-
subversion (1.9.7-2ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- Build a python-subversion-dbg package.
- Build-depend on python-all-dbg.
- debian/patches/verbose-tests: Make tests verbose.
* Updated changes:
- debian/rules: add verbosity level to --with-ruby-test-verbose
configure argument as the ruby swig test errors out without a
specific level
* Dropped Ubuntu changes:
- debian/patches/CVE-2017-9800-1.9.6.patch: fixed upstream
- debian/control: drop X-Python-Versions: as it is no longer
needed with 2.7 the only remaining supported python 2 version
and on obsolete flag
- debian/rules: drop change that ignores swig test failures
subversion (1.9.7-2) unstable; urgency=medium
* Disable optimizations on mips64el to workaround GCC bug #871514.
* Use debhelper's dh_update_autotools_config and drop explicit Build-Depends
on autotools-dev.
subversion (1.9.7-1) unstable; urgency=high
* New upstream release
+ Security fix
- CVE-2017-9800: Arbitrary code execution on clients through malicious
svn+ssh URLs in svn:externals and svn:sync-from-url
subversion (1.9.6-1) unstable; urgency=medium
* New upstream release
+ Subversion server will now reject commits which cause SHA1 collisions,
if rep-sharing is enabled (as it is by default) in db/fsfs.conf.
* Remove Peter Samuelson as maintainer, at request of MIA team. Thanks for
all the fish! (Closes: #852219)
* Revise metadata for subversion. (Closes: #863037)
+ Add mention of svnsync to Description
+ Suggests libapache2-mod-svn
* Remove "-pie" from hardening options since the semantics changed in dpkg
1.18.13. Thanks to Adrian Bunk for the explanation/patch. (Closes:
#865696)
* Bump minimum SQLite compatibility to 3.8.7
* Declare compliance with Policy 4.0.0, no changes needed
* Bump debhelper compat to 10
-- Ubuntu Merge-o-Matic <email address hidden> Thu, 17 Aug 2017 10:20:03 +0000
-
subversion (1.9.5-1ubuntu3) artful; urgency=medium
* SECURITY UPDATE: Arbitrary code execution on clients through
malicious svn+ssh URLs
- debian/patches/CVE-2017-9800-1.9.6.patch: ensure that host
arguments to ssh cannot be treated as ssh options.
- CVE-2017-9800
-- Steve Beattie <email address hidden> Fri, 11 Aug 2017 00:22:13 -0700
-
subversion (1.9.5-1ubuntu2) artful; urgency=medium
* No-change rebuild for perl 5.26.0.
-- Matthias Klose <email address hidden> Wed, 26 Jul 2017 20:13:22 +0000
-
subversion (1.9.5-1ubuntu1) zesty; urgency=low
* Merge from Debian unstable. Remaining changes:
- Build a python-subversion-dbg package.
- Build-depend on python-all-dbg.
- Only build on requested python versions (X-Python-Versions:).
- debian/patches/verbose-tests: Make tests verbose.
subversion (1.9.5-1) unstable; urgency=medium
* New upstream release
+ Security fix
- CVE-2016-8734: Unrestricted XML entity expansion in HTTP clients
+ Fix corruption of "{DATE}" revision variable in swig-pl. (Closes:
#843138)
+ Remove patches:
- ruby-frozen-nil: Alternative fix committed upstream.
- Backported patches: perl-swig-crash, swig3.x-compat,
r1722164-swig-cppflags
* Fix #! lines for libsvn-{java,dev}.postinst. (Closes: #843292, #843288)
* Remove maintainer scripts that were handling pre-Jessie changes.
* Use dh_apache2's substvars in libapache2-mod-svn.
subversion (1.9.4-3) unstable; urgency=medium
* Build with hardening flags
* Backport patches/perl-swig-crash from upstream to fix crashes with the
Perl bindings, commonly seen when using git-svn. (Closes: #780246,
#534763)
subversion (1.9.4-2) unstable; urgency=medium
* Add Build-Depends on rename package and invoke rename instead of prename.
(Closes: #826057)
* Fix removal of .so/.la files for private libsvn_ra_{serf,local} from -dev
package.
* Replace use of debhelper's deprecated -s with -a
* Declare compliance with Policy 3.9.8, no changes required
* Use https URL for Vcs-Browser
-- FJKong <email address hidden> Mon, 13 Feb 2017 22:27:30 +0800
