FEDORA-2015-6efa349a85

security update in Fedora 22 for subversion

Status: stable 3 years ago

This update includes the latest stable release of Apache Subversion 1.8, version 1.8.15. This update fixes two security issues:

User-visible changes:

Client-side bugfixes:

  • gpg-agent: fix crash with non-canonical $HOME
  • document svn:autoprops
  • cp: fix 'svn cp ^/A/D/H@1 ^/A' to properly create A
  • resolve: improve conflict prompts for binary files
  • ls: improve performance of '-v' on tag directories
  • improved Sqlite 3.8.9 query performance regression on externals
  • fixed issue 4580: 'svn -v st' on file externals reports "?" instead of user and revision after 'svn up'

Client-side and server-side bugfixes:

  • fix a segfault with old style text delta

Server-side bugfixes:

  • fsfs: reduce memory allocation with Apache
  • mod_dav_svn: emit first log items as soon as possible
  • mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests
  • mod_dav_svn: do not ignore skel parsing errors
  • detect invalid svndiff data earlier
  • prevent possible repository corruption on power/disk failures
  • fixed issue 4577: Read error with nodes whose DELTA chain starts with a PLAIN rep
  • fixed issue 4531: server-side copy (over dav) is slow and uses too much memory

Bindings bugfixes:

  • swig: fix memory corruption in svn_client_copy_source_t

Developer-visible changes:

General:

  • avoid failing some tests on versions of Python with a very old sqlite
  • fix Ruby tests so they don't use the users real configuration

Bindings:

  • swig-pl: fix some stack memory problems

Comments 10

This update has been submitted for testing by jorton.

This update has obsoleted subversion-1.8.14-1.fc22, and has inherited its bugs and notes.

This update has been pushed to testing.

no regressions noted

karma: +1

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

No regressions detected

karma: +1

jorton edited this update.

jorton edited this update.

This update has been submitted for stable by jorton.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+2
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago
modified 3 years ago

Related Bugs 6

00 #1247249 CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4
00 #1250879 CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4 [fedora-all]
00 #1250880 CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz [fedora-all]
00 #1289958 CVE-2015-5259 subversion: integer overflow in the svn:// protocol parser
00 #1289959 CVE-2015-5343 subversion: (mod_dav_svn) integer overflow when parsing skel-encoded request bodies
00 #1292015 CVE-2015-5259 CVE-2015-5343 subversion: various flaws [fedora-all]

Automated Test Results