Update to Subversion 1.6.13, plus some minor housekeeping in the MESSAGE files for the ap2- subpackage.
Release announcement: http://mail-archives.apache.org/mod_mbox/subversion-users/201010.mbox/%3caanlkti=ljo4xy-_xxm=qnmpky5ezx+9rl6iwn2dem...@mail.gmail.com%3e Note that this release contains a security fix (CVE-2010-3315). http://subversion.apache.org/security/CVE-2010-3315-advisory.txt Subversion servers up to 1.6.12 (inclusive) making use of the "SVNPathAuthz short_circuit" mod_dav_svn configuration setting have a bug which may allow users to write and/or read portions of the repository to which they are not intended to have access. List of changes from upstream: Version 1.6.13 (01 Oct 2010, from /branches/1.6.x) http://svn.apache.org/repos/asf/subversion/tags/1.6.13 User-visible changes: * don't drop properties during foreign-repo merges (issue #3623) * improve auto-props failure error message (r961970) * improve error message for 403 status with ra_neon (r876615) * don't allow 'merge --reintegrate' for 2-url merges (r959004) * improve handling of missing fsfs.conf during hotcopy (r980811, -1449) * escape unsafe characters in a URL during export (issue #3683) * don't leak stale locks in FSFS (r959760) * better detect broken working copies during update over ra_neon (r979045) * fsfs: make rev files read-only (r981921) * properly canonicalize a URL (r984928, -31) * fix wc corruption with 'commit --depth=empty' (issue #3700) * permissions fixes when doing reintegrate merges (related to issue #3242) * fix mergeinfo miscalculation during 2-url merges (issue #3648) * fix error transmission problems in svnserve (r997457, -66) * fixed: record-only merges create self-referential mergeinfo (issue #3646) * fixed: 'SVNPathAuthz short_circuit' unsolicited read access (issue #3695) * make 'svnmucc propset' handle existing and non-existing URLs (r1000607) * add new 'propsetf' subcommand to svnmucc (r1000612) * warn about copied dirs during 'svn ci' with limited depth (r1002094) Developer-visible changes: * make ruby bindings compatible with Ruby 1.9 (r957507) * use the repos verify API in JavaHL (r948916) * teach ra_serf to parse md5 checksums with update editors (r979429) * let ra_serf work with current serf releases (r879757, r880320, r943796) ok? Index: Makefile =================================================================== RCS file: /cvs/ports/devel/subversion/Makefile,v retrieving revision 1.76 diff -u -p -r1.76 Makefile --- Makefile 23 Sep 2010 22:12:10 -0000 1.76 +++ Makefile 3 Oct 2010 12:21:09 -0000 @@ -6,22 +6,17 @@ COMMENT-python= python interface to sub COMMENT-ruby= ruby interface to subversion COMMENT-ap2= apache2 subversion modules -VERSION= 1.6.12 +VERSION= 1.6.13 DISTNAME= subversion-${VERSION} PKGNAME-main= ${DISTNAME} -REVISION-main= 1 FULLPKGNAME-perl= p5-SVN-${VERSION} -REVISION-perl= 0 FULLPKGPATH-perl= devel/subversion,-perl FULLPKGNAME-python= py-subversion-${VERSION} FULLPKGPATH-python= devel/subversion,-python -REVISION-python= 0 FULLPKGNAME-ruby= ruby-subversion-${VERSION} FULLPKGPATH-ruby= devel/subversion,-ruby -REVISION-ruby= 2 FULLPKGNAME-ap2= ap2-subversion-${VERSION} FULLPKGPATH-ap2= devel/subversion,-ap2 -REVISION-ap2= 0 SO_VERSION= 1.2 SVN_LIBS= svn_client-1 svn_delta-1 svn_diff-1 svn_fs-1 \ Index: distinfo =================================================================== RCS file: /cvs/ports/devel/subversion/distinfo,v retrieving revision 1.24 diff -u -p -r1.24 distinfo --- distinfo 29 Jun 2010 14:26:08 -0000 1.24 +++ distinfo 30 Sep 2010 19:42:27 -0000 @@ -1,5 +1,5 @@ -MD5 (subversion-1.6.12.tar.bz2) = pLHQ1/OkWHxZ2pwaz53t0A== -RMD160 (subversion-1.6.12.tar.bz2) = z2pVFWqBd4cemiXcYMGFq15eRPI= -SHA1 (subversion-1.6.12.tar.bz2) = tK58dau72t6LLJEiyn4uJsZGioI= -SHA256 (subversion-1.6.12.tar.bz2) = jr8X+xc/+cSCpy3qr3VsPKWVyZ2hX8jx+PQxBgkoTI8= -SIZE (subversion-1.6.12.tar.bz2) = 5476628 +MD5 (subversion-1.6.13.tar.bz2) = euHIJ2ifIc+XWAQAW+MK6w== +RMD160 (subversion-1.6.13.tar.bz2) = GiEifaEY7v1wXXII2P/3H2+QA1s= +SHA1 (subversion-1.6.13.tar.bz2) = GF79Epw8SwTxVE1iu5o/zQ9Yuik= +SHA256 (subversion-1.6.13.tar.bz2) = OjAye9sEEJ82lYYZbuSmmTzass+oXDE0VJ8Cwim/DRU= +SIZE (subversion-1.6.13.tar.bz2) = 5513370 Index: pkg/MESSAGE-ap2 =================================================================== RCS file: /cvs/ports/devel/subversion/pkg/MESSAGE-ap2,v retrieving revision 1.1 diff -u -p -r1.1 MESSAGE-ap2 --- pkg/MESSAGE-ap2 3 Nov 2008 21:33:56 -0000 1.1 +++ pkg/MESSAGE-ap2 30 Sep 2010 19:57:12 -0000 @@ -1,5 +1,5 @@ To finish the install of ap2-subversion, you need -to enable the modules by adding the following line +to enable the modules by adding the following lines to your ${SYSCONFDIR}/apache2/httpd2.conf file: LoadModule dav_svn_module ${PREFIX}/lib/apache2/mod_dav_svn.so Index: pkg/UNMESSAGE-ap2 =================================================================== RCS file: /cvs/ports/devel/subversion/pkg/UNMESSAGE-ap2,v retrieving revision 1.1 diff -u -p -r1.1 UNMESSAGE-ap2 --- pkg/UNMESSAGE-ap2 3 Nov 2008 21:33:56 -0000 1.1 +++ pkg/UNMESSAGE-ap2 3 Oct 2010 12:21:25 -0000 @@ -4,6 +4,3 @@ need to perform these steps as root: edit ${SYSCONFDIR}/apache2/httpd2.conf remove the lines: LoadModule dav_svn_module LoadModule authz_svn_module - -Do not do this if you plan on re-installing the ap2-subversion -package at some future time.
