Summary: | dev-vcs/subversion-1.7.11 depends on deprecated dev-lang/ruby:1.8 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Hans de Graaff <graaff> |
Component: | New packages | Assignee: | Thomas Sachau <tommy> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kredba, ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=535764 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 434064 |
Description
Hans de Graaff
2013-08-31 06:01:28 UTC
Feel free to package.use.mask the ruby USE-flag, when you remove ruby-1.8 The ruby support is optional and afaik still only for ruby-1.8 so nothing in addition i will do for this package. Please check also: https://svn.apache.org/viewvc?view=revision&revision=1407206 From https://bugzilla.redhat.com/show_bug.cgi?id=1033995 : It was found that mod_dontdothat did not block requests from certain clients (such as Serf-based clients). This could allow a client to bypass intended mod_dontdothat restrictions and use more resources on the server than expected. This issue affected mod_dontdothat versions 1.4.0 to 1.7.13, and 1.8.0 to 1.8.4. It has been corrected in versions 1.7.14 and 1.8.5. External References: http://subversion.apache.org/security/CVE-2013-4505-advisory.txt @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not. (In reply to Agostino Sarubbo from comment #3) > From https://bugzilla.redhat.com/show_bug.cgi?id=1033995 : > > It was found that mod_dontdothat did not block requests from certain clients > (such as Serf-based > clients). This could allow a client to bypass intended mod_dontdothat > restrictions and use more > resources on the server than expected. This issue affected mod_dontdothat > versions 1.4.0 to 1.7.13, > and 1.8.0 to 1.8.4. It has been corrected in versions 1.7.14 and 1.8.5. > > External References: > > http://subversion.apache.org/security/CVE-2013-4505-advisory.txt > > > @maintainer(s): after the bump, in case we need to stabilize the package, > please say explicitly if it is ready for the stabilization or not. PLEASE IGNORE IT, script failure. subversion-1.8.5 in tree, has support for ruby19. Remove it from stable 1.7.x? The ruby USE-Flag has been package.use.mask'd. Please remove the broken support from your ebuild (1.7.x) and clean up the mask afterwards. |