Hello community, here is the log from the commit of package subversion for openSUSE:Factory checked in at 2017-08-24 18:21:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/subversion (Old) and /work/SRC/openSUSE:Factory/.subversion.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "subversion" Thu Aug 24 18:21:08 2017 rev:148 rq:516079 version:1.9.7 Changes: -------- --- /work/SRC/openSUSE:Factory/subversion/subversion.changes 2017-08-06 11:32:17.664599443 +0200 +++ /work/SRC/openSUSE:Factory/.subversion.new/subversion.changes 2017-08-24 18:21:20.875838097 +0200 @@ -1,0 +2,15 @@ +Fri Aug 11 09:14:24 UTC 2017 - tchvatal@suse.com + +- Remove user changing option inherited from sysconfig from README + * Was removed as it does not work on systemd, new section is there + describing current approach + +------------------------------------------------------------------- +Thu Aug 10 15:04:45 UTC 2017 - astieger@suse.com + +- Apache Subversion 1.9.7: + * CVE-2017-9800: A remote attacker could have caused svn clients + to execute arbitrary code via specially crafted URLs in + svn:externals and svn:sync-from-url properties. (bsc#1051362) + +------------------------------------------------------------------- Old: ---- subversion-1.9.6.tar.bz2 subversion-1.9.6.tar.bz2.asc New: ---- subversion-1.9.7.tar.bz2 subversion-1.9.7.tar.bz2.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ subversion.spec ++++++ --- /var/tmp/diff_new_pack.WkDaT5/_old 2017-08-24 18:21:29.982555840 +0200 +++ /var/tmp/diff_new_pack.WkDaT5/_new 2017-08-24 18:21:29.986555277 +0200 @@ -32,7 +32,7 @@ %bcond_without python_ctypes %bcond_with all_regression_tests Name: subversion -Version: 1.9.6 +Version: 1.9.7 Release: 0 Summary: Subversion version control system License: Apache-2.0 ++++++ subversion-1.9.6.tar.bz2 -> subversion-1.9.7.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/subversion/subversion-1.9.6.tar.bz2 /work/SRC/openSUSE:Factory/.subversion.new/subversion-1.9.7.tar.bz2 differ: char 11, line 1 ++++++ subversion.README.SUSE ++++++ --- /var/tmp/diff_new_pack.WkDaT5/_old 2017-08-24 18:21:30.122536130 +0200 +++ /var/tmp/diff_new_pack.WkDaT5/_new 2017-08-24 18:21:30.122536130 +0200 @@ -149,9 +149,9 @@ Subversion repositories can be via the svnserve daemon and a special network protocol. svnserve should not run as root user. The startup scripts expects a -user/group named 'svn', configureable via /etc/sysconfig/svnserve. +user/group named 'svn'. -The subversion package now creates a user and group svn. +The subversion package creates an user and group svn. If you want to expose the repository via both svnserve and mod_dav_svn (Apache httpd) in parallel, ensure that the apache user is part of the ++++++ subversion.keyring ++++++ ++++ 99314 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/subversion/subversion.keyring ++++ and /work/SRC/openSUSE:Factory/.subversion.new/subversion.keyring