stable

subversion-1.8.15-1.fc22

FEDORA-2015-6efa349a85 created by jorton 9 years ago for Fedora 22

This update includes the latest stable release of Apache Subversion 1.8, version 1.8.15. This update fixes two security issues:

User-visible changes:

Client-side bugfixes:

  • gpg-agent: fix crash with non-canonical $HOME
  • document svn:autoprops
  • cp: fix 'svn cp ^/A/D/H@1 ^/A' to properly create A
  • resolve: improve conflict prompts for binary files
  • ls: improve performance of '-v' on tag directories
  • improved Sqlite 3.8.9 query performance regression on externals
  • fixed issue 4580: 'svn -v st' on file externals reports "?" instead of user and revision after 'svn up'

Client-side and server-side bugfixes:

  • fix a segfault with old style text delta

Server-side bugfixes:

  • fsfs: reduce memory allocation with Apache
  • mod_dav_svn: emit first log items as soon as possible
  • mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests
  • mod_dav_svn: do not ignore skel parsing errors
  • detect invalid svndiff data earlier
  • prevent possible repository corruption on power/disk failures
  • fixed issue 4577: Read error with nodes whose DELTA chain starts with a PLAIN rep
  • fixed issue 4531: server-side copy (over dav) is slow and uses too much memory

Bindings bugfixes:

  • swig: fix memory corruption in svn_client_copy_source_t

Developer-visible changes:

General:

  • avoid failing some tests on versions of Python with a very old sqlite
  • fix Ruby tests so they don't use the users real configuration

Bindings:

  • swig-pl: fix some stack memory problems

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2015-6efa349a85

This update has been submitted for testing by jorton.

9 years ago

This update has obsoleted subversion-1.8.14-1.fc22, and has inherited its bugs and notes.

9 years ago

This update has been pushed to testing.

9 years ago
User Icon filiperosset commented & provided feedback 9 years ago
karma

no regressions noted

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

9 years ago
User Icon norenh commented & provided feedback 8 years ago
karma

No regressions detected

jorton edited this update.

8 years ago

jorton edited this update.

8 years ago

This update has been submitted for stable by jorton.

8 years ago

This update has been pushed to stable.

8 years ago

Please login to add feedback.

Metadata
Type
security
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
9 years ago
in testing
9 years ago
in stable
8 years ago
modified
8 years ago
BZ#1247249 CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4
0
0
BZ#1250879 CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4 [fedora-all]
0
0
BZ#1250880 CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz [fedora-all]
0
0
BZ#1289958 CVE-2015-5259 subversion: integer overflow in the svn:// protocol parser
0
0
BZ#1289959 CVE-2015-5343 subversion: (mod_dav_svn) integer overflow when parsing skel-encoded request bodies
0
0
BZ#1292015 CVE-2015-5259 CVE-2015-5343 subversion: various flaws [fedora-all]
0
0

Automated Test Results