Hello community, here is the log from the commit of package subversion.1555 for openSUSE:12.3:Update checked in at 2013-04-16 10:26:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/subversion.1555 (Old) and /work/SRC/openSUSE:12.3:Update/.subversion.1555.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "subversion.1555", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-04-05 00:01:41.916011506 +0200 +++ /work/SRC/openSUSE:12.3:Update/.subversion.1555.new/subversion.changes 2013-04-16 10:26:49.000000000 +0200 @@ -0,0 +1,3011 @@ +------------------------------------------------------------------- +Sun Apr 7 20:50:38 UTC 2013 - andreas.stie...@gmx.de + +- update to 1.7.9 [bnc#813913], addressing remotely triggerable + vulnerabilities in mod_dav_svn which may result in denial of service: + + CVE-2013-1845: mod_dav_svn excessive memory usage from property changes + + CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs + + CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs + + CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs + + CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT +- further changes: + + Client-side bugfixes: + * improved error messages about svn:date and svn:author props. + * fix local_relpath assertion + * fix memory leak in `svn log` over svn:// + * fix incorrect authz failure when using neon http library + * fix segfault when using kwallet + + Server-side bugfixes: + * svnserve will log the replayed rev not the low-water rev. + * mod_dav_svn will omit some property values for activity urls + * fix an assertion in mod_dav_svn when acting as a proxy on / + * improve memory usage when committing properties in mod_dav_svn + * fix svnrdump to load dump files with non-LF line endings + * fix assertion when rep-cache is inaccessible + * improved logic in mod_dav_svn's implementation of lock. + * avoid executing unnecessary code in log with limit +- Developer-visible changes: + + General: + * fix an assertion in dav_svn_get_repos_path() on Windows + * fix get-deps.sh to correctly download zlib + * doxygen docs will now ignore prefixes when producing the index + * fix get-deps.sh on freebsd + + Bindings: + * javahl status api now respects the ignoreExternals boolean +- refresh subversion-no-build-date.patch for upstream source changes + +------------------------------------------------------------------- +Mon Dec 17 00:00:00 UTC 2012 - andreas.stie...@gmx.de + +- update to 1.7.8 [bnc#794676] + + Client- and server-side bugfixes: + * Fix typos in pt_BR, es and zh_TW translations + + Client-side bugfixes: + * add missing attributes to "svn log -v --xml" output + * fix svn patch ignoring hunks after no trailing newline + * fix hang with ra_serf during error processing + * ignore file externals with mergeinfo when merging + * fix SEGV with "svnmucc cp rev arg" during argv processing + * fix conflict handling on symlinks + + Server-side bugfixes: + * properly detect threading availability + * fix "svnadmin load --bypass-prop-validation" + * fix parsing of [groupsfoo] sections in authz file + * add Vary: header to GET responses to improve cacheability + * fix fs_fs to cleanup after failed rep transmission + * fix mod_dav_svn to complain about revisions > HEAD + + Developer-visible changes: + * fix incorrect status returned by 1.6 API + * fix compilation with g++ 4.7 +- drop subversion-1.7.5-libsvn_auth_kwallet-r1345740.patch + as it was merged upstream +- update annotation of subversion-1.7.4-ruby-1.9-RbConfig.patch +- remove excess logging from optional regression tests to reduce + spurious build failures in OBS due to size of log +- remove commands trailing "make check" which masked build failures +- add subversion-1.7.8-TestHarness_run_py_test_exit_code.patch + to ensure "make check" fails when certain Python tests fail + +------------------------------------------------------------------- +Sat Dec 8 12:11:19 UTC 2012 - andreas.stie...@gmx.de + +- for package maintainers, add support to run regression tests + over ra_neon and ra_serf (http://) via Apache / mod_dav_svn + when built --with=regression_tests + +------------------------------------------------------------------- +Sat Oct 6 10:44:48 UTC 2012 - andreas.stie...@gmx.de + +- update to upstream 1.7.7: + User-visible changes: + - Client- and server-side bugfixes: + * fix memory read bug + * update Chinese translation + + - Client-side bugfixes: + * fix issues with applying Git patch files + * fix status does not descend into dir externals after upgrade + * fix file externals don't update with old mod_dav_svn + * fix external diff tool duplicates Index: lines with 'svn diff' + * fix GNOME keyring library fails with very old glib + * fix unknown password stores in config file cause error + * fix assertions in ra_serf running against server root + * fix ra_serf checkout/export aborts early on Windows + + - Server-side bugfixes: + * fix an assert with SVNAutoVersioning in mod_dav_svn + * fix unbounded memory use with SVNPathAuthz short_circuit + * fix svndumpfilter exclude --targets requires leading slash + * fix connection ttl for memcache should be 50 seconds + * stabilize order of paths in dumpfiles with APR 1.4.6 + + Developer-visible changes: + - General: + * print "All tests successful" at the end of 'make check' + * fix sandbox violation in a test + * fix tests fail when running within a format 30 WC + * fix return value of svn_client_update4() incorrect + * fix make check summary missing test failures + * fix build does not fail when apache httpd is not available + + - Bindings: + * fix swig-pl build fails with swig 2.0.7 and newer. + * fix swig-py runtime problems with swig 2.0.5 and newer + +- refresh subversion-1.7.4-ruby-1.9-RbConfig.patch +- refresh subversion-1.7.5-libsvn_auth_kwallet-r1345740.patch + +------------------------------------------------------------------- +Wed Aug 15 00:00:00 UTC 2012 - andreas.stie...@gmx.de + +- update to upstream 1.7.6: + + User-visible changes: + - Client-side bugfixes: + * Fix "svn status -u --depth empty FILE" + * Fix example output of 'svn help status' + * svn propset of svn:eol-style might not notice related text changes + * sort output of 'svn propget -R' + * sort output of 'svn proplist' + * sort output of 'svn status' + * avoid a filestat per working copy find operation + * optimize 'svn upgrade' performance on large working copies + * allow 'file:///C:\repos' style arguments on Windows, like 1.6 + * fix ra_serf against Subversion 1.2 servers + * fix 'svn upgrade' on working copies with certain tree conflicts + * avoid workqueue references to system temp dir + * allow non-existant canonical paths + * fix 'svn revert --depth files' to operate on files + * fix ra_serf XML namespace handling against malicious server + * fix relocate with server-relative externals + * change two asserts into errors for TortoiseSVN + * don't attempt to anchor an operation outside a wc root + + - Server-side bugfixes: + * partial sync drops properties when converting to adds + * replaying a copy and delete of an unreadable child fails + * allow svnlook to operate on r0 + * make FSFS revision files independent of APR hash order + + - Other tool improvements and bugfixes: + * move mod_dontdothat to install-tools + + Developer-visible changes: + - General: + * fix running tests against httpd 2.4 + * use constant struct initialisers for C89 compatibility + + - Bindings: + * JavaHL: Don't assert on some invalid input + * JavaHL: Add missing new in 1.7 notifications + +- refresh subversion-no-build-date.patch + +------------------------------------------------------------------- +Tue Jun 12 20:02:22 UTC 2012 - andreas.stie...@gmx.de + +- make build against neon optional, default on, like serf + +------------------------------------------------------------------- +Thu Jun 7 17:08:01 UTC 2012 - andreas.stie...@gmx.de + +- add subversion-1.7.5-libsvn_auth_kwallet-r1345740.patch from trunk + to fix build with gcc 4.7 +- move checks for schemes handled by ra modules into %check section +- do not run regression tests by default: + * too many failed builds + * doesn't include http tests +- only require iproute2 when running regression tests + +------------------------------------------------------------------- +Mon May 21 19:58:48 UTC 2012 - andreas.stie...@gmx.de + +- Allow unit tests to be run for Factory: --with=regression_tests + replacing the inline conditional + +------------------------------------------------------------------- +Thu May 17 00:00:00 UTC 2012 - andreas.stie...@gmx.de + +- update to upstream 1.7.5 + + User-visible changes: + - Client- and server-side bugfixes: + * http: report deleted-revision upon delete during update + + - Client-side bugfixes: + * avoid potential segfault when canonicalizing properties + * improve memory and file-handle management with externals (issue #4130) ++++ 2814 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.subversion.1555.new/subversion.changes New: ---- contrib-1187941.tar.bz2 sqlite-autoconf-3070603.tar.bz2 subversion-1.7.4-ruby-1.9-RbConfig.patch subversion-1.7.8-TestHarness_run_py_test_exit_code.patch subversion-1.7.9.tar.bz2 subversion-neon-systemproxy.patch subversion-no-build-date.patch subversion-swig-perl-install_vendor.patch subversion-tests-httpd-users subversion-tests-httpd.conf.tmpl subversion.README.SuSE subversion.changes subversion.conf subversion.libtool-pie-flags.patch subversion.libtool-verbose.patch subversion.perl.LD_RUN_PATH.patch subversion.rcsvnserve subversion.rpmlintrc subversion.spec subversion.svndiff.sh subversion.svngrep.sh subversion.sysconfig.svnserve subversion.sysconfig.svnserve.remoteaccess subversion.xinetd.svnserve svnmerge.py swig-1.3.36.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ subversion.spec ++++++ ++++ 884 lines (skipped) ++++++ subversion-1.7.4-ruby-1.9-RbConfig.patch ++++++ From: Andreas Stieger <andreas.stie...@gmx.de> Date: Sat, 12 May 2012 00:20:35 +0100 Subject: [PATCH] fix Ruby 1.9 deprecation warning for Config, use RbConfig References: http://mail-archives.apache.org/mod_mbox/subversion-dev/201205.mbox/%3C4FAD9EC3.1030207%40gmx.de%3E https://mail-archives.apache.org/mod_mbox/subversion-commits/201205.mbox/%3C20120512111900.C40DB2388860%40eris.apache.org%3E Upstream: merged Fixes warning/error in ruby 1.9 "Use RbConfig instead of obsolete and deprecated Config" $ svn log -r1337514 -v https://svn.apache.org/repos/asf/subversion/trunk/ ------------------------------------------------------------------------ r1337514 | astieger | 2012-05-12 12:19:00 +0100 (Sat, 12 May 2012) | 9 lines Changed paths: M /subversion/trunk/build/ac-macros/swig.m4 M /subversion/trunk/configure.ac fix Ruby 1.9 deprecation warning for Config, use RbConfig * configure.ac replace Config with RbConfig * build/ac-macros/swig.m4 replace Config with RbConfig Approved by: gstein --- build/ac-macros/swig.m4 | 2 +- configure.ac | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) Index: subversion-1.7.8/build/ac-macros/swig.m4 =================================================================== --- subversion-1.7.8.orig/build/ac-macros/swig.m4 2011-06-22 15:45:03.000000000 +0100 +++ subversion-1.7.8/build/ac-macros/swig.m4 2012-12-11 13:00:18.000000000 +0000 @@ -187,7 +187,7 @@ AC_DEFUN(SVN_FIND_SWIG, for var_name in arch archdir CC LDSHARED DLEXT LIBS LIBRUBYARG \ rubyhdrdir sitedir sitelibdir sitearchdir libdir do - rbconfig_tmp=`$rbconfig "print Config::CONFIG@<:@'$var_name'@:>@"` + rbconfig_tmp=`$rbconfig "print RbConfig::CONFIG@<:@'$var_name'@:>@"` eval "rbconfig_$var_name=\"$rbconfig_tmp\"" done Index: subversion-1.7.8/configure.ac =================================================================== --- subversion-1.7.8.orig/configure.ac 2012-10-02 18:18:00.000000000 +0100 +++ subversion-1.7.8/configure.ac 2012-12-11 13:00:18.000000000 +0000 @@ -1117,12 +1117,12 @@ if test "$RUBY" != "none"; then AC_PATH_PROGS(RDOC, rdoc rdoc1.8 rdoc18, none) fi AC_CACHE_CHECK([for Ruby major version], [svn_cv_ruby_major],[ - svn_cv_ruby_major="`$RUBY -rrbconfig -e 'print Config::CONFIG.fetch(%q(MAJOR))'`" + svn_cv_ruby_major="`$RUBY -rrbconfig -e 'print RbConfig::CONFIG.fetch(%q(MAJOR))'`" ]) RUBY_MAJOR="$svn_cv_ruby_major" AC_CACHE_CHECK([for Ruby minor version], [svn_cv_ruby_minor],[ - svn_cv_ruby_minor="`$RUBY -rrbconfig -e 'print Config::CONFIG.fetch(%q(MINOR))'`" + svn_cv_ruby_minor="`$RUBY -rrbconfig -e 'print RbConfig::CONFIG.fetch(%q(MINOR))'`" ]) RUBY_MINOR="$svn_cv_ruby_minor" ++++++ subversion-1.7.8-TestHarness_run_py_test_exit_code.patch ++++++ Date: Wed, 12 Dec 2012 20:01:11 +0000 From: Andreas Stieger <andreas.stie...@gmx.de> Subject: [PATCH] Prevent false negative results of "make check" in Python References: http://svn.apache.org/viewvc/subversion/trunk/build/run_tests.py?r1=1420904&r2=1420944&pathrev=1420944 Upstream: merged Patch changes the test harness to prevent some false negatives when running the test suite. Specifically, if a python test initialisation returns in such a way that the test runner doesn't know how to handle the result, change to code to return a non-zero exit code like and, subsequently, have "make check" fail correctly. Reproducible by using Python < 2.5 or missing sqlite3 Python bindings, exit triggered by subversion/tests/cmdline/svntest/__init__.py In the openSUSE obs, affects SLE 11 only, when building with unit tests. svn diff -c1420944 https://svn.apache.org/repos/asf/subversion/trunk --- build/run_tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: subversion-1.7.8/build/run_tests.py =================================================================== --- subversion-1.7.8.orig/build/run_tests.py 2012-09-29 05:02:11.000000000 +0100 +++ subversion-1.7.8/build/run_tests.py 2012-12-12 20:48:29.000000000 +0000 @@ -378,7 +378,7 @@ class TestHarness: ('.py', 'U', imp.PY_SOURCE)) except: print('Don\'t know what to do about ' + progbase) - raise + sys.exit(1) import svntest.main ++++++ subversion-neon-systemproxy.patch ++++++ Index: subversion/libsvn_ra_neon/session.c =================================================================== --- subversion/libsvn_ra_neon/session.c.orig 2011-12-21 17:36:12.000000000 +0000 +++ subversion/libsvn_ra_neon/session.c 2011-12-21 17:36:17.000000000 +0000 @@ -910,6 +910,17 @@ svn_ra_neon__open(svn_ra_session_t *sess } #endif } +#ifdef SVN_NEON_0_29 + else + { + /* If we do not have any proxy specified for this host and + we're running a new enough neon implementation, we use + neon's session proxy autodetection (via libproxy). */ + ne_session_system_proxy(sess, 0); + ne_session_system_proxy(sess2, 0); + } +#endif + if (!timeout) timeout = DEFAULT_HTTP_TIMEOUT; Index: build/ac-macros/neon.m4 =================================================================== --- build/ac-macros/neon.m4.orig 2011-12-21 17:36:12.000000000 +0000 +++ build/ac-macros/neon.m4 2011-12-21 17:38:02.000000000 +0000 @@ -100,6 +100,11 @@ AC_DEFUN(SVN_NEON_CONFIG, [Define to 1 if you have Neon 0.28 or later.]) fi + if test -n ["`echo "$NEON_VERSION" | $EGREP '^0\.(29|3[0-9])\.'`"] ; then + AC_DEFINE_UNQUOTED([SVN_NEON_0_29], [1], + [Define to 1 if you have Neon 0.29 or later.]) + fi + for svn_allowed_neon in $NEON_ALLOWED_LIST; do if test -n "`echo "$NEON_VERSION" | grep "^$svn_allowed_neon"`" || test "$svn_allowed_neon" = "any"; then ++++++ subversion-no-build-date.patch ++++++ From: Andreas Stieger <andreas.stie...@gmx.de> Date: 2013-04-07 21:09:15 +0100 Subject: remove build date and time from binary Upstream: never Prevent unneccessary rebuilds by removing date and time macros. --- subversion/libsvn_subr/opt.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) Index: subversion-1.7.9/subversion/libsvn_subr/opt.c =================================================================== --- subversion-1.7.9.orig/subversion/libsvn_subr/opt.c 2013-01-04 03:05:28.000000000 +0000 +++ subversion-1.7.9/subversion/libsvn_subr/opt.c 2013-04-07 21:09:14.000000000 +0100 @@ -1084,9 +1084,8 @@ svn_opt__print_version_info(const char * if (quiet) return svn_cmdline_printf(pool, "%s\n", SVN_VER_NUMBER); - SVN_ERR(svn_cmdline_printf(pool, _("%s, version %s\n" - " compiled %s, %s\n\n"), pgm_name, - SVN_VERSION, __DATE__, __TIME__)); + SVN_ERR(svn_cmdline_printf(pool, _("%s, version %s\n\n"), pgm_name, + SVN_VERSION)); SVN_ERR(svn_cmdline_fputs( _("Copyright (C) 2013 The Apache Software Foundation.\n" "This software consists of contributions made by many " ++++++ subversion-swig-perl-install_vendor.patch ++++++ Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: Makefile.in =================================================================== --- Makefile.in.orig 2011-12-21 17:32:20.000000000 +0000 +++ Makefile.in 2011-12-21 17:32:27.000000000 +0000 @@ -756,7 +756,7 @@ check-swig-pl: swig-pl swig-pl-lib cd $(SWIG_PL_DIR)/native; $(MAKE) test install-swig-pl: swig-pl install-swig-pl-lib - cd $(SWIG_PL_DIR)/native; $(MAKE) install + cd $(SWIG_PL_DIR)/native; $(MAKE) install_vendor EXTRACLEAN_SWIG_PL=rm -f $(SWIG_PL_SRC_DIR)/native/svn_*.c \ $(SWIG_PL_SRC_DIR)/native/core.c ++++++ subversion-tests-httpd-users ++++++ jrandom:xCGl35kV9oWCY jconstant:xCGl35kV9oWCY ++++++ subversion-tests-httpd.conf.tmpl ++++++ Listen 127.0.0.1:REPLACE_PORT ServerName tests.example.com ErrorLog ./error_log PidFile ./httpd.pid LoadModule auth_basic_module REPLACE_APACHE_LIBEXECDIR/mod_auth_basic.so LoadModule authn_file_module REPLACE_APACHE_LIBEXECDIR/mod_authn_file.so LoadModule alias_module REPLACE_APACHE_LIBEXECDIR/mod_alias.so LoadModule dav_module REPLACE_APACHE_LIBEXECDIR/mod_dav.so LoadModule dav_svn_module REPLACE_BUILDROOTREPLACE_APACHE_LIBEXECDIR/mod_dav_svn.so LoadModule authz_svn_module REPLACE_BUILDROOTREPLACE_APACHE_LIBEXECDIR/mod_authz_svn.so <Location /svn-test-work/repositories> DAV svn SVNParentPath REPLACE_BUILDDIR/subversion/tests/cmdline/svn-test-work/repositories AuthzSVNAccessFile REPLACE_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz AuthType Basic AuthName "Subversion Repository" AuthUserFile REPLACE_BUILDDIR/users Require valid-user </Location> <Location /svn-test-work/local_tmp/repos> DAV svn SVNPath REPLACE_BUILDDIR/subversion/tests/cmdline/svn-test-work/local_tmp/repos AuthzSVNAccessFile REPLACE_BUILDDIR/subversion/tests/cmdline/svn-test-work/authz AuthType Basic AuthName "Subversion Repository" AuthUserFile REPLACE_BUILDDIR/users Require valid-user </Location> RedirectMatch permanent ^/svn-test-work/repositories/REDIRECT-PERM-(.*)$ /svn-test-work/repositories/$1 RedirectMatch ^/svn-test-work/repositories/REDIRECT-TEMP-(.*)$ /svn-test-work/repositories/$1 ++++++ subversion.README.SuSE ++++++ Topics: 1. backup and restore your repository data 2. create svn user/group for svnserve 3. mini-howto for 2 projects 4. quickstart for mod_dontdothat ================================================================================ 1. backup and restore your repository data subversion repositories use either the Berkeley Database system libraries, or the FSFS database format which comes with the subversion package. Since the BDB system libraries often introduce a new incompatible format during version upgrade, a backup/restore of all the subversion repositories must be performed _BEFORE_ doing such a system upgrade. 'svnadmin dump' will write the repository to stdout in a 'dumpfile' format. This dumpfile can be loaded later with 'svnadmin load'. 2. create svn user/group for svnserve subversion repositories can be served either via http, or via the svnserve daemon and a special network protocol. svnserve should not run as root user. The startup script rcsvnserve expects a user/group named 'svn', configureable via /etc/sysconfig/svnserve. But this user/group must be created before first use: groupadd svn useradd -d /srv/svn -s /bin/false -g svn svn 3. mini-howto for 2 projects To run a subversion server, you need to configure apache2 to load two apache2 modules: mod_dav and mod_dav_svn. (mod_dav is needed by mod_dav_svn, it is installed together with apache2.) This is done by adding the dav and dav_svn modules to the apache2 configuration (a2enmod dav; a2enmod dav_svn), and restarting the server. A default/example configuration of the dav_svn module can be found in /etc/apache2/conf.d/subversion.conf. With more recent apache packages, this configuration is *not* loaded automatically by the apache server, since many people configure virtual hosts and it is unlikely that the repositories shall be available from any virtual host. To load the configuration for a certain virtual host, add Include /etc/apache2/conf.d/subversion.conf or Include /path/to/your_subversion_configuration in the respective virtual host configuration. This *may* be done in the default virtual host (/etc/apache2/default-server.conf). Minihowto: The plan: host 2 source projects with subversion both must have anonymous read access both must have limited write access for a few users they are accessed only via HTTP, not (!) locally they will be reachable via: http://hostname/repos/project1 http://hostname/repos/project2 Both will have the official version of the source tree and our modified version for the distribution. Projects in question are: project1 project2 The realisation: find a machine to host the projects. Keep backup (and restore!) in mind when hunting for hardware. install needed packages (you might check for update packages on ftp://ftp.suse.com/pub/projects/apache/ ) rpm -Uvh \ apache2 \ apache2-doc \ apache2-prefork \ libapr1 \ libapr-util1 \ neon \ subversion \ subversion-doc \ subversion-server # Update /etc/sysconfig/apache2 by # adding 'dav dav_svn' to $APACHE_MODULES: a2enmod dav a2enmod dav_svn create a few directories: mkdir -p /srv/svn/repos mkdir -p /srv/svn/user_access mkdir -p /srv/svn/html Add the http repository data to /etc/apache2/conf.d/subversion.conf: #------------------------------------------------------------------------ # # project related HTML files # <IfModule mod_alias.c> Alias /repos "/srv/svn/html" </IfModule> <Directory /srv/svn/html> Options +Indexes +Multiviews -FollowSymLinks IndexOptions FancyIndexing \ ScanHTMLTitles \ NameWidth=* \ DescriptionWidth=* \ SuppressLastModified \ SuppressSize order allow,deny allow from all </Directory> # project repository files for project1 <Location /repos/project1> DAV svn SVNPath /srv/svn/repos/project1 # Limit write access to certain people AuthType Basic AuthName "Authorization for project1 required" AuthUserFile /srv/svn/user_access/project1_passwdfile AuthGroupFile /srv/svn/user_access/project1_groupfile <LimitExcept GET PROPFIND OPTIONS REPORT> Require group project1_committers </LimitExcept> # Limit read access to certain people <Limit GET PROPFIND OPTIONS REPORT> Require group project1_committers Require group project1_readers </Limit> </Location> # project repository files for project2 <Location /repos/project2> DAV svn SVNPath /srv/svn/repos/project2 # Limit write permission to list of valid users. <LimitExcept GET PROPFIND OPTIONS REPORT> # Require SSL connection for password protection. # SSLRequireSSL AuthType Basic AuthName "Authorization for project2 required" AuthUserFile /srv/svn/user_access/project2_passwdfile Require valid-user </LimitExcept> </Location> #------------------------------------------------------------------------ create the repositories itself: cd /srv/svn/repos svnadmin create project1 chown -R wwwrun:www project1/{dav,db,locks} svnadmin create project2 chown -R wwwrun:www project2/{dav,db,locks} The webserver must be (re)started: rcapache2 restart Now create the user access files: project1 is a restricted project. read access requires a password write access is limited to a few users touch /srv/svn/user_access/project1_passwdfile chown root:www /srv/svn/user_access/project1_passwdfile chmod 640 /srv/svn/user_access/project1_passwdfile htpasswd2 /srv/svn/user_access/project1_passwdfile olaf htpasswd2 /srv/svn/user_access/project1_passwdfile olh this is the group file for project1: /srv/svn/user_access/project1_groupfile content: project1_committers: olh project1_readers: olaf olh project2 is world readable, but only a few can commit to the sources. touch /srv/svn/user_access/project2_passwdfile chown root:www /srv/svn/user_access/project2_passwdfile chmod 640 /srv/svn/user_access/project2_passwdfile htpasswd2 /srv/svn/user_access/project2_passwdfile olaf You should be able to connect to the server: http://host/repos/project2 http://host/repos/project1 Now import the data, e.g. svn import /path/to/project2-tree http://host/repos/project2 4. quickstart for mod_dontdothat The apache module mod_dontdothat can be used to prevent users from causing high load on the server, e.g. checking out the root of the tree or the tags or branches directories. Make sure mod_dontdothat is loaded: $ a2enmod dontdothat Add configuration for the module, e.g. <Location /> DAV svn SVNParentPath /srv/svn/repositories/ SVNListParentPath on # [...other configuration...] <IfModule mod_dontdothat.c> DontDoThatConfigFile /srv/svn/mod_dontdothat.config DontDoThatDisallowReplay off </IfModule> </Location> Restart apache to make the change effective. A fairly standard file /srv/svn/mod_dontdothat.config may contain: [recursive-actions] /*/trunk = allow / = deny /* = deny /*/tags = deny /*/branches = deny /*/* = deny /*/*/tags = deny /*/*/branches = deny This allows checking out of /trunk and each branch, but disallows checking out all branches or the complete repository at once. ++++++ subversion.conf ++++++ # Example configuration for a subversion repository # see /usr/share/doc/packages/subversion for the full documentation # <IfModule mod_dav_svn.c> ## ## project related HTML files ## #<IfModule mod_alias.c> #Alias /repos /srv/svn/html #</IfModule> #<Directory /srv/svn/html> # Options +Indexes +Multiviews -FollowSymLinks # IndexOptions FancyIndexing \ # ScanHTMLTitles \ # NameWidth=* \ # DescriptionWidth=* \ # SuppressLastModified \ # SuppressSize # # order allow,deny # allow from all #</Directory> #<Location /repos/myproject1> # DAV svn # SVNPath /srv/svn/repos/myproject1 # # Limit write permission to list of valid users. # <LimitExcept GET PROPFIND OPTIONS REPORT> # # Require SSL connection for password protection. # # SSLRequireSSL # # AuthType Basic # AuthName "Authorization Realm" # AuthUserFile /srv/svn/user_access/myproject1_passwdfile # Require valid-user # </LimitExcept> #</Location> ## ## Hosting svn at "/" ## #<VirtualHost *> # ServerName svn.example.com # ErrorLog /var/log/apache2/svn.example.com-error_log # TransferLog /var/log/apache2/svn.example.com-access_log # # # # Do not set DocumentRoot. It is not needed here and just causes trouble. # # # # Map the error documents back to their defaults. # # Otherwise mod_dav_svn tries to find a "error" repository. # # # ErrorDocument 400 default # ErrorDocument 401 default # ErrorDocument 403 default # ErrorDocument 404 default # ErrorDocument 405 default # ErrorDocument 408 default # ErrorDocument 410 default # ErrorDocument 411 default # ErrorDocument 412 default # ErrorDocument 413 default # ErrorDocument 414 default # ErrorDocument 415 default # ErrorDocument 500 default # ErrorDocument 501 default # ErrorDocument 502 default # ErrorDocument 503 default # # # <Location /> # DAV svn # SVNParentPath /srv/svn/repositories/ # SVNListParentPath on # AuthType Basic # AuthName "subversion repository" # AuthBasicProvider file # AuthUserFile /srv/svn/auth/svn.example.org.htpasswd # SetOutputFilter DEFLATE # <LimitExcept GET PROPFIND OPTIONS REPORT> # Require valid-user # </LimitExcept> # # # # Optional configuration for mod_dontdothat # # prevent users from causing high load on the server, e.g. checking out # # the root of the tree or the tags or branches directories # # # #<IfModule mod_dontdothat.c> # # DontDoThatConfigFile /srv/svn/mod_dontdothat.config # # DontDoThatDisallowReplay off # #</IfModule> # </Location> #</VirtualHost> </IfModule> ++++++ subversion.libtool-pie-flags.patch ++++++ Index: Makefile.in =================================================================== --- Makefile.in.orig 2011-12-21 17:32:27.000000000 +0000 +++ Makefile.in 2011-12-21 17:32:31.000000000 +0000 @@ -231,8 +231,8 @@ libsvn_subr_LDFLAGS = @libsvn_subr_LDFLA libsvn_wc_LDFLAGS = @libsvn_wc_LDFLAGS@ # Compilation of SWIG-generated C source code -COMPILE_PY_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_PY_COMPILE) $(LT_CFLAGS) $(CPPFLAGS) $(SWIG_PY_INCLUDES) -prefer-pic -c -o $@ -COMPILE_RB_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_RB_COMPILE) $(LT_CFLAGS) $(CPPFLAGS) $(SWIG_RB_INCLUDES) -prefer-pic -c -o $@ +COMPILE_PY_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_PY_COMPILE) $(LT_CFLAGS) $(CPPFLAGS) $(SWIG_PY_INCLUDES) -fpie -fPIE -prefer-pic -c -o $@ +COMPILE_RB_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_RB_COMPILE) $(LT_CFLAGS) $(CPPFLAGS) $(SWIG_RB_INCLUDES) -fpie -fPIE -prefer-pic -c -o $@ # these commands link the wrapper objects into an extension library/module LINK_PY_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=link $(SWIG_PY_LINK) $(SWIG_LDFLAGS) -rpath $(swig_pydir) -avoid-version -module ++++++ subversion.libtool-verbose.patch ++++++ Index: Makefile.in =================================================================== --- Makefile.in.orig 2011-07-16 12:50:53.000000000 +0100 +++ Makefile.in 2011-12-21 17:32:20.000000000 +0000 @@ -112,8 +112,8 @@ EXEEXT = @EXEEXT@ SHELL = @SHELL@ LIBTOOL = @SVN_LIBTOOL@ -LTFLAGS = --tag=CC --silent -LTCXXFLAGS = --tag=CXX --silent +LTFLAGS = --tag=CC +LTCXXFLAGS = --tag=CXX LT_CFLAGS = @LT_CFLAGS@ LT_LDFLAGS = @LT_LDFLAGS@ LT_SO_VERSION = @SVN_LT_SOVERSION@ ++++++ subversion.perl.LD_RUN_PATH.patch ++++++ clear LD_RUN_PATH, it will end up as RPATH in ELF binaries ERROR: RPATH "/usr/src/packages/BUILD/subversion-1.5.x/subversion/libsvn_subr/.libs" on /var/tmp/subversion-1.5.0-build/usr/lib/perl5/vendor_perl/5.10.0/ppc-linux-thread-multi-64int/auto/SVN/_Wc/_Wc.so is not allowed --- Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: Makefile.in =================================================================== --- Makefile.in.orig 2011-12-21 17:32:31.000000000 +0000 +++ Makefile.in 2011-12-21 17:32:35.000000000 +0000 @@ -736,7 +736,7 @@ $(SWIG_PL_DIR)/native/Makefile.PL: $(SWI ./config.status subversion/bindings/swig/perl/native/Makefile.PL $(SWIG_PL_DIR)/native/Makefile: $(SWIG_PL_DIR)/native/Makefile.PL - cd $(SWIG_PL_DIR)/native; $(PERL) Makefile.PL + cd $(SWIG_PL_DIR)/native; $(PERL) Makefile.PL ; for i in `grep -wl ^LD_RUN_PATH Makefile Makefile.[^P]*` ; do sed -i 's@^LD_RUN_PATH.*@LD_RUN_PATH=@' $$i ; done # There is a "readlink -f" command on some systems for the same purpose, # but it's not as portable (e.g. Mac OS X doesn't have it). These should ++++++ subversion.rcsvnserve ++++++ #! /bin/sh # Copyright (c) 1995-2011 SuSE Linux AG, Nuernberg, Germany. # All rights reserved. # # /etc/init.d/svnserve # and its symbolic link # /usr/sbin/rcsvnserve # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # # Note: This script uses functions rc_XXX defined in /etc/rc.status on # UnitedLinux (UL) based Linux distributions. If you want to base your # script on this template and ensure that it works on non UL based LSB # compliant Linux distributions, you either have to provide the rc.status # functions from UL or change the script to work without them. ### BEGIN INIT INFO # Provides: svnserve # Required-Start: # Should-Start: $time ypbind sendmail $syslog $remote_fs # Required-Stop: $syslog $remote_fs # Should-Stop: $time ypbind sendmail # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: svnserve # Description: readonly access to a subversion repository ### END INIT INFO # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: # http://www.linuxbase.org/spec/refspecs/LSB_1.2.0/gLSB/scrptnames.html # A registry has been set up to manage the init script namespace. # http://www.lanana.org/ # Please use the names already registered or register one or use a # vendor prefix. # Check for missing binaries (stale symlinks should not happen) SVNSERVE_BIN=/usr/bin/svnserve test -x $SVNSERVE_BIN || exit 5 # Check for existence of needed config file and read it SVNSERVE_CONFIG=/etc/sysconfig/svnserve test -r $SVNSERVE_CONFIG || exit 6 . $SVNSERVE_CONFIG # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks # rc_splash arg sets the boot splash screen to arg (if active) . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting svnserve " ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. UID_ENT="$(/usr/bin/getent passwd $SVNSERVE_USERID)" GID_ENT="$(/usr/bin/getent group $SVNSERVE_GROUPID)" if test -z "$SVNSERVE_USERID" -o -z "$UID_ENT" then echo echo "User $SVNSERVE_USERID does not exist." echo "Please check $SVNSERVE_CONFIG before starting this service." rc_failed elif test -z "$SVNSERVE_GROUPID" -o -z "$GID_ENT" then echo echo "Group $SVNSERVE_GROUPID does not exist." echo "Please check $SVNSERVE_CONFIG before starting this service." rc_failed else startproc -u "$SVNSERVE_USERID" -g "$SVNSERVE_GROUPID" -e $SVNSERVE_BIN $SVNSERVE_OPTIONS fi # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down svnserve " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. killproc -TERM $SVNSERVE_BIN # Remember status and be verbose rc_status -v ;; try-restart) ## Do a restart only if the service was active before. ## Note: try-restart is not (yet) part of LSB (as of 1.2) $0 status >/dev/null && $0 restart # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) echo -n "Reload service svnserve " $0 stop && $0 start #rc_status ;; status) echo -n "Checking for service svnserve " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. checkproc $SVNSERVE_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload}" exit 1 ;; esac rc_exit ++++++ subversion.rpmlintrc ++++++ # libsvn_subr calls exit as part of the default malfunction handler. # That's OK. Library users are expected to override the default handler. addFilter("subversion.*shared-lib-calls-exit.*libsvn_subr-1.so.*") ++++++ subversion.svndiff.sh ++++++ #!/bin/bash # stupid svn has no 'svn diff -v -R $bignum' to grab all info for a single patch export TZ=UTC export LANG=C export LC_ALL=C shopt -s extglob case "$1" in r+([0-9])) rev=${1#?} shift ;; +([0-9])) rev=$1 shift ;; esac if test -z "$rev" then echo "Usage: $0 <svnrepo revision number>" exit 1 fi revprev=$(($rev - 1 )) svn log -v -r $rev "$@" svn diff -r $revprev:$rev "$@" ++++++ subversion.svngrep.sh ++++++ #!/bin/sh find \( -path '*/.pc' -o -path '*/.svn' -o -path '*/.git' -o -path '*/.hg' \) -prune -o -type f -print0 | xargs -0 grep "$@" ++++++ subversion.sysconfig.svnserve ++++++ ## Path: Network/Subversion/svnserve ## Description: Basic configuration for svnserve ## Type: string ## Default "-d -R -r /srv/svn/repos" # # Default options for the svnserve process. # The -R option enforces read-only access, i.e. write operations to the # repository (such as commits) will not be allowed. # Authentication should be configured before allowing write access. # See http://svnbook.red-bean.com/en/1.5/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth # SVNSERVE_OPTIONS="-d -R -r /srv/svn/repos" ## Type: string ## Default "svn" # # svnserve should run as unprivileged user. # The userid/groupid svn is not created during package install. # Run 'groupadd svn; useradd -d /srv/svn -s /bin/false -g svn svn' to create the userid/groupid. # SVNSERVE_USERID="svn" ## Type: string ## Default "svn" # # svnserve should run as unprivileged user. # The userid/groupid svn is not created during package install. # Run 'groupadd svn; useradd -d /srv/svn -s /bin/false -g svn svn' to create the userid/groupid. # SVNSERVE_GROUPID="svn" ++++++ subversion.sysconfig.svnserve.remoteaccess ++++++ ## Name: svnserve ## Description: Open ports for svnserve TCP="svn" ++++++ subversion.xinetd.svnserve ++++++ # default: off # description: readonly access to a subversion repository service svn { disable = yes socket_type = stream protocol = tcp wait = no user = svn group = svn groups = yes server = /usr/bin/svnserve server_args = --read-only --root=/srv/svn/repos --inetd } ++++++ svnmerge.py ++++++ ++++ 2370 lines (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org