Overview Details Repositories Revisions Requests Users Attributes Meta
subversion: update to 1.7.14

This update fixes the following issues with subversion:
- bnc#850747: update to 1.7.14
* CVE-2013-4505: mod_dontdothat does not restrict requests from
serf clients.
* CVE-2013-4558: mod_dav_svn assertion triggered by
autoversioning commits.

+ Client- and server-side bugfixes:
* fix assertion on urls of the form 'file://./'
+ Client-side bugfixes:
* upgrade: fix an assertion when used with pre-1.3 wcs
* fix externals that point at redirected locations
* diff: fix incorrect calculation of changes in some cases
* diff: fix errors with added/deleted targets
+ Server-side bugfixes:
* mod_dav_svn: Prevent crashes with some 3rd party modules
* fix OOM on concurrent requests at threaded server start
* fsfs: limit commit time of files with deep change histories
* mod_dav_svn: canonicalize paths properly
+ Other tool improvements and bugfixes:
* mod_dontdothat: Fix the uri parser
+ Developer-visible changes:
* javahl: canonicalize path for streamFileContent method
+ require python-sqlite when running regression tests

Fixed bugs
CVE-CVE-2010-3315
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which al
CVE-CVE-2010-4539
The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors th
CVE-CVE-2010-4644
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
CVE-CVE-2013-1884
CVE-CVE-2013-4131
CVE-CVE-2013-4505
CVE-CVE-2013-4558
bnc#528714
VUL-0: CVE-2009-2411: subversion: Confidential Subversion heap overflow vulnerability notification.
bnc#649861
VUL-0: svn access restriction bypass
bnc#662030
VUL-0: subversion unspecified overflow/crash
bnc#713919
devel:tools:scm:svn/subversion: Bug
bnc#788015
update Apache Subversion to 1.7.7 maintenance release
bnc#794676
update Apache Subversion to 1.7.8 maintenance release
bnc#830031
VUL-0: CVE-2013-4131: subversion: Apache Subversion 1.7.11 maintenance release
bnc#836245
VUL-1: CVE-2013-4277: subversion: Apache Subversion maintenance release 1.7.13
bnc#850747
Apache Subversion 1.8.5 and 1.7.14 maintenance releases
Selected Binaries
openSUSE Build Service is sponsored by
Places