Hello community, here is the log from the commit of package subversion for openSUSE:Factory checked in at 2016-04-30 23:31:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/subversion (Old) and /work/SRC/openSUSE:Factory/.subversion.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "subversion" Changes: -------- --- /work/SRC/openSUSE:Factory/subversion/subversion.changes 2016-03-07 13:27:36.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.subversion.new/subversion.changes 2016-04-30 23:31:50.000000000 +0200 @@ -1,0 +2,30 @@ +Thu Apr 28 00:00:00 UTC 2016 - astieger@suse.com + +- Apache Subversion 1.9.4, fixing two server-side vulnerabilities: + * CVE-2016-2167: svnserve/sasl may authenticate users using the + wrong realm (boo#976849) + * CVE-2016-2168: Remotely triggerable DoS vulnerability in + mod_authz_svn during COPY/MOVE authorization check (boo#976850) +- Client-side bugfixes: + * diff: support '--summarize --ignore-properties' + * checkout: fix performance regression on NFS + * gpg-agent: properly handle passwords with percent characters + * svn-graph.pl: fix assertion about a non-canonical path + * hot-backup.py: better input validation + * commit: abort on Ctrl-C in plaintext password prompt + * diff: produce proper forward binary diffs with --git + * ra_serf: fix deleting directories with many files +- Server-side bugfixes: + * improve documentation for AuthzSVNGroupsFile and groups-db + * fsfs: reduce peak memory usage when listing large directories + * fsfs: fix a rare source of incomplete dump files and reports +- Client-side and server-side bugfixes: + * update INSTALL documentation file + * fix potential memory access bugs + * fix potential out of bounds read in svn_repos_get_logs5() +- Bindings bugfixes: + * ignore absent nodes in javahl version of svn status -u +- API changes: + * properly interpret parameters in svn_wc_get_diff_editor6() + +------------------------------------------------------------------- Old: ---- subversion-1.9.3.tar.bz2 subversion-1.9.3.tar.bz2.asc New: ---- subversion-1.9.4.tar.bz2 subversion-1.9.4.tar.bz2.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ subversion.spec ++++++ --- /var/tmp/diff_new_pack.y8ru5T/_old 2016-04-30 23:31:51.000000000 +0200 +++ /var/tmp/diff_new_pack.y8ru5T/_new 2016-04-30 23:31:51.000000000 +0200 @@ -36,7 +36,7 @@ %bcond_without python_ctypes %bcond_with all_regression_tests Name: subversion -Version: 1.9.3 +Version: 1.9.4 Release: 0 Summary: Subversion version control system License: Apache-2.0 @@ -53,7 +53,7 @@ Source15: svnserve.tmpfiles Source42: subversion.svngrep.sh Source43: subversion.svndiff.sh -Source50: https://people.apache.org/keys/group/subversion-pmc.asc#/subversion.keyring +Source50: https://people.apache.org/keys/group/subversion.asc#/subversion.keyring Source51: https://www.apache.org/dist/subversion/%{name}-%{version}.tar.bz2.asc Source92: %{name}.rpmlintrc Patch11: subversion.libtool-verbose.patch ++++++ subversion-1.9.3.tar.bz2 -> subversion-1.9.4.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/subversion/subversion-1.9.3.tar.bz2 /work/SRC/openSUSE:Factory/.subversion.new/subversion-1.9.4.tar.bz2 differ: char 11, line 1 ++++++ subversion-no-build-date.patch ++++++ --- /var/tmp/diff_new_pack.y8ru5T/_old 2016-04-30 23:31:52.000000000 +0200 +++ /var/tmp/diff_new_pack.y8ru5T/_new 2016-04-30 23:31:52.000000000 +0200 @@ -13,10 +13,10 @@ subversion/tests/cmdline/getopt_tests_data/svn--version_stdout | 1 - 5 files changed, 6 insertions(+), 12 deletions(-) -Index: subversion-1.9.0/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java +Index: subversion-1.9.4/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java =================================================================== ---- subversion-1.9.0.orig/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java 2015-08-10 22:02:38.000000000 +0200 -+++ subversion-1.9.0/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java 2015-08-10 22:03:00.000000000 +0200 +--- subversion-1.9.4.orig/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java ++++ subversion-1.9.4/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java @@ -144,10 +144,10 @@ public class BasicTests extends SVNTests { vx = client.getVersionExtended(false); @@ -30,10 +30,10 @@ throw new Exception("Build time empty"); result = vx.getBuildHost(); if (result == null || result.trim().length() == 0) -Index: subversion-1.9.0/subversion/libsvn_subr/opt.c +Index: subversion-1.9.4/subversion/libsvn_subr/opt.c =================================================================== ---- subversion-1.9.0.orig/subversion/libsvn_subr/opt.c 2015-08-10 22:02:38.000000000 +0200 -+++ subversion-1.9.0/subversion/libsvn_subr/opt.c 2015-08-10 22:03:00.000000000 +0200 +--- subversion-1.9.4.orig/subversion/libsvn_subr/opt.c ++++ subversion-1.9.4/subversion/libsvn_subr/opt.c @@ -1109,12 +1109,8 @@ svn_opt__print_version_info(const char * if (quiet) return svn_cmdline_printf(pool, "%s\n", SVN_VER_NUMBER); @@ -49,10 +49,10 @@ SVN_ERR(svn_cmdline_printf(pool, "%s\n", svn_version_ext_copyright(info))); if (footer) -Index: subversion-1.9.0/subversion/libsvn_subr/version.c +Index: subversion-1.9.4/subversion/libsvn_subr/version.c =================================================================== ---- subversion-1.9.0.orig/subversion/libsvn_subr/version.c 2015-08-10 22:02:38.000000000 +0200 -+++ subversion-1.9.0/subversion/libsvn_subr/version.c 2015-08-10 22:03:00.000000000 +0200 +--- subversion-1.9.4.orig/subversion/libsvn_subr/version.c ++++ subversion-1.9.4/subversion/libsvn_subr/version.c @@ -132,8 +132,8 @@ svn_version_extended(svn_boolean_t verbo { svn_version_extended_t *info = apr_pcalloc(pool, sizeof(*info)); @@ -63,21 +63,21 @@ + info->build_time = ""; info->build_host = SVN_BUILD_HOST; info->copyright = apr_pstrdup - (pool, _("Copyright (C) 2015 The Apache Software Foundation.\n" -Index: subversion-1.9.0/subversion/tests/cmdline/getopt_tests_data/svn--version--verbose_stdout + (pool, _("Copyright (C) 2016 The Apache Software Foundation.\n" +Index: subversion-1.9.4/subversion/tests/cmdline/getopt_tests_data/svn--version--verbose_stdout =================================================================== ---- subversion-1.9.0.orig/subversion/tests/cmdline/getopt_tests_data/svn--version--verbose_stdout 2015-08-10 22:02:38.000000000 +0200 -+++ subversion-1.9.0/subversion/tests/cmdline/getopt_tests_data/svn--version--verbose_stdout 2015-08-10 22:03:00.000000000 +0200 +--- subversion-1.9.4.orig/subversion/tests/cmdline/getopt_tests_data/svn--version--verbose_stdout ++++ subversion-1.9.4/subversion/tests/cmdline/getopt_tests_data/svn--version--verbose_stdout @@ -1,5 +1,4 @@ svn, version 1.9.0-dev (under development) - compiled Feb 26 2014, 15:15:42 on x86_64-unknown-openbsd5.5 Copyright (C) 2012 The Apache Software Foundation. This software consists of contributions made by many people; -Index: subversion-1.9.0/subversion/tests/cmdline/getopt_tests_data/svn--version_stdout +Index: subversion-1.9.4/subversion/tests/cmdline/getopt_tests_data/svn--version_stdout =================================================================== ---- subversion-1.9.0.orig/subversion/tests/cmdline/getopt_tests_data/svn--version_stdout 2015-08-10 22:02:38.000000000 +0200 -+++ subversion-1.9.0/subversion/tests/cmdline/getopt_tests_data/svn--version_stdout 2015-08-10 22:03:00.000000000 +0200 +--- subversion-1.9.4.orig/subversion/tests/cmdline/getopt_tests_data/svn--version_stdout ++++ subversion-1.9.4/subversion/tests/cmdline/getopt_tests_data/svn--version_stdout @@ -1,5 +1,4 @@ svn, version 1.9.0-dev (under development) - compiled Feb 26 2014, 15:15:42 on x86_64-unknown-openbsd5.5 ++++++ subversion.keyring ++++++ ++++ 58998 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/subversion/subversion.keyring ++++ and /work/SRC/openSUSE:Factory/.subversion.new/subversion.keyring