483102 – dev-vcs/subversion-1.7.11 depends on deprecated dev-lang/ruby:1.8

Bug 483102 - dev-vcs/subversion-1.7.11 depends on deprecated dev-lang/ruby:1.8

Summary: dev-vcs/subversion-1.7.11 depends on deprecated dev-lang/ruby:1.8

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Thomas Sachau

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	ruby-1.8
	Show dependency tree

Reported:	2013-08-31 06:01 UTC by Hans de Graaff
Modified:	2016-08-06 17:22 UTC (History)
CC List:	2 users (show)

See Also:	535764
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hans de Graaff gentoo-dev

2013-08-31 06:01:28 UTC

Your package depends explicitly on dev-lang/ruby:1.8. Versions in this slot are no longer supported upstream and this slot will be removed from Gentoo shortly. Please adapt your package to use a newer slot of ruby or mask it for removal if it is not compatible.

Comment 1 Thomas Sachau gentoo-dev

2013-08-31 11:30:14 UTC

Feel free to package.use.mask the ruby USE-flag, when you remove ruby-1.8

The ruby support is optional and afaik still only for ruby-1.8 so nothing in addition i will do for this package.

Comment 2 Manuel Rüger (RETIRED) gentoo-dev

2013-10-30 05:07:45 UTC

Please check also: https://svn.apache.org/viewvc?view=revision&revision=1407206

Comment 3 Agostino Sarubbo gentoo-dev

2013-11-25 19:58:21 UTC

From https://bugzilla.redhat.com/show_bug.cgi?id=1033995 :

It was found that mod_dontdothat did not block requests from certain clients (such as Serf-based 
clients). This could allow a client to bypass intended mod_dontdothat restrictions and use more 
resources on the server than expected. This issue affected mod_dontdothat versions 1.4.0 to 1.7.13, 
and 1.8.0 to 1.8.4. It has been corrected in versions 1.7.14 and 1.8.5.

External References:

http://subversion.apache.org/security/CVE-2013-4505-advisory.txt


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.

Comment 4 Agostino Sarubbo gentoo-dev

2013-11-25 19:59:41 UTC

(In reply to Agostino Sarubbo from comment #3)
> From https://bugzilla.redhat.com/show_bug.cgi?id=1033995 :
> 
> It was found that mod_dontdothat did not block requests from certain clients
> (such as Serf-based 
> clients). This could allow a client to bypass intended mod_dontdothat
> restrictions and use more 
> resources on the server than expected. This issue affected mod_dontdothat
> versions 1.4.0 to 1.7.13, 
> and 1.8.0 to 1.8.4. It has been corrected in versions 1.7.14 and 1.8.5.
> 
> External References:
> 
> http://subversion.apache.org/security/CVE-2013-4505-advisory.txt
> 
> 
> @maintainer(s): after the bump, in case we need to stabilize the package,
> please say explicitly if it is ready for the stabilization or not.

PLEASE IGNORE IT, script failure.

Comment 5 Manuel Rüger (RETIRED) gentoo-dev

2014-01-06 22:32:39 UTC

subversion-1.8.5 in tree, has support for ruby19. 

Remove it from stable 1.7.x?

Comment 6 Manuel Rüger (RETIRED) gentoo-dev

2014-03-07 00:36:55 UTC

The ruby USE-Flag has been package.use.mask'd. Please remove the broken support from your ebuild (1.7.x) and clean up the mask afterwards.