Discussion:
[suggest] Subversion 1.6.13 update released with HTTP/HTTPS security patch
Nico Kadel-Garcia
2010-10-02 15:44:30 UTC
Permalink
There's a recent security update for Subversion HTTP and HTTPS
servers, due to a flaw in the mod_dav_svn modu The announcement and
the security notice are at http://subversion.apache.org/. (I'm very
glad that Subversion is now hosted there: it lends additional open
source credit to it.)

I've just built the new 1.6.13 release, using RPMforge SRPM's for
1.6.12, with the new source tarball and the version number updated.
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
Yury V. Zaytsev
2010-10-02 16:40:32 UTC
Permalink
Post by Nico Kadel-Garcia
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
You can encourage it by sending a patch that I will commit immediately.
--
Sincerely yours,
Yury V. Zaytsev
Jose Pedro Oliveira
2010-10-03 16:48:36 UTC
Permalink
Yuri,
Post by Yury V. Zaytsev
Post by Nico Kadel-Garcia
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
You can encourage it by sending a patch that I will commit immediately.
Subversion.spec patch attached. It changes the following lines:

* the subversion version
* the release number
* the swig download link

Regards,
jpo
--
Jos? Pedro Oliveira
* mailto:jpo at di.uminho.pt *
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: subversion.spec.patch
Url: http://lists.repoforge.org/pipermail/users/attachments/20101003/133bfd52/attachment.pl
Yury V. Zaytsev
2010-10-03 17:28:05 UTC
Permalink
Post by Yury V. Zaytsev
You can encourage it by sending a patch that I will commit immediately.
Many thanks, committed!
--
Sincerely yours,
Yury V. Zaytsev
Jose Pedro Oliveira
2010-10-03 18:26:27 UTC
Permalink
Yuri,
Post by Yury V. Zaytsev
Post by Yury V. Zaytsev
You can encourage it by sending a patch that I will commit immediately.
Many thanks, committed!
Could you also update the subversion-1.5.spec with the attached patch?

It only updates it to subversion 1.5.7. It doesn't apply the security
patch listed at the end of CVE-2010-3315 advisory
(http://subversion.apache.org/security/CVE-2010-3315-advisory.txt).

Note: The advisory mentions a subversion 1.5.8 that hasn't been
released yet (hopefully it will be soon).

Regards,
jpo
--
Jos? Pedro Oliveira
* mailto:jpo at di.uminho.pt *
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: subversion-1.5.spec.patch
Url: http://lists.repoforge.org/pipermail/users/attachments/20101003/67bdcdc0/attachment.pl
Jose Pedro Oliveira
2010-10-03 18:26:27 UTC
Permalink
Yuri,
Post by Yury V. Zaytsev
Post by Yury V. Zaytsev
You can encourage it by sending a patch that I will commit immediately.
Many thanks, committed!
Could you also update the subversion-1.5.spec with the attached patch?

It only updates it to subversion 1.5.7. It doesn't apply the security
patch listed at the end of CVE-2010-3315 advisory
(http://subversion.apache.org/security/CVE-2010-3315-advisory.txt).

Note: The advisory mentions a subversion 1.5.8 that hasn't been
released yet (hopefully it will be soon).

Regards,
jpo
--
Jos? Pedro Oliveira
* mailto:jpo at di.uminho.pt *
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: subversion-1.5.spec.patch
Url: http://lists.repoforge.org/pipermail/users/attachments/20101003/67bdcdc0/attachment-0001.pl
Jose Pedro Oliveira
2010-10-03 18:26:27 UTC
Permalink
Yuri,
Post by Yury V. Zaytsev
Post by Yury V. Zaytsev
You can encourage it by sending a patch that I will commit immediately.
Many thanks, committed!
Could you also update the subversion-1.5.spec with the attached patch?

It only updates it to subversion 1.5.7. It doesn't apply the security
patch listed at the end of CVE-2010-3315 advisory
(http://subversion.apache.org/security/CVE-2010-3315-advisory.txt).

Note: The advisory mentions a subversion 1.5.8 that hasn't been
released yet (hopefully it will be soon).

Regards,
jpo
--
Jos? Pedro Oliveira
* mailto:jpo at di.uminho.pt *
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: subversion-1.5.spec.patch
Url: http://lists.repoforge.org/pipermail/users/attachments/20101003/67bdcdc0/attachment-0002.pl
Jose Pedro Oliveira
2010-10-03 18:26:27 UTC
Permalink
Yuri,
Post by Yury V. Zaytsev
Post by Yury V. Zaytsev
You can encourage it by sending a patch that I will commit immediately.
Many thanks, committed!
Could you also update the subversion-1.5.spec with the attached patch?

It only updates it to subversion 1.5.7. It doesn't apply the security
patch listed at the end of CVE-2010-3315 advisory
(http://subversion.apache.org/security/CVE-2010-3315-advisory.txt).

Note: The advisory mentions a subversion 1.5.8 that hasn't been
released yet (hopefully it will be soon).

Regards,
jpo
--
Jos? Pedro Oliveira
* mailto:jpo at di.uminho.pt *
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: subversion-1.5.spec.patch
Url: http://lists.repoforge.org/pipermail/users/attachments/20101003/67bdcdc0/attachment-0003.pl
Jose Pedro Oliveira
2010-10-03 18:26:27 UTC
Permalink
Yuri,
Post by Yury V. Zaytsev
Post by Yury V. Zaytsev
You can encourage it by sending a patch that I will commit immediately.
Many thanks, committed!
Could you also update the subversion-1.5.spec with the attached patch?

It only updates it to subversion 1.5.7. It doesn't apply the security
patch listed at the end of CVE-2010-3315 advisory
(http://subversion.apache.org/security/CVE-2010-3315-advisory.txt).

Note: The advisory mentions a subversion 1.5.8 that hasn't been
released yet (hopefully it will be soon).

Regards,
jpo
--
Jos? Pedro Oliveira
* mailto:jpo at di.uminho.pt *
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: subversion-1.5.spec.patch
URL: <http://lists.repoforge.org/pipermail/users/attachments/20101003/67bdcdc0/attachment.ksh>
Yury V. Zaytsev
2010-10-03 17:28:05 UTC
Permalink
Post by Yury V. Zaytsev
You can encourage it by sending a patch that I will commit immediately.
Many thanks, committed!
--
Sincerely yours,
Yury V. Zaytsev
Yury V. Zaytsev
2010-10-03 17:28:05 UTC
Permalink
Post by Yury V. Zaytsev
You can encourage it by sending a patch that I will commit immediately.
Many thanks, committed!
--
Sincerely yours,
Yury V. Zaytsev
Yury V. Zaytsev
2010-10-03 17:28:05 UTC
Permalink
Post by Yury V. Zaytsev
You can encourage it by sending a patch that I will commit immediately.
Many thanks, committed!
--
Sincerely yours,
Yury V. Zaytsev
Yury V. Zaytsev
2010-10-03 17:28:05 UTC
Permalink
Post by Yury V. Zaytsev
You can encourage it by sending a patch that I will commit immediately.
Many thanks, committed!
--
Sincerely yours,
Yury V. Zaytsev
Jose Pedro Oliveira
2010-10-03 16:48:36 UTC
Permalink
Yuri,
Post by Yury V. Zaytsev
Post by Nico Kadel-Garcia
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
You can encourage it by sending a patch that I will commit immediately.
Subversion.spec patch attached. It changes the following lines:

* the subversion version
* the release number
* the swig download link

Regards,
jpo
--
Jos? Pedro Oliveira
* mailto:jpo at di.uminho.pt *
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: subversion.spec.patch
Url: http://lists.repoforge.org/pipermail/users/attachments/20101003/133bfd52/attachment-0001.pl
Jose Pedro Oliveira
2010-10-03 16:48:36 UTC
Permalink
Yuri,
Post by Yury V. Zaytsev
Post by Nico Kadel-Garcia
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
You can encourage it by sending a patch that I will commit immediately.
Subversion.spec patch attached. It changes the following lines:

* the subversion version
* the release number
* the swig download link

Regards,
jpo
--
Jos? Pedro Oliveira
* mailto:jpo at di.uminho.pt *
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: subversion.spec.patch
Url: http://lists.repoforge.org/pipermail/users/attachments/20101003/133bfd52/attachment-0002.pl
Jose Pedro Oliveira
2010-10-03 16:48:36 UTC
Permalink
Yuri,
Post by Yury V. Zaytsev
Post by Nico Kadel-Garcia
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
You can encourage it by sending a patch that I will commit immediately.
Subversion.spec patch attached. It changes the following lines:

* the subversion version
* the release number
* the swig download link

Regards,
jpo
--
Jos? Pedro Oliveira
* mailto:jpo at di.uminho.pt *
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: subversion.spec.patch
Url: http://lists.repoforge.org/pipermail/users/attachments/20101003/133bfd52/attachment-0003.pl
Jose Pedro Oliveira
2010-10-03 16:48:36 UTC
Permalink
Yuri,
Post by Yury V. Zaytsev
Post by Nico Kadel-Garcia
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
You can encourage it by sending a patch that I will commit immediately.
Subversion.spec patch attached. It changes the following lines:

* the subversion version
* the release number
* the swig download link

Regards,
jpo
--
Jos? Pedro Oliveira
* mailto:jpo at di.uminho.pt *
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: subversion.spec.patch
URL: <http://lists.repoforge.org/pipermail/users/attachments/20101003/133bfd52/attachment.ksh>
Nico Kadel-Garcia
2010-10-02 15:44:30 UTC
Permalink
There's a recent security update for Subversion HTTP and HTTPS
servers, due to a flaw in the mod_dav_svn modu The announcement and
the security notice are at http://subversion.apache.org/. (I'm very
glad that Subversion is now hosted there: it lends additional open
source credit to it.)

I've just built the new 1.6.13 release, using RPMforge SRPM's for
1.6.12, with the new source tarball and the version number updated.
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
Yury V. Zaytsev
2010-10-02 16:40:32 UTC
Permalink
Post by Nico Kadel-Garcia
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
You can encourage it by sending a patch that I will commit immediately.
--
Sincerely yours,
Yury V. Zaytsev
Nico Kadel-Garcia
2010-10-02 15:44:30 UTC
Permalink
There's a recent security update for Subversion HTTP and HTTPS
servers, due to a flaw in the mod_dav_svn modu The announcement and
the security notice are at http://subversion.apache.org/. (I'm very
glad that Subversion is now hosted there: it lends additional open
source credit to it.)

I've just built the new 1.6.13 release, using RPMforge SRPM's for
1.6.12, with the new source tarball and the version number updated.
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
Yury V. Zaytsev
2010-10-02 16:40:32 UTC
Permalink
Post by Nico Kadel-Garcia
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
You can encourage it by sending a patch that I will commit immediately.
--
Sincerely yours,
Yury V. Zaytsev
Nico Kadel-Garcia
2010-10-02 15:44:30 UTC
Permalink
There's a recent security update for Subversion HTTP and HTTPS
servers, due to a flaw in the mod_dav_svn modu The announcement and
the security notice are at http://subversion.apache.org/. (I'm very
glad that Subversion is now hosted there: it lends additional open
source credit to it.)

I've just built the new 1.6.13 release, using RPMforge SRPM's for
1.6.12, with the new source tarball and the version number updated.
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
Yury V. Zaytsev
2010-10-02 16:40:32 UTC
Permalink
Post by Nico Kadel-Garcia
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
You can encourage it by sending a patch that I will commit immediately.
--
Sincerely yours,
Yury V. Zaytsev
Nico Kadel-Garcia
2010-10-02 15:44:30 UTC
Permalink
There's a recent security update for Subversion HTTP and HTTPS
servers, due to a flaw in the mod_dav_svn modu The announcement and
the security notice are at http://subversion.apache.org/. (I'm very
glad that Subversion is now hosted there: it lends additional open
source credit to it.)

I've just built the new 1.6.13 release, using RPMforge SRPM's for
1.6.12, with the new source tarball and the version number updated.
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
Yury V. Zaytsev
2010-10-02 16:40:32 UTC
Permalink
Post by Nico Kadel-Garcia
It's building and operating well under 64-bit RHEL 5. Can I encourage
testing and an update for this package, due to the server side
security issue?
You can encourage it by sending a patch that I will commit immediately.
--
Sincerely yours,
Yury V. Zaytsev
Loading...