subversion-server-1.14.1-150400.5.3.1<>,XgYyp9|]!;`te4G*8F1XI㠓b^z CQLt=nuT0š,ЯaDzf * ”lnS}[4g`{6! UK_Ycfqk]MQ SppSFp RNfeRBhnO~l?ys@U>'zyI0OJyiA_+&{c]R 'ySTnmĦiIncN$[+>>v?vd ( S! 7Cagp     @X(8R9HR: QRFqvGqHqIqXqYq\r ]r$^rubrcsadsesfslsutvtwuxuyvzvvvvvCsubversion-server1.14.1150400.5.3.1Apache server module for Subversion serverThe subversion-server package adds the Subversion server Apache module to the Apache directories and configuration.gYys390zp38SUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Unspecifiedhttps://subversion.apache.orglinuxs390x Xi8A큤AgYUeU jgYUtgYU}gYU}gYU}69e6b833726dbd27031cc106dc2f97eea641f632776356025ab89e5d7527e574eb8a5a21860b8c777734c17a5ac5c95c82f25b4104922931ad757c2deb217b294bace226103b2f0c5d7264c496b08ca70af0b3e8ad13ed0fd0767aa371b20c966db0cb2a2bad3b2d2d3c2052d4d5e0de48b2f41ca426012365879cecbcae4c12rootrootrootrootrootrootrootrootrootrootrootrootsubversion-1.14.1-150400.5.3.1.src.rpmconfig(subversion-server)subversion-serversubversion-server(s390-64)@@@@@@@@@@@    apache2apache_mmn_20120211config(subversion-server)libapr-1.so.0()(64bit)libaprutil-1.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.4)(64bit)libpthread.so.0()(64bit)libsvn_delta-1.so.0()(64bit)libsvn_fs-1.so.0()(64bit)libsvn_repos-1.so.0()(64bit)libsvn_subr-1.so.0()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)subversion1.14.1-150400.5.3.13.0.4-14.6.0-14.0-15.2-11.14.14.14.3gX-@bL/@b aW@apah`#_0@__o-@_m_k8_X_R,@_^^U@^@^0^@]]@]:@]9]9]4S\\\\A\8@[@[[@[~[Xf@ZZ>Z8@Z@Y@YdY@Y@YJY@Y{'@Y_wY_wYBvXƉX[@X>@X>@W.@Ws@W!@VVpV0V@U6@U@U@UUL@UL@UL@UW1@U&iUU@U TTTPT!Tq@T@TTmTT@antonio.teixeira@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comdanilo.spinella@suse.comgmbr3@opensuse.organdreas.stieger@gmx.demmachova@suse.compgajdos@suse.comtchvatal@suse.comd_werner@gmx.netd_werner@gmx.netdmueller@suse.comalarrosa@suse.comalarrosa@suse.comcallumjfarmer13@gmail.comtchvatal@suse.commliska@suse.cztchvatal@suse.commliska@suse.cztchvatal@suse.comandreas.stieger@gmx.defranz.sirl-obs@lauterbach.commatthias.gerstner@suse.comtchvatal@suse.comtchvatal@suse.comantoine.belvire@opensuse.organdreas.stieger@gmx.demvetter@suse.comolaf@aepfle.deastieger@suse.comtchvatal@suse.comastieger@suse.comastieger@suse.comfstrba@suse.comastieger@suse.comtchvatal@suse.comantoine.belvire@opensuse.orgastieger@suse.comfstrba@suse.comrbrown@suse.commpluskal@suse.comvcizek@suse.comtchvatal@suse.comtchvatal@suse.comastieger@suse.comtchvatal@suse.comastieger@suse.comastieger@suse.comastieger@suse.comnmoudra@suse.comtchvatal@suse.comstsp@elego.deastieger@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comtchvatal@suse.comtchvatal@suse.comastieger@suse.comstsp@elego.destsp@elego.destsp@elego.deastieger@suse.comastieger@suse.comtchvatal@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.combwiedemann@suse.comtchvatal@suse.comandreas.stieger@gmx.deledest@gmail.comandreas.stieger@gmx.de- Fix CVE-2024-46901 mod_dav_svn denial-of-service via control characters in paths (CVE-2024-46901, bsc#1234317) * subversion-CVE-2024-46901.patch- Fix CVE-2022-24070 mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070, bsc#1197940) * subversion-CVE-2022-24070.patch - Fix CVE-2021-28544 SVN authz protected copyfrom paths regression (CVE-2021-28544, bsc#1197939) * subversion-CVE-2021-28544.patch- Fix testCrash_RequestChannel_nativeRead_AfterException test on aarch64 and ppc64le, bsc#1195486 bsc#1193778 * fix-javahl-test.patch- The following issues have already been fixed in this package but weren't previously mentioned in the changes file: * bsc#1185052- Change to using systemd-sysusers- always build with kwallet support, no longer make a distrinction between openSUSE and SLE (boo#1191282)- Update to 1.14.1 * Fix non-deterministic generation of mergeinfo * Fix invalid SQL quoting in working copy upgrade system * Convert filename for editor from UTF-8 to the locale's encoding * Make the hot-backup.py script work with Python 3 * Fix an uninitialized read in FSFS * Fix a potential NULL dereference in the config file parser (bsc#1181687, CVE-2020-17525) - Rebase subversion-no-build-date.patch- use system apache rpm macros- Enable kde integration from 15-SP3 and newer releases jsc#SLE-11654- update the path of the PIDFile in the svnserve.service file: change /var/run/svnserve/svnserve.pid to /run/svnserve/svnserve.pid- update the tmpfiles.d/ drop-in file as requested by the rpm output /usr/lib/tmpfiles.d/svnserve.conf:1: Line references path below legacy directory /var/run/, updating /var/run/svnserve → /run/svnserve;- speed up testsuite run by using /dev/shm - disable output aggregation that spec-cleaner introduces in checks- Fix jira reference to SLE-11901- Add patch to remove dependency on kdelibs4support just to run kf5-config to find out that headers are in /usr/include and libraries are in /usr/lib(64) (jsc#SLE-11901): * remove-kdelibs4support-dependency.patch- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)- Update to 1.14.0: * Support for Python 3.x * Support for Python 2.7 is being phased out * New Build-Time Dependency: py3c * Many enhancements and bug fixes - Drop patches: * subversion-1.12.0-swig-4.patch * ruby27-warnings.patch * ruby-includes.patch - Refresh patch subversion-no-build-date.patch- Add disable-fs-fs-pack-test.patch in order to fix boo#1170834.- Try to get building with ruby 2.7 bsc#1169446 - Add patches: * ruby27-warnings.patch * ruby-includes.patch- Fix boo#1167467 by gcc10-do-not-optimize-get_externals_to_pin.patch.- Disable dependency on ctypesgen which is borked with new pythons- Apache Subversion 1.13.0: * New 'svnadmin rev-size' command to report revision size * Performance improvement for 'svn st' etc., in WC SQLite DB * Fix 'svn patch' setting mode 0600 on patched files with props * Fix "svn diff --changelist ARG" broken in subdirectories * Fix misleading 'redirect cycle' error on a non-repository URL * svnserve: Report some errors that were previously ignored * Make server code more resilient to malformed paths and URLs * Make dump stream parser more resilient to malformed dump stream * mod_dav_svn: Fix missing Last-Modified header on 'external' GET requests * Fix excessive memory usage in some cases reading binary data- Enable build and check with swig-3: * Only enable subversion-1.12.0-swig-4.patch for Tumbleweed * 'make check-swig-py' doesn't pass with swig-4 - Enable 'make check-swig-rb' everywhere again- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html- Add patches to fix bsc#1142743 and bsc#1142721 CVE-2019-0203 CVE-2018-11782: * CVE-2018-11782.patch * CVE-2019-0203.patch- Update to 1.12.2: * Fix conflict resolver bug: local and incoming edits swapped. (r1863285) * Fix memory lifetime problem in a libsvn_wc error code path. (r1863287) * CVE-2018-11782 bsc#1142743 * CVE-2019-0203 bsc#1142721- Add subversion-1.12.0-swig-4.patch: Fix build with Swig 4 (boo#1135747).- Apache Subversion 1.12.0: * 'move vs. move' merge conflicts can now be resolve * 'svn --version --verbose' shows loaded libraries on Linux * 'svnrdump' can read/write a file instead of stdin/stdout * 'svn list' tries to not truncate the author's name * 'svn list' can show sizes in base-2 unit suffixes * 'svn info' shows the size of files in the repository * 'svn cleanup' can remove read-only directories * Repos-to-WC copy with --parents works with absent target * Repos-to-WC copy from foreign repo with peg/operative revs * Ignore empty group definitions in authz files * svnauthz: warn about empty groups in authz files * Storing passwords in plain text on disk is disabled by default- bsc#1130588: Require shadow instead of old pwdutils- Install pkgconfig into libdir instead of datadir with subversion-pkgconfig.patch- Apache Subversion 1.11.1: * Add conflict resolver support for added vs unversioned file * Add conflict resolver support for unversioned directories * Various client-side bug fixes for working copy operations * Server: fix unexpected SVN_ERR_FS_NOT_DIRECTORY errors * Server: fix mod_dav_svn's SVNUseUTF8 had no effect in some setups * Server: fix a crash in mod_http2 * JavaHL bindings: Fix crash in client code when using external diff - Fixed a vulnerability that allowed malicious SVN clients to trigger a crash in mod_dav_svn by omitting the root path from a recursive directory listing request (CVE-2018-11803 bsc#1122842)- Move the bash completion to /usr as per rpmlint warning- Apache Subversion 1.11.0: * Shelving is no longer based on patch files * Shelves created on 1.10 are not compatible * New feature: Checkpointing * New viewspec output command * Improvements to tree conflict resolutio * 'patch' can now read non-pretty-printed svn:mergeinfo diffs * Better error when http:// URL is not a Subversion repository * Add 'schedule' and 'depth' items to 'svn info --show-item' * Allow the client cert password to be saved * Various bug fixes * On-disk caching of plaintext passwords and passphrases is now disabled by default, but users can explicitly allow this behavior via runtime configuration - drop upstreamed subversion-1.10.2-java10.patch- Apache Subversion 1.10.3: * Store the HTTPS client cert password * Fix shelving when custom diff command is configured * Fix conflict resolver crashes * Fix conflict resolver endless scan in some cases * Fix "Accept incoming deletion" on locally deleted file * Fix "resolver adds unrelated moves to move target list" * Reject bad PUT before CHECKOUT in v1 HTTP protocol * Let 'svnadmin recover' prune the rep-cache even if disabled * Allow commands like 'svn ci --file X' to work when X is a FIFO * 'svnadmin verify --keep-going --quiet' shows an error summary * Fix error in german translation for 'svn help merge'- Added patches: * subversion-1.10.2-java10.patch + Partly upstream patch to remove javah requirement to build Subversion Java bindings. + Apply only for builds with jdk10+ that don't have javah tool any more * subversion-1.10.2-javadoc.patch + Avoid loading Internet URLs during the build - Allow building with all Java versions starting with 1.6- Apache Subversion 1.10.2: * Correctly claim to offer Gnome Keyring support with libsecret * Fix segfault using Gnome Keyring with libsecret * Fix JavaHL local refs capacity warning when unparsing externals * Prune externals after 'update --set-depth=exclude' * Fix "conflict resolver searches too far back ..." - Dropped patches that are included in the upstream release: * subversion-1.10.0-fix-svn-version-gnome-keyring.patch- Use macro to compile python objects, do not do it by hand- Remove useless build dependency on pkgconfig(bash-completion). - Make subversion-bash-completion requires bash-completion, not pkgconfig(bash-completion).- Apache Subversion 1.10.0: * new conflict resolver * Many bug fixes and enhancements * lz4 compression for the repositories * https://subversion.apache.org/docs/release-notes/1.10.html - Packaging changes; * Convert dependencies to pkgconfig counterparts * Add dependency on liblz4 and utf8proc * Use %license (boo#1082318) * build with KDE5 KWallet support - Refresh patches: * subversion-1.8.0-rpath.patch * subversion-no-build-date.patch * subversion-fix-parallel-build-support-for-perl-bindings.patch * subversion-perl-underlinking.patch - dropped patches: * subversion-1.8.11-autocheck-time.patch, upstream * subversion-1.9.0-allow-httpd-2.4.6.patch, no longer required - Add subversion-1.10.0-fix-svn-version-gnome-keyring.patch to list GNOME keyring support in svn --version when using libsecret- BuildConflict with jdk10 or higher. The build uses extensively the javah tool which is removed in jdk10.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Explicitly require python2- Disable kwallet support on openSUSE built with openssl 1.1, because otherwise the libopenssl pulled in by libserf and libqt4 create a conflict (boo#1042629)- Switch the KDE condition to match sle15 too- Remove user changing option inherited from sysconfig from README * Was removed as it does not work on systemd, new section is there describing current approach- Apache Subversion 1.9.7: * CVE-2017-9800: A remote attacker could have caused svn clients to execute arbitrary code via specially crafted URLs in svn:externals and svn:sync-from-url properties. (bsc#1051362)- Apache Subversion 1.8.19 (bsc#1051362): * A malicious, compromised server or MITM may cause svn client to execute arbitrary commands by sending repository content with svn:externals definitions pointing to crafted svn+ssh URLs. CVE-2017-9800- Add instructions for running svnserve as a user different from "svn", and remove sysconfig variables that are no longer effective with the systemd unit. bsc#1049448- Apache Subversion 1.9.6 (bsc#1026936): This change makes Subversion resilient to collision attacks, including SHA-1 collision attacks such as . https://subversion.apache.org/faq#shattered-sha1 * fsfs: never attempt to share directory representations * fsfs: make consistency independent of hash algorithms * cp/mv: improve error message when target is an unversioned dir * merge: reduce memory usage with large amounts of mergeinfo * 'svnadmin freeze': document the purpose more clearly * dump: fix segfault when a revision has no revprops * fsfs: improve error message upon failure to open rep-cache * work around an APR bug related to file truncation * javahl: follow redirects when opening a connection- Apache Subversion 1.8.18 (bsc#1026936): This change makes Subversion resilient to collision attacks, including SHA-1 collision attacks such as . https://subversion.apache.org/faq#shattered-sha1 * fsfs: never attempt to share directory representations * fsfs: make consistency independent of hash algorithms * work around an APR bug related to file truncation- Deleted all xinetd related entries as it is not desired anymore * its obsolete due to socket based service * socket based service is not needed at this pkg- Update to build with new RPM in Factory - Provide the kwallet auth in main pkg in case kde integration is disabled - Use apache2-rpm-macros to get the apache variables- Package the 'svnauthz' binary.- Apache Subversion 1.8.17: * bsc#1011552 CVE-2016-8734 Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// * Client-side bugfixes: + fix handling of newly secured subdirectories in working copy + ra_serf: fix deleting directories with many files + gpg-agent: properly handle passwords with percent characters + merge: fix crash when merging to a local add * Server-side bugfixes: + fsfs: fix possible data reconstruction error + svnlook: properly remove tempfiles on diff errors * Client-side and server-side bugfixes: + fix potential memory access bugs * Bindings bugfixes: + javahl: fix temporarily accepting SSL server certificates + swig-pl: do not corrupt "{DATE}" revision variable + swig-pl: fix possible stack corruption * Developer-visible changes: + fix inconsistent behavior of inherited property API + fix patch filter invocation in svn_client_patch() + fix potential build issue with invalid SVN_LOCALE_DIR- Version update to 1.9.5: * bsc#1011552 CVE-2016-8734 Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// - Client-side bugfixes: * fix accessing non-existent paths during reintegrate merge (r1766699 et al) * fix handling of newly secured subdirectories in working copy (r1724448) * info: remove trailing whitespace in --show-item=revision (issue #4660) * fix recording wrong revisions for tree conflicts (r1734106) * gpg-agent: improve discovery of gpg-agent sockets (r1766327) * gpg-agent: fix file descriptor leak (r1766323) * resolve: fix --accept=mine-full for binary files (issue #4647) * merge: fix possible crash (issue #4652) * resolve: fix possible crash (r1748514) * fix potential crash in Win32 crash reporter (r1663253 et al) - Server-side bugfixes: * fsfs: fix "offset too large" error during pack (issue #4657) * svnserve: enable hook script environments (r1769152) * fsfs: fix possible data reconstruction error (issue #4658) * fix source of spurious 'incoming edit' tree conflicts (r1770108) * fsfs: improve caching for large directories (r1721285) * fsfs: fix crash when encountering all-zero checksums (r1759686) * fsfs: fix potential source of repository corruptions (r1756266) * mod_dav_svn: fix excessive memory usage with mod_headers/mod_deflate (issue #3084) * mod_dav_svn: reduce memory usage during GET requests (r1757529 et al) * fsfs: fix unexpected "database is locked" errors (r1741096 et al) * fsfs: fix opening old repositories without db/format files (r1720015) - Client-side and server-side bugfixes: * fix possible crash when reading invalid configuration files (r1715777) - Bindings bugfixes: * swig-pl: do not corrupt "{DATE}" revision variable (r1767768) * javahl: fix temporary accepting SSL server certificates (r1764851) * swig-pl: fix possible stack corruption (r1683266, r1683267) - Drop no longer needed patch: * subversion-1.8.11-swig-py-comment-3.patch- Add patch to build with swig3 to fix build on sle12sp2+ * subversion-swig3.patch- Drop syslog.target from After wrt bnc#983938- Apache Subversion 1.9.4, fixing two server-side vulnerabilities: * CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm (boo#976849) * CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check (boo#976850) - Client-side bugfixes: * diff: support '--summarize --ignore-properties' * checkout: fix performance regression on NFS * gpg-agent: properly handle passwords with percent characters * svn-graph.pl: fix assertion about a non-canonical path * hot-backup.py: better input validation * commit: abort on Ctrl-C in plaintext password prompt * diff: produce proper forward binary diffs with --git * ra_serf: fix deleting directories with many files - Server-side bugfixes: * improve documentation for AuthzSVNGroupsFile and groups-db * fsfs: reduce peak memory usage when listing large directories * fsfs: fix a rare source of incomplete dump files and reports - Client-side and server-side bugfixes: * update INSTALL documentation file * fix potential memory access bugs * fix potential out of bounds read in svn_repos_get_logs5() - Bindings bugfixes: * ignore absent nodes in javahl version of svn status -u - API changes: * properly interpret parameters in svn_wc_get_diff_editor6()- make the subversion package conflict with KWallet and Gnome Keyring packages with do not require matching subversion versions in SLE 12 and openSUSE Leap 42.1 and thus break the main package upon partial upgrade. Fix/workaround for boo#969159- Apache Subversion 1.9.3 This release fixes two security issues: * Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser. CVE-2015-5259 [boo#958299] * Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel- encoded request bodies. CVE-2015-5343 [boo#958300] Other changes: * svn: fix possible crash in auth credentials cache * cleanup: avoid unneeded memory growth during pristine cleanup * diff: fix crash when repository is on server root * fix translations for commit notifications * ra_serf: fix crash in multistatus parser * svn: report lock/unlock errors as failures * svn: cleanup user deleted external registrations * svn: allow simple resolving of binary file text conflicts * svnlook: properly remove tempfiles on diff errors * ra_serf: report built- and run-time versions of libserf * ra_serf: set Content-Type header in outgoing requests * svn: fix merging deletes of svn:eol-style CRLF/CR files * ra_local: disable zero-copy code path * mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm * mod_dav_svn: fix display of process ID in cache statistics * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests * svnadmin dump: preserve no-op changes * fsfs: avoid unneeded I/O when opening transactions * javahl: fix ABI incompatibilty with 1.8 * javahl: allow non-absolute paths in SVNClient.vacuum * fix patch filter invocation in svn_client_patch() * add @since information to config defines * fix running the tests in compatibility mode * clarify documentation of svn_fs_node_created_rev() * fix overflow detection in svn_stringbuf_remove and _replace * don't ignore some of the parameters to svn_ra_svn_create_conn3- Fix copy-and-paste error in Supplements for GNOME keyring integration- Apache Subversion 1.9.2: * fix a numer of client-side crashes and bugs * checkout: remove unnecessary I/O operation * svn: show utf8proc version in svn --version --verbose * fix reporting for empty representations in svnfsfs stats - upstream keyring updated- Apache Subversion 1.9.1: * Fix crash with GPG-agent with non-canonical $HOME * svn: expose expat and zlib versions in svn --version --verbose * svn: improve help text for 'svn info --show-item' * svnserve: fixed minor typo in help text * Fix an error leak in FSFS verification * Fix incomplete membuffer cache initialization * svnfsfs: fix some bugs and inconsistencies in load-index * Fix memory corruption in copy source SWIG bindings - drop subversion-1.8.14-httpd-version-number-detection.patch, change is upstream - adjust subversion-1.9.0-allow-httpd-2.4.6.patch for upstream changes- Remove support for SLE11 from the spec file - Use supplements instead of suggests on the other side for the password store - Fix kde integration conditional to work nicely on openSUSE Leap- Use suggests instead of recommends to avoid 180+ new pkgs on minimal setup due subversion-password-store bnc#942819- Apache Subversion 1.9.0: * new FSFS format 7 with major overhaul for I/O reduction * prospective blame * FSX experimental repository back-end * many enhangements and bug fixes - subversion-devel now ships pkgconfig files - dependency changes: * serf 1.3.4 * apr, apr-utl 1.3.x * httpd 2.2.x * java 1.6 * Python 2.7 - To continue to allow building against blacklisted httpd 2.4.6 which has the required patches in openSUSE:13.1:Update, update subversion-1.8.9-allow-httpd-2.4.6.patch to subversion-1.9.0-allow-httpd-2.4.6.patch - removed upstreamed patches: * subversion-1.8.10-fix-bashisms.patch * subversion-1.8.11-swig-py-comment.patch * subversion-1.8.11-swig-py-comment-2.patch - adjust subversion-no-build-date.patch - drop subversion-1.8.14-unused-var-authnrequired.patch- Pass --enable-broken-httpd-auth to configure. Assumes all apache2 packages contain security patches regardless of their version number. Should fix the build on SLES12 and perhaps elsewhere.- fix mod_authz_svn build with -Wunused-variable * subversion-1.8.14-unused-var-authnrequired.patch- Apache Subversion 1.8.14 This release fixes two vulnerabilities: * mod_authz_svn: do not leak information in mixed anonymous/authenticated httpd (dav) configurations (CVE-2015-3184) bnc#939514 * do not leak paths that were hidden by path-based authz (CVE-2015-3187) bnc#939517 Non-security fixes: * document svn:autoprops * fix 'svn cp ^/A/D/H@1 ^/A' to properly create A * improve conflict prompts for binary files * improve performance of 'ls -v' * improved Sqlite 3.8.9 query performance * fixed issue #4580: 'svn -v st' on file externals reports "?" for user/rev * mod_dav_svn: do not ignore skel parsing errors * detect invalid svndiff data earlier * prevent possible repository corruption on power/disk failures * fixed issue #4577: Read error with some repository nodes * fixed issue #4531: server-side copy (over dav) is slow * swig-pl: fix some stack memory problems - Refreshed patch subversion-no-build-date.patch - Remove obsoleted patch subversion-1.8.13-fix-sqlite-3.8.9-tests.patch - Add patch subversion-1.8.14-httpd-version-number-detection.patch- disable failing check-swig-rb- fix tests with SQLite 3.8.9, adding subversion-1.8.13-fix-sqlite-3.8.9-tests.patch- Apply sec fixes for bnc#923793 bnc#923794 bnc#923795; CVE-2015-0202 CVE-2015-0248 CVE-2015-0251: * subversion-bnc923793.patch * subversion-bnc923794.patch * subversion-bnc923795.patch- Apache Subversion 1.8.13 This release fixes three vulerabilities: * Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793 CVE-2015-0202) * Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794 CVE-2015-0248) * Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795 CVE-2015-0251) - Non-security updates: * fixes number of client and server side non-security bugs * improved working copy performanc * reduction of resource use * stability improvements * usability improvements - 1.8.12 was not released- Improve installation of secure password storage plugins for KWallet and GNOME Keyring - Recommend installation of bash completion- Fix running all regression tests with davautocheck.sh and svnserveautocheck.sh when time is a shell built-in but not a command: add subversion-1.8.11-autocheck-time.patch- fix sample configuration comments in subversion.conf [boo#916286]- SLE 11 SP3 build with all regression tests - run swig-py tests where they pass- fix build with swig 3.0.3 and later: * upstream subversion-1.8.11-swig-py-comment.patch * upstream subversion-1.8.11-swig-py-comment-2.patch * partial subversion-1.8.11-swig-py-comment-3.patch There remains a regression in swig 3.0.3 and later which causes check-swig-py to fail - disable these checks.- fix sysconfig file generation (bnc#911620)- Sec update bnc#909935 CVE-2014-3580, CVE-2014-8108 * subversion-CVE-2014-3580.patch * subversion-CVE-2014-8108.patch- Apache Subversion 1.8.11 - This release addresses two security issues: [boo#909935] * CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. * CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names. - Client-side bugfixes: * checkout/update: fix file externals failing to follow history and subsequently silently failing * patch: don't skip targets in valid --git difs * diff: make property output in diffs stable * diff: fix diff of local copied directory with props * diff: fix changelist filter for repos-WC and WC-WC * remove broken conflict resolver menu options that always error out * improve gpg-agent support * fix crash in eclipse IDE with GNOME Keyring * fix externals shadowing a versioned directory * fix problems working on unix file systems that don't support permissions * upgrade: keep external registrations * cleanup: iprove performance of recorded timestamp fixups * translation updates for German - Server-side bugfixes: * disable revprop caching feature due to cache invalidation problems * skip generating uniquifiers if rep-sharing is not supported * mod_dav_svn: reject requests with missing repository paths * mod_dav_svn: reject requests with invalid virtual transaction names * mod_dav_svn: avoid unneeded memory growth in resource walking- fix bashisms in mailer-init.sh script - add patches: * subversion-1.8.10-fix-bashisms.patch- Add a versioned runtime requirement for sqlite and pass it to configure via --enable-sqlite-compatibility-version to allow running with sqlite older than at build time but compatible. - make build with KDE / WKallet optional to fix build with SLE 12s390zp38 17339170761.14.1-150400.5.3.11.14.1-150400.5.3.11.14.1-150400.5.3.1conf.dsubversion.confapache2mod_authz_svn.somod_dav_svn.somod_dontdothat.so/etc/apache2//etc/apache2/conf.d//usr/lib64//usr/lib64/apache2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:36774/SUSE_SLE-15-SP4_Update/c4059129d5ea0208de84258d01be9f8d-subversion.SUSE_SLE-15-SP4_Updatedrpmxz5s390x-suse-linuxdirectoryASCII textELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=2fc10922da463a95bcc1181bdddbb8098ec1c6a7, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=f56419274809bebaa3b64e63d22eb52e78e3d914, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=1305dde7326b1a5e255fa6ae7335baa2617e134b, stripped  RRRR R RRR RRRRR R R R RRR RRRR RRR R\SX B^Butf-8b92d06ff7524b2de8ad22f73dcedd392eec93f7bff74bbcf5bc04c761e79f872? 7zXZ !t/lPL]"k%KfdVŨ;q(m-V{ISxHM%ܢ-\bqMi&aa{e~T "Be| l)z<Dž|dxd1zR^  ߤH/ȑI[6QK3@E#4}T:s*gz|DZlN@$-Iؚ,8 1NݜøxqRj; -񢏶2Jd6c譀(1'e:D~aF9}݀L≚`Ҏ'SL>n*})#.!IIE*wvՌv#ha݉s S\/FtodgKñ5BP+\CB>\ ΕAp3yT+rEu 37>Ue'x#517Τ^~/o%1r.]yLθ<gt=uߞF^ɦm'h4'R[M RͥB@{8[@. F2Y9pBiJc@Me-SyX8LG>ԑ\;tXSˊU"$%UP,3%A#r? AF-4r./IClhb= y:&n>x5S٩eRnD2y.<`4$Mq;ʾ%T;.4oSҨ@p=}KOhyʜs!y'ʂXC W%$Wzwz5me, %&׏UbM׎X? BZ{}^ o-+&\E_$KK"QuH b%?У-.gw^ưc -Vה]$0˽lBjRuigr*45B/t1Fv?uەb^/z?ier] 7x|[ _,vierOUC2RW1%:#يͺK8a[Y}atWd4gOdvt[@\lfդ`D5(]&iOI;}'BЦ\-MBT`{#Z8Ya"U Vb79\2?6VMiP]y=+@@ίV aM_971e=XI2:YjFU|4]V Me8h'e fﬖQ$8 D FOQ;?JC&8RQO{N[.a:-8\ 0&x`x{au!bZq%.ᣮҼLLѿwB3^ک^g0R٠'!|rA+|[$\،!R5X yukV;Zh\4EFCT3kݲĔJO|@dm EL% j[R7=č3csf,5黻9/j4֙ 6?Pٴ;E~sGc%Nk1OƜm I)Y9 Y%("Ć޹w:p`\>ca}VM_k+Z:]"`xR&kWN_"a ^uV:S ft8?ϝ{ZQc9} ^fAԴm.I+l̓wbTJuuTB662k1'cTMl8#P= []bGyɭgW'CVi޶6Sbb.V<8~ hً뽖N D2ccEѥ 킻J& 86E>|END)0eh)̊a;OCU?B5jQ%bu9}N7Q\wP{sZuyI'Y`% '@>sKFKqt>NUsnkz 'E'Ze_UCh ga!Ȳ  dVbxR} 5/A ;vLz_Fү@@hY B Fc\8k^ej4mڀJ卷!;&$:Il?#76Þn-o(P^!݋e݉'GJ๭V}l릭ת"c@pbe)e[HsQkIn1RNE3:T:H]-Ǘ YL7E2E^j7q 7ޭvRcrԍ*GY R+ٕEџN|ԤREVj9DlB͹c첥{a&li;1**{r]6ɞU!KBߵ%/$"/i:W>4m+Gթ"ZK-֦KUJvUhgr>buNDsQtpvq@A^9_QL KBm4TGT2mU1'[GҲ&D;&>cd5YMbK"{3z%FG>%q~.5@Z-$e2l%ʭh[/﹛ 0ys=8Cz N: 7+G;=(*nftӉ5,f_|JI&` yC4 oa j,{ 8m9Kۥ|tⒷ]&~*aPk\ׁ1zO1.0$ZfKajU!*݅ǭ4C6n TDrYr7Ag;( Ʒs+ΣƸyY#7pX68ªZZWAFGJ?^{eF<鑻J|pRz[?`1O@p:+JXMV}.tV.Tf60ؠ_Gm/pZ=x@7Ӏw!`ˡ蝻v>@{M+D |1<2L <3r4<ЀuJҢ)&e{O|Hf`4~ŁOwq~EVAoJI=V'&4:iGc]Y2%"1SR7 L@vA; 9₴t m! mHmG ɇiOI6n.ތCS*)2Dr "Y JEebA!A4ՂVkbZJH va-5zJvلՎrPY$ʤo_\ZUqv}Ccy?O!Xտͳ[fvfOxW,eRmhbiݕCQ%m ڬ fbs;a{*{FĹX9lÞ;g /JbnM>>lg\O h?K ~qٍ{|خN{ GF,)gR|8.eږ +>eeV9=0)tlSwO4-]Gyܲs%)qZD~g#ML=0ieFwYD.]S:!cJL"ۍ.5v Fti%U` &]AbRiwCh+V&~*Wqm8(f}WeՑRĥ?Yg;16ĀŽ*G~Qf_(T sm_y: 4Q)\S'{a-/|Ƅ($R !Xa 'e@qwTHs0T;V#p%RK JSa`R]6fx.R/8J+@9E2pho{n!JJ4 1Bb5bb-?1v>;y\5=~'(@p'.`aWk7s )û+O"7SGݳ9lWwtݪ߉ >QyWthIUmрsޕ_9q7.Zt ՅnIVeI OSr6#]$@ tZ9nRC =.ѦaϤq6?ȩ:sF:G="~:_ YT <ސԭ*!dnom.3#wVhpR3`smcFɾp¬Hۧ-8oRwHHx=\U>8][8:df0ZFfS{,FӐȁd҂ zޣU+uoro74 WC(o\ ØmrO 7O+U o'D 2^! *` 4e ڻc(jBu-Ɠ73i R3g8 ]_G sx6 ٗT*tzt|Ry[Cl0 ;lI`W+&&'}X<3%$]s+ٞ՜:Ǻ̄ ܽŮ$ 9{~5!LqbұR\26 y$^~ G-)0͝*(n> 97?OAh z`*YkFԆ[10Arϒ_TO[<~oipw>UioSlqNLGh*SFcB)3$l`1VqS^eut 'B([᧒dfzp%f֊tWfY=[z̥ÂPl8`G;F>%ZsP-C̼Dh!t7{Z9ɓ xZ8.YgIPE'dNKXÔzNնFu *+Bh~l<K_G8ͥ=:|)> _ -Ѕa:(b.zx.N2bX) UtIYxBk0nxY,Qm9 ek >B Q6%Q/{&tTjP'IHw ;J^.|meiz Gdu|ˈLZG#T 89 _Z~#tyqR'+-\@Ɠ[\gbU+BXyۀldEtEgJ4&=kF/c{R1X5V̔JegLi\8**HD-{͓ 5J2 $#տ=#tlb3so$"hJhzcS8PI2I=k:ժ+1=BJ<ʈ2,Oj3{JcJ.b٣-Zf2[+Z2 X-tv])T8ݖ"5y*_yy~0 ˫Ml% iBEJo$|Z`QiذP-KgH!ؼP%/[I;k(Bi98dw*Ε< ?Ɩ7Uzn7K4nIդl4IllY:>F|Taa&k'omoj v\{6ԵڨԥD2P *0eۯW1΄GU[m '-KY:5;^/P'_nX/ʺ>-HX97jSK"8AN@! B*h'Q h J4u?{Rgz~v ={iڰ/{Z9 B!:ԓ؈UO}ރ ,ztZoq{&:'8Xvm"#%O|S6ޑؖADUe-j5(%OVnqI͜z+C%nL'1)lq0JN!rvNQ!Rܚa5 ve.!Rȍ8U*&ܻN˦JlO{^)i~.l%1~`倂L?6ʿ'*0'qX*.z*4VOSc _C\)9$8iJ/R/RgP!>y'eGE!|Ꚋ܃ݧ'邽GuLOݱPJ4W5"+6_~7˽=F~*,?O}(+UY@oo!XFNB:%蠽Ƒ;e{L^:JIǗEX<:Tv@/$y&|30Pa"d(Ke'B\ e%YAZ10{)JEYgQj,[xۄ umC*5)g=E]m\-f݆:p,xTo`$Df gaH2`6`8No37'ɡN>w:^Y%Jӭlyi8?/zIDL?;wĽÞf"I!j>#ٕ r1"W^ܢ?t!Xh6=8ykzXdڍ@FsDm5g8sxQ,[jYuFl?nG[apI&o5Lv=k{H-[a#ت+-0o0um[1 贾|Sw:Sk#mᷚ0i:V//ťs2D xShNG1e)ylm* $SnH䃦JK*I&cɩ>S¡4cbR gI}_5pzsC:䧦=MoWmAh;V= UL8!Tؗn]ɒ^*0vN"ѕ9?VgYvg碊׺fL4Q++Ŷ_l2%[p$W2qW ȢΎ$13fxvvCZ|}]! ʱBO gv($ǤE&,3S}mɇ76kYK}K f) 'QiY;O.$Ӑ|L幕sd}p>kߟ.3$DBIr228Fi+(4J?}"ucOd/©D0Hy%':lٴQ\9l{BOoDu[9JHB3P0כUJTiQ=^5㉣Wnd~3k >yMVc\L:Y+ 8wvNKL8$E7ț(Vt 9=j|Is1ݣV3J?ߋ=IyMFi7wo } |uZf숽Hx Ox Y}tX }?m&4leH 6hZ`Q=XG};v|EŤ%Cd獓hxsE:KUiuɎ%Qa]yd$}zP-q΄(Yg?1u)8Yzrg݋R/Y+l~`Ͷat.`*?91E:?M"tQJe$o-;Mj}.;P!?aLjb Q6Ocˤu6k 0L`+/dOJX~eiPIOn3YlMHUHt3@_PDhj]ab.ĀYWeRu'jc7%v!㬻S2jZَ@i4O4:W7:h+_j!FLD} +nBDfZk?l>ƫBa} DS҈_#|t#5x$Znei~֪6ZKt&6Vɗ@1YYImz &5&1yA+ta>(y>Y:CG5=Fe~]divhZ+n4 ;[VŦyU[jC=| {_G<|唾BA{YL1ƣuHL8-UXD^RiŒ&"4+>?,Q)^J'O~CBػjt0}|y F> SX,k2(VZ.zJSK>(Rj=V?P2]r) 5JTkgT*y̋i黑_| ެh_-?oi Qy F>?7S]ن)qMkg?R{_RAkZGIndK[eyNղNsn.+~pQ46,Bf'9/.o8q(3l[d}JaaŁh lKTg^HqS}|Lܣ;sMKCw@E98!1y31H\e|уI:`_[8/bY9HʕiEB l2Ǥa6<\ n[׋p:Hs`\I{L'fl "o1Y0`Y ]8͖r( -{5d[B5?Il?d:3Ȧ_;0kIzP|7pKj0nRY|0~)(_GhPJXқOX SGR;`J\h8p #(m4wt8?K=N4b~b*_i{VY1useXP9ocP\]GIKg9){I@H4Q-լ=X6 +}J%DAqڈ7>e$&+N먥P %}(1LEAG5m 'ɘ1T 7hw>_yg zl><ڞޢMv+ 0f86a'l1ʟvn^ZP%}+{Cu,~oPInGGLVj|򥑼ř’fxʃBwvhjXy*#$#9XcۭWK%G;,w%œ1T23dv-=U1v+@G>,/{%`[$/hB9߸޶@o+ yb8z[S6uog`GD."?%wvBЀeIPgr[hh >GrƟ"`E"t&7S"th$(E"C^cA^mIZ0cPEm^;zn=r'0+$R聸쩈y4>G5Wdj";75 skݧVz <8TUGOuKqh^/Hz ծi~seI}F ֋7llo[$3"2>5i&^m1d1 i51;jwa)f;CґUF?t4))aQMl-ㆺWn .{@sB Ą;~~T5S4Mp74_._=UEx$%1* @QP@ǰOR j/7,!.ymC,+Z*(>9l5(z8 6S{sé #\G5APT;Qf|%5@v%xA4*YX5xBY#D Ch׿ے,2GJPdڀzh 8n.xeҀ~e;'FGM#bv"8֐p9Y2uߓۚ6SѬ7:&S, AcRUxv`Jm jUkDrB0eو8:Yd`_3)f$6y2 ?Of S  X&qĚ< pu ?u.!=qjȫ!b`jΡ>/ӇT we_$c(#! `TvNIDf,pj;G"W`JI B:mo:N7MW|7(ӸH_½[|~J ]).3_4Bz-^\Mtaltti'WU]ϸ@^ 1y=#fY˸ia7OC`퀺-:vbK{!hN>Xa{&s&d푎4tH,^ =z Gy;>M#C 7,G@}he&`gW-ǿY4R&v#)}LJёK?Eh~.^dl YhJ6f2 {@U KwOp2RdO!qp&/@~!n֌3[C"]fI_9Qu.x_eף@hU|za1g9gΏ?(Hbzt% rl)_x6'RةSd1m!%yU`u r`;]E;ջ, `cZsV$D*NwrK@^Z2w2p2}5VLIUd2CbqO8s+y*x;ْ}t^9 {tp !Ў$2y\*a5|GV, q/h¡+{{+/ykrMUژ\0%xs+Xr,l9Ev'ROQr9 b3~~8DI"RjpDQJCZ#sUDf q+ )-5tiR+⺈94hnt>D> $%s *禀]B(Et.'mg}jJ1Q_ӣѫg9qqU|wA(0$=cM#e=_haX#<ȌK#N(\ގvNk!˲Qrs %rNmRs H²ɴbNk*nBmyF|{l> _!QZkQ^:,)O?gE܃濼@ja_δ]\wDg8F) ;eb9 g,!"Q!7w&bHB>uM[29T=a#Q$(ka3iH|YkCYO^ONCTݗoH=u5}둋D.c\sV[[ר_ՃZ/}l+H ipŃR-(&ڏa+҃= @x|=|Xx!($kz%j!xkuWL<@羙i>$&ԙa6 zTawgp%T3%Jɕ{uȁ 9{ťq$ h;^bُjxSAl8c+|[BgdzT&K=v}d31C[qϳE6M `!8W;Vx޶q6^psfG>=~f}MQ0a$ -O]ݧB L%TGCa~{8c e@_G?f:Z4~DH[$&^v")z9RlJ)3yv~7Dy(ȥ/ȱ@YDˀ#*bc.^UЀ+3GkKAP_=zDDjC?4r2Ol;ֿ.eX;~< c8Q5ZIAZC^ bN͝&%jaꟲo̴%\P0+wp4)(?h 6^I q|^@\BєbttO9QTٱ\!lllG`cOp]_8kSp]>N"v)*t/ގQh(jmoqD 0PaB)pӇzJ'Q^0` m8mʳ!SYXkLy7*Omw&Q o.W "$ wѿmvڨ <"m,G7("$JRlܞǜ]n{lT^g9w'lYre$[r;Ȫezer oS|LUMpx ú>/uxfR#:\9X7@3%1O;1{n#'^ g2dWqB!ͦMrWMۆD] O i.T0y|V*HQos2t?9J}X$dN-pa%7W#D#+}g?J-s->GU.V*e=ie .%eeZ|sĦf+wa}~G\+}GGŦH2Mu<9e^P7Rdb˫ 6 @"h+,K 2ibKξRuExʀTtRcMwݡ̂xAL!&?lwĺq 1Z֜h* %j<2'WMUs+ A*Q?}1VqWtʔoh: $ժH jʮM1bz~T("3t;dwⰓ2Ii)R\ֱYR]ɍYX3}kZ`NMEK+UwܟW*~)_ dKR0[Hg`(~#N3HU>s 2XȢ=C_"/_ &OTv 9 :lb8+=y9)JzL4Ѳ'+{#=?q,l_FhFN\a7x6. RDNo,V^'M eydܓP5!2XP#&K}!R(6}G ƥwyœ LЦ ƛ[S`^^,>?x@Gc32Y ~Ě-<y>r%_G2Sʱ9|/}cߠBljp1ҵ%CܺrL#bWS%LtZzW7 ꚗ5 ]QVZshNuɹτF#UEFCmMb6y٨:_j7Oj.]$ӂԯB\y *nACiX DG*_!R.p9x$ІjndbX z(U q8XAo;wtElzwx]==(^cf 3ZajPY΋myV]X [_(v颓3"Yİٿ%Ur,z_(FDı@}K]E QЄڸ9Ffx'|aTNoD@00šakb!ۤYmWa΄4h># G+S%J]y0$v-Eř`Il ˨~/12hEӠ'q|~4@4Z̗͹sW׉hLck\0^pMGc?Y %֢M O/~i\b[H gxy]:61Ωwo̠ [3OcF+Fm_Rg/.& j Df6 Q]fp ώK 0S\_ ¹hw5y8@7 ٚ`hwŝ>2]r9fB,$hg~0{A##*ߢ/hYK* LCLBUp Cgp7ӆ0'o+0s { S H qDsƿ̠ш~ZBv#̻~OsmIXle62ӵs!)m]("4Z5g1|YL( 8DeB3&7<< \O |ZZej: YZWCAD1ڞT紋&.̈́SýAJ~PwF3h.~+D5e4o\ tm᭬JKOЊ=g~̚p~¯28j迧qEt.EbiA f޴jՍy2%M'9+̛.c ar,eWD G6\]CN[RSa?`|pR2xvW^ gQQş컃%d^h*9eOxM<O(n:8N ݊@%j$o߇#9o &Gl@8G=`bR-@f \ū_ˉ 8&YHZPo=h$$4 ҄WaK(-\pCD^>USR3M 2܉ZyWok@'+$ ]V3xL.{ LE BQa7SӘn YZ