Apache Subversion Changelog

New in version 1.8.13

April 1st, 2015
  • This release addresses 3 security issues:
  • CVE-2015-0202: Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests.
  • CVE-2015-0248: Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers
  • CVE-2015-0251: Subversion HTTP servers allow spoofing svn:author property values for new revisions

New in version 1.8.11 (December 16th, 2014)

  • User-visible changes:
  • Client-side bugfixes:
  • checkout/update: fix file externals failing to follow history and subsequently silently failing (issue #4185)
  • patch: don't skip targets in valid --git difs (r1592014, r1592034)
  • diff: make property output in diffs stable (r1589360)
  • diff: fix diff of local copied directory with props (r1619380, r1619393)
  • diff: fix changelist filter for repos-WC and WC-WC (r1621978, r1621981)
  • remove broken conflict resolver menu options that always error out (r1620332)
  • improve gpg-agent support (r1600331, r1600348, 1600368, r1600563, r1600781)
  • fix crash in eclipse IDE with GNOME Keyring (issue #3498)
  • fix externals shadowing a versioned directory (issue #4085)
  • fix problems working on unix file systems that don't support permissions (r1612225)
  • upgrade: keep external registrations (issue #4519)
  • cleanup: iprove performance of recorded timestamp fixups (r1633126)
  • translation updates for German
  • Server-side bugfixes:
  • disable revprop caching feature due to cache invalidation problems (r1543594, r1619774, r1619105, r1619118, r1619153, r1619802)
  • skip generating uniquifiers if rep-sharing is not supported (r1561426)
  • mod_dav_svn: reject requests with missing repository paths (r1643409)
  • mod_dav_svn: reject requests with invalid virtual transaction names (r1643437)
  • mod_dav_svn: avoid unneeded memory growth in resource walking (issue #4531)
  • Developer-visible changes:
  • General:
  • make sure all members of the repos layer notify struct are valid, fixes crashes in API users using all members (r1616131)
  • properly generate a version resource when building on Windows (r1542610, r1564576, r1568180)
  • fix LIBTOOL_M4 and LIBTOOL_CONFIG variable not be evaluated properly during a unix build (r1637826)
  • allow the use of libtool 2.4.3 (r1640862, r1640873, r1643793)

New in version 1.8.10 (August 27th, 2014)

  • User-visible changes:
  • Client-side bugfixes:
  • guard against md5 hash collisions when finding cached credentials (r1550691, r1550772, r1600909)
  • ra_serf: properly match wildcards in SSL certs. (r1615211, 1615219)
  • ra_serf: ignore the CommonName in SSL certs where there are Subject Alt Names (r1565531, r1566503, r1568349, r1568361)
  • ra_serf: fix a URI escaping bug that prevented deleting locked paths (r1594223, r1553501, r1553556, r1559197, issue #3674)
  • rm: Display the proper URL when deleting a URL in the commit log editor (r1591123)
  • log: Fix another instance of broken pipe error (r1596866, issue #3014)
  • copy: Properly handle props not present or excluded on cross wc copy (r1589184, r1589188)
  • copy: Fix copying parents of locally deleted nodes between wcs (r1589460, r1589486)
  • externals: Properly delete ancestor directories of externals when removing the external by changing svn:externals. (r1600311, 1600315, r1600323, r1600393)
  • ra_serf: fix memory lifetime of some hash values (r1606009)
  • Server-side bugfixes:
  • fsfs: omit config file when creating pre-1.5 format repos (r1547454, r1561703)
  • Developer-visible changes:
  • General:
  • fix improper linking when serf is in the same prefix as existing svn libraries. (r1609004)
  • use proper intermediate directory when building with VS 2003-2008 (r1595431)
  • support generating VS 2013 and later project files.
  • Bindings:
  • ruby: removing warning about Ruby 1.9 support being new. (r1593992)
  • python: fix notify_func callbacks (r1594794, r1594814, r1594834, r1595061)

New in version 1.8.5 (November 26th, 2013)

  • User-visible changes:
  • Client-side bugfixes:
  • fix externals that point at redirected locations (issues #4428, #4429)
  • diff: fix assertion with move inside a copy (issue #4444)
  • Server-side bugfixes:
  • mod_dav_svn: Prevent crashes with some 3rd party modules (r1537360 et al)
  • mod_dav_svn: canonicalize paths properly (r1542071)
  • mod_authz_svn: fix crash of mod_authz_svn with invalid config (r1541432)
  • hotcopy: fix hotcopy losing revprop files in packed repos (issue #4448)
  • Other tool improvements and bugfixes:
  • mod_dontdothat: Fix the uri parser (r1542069 et al)
  • Developer-visible changes:
  • General:
  • fix compilation with '--enable-optimize' with clang (r1534860)
  • fix copmpilation with debug build of BDB on Windows (r1501656, r1501702)
  • fix '--with-openssl' option when building on Windows (r1535139)
  • add test to fail when built against broken ZLib (r1537193 et al)
  • Bindings:
  • swig-rb: fix tests to run without installing on OS X (r1535161)
  • ctypes-python: build with compiler selected via configure (r1536537)

New in version 1.8.4 (October 30th, 2013)

  • User-visible changes:
  • Client- and server-side bugfixes:
  • fix assertion on urls of the form 'file://./' (r1516806)
  • stop linking against psapi.dll on Windows (r1534102)
  • translation updates for Swedish
  • Client-side bugfixes:
  • revert: fix problems reverting moves (issue #4436)
  • update: fix assertion when file external access is denied (issue #4422)
  • merge: reduce network connections for automatic merge (r1468980 et al)
  • merge: fix path corruption during reintegration (r1523666)
  • mergeinfo: fix crash (r1519955)
  • ra_serf: verify the result of xml parsing (r1501199 et al)
  • ra_serf: improve error messages during commit (r1526439)
  • ra_local: fix error with repository in Windows drive root (r1518184)
  • fix crash on windows when piped command is interrupted (r1522892)
  • fix crash in the crash handler on windows (r1532023)
  • fix assertion when upgrading old working copies (r1520529)
  • Server-side bugfixes:
  • hotcopy: cleanup unpacked revprops with '--incremental' (r1512300 et al)
  • fix OOM on concurrent requests at threaded server start (r1527103 et al)
  • fsfs: improve error message when unsupported fsfs format found (r1534158)
  • fix memory problem in 3rd party FS module loader (r1519615 et al)
  • Developer-visible changes:
  • General:
  • allow compiling against serf 1.3 and later on Windows (r1517123)
  • Bindings:
  • javahl: canonicalize path for streaFileContent method (r1524869)

New in version 1.8.3 (August 31st, 2013)

  • This release addresses three security issues:
  • CVE-2013-4246: fsfs: corruption from editing packed revision properties
  • CVE-2013-4262: admin-side tools: symlink attack against pid file
  • CVE-2013-4246: svnserve: symlink attack against pid file

New in version 1.8.1 (July 25th, 2013)

  • User-visible changes:
  • Client- and server-side bugfixes:
  • translation updates for German and Simplified Chinese
  • improve sqlite error message output (r1497804)
  • support platforms lacking mmap (r1498136)
  • allow configuration files to start with UTF-8 BOM (r1499100 et al)
  • don't fail on UTF-8 data when encoding conversion not available (r1503009)
  • improve error messages when encoding conversion fails (r1503010)
  • Client-side bugfixes:
  • merge: rename 'automatic merge' to 'complete merge' (r1491432)
  • mergeinfo: reduce network usage for '--show-revs' (r1492005)
  • ra_serf: improve http status handling (r1495104)
  • merge: avoid unneeded ra session (r1493475)
  • merge: reduce network usage (r1478987)
  • merge: remove duplicated ancestry check (r1493424, r1495597)
  • ra_serf: fix 'Accept-Encoding' header for IIS interoperability (r1497551)
  • svn status: improve documentation for lock columns (r1497318, r1497319)
  • ra_serf: fix support for 'get-file-revs-reversed' capability (r1498456)
  • log: reduce network usage on repository roots (r1496957)
  • diff: avoid temporary files when calling external diff (issue #4382)
  • upgrade: fix notification of 1.7.x working copies (r1493703, r1494171)
  • fix crash during tree conflict resolution (issue #4388)
  • interactive file merge: add two additional choices (r1491816, r1494089)
  • diff: use local style paths in error messages (r1500680)
  • resolve: improve the interactive conflict resolution menu (r1491739 et al)
  • switch: use local style path in error message (r1500074)
  • ra_serf: improve error output when receiving invalid XML (r1498851)
  • svn cleanup: explain what the command does in help output (r1497310)
  • blame: error on -r M:N where M>N unless server supports (r1498449 et al)
  • gpg-agent auth: don't try to use agent when unavailable (r1500762 et al)
  • gpg-agent auth: don't require GPG_TTY or TERM env vars (r1500801)
  • update: fix some tree conflicts not triggering resolver (r1491868 et al)
  • commit: remove stale entries from wc lock table when deleting (r1491756)
  • merge: fix --record-only erroring out on renamed path (issue #4387)
  • svnmucc: fix 'make install' symlink to work when DESTDIR is set (r1501072)
  • wc: fix crash when target is symlink to a working copy root (issue #4383)
  • ra_serf: change "internal malfunction" errors to normal errors (r1502577)
  • ra_serf: handle proxies not supporting chunked requests (r1502401 et al)
  • Server-side bugfixes:
  • fsfs: resolve endless loop problem when repos/db/uuid has \r\n (r1492145)
  • fsfs: remove revision property buffer limit (r1491770)
  • mod_dav_svn: better status codes for anonymous user errors (r1495918)
  • mod_dav_svn: better status codes for commit failures (r1490684)
  • fix performance regression in 'svn log' against root (r1494913)
  • allow deleting non-user-visible 'svn:' properties (r1495432)
  • fsfs: fix crash on strict-alignment architectures (r1495806, r1495985)
  • svnadmin upgrade: fix error of non-sharded fsfs repositories (r1494287)
  • svnadmin create: deny '--fs-type=fsfs --compatible-version=1.0' (r1494223)
  • svnadmin upgrade: fix data loss when cancelling in last stage (r1494298)
  • mod_dav_svn: fix incorrect path canonicalization (r1503528)
  • Other tool improvements and bugfixes:
  • fsfs-stats (tool): resolve segfault when passing invalid path (r1492164)
  • svn-bench: fix help output (r1493951)
  • svnpubsub: add version header to server (r1491707)
  • Developer-visible changes
  • General:
  • ra_serf: fix some test runner issues on Windows (r1490679)
  • fix two issues in reverse svn_ra_get_file_revs() (r1492148, et al)
  • handle --compatible-version=1.8 in the C tests (r1494342)
  • improve clang compatibility (r1480080 et al)
  • use proper cancel baton when handling conflicts (r1495850)
  • fs: BDB: provide proper error value from BDB (r1495428)
  • ra_serf: tweak connection failed error value (r1496132, et al)
  • svn_client_log5: resolve possible segfault (r1496110)
  • fix metadata_only move to work when target is unversioned node (r1498564)
  • ra_svn: fix segfault with a NULL commit message (r1498550, r1499727)
  • Ev2: correctly initialize node kind in shims' change table (r1501058)
  • Ev2: fix copyfrom URL construction in shims (r1500226)
  • fs: improve test against newlines in filenames (r1498483 et al)
  • make building with BDB 6 an opt-in feature (r1499438)
  • sqlite: allow placing amalgamation in build dir (r1499034, r1500175)
  • ra_svn: make sessions usable after log callback early out (r1503554)
  • Bindings:
  • swig-rb: fix tests with out-of-tree-builds (r1492295)
  • javahl: fix encoding of error messages produced by javahl (r1492264)
  • swig-pl: silence compiler warnings (r1487094)
  • swig-pl: improve documentation (r1488693, r1490721, r1500904)

New in version 1.8.0 (June 18th, 2013)

  • Working copy records moves as first-class operation
  • Automatic reintegration merge
  • Inherited properties
  • Repository dictated configuration
  • HTTP client support based on neon has been removed
  • The Berkeley DB-based repository back-end has been deprecated
  • In-memory password caching via GnuPG Agent (Unix client)
  • FSFS size and performance enhancements
  • Storage of authz files in the repository
  • New tools for administrators and infrastructure
  • Many enhancements and bug fixes

New in version 1.7.9 (April 5th, 2013)

  • User-visible changes:
  • Client-side bugfixes:
  • improved error messages about svn:date and svn:author props. (r1440620)
  • fix local_relpath assertion (issue #4257)
  • fix memory leak in `svn log` over svn:// (r1458341)
  • fix incorrect authz failure when using neon http library (issue #4332)
  • fix segfault when using kwallet (r1421103)
  • Server-side bugfixes:
  • svnserve will log the replayed rev not the low-water rev. (r1461278)
  • mod_dav_svn will omit some property values for activity urls (r1453780)
  • fix an assertion in mod_dav_svn when acting as a proxy on / (issue #4272)
  • improve memory usage when committing properties in mod_dav_svn (r1443929)
  • fix svnrdump to load dump files with non-LF line endings (issue #4263)
  • fix assertion when rep-cache is inaccessible (r1422100)
  • improved logic in mod_dav_svn's implementation of lock. (r1455352)
  • avoid executing unnecessary code in log with limit (r1459599)
  • Developer-visible changes:
  • General:
  • fix an assertion in dav_svn_get_repos_path() on Windows (r1425368)
  • fix get-deps.sh to correctly download zlib (r13520131)
  • doxygen docs will now ignore prefixes when producing the index (r1429201)
  • fix get-deps.sh on freebsd (r1423646)
  • Bindings:
  • javahl status api now respects the ignoreExternals boolean (r1435361)

New in version 1.7.8 (December 21st, 2012)

  • User-visible changes:
  • Client- and server-side bugfixes:
  • Fix typos in pt_BR, es and zh_TW translations (r1402417, r1402421)
  • Client-side bugfixes:
  • fix crash with --username option on Windows (r1396285)
  • add missing attributes to "svn log -v --xml" output (r1398100)
  • fix svn patch ignoring hunks after no trailing newline (r139917)
  • fix hang with ra_serf during error processing (r1403583)
  • ignore file externals with mergeinfo when merging (r1401915)
  • fix SEGV with "svnmucc cp rev arg" during argv processing (issue #4079)
  • fix conflict handling on symlinks (issue #4091)
  • Server-side bugfixes:
  • properly detect threading availability (r1398325)
  • fix "svnadmin load --bypass-prop-validation" (r1237779)
  • fix parsing of [groupsfoo] sections in authz file (issue #3531)
  • add Vary: header to GET responses to improve cacheability (r1390653)
  • fix fs_fs to cleanup after failed rep transmission (r1403964, et al)
  • fix mod_dav_svn to complain about revisions > HEAD (r1403588)
  • Developer-visible changes:
  • General:
  • fix incorrect status returned by 1.6 API (r1403258)
  • fix compilation with g++ 4.7 (r1345740)
  • fix svn_uri_get_file_url_from_dirent on Windows (r1409146)

New in version 1.7.7 (October 10th, 2012)

  • Client- and server-side bugfixes:
  • fix memory read bug (r137614)
  • update Chinese translation
  • Client-side bugfixes:
  • fix issues with applying Git patch files (r1374800, et al)
  • fix status does not descend into dir externals after upgrade (issue #4016)
  • fix file externals don't update with old mod_dav_svn (issue #4224)
  • fix external diff tool duplicates Index: lines with 'svn diff' (r1380697)
  • fix GNOME keyring library fails with very old glib (r1378847)
  • fix unknown password stores in config file cause error (r1375052)
  • fix assertions in ra_serf running against server root (r1365519, et al)
  • fix ra_serf checkout/export aborts early on Windows (issue #4174)
  • Server-side bugfixes:
  • fix an assert with SVNAutoVersioning in mod_dav_svn (issue #4231)
  • fix unbounded memory use with SVNPathAuthz short_circuit (r1387943)
  • fix svndumpfilter exclude --targets requires leading slash (issue #4234)
  • fix connection ttl for memcache should be 50 seconds (r1391641)
  • stabilize order of paths in dumpfiles with APR 1.4.6 (r1344864, et al)
  • Developer-visible changes:
  • General:
  • print "All tests successful" at the end of 'make check' (r1375089)
  • fix sandbox violation in a test (r1371282)
  • fix tests fail when running within a format 30 WC (r1391188, et al)
  • fix return value of svn_client_update4() incorrect (r1380295)
  • fix make check summary missing test failures (r1390965)
  • fix build does not fail when apache httpd is not available (r1374198)
  • Bindings:
  • fix swig-pl build fails with swig 2.0.7 and newer. (r1389658)
  • fix swig-py runtime problems with swig 2.0.5 and newer (r1351117)

New in version 1.7.0 (October 12th, 2011)

  • This is the most complete Subversion release to date, and we encourage users of Subversion to upgrade as soon as reasonable. This release contains a large number of new features, bug fixes and other improvements.

New in version 1.6.15 (November 25th, 2010)

  • User-visible changes:
  • improve svnsync handling of dir copies (r962377, -8)
  • hide unreadable dirs in mod_dav_svn's GET response (r996884)
  • make 'svnmucc propsetf' actually work (r1005446)
  • limit memory fragmentation in svnserve (r1022675)
  • fix 'svn export' regression from 1.6.13 (r1032970)
  • fix 'svn export' mistakenly uri-encodes paths (issue #3745)
  • fix server-side memory leaks triggered by 'blame -g' (r1032808)
  • prevent crash in mod_dav_svn when using SVNParentPath (r1033166)
  • allow 'log -g' to continue in the face of invalid mergeinfo (r1028108)
  • filter unreadable paths for 'svn ls' and 'svn co' (r997026, -070, -474)
  • fix abort in 'svn blame -g' (issue #3666)
  • fix file handle leak in ruby bindings (issue #3512)
  • remove check for 1.7-style working copies (issue #3729)
  • Developer-visible changes:
  • improve some swig parameter mapping (r984565, r1035745)
  • improve test accuracy over dav (r991534, r877814)
  • create fails.log for test runs (r964349)
  • improve detection of 'svnversion' when buildling (r877219, et al)
  • don't violate API layering in dumpstream logic (issue #3733)
  • don't report working copy installs as switched (r1033921)

New in version 1.6.6 (October 22nd, 2009)

  • Some crashes and other issues have been fixed.

New in version 1.6.0 (March 20th, 2009)

  • This release includes better filesystem storage mechanisms, authentication data handling improvements, early support for tree conflict detection, and more.

New in version 1.5.2 (August 31st, 2008)

  • Set correct permissions on created fsfs shards
  • Pass client capabilities to start-commit hook
  • Disallow creating nested repositories
  • Support Neon 0.28.3
  • Properly canonicalize URIs with an empty hostname
  • Improved merge performance for superfluous ranges
  • Better error message for 'Malformed URL for repository'
  • Improved svn:externals parsing
  • fixed: improper ordering in 'svnlook diff' output
  • fixed: mod_dav_svn memory leak with 'SVNPathAuthz short_circuit'
  • fixed: duplicate svn:externals targets fail on co/up
  • fixed: 'svn merge --depth' inconsistencies
  • fixed: ra_serf test failures (1.5.x-ra_serf-backports branch)
  • fixed: memory leak and crashes in FS
  • fixed: core dump with relative externals
  • fixed: 'svn copy' working copy corruption
  • fixed: perl bindings errors in non-English locale
  • fixed: 'svn merge' incorrectly reverses previous merges
  • fixed: 'svn merge' errors with subtree mergeinfo
  • make libsvn_ra_neon initialization thread-safe
  • respect LDFLAGS in Swig bindings
  • fixed: test failures in non-English locales