Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#6354 closed enhancement (fixed)

subversion-1.8.13

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: high Milestone: 7.8
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

https://www.apache.org/dist/subversion/subversion-1.8.13.tar.bz2

SHA1: aa0bd14ac6a8f0fb178cc9ff325387de01cd7452 subversion-1.8.13.tar.bz2

https://mail-archives.apache.org/mod_mbox/subversion-announce/201503.mbox/%3C20150331120220.GO17807%40jim.stsp.name%3E

This release addresses 3 security issues.

  CVE-2015-0202: Subversion HTTP servers with FSFS repositories are
                 vulnerable to a remotely triggerable excessive memory
                 use with certain REPORT requests.
  CVE-2015-0248: Subversion mod_dav_svn and svnserve are vulnerable to a
                 remotely triggerable assertion DoS vulnerability for certain
                 requests with dynamically evaluated revision numbers
  CVE-2015-0251: Subversion HTTP servers allow spoofing svn:author property
                 values for new revisions
For details see the advisories at:

    http://subversion.apache.org/security/CVE-2015-0202-advisory.txt
    http://subversion.apache.org/security/CVE-2015-0248-advisory.txt
    http://subversion.apache.org/security/CVE-2015-0251-advisory.txt

Change History (6)

comment:1 by Fernando de Oliveira, 7 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 7 years ago

Ruby and Java bindings checks completely fail. The others completely pass.

Ruby

if [ "LD_LIBRARY_PATH" = "DYLD_LIBRARY_PATH" ]; then for d in /tmp/porg-build-2015.04.01-19h23m00s/subversion-1.8.13/subversion/bindings/swig/ruby/libsvn_swig_ruby /tmp/porg-build-2015.04.01-19h23m00s/subversion-1.8.13/subversion/bindings/swig/ruby/../../../libsvn_*; do if [ -n "$DYLD_LIBRARY_PATH" ]; then LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$d/.libs"; else LD_LIBRARY_PATH="$d/.libs"; fi; done; export LD_LIBRARY_PATH; fi; \
cd /tmp/porg-build-2015.04.01-19h23m00s/subversion-1.8.13/subversion/bindings/swig/ruby; \
          if [ "2" -eq 1 -a "2" -lt 9 ] ; then \
            /usr/bin/ruby -I /tmp/porg-build-2015.04.01-19h23m00s/subversion-1.8.13/subversion/bindings/swig/ruby \
              /tmp/porg-build-2015.04.01-19h23m00s/subversion-1.8.13/subversion/bindings/swig/ruby/test/run-test.rb \
      --verbose=normal; \
          else \
    /usr/bin/ruby -I /tmp/porg-build-2015.04.01-19h23m00s/subversion-1.8.13/subversion/bindings/swig/ruby \
      /tmp/porg-build-2015.04.01-19h23m00s/subversion-1.8.13/subversion/bindings/swig/ruby/test/run-test.rb; \
          fi
Makefile:859: recipe for target 'check-swig-rb' failed
make: *** [check-swig-rb] Error 1

Java:

if [ "LD_LIBRARY_PATH" = "DYLD_LIBRARY_PATH" ]; then for d in /tmp/porg-build-2015.04.01-19h23m00s/subversion-1.8.13/subversion/libsvn_*; do if [ -n "$DYLD_LIBRARY_PATH" ]; then LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$d/.libs"; else LD_LIBRARY_PATH="$d/.libs"; fi; done; export LD_LIBRARY_PATH; fi; \
/opt/jdk/bin/java "-Dtest.rootdir=/tmp/porg-build-2015.04.01-19h23m00s/subversion-1.8.13/subversion/bindings/javahl/test-work" "-Dtest.srcdir=/tmp/porg-build-2015.04.01-19h23m00s/subversion-1.8.13/subversion/bindings/javahl" "-Dtest.rooturl=" "-Dtest.fstype=" "-Djava.library.path=subversion/bindings/javahl/native/.libs:/usr/lib" -classpath "subversion/bindings/javahl/classes:/tmp/porg-build-2015.04.01-19h23m00s/subversion-1.8.13/subversion/bindings/javahl/src:" "-Dtest.tests=" org.apache.subversion.javahl.RunTests
Error: Could not find or load main class org.apache.subversion.javahl.RunTests
Makefile:486: recipe for target 'check-apache-javahl' failed
make: *** [check-apache-javahl] Error 1
make: Target 'check-javahl' not remade because of errors.

comment:3 by Fernando de Oliveira, 7 years ago

Fixed at r15768.

comment:4 by Fernando de Oliveira, 7 years ago

Resolution: fixed
Status: assignedclosed

Forgot to close

comment:5 by bdubbs@…, 7 years ago

I got the same errors. I've tried to look at what they are trying to do, but don't understand ruby/java quite well enough to figure it out. They both have problems finding something they need.

We might want to reword what we have from "for unknown reasons" to "errors in the test suite".

comment:6 by Fernando de Oliveira, 7 years ago

I agree. Thank s for checking. Will you do, please, or do you want me to do it tomorrow?

Note: See TracTickets for help on using tickets.