Re: Apache Subversion 1.8.3 released
Consonant with the Subversion 1.8.3 and 1.7.13 releases, I've updated my github published packages for building them locally on RHEL 6.x. They're at: https://github.com/nkadel/subversion-1.7.x-srpm https://github.com/nkadel/subverison-1.8.x-srpm They're tested and running on some CentOS and Scientific Linux environments I use, with updated versions of get-deps.sh in the git repository and some Fedora 19 patches applied for consistency with RHEL environments. For those of you who need these up to date versions RHEL 6, enjoy! On Fri, Aug 30, 2013 at 11:58 AM, Ben Reser bre...@apache.org wrote: On 8/30/13 8:34 AM, Ben Reser wrote: I'm happy to announce the release of Apache Subversion 1.8.3. Please note that Subversion 1.8.3 is the next release after Subversion 1.8.1. The 1.8.2 release was not published publicly, due to issues found during testing. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download/#recommended-release This release addresses three security issues: CVE-2013-4246: fsfs: corruption from editing packed revision properties CVE-2013-4262: admin-side tools: symlink attack against pid file CVE-2013-4246: svnserve: symlink attack against pid file More information on these vulnerabilities, including the relevant advisories and potential attack vectors and workarounds, can be found on the Subversion security website: http://subversion.apache.org/security/ CVE-2013-4246 was inadvertantly used twice in this announcement. The corrent list of security issues follows: CVE-2013-4246: fsfs: corruption from editing packed revision properties CVE-2013-4262: admin-side tools: symlink attack against pid file CVE-2013-4277: svnserve: symlink attack against pid file
Re: Apache Subversion 1.8.3 released
On 8/30/13 8:34 AM, Ben Reser wrote: I'm happy to announce the release of Apache Subversion 1.8.3. Please note that Subversion 1.8.3 is the next release after Subversion 1.8.1. The 1.8.2 release was not published publicly, due to issues found during testing. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download/#recommended-release This release addresses three security issues: CVE-2013-4246: fsfs: corruption from editing packed revision properties CVE-2013-4262: admin-side tools: symlink attack against pid file CVE-2013-4246: svnserve: symlink attack against pid file More information on these vulnerabilities, including the relevant advisories and potential attack vectors and workarounds, can be found on the Subversion security website: http://subversion.apache.org/security/ CVE-2013-4246 was inadvertantly used twice in this announcement. The corrent list of security issues follows: CVE-2013-4246: fsfs: corruption from editing packed revision properties CVE-2013-4262: admin-side tools: symlink attack against pid file CVE-2013-4277: svnserve: symlink attack against pid file
Apache Subversion 1.8.3 released
I'm happy to announce the release of Apache Subversion 1.8.3. Please note that Subversion 1.8.3 is the next release after Subversion 1.8.1. The 1.8.2 release was not published publicly, due to issues found during testing. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download/#recommended-release This release addresses three security issues: CVE-2013-4246: fsfs: corruption from editing packed revision properties CVE-2013-4262: admin-side tools: symlink attack against pid file CVE-2013-4246: svnserve: symlink attack against pid file More information on these vulnerabilities, including the relevant advisories and potential attack vectors and workarounds, can be found on the Subversion security website: http://subversion.apache.org/security/ This release changes mod_dav_svn to no longer map requests to the local filesystem. Administrators of mod_dav_svn servers should read the section about this in the release notes: http://subversion.apache.org/docs/release-notes/1.8.html#mod_dav_svn-fsmap The SHA1 checksums are: e328e9f1c57f7c78bea4c3af869ec5d4503580cf subversion-1.8.3.tar.bz2 f004934ef6ed8ee4ede1202e0734098350d80812 subversion-1.8.3.zip 4bc7cceb0d16a09ba839a53435f5671d40867d44 subversion-1.8.3.tar.gz PGP Signatures are available at: http://www.apache.org/dist/subversion/subversion-1.8.3.tar.bz2.asc http://www.apache.org/dist/subversion/subversion-1.8.3.tar.gz.asc http://www.apache.org/dist/subversion/subversion-1.8.3.zip.asc For this release, the following people have provided PGP signatures: Ben Reser [4096R/16A0DE01] with fingerprint: 19BB CAEF 7B19 B280 A0E2 175E 62D4 8FAD 16A0 DE01 Bert Huijben [4096R/CCC8E1DF] with fingerprint: 3D1D C66D 6D2E 0B90 3952 8138 C4A6 C625 CCC8 E1DF Ivan Zhakov [4096R/F6AD8147] with fingerprint: 4829 8F0F E47F 4B8A 43FD 6525 919F 6F61 F6AD 8147 Julian Foad [4096R/4EECC493] with fingerprint: 6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493 Paul T. Burba [4096R/56F3D7BC] with fingerprint: 1A0F E7C6 B3C5 F8D4 D0C4 A20B 64DD C071 56F3 D7BC Philip Martin [2048R/ED1A599C] with fingerprint: A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C Release notes for the 1.8.x release series may be found at: http://subversion.apache.org/docs/release-notes/1.8.html You can find the list of changes between 1.8.3 and earlier versions at: http://svn.apache.org/repos/asf/subversion/tags/1.8.3/CHANGES Questions, comments, and bug reports to users@subversion.apache.org. Thanks, - The Subversion Team
