Stabilize dev-vcs/subversion-1.6.15. Some tests are known to fail in some configurations (time zone, locale, USE flags), so failure of tests causes only warning. Tests of bindings usually use Subversion libraries from /usr/lib, so these tests are disabled by default. Log of currently running tests: "${S}/tests.log" Logs of tests with particular combinations of RA type and FS type: "${T}/tests-ra_${ra_type}-${fs_type}.log" Apache logs: "${T}/apache/access_log" "${T}/apache/svn_log" "${T}/apache/error_log" svnserve log: "${T}/svnserve.log" If tests seem to hang, you can use the following command to check progress of tests: tail -f "${S}/tests.log"
Tested on SPARC, majority of tests passed. Installed OK.
amd64 done
x86 stable
There is a security issue that requires this update, see http://secunia.com/advisories/42780/ I'm suggesting A3 severity level based on http://bugs.gentoo.org/280494 .
alpha/arm/ia64/s390/sh/sparc stable
It looks like there were two issues fixed in this release. From http://www.openwall.com/lists/oss-security/2011/01/04/8: So for A, "* prevent crash in mod_dav_svn when using SVNParentPath (r1033166)" Upstream changeset: http://svn.apache.org/viewvc?view=revision&revision=1033166 Let's use CVE-2010-4539. For B, * fix server-side memory leaks triggered by 'blame -g' (r1032808) References: http://svn.haxx.se/dev/archive-2010-11/0102.shtml Upstream changeset: http://svn.apache.org/viewvc?view=revision&revision=1032808 Let's use CVE-2010-4644.
ppc/ppc64 stable
Stable for HPPA.
Thanks, folks. GLSA request filed.
CVE-2010-4644 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4644): Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. CVE-2010-4539 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4539): The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
This issue was resolved and addressed in GLSA 201309-11 at http://security.gentoo.org/glsa/glsa-201309-11.xml by GLSA coordinator Sean Amoss (ackle).