[Bug 850747] New: Apache Subversion 1.8.5 and 1.7.14 maintenance releases
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c0 Summary: Apache Subversion 1.8.5 and 1.7.14 maintenance releases Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: All OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: Maintenance AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:25.0) Gecko/20100101 Firefox/25.0
From https://svn.apache.org/repos/asf/subversion/tags/1.8.5/CHANGES
Version 1.8.5 (25 November 2013, from /branches/1.8.x) http://svn.apache.org/repos/asf/subversion/tags/1.8.5 User-visible changes: - Client-side bugfixes: * fix externals that point at redirected locations (issues #4428, #4429) * diff: fix assertion with move inside a copy (issue #4444) - Server-side bugfixes: * mod_dav_svn: Prevent crashes with some 3rd party modules (r1537360 et al) * mod_dav_svn: canonicalize paths properly (r1542071) * mod_authz_svn: fix crash of mod_authz_svn with invalid config (r1541432) * hotcopy: fix hotcopy losing revprop files in packed repos (issue #4448) - Other tool improvements and bugfixes: * mod_dontdothat: Fix the uri parser (r1542069 et al) Developer-visible changes: - General: * fix compilation with '--enable-optimize' with clang (r1534860) * fix copmpilation with debug build of BDB on Windows (r1501656, r1501702) * fix '--with-openssl' option when building on Windows (r1535139) * add test to fail when built against broken ZLib (r1537193 et al) - Bindings: * swig-rb: fix tests to run without installing on OS X (r1535161) * ctypes-python: build with compiler selected via configure (r1536537) from https://svn.apache.org/repos/asf/subversion/tags/1.7.14/CHANGES Version 1.7.14 (25 Nov 2013, from /branches/1.7.x) http://svn.apache.org/repos/asf/subversion/tags/1.7.14 User-visible changes: - Client- and server-side bugfixes: * fix assertion on urls of the form 'file://./' (r1516806) - Client-side bugfixes: * upgrade: fix an assertion when used with pre-1.3 wcs (r1530849) * ra_local: fix error with repository in Windows drive root (r1518184) * fix crash on windows when piped command is interrupted (r1522892) * fix externals that point at redirected locations (issues #4428, #4429) * diff: fix incorrect calculation of changes in some cases (issue #4283) * diff: fix errors with added/deleted targets (issues #4153, #4421) - Server-side bugfixes: * mod_dav_svn: Prevent crashes with some 3rd party modules (r1537360 et al) * fix OOM on concurrent requests at threaded server start (r1527103 et al) * fsfs: limit commit time of files with deep change histories (r1536790) * mod_dav_svn: canonicalize paths properly (r1542071) - Other tool improvements and bugfixes: * mod_dontdothat: Fix the uri parser (r1542069 et al) Developer-visible changes: - Bindings: * javahl: canonicalize path for streamFileContent method (r1524869) Reproducible: Didn't try -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED See Also| |https://bugzilla.novell.com | |/show_bug.cgi?id=847103 AssignedTo|bnc-team-screening@forge.pr |Andreas.Stieger@gmx.de |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c1 --- Comment #1 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-11-23 19:00:10 CET --- This is an autogenerated message for OBS integration: This bug (850747) was mentioned in https://build.opensuse.org/request/show/208052 Factory / subversion -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c2 --- Comment #2 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-11-23 20:00:08 CET --- This is an autogenerated message for OBS integration: This bug (850747) was mentioned in https://build.opensuse.org/request/show/208054 Factory / subversion https://build.opensuse.org/request/show/208056 13.1+12.2+12.3 / subversion -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |maintenance@opensuse.org -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c3 Benjamin Brunner <bbrunner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|maintenance@opensuse.org | --- Comment #3 from Benjamin Brunner <bbrunner@suse.com> 2013-11-25 15:41:53 CET --- Thanks for your submission. JFI, because of the different versions I splitted it into two different incidents: 12.2/12.3 openSUSE:Maintenance:2280 13.1 openSUSE:Maintenance:2281 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c4 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de --- Comment #4 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-11-25 16:59:37 UTC --- Contains security updates: CVE-2013-4505 1.4.0-1.7.13 and 1.8.0-1.8.4 mod_dontdothat does not restrict requests from serf based clients https://subversion.apache.org/security/CVE-2013-4505-advisory.txt CVE-2013-4558 1.7.11-1.7.13 and 1.8.1-1.8.4 mod_dav_svn assertion triggered by non-canonical URLs in autoversioning commits https://subversion.apache.org/security/CVE-2013-4558-advisory.txt Adding security team. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c5 --- Comment #5 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-11-25 20:00:19 CET --- This is an autogenerated message for OBS integration: This bug (850747) was mentioned in https://build.opensuse.org/request/show/208334 Factory / subversion -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c6 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO CC| |bbrunner@suse.com InfoProvider| |security-team@suse.de --- Comment #6 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-11-26 18:49:11 UTC --- CVE added and follow-up requests for the mentioned incidents. https://build.opensuse.org/request/show/208584 https://build.opensuse.org/request/show/208585 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:2280:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:2280:moderate |obs:running:2280:moderate | |obs:running:2281:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c7 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |meissner@suse.com InfoProvider|security-team@suse.de | --- Comment #7 from Marcus Meissner <meissner@suse.com> 2013-12-02 14:17:09 UTC --- i think needinfo provided. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:2280:moderate |obs:running:2280:moderate |obs:running:2281:moderate | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c8 --- Comment #8 from Swamp Workflow Management <swamp@suse.de> 2013-12-07 18:05:39 UTC --- openSUSE-SU-2013:1836-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 850667,850747 CVE References: CVE-2013-4505,CVE-2013-4558 Sources used: openSUSE 13.1 (src): subversion-1.8.5-2.11.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:2280:moderate | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c9 --- Comment #9 from Swamp Workflow Management <swamp@suse.de> 2013-12-12 17:04:57 UTC --- openSUSE-SU-2013:1860-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 850667,850747 CVE References: CVE-2013-4505,CVE-2013-4558 Sources used: openSUSE 12.3 (src): subversion-1.7.14-2.22.1 openSUSE 12.2 (src): subversion-1.7.14-4.30.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c10 --- Comment #10 from Swamp Workflow Management <swamp@suse.de> 2013-12-13 13:06:32 UTC --- openSUSE-SU-2013:1869-1: An update that solves 7 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 528714,649861,662030,713919,788015,794676,830031,836245,850747 CVE References: CVE-2010-3315,CVE-2010-4539,CVE-2010-4644,CVE-2013-1884,CVE-2013-4131,CVE-2013-4505,CVE-2013-4558 Sources used: openSUSE 11.4 (src): subversion-1.7.14-59.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850747 https://bugzilla.novell.com/show_bug.cgi?id=850747#c11 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #11 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-12-31 19:12:54 UTC --- Resolving as fixed for openSUSE. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com