Fedora 33: 2021-a3a0273cb2 Critical: Subversion DoS Issue

Subversion is a concurrent version control system which enables one

or more users to collaborate in developing and maintaining a

hierarchy of files and directories while keeping a history of all

changes. Subversion only stores the differences between versions,

instead of every complete file. Subversion is intended to be a

compelling replacement for CVS.

This update includes the latest stable release of _Apache Subversion_, version

**1.14.1**. This release includes the fix for `CVE-2020-17525`, a remote

unauthenticated denial-of-service in Subversion mod_authz_svn. The full

upstream security advisory for `CVE-2020-17525` is available at:

https://subversion.apache.org/security/CVE-2020-17525-advisory.txt ### User-visible changes: #### Client-side improvements and bugfixes: * Fix non-deterministic generation of mergeinfo (issue

[SVN-4862](https://issues.apache.org/jira/browse/SVN-4862)) * Fix merge removing

a folder with non-inheritable mergeinfo (issue

[SVN-4859](https://issues.apache.org/jira/browse/SVN-4859)) * Do not suggest

--help -v for commands which do not support -v * Fix invalid SQL quoting in

working copy upgrade system * Fix problems in human-readable file size

formatting * Improve an error message from svnmucc * Fix 'svn info --xml'

gives wrong 'source-right' of conflict (issue

[SVN-4869](https://issues.apache.org/jira/browse/SVN-4869)) * Convert filename

for editor from UTF-8 to the locale's encoding #### Server-side improvements

and bugfixes: * Fix authz doesn't combine global and repository rules (issue

[SVN-4762](https://issues.apache.org/jira/browse/SVN-4762)) * Make the hot-backup.py script work with Python 3 * Fix an uninitialized read in FSFS * Make

mailer.py work properly with Python 3 * Fix a potential NULL dereference in the

config file parser

* Wed Feb 10 2021 Joe Orton - 1.14.1-1

- update to 1.14.1 (#1927265, #1768698)

* Wed Jan 27 2021 Fedora Release Engineering - 1.14.0-12

- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Wed Jan 6 2021 Mamoru TASAKA - 1.14.0-11

- F-34: rebuild against ruby 3.0

* Fri Dec 11 2020 Joe Orton - 1.14.0-10

- strip libdir from pkgconfig files

- add missing -libs dep from python3-subversion

* Thu Dec 3 2020 Joe Orton - 1.14.0-9

- fix KWallet conditional (#1902598)

* Mon Nov 30 2020 Jan Grulich - 1.14.0-8

- Disable KWallet for RHEL and ELN

Resolves: bz#1902598

* Tue Sep 29 2020 Joe Orton - 1.14.0-7

- bump required apr-devel

- BR gcc, gcc-c++

[ 1 ] Bug #1768698 - hot-backup.py is no longer working

https://bugzilla.redhat.com/show_bug.cgi?id=1768698

[ 2 ] Bug #1927265 - subversion-1.14.1 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1927265

[ 3 ] Bug #1927472 - CVE-2020-17525 subversion: Remote unauthenticated denial-of-service in mod_authz_svn [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1927472

su -c 'dnf upgrade --advisory FEDORA-2021-a3a0273cb2' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure