--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-13cc09ecf2
2022-07-15 01:35:20.762670
--------------------------------------------------------------------------------
Name : subversion
Product : Fedora 35
Version : 1.14.2
Release : 5.fc35
URL :
https://subversion.apache.org/
Summary : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.
--------------------------------------------------------------------------------
Update Information:
This update includes the latest stable release of _Apache Subversion_, version
**1.14.2**. This update addresses two security issues, `CVE-2021-28544` and
`CVE-2022-24070`. For more information see
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt and
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt ### Client-
side bugfixes: * Don't show unreadable copyfrom paths in 'svn log -v' * Fix
-r
option documentation for some svnadmin subcommands * Fix error message encoding
when system() call fails * Fix assertion failure in conflict resolver ###
Client-side improvements and bugfixes: * Support multiple working copy formats
(1.8-onward, 1.15) ### Server-side bugfixes: * Fix use-after-free of object-
pools when running in httpd (issue
[
SVN-4880](https://issues.apache.org/jira/browse/SVN-4880))
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 5 2022 Joe Orton <jorton(a)redhat.com> - 1.14.2-5
- disable libmagic during test runs
* Tue Jul 5 2022 Joe Orton <jorton(a)redhat.com> - 1.14.2-4
- update for new Java arches and bump to JDK 17 (#2103909)
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 1.14.2-3
- Rebuilt for Python 3.11
* Tue May 31 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.14.2-2
- Perl 5.36 rebuild
* Wed May 4 2022 Joe Orton <jorton(a)redhat.com> - 1.14.2-1
- update to 1.14.2 (#2073852, CVE-2021-28544, CVE-2022-24070)
* Sat Feb 5 2022 Jiri Vanek <jvanek(a)redhat.com> - 1.14.1-11
- Rebuilt for java-17-openjdk as system jdk
* Thu Jan 27 2022 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 1.14.1-10
- F-36: rebuild against ruby31
* Mon Jan 24 2022 Timm B��der <tbaeder(a)redhat.com> - 1.14.1-9
- Disable automatic .la file removal
-
https://fedoraproject.org/wiki/Changes/RemoveLaFiles
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.14.1-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Dec 16 2021 Richard Lescak <rlescak(a)redhat.com> - 1.14.1-7
- Replaced deprecated method readfp() in gen_base.py to build with Python 3.11 (#2019019)
* Thu Jul 29 2021 Joe Orton <jorton(a)redhat.com> - 1.14.1-6
- fix intermittent FTBFS in tests (#1956806)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2074772 - CVE-2022-24070 subversion: Subversion's mod_dav_svn is
vulnerable to memory corruption
https://bugzilla.redhat.com/show_bug.cgi?id=2074772
[ 2 ] Bug #2074780 - CVE-2021-28544 subversion: SVN authz protected copyfrom paths
regression
https://bugzilla.redhat.com/show_bug.cgi?id=2074780
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-13cc09ecf2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------