lp://staging/ubuntu/maverick-security/subversion

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

48. By Marc Deslauriers on 2011-06-02

* SECURITY UPDATE: denial of service via baselined WebDAV resource
  request
  - debian/patches/CVE-2011-1752.patch: disallow GETs of baselined
    versions of resources in subversion/mod_dav_svn/repos.c.
  - CVE-2011-1752
* SECURITY UPDATE: mod_dav_svn resource exhaustion via infinite loop
  - debian/patches/CVE-2011-1783.patch: validate path in
    subversion/libsvn_repos/authz.c.
  - CVE-2011-1783
* SECURITY UPDATE: mod_dav_svn permissions bypass via incorrect
  resource URL
  - debian/patches/CVE-2011-1921.patch: validate path in
    subversion/mod_dav_svn/authz.c.
  - CVE-2011-1921

47. By Marc Deslauriers on 2011-03-21

* SECURITY UPDATE: denial of service via request containing lock token
  - debian/patches/CVE-2011-0715.patch: correctly handle locks being
    passed when authn isn't enabled in subversion/mod_dav_svn/repos.c,
    subversion/mod_dav_svn/version.c.
  - CVE-2011-0715

46. By Marc Deslauriers on 2011-01-14

* SECURITY UPDATE: restriction bypass via named repo as a rule scope
  - debian/patches/CVE-2010-3315.patch: use repo_basename in
    subversion/mod_dav_svn/authz.c.
  - CVE-2010-3315
* SECURITY UPDATE: denial of service via SVNParentPath walking
  - debian/patches/CVE-2010-4539.patch: don't try and walk SVNParentPath
    collection in subversion/mod_dav_svn/repos.c.
  - CVE-2010-4539
* SECURITY UPDATE: denial of service via -g memory leaks
  - debian/patches/CVE-2010-4644.patch: improve logic in
    subversion/libsvn_repos/rev_hunt.c.
  - CVE-2010-4644

45. By Max Bowsher on 2010-07-02

* Merge from debian testing (LP: #600914), remaining changes:
  - Create pot file on build.
  - Build a python-subversion-dbg package.
  - (Build-)depend on default-jre-headless/-jdk.
  - Do not apply java-build patch.
  - debian/rules: Manually create the doxygen output directory, otherwise
    we get weird build failures when running parallel builds.
  - Disable the serf backend because serf is in universe.
  - Amend the XS-Python-Version line to ">= 2.4" rather than explicit
    versions.

44. By Scott Kitterman on 2009-12-12

Changelog tweaks by my sponsor prior to uploading.

43. By Max Bowsher on 2009-12-11

Amend the XS-Python-Version line to ">= 2.4" rather than explicit versions.
(Explicit versions which are not available via python-all cause FTBFS.)

42. By Max Bowsher on 2009-12-11

Add LP bug numbers to the changelog for bugs closed by merge.

41. By Max Bowsher on 2009-12-11

Per request of Scott Kitterman, revert changing XS-Python-Version to all,
restoring the line from Debian.

40. By Max Bowsher on 2009-12-02

Set XS-Python-Version to all, let pyversions have control.

39. By Max Bowsher on 2009-12-01

Merge 1.6.6dfsg-2:

* Update svn-bisect (Closes: #535234), fix bugs, add features,
  and write a manpage. Also mention it in the subversion-tools
  Description. (Closes: #535187)
* Move from db4.7 to db4.8, tracking apr-util. (Closes: #557457)
* Move the example XSL and CSS files for mod_dav_svn to
  /usr/share/doc/libapache2-svn/examples/. (Closes: #553535)
* patches/ruby-test-info: New patch to maybe address a FTBFS. (#545372)
  Thanks Michael Diers, Joe Swatosh and Stefan Sperling. I expect that
  this is not the only fix needed, but we shall see.
* patches/16x-po: New patch: a couple translation updates from 1.6.7.
* libsvn-java: depend on ${shlibs:Depends}, thanks Lintian.
* python-subversion: Update an outdated Lintian override.
* libsvn1: Add a handful of Lintian overrides.
  (Closes: #531369, #543110)
  - patches/kwallet-wid: New patch based very loosely on upstream work, to
* Set dependency_libs='' in all .la files (Closes: #544877), as per:
* New upstream release. (Closes: #531366)
* Upload to unstable (Closes: #532648)