You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by ko...@apache.org on 2015/12/07 15:08:12 UTC

svn commit: r1718365 - /subversion/branches/1.8.x/CHANGES

Author: kotkov
Date: Mon Dec  7 14:08:12 2015
New Revision: 1718365

URL: http://svn.apache.org/viewvc?rev=1718365&view=rev
Log:
* CHANGES: Catchup merge from trunk.

Modified:
    subversion/branches/1.8.x/CHANGES   (contents, props changed)

Modified: subversion/branches/1.8.x/CHANGES
URL: http://svn.apache.org/viewvc/subversion/branches/1.8.x/CHANGES?rev=1718365&r1=1718364&r2=1718365&view=diff
==============================================================================
--- subversion/branches/1.8.x/CHANGES (original)
+++ subversion/branches/1.8.x/CHANGES Mon Dec  7 14:08:12 2015
@@ -1,3 +1,28 @@
+Version 1.8.15
+(15 Dec 2015, from /branches/1.8.x)
+http://svn.apache.org/repos/asf/subversion/tags/1.8.15
+
+ User-visible changes:
+  - Client-side bugfixes:
+    * gpg-agent: fix crash with non-canonical $HOME (r1691928, issue #4584)
+
+  - Client-side and server-side bugfixes:
+    * fix a segfault with old style text delta (r1618472 et al)
+
+  - Server-side bugfixes:
+    * fsfs: reduce memory allocation with Apache (r1591005 et al)
+    * mod_dav_svn: emit first log items as soon as possible (r1666965 et al)
+    * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests (r1687812)
+
+  - Bindings bugfixes:
+    * swig: fix memory corruption in svn_client_copy_source_t (r1694929)
+
+ Developer-visible changes:
+  - General:
+    * better configure-time detection of httpd authz fix (r1687304 et al)
+    * fix compilation with apr 1.2.x (r1701237)
+
+
 Version 1.8.14
 (5 Aug 2015, from /branches/1.8.x)
 http://svn.apache.org/repos/asf/subversion/tags/1.8.14
@@ -13,6 +38,9 @@ http://svn.apache.org/repos/asf/subversi
       of user and revision after 'svn up' (r1680242)
 
   - Server-side bugfixes:
+    * mod_authz_svn: do not leak information in mixed anonymous/authenticated
+      httpd (dav) configurations (CVE-2015-3184)
+    * do not leak paths that were hidden by path-based authz (CVE-2015-3187)
     * mod_dav_svn: do not ignore skel parsing errors (r1658168)
     * detect invalid svndiff data earlier (r1684077)
     * prevent possible repository corruption on power/disk failures (r1680819)
@@ -863,10 +891,17 @@ http://svn.apache.org/repos/asf/subversi
     * add missing API functions to JavaHL bindings (issue #4326)
     * fix some reference counting bugs in swig-py bindings (r1464899, r1466524)
 
+Version 1.7.22
+(12 Aug 2015, from /branches/1.7.x)
+http://svn.apache.org/repos/asf/subversion/tags/1.7.22
+
+ Developer-visible changes:
+  - General:
+    * fix the regression test suite which was broken in 1.7.21 (r1694012)
 
 Version 1.7.21
 (5 Aug 2015, from /branches/1.7.x)
-http://svn.apache.org/repos/asf/subversion/tags/1.8.21
+http://svn.apache.org/repos/asf/subversion/tags/1.7.21
 
  User-visible changes:
   - Client-side bugfixes:
@@ -875,6 +910,9 @@ http://svn.apache.org/repos/asf/subversi
       non-deltas dumpfile (r1652182 et al.)
 
   - Server-side bugfixes:
+    * mod_authz_svn: do not leak information in mixed anonymous/authenticated
+      httpd (dav) configurations (CVE-2015-3184)
+    * do not leak paths that were hidden by path-based authz (CVE-2015-3187)
     * fix 'svnadmin recover' for pre-1.4 FSFS repositories (r1561419)
 
  Developer-visible changes:

Propchange: subversion/branches/1.8.x/CHANGES
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Dec  7 14:08:12 2015
@@ -77,4 +77,4 @@
 /subversion/branches/uris-as-urls/CHANGES:1060426-1064427
 /subversion/branches/verify-at-commit/CHANGES:1462039-1462408
 /subversion/branches/wc-collate-path/CHANGES:1407642
-/subversion/trunk/CHANGES:1467414-1692793
+/subversion/trunk/CHANGES:1467414-1718362