Fedora 25: subversion Security Update 2017-c629f16f6c
Summary
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.
Update Information:
This update includes the latest stable release of _Apache Subversion_, version **1.9.5**. #### Client-side bugfixes: * fix accessing non-existent paths during reintegrate merge * fix handling of newly secured subdirectories in working copy * info: remove trailing whitespace in --show-item=revision ([issue 4660]()) * fix recording wrong revisions for tree conflicts * gpg-agent: improve discovery of gpg-agent sockets * gpg-agent: fix file descriptor leak * resolve: fix --accept=mine- full for binary files ([issue 4647]()) * merge: fix possible crash ([issue 4652]()) * resolve: fix possible crash * fix potential crash in Win32 crash reporter #### Server-side bugfixes: * fsfs: fix "offset too large" error during pack ([issue 4657]()) * svnserve: enable hook script environments * fsfs: fix possible data reconstruction error ([issue 4658]()) * fix source of spurious 'incoming edit' tree conflicts * fsfs: improve caching for large directories * fsfs: fix crash when encountering all-zero checksums * fsfs: fix potential source of repository corruptions * mod_dav_svn: fix excessive memory usage with mod_headers/mod_deflate ([issue 3084]()) * mod_dav_svn: reduce memory usage during GET requests * fsfs: fix unexpected "database is locked" errors * fsfs: fix opening old repositories without db/format files #### Client-side and server-side bugfixes: * fix possible crash when reading invalid configuration files #### Bindings bugfixes: * swig-pl: do not corrupt "{DATE}" revision variable * javahl: fix temporary accepting SSL server certificates * swig-pl: fix possible stack corruption
Change Log
References
[ 1 ] Bug #1397403 - CVE-2016-8734 subversion: unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// https://bugzilla.redhat.com/show_bug.cgi?id=1397403
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade subversion' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html