This release addresses two security issues:
CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
CVE-2014-3528: credentials cached with svn may be sent to wrong server.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
User-visible changes:
- Client-side bugfixes:
* log: use proper peg revision over DAV (r1568872)
* upgrade: allow upgrading from 1.7 with exclusive locks (r1572102 et al)
* proplist: resolve inconsitent inherited property results (r1575270 et al)
* increase minimal timestamp sleep from 1ms to 10ms (r1581305 et al)
* merge: automatic merge confused by subtree merge (issue 4481)
* propget: report proper error on invalid revision for url (r1586255)
* commit: fix an assertion when committing a deleted descendant
(r1571747, r1571787, r1571795)
* merge: resolve segfault when '--force' merges a directory delete
(r1577812, r1577813, r1579429)
* resolve: prevent interactive conflict resolution when nothing has been
done to resolve the conflict (r1577294)
* update: fix locks lost from wc with pre-1.6.17 servers (issue 4412)
* merge: honor the 'preserved-conflict-file-exts' setting (r1577151)
* list: fix '--verbose' against older servers (r1591111)
* unlock: fix ability to remove locks with timeouts (r1579588)
* copy: fix 'svn copy URL WC' on relocated working copies
(r1580626, r1580650)
* export: allow file externals to be exported (issue 4427)
* move: fix working copy db inconsistency in cert scenarios (issue 4437)
* commit: fix an issue where mixed revision copy with non copy descendants
that shadow a not present node couldn't be committed (r1518942 et al)
* delete: properly remove move_to info when the node in its original
location is removed (r1538812 et al)
* status; fix an issue where output would vary based on if the target
was the node itself or its parent (r1544597 et al)
- Server-side bugfixes:
* ensure proper access synchronization in fsfs on Windows (r1568953 et al)
* svnadmin dump: don't let invalid mergeinfo stop dump (r1574868 et al)
* svnserve: resolve performance regression caused by iprops (r1578853 et al)
* reduce size of memory buffer when reading config files (r1581296)
* remove dead transaction if commit was blocked by hook (r1583977)
* svnrdump load: fix crash when svn:* normalization (issue 4490)
* fix memcached support (issue 4470)
* svndumpfilter: fix order of node record headers (r1578670 et al)
* mod_dav_svn: blacklist building with broken versions of httpd; 2.2.25,
2.4.5 and 2.4.6 (r1545835)
* mod_dav_svn: allow generic DAV clients to refresh locks (issue 3515)
* mod_dav_svn: detect out of dateness correctly during commit (issue 4480)
Developer-visible changes:
- General:
* improve consistency checks of DAV inherited property requests (r1498000)
* fix ocassional failure in autoprop_tests.py (r1567752)
* avoid duplicate sqlite analyze information rows (r1571214)
* add Mavericks to our sysinfo output (r1573088)
* bump copyright years to 2014 (r1555403)
* unbreak test suite when running as root (r1583580)
* resolve buffer overflow in testcode (r1481782)
* fix libmagic detection with custom LDFLAGS (r1577200)
* fix an out of scope variable use in merge (r1587946)
* javahl: fix crash from resolve callback throwing an exception (r1586439)
* ruby: fix two memory lifetime bugs (r1586052, r1586467)
* fix a missing null byte when handling old pre-1.4 deltas (r1587968)
* fix building with APR 0.9.x (r1585499)
* make svn_ra_get_locks() and svn_ra_get_lock() report not locked nodes
with a NULL svn_lock_t *, as documented (r1578273, r1578311, r1578326)
* fix tests for compiler flags
User-visible changes:
- Client-side bugfixes:
* use CryptoAPI to validate intermediary certificates on Windows (r1564623)
* fix automatic relocate for wcs not at repository root (r1541638 et al)
* diff: fix when target is a drive root on Windows (r1541635)
* wc: improve performance when used with SQLite 3.8 (r1542765)
* copy: fix some scenarios that broke the working copy (r1560690)
* move: fix errors when moving files between an external and the parent
working copy (r1551524, r1551579)
* log: resolve performance regression in certain scenarios (r1553101 et al)
* merge: decrease work to detect differences between 3 files (r1548486)
* checkout: don't require flush support for symlinks on Windows (r1547774)
* commit: don't change file permissions inappropriately (issue 4440)
* commit: fix assertion due to invalid pool lifetime (r1553376 et al)
* version: don't cut off the distribution version on Linux (r1544878 et al)
* flush stdout before exiting to avoid information being lost (r1499470)
* status: fix missing sentinel value on warning codes (r1543145)
* update/switch: improve some WC db queries that may return incorrect
results depending on how SQLite is built (r1567109)
- Server-side bugfixes:
* reduce memory usage during checkout and export (r1564215)
* fsfs: create rep-cache.db with proper permissions (issue 3437)
* mod_dav_svn: prevent crashes with SVNListParentPath on (CVE-2014-0032)
* mod_dav_svn: fix SVNAllowBulkUpdates directive merging (r1548105)
* mod_dav_svn: include requested property changes in reports (r1557522)
* svnserve: correct default cache size in help text (r1563110)
* svnadmin dump: reduce size of dump files with '--deltas' (r1554978)
* resolve integer underflow that resulted in infinite loops (r1567985)
Developer-visible changes:
- General:
* fix ocassional failure of check_tests.py 12 (r1496127 et al)
* fix failure with SQLite 3.8.1-3.8.3 when built with
SQLITE_ENABLE_STAT3/4 due to bug in SQLite (r1567286, r1567392)
* specify SQLite defaults that can be changed when SQLite is built
to avoid unexpected behavior with Subversion (r1567064)
- API changes:
* numerous documentation fixes
* svn_client_commit_item3_dup() fix pool lifetime issues (r1550803)
* ra_serf: properly ask multiple certificate validation providers for
acceptance of certificate failures (r1535532)
* release internal fs objects when closing commit editor (r1555499)
* svn_client_proplist4() don't call the callback multiple times for
the same path in order to deliver inherited properties (r1549858 et al)
- Bindings:
* javahl: make test suite run without installing on OS X (r1535115)
* swig: fix building out of tarball on OS X (r1555654)
* swig-pl: fix with --enable-sqlite-compatibility-version (r1559009)
* swig: fix building bindings on OS X when APR has the -no-cpp-precomp
flag in the apr-config --cppflags output. (r1535610)
* swig: fix building from tarball with an out-of-tree build (r1543187)
This release addresses two security issues:
CVE-2013-4505: mod_dontdothat does not restrict requests from serf clients.
CVE-2013-4558: mod_dav_svn assertion triggered by autoversioning commits.
User-visible changes:
- Client- and server-side bugfixes:
* fix assertion on urls of the form 'file://./'
* stop linking against psapi.dll on Windows
* translation updates for Swedish
- Client-side bugfixes:
* revert: fix problems reverting moves
* update: fix assertion when file external access is denied
* merge: reduce network connections for automatic merge
* merge: fix path corruption during reintegration
* mergeinfo: fix crash
* ra_serf: verify the result of xml parsing
* ra_serf: improve error messages during commit
* ra_local: fix error with repository in Windows drive root
* fix crash on windows when piped command is interrupted
* fix crash in the crash handler on windows
* fix assertion when upgrading old working copies
- Server-side bugfixes:
* hotcopy: cleanup unpacked revprops with '--incremental'
* fix OOM on concurrent requests at threaded server start
* fsfs: improve error message when unsupported fsfs format found
* fix memory problem in 3rd party FS module loader
Developer-visible changes:
- General:
* allow compiling against serf 1.3 and later on Windows
- Bindings:
* javahl: canonicalize path for streaFileContent method
* Update comment, `Second hunk' had been removed.
* fixes patch migration at updated to 1.8.0, original part had been changed,
but still using old part + additional part.
User-visible changes:
- Client- and server-side bugfixes:
* translation updates for Swedish
* enforce strict version equality between tools and libraries (r1502267)
* consistently output revisions as "r%ld" in error messags (r1499044 et al)
- Client-side bugfixes:
* status: always use absolute paths in XML output (issue 4398)
* ra_serf: 'svn log -v' fails with a 1.2.x server (issue 4044)
* ra_serf: fix crash when committing cp with deep deletion (issue 4400)
* diff: issue an error for files that can't fit in memory (r1513119 et al)
* svnmucc: generate proper error for mismatched URLs (r1511353)
* update: fix a crash when a temp file doesn't exist (r1513156)
* commit & update: improve sleep for timestamps performance (r1508438)
* diff: continue on missing or obstructing files (issue 4396)
* ra_serf: use runtime serf version for User-Agent (r1514315, r1514628)
* ra_serf: ignore case when checking certificate common names (r1514763)
* ra_serf: format distinguished names properly (r1514804)
* ra_serf: do not retry HTTP requests if we started to parse them (r1503318)
* ra_serf: output ssl cert verification failure reason (r1514785 et al)
* ra_serf: allow session reuse after SVN_ERR_CEASE_INVOCATION (r1502901)
* ra_serf: include library version in '--version' output (r1514295 et al)
* info: fix spurious error on wc root with child in conflict (r1515366)
- Server-side bugfixes:
* svnserve: fix creation of pid files (r1516556)
* svnadmin: fix output encoding in non-UTF8 environments (r1506966)
* svnsync: fix high memory usage when running over ra_serf (r1515249 et al)
* mod_dav_svn: do not map requests to filesystem (r1512432 et al)
* svnauthz: improve help strings (r1511272)
* fsfs: fixed manifest file growth with revprop changes (r1513874)
* fsfs: fix packed revprops causing loss of revprops (r1513879 et al)
- Other tool improvements and bugfixes:
* svnwcsub/irkerbridge: fix symlink attack via pid file (r175 from upstream)
Developer-visible changes:
- General:
* describe APR unimplemented errors as coming from APR (r1503010 et al)
* mod_dav_svn: update INSTALL to reflect configure defaults (r1515141)
* davautocheck: use the correct apxs binary by default (r1507889, r1507891)
- API changes:
* svn_config_walk_auth_data() config_dir arg: permit NULL (r1507382 et al)
- Bindings:
* swig-pl: fix SVN::Client not honoring config file settings (r150744)
* swig-pl & swig-py: disable unusable svn_fs_set_warning_func (r1515119)
Version 1.8.1
(23 July 2013, from /branches/1.8.x)
http://svn.apache.org/repos/asf/subversion/tags/1.8.1
User-visible changes:
- Client- and server-side bugfixes:
* translation updates for German and Simplified Chinese
* improve sqlite error message output (r1497804)
* support platforms lacking mmap (r1498136)
* allow configuration files to start with UTF-8 BOM (r1499100 et al)
* don't fail on UTF-8 data when encoding conversion not available (r1503009)
* improve error messages when encoding conversion fails (r1503010)
- Client-side bugfixes:
* merge: rename 'automatic merge' to 'complete merge' (r1491432)
* mergeinfo: reduce network usage for '--show-revs' (r1492005)
* ra_serf: improve http status handling (r1495104)
* merge: avoid unneeded ra session (r1493475)
* merge: reduce network usage (r1478987)
* merge: remove duplicated ancestry check (r1493424, r1495597)
* ra_serf: fix 'Accept-Encoding' header for IIS interoperability (r1497551)
* svn status: improve documentation for lock columns (r1497318, r1497319)
* ra_serf: fix support for 'get-file-revs-reversed' capability (r1498456)
* log: reduce network usage on repository roots (r1496957)
* diff: avoid temporary files when calling external diff (issue #4382)
* upgrade: fix notification of 1.7.x working copies (r1493703, r1494171)
* fix crash during tree conflict resolution (issue #4388)
* interactive file merge: add two additional choices (r1491816, r1494089)
* diff: use local style paths in error messages (r1500680)
* resolve: improve the interactive conflict resolution menu (r1491739 et al)
* switch: use local style path in error message (r1500074)
* ra_serf: improve error output when receiving invalid XML (r1498851)
* svn cleanup: explain what the command does in help output (r1497310)
* blame: error on -r M:N where M>N unless server supports (r1498449 et al)
* gpg-agent auth: don't try to use agent when unavailable (r1500762 et al)
* gpg-agent auth: don't require GPG_TTY or TERM env vars (r1500801)
* update: fix some tree conflicts not triggering resolver (r1491868 et al)
* commit: remove stale entries from wc lock table when deleting (r1491756)
* merge: fix --record-only erroring out on renamed path (issue #4387)
* svnmucc: fix 'make install' symlink to work when DESTDIR is set (r1501072)
* wc: fix crash when target is symlink to a working copy root (issue #4383)
* ra_serf: change "internal malfunction" errors to normal errors (r1502577)
* ra_serf: handle proxies not supporting chunked requests (r1502401 et al)
- Server-side bugfixes:
* fsfs: resolve endless loop problem when repos/db/uuid has \r\n (r1492145)
* fsfs: remove revision property buffer limit (r1491770)
* mod_dav_svn: better status codes for anonymous user errors (r1495918)
* mod_dav_svn: better status codes for commit failures (r1490684)
* fix performance regression in 'svn log' against root (r1494913)
* allow deleting non-user-visible 'svn:' properties (r1495432)
* fsfs: fix crash on strict-alignment architectures (r1495806, r1495985)
* svnadmin upgrade: fix error of non-sharded fsfs repositories (r1494287)
* svnadmin create: deny '--fs-type=fsfs --compatible-version=1.0' (r1494223)
* svnadmin upgrade: fix data loss when cancelling in last stage (r1494298)
* mod_dav_svn: fix incorrect path canonicalization (r1503528)
- Other tool improvements and bugfixes:
* fsfs-stats (tool): resolve segfault when passing invalid path (r1492164)
* svn-bench: fix help output (r1493951)
* svnpubsub: add version header to server (r1491707)
Developer-visible changes
- General:
* ra_serf: fix some test runner issues on Windows (r1490679)
* fix two issues in reverse svn_ra_get_file_revs() (r1492148, et al)
* handle --compatible-version=1.8 in the C tests (r1494342)
* improve clang compatibility (r1480080 et al)
* use proper cancel baton when handling conflicts (r1495850)
* fs: BDB: provide proper error value from BDB (r1495428)
* ra_serf: tweak connection failed error value (r1496132, et al)
* svn_client_log5: resolve possible segfault (r1496110)
* fix metadata_only move to work when target is unversioned node (r1498564)
* ra_svn: fix segfault with a NULL commit message (r1498550, r1499727)
* Ev2: correctly initialize node kind in shims' change table (r1501058)
* Ev2: fix copyfrom URL construction in shims (r1500226)
* fs: improve test against newlines in filenames (r1498483 et al)
* make building with BDB 6 an opt-in feature (r1499438)
* sqlite: allow placing amalgamation in build dir (r1499034, r1500175)
* ra_svn: make sessions usable after log callback early out (r1503554)
- Bindings:
* swig-rb: fix tests with out-of-tree-builds (r1492295)
* javahl: fix encoding of error messages produced by javahl (r1492264)
* swig-pl: silence compiler warnings (r1487094)
* swig-pl: improve documentation (r1488693, r1490721, r1500904)
Version 1.8.0
(18 Jun 2013, from /branches/1.8.x)
http://svn.apache.org/repos/asf/subversion/tags/1.8.0
User-visible changes:
- General:
* require serf as client-side http library (neon support removed) (r1349694)
* deprecate the Berkeley DB FS backend (libsvn_fs_base) (r1464985 et al)
- Major new features:
* working copy records moves as first-class operation (issue #3631, #4232)
* merge uses reintegrate mode automatically when needed (r1369896 et al)
* FSFS: Packing of revision property shards (issue #3944)
* support inheritable properties (r1395109)
* repository can suggest config for autoprops and ignores (r1401908)
* support gpg-agent for password caching (r1151069)
* authz rules can be stored inside the repository (r1424780)
- Minor new features and improvements (client-side):
* doubled svn:// protocol throughput (r1325899)
* optimize file/dir truename checks on Windows (r1435527)
* new 'commit --include-externals' option (related to issues #1167, #3563)
* new --include-externals option for 'svn list' (issue #4225)
* remove extraneous externals output from 'svn status -q' (issue #1935)
* reject some attempts to merge between unrelated branches (r1215273)
* new --ignore-properties option for 'svn diff' (r1239553, -617)
* new --properties-only option for 'svn diff' (r1336110)
* new --patch-compatible option for 'svn diff' (r1239561)
* new --no-diff-added option for 'svn diff' (r1433958)
* new w/c subtree duplication tool (tools/client-side/detach.py)
* new mergeinfo fixup tool (tools/client-side/mergeinfo-sanitizer.py)
* 'svn diff' can compare arbitrary files and directories (r1310291, et al)
* ra_serf avoids re-downloading content present in pristine store (r1333936)
* 'svn mergeinfo' now honors the --revision (-r) option (issue #4199)
* 'svn mergeinfo' now shows a summary graph by default (issue #4239)
* new --search and --search-and options for 'svn log' (r1354666, -83518)
* 'svn log' reports the node kind even for pre-1.6 revision files (r1242958)
* sort path list generated by "svn log -v --xml" (r1299323)
* new built-in interactive text conflict merge tool (r1357864, et al)
* 'svn --version' shows build system info (r1368662)
* 'svn --version --verbose' shows runtime environment info (r1370813 et al)
* 'svn' is now non-interactive when not run in a terminal device (r1424037)
* 'svn propset' checks spelling of reserved property names (r1470781)
* improve working copy performance on network disks (issue #4176)
* support for custom keyword definitions in svn:keywords (issue #890)
* svn:ignore __pycache__ directories by default (r1150073)
* 'svn diff --git' include copyfrom revision in "copied" headers (r1155279)
* svn:mergeinfo related operations now use much less memory (r1149519 et al)
* get list of supported schemes for RA libraries (r1148134)
* 'svn checkout' skips file externals from other repositories (r1153110)
* 'svn resolve' exits non-zero if conflicts could not be resolved (r1150439)
* let HTTPv2-aware clients fetch v2-style resources (r1161202)
* 'svn status' with better NLS support (r1157537, -682)
* better tracking of shallow-yet-complete merges (issues #4056, #4057)
* make 'svn status --quiet' w/ externals quieter still (issue #1935)
* ensure that conflict paths are shown relative-ized (r1337520)
* improve performance of local multi-target deletions (r1195873)
* various interactive conflict resolver improvements in 'svn' (r1440421 etc)
* improved tree diff implementation for diff and merge (r1440599 et al)
* tree conflicts on directories detected better during merges (issue #3150)
* allow reverting unmodified copies with 'svn remove' (r1442611)
* make 'svn diff' with mixed URL and local path targets work (r1442640)
* make 'svn patch' re-add deleted directories if needed (r1445333)
* make repos-wc diffs fully ancestry-aware (r1445904)
* 'svn diff --git' now implies 'svn diff --show-copies-as-adds' (r1446279)
* 'svn diff --show-copies-as-adds' now implies --notice-ancestry (r1446279)
* improved tree-conflict detection for 'svn switch' (r1449413, r1450582)
* allow up to 8 revision number digits in 'svn status -v' output (r1428637)
* show node kind (file or dir) in tree conflict descriptions (r1429907)
* restore deleted switched paths upon next update (issue #4295)
* add support for copying paths from foreign repositories (issue #3590)
* fix merge -cA,B with --accept option aborts if rA conflicts (issue #4238)
* 'svn resolve' interactive support; no longer requires --accept (r1336929)
* notify when removing externals leaves behind modified files (r1366021)
* new 'http-max-connections' configuration option for serf (r1421559)
* new 'http-bulk-updates' configuration option for serf (r1421490)
* 'svn cleanup' now runs SQLite "vacuum" to reclaim space (r1418459)
* 'svn info' displays repository-relative URL (r1415365)
* fix serf memory leak on checkout (issue #4194)
* detect duplicate paths setting svn:externals (issue #4227)
* make ra_serf work over HTTP/1.0 proxies (issue #3979)
* make ra_serf accept gzip compression for all responses (r1407454)
* double ra_serf performance for checkout and export (r1407545)
* improve network and disk i/o interleaving in ra_serf (r1407934)
* avoid assert in ra_serf when REPORT response was truncated (r1407935)
* rewrite ra_serf XML parser (r1409259 et al)
* ra_serf can create transaction with inline txnprops (r1375167)
* partially fix replace+propset of locked file fails over DAV (issue #3674)
* fix ra_serf doesn't handle bad baseline error from server (issue #4127)
* decreased default http timeout for ra_serf (issue #3968)
* prevent ra_serf from corrupting the working copy (issue #3993)
* ra_serf transmits property changes inline to reduce requests (r1378927)
* allow client to avoid SSL certificate prompts (issue #2410)
* improve interactive resolution of property conflicts (r1387678 et al)
* make ra_serf raise an error upon delta-base mismatch (issue #4235)
* tune ra_svn transmit buffer handling (r1391788)
* make 'svnrdump' work with serf (issue #4116)
* fix 'svnrdump' on path below repository root (issue #4101)
* support ipv6 in URLs (e.g. http://[::1]/svn/repos) (r1454047)
* conflict resolver now iterates paths in a sorted order (r1461820)
* mod_dav_svn does keyword expansion with 'kw=1' query arg (r1466055)
* add support for custom keyword definitions (issue #890)
- Minor new features and improvements (server-side):
* improve performance of config file parsing (r1344347 et al)
* new 'svnadmin load --revision' load filtering support (issue #3734)
* new 'svnadmin hotcopy --incremental' support for FSFS (issue #3815)
* new 'svnadmin lock' / 'svnadmin unlock' subcommands (issue #3942, #4092)
* new SVNUseUTF8 configuration option for mod_dav_svn (issue #2487)
* new SVNHooksEnv configuration option for mod_dav_svn (r1239966)
* new SvnPubSub distributed commit hooks (tools/server-side/svnpubsub)
* new light-weight benchmarking client (tools/client-side/svn-bench)
* svndumpfilter dependency analysis (tools/server-side/svnpredumpfilter.py)
* new automatic working copy updater (tools/server-side/svnpubsub)
* new 'svnadmin freeze' subcommand (r1376228)
* 'svndumpfilter' now supports --delta dumpfiles (r1351009, -3745)
* new --drop-all-emtpy-revs option for 'svndumpfilter' (issue #3681)
* client version info now reported to commit hooks (issue #4124)
* txn name now reported to post-commit hooks (r1240856)
* support for server-side keyword expansion in mod_dav_svn (r1466055)
* FSFS now able to cache revision properties (r1326307)
* FSFS cache for changed-paths increases 'svn log' performance (r1378358)
* FSFS cache mergeinfo requested during 'log -g' (r1395439)
* many FSFS caching improvements (r1390435, r1390447)
* directory and property deltification option in FSFS (issue #4084)
* fine-grained control deltification behavior via fsfs.conf (r1311476)
* FSFS de-duplication ("rep sharing") now works within a revision (r1397773)
* FSFS de-duplication now works for properties as well (r1243312)
* read FSFS data using fewer fopen calls (issue #3372)
* 'svnadmin verify' will now check meta data (issues #3956, #4211)
* 'svnadmin verify' now checks for issue #4129 style corruption (r1304656)
* new --client-speed option for svnserve (r1391788)
* new --single-threaded option in svnserve (r1296018)
* hook script templates are now marked as executable (r1153414)
* error out on non-canonical fspaths in the authz file (r1166111)
* improve path lookup performance in FSFS (r1442088)
* svnserve now logs explicit path and reason for authz failures (r1446542)
* validate offsets from rep-cache to prevent FSFS corruption (issue #4277)
* new AuthzSVNGroupsFile option to store authz groups separately (r1438407)
* new 'SVNAllowBulkUpdates prefer' option for mod_dav_svn (r1417642, et al)
* new 'SVNMasterVersion' option for mod_dav_svn (r1398962)
* added virtual-host support to 'svnserve' (r1401296)
* new fsfs-stats tool which prints FSFS repository stats (r1410995)
* new fsfs-reorg tool to optimize FSFS packing (r1383214, r1385395)
* new --compatible-version option for 'svnadmin create' (r1407279 )
* new --ignore-properties option for 'svnlook diff' (r1407905)
* new --properties-only option for 'svnlook diff' (r1407905)
* new --diff-cmd option for 'svnlook diff' (r1413449)
* allow leading "r"'s in http: ?p= and ?r= query parameters (r1221463)
* faster 'svn ls' for large directories (r1296627)
* mod_dav_svn now advertises supported POST types (r1375123)
* mod_dav_svn can create transaction with inline txnprops (r1375167)
* run start-commit hook after transaction creation (r1376201)
* avoid byte-for-byte comparison where it can be avoided (r1390641)
* various server-side performance improvements for 'log -g' (r1395442 et al)
* allow up to 10Gbit throughput with svnserve (r1391788)
* install mod_dontdothat correctly (r1454450)
* svnadmin verify can now verify transactions (r1462353)
* FSFS verifies revisions as they are added (r1462409)
- Client-side bugfixes:
* fix inconsistent 'svn log' output for empty revisions (issue #3964)
* fix mis-ordered text output of 'svn log --diff' on Windows (r1220783)
* fix 'svn log --diff' on moved file (issue #4153).
* fix 'svn revert' of 'svn move' (issue #876)
* fix file externals wrongly "resurrecting" a deleted file (#4017)
* fix reporting of corrupted 1.6 w/cs by 'svn upgrade' (r1182904, -9)
* fix bug caused by URI-decoding local merge source paths (r1210539)
* fix properties out of sync with repos after merge and revert (issue #4305)
* fix merge of replacement on local delete fails (issue #4011)
* fix replacements on deletes produce wrong tree conflicts (issue #3806)
* made ra_serf handle location headers that are not RFC-compliant (r1443906)
* merge no longer errors out after resolving all conflicts (issue #4316)
* fix svn blame mis-categorizing file type as binary (issue #2089)
* fix externals not removed when working copy is made shallow (issue #3741)
* fix update under add with not-present parent (issue #4111)
* fix revert of files with svn:needs-lock under copied dirs (r1343168)
* fix repos->wc diff of local copied/moved-here directories (r1341927)
* fix repos->wc diff of local copied/moved-here files (r1341544)
* fix "svn diff -cN PATH" where PATH was deleted in rN (r1338708)
* fix dependency on APR hash order in several logic paths (r1338350 et al)
* fix path inconsistencies in 'svn diff' output (r1338291)
* fix misleading error message printed by 'svn switch' (issue #2337)
* fix bug in mergeinfo recording during foreign-repos merge (r1430310)
* fix spurious merge conflicts for binary files with keywords (issue #4221)
* fix patching symlinks with 'svn patch' (issue #4273)
* make 'svn switch' refresh lock information (issue #3376)
* fix 'svn diff' output doesn't apply as patch without fuzz (issue #3362)
* fix mergeinfo recording for multiple-revision-range merge (issue #4306)
* fix diffs shown by 'show-diff' conflict prompt option (r1438879)
* don't print an update summary header with no content (r1439480)
* make 'svn rm' remove externals registrations below its targets (r1361256)
* fix crashes in ra_serf where AVG 2012 Surf-Shield is in use (issue #4175)
* don't raise conflicts on identical binary files (issue #4128)
* improve error messages when wc.db missing (issue #4118)
* fix 'svn diff' showing wrong text change (issue #4270)
* fix 'svn diff -rN' failing to show local replace (issue #3797)
* fix 'svn diff' showing wrong revision (issue #4010)
* fix 'svn merge' showing spurious notifications (issue #2910)
* parse '.@HEAD' correctly (issue #3606)
* fix 'svn revert' after conflict in sparse working copy (issue #4168)
* fix bug in global/per-server config handling in serf (r1421516)
* properly display errors from serf (r1398742)
* fix crash in ra_serf (r1408291)
* fixed svnmucc propset and propdel on repository root (issue #3663)
* fix 'svn info' output with ancient svnserve servers (pre-1.2) (r1409732)
* ra_serf shows error message for 408 Request Timeout response (r1410983)
* fix handling of "\ No newline ..." in diff/patch (r1411723, r1412382)
* allow infinite http timeout in ra_serf (r1411976)
* using unknown svn: property names now requires --force (issue #4261)
* fix handling of case insensitive configuration files (r1215089)
* properly handle errors during password caching (r1380695)
* fix svnversion output not always a number (issue #4226)
* fix conflict resolver losing executable bit of a file (r1391019)
* fix redundant notifications when merging with ra_serf (issue #3802)
* fix 'svn add --force /path/to/wcroot' should work (issue #4241)
* fix file permissions changed after commit (issue #4331)
* improve handling of http errors in ra_serf (1452792, 1452870)
* include checksum of missing pristines in error message (r1452800)
* fix an assert when merging against a replaced source (issue #4132)
* fix replacement in merge source has incorrect notification (issue #4138)
* improve performance of checkout (r1453791)
* fixed documentation regarding merge source (issue #3247)
* fix merge errors out after resolving conflicts (issue #4316)
* fix delete/move with file external in unversioned dir (issue #4293)
* fix resolving tree conflict with local node missing (r1461848)
* fix invalid read during diff suffix scanning (issue #4339)
* fix assertion when running 'svn log <SOME_URL>@PREV' (r1462134)
* optimize enumerating configuration options (r1464478)
* revert will now sleep for timestamps if using commit times (r1464769)
* don't allow externals to be deleted with 'svn rm' (r1464992)
* improved memory usage in ra_serf and ra_local (r1465280)
* replace some assertions with more helpful error messages (r1465975)
* fixed long keyword expansion truncated (issue #4349)
- Server-side bugfixes:
* SVNParentPath / repository listing now authz-filtered (r1408184)
* user/group names in the authz config file are case-sensitive (r1475772)
* limit commit runtime for nodes with very deep histories (r1224836)
* 'svnadmin recover' truncates rep-cache at the right point (issue #4077)
* fix crashes in dumpstream loading with skipped revs (r1214202, r1214216)
* fix 'svn log -g' incorrectly treating rename as merge (issue #4022)
* fix bug where fsfs file-hinting fails (issue #4320)
* don't leak path of repository on server's disk to clients (r1330906)
* remove spurious is-fresh-txn-root from empty revision files (issue #4031)
* fix a stdout handling problem in 'svnlook diff' (r1411971)
* fix erratic behaviour in 'svnlook diff' showing property diffs (r1412224)
* fix inconsistent authz error messages in 'svn log' in svnserve (r1292462)
* fix svndumpfilter for empty paths in included or excluded lists (r1294583)
* make fsfs packing threadsafe (r1376011)
* don't error out on intermittent memcached failures (r1394470)
* fix a ra_svn deadlock with zero-copy server option (r1465622)
- Other tool improvements and bugfixes:
* 'svnmucc' promoted to first-class supported utility (issue #3308, #4279)
* make 'svnmucc' prompt for log messages (issue #3418)
* rename 'svnauthz-validate' to 'svnauthz' (issue #4284)
* make 'svnauthz' optionally validate user/path access (r1197588)
* fix mailer.py test suite problems (r1449582)
* fix mailer.py not showing dirs with property deletions (r1449582)
* make mailer.py generate Date and Message-ID headers (r1449592)
* new '-?' option support for 'svnmucc' (r1339428)
* provide the repository name to mailer.py (r1439592)
* add '--force-interactive' to svnmucc (r1457789)
* add '--trust-server-cert' to svnmucc (r1458995)
Developer-visible changes:
- General:
* now require Python 2.5 for tests and dev tools (r1243627)
* now require bzip2 for tests and dev tools (r1148512)
* configure defaults to --without-apache-libexecdir (r1469862)
* support builds with APR pool debugging (r1176894)
* 'make extraclean' is more thorough now (r1149460)
* support for Serf 2 (r1147538)
* introduction of editor v2 (via private APIs only) (r1166332 et al)
* improve SQLite setup for compatibility with OS X 10.7. (r1181666)
* rework switch statement to accomodate OWC compiler limitations (r1204407)
* new --enable-sqlite-compatibility-version configure option (r1201421)
* make test suite LD_LIBRARY_PATH include just-built auth plugins (r1200474)
* packages/ directory removed, contents were outdated and unused (r1442167)
* rename 'makefile.ezt' to 'build-outputs.mk.ezt' (r1444822)
* use expensive compiler optimizations with --enable-optimize (r1445063)
* in Visual C++ builds, move temp files to different directory (r1446416)
* remove --with-ssl and --with-gssapi configure options (r1449023)
* require at least serf 1.2.0 as build dependency (issue #4296)
* fix error tracing to record file/line properly (r1331242)
* add --log-level argument to win-tests.py (r1335461)
* improve GDB pretty-printing of svn types (r1351336, r1364750, r1365035)
* load third-party FS modules (if --enable-runtime-module-search) (r1362434)
* enable running the regression tests over https (r1349699)
* support 'make davautocheck' on OS X (r1421583)
* new '--enable-gcov' configure option (r1416646)
* fix build with Apache HTTPD 2.5 (r1408985)
* allow running the test suite through a http proxy (r1410195)
* don't use non-constant initializers in struct variables (r1412911)
* allow generation of Visual Studio 2012 compatible projects (r1245152)
* nicer pretty-printing of Subversion data types in gdb (r1367262 et al)
* teach serf build on Windows to use static APR/Util and OpenSSL (r1371338)
* add --ssl-cert option to win-tests.py to run tests over https (r1372760)
* don't strip Content-Type header form .po files on Windows (r1380056)
* configure now script auto-detects GNOME keyring (r1387230)
* allow configure to detect BDB on Debian-based Linux distros (r1390633)
* auto-detect serf via pkg-config (r1391662)
* improve queries for compatability with SQLite 3.7.16 (r1455239)
* remove support for in-tree apr, apr-util and apr-memcache (r1456924)
* FSFS caching supports prefixes now (r1462436)
* maintainer mode now prints symbolic error codes (r1465157)
* don't require NLS support for kwallet support (r1466445)
* make Julian happy (r1413030)
- API changes:
* fix inconsistent handling of log revs without changed paths (issue #3694)
* deprecated SVN_ERR_SQLITE_UNSUPPORTED_SCHEMA (r1173240)
* provide API to clear cached auth credentials (issue #2775)
* improve repository location information in various APIs (issue #4170)
* major rewrite of conflict storage and handling APIs (r1354973 et al)
* hide (deprecate) svn_wc APIs that use editors (r1243339)
* svn_stringbuf_ensure() allocates an extra byte for terminator (r1308966)
* switch and update apis are now more consistent (r1465292)
* deprecated svn_client_merge_reintegrate (r1466742)
* deprecated low level ra_svn apis (r1466907)
- Bindings:
* star-imports in swig-py only import 'svn_*' symbols (r1303375)
* fix compilation of Perl bindings on Mandriva 2007 (issue #2617)
* new JavaHL testing targets (r1182983)
* enable returning an error on malfunctions for JavaHL (r1366215)
* MacOS X build fix to cope with missing GNOME keyring (r1397844)
* fix swig bindings tests on MacOS X (r1397846)
* fix assertion failure in JavaHL error reporting (r1405922)
* support ruby 1.9 (r1407206)
* JavaHL: Include OSGI Manifest information in svn-javahl.jar (r1234864)
* new svn_auth_set_gnome_keyring_unlock_prompt_func function (r1241554)
* fix svn_txdelta window ops for python bindings (r1389054)
* fix build of Perl bindings with newer versions of SWIG (r1389658)
* add missing API functions to Perl bindings (issue #2646)
* add missing API functions to Python bindings (r1392038 et al)
* add missing API functions to JavaHL bindings (issue #4326)
* fix some reference counting bugs in swig-py bindings (r1464899, r1466524)
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
Changelog:
Version 1.7.9
(04 Apr 2013, from /branches/1.7.x)
http://svn.apache.org/repos/asf/subversion/tags/1.7.9
User-visible changes
- Client-side bugfixes:
* improved error messages about svn:date and svn:author props. (r1440620)
* fix local_relpath assertion (issue #4257)
* fix memory leak in `svn log` over svn:// (r1458341)
* fix incorrect authz failure when using neon http library (issue #4332)
* fix segfault when using kwallet (r1421103)
- Server-side bugfixes:
* svnserve will log the replayed rev not the low-water rev. (r1461278)
* mod_dav_svn will omit some property values for activity urls (r1453780)
* fix an assertion in mod_dav_svn when acting as a proxy on / (issue #4272)
* improve memory usage when committing properties in mod_dav_svn (r1443929)
* fix svnrdump to load dump files with non-LF line endings (issue #4263)
* fix assertion when rep-cache is inaccessible (r1422100)
* improved logic in mod_dav_svn's implementation of lock. (r1455352)
* avoid executing unnecessary code in log with limit (r1459599)
Developer-visible changes:
- General:
* fix an assertion in dav_svn_get_repos_path() on Windows (r1425368)
* fix get-deps.sh to correctly download zlib (r13520131)
* doxygen docs will now ignore prefixes when producing the index (r1429201)
* fix get-deps.sh on freebsd (r1423646)
- Bindings:
* javahl status api now respects the ignoreExternals boolean (r1435361)
This release addesses five security issues:
CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
CVE-2013-1847: mod_dav_svn crashes on LOCK requests against
non-existant URLs
CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against
activity URLs
CVE-2013-1884: mod_dav_svn crashes on out of range limit in log
REPORT request
Changelog:
Version 1.6.20
(04 Jan 2013, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.20
User-visible changes
- Client- and server-side bugfixes:
* Fix typos in pt_BR, es and zh_TW translations (r1402417)
- Server-side bugfixes:
* add Vary: header to GET responses to improve cacheability (r1390653)
* fix fs_fs to cleanup after failed rep transmission (r1403964, et al)
* fix an assert with SVNAutoVersioning in mod_dav_svn (issue #4231)
Version 1.6.19
(10 Sep 2012, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.19
- Client-side bugfixes:
* handle missing svn:date reported by svnserve gracefully (r1306111)
- Server-side bugfixes:
* fix possible server hang if a hook script fails to start (r1330410)
* fix write-through proxy commit regression introduced in 1.6.17 (r1088602)
* partial sync drops properties when converting to adds (issue #4184)
- Developer-visible changes:
* fix the testsuite to avoid FAILs on APR hash order (r1230714, et al)
Version 1.6.18
(29 Mar 2012, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.18
User-visible changes:
* reject invalid svn:mergeinfo at commit time over DAV (issue #3953)
* fix reintegrate merge regression introduced in 1.6.13 (issue #3957)
* make the stderr output of the post-commit hook XML-safe (r893478)
* fix a rare source of FSFS corruption (r1240752)
* plug a memory leak in the bdb backend (r1205726)
* server-side performance fix for "log -g" (r1152282)
* fix description of svndumpfilter's --targets option (r1151911)
* fix datastream corruption during resumed transfer in ra_serf (r1154733)
* fix a crash in ra_svn SASL authentication (r1166555, -678)
* fix potential corruption on 32-bit FSFS with large files (r1230212)
* make website links point to subversion.apache.org (r896893, -901, r915036)
* fix non-fatal FSFS corruption bug with concurrent commits (issue #4129)
Developer-visible changes:
* fix sqlite distfile retrieval in get-deps.sh (r1134734)
* fix swig-py memory leak (r1235264, -296, -302, -736)
* allow passing --with-jdk to gen-make.py on Windows (r966167)
(This is a comment-only change.)
I used to maintain the subversion packages, but am no longer actively
doing so. I basically removed my name from the comment soliciting
volunteers to test the language binding part of updates, and updated
the text.
Version 1.6.17
(01 Jun 2011, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.17
User-visible changes:
* improve checkout speed on Windows (issue #3719)
* make 'blame -g' more efficient on with large mergeinfo (r1094692)
* avoid some invalid handle exceptions on Windows (r1095654)
* preserve log message with a non-zero editor exit (r1072084)
* fix FSFS cache performance on 64-bit platforms (r1103665)
* make svn cleanup tolerate obstructed directories (r1091881)
* fix deadlock in multithreaded servers serving FSFS repositories (r1104093)
* detect very occasional corruption and abort commit (issue #3845)
* fixed: file externals cause non-inheritable mergeinfo (issue #3843)
* fixed: file externals cause mixed-revision working copies (issue #3816)
* fix crash in mod_dav_svn with GETs of baselined resources (r1104126)
See CVE-2011-1752, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-1752-advisory.txt
* fixed: write-through proxy could direcly commit to slave (r917523)
* detect a particular corruption condition in FSFS (r1100213)
* improve error message when clients refer to unkown revisions (r939000)
* bugfixes and optimizations to the DAV mirroring code (r878607)
* fixed: locked and deleted file causes tree conflict (issue #3525)
* fixed: update touches locked file with svn:keywords property (issue #3471)
* fix svnsync handling of directory copyfrom (issue #3641)
* fix 'log -g' excessive duplicate output (issue #3650)
* fix svnsync copyfrom handling bug with BDB (r1036429)
* server-side validation of svn:mergeinfo syntax during commit (issue #3895)
* fix remotely triggerable mod_dav_svn DoS
See CVE-2011-1783, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
* fix potential leak of authz-protected file contents
See CVE-2011-1921, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
Developer-visible changes:
* fix reporting FS-level post-commit processing errors (r1104098)
* fix JVM recognition on OS X Snow Leopard (10.6) (r1028084)
* allow building on Windows with recent Expat (r1074572)
Security fix seems to related to www/ap2-subversion.
Version 1.6.16
(02 Mar 2011, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.16
User-visible changes:
* more improvement to the 'blame -g' memory leak from 1.6.15 (r1041438)
* avoid a crash in mod_dav_svn when using locks (r1071239, -307)
See CVE-2011-0715, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-0715-advisory.txt
* avoid unnecessary globbing for performance (r1068988)
* don't add tree conflicts when one already exists (issue #3486)
* fix potential crash when requesting mergeinfo (r902467)
* don't attempt to resolve prop conflicts in 'merge --dry-run' (r880146)
* more fixes for issue #3270.
Developer-visible changes:
* ensure report_info_t is properly initialized by ra_serf (r1058722)
* locate errors properly on a malfunction (r1053208)
* fix output param timing of svn_fs_commit_txn() on fsfs (r1051751)
* for svn_fs_commit_txn(), set invalid rev on failed commit (r1051632, -8)
* fix sporadic Ruby bindings test failures (r1038792)
* fix JavaHL JVM object leak when dumping large revisions (r947006)
* use Perl to resolve symlinks when building swig-pl (r1039040)
* allow Perl bindings to build within a symlinked working copy (r1036534)
* don't overwrite the LD_LIBRARY_PATH during make check-swig-pl (r946355)
* improve unit tests for some fs functions (r1051744, -5, -3185, -241)
Also update subversion-base, ap2-subversion, p5-subversion, py-subversion
and ruby-subversion.
Version 1.6.15
(26 Nov 2010, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.15
User-visible changes:
* improve svnsync handling of dir copies (r962377, -8)
* hide unreadable dirs in mod_dav_svn's GET response (r996884)
* make 'svnmucc propsetf' actually work (r1005446)
* limit memory fragmentation in svnserve (r1022675)
* fix 'svn export' regression from 1.6.13 (r1032970)
* fix 'svn export' mistakenly uri-encodes paths (issue #3745)
* fix server-side memory leaks triggered by 'blame -g' (r1032808)
* prevent crash in mod_dav_svn when using SVNParentPath (r1033166)
* allow 'log -g' to continue in the face of invalid mergeinfo (r1028108)
* filter unreadable paths for 'svn ls' and 'svn co' (r997026, -070, -474)
* fix abort in 'svn blame -g' (issue #3666)
* fix file handle leak in ruby bindings (issue #3512)
* remove check for 1.7-style working copies (issue #3729)
Developer-visible changes:
* improve some swig parameter mapping (r984565, r1035745)
* improve test accuracy over dav (r991534, r877814)
* create fails.log for test runs (r964349)
* improve detection of 'svnversion' when buildling (r877219, et al)
* don't violate API layering in dumpstream logic (issue #3733)
* don't report working copy installs as switched (r1033921)
Version 1.6.14
(Not released, see changes for 1.6.15.)
Quote from release announce:
This is a bugfix release, part of the 1.6.x release series. Of note, this
release includes a fix which addresses CVE-2010-3315, a security issue when
using 'SVNPathAuthz short_circuit'. More information can be found here:
http://subversion.apache.org/security/CVE-2010-3315-advisory.txt
CHANGES:
Version 1.6.13
(01 Oct 2010, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.13
User-visible changes:
* don't drop properties during foreign-repo merges (issue #3623)
* improve auto-props failure error message (r961970)
* improve error message for 403 status with ra_neon (r876615)
* don't allow 'merge --reintegrate' for 2-url merges (r959004)
* improve handling of missing fsfs.conf during hotcopy (r980811, -1449)
* escape unsafe characters in a URL during export (issue #3683)
* don't leak stale locks in FSFS (r959760)
* better detect broken working copies during update over ra_neon (r979045)
* fsfs: make rev files read-only (r981921)
* properly canonicalize a URL (r984928, -31)
* fix wc corruption with 'commit --depth=empty' (issue #3700)
* permissions fixes when doing reintegrate merges (related to issue #3242)
* fix mergeinfo miscalculation during 2-url merges (issue #3648)
* fix error transmission problems in svnserve (r997457, -66)
* fixed: record-only merges create self-referential mergeinfo (issue #3646)
* fixed: 'SVNPathAuthz short_circuit' unsolicited read access (issue #3695)
* make 'svnmucc propset' handle existing and non-existing URLs (r1000607)
* add new 'propsetf' subcommand to svnmucc (r1000612)
* emit a warning about copied dirs during ci with limited depth (r1002094)
Developer-visible changes:
* make ruby bindings compatible with Ruby 1.9 (r957507)
* use the repos verify API in JavaHL (r948916)
* teach ra_serf to parse md5 checksums with update editors (r979429)
* let ra_serf work with current serf releases (r879757, r880320, r943796)
Upstream changes:
Version 1.6.12
(21 Jun 2010, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.12
User-visible changes:
* further improvements for issue #3242
* allow deletion of uris which need character escaping (issue #3636)
* fix errors with 'svn mkdir --parents' (issue #3649)
* update address to which crash reports are sent (r901304)
* check for server certificate revocation on Windows (r898048)
* disable custom file mutexes on Windows (r879902, -16)
* fix handling of peg revision'd copy targets (issue #3651)
* more improvements to 'svn merge --reintegrate' (r935631)
* allow copying of broken symlinks (issue #3303)
* improve rep-sharing performance on high-concurrency repos (issue #3506)
* fixed: added subtrees with mergeinfo break reintegrate (issue #3654)
* fixed: assertion triggered by tree-conflicted externals (issue #3469)
Developer-visible changes:
* give windows devs more flexibility with sqlite versions (r944635)
* allow the pack tests to work with low file descriptor limits (r937610)
* improve exception handling on Windows Vista and 7 (r878447, -910, -916)
Version 1.6.11
(19 Apr 2010, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.11
User-visible changes:
* fix for repositories mounted via NFS (issue #3501)
* enable TCP keep-alives in svnserve (r880552)
* tighten restrictions on revprops for 'svnadmin verify' (r904594)
* make ra_serf give better out-of-date information (issue #3561)
* improve error message upon connection failure with svn+ssh:// (r922516)
* allow 'svn log' on an uncommitted copy/move destination (r901752)
* make 'svnadmin hotcopy' copy the fsfs config file (r905303)
* mergeinfo improvements with non-inheritable mergeinfo (issue #3573)
* make mergeinfo queries not require access to the repo root (issue #3242)
* update URLs to refer the the new apache.org repository (r904301, -94)
* update relative externals during a switch (issue #3390)
* fix 'merge --reintegrate' with self-referential mergeinfo (r892050, -85)
* improve wc-ng working copy detection (r929382)
* improve handling of mergeinfo when using serf (r880461)
* fixed: 'svnlook plist --revprop' with '-t TXN_NAME' (r917640, -8211)
* fixed: file external from URL cannot overwrite existing item (issue #3552)
* fixed: potential memory error in 'svn status' (r923674, -9)
* fixed: merge records mergeinfo from natural history gaps (issue #3432)
* fixed: theoretical possibility of DB corruption (r926151, -67)
Developer-visible changes:
* disable checks for wc-ng working copies when running the test suite
* on Windows, don't ignore move operation error codes (r896915)
* more precise reporting of errors occuring with sqlite init (r927323, -8)
* ensure rangelist APIs are commutative (r923389, -91)
Version 1.6.10
(Not released, see changes for 1.6.11.)
subversion-base has been tested. (Anyone who would like to sign up to
functionality-test the other components is welcome to send me mail and
I'll record that in the Makefile.)
Version 1.6.9
(25 Jan 2010, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.9
User-visible changes:
* allow multiple external updates over ra_svn (issue #3487)
* fix a segmentation fault when using FSFS (r881905)
* support Berkeley DB 4.8 (r879688)
* various autoprop improvements (r880274, -5)
* improve usage of svn+ssh:// on Windows (issue #2580)
* teach 1.6.x to recognize 1.7 working copies (1.6.x-future-proof branch)
* update help text for 'svn update' and 'svn switch' (r886164, -97)
* make 'svnadmin load --parent-dir' create valid mergeinfo (r888979, -9081)
* tolerate relative merge source paths in mergeinfo (r889840)
* teach mod_dav_svn to support the Label header (issue #3519)
* fixed: svnsync leaves stale sync-locks on mirrors (r884842)
* fix applicability of 'svn resolve --accept=theirs-conflict' (r880525, -6)
* fixed: segfault in 'svn resolve' (r896522, -47)
* fix commit failure against an out-of-date mirror (r900797)
Developer-visible changes:
* update ruby bindings test expectation (r880162)
* don't allow rangelist and mergeinfo API to modify input args (r879093)
Version 1.6.8 (Not released, see changes for 1.6.9.)
Version 1.6.7 (Not released, see changes for 1.6.9.)
[ Note: All revision numbers for versions prior to 1.6.7 reference the
original repository on svn.collab.net. For more information see:
http://svn.apache.org/repos/asf/subversion/README ]
Version 1.6.6
(22 Oct 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.6
User-visible changes:
* fix crash during 'svn update' (r39673)
* respect Apache's ServerSignature directive (r40008, -21, -31)
* don't add a file with mixed line endings, and then abort (issue #2713)
* support Neon 0.29.
* fix a crash in 'svn rm --force' (r37953)
* handle tree conflicts involving replacements (issue #3486)
* allow non-threadsafe sqlite if APR has no threads (r39301)
* print newline before plaintext SSL cert / password prompts (r38982, r39302)
* improve merge performance with implicit subtree mergeinfo (issue #3443)
* fix "libsvn_ra_svn/marshal.c assertion failed (opt || cstr)" (issue #3485)
* make file externals work for binary files (issue #3368)
* perform MIME type matching case-insensitively (issue #3479)
* do not treat non-existent revisions as HEAD in 'svn export' (issue #3400)
* revert r36720's default MIME type change back to "text/plain" (issue #3508)
* improve "tree conflict already exists" error message (r38872)
* fix failure to commit replacement of a directory (issue #3281)
* fix mod_dav_svn parent dir links to preserve peg revisions (issue #3425)
Developer-visible changes:
* fix 2 failing tests in ruby bindings (r38886)
* do not require GNU grep for build (issue #3453)
* use '$SED' instead of 'sed' in build scripts (issue #3458)
* add svn.client.{log5,merge_peg3} to python bindings (r39635, -6, -7)
* include the time of a test run in tests.log (r39887)
(21 Aug 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.5
User-visible changes:
* fix mod_dav_svn directory view links to preserve peg revisions (r38201)
* do not error on Windows when ALLUSERPROFILE dir nonexistent (r38053, -5, -7)
* properly escape lock comments over ra_neon (r38101, -2)
* allow syncing copies of '/' over ra_neon and ra_serf (issue #3438)
* make 'svnlook diff' show empty added or deleted files (r38458)
* fix building with Apache 2.4 (r36720)
* fix possible data loss on ext4 and GPFS filesystems (issue #3442)
* resolve symlinks when checking for ~/.subversion (r36023)
* don't let svn+ssh SIGKILL ssh processes (issue #2580)
* allow PLAIN and LOGIN mechanisms with SASL in svnserve (r38205)
* fix peg revision parsing in filenames like 'dir/@file.txt' (issue #3416)
* fix detection of Apache <2.0.56 (r38290, -3, -4)
* don't pretend to do tree conflict resolution (r38799, -801, -805)
* fix data corruption when syncing from svnserve to mod_dav_svn (r38686, -7)
* fix GNOME Keyring with '--non-interactive' option (r38222, -3, -61, -410)
* fixed: false "File '...' already exists" error during commit (issue #3119)
Developer-visible changes:
* avoid referencing uninitialized variables (r38388)
* plug a couple of error leaks (r38572)
* improve windows test output (r38616, -7, -9, -49)
Version 1.6.4
(06 Aug 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.4
User-visible changes:
* fixed: heap overflow vulnerability on server and client
See CVE-2009-2411, and descriptive advisory at
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
Version 1.6.3
(22 Jun 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.3
User-visible changes:
* fix segfault in WC->URL copy (r37646, -56)
* let 'svnadmin load' tolerate mergeinfo with "\r\n" (r37768)
* make svnsync normalize svn:* props to LF line endings (issue #3404)
* better integration with external merge tools (r36178)
* return a friendly error message for 'svn diff' (r37735)
* update dsvn.el for 1.6 (r37774)
* don't allow setting of props on out-of-date dirs under neon (r37745)
* improve BASH completion (r36450, -52, -70, -79, -538)
* always show tree conflicts with 'svn st' (issue #3382)
* improve correctness of 'svn mergeinfo' (issue #3126)
* decrease the amount of memory needed for large commits (r37894, -6)
* work around an APR buffer overflow seen by svnsync (r37622)
* ra_svn clients now use TCP keep-alives if available (issue #3347)
* improve 'svn merge' perf by reducing server contact (r37491, -593, -618)
* stop propagating self-referential mergeinfo in reintegrate merges (r37931)
* fix NLS detection where -liconv is required for bindtextdomain() (r37827)
* don't delete unversioned files with 'rm --keep-local' (r38015, -17, -19)
* bump apr and apr-util versions included in deps to latest. (r37941)
* avoid temp file name collisions with ra_serf, ra_neon (r37972)
* fixed: potential segfault with noop file merges (r37779)
* fixed: incorrect output with 'svn blame -g' (r37719, -23, -41)
* fixed: bindings don't load FS libs when module search enabled (issue #3413)
* fixed: DAV RA layers not properly handling update/switch working copy
directory to revision/place in which it doesn't exist (issue #3414)
* fixed: potential abort() in the working copy library (r37857)
* fixed: memory leak in hash reading functions (r37868, -979)
Developer-visible changes:
* improve memory usage in file-to-stringbuf APIs (r37907)
* reduce memory usage for temp string manipulation (r38010)
Rehsack. apr1 is no longer an option; that's just the way it is.
Version 1.6.2
(09 May 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.2
User-visible changes:
* vastly improve memory usage with 'svn merge' (issue #3393)
* make default depth for merge 'infinity' (r37156)
* make 'status --quiet' show tree conflicts (issue #3396)
* allow '--set-depth infinity' to expand shallow subtrees (r37169)
* return an error if attempting to reintegrate from/to the repo root (r37385)
* don't store bogus mergeinfo for '--ignore-ancestry', foreign merges (r37333)
* don't allow merge of difference between two repos (r37519)
* avoid potential segfault with subtree mergeinfo (r36613, -15, -31, -41)
* recommend sqlite 3.6.13 (r37245)
* avoid unnecessary server query for implicit mergeinfo (r36509)
* avoid unnecessary server query during reverse merges (r36527)
* set depth=infinity on 'svn add' items with restricted depth (r37607)
* fixed: commit log message template missing paths (issue #3399)
* fixed: segfault on merge with servers < 1.6 (r37363, -67, -68, -79)
* fixed: repeat merge failures with non-inheritable mergeinfo (issue #3392)
* fixed: another memory leak when performing mergeinfo-aware merges (r37398)
* fixed: incorrect mergeinfo on children of shallow merges (issue #3407)
* fixed: pool lifetime issues in the BDB backend (r37137)
Developer-visible changes:
* don't fail if an embedding app has already initialized SQLite (issue #3387)
* resolve naming collisions with static stat() function in svnserve (r37527)
* fix an expectation for a failing dirent windows test (r37121)
Version 1.6.1
(10 Apr 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.1
User-visible changes:
* recommend Neon 0.28.4. (r36388)
* improve performance of 'svn merge --ignore-ancestry' (r36256)
* improve 'svn merge' performance with subtree mergeinfo (r36444)
* correctly proxy LOCK and UNLOCK requests (r36159)
* prevent a crash when updating old working copies (r36751)
* don't let svnmerge.py delete a nonexistent property (r36086, -767, -769)
* don't fail when upgrading pre-1.2 repositories (r36851, -7)
* allow escaping of separator characters in autoprops (r36763, -84)
* improve tempfile creation robustness on Windows (r36442, -3)
* fix change-svn-wc-format.py for 1.6.x working copies (r36874, -5)
* improve configure's detection of Berkeley DB (r36741, -2)
* don't allow foreign merges to add foreign mergeinfo (issue #3383)
* improve performance of 'svn update' on large files (r36389, et. al.)
* fixed: error leak and potential crash (r36860)
* fixed: parent directory handling on Windows (r36049, -50, -51, -131)
* fixed: unintialized memory errors (r36252, -3)
* fixed: potential working copy corruption (r36714)
* fixed: working copy upgrade error (r36302)
* fixed: pointer dereference error (r36783)
* fixed: error diff'ing large data with ignored whitespace (r36816)
* fixed: potential hang in ra_serf (r36913)
* fixed: problem with merge and non-inheritable mergeinfo (r36879)
* fixed: repeated merging of conflicted properties fails (issue #3250)
* fixed: excluding an absent directory segfaults (issue #3391)
Developer-visible changes:
* ensure svn_subst_translate_cstring2() properly flushes data (r36747)
* make serf report a base checksum to apply_textdelta (r36890)
* syntax updates for strict C89 compilers (r36799)
* update RPM scripts for RHEL4 (r36834)
* allow tests to be run with Python 2.6.1 on Windows (r36149, -50, -51, -56)
* allow building JavaHL with Visual Studio 2008 (r36954)
* stop setting default translation domain in JavaHL (r36955)
* fixed: warning with Python 2.6 and ctypes bindings (r36559)
* fixed: undefined references to svn_fs_path_change2_create() (r36823)
Version 1.6.0
(20 Mar 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.0
User-visible changes:
- General:
* Now require Windows 2000 or newer on Windows (r33170)
- Major new features:
* identical files share storage space in repository (issue #2286)
* file-externals support for intra-repository files (issue #937)
* "tree" conflicts now handled more gracefully (issue #2282, #2908)
* repository root relative URL support on most commands (issue #3193)
- Minor new features and improvements:
* pre-lock hook can now specify lock tokens via stdout (r32778)
* svnmucc: support '--with-revprop' (r29492)
* merge: log include-descendants in operational log (r30426, r30428)
* improved operational logging for 'svn switch' (r30517)
* new 'Header' keyword, similar to 'Id' but with full URL (r35386)
* warn/disallow when storing plain-text passwords (r31046)
* support KWallet and GNOME keyring for password storage (r31241, -337)
* client now caches SSL client cert passphrases (issue #2489)
* add '--prefix-file' option to 'svndumpfilter' (issue #2697)
* add '--ignore-externals' option to 'svn cp' (issue #3365)
* add '--with-no-revprops' to 'svn log' (issue #3286)
* new 'svnadmin pack' command to compress FSFS filesystems
* new SVNAllowBulkUpdates mod_dav_svn directive (issue #3121)
* new public mod_dav_svn URI syntax: path?[p=PEG][&r=REV] (r34076)
* new 'svnsync info' command to show synchronization information (r35053)
* conflict resolver supports display-conflict, mine-conflict and theirs-conflict
- Client-side bugfixes:
* faulty reflexive merges (issue #2897)
* buffer overflow on a 0 byte string buffer (r35968, -74)
* conflict resolver needed more useful 'diff' option (issue #3048)
* disable username assumption (issue #2324)
* more accurate usage message for 'svn log' (r30449)
* do not repeat merge if target has explicit mergeinfo (issue #2821)
* corruption when filtering self-referential mergeinfo (r30467)
* filter empty mergeinfo with self-referential mergeinfo (r30510)
* pay attention to partial replay from the server in svnsync (r30440)
* improved property name handling in svnsync (r30480)
* properly recognize the file:/// in repository with svnsync (r30482)
* svn+ssh SIGKILLs ssh processes (issue #2580)
* 'svn up'/'svn co' early abort with svn:externals (issue #3148)
* improve tempfile names for conflict resolver (issue #3166)
* ra_serf: 'svn merge' aborts (issue #3212)
* 'svn cleanup' failed on non-ASCII characters (issue #3313)
* 'svn update' fails on moved, modified file with local mods (issue #3354)
* easier use of NTLM for proxy with ra_neon (r29874)
* 2-url merge from DAV-accessed foreign repo makes bad wcprops (issue #3118)
* can't add .svn (and children) to your wc via '--parents' (r35819)
* improved performance removing unversioned directories (r36111)
* 'svn cp --parents' had path URL encoding issues (issue #3374)
* support shell quoting rules in externals definitions (issue #2461)
* new SVN_LOCALE_DIR environment variable for localization (issue #2879)
* scheme and domain name in urls handled case insensitive (issue #2475)
* merge: pick default revisions with peg revision in single url (r30455)
* many other minor bugfixes, optimizations, plugs of memory leaks, etc
- Server-side bugfixes:
* mod_dav_svn runs pre-revprop-change twice (issue #3085)
* mod_dav_svn ignores pre-revprop-change failure on delete (issue #3086)
* mod_dav_svn prevented lock breaks from being propagated to client (r29914)
* non-UTF8 filenames could enter repository (issue #2748)
* 'svnlook proplist' xml output (issue #2809)
* don't let mod_dav_svn hide errors from client (issue #3102)
* ra_serf failure during update (issue #3113)
* ra_serf comply with RFC 2617 in handling authentication headers (r35981)
* use both SHA1 and MD5 in the FS backends (r34388)
* many other minor bugfixes too numerous to list here
- Contributed tools improvements and bugfixes:
* commit-email.pl: Deprecated; use mailer.py instead (r31755, -67)
* svnmerge.py migration tool munged svn:mergeinfo ordering (issue #3302)
* And other random sundry stuff
Developer-visible changes:
- General:
* serf 0.3.0 required, when building with serf (r35586)
* require SQLite 3.4.0 or newer (r33520)
* allow the use of an in-tree SQLite amalgamation (r35263)
* svn_log_changed_path_t now includes a 'kind' field (issue #1967)
* BDB `changes' table inconsistency when APIs are misused (issue #3349)
* configure should prefer apr-1 over apr-0 if both are present (issue #2671)
* make 'Not Found' errors consistent between RA layers (issue #3137)
* fix a potential buffer overrun (r34374)
* many bug fixes and improvements to the test suite
- API changes:
* notification system for properties and revision properties (issue #783)
* make ra_svn's merge commit-revprops public (r30462, r30453)
* mod_dav_svn operational logging compatible with svnserve logging (r30518)
* improve speed of svn_client__get_copy_source() (issue #3356)
* if fsfs commit fails return SVN_INVALID_REVNUM (r35950)
- Bindings:
* new: ctypes python bindings
* many improvements to all bindings (Java, Perl, Python, and Ruby)
* respect CFLAGS in SWIG bindings (r35879)
* fix building Ruby bindings with Ruby 1.9 (r35852, r35883)
# As of 2009-03-22 gdt@NetBSD.org knows 1.6.0 is out, but is
# intentionally waiting until post-2009Q1 and until there is enough
# experience with 1.6.0 before subjecting pkgsrc users to it. Update
# will probably come mid to late April; comments welcome.
Version 1.5.6
(27 Feb 2009, from /branches/1.5.x)
http://svn.collab.net/repos/svn/tags/1.5.6
User-visible changes:
* allow colons within mergeinfo path names (r35040)
* make it impossible to add .svn to wc via 'svn add --parents' (r35143, -5)
* copy properties of added but uncommitted files (r32448)
* speedup JavaHL bindings on Windows (r35733)
* improve performance of log operation on < 1.5 servers (r35566)
* allow commits over Neon of files >2GB (POSIX only) (r34919, -24)
* allow serf from behind MS ISA proxy servers (r35981)
* prevent svnmerge-migrate-history.py from committing bogus mergeinfo (r35516)
Developer-visible changes:
* fix error handling in mod_dav_svn (r35250, -86)
* support --server-minor-version in windows testsuite (r31393)
* fix depth_tests.py 23 on Windows with a BDB repo (r34875)
* allow svn_mergeinfo_parse() to tolerate unordered mergeinfo (r35297, -367)
* allow overlapping rangelists into svn_mergeinfo_parse() (r35466, -712, -713)