You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by ko...@apache.org on 2015/12/07 15:08:12 UTC
svn commit: r1718365 - /subversion/branches/1.8.x/CHANGES
Author: kotkov
Date: Mon Dec 7 14:08:12 2015
New Revision: 1718365
URL: http://svn.apache.org/viewvc?rev=1718365&view=rev
Log:
* CHANGES: Catchup merge from trunk.
Modified:
subversion/branches/1.8.x/CHANGES (contents, props changed)
Modified: subversion/branches/1.8.x/CHANGES
URL: http://svn.apache.org/viewvc/subversion/branches/1.8.x/CHANGES?rev=1718365&r1=1718364&r2=1718365&view=diff
==============================================================================
--- subversion/branches/1.8.x/CHANGES (original)
+++ subversion/branches/1.8.x/CHANGES Mon Dec 7 14:08:12 2015
@@ -1,3 +1,28 @@
+Version 1.8.15
+(15 Dec 2015, from /branches/1.8.x)
+http://svn.apache.org/repos/asf/subversion/tags/1.8.15
+
+ User-visible changes:
+ - Client-side bugfixes:
+ * gpg-agent: fix crash with non-canonical $HOME (r1691928, issue #4584)
+
+ - Client-side and server-side bugfixes:
+ * fix a segfault with old style text delta (r1618472 et al)
+
+ - Server-side bugfixes:
+ * fsfs: reduce memory allocation with Apache (r1591005 et al)
+ * mod_dav_svn: emit first log items as soon as possible (r1666965 et al)
+ * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests (r1687812)
+
+ - Bindings bugfixes:
+ * swig: fix memory corruption in svn_client_copy_source_t (r1694929)
+
+ Developer-visible changes:
+ - General:
+ * better configure-time detection of httpd authz fix (r1687304 et al)
+ * fix compilation with apr 1.2.x (r1701237)
+
+
Version 1.8.14
(5 Aug 2015, from /branches/1.8.x)
http://svn.apache.org/repos/asf/subversion/tags/1.8.14
@@ -13,6 +38,9 @@ http://svn.apache.org/repos/asf/subversi
of user and revision after 'svn up' (r1680242)
- Server-side bugfixes:
+ * mod_authz_svn: do not leak information in mixed anonymous/authenticated
+ httpd (dav) configurations (CVE-2015-3184)
+ * do not leak paths that were hidden by path-based authz (CVE-2015-3187)
* mod_dav_svn: do not ignore skel parsing errors (r1658168)
* detect invalid svndiff data earlier (r1684077)
* prevent possible repository corruption on power/disk failures (r1680819)
@@ -863,10 +891,17 @@ http://svn.apache.org/repos/asf/subversi
* add missing API functions to JavaHL bindings (issue #4326)
* fix some reference counting bugs in swig-py bindings (r1464899, r1466524)
+Version 1.7.22
+(12 Aug 2015, from /branches/1.7.x)
+http://svn.apache.org/repos/asf/subversion/tags/1.7.22
+
+ Developer-visible changes:
+ - General:
+ * fix the regression test suite which was broken in 1.7.21 (r1694012)
Version 1.7.21
(5 Aug 2015, from /branches/1.7.x)
-http://svn.apache.org/repos/asf/subversion/tags/1.8.21
+http://svn.apache.org/repos/asf/subversion/tags/1.7.21
User-visible changes:
- Client-side bugfixes:
@@ -875,6 +910,9 @@ http://svn.apache.org/repos/asf/subversi
non-deltas dumpfile (r1652182 et al.)
- Server-side bugfixes:
+ * mod_authz_svn: do not leak information in mixed anonymous/authenticated
+ httpd (dav) configurations (CVE-2015-3184)
+ * do not leak paths that were hidden by path-based authz (CVE-2015-3187)
* fix 'svnadmin recover' for pre-1.4 FSFS repositories (r1561419)
Developer-visible changes:
Propchange: subversion/branches/1.8.x/CHANGES
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Dec 7 14:08:12 2015
@@ -77,4 +77,4 @@
/subversion/branches/uris-as-urls/CHANGES:1060426-1064427
/subversion/branches/verify-at-commit/CHANGES:1462039-1462408
/subversion/branches/wc-collate-path/CHANGES:1407642
-/subversion/trunk/CHANGES:1467414-1692793
+/subversion/trunk/CHANGES:1467414-1718362