access. (Closes:
#823133)
* control: Set Rules-Requires-Root to no
* dav_svn.conf: Clarify wording about SVNPath/SVNParentPath (LP: #917147)
* Enable libsvn-java on ia64
* Update upstream signing keys
* rules:
+ Move install-javahl-java rule to install-arch
+ Ensure Perl binding shared libs are writable before deleting RPATH
* subversion-tools: Change exim4 | m-t-a Recommends to default-mta | m-t-a
* Declare compliance with Policy 4.1.4, no changes required
-- James McCoy <email address hidden> Sat, 07 Apr 2018 11:09:43 -0400
subversion (1.9.7-4) unstable; urgency=medium * Actually drop quilt Build-Depends * Change Vcs-* to salsa.d.o * Declare compliance with Policy 4.1.3, no changes needed * Switch default-jdk Build-Depends to headless variant * Disable parallelization for local-install target * Disable libsvn-java on ia64 -- James McCoy <email address hidden> Mon, 05 Mar 2018 19:47:43 -0500
| Superseded in experimental-release |
subversion (1.10.0~rc1-2) experimental; urgency=medium * libsvn1.symbols: Use 1.10, not 1.10~rc1, for the new symbols * Mark libsvn-perl Multi-Arch: same -- James McCoy <email address hidden> Fri, 02 Mar 2018 08:28:39 -0500
| Superseded in jessie-release |
subversion (1.8.10-6+deb8u5) jessie-security; urgency=high
* patches/CVE-2016-8734: Unrestricted XML entity expansion in HTTP clients
* patches/CVE-2017-9800: Arbitrary code execution on clients through
malicious svn+ssh URLs in svn:externals and svn:sync-from-url
-- James McCoy <email address hidden> Wed, 09 Aug 2017 21:08:28 -0400
subversion (1.9.7-3) unstable; urgency=medium
* Remove workaround for #871514, now that it's fixed.
* Convert package to 3.0 (quilt)
* Stop generating libsvn-perl.install. The multi-arch vendor directory has
been in effect since jessie.
* debian/rules:
+ Ensure $(PY_DIR) always exists so the upstream Makefiles don't try to
recreate it, causing the build to fail.
+ Add .NOTPARALLEL to prevent install-arch's dh_prep from deleting files
install-indep installed or vice-versa. Thanks to Robert McQueen for the
idea. (Closes: #680125)
* patches/build-fixes:
+ Stop patching out calls to serf_debug__closed_conn. This requires serf
>= 1.3.9-4 to avoid gaining invalid Depends.
+ Remove out-of-tree swig changes. Using an absolute path for the
out-of-tree directory and ensuring the relevant build directories exists
resolves the problem.
* patches/rpath:
+ Move INSTALLDIRS=vendor to debian/rules instead of patching upstream
code.
+ Use "chrpath -d" to remove RPATHs instead of changing various bits of
upstream build system.
* Lintian:
+ Use https URL in debian/watch
+ Change extra Priorities to optional
* Declare compliance with Policy 4.1.2
* Mark libsvn-{doc,dev} Multi-Arch: foreign/same, respectively, per the
multiarch hinter.
-- James McCoy <email address hidden> Fri, 08 Dec 2017 22:26:53 -0500
| Superseded in stretch-release |
subversion (1.9.5-1+deb9u1) stretch-security; urgency=high
* patches/CVE-2017-9800: Arbitrary code execution on clients through
malicious svn+ssh URLs in svn:externals and svn:sync-from-url
-- James McCoy <email address hidden> Tue, 08 Aug 2017 23:04:58 -0400
subversion (1.9.7-2) unstable; urgency=medium
* Disable optimizations on mips64el to workaround GCC bug #871514.
* Use debhelper's dh_update_autotools_config and drop explicit Build-Depends
on autotools-dev.
-- James McCoy <email address hidden> Wed, 16 Aug 2017 22:50:12 -0400
subversion (1.9.7-1) unstable; urgency=high
* New upstream release
+ Security fix
- CVE-2017-9800: Arbitrary code execution on clients through malicious
svn+ssh URLs in svn:externals and svn:sync-from-url
-- James McCoy <email address hidden> Thu, 10 Aug 2017 12:59:16 -0400
subversion (1.9.6-1) unstable; urgency=medium
* New upstream release
+ Subversion server will now reject commits which cause SHA1 collisions,
if rep-sharing is enabled (as it is by default) in db/fsfs.conf.
* Remove Peter Samuelson as maintainer, at request of MIA team. Thanks for
all the fish! (Closes: #852219)
* Revise metadata for subversion. (Closes: #863037)
+ Add mention of svnsync to Description
+ Suggests libapache2-mod-svn
* Remove "-pie" from hardening options since the semantics changed in dpkg
1.18.13. Thanks to Adrian Bunk for the explanation/patch. (Closes:
#865696)
* Bump minimum SQLite compatibility to 3.8.7
* Declare compliance with Policy 4.0.0, no changes needed
* Bump debhelper compat to 10
-- James McCoy <email address hidden> Sun, 09 Jul 2017 22:27:49 -0400
subversion (1.9.5-1) unstable; urgency=medium
* New upstream release
+ Security fix
- CVE-2016-8734: Unrestricted XML entity expansion in HTTP clients
+ Fix corruption of "{DATE}" revision variable in swig-pl. (Closes:
#843138)
+ Remove patches:
- ruby-frozen-nil: Alternative fix committed upstream.
- Backported patches: perl-swig-crash, swig3.x-compat,
r1722164-swig-cppflags
* Fix #! lines for libsvn-{java,dev}.postinst. (Closes: #843292, #843288)
* Remove maintainer scripts that were handling pre-Jessie changes.
* Use dh_apache2's substvars in libapache2-mod-svn.
-- James McCoy <email address hidden> Tue, 29 Nov 2016 22:50:42 -0500
subversion (1.9.4-3) unstable; urgency=medium
* Build with hardening flags
* Backport patches/perl-swig-crash from upstream to fix crashes with the
Perl bindings, commonly seen when using git-svn. (Closes: #780246,
#534763)
-- James McCoy <email address hidden> Sat, 03 Sep 2016 14:45:04 -0400
subversion (1.9.4-2) unstable; urgency=medium
* Add Build-Depends on rename package and invoke rename instead of prename.
(Closes: #826057)
* Fix removal of .so/.la files for private libsvn_ra_{serf,local} from -dev
package.
* Replace use of debhelper's deprecated -s with -a
* Declare compliance with Policy 3.9.8, no changes required
* Use https URL for Vcs-Browser
-- James McCoy <email address hidden> Mon, 25 Jul 2016 22:48:13 -0400
| Superseded in jessie-release |
subversion (1.8.10-6+deb8u4) jessie-security; urgency=high
+ patches/CVE-2016-2167: svnserve/sasl may authenticate users using the
wrong realm
+ patches/CVE-2016-2168: Remotely triggerable DoS vulnerability in
mod_authz_svn during COPY/MOVE authorization check
-- James McCoy <email address hidden> Wed, 27 Apr 2016 20:00:25 -0400
subversion (1.9.4-1) unstable; urgency=high
* New upstream release.
+ Security fixes
- CVE-2016-2167: svnserve/sasl may authenticate users using the wrong
realm
- CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn
during COPY/MOVE authorization check
+ Remove merged patch ruby-test-unit.
+ Fix non-canonical path assertion in svn-graph.pl. (Closes: #702922)
+ Abort a commit on Ctrl-C. (Closes: #502222, #501971)
* d/rules: Remove an extraneous "done" to fix FTBFS when bash is $SHELL.
(Closes: #821930)
-- James McCoy <email address hidden> Wed, 27 Apr 2016 20:47:49 -0400
| Superseded in jessie-release |
subversion (1.8.10-6+deb8u3) jessie; urgency=medium
* patches/r1701440-kwallet-segfault: Fix segfault when using kwallet to
store authentication information. (Closes: #736879)
-- James McCoy <email address hidden> Fri, 11 Mar 2016 20:25:57 -0500
subversion (1.9.3-3) unstable; urgency=medium
* Remove transitional packages and maintainer snippets supporting upgrades
from pre-jessie systems.
* Enable libsvn-java on m68k and sparc64, since openjdk-8-jdk is now
available on those archs.
* Declare compliance with policy 3.9.7, no changes needed.
* Remove subversion-dbg package in favor of automatic -dbgsym package.
* Bump debhelper compat to 9.
* Fix FTBFS on mips(el) by working around GCC bug #816698
* Fix SWIG build issues
+ Backport patches/swig3.x-compat from upstream
+ Switch back to “Build-Depends: swig” (Closes: #817002)
-- James McCoy <email address hidden> Mon, 14 Mar 2016 00:34:52 -0400
| Superseded in jessie-release |
subversion (1.8.10-6+deb8u2) jessie-security; urgency=high
* patches/r1708699-mod_auth_ntlm-kerb-fix: Fix regression interacting with
mod_auth_kerb/mod_auth_ntlm in due to CVE-2015-3814 patch. (Closes:
#797216)
* patches/CVE-2015-5343: Heap overflow and out-of-bounds read in mod_dav_svn
-- James McCoy <email address hidden> Tue, 15 Dec 2015 20:23:11 -0500
subversion (1.9.3-2) unstable; urgency=medium * Remove -Wdate-time from CPPFLAGS passed to swig. (Closes: #809054) -- James McCoy <email address hidden> Fri, 15 Jan 2016 22:45:33 -0500
subversion (1.9.3-1) unstable; urgency=high
* New upstream release.
+ Security fixes
- CVE-2015-5259: Heap overflow and out-of-bounds read in svn:// protocol
parser
- CVE-2015-5343: Heap overflow and out-of-bounds read in mod_dav_svn
+ Fix dumps of no-op changes with “svnadmin dump”. (Closes: #803725)
+ Fix segfault when performing a diff when repository is on server root.
(Closes: #802611)
+ Fix translations of commit notifications. (Closes: #802156)
+ Fix authz with mod_auth_ntlm/mod_auth_kerb. (Closes: #797216)
+ Restore reporting (un)lock errors as failures. (Closes: #796781)
-- James McCoy <email address hidden> Tue, 15 Dec 2015 20:26:57 -0500
subversion (1.9.2-3) unstable; urgency=medium
* Re-enable libsvn-java on kfreebsd-*.
* Ensure swig2.0 is used to avoid build failures, until upstream figures
out how to work with swig >= 3.0. (Closes: #804389)
* Fix FTBFS with Ruby 2.2 (Closes: #803589)
+ Add ruby-frozen-nil patch to create a new Object instead of trying to
make modifications to the nil object.
+ Add ruby-test-unit patch to be compatible with the ruby-test-unit gem as
well as the older test-unit API provided by minitest.
-- James McCoy <email address hidden> Mon, 09 Nov 2015 19:22:18 -0500
subversion (1.9.2-2) unstable; urgency=medium
* Fix FTBFS with older Ruby versions by using RbConfig['vendorarchdir'] to
find the .a/.la files we're deleting.
-- James McCoy <email address hidden> Sun, 18 Oct 2015 22:10:03 -0400
subversion (1.9.2-1) unstable; urgency=medium
* New upstream release
+ Fix crash when saving credentials in kwallet. (Closes: #736879,
LP: #563179)
-- James McCoy <email address hidden> Wed, 23 Sep 2015 21:27:15 -0400
subversion (1.9.1-1) unstable; urgency=medium
* New upstream release
+ Remove direct use of svn_fs_open2 from libsvn_fs_x, thus fixing the
missing svn_fs_open2 symbol. (Closes: #795160)
* Enable gpg verification of new releases.
* Rename bash-completion file to svn and add symlinks for all other commands
which have completion. (Closes: #797648)
* debian/tests/libapache2-mod-svn: Stop apache2 before ending the test, to
avoid leaving stray processes running.
-- James McCoy <email address hidden> Mon, 07 Sep 2015 19:21:22 -0400
| Published in wheezy-release |
subversion (1.6.17dfsg-4+deb7u10) wheezy-security; urgency=high
* patches/CVE-2015-3817: svn_repos_trace_node_locations() reveals paths
hidden by authz
-- James McCoy <email address hidden> Sun, 09 Aug 2015 23:39:21 -0400
| Superseded in jessie-release |
subversion (1.8.10-6+deb8u1) jessie-security; urgency=high
* Add (Build-)Depends on apache2 packages necessary for security fixes.
* patches/CVE-2015-3814: Mixed anonymous/authenticated path-based authz with
httpd 2.4
* patches/CVE-2015-3817: svn_repos_trace_node_locations() reveals paths
hidden by authz
-- James McCoy <email address hidden> Sat, 08 Aug 2015 22:32:18 -0400
| Superseded in stretch-release |
subversion (1.8.13-1+deb9u1) stretch; urgency=medium
* Add (Build-)Depends on apache2 packages necessary for security fixes.
* patches/CVE-2015-3814: Mixed anonymous/authenticated path-based authz with
httpd 2.4
* patches/CVE-2015-3817: svn_repos_trace_node_locations() reveals path
hidden by authz
-- James McCoy <email address hidden> Wed, 12 Aug 2015 20:31:26 -0400
subversion (1.9.0-1) unstable; urgency=medium
* Upload to unstable
* New upstream release.
+ Security fixes
- CVE-2015-3184: Mixed anonymous/authenticated path-based authz with
httpd 2.4
- CVE-2015-3187: svn_repos_trace_node_locations() reveals paths hidden
by authz
* Add >= 2.7 requirement for python-all-dev Build-Depends, needed to run
tests.
* Remove Build-Conflicts against ruby-test-unit. (Closes: #791844)
* Remove patches/apache_module_dependency in favor of expressing the
dependencies in authz_svn.load/dav_svn.load.
* Build-Depend on apache2-dev (>= 2.4.16) to ensure ap_some_authn_required()
is available when building mod_authz_svn and Depend on apache2-bin (>=
2.4.16) for runtime support.
-- James McCoy <email address hidden> Fri, 07 Aug 2015 21:32:47 -0400
| Deleted in experimental-release (Reason: None provided.) |
subversion (1.9.0~rc3-1) experimental; urgency=medium * New upstream pre-release. * Point the Vcs-* URLs at the right directory -- James McCoy <email address hidden> Thu, 16 Jul 2015 19:39:54 -0400
| Superseded in experimental-release |
subversion (1.9.0~rc2-2) experimental; urgency=medium
* Bump minimum JDK version to 1.6 in accordance with upstream change,
“javahl: requires Java 1.6 (r1677003)”
- This causes libsvn-java to no longer be available where gcj is the only
available Java implementation
-- James McCoy <email address hidden> Thu, 11 Jun 2015 22:29:08 -0400
| Superseded in experimental-release |
subversion (1.9.0~rc2-1) experimental; urgency=medium * New upstream pre-release. Refresh patches. -- James McCoy <email address hidden> Tue, 02 Jun 2015 06:52:59 -0400
| Superseded in experimental-release |
subversion (1.9.0~rc1-2) experimental; urgency=medium
* Install bash completion to /usr/share/bash-completion/completions
* Add dav_svn_get_repos_path2 symbol to apache_module_dependency patch.
(Closes: #786903)
-- James McCoy <email address hidden> Fri, 29 May 2015 20:07:32 -0400
subversion (1.8.13-1) unstable; urgency=medium
* New upstream release. Refresh patches.
- Remove backported patches CVE-2014-8108, CVE-2014-3580, CVE-2015-0202,
CVE-2015-0248, CVE-2015-0251, ruby2.0-build-fixes, and
test-failure-with-optimizations.
* Add patches wc-queries-test1-r1672295 and wc-queries-test2-r1673691, from
upstream, to fix wc-queries test failures with new SQLite versions.
(Closes: #785496)
-- James McCoy <email address hidden> Fri, 22 May 2015 02:43:09 -0400
| Superseded in experimental-release |
subversion (1.9.0~rc1-1) experimental; urgency=medium
* New upstream pre-release. Refresh patches.
+ Remove backported patches libtoolize, ruby2.0-build-fixes,
test-failure-with-optimizations, CVE-2014-3580, CVE-2014-8108,
CVE-2015-0202, CVE-2015-0248, CVE-2015-0251.
+ New svn-vendor tool, alternative to svn_load_dirs.
+ svn-bench renamed to svnbench and moved to subversion package.
+ fsfs-stats tool replaced by the "stats" subcommand of the new svnfsfs
command.
+ Minimum supported version of serf bumped to 1.3.4.
+ pkgconfig files are available for the various libsvn_* libraries.
* debian/rules: Add new generated files to clean target
* debian/control:
+ Remove Troy Heber from Uploaders, at his request. Thanks for all the
fish!
+ Add dh-python to Build-Depends
-- James McCoy <email address hidden> Mon, 11 May 2015 19:56:48 -0400
subversion (1.8.10-6) unstable; urgency=high
* patches/CVE-2015-0202: Excessive memory use with certain REPORT requests
against mod_dav_svn with FSFS repositories
* patches/CVE-2015-0248: Assertion DoS vulnerability for certain mod_dav_svn
and svnserve requests with dynamically evaluated revision numbers
* patches/CVE-2015-0251: mod_dav_svn allows spoofing svn:author property
values for new revisions
-- James McCoy <email address hidden> Tue, 31 Mar 2015 22:51:18 -0400
| Superseded in wheezy-release |
subversion (1.6.17dfsg-4+deb7u8) wheezy-security; urgency=high * Fix “undefined symbol: dav_svn__new_error” regression in previous upload. -- Florian Weimer <email address hidden> Sat, 20 Dec 2014 20:43:35 +0100
subversion (1.8.10-5) unstable; urgency=medium
* patches/CVE-2014-8108: mod_dav_svn DoS vulnerability with invalid virtual
transaction names (Closes: #773315)
* patches/CVE-2014-3580: mod_dav_svn DoS vulnerability with invalid REPORT
requests (Closes: #773263)
-- James McCoy <email address hidden> Wed, 17 Dec 2014 00:11:03 -0500
subversion (1.8.10-4) unstable; urgency=medium
* control: Use "dh_install --list-missing" instead of --fail-missing to
avoid a FTBFS with parallel builds. (Closes: #768903)
-- James McCoy <email address hidden> Mon, 10 Nov 2014 22:19:02 -0500
subversion (1.8.10-3) unstable; urgency=medium
* Add a NEWS item describing that 1.7.x and later do not support having a
working copy which spans multiple filesystems. (Closes: #766285)
* rules: Needs more MAN3EXT so generated swig-pl Makefile never installs
files to debian/tmp with wrong extensions.
* Move some less frequently used tools to subversion-tools and include the
fsfs-* tools. (Closes: #764689)
* Switch from specifying gcj as the Java implementation to default-jdk.
(Closes: #737527, #421400)
- Remove patches/java-build
-- James McCoy <email address hidden> Sat, 25 Oct 2014 21:47:16 -0400
subversion (1.8.10-2) unstable; urgency=medium
* Add patches/test-failure-with-optimizations from upstream to fix test
failures with certain build configurations. (Closes: #757773)
* Add patches/libtoolize from upstream to support the Multi-Arch libtool
packaging. (Closes: #761789)
-- James McCoy <email address hidden> Wed, 24 Sep 2014 20:54:34 -0400
subversion (1.8.10-1) unstable; urgency=medium
* New upstream release. Refresh patches.
- Includes security fixes:
+ CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
+ CVE-2014-3528: credentials cached with svn may be sent to wrong
server.
* debian/rules: Avoid an unnecessary call to dpkg-buildflags.
* debian/control: Pre-Depend on ${misc:Pre-Depends} instead of hard-coding
multiarch-support, as suggested by Lintian.
-- James McCoy <email address hidden> Tue, 12 Aug 2014 21:57:23 -0400
| 1 → 75 of 127 results | First • Previous • Next • Last |
