Your message dated Tue, 28 Mar 2006 02:17:09 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#359234: fixed in subversion 1.3.0-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libapache2-svn
Version: 1.3.0-4
Severity: grave
Tags: security
Hello Guilherme,
libapache2-svn modules have a rpath pointing to /tmp:
%chrpath usr/lib/apache2/modules/mod_*
usr/lib/apache2/modules/mod_authz_svn.so:
RPATH=/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_subr/.libs:/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_repos/.libs
usr/lib/apache2/modules/mod_dav_svn.so:
RPATH=/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_repos/.libs:/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_fs/.libs:/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_delta/.libs:/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_subr/.libs
Since /tmp/ is user-writable, this allows local users to install rogue
libraries that will be linked by the modules.
Cheers,
--
Bill. <[EMAIL PROTECTED]>
Imagine a large red swirl here.
--- End Message ---
--- Begin Message ---
Source: subversion
Source-Version: 1.3.0-5
We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive:
libapache2-svn_1.3.0-5_i386.deb
to pool/main/s/subversion/libapache2-svn_1.3.0-5_i386.deb
libsvn-core-perl_1.3.0-5_i386.deb
to pool/main/s/subversion/libsvn-core-perl_1.3.0-5_i386.deb
libsvn-doc_1.3.0-5_all.deb
to pool/main/s/subversion/libsvn-doc_1.3.0-5_all.deb
libsvn-javahl_1.3.0-5_i386.deb
to pool/main/s/subversion/libsvn-javahl_1.3.0-5_i386.deb
libsvn-ruby1.8_1.3.0-5_i386.deb
to pool/main/s/subversion/libsvn-ruby1.8_1.3.0-5_i386.deb
libsvn-ruby_1.3.0-5_all.deb
to pool/main/s/subversion/libsvn-ruby_1.3.0-5_all.deb
libsvn0-dev_1.3.0-5_i386.deb
to pool/main/s/subversion/libsvn0-dev_1.3.0-5_i386.deb
libsvn0_1.3.0-5_i386.deb
to pool/main/s/subversion/libsvn0_1.3.0-5_i386.deb
python-subversion_1.3.0-5_i386.deb
to pool/main/s/subversion/python-subversion_1.3.0-5_i386.deb
subversion-tools_1.3.0-5_all.deb
to pool/main/s/subversion/subversion-tools_1.3.0-5_all.deb
subversion_1.3.0-5.diff.gz
to pool/main/s/subversion/subversion_1.3.0-5.diff.gz
subversion_1.3.0-5.dsc
to pool/main/s/subversion/subversion_1.3.0-5.dsc
subversion_1.3.0-5_i386.deb
to pool/main/s/subversion/subversion_1.3.0-5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Samuelson <[EMAIL PROTECTED]> (supplier of updated subversion package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 28 Mar 2006 00:56:59 -0600
Source: subversion
Binary: libsvn-core-perl libsvn0 libsvn-javahl libsvn-doc libsvn-ruby
libapache2-svn libsvn-ruby1.8 python-subversion subversion-tools subversion
libsvn0-dev
Architecture: source all i386
Version: 1.3.0-5
Distribution: unstable
Urgency: high
Maintainer: Guilherme de S. Pastore <[EMAIL PROTECTED]>
Changed-By: Peter Samuelson <[EMAIL PROTECTED]>
Description:
libapache2-svn - apache modules for Subversion (aka. svn)
libsvn-core-perl - perl bindings for Subversion (aka. svn)
libsvn-doc - development documentation for Subversion (aka. svn) libraries
libsvn-javahl - java bindings for Subversion (aka. svn)
libsvn-ruby - ruby modules for interfacing with Subversion (aka. svn)
libsvn-ruby1.8 - ruby modules for interfacing with Subversion (aka. svn)
libsvn0 - shared libraries used by Subversion (aka. svn)
libsvn0-dev - development files for Subversion (aka. svn) libraries
python-subversion - python modules for interfacing with Subversion (aka. svn)
subversion - advanced version control system (aka. svn)
subversion-tools - assorted tools related to Subversion (aka. svn)
Closes: 359234
Changes:
subversion (1.3.0-5) unstable; urgency=high
.
* rpath.patch: Delete rpaths for apache2 modules. (Closes: #359234)
- rules: Do not override INSTALL_MOD_SHARED, this is no longer needed
- libapache2-svn.install: Use modules from the install, not from
the build tree
Files:
225c0d5097fba4856d13701d602025bc 1325 devel optional subversion_1.3.0-5.dsc
0a825d740f9efe55fff437f504e7217a 42723 devel optional
subversion_1.3.0-5.diff.gz
796c071c595fabb6c5cd64a95fcea146 1034956 doc extra libsvn-doc_1.3.0-5_all.deb
8bd8f46630b714690cca777e4d31c96a 121148 admin extra
subversion-tools_1.3.0-5_all.deb
3f9ed7a8459ed23a678e5610c1008651 958 devel optional libsvn-ruby_1.3.0-5_all.deb
64f92a9fc4acc89cb238fcf8bb9c891d 940780 devel optional
subversion_1.3.0-5_i386.deb
01907df1a5f2883af6b4288cfb1514dd 542180 libs optional libsvn0_1.3.0-5_i386.deb
5c929e58bf61564f9fb5606bbe116790 756556 libdevel extra
libsvn0-dev_1.3.0-5_i386.deb
68d719f4af7f89ed33adef317ba56bac 113676 net optional
libapache2-svn_1.3.0-5_i386.deb
ad8df6d620c725ba32e71aa020a3b423 521954 python optional
python-subversion_1.3.0-5_i386.deb
c6316a6de6c832935aad2e4ed58d3d42 190706 devel optional
libsvn-javahl_1.3.0-5_i386.deb
622b7a16321a601142542179a67944c4 733960 perl optional
libsvn-core-perl_1.3.0-5_i386.deb
867e3b5feb7933ebbd2cc84953a663f9 325720 devel optional
libsvn-ruby1.8_1.3.0-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFEKQngDecnbV4Fd/IRAqUGAKD58sMyiqALyxwkLhxPb1u2KtI4TgCgqaMq
0iLC8+gBe7hVMe1Zd3zFi1I=
=Sd1J
-----END PGP SIGNATURE-----
--- End Message ---
