Change log for subversion package in Debian
1 → 75 of 127 results | First • Previous • Next • Last |
subversion (1.14.3-1) unstable; urgency=medium * Update to new upstream version 1.14.3. -- James McCoy <email address hidden> Mon, 01 Jan 2024 12:21:16 -0500
Available diffs
- diff from 1.14.2-5 to 1.14.3-1 (60.0 KiB)
subversion (1.14.2-5) unstable; urgency=medium * Add future=+lfs build options to ensure use of 64-bit filesystem APIs * Add commented example for SVNListParentPath in dav_svn.conf (Closes: #1031229) * Remove BUILD directory and other detritus during clean (Closes: #1046849) * Backport upstream patch to fix missing version in pkg-config files (Closes: #1055242) + autogen.sh: export environment variable "PYTHON", for autoheader and autoconf * Skip dh_autoreconf, since we already call autogen.sh -- James McCoy <email address hidden> Fri, 03 Nov 2023 19:34:37 -0400
Available diffs
subversion (1.14.2-4) unstable; urgency=medium * Backport patch to fix building with swig 4.1 (Closes: #1023529) -- James McCoy <email address hidden> Sat, 12 Nov 2022 15:30:30 -0500
Available diffs
- diff from 1.14.2-3 to 1.14.2-4 (1.5 KiB)
- diff from 1.14.2-3build2 (in Ubuntu) to 1.14.2-4 (1.6 KiB)
Published in buster-release |
subversion (1.10.4-1+deb10u3) buster-security; urgency=high * Security Fixes: - CVE-2021-28544: Don't show unreadable copyfrom paths in 'svn log -v' - CVE-2022-24070: Fix issue #4880 "Use-after-free of object-pools when used as httpd module" -- James McCoy <email address hidden> Wed, 06 Apr 2022 21:09:19 -0400
subversion (1.14.2-3) unstable; urgency=medium * Re-enable the ability to store plaintext passwords (Closes: #995692) * Bump debhelper-compat to 13 * Adjust lacks-unversioned-link-to-shared-library overrides * Adjust package-contains-upstream-installation-documentation override * Document uninstalled files in debian/not-installed -- James McCoy <email address hidden> Tue, 12 Jul 2022 10:03:54 -0400
Available diffs
- diff from 1.14.2-2 to 1.14.2-3 (1.3 KiB)
Published in bullseye-release |
subversion (1.14.1-3+deb11u1) bullseye-security; urgency=high * Security Fixes: - CVE-2021-28544: Don't show unreadable copyfrom paths in 'svn log -v' - CVE-2022-24070: Fix issue #4880 "Use-after-free of object-pools when used as httpd module" * Switch gpb.conf and Vcs-Git to debian/bullseye branch -- James McCoy <email address hidden> Tue, 05 Apr 2022 19:23:59 -0400
subversion (1.14.2-2) unstable; urgency=medium * Skip building java bindings on kfreebsd-*. Thanks to Laurent Bigonville for the suggestion (Closes: #1012379) * Skip building ruby bindings on ia64 and kfreebsd-* * Disable kwallet support on kfreebsd-* * Use autogen-swig-{pl,py,rb} targets instead of autogen-swig (Closes: #986174) * Declare compliance with Policy 4.6.1, no changes needed * Fix handling of verbose/terse build logs -- James McCoy <email address hidden> Mon, 06 Jun 2022 20:42:25 -0400
Available diffs
- diff from 1.14.2-1 to 1.14.2-2 (2.8 KiB)
subversion (1.14.2-1) unstable; urgency=high * Update to new upstream version 1.14.2. + Security Fixes: - CVE-2021-28544: Don't show unreadable copyfrom paths in 'svn log -v' - CVE-2022-24070: Fix issue #4880 "Use-after-free of object-pools when used as httpd module" * libsvn1: Add wildcard to symbols-declares-dependency-on-other-package override * subversion-tools: Adjust wildcards for ruby-script-but-no-ruby-dep * Declare compliance with Policy 4.6.0, no changes needed * Update upstream signing keys * Re-enable testCrash_RequestChannel_nativeRead_AfterException, fixed upstream -- James McCoy <email address hidden> Tue, 12 Apr 2022 08:38:19 -0400
Available diffs
- diff from 1.14.1-3build4 (in Ubuntu) to 1.14.2-1 (390.7 KiB)
Superseded in buster-release |
subversion (1.10.4-1+deb10u2) buster-security; urgency=high * Backport security fixes from upstream: + CVE-2020-17525: Remote unauthenticated denial-of-service in Subversion mod_authz_svn (Closes: #982464) -- James McCoy <email address hidden> Wed, 10 Feb 2021 15:15:45 -0500
subversion (1.14.1-3) unstable; urgency=medium * Correctly disable testCrash_RequestChannel_nativeRead_AfterException (Closes: #982684) -- James McCoy <email address hidden> Wed, 17 Feb 2021 21:52:03 -0500
Available diffs
- diff from 1.14.0-3build2 (in Ubuntu) to 1.14.1-3 (77.6 KiB)
- diff from 1.14.1-1 to 1.14.1-3 (1.0 KiB)
subversion (1.14.1-2) unstable; urgency=medium * Temporarily disable testCrash_RequestChannel_nativeRead_AfterException (Closes: #982684) * rules: Remove clean from .PHONY -- James McCoy <email address hidden> Wed, 17 Feb 2021 07:46:16 -0500
subversion (1.14.1-1) unstable; urgency=high * Update to new upstream version 1.14.1. + Fix FTBFS with OpenJDK 17 (Closes: #982084) + Security fix: - CVE-2020-17525: Remote unauthenticated denial-of-service in Subversion mod_authz_svn (Closes: #982464) -- James McCoy <email address hidden> Wed, 10 Feb 2021 21:17:14 -0500
Available diffs
subversion (1.14.0-3) unstable; urgency=medium * Rename python suffixes to the versioned python suffix. Thanks to Matthias Klose for the patch (Closes: #972197) * Rename python-script-but-no-python-dep override to python3 version -- James McCoy <email address hidden> Sat, 31 Oct 2020 20:44:20 -0400
Available diffs
subversion (1.14.0-2) unstable; urgency=medium * Backport patch from upstream to fix FTBFS (Closes: #966989) - Fix crash in JavaHL JNI wrapper caused by object lifetimes * svn_load_dirs.1: Use correct groff macro for single-quote * Update lintian overrides to account for renamed tags -- James McCoy <email address hidden> Mon, 17 Aug 2020 13:01:19 -0400
Available diffs
- diff from 1.14.0-1 to 1.14.0-2 (2.2 KiB)
subversion (1.14.0-1) unstable; urgency=medium * Update to new upstream version 1.14.0. * Install NOTICE as required by Apache license * rules: Disable dh_auto_test for Arch: all builds -- James McCoy <email address hidden> Wed, 03 Jun 2020 22:21:57 -0400
Available diffs
- diff from 1.13.0-4 to 1.14.0-1 (704.3 KiB)
subversion (1.13.0-4) unstable; urgency=medium * Disable building python-subversion if SWIG 4.0 is installed (Closes: #954866) * Remove python-subversion from subversion-tool's Recommends -- James McCoy <email address hidden> Sat, 25 Apr 2020 08:58:28 -0400
Available diffs
- diff from 1.13.0-3 to 1.13.0-4 (2.2 KiB)
Deleted in experimental-release (Reason: None provided.) |
subversion (1.14.0~rc2-3) experimental; urgency=medium * copyright: Add details for build/ac-macros/ax_boost_* * Stop installing NOTICE, since debian/copyright has all the information -- James McCoy <email address hidden> Wed, 22 Apr 2020 07:57:45 -0400
Superseded in experimental-release |
subversion (1.14.0~rc2-2) experimental; urgency=medium * Ship svnshell as an example, not under /usr/bin/ * Switch to using dh instead of plain debhelper * Fix an error leak in debian/patches/last-changed-date-charset. Thanks to Daniel Shahaf for the patch. (Closes: #956921) -- James McCoy <email address hidden> Tue, 21 Apr 2020 23:05:17 -0400
Superseded in experimental-release |
subversion (1.14.0~rc2-1) experimental; urgency=medium * Update to new upstream version 1.14.0~rc2. + Fix crash when using git-svn with kwallet. (Closes: #945443) + Escape filenames when invoking $SVN_EDITOR. (Closes: #577118) + Transition Python bindings from python 2 to python 3. (Closes: #739790, #938578) * Remove python-subversion from subversion-tool's Recommends, since nothing uses the Python bindings. * Replace python-subversion with python3-subversion + Build-Depend on swig (>= 3.0.10), instead of swig3.0 (Closes: #954866) + Add new Build-Depends on py3c + Build-Depend on python3-all-dev instead of python-all-dev * rules: Run tests in parallel according to DEB_BUILD_OPTIONS setting * libsvn1.symbols: Update for 1.14 API changes * Add support for pkg.subversion.noruby Build-Profile * Build-Conflict against incompatible libsvn1/libsvn-dev * lintian: Override concatenated-upstream-signatures * Update release notes for 1.9 - 1.13 and add 1.14 -- James McCoy <email address hidden> Sun, 12 Apr 2020 15:37:14 -0400
subversion (1.13.0-3) unstable; urgency=medium [ James McCoy ] * rules: Use "pyversions -s" instead of "pyversions -i" * Build with swig3.0 to fix FTBFS with swig4.0 (Closes: #951893) * Declare compliance with Policy 4.5.0, no changes needed * Build-Depend on debhelper-compat (= 12) [ Dimitri John Ledkov ] * swig.m4: Do not include ruby include subdir -- James McCoy <email address hidden> Tue, 24 Mar 2020 08:33:36 -0400
Available diffs
Published in stretch-release |
subversion (1.9.5-1+deb9u5) stretch-security; urgency=medium * Non-maintainer upload. * Backport upstream fix for segfault with new mod_http2 from DSA-4509-1. Closes: #936034 -- Stefan Fritsch <email address hidden> Mon, 30 Sep 2019 09:03:27 +0200
subversion (1.13.0-2) unstable; urgency=medium [ James McCoy ] * gbp.conf: Do not number patches [ Steve Langasek ] * use python2 as the interpreter now for tests, not python (Closes: #948770) -- James McCoy <email address hidden> Sun, 19 Jan 2020 08:59:14 -0500
Available diffs
subversion (1.13.0-1) unstable; urgency=medium * New upstream release * debian/watch: + Monitor 1.13.x versions * Update upstream signing keys * debian/control: + Bump minimum jdk version to 1.8 + Switch to junit4 for Java tests + Bump libsvn-dev Build-Conflicts to << 1.13~ + Remove obsolete Build-Depends on apache2-dev + Fix a typos in the pkg.subversion.nokde profile name * Declare compliance with Policy 4.4.1, no changes needed * Fix FTBFS on certain archs due to PIC/PIE interaction. Thanks to Thorsten Glaser for the patch (Closes: #942798) * libsvn1.symbols: + Mark private/experimental symbols as optional + Update symbols for 1.11, 1.12, and 1.13 * debian/tests: + Replace $ADTTMP with $AUTOPKGTEST_TMP * Add fetch-keys script to update/minimize signing-key.asc * Add a pkg.subversion.nojava build profile -- James McCoy <email address hidden> Thu, 28 Nov 2019 22:11:05 -0500
Available diffs
Superseded in stretch-release |
subversion (1.9.5-1+deb9u4) stretch-security; urgency=high * Backport security fixes from upstream: + CVE-2018-11782: Remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'. + CVE-2018-0203: Remote unauthenticated denial-of-service in Subversion svnserve. -- James McCoy <email address hidden> Mon, 29 Jul 2019 22:45:42 -0400
Superseded in buster-release |
subversion (1.10.4-1+deb10u1) buster-security; urgency=high * Backport security fixes from upstream: + CVE-2018-11782: Remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'. + CVE-2018-0203: Remote unauthenticated denial-of-service in Subversion svnserve. -- James McCoy <email address hidden> Sat, 27 Jul 2019 22:44:06 -0400
subversion (1.10.6-1) unstable; urgency=medium * Update to new upstream version 1.10.6. + Security fix - CVE-2018-11782: Remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev' - CVE-2019-0203: Remote unauthenticated denial-of-service in Subversion svnserve * Support a pkg.subversion.nokde build profile. Thanks to Jason Duerstock for the patch (Closes: #929326) -- James McCoy <email address hidden> Wed, 31 Jul 2019 07:01:38 -0400
Available diffs
subversion (1.10.4-1) unstable; urgency=medium * Update to new upstream version 1.10.4 (Closes: #919767) + Security fix - CVE-2018-11803: Malicious SVN clients can crash mod_dav_svn * d/copyright: Convert to copyright format 1.0 * Replace hand-written postinst/rm with maintscript helper * lintian: Minimize the upstream signing key * Declare compliance with Policy 4.3.0, no changes needed -- James McCoy <email address hidden> Tue, 22 Jan 2019 22:41:34 -0500
Superseded in stretch-release |
subversion (1.9.5-1+deb9u3) stretch; urgency=medium * Backport r1827688, fixing a regression introduced in the fixes for SHA1 collisions, where commits would incorrectly fail with a "Filesystem is corrupt" error if the delta length is a multiple of 16K. -- James McCoy <email address hidden> Fri, 20 Jul 2018 22:35:40 -0400
subversion (1.10.3-1) unstable; urgency=medium * Update to new upstream version 1.10.3. * lintian: + Update libapache2-mod-svn override due to tag being renamed + Add libsvn1 override for package-name-doesnt-match-sonames * libsvn-{java,dev}: Use absolute target path for symlink_to_dir calls (Closes: #910233) * rules: Allow quiet builds when DEB_BUILD_OPTIONS=terse * Declare compliance with Policy 4.2.1 * libsvn-java: Remove obsolete libsvn-jni Conflicts/Replaces * Update release notes -- James McCoy <email address hidden> Sat, 20 Oct 2018 14:27:55 -0400
Deleted in experimental-release (Reason: None provided.) |
subversion (1.11.0~rc2-1) experimental; urgency=medium * Update to new upstream version 1.11.0~rc2. + Drop java patch now that upstream can build against Java 10 * control: + Bump minimum Java version to 1.8 + Bump Build-Conflicts on libsvn-dev * Add 1.11 release notes and update others * libsvn1: Add new symbols, remove obsolete experimental shelving APIs * lintian: + Update libapache2-mod-svn override due to tag being renamed + Add libsvn1 override for package-name-doesnt-match-sonames * libsvn-{java,dev}: Use absolute target path for symlink_to_dir calls (Closes: #910233) * rules: Allow quiet builds when DEB_BUILD_OPTIONS=terse * Declare compliance with Policy 4.2.1 * libsvn-java: Remove obsolete libsvn-jni Conflicts/Replaces -- James McCoy <email address hidden> Tue, 09 Oct 2018 22:21:31 -0400
subversion (1.10.2-1) unstable; urgency=medium * New upstream release * Switch to dgit-maint-debrebase(7) workflow * debian/tests: Use $AUTOPKGTEST_TMP if $ADTTMP is not set * debian/tests: Add a basic test for svnserve -- James McCoy <email address hidden> Sat, 04 Aug 2018 12:28:03 -0400
Superseded in stretch-release |
subversion (1.9.5-1+deb9u2) stretch; urgency=medium * Backport r1759116, working around an issue in APR's trunc API. This is a prerequisite for the SHA1/shattered fixes. * Backport r1794527 and r1796725 to prevent the possibility of rep-sharing between a directory rep and a file/prop rep. * Backport r1795993 and r1796470 to reject commits which would introduce hash collisions with existing data, thus addressing the SHA1/shattered issue. -- James McCoy <email address hidden> Sat, 30 Jun 2018 09:44:22 -0400
Published in jessie-release |
subversion (1.8.10-6+deb8u6) jessie; urgency=medium * Backport patches/perl-swig-crash from upstream to fix crashes with Perl bindings, commonly seen when using git-svn (Closes: #780246, #534763). -- James McCoy <email address hidden> Mon, 26 Feb 2018 22:00:47 -0500
subversion (1.10.0-2) unstable; urgency=medium * Build native java bindings using javac instead of javah. Thanks to Emmanuel Bourg (Closes: #897555) -- James McCoy <email address hidden> Sat, 16 Jun 2018 10:00:22 -0400
subversion (1.10.0-1) unstable; urgency=medium * Upload new upstream release to unstable * control: Adjust debhelper Build-Depends to ease backporting -- James McCoy <email address hidden> Wed, 18 Apr 2018 12:29:55 -0400
Deleted in experimental-release (Reason: None provided.) |
subversion (1.10.0~rc2-1) experimental; urgency=medium * New upstream pre-release + Fix test failure on alpha due to unaligned memory access. (Closes: #823133) * control: Set Rules-Requires-Root to no * dav_svn.conf: Clarify wording about SVNPath/SVNParentPath (LP: #917147) * Enable libsvn-java on ia64 * Update upstream signing keys * rules: + Move install-javahl-java rule to install-arch + Ensure Perl binding shared libs are writable before deleting RPATH * subversion-tools: Change exim4 | m-t-a Recommends to default-mta | m-t-a * Declare compliance with Policy 4.1.4, no changes required -- James McCoy <email address hidden> Sat, 07 Apr 2018 11:09:43 -0400
subversion (1.9.7-4) unstable; urgency=medium * Actually drop quilt Build-Depends * Change Vcs-* to salsa.d.o * Declare compliance with Policy 4.1.3, no changes needed * Switch default-jdk Build-Depends to headless variant * Disable parallelization for local-install target * Disable libsvn-java on ia64 -- James McCoy <email address hidden> Mon, 05 Mar 2018 19:47:43 -0500
Superseded in experimental-release |
subversion (1.10.0~rc1-2) experimental; urgency=medium * libsvn1.symbols: Use 1.10, not 1.10~rc1, for the new symbols * Mark libsvn-perl Multi-Arch: same -- James McCoy <email address hidden> Fri, 02 Mar 2018 08:28:39 -0500
Superseded in jessie-release |
subversion (1.8.10-6+deb8u5) jessie-security; urgency=high * patches/CVE-2016-8734: Unrestricted XML entity expansion in HTTP clients * patches/CVE-2017-9800: Arbitrary code execution on clients through malicious svn+ssh URLs in svn:externals and svn:sync-from-url -- James McCoy <email address hidden> Wed, 09 Aug 2017 21:08:28 -0400
subversion (1.9.7-3) unstable; urgency=medium * Remove workaround for #871514, now that it's fixed. * Convert package to 3.0 (quilt) * Stop generating libsvn-perl.install. The multi-arch vendor directory has been in effect since jessie. * debian/rules: + Ensure $(PY_DIR) always exists so the upstream Makefiles don't try to recreate it, causing the build to fail. + Add .NOTPARALLEL to prevent install-arch's dh_prep from deleting files install-indep installed or vice-versa. Thanks to Robert McQueen for the idea. (Closes: #680125) * patches/build-fixes: + Stop patching out calls to serf_debug__closed_conn. This requires serf >= 1.3.9-4 to avoid gaining invalid Depends. + Remove out-of-tree swig changes. Using an absolute path for the out-of-tree directory and ensuring the relevant build directories exists resolves the problem. * patches/rpath: + Move INSTALLDIRS=vendor to debian/rules instead of patching upstream code. + Use "chrpath -d" to remove RPATHs instead of changing various bits of upstream build system. * Lintian: + Use https URL in debian/watch + Change extra Priorities to optional * Declare compliance with Policy 4.1.2 * Mark libsvn-{doc,dev} Multi-Arch: foreign/same, respectively, per the multiarch hinter. -- James McCoy <email address hidden> Fri, 08 Dec 2017 22:26:53 -0500
Superseded in stretch-release |
subversion (1.9.5-1+deb9u1) stretch-security; urgency=high * patches/CVE-2017-9800: Arbitrary code execution on clients through malicious svn+ssh URLs in svn:externals and svn:sync-from-url -- James McCoy <email address hidden> Tue, 08 Aug 2017 23:04:58 -0400
subversion (1.9.7-2) unstable; urgency=medium * Disable optimizations on mips64el to workaround GCC bug #871514. * Use debhelper's dh_update_autotools_config and drop explicit Build-Depends on autotools-dev. -- James McCoy <email address hidden> Wed, 16 Aug 2017 22:50:12 -0400
subversion (1.9.7-1) unstable; urgency=high * New upstream release + Security fix - CVE-2017-9800: Arbitrary code execution on clients through malicious svn+ssh URLs in svn:externals and svn:sync-from-url -- James McCoy <email address hidden> Thu, 10 Aug 2017 12:59:16 -0400
subversion (1.9.6-1) unstable; urgency=medium * New upstream release + Subversion server will now reject commits which cause SHA1 collisions, if rep-sharing is enabled (as it is by default) in db/fsfs.conf. * Remove Peter Samuelson as maintainer, at request of MIA team. Thanks for all the fish! (Closes: #852219) * Revise metadata for subversion. (Closes: #863037) + Add mention of svnsync to Description + Suggests libapache2-mod-svn * Remove "-pie" from hardening options since the semantics changed in dpkg 1.18.13. Thanks to Adrian Bunk for the explanation/patch. (Closes: #865696) * Bump minimum SQLite compatibility to 3.8.7 * Declare compliance with Policy 4.0.0, no changes needed * Bump debhelper compat to 10 -- James McCoy <email address hidden> Sun, 09 Jul 2017 22:27:49 -0400
subversion (1.9.5-1) unstable; urgency=medium * New upstream release + Security fix - CVE-2016-8734: Unrestricted XML entity expansion in HTTP clients + Fix corruption of "{DATE}" revision variable in swig-pl. (Closes: #843138) + Remove patches: - ruby-frozen-nil: Alternative fix committed upstream. - Backported patches: perl-swig-crash, swig3.x-compat, r1722164-swig-cppflags * Fix #! lines for libsvn-{java,dev}.postinst. (Closes: #843292, #843288) * Remove maintainer scripts that were handling pre-Jessie changes. * Use dh_apache2's substvars in libapache2-mod-svn. -- James McCoy <email address hidden> Tue, 29 Nov 2016 22:50:42 -0500
subversion (1.9.4-3) unstable; urgency=medium * Build with hardening flags * Backport patches/perl-swig-crash from upstream to fix crashes with the Perl bindings, commonly seen when using git-svn. (Closes: #780246, #534763) -- James McCoy <email address hidden> Sat, 03 Sep 2016 14:45:04 -0400
subversion (1.9.4-2) unstable; urgency=medium * Add Build-Depends on rename package and invoke rename instead of prename. (Closes: #826057) * Fix removal of .so/.la files for private libsvn_ra_{serf,local} from -dev package. * Replace use of debhelper's deprecated -s with -a * Declare compliance with Policy 3.9.8, no changes required * Use https URL for Vcs-Browser -- James McCoy <email address hidden> Mon, 25 Jul 2016 22:48:13 -0400
Superseded in jessie-release |
subversion (1.8.10-6+deb8u4) jessie-security; urgency=high + patches/CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm + patches/CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check -- James McCoy <email address hidden> Wed, 27 Apr 2016 20:00:25 -0400
subversion (1.9.4-1) unstable; urgency=high * New upstream release. + Security fixes - CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm - CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check + Remove merged patch ruby-test-unit. + Fix non-canonical path assertion in svn-graph.pl. (Closes: #702922) + Abort a commit on Ctrl-C. (Closes: #502222, #501971) * d/rules: Remove an extraneous "done" to fix FTBFS when bash is $SHELL. (Closes: #821930) -- James McCoy <email address hidden> Wed, 27 Apr 2016 20:47:49 -0400
Superseded in jessie-release |
subversion (1.8.10-6+deb8u3) jessie; urgency=medium * patches/r1701440-kwallet-segfault: Fix segfault when using kwallet to store authentication information. (Closes: #736879) -- James McCoy <email address hidden> Fri, 11 Mar 2016 20:25:57 -0500
subversion (1.9.3-3) unstable; urgency=medium * Remove transitional packages and maintainer snippets supporting upgrades from pre-jessie systems. * Enable libsvn-java on m68k and sparc64, since openjdk-8-jdk is now available on those archs. * Declare compliance with policy 3.9.7, no changes needed. * Remove subversion-dbg package in favor of automatic -dbgsym package. * Bump debhelper compat to 9. * Fix FTBFS on mips(el) by working around GCC bug #816698 * Fix SWIG build issues + Backport patches/swig3.x-compat from upstream + Switch back to “Build-Depends: swig” (Closes: #817002) -- James McCoy <email address hidden> Mon, 14 Mar 2016 00:34:52 -0400
Superseded in jessie-release |
subversion (1.8.10-6+deb8u2) jessie-security; urgency=high * patches/r1708699-mod_auth_ntlm-kerb-fix: Fix regression interacting with mod_auth_kerb/mod_auth_ntlm in due to CVE-2015-3814 patch. (Closes: #797216) * patches/CVE-2015-5343: Heap overflow and out-of-bounds read in mod_dav_svn -- James McCoy <email address hidden> Tue, 15 Dec 2015 20:23:11 -0500
subversion (1.9.3-2) unstable; urgency=medium * Remove -Wdate-time from CPPFLAGS passed to swig. (Closes: #809054) -- James McCoy <email address hidden> Fri, 15 Jan 2016 22:45:33 -0500
subversion (1.9.3-1) unstable; urgency=high * New upstream release. + Security fixes - CVE-2015-5259: Heap overflow and out-of-bounds read in svn:// protocol parser - CVE-2015-5343: Heap overflow and out-of-bounds read in mod_dav_svn + Fix dumps of no-op changes with “svnadmin dump”. (Closes: #803725) + Fix segfault when performing a diff when repository is on server root. (Closes: #802611) + Fix translations of commit notifications. (Closes: #802156) + Fix authz with mod_auth_ntlm/mod_auth_kerb. (Closes: #797216) + Restore reporting (un)lock errors as failures. (Closes: #796781) -- James McCoy <email address hidden> Tue, 15 Dec 2015 20:26:57 -0500
subversion (1.9.2-3) unstable; urgency=medium * Re-enable libsvn-java on kfreebsd-*. * Ensure swig2.0 is used to avoid build failures, until upstream figures out how to work with swig >= 3.0. (Closes: #804389) * Fix FTBFS with Ruby 2.2 (Closes: #803589) + Add ruby-frozen-nil patch to create a new Object instead of trying to make modifications to the nil object. + Add ruby-test-unit patch to be compatible with the ruby-test-unit gem as well as the older test-unit API provided by minitest. -- James McCoy <email address hidden> Mon, 09 Nov 2015 19:22:18 -0500
subversion (1.9.2-2) unstable; urgency=medium * Fix FTBFS with older Ruby versions by using RbConfig['vendorarchdir'] to find the .a/.la files we're deleting. -- James McCoy <email address hidden> Sun, 18 Oct 2015 22:10:03 -0400
subversion (1.9.2-1) unstable; urgency=medium * New upstream release + Fix crash when saving credentials in kwallet. (Closes: #736879, LP: #563179) -- James McCoy <email address hidden> Wed, 23 Sep 2015 21:27:15 -0400
subversion (1.9.1-1) unstable; urgency=medium * New upstream release + Remove direct use of svn_fs_open2 from libsvn_fs_x, thus fixing the missing svn_fs_open2 symbol. (Closes: #795160) * Enable gpg verification of new releases. * Rename bash-completion file to svn and add symlinks for all other commands which have completion. (Closes: #797648) * debian/tests/libapache2-mod-svn: Stop apache2 before ending the test, to avoid leaving stray processes running. -- James McCoy <email address hidden> Mon, 07 Sep 2015 19:21:22 -0400
Published in wheezy-release |
subversion (1.6.17dfsg-4+deb7u10) wheezy-security; urgency=high * patches/CVE-2015-3817: svn_repos_trace_node_locations() reveals paths hidden by authz -- James McCoy <email address hidden> Sun, 09 Aug 2015 23:39:21 -0400
Superseded in jessie-release |
subversion (1.8.10-6+deb8u1) jessie-security; urgency=high * Add (Build-)Depends on apache2 packages necessary for security fixes. * patches/CVE-2015-3814: Mixed anonymous/authenticated path-based authz with httpd 2.4 * patches/CVE-2015-3817: svn_repos_trace_node_locations() reveals paths hidden by authz -- James McCoy <email address hidden> Sat, 08 Aug 2015 22:32:18 -0400
Superseded in stretch-release |
subversion (1.8.13-1+deb9u1) stretch; urgency=medium * Add (Build-)Depends on apache2 packages necessary for security fixes. * patches/CVE-2015-3814: Mixed anonymous/authenticated path-based authz with httpd 2.4 * patches/CVE-2015-3817: svn_repos_trace_node_locations() reveals path hidden by authz -- James McCoy <email address hidden> Wed, 12 Aug 2015 20:31:26 -0400
subversion (1.9.0-1) unstable; urgency=medium * Upload to unstable * New upstream release. + Security fixes - CVE-2015-3184: Mixed anonymous/authenticated path-based authz with httpd 2.4 - CVE-2015-3187: svn_repos_trace_node_locations() reveals paths hidden by authz * Add >= 2.7 requirement for python-all-dev Build-Depends, needed to run tests. * Remove Build-Conflicts against ruby-test-unit. (Closes: #791844) * Remove patches/apache_module_dependency in favor of expressing the dependencies in authz_svn.load/dav_svn.load. * Build-Depend on apache2-dev (>= 2.4.16) to ensure ap_some_authn_required() is available when building mod_authz_svn and Depend on apache2-bin (>= 2.4.16) for runtime support. -- James McCoy <email address hidden> Fri, 07 Aug 2015 21:32:47 -0400
Deleted in experimental-release (Reason: None provided.) |
subversion (1.9.0~rc3-1) experimental; urgency=medium * New upstream pre-release. * Point the Vcs-* URLs at the right directory -- James McCoy <email address hidden> Thu, 16 Jul 2015 19:39:54 -0400
Superseded in experimental-release |
subversion (1.9.0~rc2-2) experimental; urgency=medium * Bump minimum JDK version to 1.6 in accordance with upstream change, “javahl: requires Java 1.6 (r1677003)” - This causes libsvn-java to no longer be available where gcj is the only available Java implementation -- James McCoy <email address hidden> Thu, 11 Jun 2015 22:29:08 -0400
Superseded in experimental-release |
subversion (1.9.0~rc2-1) experimental; urgency=medium * New upstream pre-release. Refresh patches. -- James McCoy <email address hidden> Tue, 02 Jun 2015 06:52:59 -0400
Superseded in experimental-release |
subversion (1.9.0~rc1-2) experimental; urgency=medium * Install bash completion to /usr/share/bash-completion/completions * Add dav_svn_get_repos_path2 symbol to apache_module_dependency patch. (Closes: #786903) -- James McCoy <email address hidden> Fri, 29 May 2015 20:07:32 -0400
subversion (1.8.13-1) unstable; urgency=medium * New upstream release. Refresh patches. - Remove backported patches CVE-2014-8108, CVE-2014-3580, CVE-2015-0202, CVE-2015-0248, CVE-2015-0251, ruby2.0-build-fixes, and test-failure-with-optimizations. * Add patches wc-queries-test1-r1672295 and wc-queries-test2-r1673691, from upstream, to fix wc-queries test failures with new SQLite versions. (Closes: #785496) -- James McCoy <email address hidden> Fri, 22 May 2015 02:43:09 -0400
Superseded in experimental-release |
subversion (1.9.0~rc1-1) experimental; urgency=medium * New upstream pre-release. Refresh patches. + Remove backported patches libtoolize, ruby2.0-build-fixes, test-failure-with-optimizations, CVE-2014-3580, CVE-2014-8108, CVE-2015-0202, CVE-2015-0248, CVE-2015-0251. + New svn-vendor tool, alternative to svn_load_dirs. + svn-bench renamed to svnbench and moved to subversion package. + fsfs-stats tool replaced by the "stats" subcommand of the new svnfsfs command. + Minimum supported version of serf bumped to 1.3.4. + pkgconfig files are available for the various libsvn_* libraries. * debian/rules: Add new generated files to clean target * debian/control: + Remove Troy Heber from Uploaders, at his request. Thanks for all the fish! + Add dh-python to Build-Depends -- James McCoy <email address hidden> Mon, 11 May 2015 19:56:48 -0400
subversion (1.8.10-6) unstable; urgency=high * patches/CVE-2015-0202: Excessive memory use with certain REPORT requests against mod_dav_svn with FSFS repositories * patches/CVE-2015-0248: Assertion DoS vulnerability for certain mod_dav_svn and svnserve requests with dynamically evaluated revision numbers * patches/CVE-2015-0251: mod_dav_svn allows spoofing svn:author property values for new revisions -- James McCoy <email address hidden> Tue, 31 Mar 2015 22:51:18 -0400
Superseded in wheezy-release |
subversion (1.6.17dfsg-4+deb7u8) wheezy-security; urgency=high * Fix “undefined symbol: dav_svn__new_error” regression in previous upload. -- Florian Weimer <email address hidden> Sat, 20 Dec 2014 20:43:35 +0100
subversion (1.8.10-5) unstable; urgency=medium * patches/CVE-2014-8108: mod_dav_svn DoS vulnerability with invalid virtual transaction names (Closes: #773315) * patches/CVE-2014-3580: mod_dav_svn DoS vulnerability with invalid REPORT requests (Closes: #773263) -- James McCoy <email address hidden> Wed, 17 Dec 2014 00:11:03 -0500
subversion (1.8.10-4) unstable; urgency=medium * control: Use "dh_install --list-missing" instead of --fail-missing to avoid a FTBFS with parallel builds. (Closes: #768903) -- James McCoy <email address hidden> Mon, 10 Nov 2014 22:19:02 -0500
subversion (1.8.10-3) unstable; urgency=medium * Add a NEWS item describing that 1.7.x and later do not support having a working copy which spans multiple filesystems. (Closes: #766285) * rules: Needs more MAN3EXT so generated swig-pl Makefile never installs files to debian/tmp with wrong extensions. * Move some less frequently used tools to subversion-tools and include the fsfs-* tools. (Closes: #764689) * Switch from specifying gcj as the Java implementation to default-jdk. (Closes: #737527, #421400) - Remove patches/java-build -- James McCoy <email address hidden> Sat, 25 Oct 2014 21:47:16 -0400
subversion (1.8.10-2) unstable; urgency=medium * Add patches/test-failure-with-optimizations from upstream to fix test failures with certain build configurations. (Closes: #757773) * Add patches/libtoolize from upstream to support the Multi-Arch libtool packaging. (Closes: #761789) -- James McCoy <email address hidden> Wed, 24 Sep 2014 20:54:34 -0400
subversion (1.8.10-1) unstable; urgency=medium * New upstream release. Refresh patches. - Includes security fixes: + CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs. + CVE-2014-3528: credentials cached with svn may be sent to wrong server. * debian/rules: Avoid an unnecessary call to dpkg-buildflags. * debian/control: Pre-Depend on ${misc:Pre-Depends} instead of hard-coding multiarch-support, as suggested by Lintian. -- James McCoy <email address hidden> Tue, 12 Aug 2014 21:57:23 -0400
1 → 75 of 127 results | First • Previous • Next • Last |