RFS: subversion (updated package) [lenny-backports]
Dear mentors/backporters, I am looking for a sponsor for the new version 1.5.6dfsg-1~bpo50+1 of my package "subversion". It builds these binary packages: libapache2-svn - Subversion server modules for Apache libsvn-dev - Development files for Subversion libraries libsvn-doc - Developer documentation for libsvn libsvn-java - Java bindings for Subversion libsvn-perl - Perl bindings for Subversion libsvn-ruby - Ruby bindings for Subversion (dummy package) libsvn-ruby1.8 - Ruby bindings for Subversion libsvn1- Shared libraries used by Subversion python-subversion - Python bindings for Subversion subversion - Advanced version control system subversion-tools - Assorted tools related to Subversion The package can be found on mentors.debian.net: - URL: http://mentors.debian.net/debian/pool/main/s/subversion - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - dget http://mentors.debian.net/debian/pool/main/s/subversion/subversion_1.5.6dfsg-1~bpo50+1.dsc Sources are tracked on svn.debian.org: http://svn.debian.org/wsvn/pkg-subversion/src/lenny-backpo...@964 I would be glad if someone uploaded this package for me. Kind regards -- Michael Diers, Software Developer elego Software Solutions GmbH, http://www.elego.de -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
RFS: subversion (updated package, bpo50, lenny-backports)
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Dear mentors/backporters, I am looking for a sponsor for the new version 1.6.4dfsg-1~bpo50+1 of my package "subversion". It builds these binary packages: libapache2-svn - Subversion server modules for Apache libsvn-dev - Development files for Subversion libraries libsvn-doc - Developer documentation for libsvn libsvn-java - Java bindings for Subversion libsvn-perl - Perl bindings for Subversion libsvn-ruby - Ruby bindings for Subversion (dummy package) libsvn-ruby1.8 - Ruby bindings for Subversion libsvn1- Shared libraries used by Subversion python-subversion - Python bindings for Subversion subversion - Advanced version control system subversion-tools - Assorted tools related to Subversion The package can be found on mentors.debian.net: - - URL: http://mentors.debian.net/debian/pool/main/s/subversion - - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - - dget http://mentors.debian.net/debian/pool/main/s/subversion/subversion_1.6.4dfsg-1~bpo50+1.dsc I would be glad if someone uploaded this package for me. Subversion 1.6.4 is currently in "unstable", not "testing". However, the only difference to Subversion 1.6.3 is the recent security fix (CVE-2009-2411). http://www.debian.org/security/2009/dsa-1855 Kind regards - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) iEYEAREDAAYFAkqIBPYACgkQcEKlWnqVgz0PvACdER1u8KvVlj3NHqixSrys82ma KIEAni/WwBHztbBx4s8Pw/UwtrzccZiH =Jpix -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
RFS: subversion (updated package) [lenny-backports, 1.6.9dfsg-1~bpo50+1]
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Dear mentors/backporters, I am looking for a sponsor for the new version 1.6.9dfsg-1~bpo50+1 of my package "subversion". Since 2010-01-31, the version in "testing" is 1.6.9dfsg-1. This backport omits the optional ra_serf repository access method and uses OpenJDK to build the javahl bindings. Changes: subversion (1.6.9dfsg-1~bpo50+1) lenny-backports; urgency=low . * Rebuild for lenny-backports. * Disable ra_serf, need a newer version than the one in lenny. * Build-depend on libdb4.6-dev, suggest db4.6-util. * Build-depend on openjdk-6-jdk instead of gcj-jdk. * Depend on openjdk-6-jre-headless instead of gij. It builds these binary packages: libapache2-svn - Subversion server modules for Apache libsvn-dev - Development files for Subversion libraries libsvn-doc - Developer documentation for libsvn libsvn-java - Java bindings for Subversion libsvn-perl - Perl bindings for Subversion libsvn-ruby - Ruby bindings for Subversion (dummy package) libsvn-ruby1.8 - Ruby bindings for Subversion libsvn1- Shared libraries used by Subversion python-subversion - Python bindings for Subversion subversion - Advanced version control system subversion-tools - Assorted tools related to Subversion The package can be found on mentors.debian.net: - - URL: http://mentors.debian.net/debian/pool/main/s/subversion - - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - - dget http://mentors.debian.net/debian/pool/main/s/subversion/subversion_1.6.9dfsg-1~bpo50+1.dsc - - VCS: svn://svn.debian.org/pkg-subversion/1.6.x/ - - VCS browser: http://svn.debian.org/wsvn/pkg-subversion/src/lenny-backports-1.6.x/ I would be glad if someone uploaded this package for me. Kind regards - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) iEYEAREDAAYFAkvcgjUACgkQcEKlWnqVgz07VQCgopxChM+QQ030Nerljs9ijrdN hEIAni4Lk/TDhnLMdNPXvvM77kbFXpPj =vLNI -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4bdc8237.4070...@elego.de
Re: RFS: subversion (updated package) [lenny-backports, 1.6.9dfsg-1~bpo50+1]
Michael Diers wrote: > I am looking for a sponsor for the new version 1.6.9dfsg-1~bpo50+1 > of my package "subversion". [...] > I would be glad if someone uploaded this package for me. Thanks to Dominic Hargreaves for uploading to backports. subversion (1.6.9dfsg-1~bpo50+1) [backports] http://packages.debian.org/source/lenny-backports/subversion https://buildd.debian.org/status/package.php?p=subversion&suite=lenny-backports Binary packages for alpha, amd64 and i386 have been built and/or installed. I noticed that, on alpha at least, no Java bindings have been generated. If there is public demand, I'll fix that in an updated package. -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4bdfd3c5.3020...@elego.de
RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-1~bpo50+2]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear mentors and backporters, I am looking for a sponsor for the new version 1.6.12dfsg-1~bpo50+2 of my package "subversion". subversion (1.6.12dfsg-1~bpo50+2) lenny-backports; urgency=medium * Rebuild for lenny-backports. * Disable ra_serf, need a newer version than the one in lenny. * Build-depend on libdb4.6-dev, suggest db4.6-util. * Build-depend on openjdk-6-jdk instead of gcj-jdk. * Depend on openjdk-6-jre-headless instead of gij. * control: Fix version control URLs. -- Michael Diers Mon, 28 Jun 2010 15:13:50 +0200 It builds these binary packages: libapache2-svn - Subversion server modules for Apache libsvn-dev - Development files for Subversion libraries libsvn-doc - Developer documentation for libsvn libsvn-java - Java bindings for Subversion libsvn-perl - Perl bindings for Subversion libsvn-ruby - Ruby bindings for Subversion (dummy package) libsvn-ruby1.8 - Ruby bindings for Subversion libsvn1- Shared libraries used by Subversion python-subversion - Python bindings for Subversion subversion - Advanced version control system subversion-tools - Assorted tools related to Subversion The package can be found on mentors.debian.net: - - URL: http://mentors.debian.net/debian/pool/main/s/subversion - - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - - dget http://mentors.debian.net/debian/pool/main/s/subversion/subversion_1.6.12dfsg-1~bpo50+2.dsc Version Control System: - - VCS: svn://svn.debian.org/pkg-subversion/src/lenny-backports-1.6.x/ - - VCS browser: http://svn.debian.org/wsvn/pkg-subversion/src/lenny-backports-1.6.x/ I would be glad if someone uploaded this package for me. Kind regards - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwotWkACgkQcEKlWnqVgz3g4gCgoeh4bnPMJdgDkpAcRYVsZA9y iukAnAibp13GxxCKDS2tMZWsG+8wdAET =w2hT -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c28b569.1090...@elego.de
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-1~bpo50+2]
On 2010-06-28 16:44, Michael Diers wrote: > I am looking for a sponsor for the new version 1.6.12dfsg-1~bpo50+2 > of my package "subversion". > > subversion (1.6.12dfsg-1~bpo50+2) lenny-backports; urgency=medium > > * Rebuild for lenny-backports. > * Disable ra_serf, need a newer version than the one in lenny. > * Build-depend on libdb4.6-dev, suggest db4.6-util. > * Build-depend on openjdk-6-jdk instead of gcj-jdk. > * Depend on openjdk-6-jre-headless instead of gij. > * control: Fix version control URLs. > > -- Michael Diers Mon, 28 Jun 2010 15:13:50 +0200 > > It builds these binary packages: > libapache2-svn - Subversion server modules for Apache > libsvn-dev - Development files for Subversion libraries > libsvn-doc - Developer documentation for libsvn > libsvn-java - Java bindings for Subversion > libsvn-perl - Perl bindings for Subversion > libsvn-ruby - Ruby bindings for Subversion (dummy package) > libsvn-ruby1.8 - Ruby bindings for Subversion > libsvn1- Shared libraries used by Subversion > python-subversion - Python bindings for Subversion > subversion - Advanced version control system > subversion-tools - Assorted tools related to Subversion > > The package can be found on mentors.debian.net: > - URL: http://mentors.debian.net/debian/pool/main/s/subversion > - Source repository: deb-src http://mentors.debian.net/debian unstable > main contrib non-free > - dget > http://mentors.debian.net/debian/pool/main/s/subversion/subversion_1.6.12dfsg-1~bpo50+2.dsc > > Version Control System: > - VCS: svn://svn.debian.org/pkg-subversion/src/lenny-backports-1.6.x/ > - VCS browser: > http://svn.debian.org/wsvn/pkg-subversion/src/lenny-backports-1.6.x/ > > I would be glad if someone uploaded this package for me. Dear mentors and backporters, has anyone had a chance to look at the new Subversion backport? Is there anything wrong with the package? I would appreciate some sort of feedback. Thank you. Cheers, -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c2e7274.4020...@elego.de
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-1~bpo50+2]
On 2010-07-03 05:54, Matt Taggart wrote: > Hi Michael, > > Just a couple comments based on the changelog, I haven't looked at the > packages. Matt, thanks a bundle for having a look. >>> subversion (1.6.12dfsg-1~bpo50+2) lenny-backports; urgency=medium >>> >>> * Rebuild for lenny-backports. >>> * Disable ra_serf, need a newer version than the one in lenny. > > How about backporting a newer serf instead so you don't have to lose the > functionality? As long as the build dependencies and dependencies are > versioned properly (and you know they already are) then everything will > just work at build time and run time. The BPO buildd's are also smart > enough to deal with it. > > It looks like it backports cleanly with no changes. > > (BTW if you run into a reason why the package doesn't build or run because > it needs a versioned build-dep/dep to the backport and also file a bug on > the package to have it added) Yes, that would be pretty easy to do. Previous 1.6.x lenny-backports did not require the updated serf, though. Not sure if it'a a good thing to introduce a new run-time dependency at this point in time. >>> * Build-depend on libdb4.6-dev, suggest db4.6-util. >>> * Build-depend on openjdk-6-jdk instead of gcj-jdk. >>> * Depend on openjdk-6-jre-headless instead of gij. > > I think these probably make more sense than trying to backport all that > stuff (assuming everything still works OK with the older versions). Well, that's backports.org policy. Admittedly not the OpenJDK part, but the libdb4.6 bit. One blends in with the "stable" run-time environment. > >>> * control: Fix version control URLs. > > I wouldn't bother fixing these for the backport. OK, but then again the backport changes are in a different branch than the "testing" source. Moreover, the bpo50+1 version control URLs were wrong. And I had to touch debian/control anyway. So there :) Cheers, -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c327fa5.8050...@elego.de
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-1~bpo50+2]
On 2010-07-06 02:58, Michael Diers wrote: > On 2010-07-03 05:54, Matt Taggart wrote: >> Hi Michael, >> >> Just a couple comments based on the changelog, I haven't looked at the >> packages. > > Matt, > > thanks a bundle for having a look. > >>>> subversion (1.6.12dfsg-1~bpo50+2) lenny-backports; urgency=medium >>>> >>>> * Rebuild for lenny-backports. >>>> * Disable ra_serf, need a newer version than the one in lenny. >> >> How about backporting a newer serf instead so you don't have to lose the >> functionality? As long as the build dependencies and dependencies are >> versioned properly (and you know they already are) then everything will >> just work at build time and run time. The BPO buildd's are also smart >> enough to deal with it. >> >> It looks like it backports cleanly with no changes. >> >> (BTW if you run into a reason why the package doesn't build or run because >> it needs a versioned build-dep/dep to the backport and also file a bug on >> the package to have it added) > > Yes, that would be pretty easy to do. Previous 1.6.x lenny-backports did > not require the updated serf, though. Not sure if it'a a good thing to > introduce a new run-time dependency at this point in time. > >>>> * Build-depend on libdb4.6-dev, suggest db4.6-util. >>>> * Build-depend on openjdk-6-jdk instead of gcj-jdk. >>>> * Depend on openjdk-6-jre-headless instead of gij. >> >> I think these probably make more sense than trying to backport all that >> stuff (assuming everything still works OK with the older versions). > > Well, that's backports.org policy. Admittedly not the OpenJDK part, but > the libdb4.6 bit. One blends in with the "stable" run-time environment. > >> >>>> * control: Fix version control URLs. >> >> I wouldn't bother fixing these for the backport. > > OK, but then again the backport changes are in a different branch than > the "testing" source. Moreover, the bpo50+1 version control URLs were > wrong. And I had to touch debian/control anyway. So there :) Dear mentors and backporters, here's another attempt at soliciting sponsorship for my update to the Subversion package in lenny-backports. As it stands, the package is a straightforward update to my previous backport 1.6.9dfsg-1~bpo50+1. Unless Matt's comments above are regarded as critical, I kindly ask that the package be uploaded to backports.org. Thank you. -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c3d9041.8030...@elego.de
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-1~bpo50+2]
On 2010-07-15 07:58, Simon Horman wrote: > On Wed, Jul 14, 2010 at 12:24:01PM +0200, Michael Diers wrote: >> Dear mentors and backporters, >> >> here's another attempt at soliciting sponsorship for my update to the >> Subversion package in lenny-backports. >> >> As it stands, the package is a straightforward update to my previous >> backport 1.6.9dfsg-1~bpo50+1. Unless Matt's comments above are regarded >> as critical, I kindly ask that the package be uploaded to backports.org. > > Hi Michael, > > I'll handle this if you don't have any other volunteers. Simon, thank you, that's much appreciated. Cheers, -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c3f42a5.1000...@elego.de
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-1~bpo50+2]
On 2010-07-15 19:17, Michael Diers wrote: > On 2010-07-15 07:58, Simon Horman wrote: >> On Wed, Jul 14, 2010 at 12:24:01PM +0200, Michael Diers wrote: >>> Dear mentors and backporters, >>> >>> here's another attempt at soliciting sponsorship for my update to the >>> Subversion package in lenny-backports. >>> >>> As it stands, the package is a straightforward update to my previous >>> backport 1.6.9dfsg-1~bpo50+1. Unless Matt's comments above are regarded >>> as critical, I kindly ask that the package be uploaded to backports.org. >> >> Hi Michael, >> >> I'll handle this if you don't have any other volunteers. > > Simon, > > thank you, that's much appreciated. Simon has uploaded the package and buildds are starting to pick it up. (Thanks again, Simon.) I'll shortly delete the package on mentors.debian.net. https://buildd.debian.org/pkg.cgi?pkg=subversion&maint=&dist=lenny-backports -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c50acff.4090...@elegosoft.com
RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-2~bpo50+1]
Dear mentors and backporters, I am looking for a sponsor for the new version 1.6.12dfsg-2~bpo50+1 of my existing backport of package "subversion". Please note that 1.6.12dfsg-2 is currently in "unstable" and will take a few days to migrate to "testing"; however, this update addresses CVE-2010-3315 for the existing backport. subversion (1.6.12dfsg-2~bpo50+1) lenny-backports; urgency=low * Rebuild for lenny-backports. * Disable ra_serf, need a newer version than the one in lenny. * Build-depend on libdb4.6-dev, suggest db4.6-util. * Build-depend on openjdk-6-jdk instead of gcj-jdk. * Depend on openjdk-6-jre-headless instead of gij. -- Michael Diers Sat, 02 Oct 2010 14:09:21 +0200 subversion (1.6.12dfsg-2) unstable; urgency=medium * patches/cve-2010-3315: New patch for CVE-2010-3315, whereby, in rare configurations, mod_dav_svn could give too much access to authorized users. * control: Update Vcs-* fields, Homepage, Policy to 3.9.1 (no changes), tweak python version declaration (Closes: #587853). -- Peter Samuelson Fri, 01 Oct 2010 12:11:10 -0500 The package can be found on mentors.debian.net: - URL: http://mentors.debian.net/debian/pool/main/s/subversion - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - dget http://mentors.debian.net/debian/pool/main/s/subversion/subversion_1.6.12dfsg-2~bpo50+1.dsc Version Control System: - VCS: svn://svn.debian.org/pkg-subversion/src/lenny-backports-1.6.x/ - VCS browser: http://svn.debian.org/wsvn/pkg-subversion/src/lenny-backports-1.6.x/ I would be glad if someone uploaded this package for me. Kind regards -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4ca786e6.4060...@elego.de
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-2~bpo50+1]
On 2010-10-02 22:28, Niels Thykier wrote: > On 2010-10-02 22:25, Jesús M. Navarro wrote: >> Hi, Michael: > >> On Saturday 02 October 2010 21:24:22 Michael Diers wrote: >>> Dear mentors and backporters, >>> >>> I am looking for a sponsor for the new version 1.6.12dfsg-2~bpo50+1 >>> of my existing backport of package "subversion". >>> >>> Please note that 1.6.12dfsg-2 is currently in "unstable" and will take a >>> few days to migrate to "testing"; however, this update addresses >>> CVE-2010-3315 for the existing backport. >>> >>> subversion (1.6.12dfsg-2~bpo50+1) lenny-backports; urgency=low >>> >>> * Rebuild for lenny-backports. >>> * Disable ra_serf, need a newer version than the one in lenny. >>> * Build-depend on libdb4.6-dev, suggest db4.6-util. >>> * Build-depend on openjdk-6-jdk instead of gcj-jdk. >>> * Depend on openjdk-6-jre-headless instead of gij. > >> Just out of curiosity: how is it that subversion depends on jdk/jre? [...] > I would assume that (Build-)Depends relate to libsvn-java binary package > without actually having checked the control file. Absolutely, the runtime dependency on a JRE is for libsvn-java only. I chose to prefer openjdk-6-jre-headless because gij is not able to complete Subversion's own test suite for the Java bindings without error. I just realized I inadvertently deleted the list of packages from the RFS. Here it is for completeness: It builds these binary packages: libapache2-svn - Subversion server modules for Apache libsvn-dev - Development files for Subversion libraries libsvn-doc - Developer documentation for libsvn libsvn-java - Java bindings for Subversion libsvn-perl - Perl bindings for Subversion libsvn-ruby - Ruby bindings for Subversion (dummy package) libsvn-ruby1.8 - Ruby bindings for Subversion libsvn1- Shared libraries used by Subversion python-subversion - Python bindings for Subversion subversion - Advanced version control system subversion-tools - Assorted tools related to Subversion -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4ca7a956.3010...@elego.de
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-2~bpo50+1]
On 2010-10-02 21:24, Michael Diers wrote: > I am looking for a sponsor for the new version 1.6.12dfsg-2~bpo50+1 > of my existing backport of package "subversion". > > Please note that 1.6.12dfsg-2 is currently in "unstable" and will take a > few days to migrate to "testing"; however, this update addresses > CVE-2010-3315 for the existing backport. Subversion 1.6.12dfsg-2 has been migrated to "testing". Anyone interested in uploading the backport? -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4cae087d.3050...@elego.de
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-2~bpo50+1]
On 2010-10-07 19:50, Michael Diers wrote: > On 2010-10-02 21:24, Michael Diers wrote: >> I am looking for a sponsor for the new version 1.6.12dfsg-2~bpo50+1 >> of my existing backport of package "subversion". >> >> Please note that 1.6.12dfsg-2 is currently in "unstable" and will take a >> few days to migrate to "testing"; however, this update addresses >> CVE-2010-3315 for the existing backport. > > Subversion 1.6.12dfsg-2 has been migrated to "testing". Anyone > interested in uploading the backport? Never mind, Peter Samuelson has volunteered to upload the package to "lenny-backports". Thanks, Peter. -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4caec00d.6000...@elego.de
RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-4~bpo50+1]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear mentors and backporters, I am looking for a sponsor for the new version 1.6.12dfsg-4~bpo50+1 of my existing backport of package "subversion". On 2011-01-09, subversion 1.6.12dfsg-4 has migrated to testing. It addresses the following issues: CVE-2010-4539: crash in mod_dav_svn when using SVNParentPath http://security-tracker.debian.org/tracker/CVE-2010-4539 CVE-2010-4644: fix server-side memory leaks triggered by 'blame -g' http://security-tracker.debian.org/tracker/CVE-2010-4644 It builds these binary packages: libapache2-svn - Subversion server modules for Apache libsvn-dev - Development files for Subversion libraries libsvn-doc - Developer documentation for libsvn libsvn-java - Java bindings for Subversion libsvn-perl - Perl bindings for Subversion libsvn-ruby - Ruby bindings for Subversion (dummy package) libsvn-ruby1.8 - Ruby bindings for Subversion libsvn1- Shared libraries used by Subversion python-subversion - Python bindings for Subversion subversion - Advanced version control system subversion-tools - Assorted tools related to Subversion The package can be found on mentors.debian.net: - - URL: http://mentors.debian.net/debian/pool/main/s/subversion - - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - - dget http://mentors.debian.net/debian/pool/main/s/subversion/subversion_1.6.12dfsg-4~bpo50+1.dsc Version Control System: - - VCS: svn://svn.debian.org/pkg-subversion/src/lenny-backports-1.6.x/ - - VCS browser: http://svn.debian.org/wsvn/pkg-subversion/src/lenny-backports-1.6.x/ I would be glad if someone uploaded this package for me. Kind regards - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0qbP0ACgkQcEKlWnqVgz1okwCfQb5SHRFGeeycr5nnoG6U2/v7 FLQAoLBbJlvVTqR7wIHKwvjvKpluy3cR =u8Uc -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d2a6cfd.6090...@elego.de
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-4~bpo50+1]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-01-10 15:57, Sven Hoexter wrote: > On Mon, Jan 10, 2011 at 03:48:09PM +0100, Alexander Wirt wrote: > >> Again? I already assigned one today (017) > > Eh. Interesting. Looks like I jumped in the middle of someone else work. :-/ So you did :) Thank you for the upload. I'll release BSA-017 promptly. - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0rH6gACgkQcEKlWnqVgz3fcwCgvnwQCRAaDO1idvO4YEhuNYVr B3EAoLymujPc3iHze7SRDrKVug9fhOUV =x3HW -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d2b1fa8.9080...@elego.de
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-4~bpo50+1]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-01-10 03:20, Michael Diers wrote: > Dear mentors and backporters, > > I am looking for a sponsor for the new version 1.6.12dfsg-4~bpo50+1 > of my existing backport of package "subversion". [...] Sven Hoexter has uploaded the package. Thanks, Sven. - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0rJqoACgkQcEKlWnqVgz1+1ACdGS3UdhfK9HWVlZlKy3Nr9K9x jW4Anj5VOc1rup9u5M76uDGadbyeamzg =xd3h -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d2b26aa.8060...@elego.de
RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-5~bpo50+1]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear mentors and backporters, I am looking for a sponsor for the new version 1.6.12dfsg-5~bpo50+1 of my existing backport of package "subversion". The new version addresses the following issues, please see also the attached BSA draft notice: CVE-2011-0715 Subversion's mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if a lock token is sent in a HTTP request by a Subversion client which has not authenticated to the server. http://subversion.apache.org/security/CVE-2011-0715-advisory.txt It builds these binary packages: libapache2-svn - Subversion server modules for Apache libsvn-dev - Development files for Subversion libraries libsvn-doc - Developer documentation for libsvn libsvn-java - Java bindings for Subversion libsvn-perl - Perl bindings for Subversion libsvn-ruby - Ruby bindings for Subversion (dummy package) libsvn-ruby1.8 - Ruby bindings for Subversion libsvn1- Shared libraries used by Subversion python-subversion - Python bindings for Subversion subversion - Advanced version control system subversion-tools - Assorted tools related to Subversion The source package and binaries packages for i386 can be found on ftp.elego.de: - - URL: ftp://ftp.elego.de/pub/packages/lenny-backports - - dget ftp://ftp.elego.de/pub/packages/lenny-backports/subversion_1.6.12dfsg-5~bpo50+1.dsc Also, the source package should eventually become available on mentors.debian.net: - - URL: http://mentors.debian.net/debian/pool/main/s/subversion - - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - - dget http://mentors.debian.net/debian/pool/main/s/subversion/subversion_1.6.12dfsg-5~bpo50+1.dsc Version Control System: - - VCS: svn://svn.debian.org/pkg-subversion/src/lenny-backports-1.6.x/ - - VCS browser: http://svn.debian.org/wsvn/pkg-subversion/src/lenny-backports-1.6.x/ I would be glad if someone uploaded this package for me. Kind regards - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1wHdYACgkQcEKlWnqVgz0i7wCgsM90mRCyMPw9xupTnEPLi4Gq qeUAoKpbDfTwhzDHYbHTVtkRyL4gkPp6 =Ym3w -END PGP SIGNATURE- [ A BSA number request for this security update is pending with t...@backports.debian.org. Please replace XXX by the number that is eventually assigned. Also please replace the placeholder with your name. ] Subject: [BSA-XXX] Security Update for subversion uploaded new packages for subversion which fixed the following security problems: CVE-2011-0715 Subversion's mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if a lock token is sent in a HTTP request by a Subversion client which has not authenticated to the server. http://subversion.apache.org/security/CVE-2011-0715-advisory.txt For the lenny-backports distribution the problems have been fixed in version 1.6.12dfsg-5~bpo50+1. For the stable distribution (squeeze) the problems have been fixed in version 1.6.12dfsg-5. For the unstable distribution (sid) the problems have been fixed in version 1.6.16dfsg-1. This version is expected to be migrated to the testing distribution (wheezy) shortly. If you don't use pinning (see [1]) you have to update the package manually via "apt-get -t lenny-backports install " with the packagelist of your installed packages affected by this update. [1] <http://backports.debian.org/Instructions> We recommend to pin (in /etc/apt/preferences) the backports repository to 200 so that new versions of installed backports will be installed automatically. Package: * Pin: release a=lenny-backports Pin-Priority: 200
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-5~bpo50+1]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-03-04 00:01, Michael Diers wrote: > Dear mentors and backporters, > > I am looking for a sponsor for the new version 1.6.12dfsg-5~bpo50+1 > of my existing backport of package "subversion". > > The new version addresses the following issues, please see also the > attached BSA draft notice: > > CVE-2011-0715 > Subversion's mod_dav_svn Apache HTTPD server module will dereference > a NULL pointer if a lock token is sent in a HTTP request by a > Subversion client which has not authenticated to the server. > http://subversion.apache.org/security/CVE-2011-0715-advisory.txt [...] The security notice is to be called BSA-026, updated draft is attached. - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1wwFUACgkQcEKlWnqVgz0p1wCghpRnrh4kdJ47kgDoLPZA0rUb HWQAniye5iwQabtfZRj6MMRVRIVxEHI3 =5KMm -END PGP SIGNATURE- [ Please replace with your name and send the text as a gpg inline signed mail to debian-backports-annou...@lists.debian.org. ] Subject: [BSA-026] Security Update for subversion uploaded new packages for subversion which fixed the following security problems: CVE-2011-0715 Subversion's mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if a lock token is sent in a HTTP request by a Subversion client which has not authenticated to the server. http://subversion.apache.org/security/CVE-2011-0715-advisory.txt For the lenny-backports distribution the problems have been fixed in version 1.6.12dfsg-5~bpo50+1. For the stable distribution (squeeze) the problems have been fixed in version 1.6.12dfsg-5. For the unstable distribution (sid) the problems have been fixed in version 1.6.16dfsg-1. This version is expected to be migrated to the testing distribution (wheezy) shortly. If you don't use pinning (see [1]) you have to update the package manually via "apt-get -t lenny-backports install " with the packagelist of your installed packages affected by this update. [1] <http://backports.debian.org/Instructions> We recommend to pin (in /etc/apt/preferences) the backports repository to 200 so that new versions of installed backports will be installed automatically. Package: * Pin: release a=lenny-backports Pin-Priority: 200
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-5~bpo50+1]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-03-04 10:35, Michael Diers wrote: > On 2011-03-04 00:01, Michael Diers wrote: >> Dear mentors and backporters, > >> I am looking for a sponsor for the new version 1.6.12dfsg-5~bpo50+1 >> of my existing backport of package "subversion". > >> The new version addresses the following issues, please see also the >> attached BSA draft notice: > >> CVE-2011-0715 >> Subversion's mod_dav_svn Apache HTTPD server module will dereference >> a NULL pointer if a lock token is sent in a HTTP request by a >> Subversion client which has not authenticated to the server. >> http://subversion.apache.org/security/CVE-2011-0715-advisory.txt > [...] > > The security notice is to be called BSA-026, updated draft is attached. Peter Samuelson uploaded this package. Thanks, Peter. - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk14HRsACgkQcEKlWnqVgz0QnwCgn/WQiN7hNuc4O3neAwoDctSS zPkAn2kOpd0GxdMpECa8kojSt3rFpf5q =/cX+ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d781d1b.7090...@elego.de
RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-6~bpo50+1]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear mentors and backporters, I am looking for a sponsor for the new version 1.6.12dfsg-6~bpo50+1 of my package "subversion". The new version addresses the following security issues: CVE-2011-1752 Subversion's mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources. CVE-2011-1783 Subversion's mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates memory in each iteration, ultimately exhausting all the available memory on the server. CVE-2011-1921 Subversion's mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users. It builds these binary packages: libapache2-svn - Subversion server modules for Apache libsvn-dev - Development files for Subversion libraries libsvn-doc - Developer documentation for libsvn libsvn-java - Java bindings for Subversion libsvn-perl - Perl bindings for Subversion libsvn-ruby - Ruby bindings for Subversion (dummy package) libsvn-ruby1.8 - Ruby bindings for Subversion libsvn1- Shared libraries used by Subversion python-subversion - Python bindings for Subversion subversion - Advanced version control system subversion-tools - Assorted tools related to Subversion The package can be found on mentors.debian.net: - - URL: http://mentors.debian.net/debian/pool/main/s/subversion - - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - - dget http://mentors.debian.net/debian/pool/main/s/subversion/subversion_1.6.12dfsg-6~bpo50+1.dsc I would be glad if someone uploaded this package for me. Kind regards Michael Diers - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3mmawACgkQcEKlWnqVgz1yJACfelo+bmwaRdgNRVd/FZn77W8o c/YAnRHJm5dD9HwKZsTMiNgdVGFIhSqk =UMoE -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4de699cd.2080...@elego.de
Re: RFS: subversion (updated package) [lenny-backports, 1.6.12dfsg-6~bpo50+1]
On 2011-06-01 21:58, Michael Diers wrote: > Dear mentors and backporters, > > I am looking for a sponsor for the new version 1.6.12dfsg-6~bpo50+1 > of my package "subversion". > > The new version addresses the following security issues: > > CVE-2011-1752 > Subversion's mod_dav_svn Apache HTTPD server module will dereference > a NULL pointer if asked to deliver baselined WebDAV resources. > > CVE-2011-1783 > Subversion's mod_dav_svn Apache HTTPD server module may in certain > scenarios enter a logic loop which does not exit and which allocates > memory in each iteration, ultimately exhausting all the available > memory on the server. > > CVE-2011-1921 > Subversion's mod_dav_svn Apache HTTPD server module may leak to > remote users the file contents of files configured to be unreadable > by those users. [...] Here's my draft of a Backports Security Announcement (also attached as BSA-037.txt): [ The BSA number below was obtained from t...@backports.debian.org. Please replace the placeholder with your name. Please send this as a gpg inline signed mail to debian-backports-annou...@lists.debian.org ] Subject: [BSA-037] Security Update for subversion uploaded new packages for subversion which fixed the following security problems: CVE-2011-1752 Subversion's mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources. http://subversion.apache.org/security/CVE-2011-1752-advisory.txt CVE-2011-1783 Subversion's mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates memory in each iteration, ultimately exhausting all the available memory on the server. http://subversion.apache.org/security/CVE-2011-1783-advisory.txt CVE-2011-1921 Subversion's mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users. http://subversion.apache.org/security/CVE-2011-1921-advisory.txt For the lenny-backports distribution the problems have been fixed in version 1.6.12dfsg-6~bpo50+1. For the stable distribution (squeeze) the problems have been fixed in version 1.6.12dfsg-6 [stable-sec]. If you don't use pinning (see [1]) you have to update the package manually via "apt-get -t lenny-backports install " with the packagelist of your installed packages affected by this update. [1] <http://backports.debian.org/Instructions> We recommend to pin (in /etc/apt/preferences) the backports repository to 200 so that new versions of installed backports will be installed automatically. Package: * Pin: release a=lenny-backports Pin-Priority: 200 -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de [ The BSA number below was obtained from t...@backports.debian.org. Please replace the placeholder with your name. Please send this as a gpg inline signed mail to debian-backports-annou...@lists.debian.org ] Subject: [BSA-037] Security Update for subversion uploaded new packages for subversion which fixed the following security problems: CVE-2011-1752 Subversion's mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources. http://subversion.apache.org/security/CVE-2011-1752-advisory.txt CVE-2011-1783 Subversion's mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates memory in each iteration, ultimately exhausting all the available memory on the server. http://subversion.apache.org/security/CVE-2011-1783-advisory.txt CVE-2011-1921 Subversion's mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users. http://subversion.apache.org/security/CVE-2011-1921-advisory.txt For the lenny-backports distribution the problems have been fixed in version 1.6.12dfsg-6~bpo50+1. For the stable distribution (squeeze) the problems have been fixed in version 1.6.12dfsg-6 [stable-sec]. If you don't use pinning (see [1]) you have to update the package manually via "apt-get -t lenny-backports install " with the packagelist of your installed packages affected by this update. [1] <http://backports.debian.org/Instructions> We recommend to pin (in /etc/apt/preferences) the backports repository to 200 so that new versions of installed backports will be installed automatically. Package: * Pin: release a=lenny-backports Pin-Priority: 200 signature.asc Description: OpenPGP digital signature
