-
subversion (1.6.12dfsg-1ubuntu1.3) maverick-security; urgency=low
* SECURITY UPDATE: denial of service via baselined WebDAV resource
request
- debian/patches/CVE-2011-1752.patch: disallow GETs of baselined
versions of resources in subversion/mod_dav_svn/repos.c.
- CVE-2011-1752
* SECURITY UPDATE: mod_dav_svn resource exhaustion via infinite loop
- debian/patches/CVE-2011-1783.patch: validate path in
subversion/libsvn_repos/authz.c.
- CVE-2011-1783
* SECURITY UPDATE: mod_dav_svn permissions bypass via incorrect
resource URL
- debian/patches/CVE-2011-1921.patch: validate path in
subversion/mod_dav_svn/authz.c.
- CVE-2011-1921
-- Marc Deslauriers <email address hidden> Thu, 02 Jun 2011 13:25:34 -0400
-
subversion (1.6.12dfsg-1ubuntu1.2) maverick-security; urgency=low
* SECURITY UPDATE: denial of service via request containing lock token
- debian/patches/CVE-2011-0715.patch: correctly handle locks being
passed when authn isn't enabled in subversion/mod_dav_svn/repos.c,
subversion/mod_dav_svn/version.c.
- CVE-2011-0715
-- Marc Deslauriers <email address hidden> Mon, 21 Mar 2011 13:19:02 -0400
-
subversion (1.6.12dfsg-1ubuntu1.1) maverick-security; urgency=low
* SECURITY UPDATE: restriction bypass via named repo as a rule scope
- debian/patches/CVE-2010-3315.patch: use repo_basename in
subversion/mod_dav_svn/authz.c.
- CVE-2010-3315
* SECURITY UPDATE: denial of service via SVNParentPath walking
- debian/patches/CVE-2010-4539.patch: don't try and walk SVNParentPath
collection in subversion/mod_dav_svn/repos.c.
- CVE-2010-4539
* SECURITY UPDATE: denial of service via -g memory leaks
- debian/patches/CVE-2010-4644.patch: improve logic in
subversion/libsvn_repos/rev_hunt.c.
- CVE-2010-4644
-- Marc Deslauriers <email address hidden> Fri, 14 Jan 2011 12:25:49 -0600
-
subversion (1.6.12dfsg-1ubuntu1) maverick; urgency=low
* Merge from debian testing (LP: #600914), remaining changes:
- Create pot file on build.
- Build a python-subversion-dbg package.
- (Build-)depend on default-jre-headless/-jdk.
- Do not apply java-build patch.
- debian/rules: Manually create the doxygen output directory, otherwise
we get weird build failures when running parallel builds.
- Disable the serf backend because serf is in universe.
- Amend the XS-Python-Version line to ">= 2.4" rather than explicit
versions.
subversion (1.6.12dfsg-1) unstable; urgency=medium
* Urgency medium, as it (probably) fixes some FTBFS.
* New upstream version.
- Fixes some or all cases of inappropriate need for read access to the
root of the repository. (Closes: #510883)
* Disable parallel mode for 'make check', which appears to have made
some build daemons sad.
* svn-bisect: use pegs to support bisecting in deleted branches.
Thanks Nikita Borodikhin. (Closes: #582344)
* patches/ruby-test-info: expand for more failures nobody can figure
out. Sigh.
* Upgrade from source format 1.0 to 1.0.
subversion (1.6.11dfsg-1) unstable; urgency=low
* New upstream version. Rediff a patch or two.
- Mergeinfo queries no longer require access to repository root.
(Ref: #510883)
- Ignores errors reading .svn/ in parent directories. (Closes: #570271)
* rules: Run 'check' target in parallel mode.
subversion (1.6.9dfsg-1) unstable; urgency=low
* New upstream release.
- patches/16x-po, patches/ruby-test-core: remove, applied upstream.
* patches/java-build: Update for gcj 4.4. Update the build dependency
too, as this version of the patch will not work on gcj 4.3.
Thanks to Nobuhiro Iwamatsu. (Closes: #561516)
* patches/build-fixes: Fix parallelism in 'doc-api' target. Again.
(Closes: #537297)
* patches/ruby-test-info: Disable the two failing ruby tests that
nobody can reproduce except on the buildds. (Closes: #545372)
-- Max Bowsher <email address hidden> Fri, 02 Jul 2010 06:54:21 +0100
-
subversion (1.6.6dfsg-2ubuntu1) lucid; urgency=low
* Merge from debian unstable (LP: #483953).
Includes enabling kwallet support (LP: #481792, #466078).
Remaining changes:
- Create pot file on build.
- Build a python-subversion-dbg package.
- (Build-)depend on default-jre-headless/-jdk.
- Do not apply java-build patch.
- debian/rules: Manually create the doxygen output directory, otherwise
we get weird build failures when running parallel builds.
- Disable the serf backend because serf is in universe.
* Amend the XS-Python-Version line to ">= 2.4" rather than explicit
versions (only building for 2.6 in Lucid since that is the onl Python in
Lucid).
subversion (1.6.6dfsg-2) unstable; urgency=low
* Update svn-bisect (Closes: #535234), fix bugs, add features,
and write a manpage. Also mention it in the subversion-tools
Description. (Closes: #535187)
* Move from db4.7 to db4.8, tracking apr-util. (Closes: #557457)
* Move the example XSL and CSS files for mod_dav_svn to
/usr/share/doc/libapache2-svn/examples/. (Closes: #553535)
* patches/ruby-test-info: New patch to maybe address a FTBFS. (#545372)
Thanks Michael Diers, Joe Swatosh and Stefan Sperling. I expect that
this is not the only fix needed, but we shall see.
* patches/16x-po: New patch: a couple translation updates from 1.6.7.
* libsvn-java: depend on ${shlibs:Depends}, thanks Lintian.
* python-subversion: Update an outdated Lintian override.
* libsvn1: Add a handful of Lintian overrides.
subversion (1.6.6dfsg-1) unstable; urgency=low
* New upstream release.
- Reintroduce svn_load_dirs.pl: Dolby has agreed to an explicit free
software license. Thanks Blair Zajac for following up on this.
- patches/ruby-test-core: New patch from upstream to fix a new failure
in the ruby testsuite.
* Standards-Version 3.8.3 (no changes).
* control: Some housecleaning: remove some Conflicts/Replaces/Provides
that haven't been needed since etch.
* patches/build-fixes: add a small fix for parallel builds.
(Closes: #531369, #543110)
* patches/svn2cl-upstream: New patch to fix the XSL to better comply
with XML standards. (Closes: #546990)
* Enable kwallet support. (Closes: #539564)
- patches/kwallet-wid: New patch based very loosely on upstream work, to
let the kwallet library know your terminal's Window ID, if available.
- patches/apr-abi, patches/rpath: Fix the LINK_CXX target, now that
we're finally using it.
* Set dependency_libs='' in all .la files (Closes: #544877), as per:
http://lists.debian.org/debian-devel/2009/08/msg00783.html
-- Max Bowsher <email address hidden> Fri, 11 Dec 2009 23:48:13 +0000
