Checkout Tools
  • last updated 4 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Add recent CVEs to the list, and add my signature on their advisories.
  1. … 2 more files in changeset.
Add CVE-2018-11803 notices to the website.

* index.html, news.html

- Add security announcement.

- Include CVE link in 1.11.1 and 1.10.4 release announcements.

- Ensure anchor ids are unique.

* security/CVE-2018-11803-advisory.txt New file.

* security/CVE-2018-11803-advisory.txt.asc New file.

* security/index.html

Add links to CVE-2018-11803 advisory and signature.

  1. … 4 more files in changeset.
* site/publish: Merge from staging.
  1. … 41 more files in changeset.
Release Subversion 1.9.7 with a fix for CVE-2017-9800.
  1. … 7 more files in changeset.
* security/index.html

(sha1-advisory.txt): Clarify affected versions.

* security/index.html: Put versions in the right order in SHA1 entry.

Suggested by: danielsh

* security/index.html: Add missing </tr> (thanks danielsh). Note that

versions affected by SHA1 collisions.

* security/index.html: Add missing <tr>.

* security/index.html: Link to SHA1 advisory.

* site/publish/security/index.html: Simplify the long "Affected Version(s)"

column for CVE-2013-2088. This should make the table easier to read.

Update the site for 1.8.17 and 1.9.5 releases.

* site/publish/doap.rdf: Update versions.

* site/publish/docs/release-notes/release-history.html: Add Subversion 1.8.17

and 1.9.5 entries.

* site/publish/download.html: Adjust both the recommended and supported

versions and file checksums.

* site/publish/news.html: Add news items about Subversion 1.8.17 and 1.9.5.

* site/publish/index.html: Add news items about Subversion 1.8.17 and 1.9.5.

Remove two oldest items from this page.

* site/publish/security/CVE-2016-8734-advisory.txt: New file.

Set svn:eol-style to "LF" (we provide a detached signature for this file,

which would become invalid with EOL translation).

* site/publish/security/CVE-2016-8734-advisory.txt.asc: New file.

* site/publish/security/index.html: Append CVE-2016-8734 entry.

  1. … 7 more files in changeset.
Update the site for 1.8.16 and 1.9.4 releases, including the security

advisories fixed by those releases.

* site/publish/doap.rdf: Update the versions.

* site/publish/docs/release-notes/release-history.html: Add Subversion 1.8.16

and 1.9.4 entries.

* site/publish/download.html: Adjust both the recommended and supported

versions and the file checksums.

* site/publish/news.html: Add news items about Subversion 1.8.16 and 1.9.4.

* site/publish/index.html: Add news items about Subversion 1.8.16 and 1.9.4.

Remove two oldest items from this page.

* site/publish/security/CVE-2016-2167-advisory.txt,

site/publish/security/CVE-2016-2168-advisory.txt: Add new files.

* site/publish/security/index.html: Append CVE-2016-2167 and CVE-2016-2168

entries.

  1. … 7 more files in changeset.
Update the site for 1.8.15 and 1.9.3 releases, including the security

advisories fixed by those releases.

* site/publish/doap.rdf: Update the versions.

* site/publish/docs/release-notes/release-history.html: Add Subversion 1.8.15

and 1.9.3 entries.

* site/publish/docs/release-notes/1.9.html

(no-op-changes): Adjust the state of this issue.

* site/publish/download.html: Adjust both the recommended and supported

versions and the file checksums.

* site/publish/news.html: Add news items about Subversion 1.8.15 and 1.9.3.

* site/publish/index.html: Add news items about Subversion 1.8.15 and 1.9.3.

Remove two oldest items from this page.

* site/publish/security/CVE-2015-5259-advisory.txt,

site/publish/security/CVE-2015-5343-advisory.txt: Add new files.

* site/publish/security/index.html: Append CVE-2015-5259 and CVE-2015-5343

entries.

  1. … 8 more files in changeset.
Publish CVE-2015-3184 and CVE-2015-3187 advisories.

  1. … 2 more files in changeset.
Update website for 1.8.13 and 1.7.20 releases.

  1. … 9 more files in changeset.
Update website for 1.7.19 and 1.8.11 releases.

  1. … 7 more files in changeset.
Update website for 1.7.18 and 1.8.10 releases.

  1. … 7 more files in changeset.
Update site for 1.8.8 release and publish the advisory for CVE-2014-0032.

  1. … 6 more files in changeset.
Update site for 1.7.14 and 1.8.5 releases (including CVE advisory publication)

  1. … 7 more files in changeset.
Add advisories for CVE-2013-4246, 4262, 4277.

  1. … 3 more files in changeset.
Update site for 1.7.11 and 1.8.1

  1. … 6 more files in changeset.
Add security advisories for 1.6.23 and 1.7.10

  1. … 3 more files in changeset.
* publish/security/index.html: Add security issues fixed by 1.6.21 and 1.7.9

to the list of security issues.

Update web server configuration file and change all the file

permissions to remove the executable bit.

"AddOutputFilter INCLUDES .html" is provided by httpd.conf

and this makes the "XBitHack On" setting unnecessary. Similarly,

the file permissions of the *.html files that are set to 'executable'

are not necessary.

See:

http://mail-archives.apache.org/mod_mbox/subversion-dev/201302.mbox/browser

* site/publish/.htaccess():

remove "XBitHack On".

* site/*

remove svn:executable property from all files.

Suggested by: danielsh

Approved by: danielsh

  1. … 66 more files in changeset.
Attempt to document how we handle security issues. This just consolidates

existing content, introducing pointers where needed from other places.

* publish/security/index.html:

Remove text, and point to issues#security.

* publish/docs/community-guide/releasing.part.html:

Add section about security releases, pointing to issues#security.

* publish/docs/community-guide/issues.part.html:

Add security section, with initial content copied from /security/index.html.

* publish/docs/community-guide/issues.toc.html:

Add security section to Issues page ToC.

  1. … 3 more files in changeset.
* publish/security/index.html

(CVE-2011-1783): Align vulnerable server versions listed on this page

with the ones given in the advisory. 1.6.16 wasn't listed as vulnerable

on the index page.

Publish the advisories for CVE-2011-1921, CVE-2011-1752, CVE-2011-1783.

* publish/security/CVE-2011-1921-advisory.txt

publish/security/CVE-2011-1752-advisory.txt

publish/security/CVE-2011-1783-advisory.txt:

New.

* publish/security/index.html:

List the new CVEs.

  1. … 3 more files in changeset.
Announce the 1.6.16 release, as well as link information about

CVE-2011-0715.

* publish/news.html

(news-20110303): New.

* publish/docs/release-notes/release-history.html:

Add the 1.6.16 release.

* publish/security/index.html:

Add a link to the CVE-2011-0715 advisory.

* publish/index.html

(news-20110303): New.

(news-20101124): Remove.

* publish/source-code.html:

Update latest released version.

  1. … 4 more files in changeset.
* /site/publish/security/index.html: Typo fix
* publish/security/index.html:

Add a couple of new CVEs to the list, although we don't (yet) have advisories

for them.