Re: 1.9.4 fix
Op 27-apr.-2016 16:17 schreef "Terry Dooher" : > > Hi all, > > > > I’m in the process of dump/loading our repositories to take advantage of FSFS format 7. Looking at the change list for 1.9.4 (out tomorrow), it shows: > >fsfs: fix a rare source of incomplete dump files and reports (r1717876) > > > > I’m having trouble finding a layman’s explanation of what this issue means, however. (I’ve read https://issues.apache.org/jira/browse/SVN-4554 but it doesn’t make much sense to me.) In practical terms, I’m running through several hundred thousand revisions across 20 repositories. Is there a chance this bug could happen silently and corrupt a dump in a way that wouldn’t be picked up during svnadmin load (or by ‘svnadmin verify’ following the load)? > > > > I’m on 1.9.2 now. Should I wait for 1.9.4 to do this? > I would use at least 1.9.3 for the process running 'svnadmin dump', because of this fix in 1.9.3: * svnadmin dump: preserve no-op changes (r1709388 et al, issue #4598) Otherwise your new repository might be slightly different from the original regarding no-op changes (see the issue [1] for more explanation). Concerning issue #4554 I'm not sure. From the issue description it sounds like quite a rare edge case that you would only very rarely see in a real world repository (and since it talks about dump files being broken, I'm assuming you would detect it when loading the dump). But maybe stefan2 or someone else knows more about the circumstances for this issue, whether it's likely to occur in the wild, and what the visible consequences would be? -- Johan [1] https://issues.apache.org/jira/plugins/servlet/mobile#issue/SVN-4598
RE: 1.9.4 fix
From: Johan Corveleyn [mailto:jcor...@gmail.com] Sent: 28 April 2016 08:36 > Op 27-apr.-2016 16:17 schreef "Terry Dooher" : > > > > I’m on 1.9.2 now. Should I wait for 1.9.4 to do this? > > > I would use at least 1.9.3 for the process running 'svnadmin dump', because > of this fix in 1.9.3: > * svnadmin dump: preserve no-op changes (r1709388 et al, issue #4598) > Otherwise your new repository might be slightly different from the original > regarding no-op changes (see the issue [1] for more explanation). Thanks; that's a good point. I'll use a build of svnadmin 1.9.3 for the dumps/loads, at least; though I'll wait to see what Stefan has to say regarding #4554 before I go ahead. Cheers, Terry.
[ANNOUNCE][SECURITY] Apache Subversion 1.8.16 released
I'm happy to announce the release of Apache Subversion 1.8.16. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download/#supported-releases This release fixes two security issues: CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm. http://subversion.apache.org/security/CVE-2016-2167-advisory.txt CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check. http://subversion.apache.org/security/CVE-2016-2168-advisory.txt The SHA1 checksums are: 9596643a2728c55a4e54ff38608fde09b27fa494 subversion-1.8.16.tar.bz2 50d3004b57d714247158374694c9f06ba852e88a subversion-1.8.16.tar.gz 5a23082a998133be85efd0b5b81ef91d6b87fdd5 subversion-1.8.16.zip PGP Signatures are available at: http://www.apache.org/dist/subversion/subversion-1.8.16.tar.bz2.asc http://www.apache.org/dist/subversion/subversion-1.8.16.tar.gz.asc http://www.apache.org/dist/subversion/subversion-1.8.16.zip.asc For this release, the following people have provided PGP signatures: Branko Čibej [4096R/A347943F] with fingerprint: BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F Evgeny Kotkov [4096R/09F9FA74] with fingerprint: E7B2 A7F4 EC28 BE9F F8B3 8BA4 B64F FF12 09F9 FA74 Ivan Zhakov [4096R/F6AD8147] with fingerprint: 4829 8F0F E47F 4B8A 43FD 6525 919F 6F61 F6AD 8147 Johan Corveleyn [4096R/010C8AAD] with fingerprint: 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD Philip Martin [2048R/ED1A599C] with fingerprint: A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C Stefan Fuhrmann [4096R/57921ACC] with fingerprint: 056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC Stefan Sperling [2048R/9A59B973] with fingerprint: 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 Release notes for the 1.8.x release series may be found at: http://subversion.apache.org/docs/release-notes/1.8.html You can find the list of changes between 1.8.16 and earlier versions at: http://svn.apache.org/repos/asf/subversion/tags/1.8.16/CHANGES Questions, comments, and bug reports to users@subversion.apache.org. Thanks, - The Subversion Team
[ANNOUNCE][SECURITY] Apache Subversion 1.9.4 released
I'm happy to announce the release of Apache Subversion 1.9.4. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download/#recommended-release This release fixes two security issues: CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm. http://subversion.apache.org/security/CVE-2016-2167-advisory.txt CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check. http://subversion.apache.org/security/CVE-2016-2168-advisory.txt The SHA1 checksums are: bc7d51fdda43bea01e1272dfe9d23d0a9d6cd11c subversion-1.9.4.tar.bz2 43a7e47c1fca0ed9ba79564bdcd2d7ba0cbfb905 subversion-1.9.4.tar.gz ff55b2161e22d4eb61f1d2294995b97295a2cb2d subversion-1.9.4.zip PGP Signatures are available at: http://www.apache.org/dist/subversion/subversion-1.9.4.tar.bz2.asc http://www.apache.org/dist/subversion/subversion-1.9.4.tar.gz.asc http://www.apache.org/dist/subversion/subversion-1.9.4.zip.asc For this release, the following people have provided PGP signatures: Bert Huijben [4096R/CCC8E1DF] with fingerprint: 3D1D C66D 6D2E 0B90 3952 8138 C4A6 C625 CCC8 E1DF Branko Čibej [4096R/A347943F] with fingerprint: BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F Evgeny Kotkov [4096R/09F9FA74] with fingerprint: E7B2 A7F4 EC28 BE9F F8B3 8BA4 B64F FF12 09F9 FA74 Ivan Zhakov [4096R/F6AD8147] with fingerprint: 4829 8F0F E47F 4B8A 43FD 6525 919F 6F61 F6AD 8147 Johan Corveleyn [4096R/010C8AAD] with fingerprint: 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD Philip Martin [2048R/ED1A599C] with fingerprint: A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C Stefan Fuhrmann [4096R/57921ACC] with fingerprint: 056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC Stefan Sperling [2048R/9A59B973] with fingerprint: 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 Release notes for the 1.9.x release series may be found at: http://subversion.apache.org/docs/release-notes/1.9.html You can find the list of changes between 1.9.4 and earlier versions at: http://svn.apache.org/repos/asf/subversion/tags/1.9.4/CHANGES Questions, comments, and bug reports to users@subversion.apache.org. Thanks, - The Subversion Team
