[SECURITY] Fedora 20 Update: subversion-1.8.10-1.fc20

updates at fedoraproject.org updates at fedoraproject.org
Thu Aug 28 15:33:58 UTC 2014


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-9636
2014-08-21 07:55:28
--------------------------------------------------------------------------------

Name        : subversion
Product     : Fedora 20
Version     : 1.8.10
Release     : 1.fc20
URL         : http://subversion.apache.org/
Summary     : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

--------------------------------------------------------------------------------
Update Information:

This update includes the latest stable release of **Apache Subversion**, version **1.8.10**.

**Client-side bugfixes:**
* guard against md5 hash collisions when finding cached credentials
* ra_serf: properly match wildcards in SSL certs. 
* ra_serf: ignore the CommonName in SSL certs where there are Subject Alt Names 
* ra_serf: fix a URI escaping bug that prevented deleting locked paths
* rm: Display the proper URL when deleting a URL in the commit log editor
* log: Fix another instance of broken pipe error
* copy: Properly handle props not present or excluded on cross wc copy
* copy: Fix copying parents of locally deleted nodes between wcs
* externals: Properly delete ancestor directories of externals when removing the external by changing svn:externals.
* ra_serf: fix memory lifetime of some hash values 

**Server-side bugfixes:**
* fsfs: omit config file when creating pre-1.5 format repos 

**Bindings:**
* ruby: removing warning about Ruby 1.9 support being new. 
* python: fix notify_func callbacks 

--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 18 2014 Joe Orton <jorton at redhat.com> - 1.8.10-1
- update to 1.8.10 (#1129100, #1128884, #1125800)
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.8.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.8.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 28 2014 Joe Orton <jorton at redhat.com> - 1.8.9-1
- update to 1.8.9 (#1100779)
* Tue Apr 29 2014 Vít Ondruch <vondruch at redhat.com> - 1.8.8-3
- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1
* Tue Apr 22 2014 Joe Orton <jorton at redhat.com> - 1.8.8-2
- require minitest 4 to fix tests for Ruby bindings (#1089252)
* Fri Feb 28 2014 Joe Orton <jorton at redhat.com> - 1.8.8-1
- update to 1.8.8
* Thu Jan 23 2014 Joe Orton <jorton at redhat.com> - 1.8.5-4
- fix _httpd_mmn expansion in absence of httpd-devel
* Mon Jan  6 2014 Joe Orton <jorton at redhat.com> - 1.8.5-3
- fix permissions of /run/svnserve (#1048422)
* Tue Dec 10 2013 Joe Orton <jorton at redhat.com> - 1.8.5-2
- don't drop -Wall when building swig Perl bindings (#1037341)
* Tue Nov 26 2013 Joe Orton <jorton at redhat.com> - 1.8.5-1
- update to 1.8.5 (#1034130)
- add fix for wc-queries-test breakage (h/t Andreas Stieger, r1542774)
* Mon Nov 18 2013 Joe Orton <jorton at redhat.com> - 1.8.4-2
- add fix for ppc breakage (Andreas Stieger, #985582)
* Tue Oct 29 2013 Joe Orton <jorton at redhat.com> - 1.8.4-1
- update to 1.8.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1125800 - subversion: credentials leak via MD5 collision [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1125800
  [ 2 ] Bug #1129100 - subversion-1.8.10 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1129100
  [ 3 ] Bug #1128884 - CVE-2014-3522 subversion: incorrect SSL certificate validation in Serf RA (repository access) layer [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1128884
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list