FEDORA-2015-6efa349a85 created by jorton 3 years ago for Fedora 22
stable

This update includes the latest stable release of Apache Subversion 1.8, version 1.8.15. This update fixes two security issues:

User-visible changes:

Client-side bugfixes:

  • gpg-agent: fix crash with non-canonical $HOME
  • document svn:autoprops
  • cp: fix 'svn cp ^/A/D/H@1 ^/A' to properly create A
  • resolve: improve conflict prompts for binary files
  • ls: improve performance of '-v' on tag directories
  • improved Sqlite 3.8.9 query performance regression on externals
  • fixed issue 4580: 'svn -v st' on file externals reports "?" instead of user and revision after 'svn up'

Client-side and server-side bugfixes:

  • fix a segfault with old style text delta

Server-side bugfixes:

  • fsfs: reduce memory allocation with Apache
  • mod_dav_svn: emit first log items as soon as possible
  • mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests
  • mod_dav_svn: do not ignore skel parsing errors
  • detect invalid svndiff data earlier
  • prevent possible repository corruption on power/disk failures
  • fixed issue 4577: Read error with nodes whose DELTA chain starts with a PLAIN rep
  • fixed issue 4531: server-side copy (over dav) is slow and uses too much memory

Bindings bugfixes:

  • swig: fix memory corruption in svn_client_copy_source_t

Developer-visible changes:

General:

  • avoid failing some tests on versions of Python with a very old sqlite
  • fix Ruby tests so they don't use the users real configuration

Bindings:

  • swig-pl: fix some stack memory problems

How to install

sudo dnf upgrade --advisory=FEDORA-2015-6efa349a85
This update has been submitted for testing by jorton. 3 years ago
This update has obsoleted [subversion-1.8.14-1.fc22](https://bodhi.fedoraproject.org/updates/FEDORA-2015-be2c11d456), and has inherited its bugs and notes. 3 years ago
This update has been pushed to testing. 3 years ago
User Icon filiperosset commented & provided feedback 3 years ago
karma

no regressions noted

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes 3 years ago
User Icon norenh commented & provided feedback 3 years ago
karma

No regressions detected

jorton edited this update. 3 years ago
jorton edited this update. 3 years ago
This update has been submitted for stable by jorton. 3 years ago
This update has been pushed to stable. 3 years ago

Please login to add feedback.

Metadata
Type
security
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#1247249 CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4
0
0
BZ#1250879 CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4 [fedora-all]
0
0
BZ#1250880 CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz [fedora-all]
0
0
BZ#1289958 CVE-2015-5259 subversion: integer overflow in the svn:// protocol parser
0
0
BZ#1289959 CVE-2015-5343 subversion: (mod_dav_svn) integer overflow when parsing skel-encoded request bodies
0
0
BZ#1292015 CVE-2015-5259 CVE-2015-5343 subversion: various flaws [fedora-all]
0
0

Automated Test Results