-
subversion (1.6.12dfsg-4ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: denial of service via baselined WebDAV resource
request
- debian/patches/CVE-2011-1752.patch: disallow GETs of baselined
versions of resources in subversion/mod_dav_svn/repos.c.
- CVE-2011-1752
* SECURITY UPDATE: mod_dav_svn resource exhaustion via infinite loop
- debian/patches/CVE-2011-1783.patch: validate path in
subversion/libsvn_repos/authz.c.
- CVE-2011-1783
* SECURITY UPDATE: mod_dav_svn permissions bypass via incorrect
resource URL
- debian/patches/CVE-2011-1921.patch: validate path in
subversion/mod_dav_svn/authz.c.
- CVE-2011-1921
-- Marc Deslauriers <email address hidden> Thu, 02 Jun 2011 13:15:00 -0400
-
subversion (1.6.12dfsg-4ubuntu2) natty; urgency=low
* SECURITY UPDATE: denial of service via request containing lock token
- debian/patches/CVE-2011-0715.patch: correctly handle locks being
passed when authn isn't enabled in subversion/mod_dav_svn/repos.c,
subversion/mod_dav_svn/version.c.
- CVE-2011-0715
-- Marc Deslauriers <email address hidden> Mon, 21 Mar 2011 13:03:32 -0400
-
subversion (1.6.12dfsg-4ubuntu1) natty; urgency=low
* Merge with Debian unstable. Remaining changes:
- Create pot file on build.
- Build a python-subversion-dbg package.
- (Build-)depend on default-jre-headless/-jdk.
- Do not apply java-build patch.
- debian/rules: Manually create the doxygen output directory, otherwise
we get weird build failures when running parallel builds.
- Disable the serf backend because serf is in universe.
- Don't override LD_LIBRARY_PATH completely but prepend to it as to not
break fakeroot.
- Fix FTBFS against Python 2.7 by disabling some problematic tests.
- debian/tools/Makefile:
+ Add APR_LIBS and use it when linking svn-make-config
+ svn_config_ensure() moved from libsvn_client/libsvn_client-1.la to
libsvn_subr/libsvn_subr-1.la.
subversion (1.6.12dfsg-4) unstable; urgency=high
* patches/loosen-sqlite-version-check: New patch: Relax the SQLite
version check, to match the Debian sqlite3 packaging.
(Closes: #608925)
* patches/cve-2010-4539: New patch for CVE-2010-4539, fixing a remotely
triggered crash in mod_dav_svn involving use of the SVNParentPath
feature. (Closes: #608989)
subversion (1.6.12dfsg-3) unstable; urgency=medium
* Apply two patches from upstream 1.6.15:
- patches/server-memleak: New patch: fix some server-side memory
leaks, including CVE-2010-4644.
- patches/no-wc1.7-check: New patch: Stop checking for being inside a
1.7 working copy. The value is too low and the performance penalty
too high.
-- Michael Bienia <email address hidden> Fri, 28 Jan 2011 14:14:19 +0100
-
subversion (1.6.12dfsg-2ubuntu3) natty; urgency=low
* debian/tools/Makefile: add APR_LIBS and use it when linking
svn-make-config:
APR_LIBS = `apr-config --ldflags --link-ld --libs`
-- Loic Minier <email address hidden> Sat, 20 Nov 2010 11:21:18 +0100
-
subversion (1.6.12dfsg-2ubuntu2) natty; urgency=low
[ Barry Warsaw ]
* Fix FTBFS against Python 2.7 by disabling some problematic tests.
(LP: #670139)
[ Loïc Minier ]
* Fix FTBFS in natty; LP: #670139; thanks Barry Warsaw.
- Don't override LD_LIBRARY_PATH completely but prepend to it as to not
break fakeroot.
- debian/tools/Makefile: svn_config_ensure() moved from
libsvn_client/libsvn_client-1.la to libsvn_subr/libsvn_subr-1.la.
-- Barry Warsaw <email address hidden> Fri, 12 Nov 2010 15:16:04 -0500
-
subversion (1.6.12dfsg-2ubuntu1) natty; urgency=low
* Merge from debian unstable. Remaining changes:
- Create pot file on build.
- Build a python-subversion-dbg package.
- (Build-)depend on default-jre-headless/-jdk.
- Do not apply java-build patch.
- debian/rules: Manually create the doxygen output directory, otherwise
we get weird build failures when running parallel builds.
- Disable the serf backend because serf is in universe.
- Amend the XS-Python-Version line to ">= 2.4" rather than explicit
versions.
subversion (1.6.12dfsg-2) unstable; urgency=medium
* patches/cve-2010-3315: New patch for CVE-2010-3315, whereby, in rare
configurations, mod_dav_svn could give too much access to authorized
users.
* control: Update Vcs-* fields, Homepage, Policy to 3.9.1 (no changes),
tweak python version declaration (Closes: #587853).
-- Michael Vogt <email address hidden> Mon, 18 Oct 2010 15:34:10 +0200
-
subversion (1.6.12dfsg-1ubuntu1) maverick; urgency=low
* Merge from debian testing (LP: #600914), remaining changes:
- Create pot file on build.
- Build a python-subversion-dbg package.
- (Build-)depend on default-jre-headless/-jdk.
- Do not apply java-build patch.
- debian/rules: Manually create the doxygen output directory, otherwise
we get weird build failures when running parallel builds.
- Disable the serf backend because serf is in universe.
- Amend the XS-Python-Version line to ">= 2.4" rather than explicit
versions.
subversion (1.6.12dfsg-1) unstable; urgency=medium
* Urgency medium, as it (probably) fixes some FTBFS.
* New upstream version.
- Fixes some or all cases of inappropriate need for read access to the
root of the repository. (Closes: #510883)
* Disable parallel mode for 'make check', which appears to have made
some build daemons sad.
* svn-bisect: use pegs to support bisecting in deleted branches.
Thanks Nikita Borodikhin. (Closes: #582344)
* patches/ruby-test-info: expand for more failures nobody can figure
out. Sigh.
* Upgrade from source format 1.0 to 1.0.
subversion (1.6.11dfsg-1) unstable; urgency=low
* New upstream version. Rediff a patch or two.
- Mergeinfo queries no longer require access to repository root.
(Ref: #510883)
- Ignores errors reading .svn/ in parent directories. (Closes: #570271)
* rules: Run 'check' target in parallel mode.
subversion (1.6.9dfsg-1) unstable; urgency=low
* New upstream release.
- patches/16x-po, patches/ruby-test-core: remove, applied upstream.
* patches/java-build: Update for gcj 4.4. Update the build dependency
too, as this version of the patch will not work on gcj 4.3.
Thanks to Nobuhiro Iwamatsu. (Closes: #561516)
* patches/build-fixes: Fix parallelism in 'doc-api' target. Again.
(Closes: #537297)
* patches/ruby-test-info: Disable the two failing ruby tests that
nobody can reproduce except on the buildds. (Closes: #545372)
-- Max Bowsher <email address hidden> Fri, 02 Jul 2010 06:54:21 +0100