lp://staging/ubuntu/trusty-updates/subversion
- Get this branch:
- bzr branch lp://staging/ubuntu/trusty-updates/subversion
Branch merges
Related source package recipes
Branch information
Recent revisions
- 82. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via non-existing REPORT request
- debian/patches/ CVE-2014- 3580.patch: make sure repo patchs are
specified in subversion/mod_dav_ svn/reports/ deleted- rev.c,
subversion/mod_dav_ svn/reports/ file-revs. c,
subversion/mod_dav_ svn/reports/ get-location- segments. c,
subversion/mod_dav_ svn/reports/ get-locations. c,
subversion/mod_dav_ svn/reports/ inherited- props.c,
subversion/mod_dav_ svn/reports/ log.c,
subversion/mod_dav_ svn/reports/ mergeinfo. c.
- CVE-2014-3580
* SECURITY UPDATE: denial of service via non-existing virtual transaction
name
- debian/patches/ CVE-2014- 8108.patch: check transaction names and
activity ids in subversion/mod_dav_ svn/repos. c.
- CVE-2014-8108
* SECURITY UPDATE: denial of service via large number of REPORT requests
- debian/patches/ CVE-2015- 0202.patch: refactor locking in
subversion/libsvn_ fs_fs/tree. c.
- CVE-2015-0202
* SECURITY UPDATE: denial of service via crafted parameter combinations
- debian/patches/ CVE-2015- 0248.patch: properly handle missing revision
numbers in subversion/mod_dav_ svn/reports/ get-location- segments. c,
subversion/svnserve/ serve.c.
- CVE-2015-0248
* SECURITY UPDATE: svn:author property spoofing issue
- debian/patches/ CVE-2015- 0251.patch: restrict svn:author modifications
in subversion/mod_dav_ svn/deadprops. c.
- CVE-2015-0251
* SECURITY UPDATE: incorrect anonymous access restriction
- debian/patches/ CVE-2015- 3184.patch: use force_authn() in Makefile.in,
build/ac-macros/ apache. m4, build/run_tests.py,
subversion/mod_authz_ svn/mod_ authz_svn. c,
subversion/tests/cmdline/ README,
subversion/tests/cmdline/ davautocheck. sh,
subversion/tests/cmdline/ mod_authz_ svn_tests. py,
subversion/tests/cmdline/ svntest/ main.py, win-tests.py.
- CVE-2015-3184
* SECURITY UPDATE: sensitive path information disclosure
- debian/patches/ CVE-2015- 3187.patch: fix order in
subversion/libsvn_ repos/rev_ hunt.c, added tests to
subversion/tests/cmdline/ authz_tests. py,
subversion/tests/libsvn_ repos/repos- test.c.
- CVE-2015-3187
* debian/control: Depend on specific version of apache2-dev and
apache2-bin to make sure fix for CVE-2015-3185 is included. - 81. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect ssl cert validation
- debian/patches/ CVE-2014- 3522.patch: properly validate hostnames in
subversion/include/ private/ svn_cert. h,
subversion/libsvn_ ra_serf/ util.c,
subversion/libsvn_ subr/dirent_ uri.c,
added tests to subversion/tests/libsvn_ subr/dirent_ uri-test. c.
- CVE-2014-3522
* SECURITY UPDATE: md5 collision authentication leak
- debian/patches/ CVE-2014- 3528.patch: check if realm matches in
subversion/libsvn_ subr/config_ auth.c.
- CVE-2014-3528 - 78. By Matthias Klose
-
* Merge with Debian; remaining changes:
- Create pot file on build.
- debian/rules: Manually create the doxygen output directory, otherwise
we get weird build failures when running parallel builds.
- Build a python-subversion- dbg package.
- Build-depend on python-dbg.
- Build-depend on default-jre-headless/ -jdk.
- only build on requested python versions (X-Python-Versions: )
- Do not apply java-build patch.
- Drop svn2cl to Suggests; we don't particularly need it in Ubuntu main
- Add DEP-8 test for Apache functionality.
- debian/patches/ ruby19. patch: disable check for ruby 1.8, and backport
a few changes to the test suite.
- debian/control: added ruby-test-unit to Build-Depends
- Check for libtoolize instead of libtool, which is not used for
the build.
- Temporarily disable running the tests on powerpc. - 76. By Matthias Klose
-
* Make the python and ruby tests verbose.
* Ignore the test results of the python-dbg bindings. - 75. By Matthias Klose
-
* Merge with Debian; remaining changes:
- Create pot file on build.
- debian/rules: Manually create the doxygen output directory, otherwise
we get weird build failures when running parallel builds.
- Build a python-subversion- dbg package.
- Build-depend on python-dbg.
- Build-depend on default-jre-headless/ -jdk.
- only build on requested python versions (X-Python-Versions: )
- Do not apply java-build patch.
- Drop svn2cl to Suggests; we don't particularly need it in Ubuntu main
- Add DEP-8 test for Apache functionality.
- Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
- debian/patches/ ruby19. patch: disable check for ruby 1.8, and backport
a few changes to the test suite.
- debian/control: added ruby-test-unit to Build-Depends
- Check for libtoolize instead of libtool, which is not used for
the build. - 73. By Matthias Klose
-
* Merge with Debian; remaining changes:
- Create pot file on build.
- debian/rules: Manually create the doxygen output directory, otherwise
we get weird build failures when running parallel builds.
- Build a python-subversion- dbg package.
- Build-depend on python-dbg.
- Build-depend on default-jre-headless/ -jdk.
- only build on requested python versions (X-Python-Versions: )
- Do not apply java-build patch.
- Drop svn2cl to Suggests; we don't particularly need it in Ubuntu main
- Add DEP-8 test for Apache functionality.
- Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
- debian/control, debian/rules: build against default ruby, instead of
ruby1.8.
- debian/patches/ ruby19. patch: disable check for ruby 1.8, and backport
a few changes to the test suite.
- debian/control: added ruby-test-unit to Build-Depends
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/utopic/subversion
