-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.0 Source: subversion Binary: subversion, subversion-dbg, libsvn1, libsvn-dev, libsvn-doc, libapache2-mod-svn, libapache2-svn, python-subversion, subversion-tools, libsvn-java, libsvn-perl, ruby-svn, libsvn-ruby1.8 Architecture: any all Version: 1.9.0-1 Maintainer: Peter Samuelson <[email protected]> Uploaders: James McCoy <[email protected]> Homepage: http://subversion.apache.org/ Standards-Version: 3.9.5 Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-subversion/src/1.9.x/ Vcs-Svn: svn://anonscm.debian.org/pkg-subversion/src/1.9.x/ Testsuite: autopkgtest Build-Depends: apache2-dev (>= 2.4.16), autoconf, autotools-dev, bash-completion, debhelper (>= 8), default-jdk (>= 2:1.6) [!hurd-i386 !kfreebsd-amd64 !kfreebsd-i386 !hppa !m68k !sparc !sparc64], dh-apache2, dh-python, doxygen, junit [!hurd-i386 !kfreebsd-amd64 !kfreebsd-i386 !hppa !m68k !sparc !sparc64], kdelibs5-dev, libapr1-dev, libaprutil1-dev, libdb5.3-dev, libdbus-1-dev, libgnome-keyring-dev, libperl-dev, libsasl2-dev, libserf-dev (>= 1.3.4), libsqlite3-dev (>= 3.7.12), libtool, perl, python-all-dev (>= 2.7), quilt, ruby, ruby-dev, swig, zlib1g-dev Build-Conflicts: libsvn-dev (<< 1.9~) Package-List: libapache2-mod-svn deb httpd optional arch=any libapache2-svn deb oldlibs extra arch=all libsvn-dev deb libdevel extra arch=any libsvn-doc deb doc extra arch=all libsvn-java deb java optional arch=any libsvn-perl deb perl optional arch=any libsvn-ruby1.8 deb oldlibs extra arch=all libsvn1 deb libs optional arch=any python-subversion deb python optional arch=any ruby-svn deb ruby optional arch=any subversion deb vcs optional arch=any subversion-dbg deb debug extra arch=any subversion-tools deb vcs extra arch=any Checksums-Sha1: 59958ee5e112a242c37d829331dde38affe2337a 10531048 subversion_1.9.0.orig.tar.gz 10fd8b806774c5819bb91cec2f90d0e7831d0e11 284298 subversion_1.9.0-1.diff.gz Checksums-Sha256: 703ebece4e0fddbde6877dd3d2a9ac78314ae712a8a6ff8f48a5b104861d7fb2 10531048 subversion_1.9.0.orig.tar.gz 27877901906c865c0f73c5eec04e52d09bd6de134f63bb7889bfe5db6d2d5ed2 284298 subversion_1.9.0-1.diff.gz Files: 055edda79b1d01d645fba197b782350e 10531048 subversion_1.9.0.orig.tar.gz 6ca073c489b99842dd7108005b529c6e 284298 subversion_1.9.0-1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJVxWr/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5MUJGQkY0RDY5NTZCRDVERjdCNzJEMjNE RkU2OTFBRTMzMUJBM0RCAAoJEN/mka4zG6PbaHMQAJaN7WyRYRG6wvjEyIzagzS/ v5Twa4/AyW9VZKNe3BZ2kY8Viwv8fjj385ZeXIk7P/xH0H+Oz9sw3ZKVx4x2/NzD +mUr+Bl1nGV5yhZrRdzWs7HvLvM9Cc1e8gcmpbc8AeIvOxGSlIQ+iL3NWRGlLhrO nd2+PY+1LtIGip6gMF5KDD/6IcbfKJarONUQjcIwsvk4sVwRgf8itaPKww46yOhF TTano9cq5qEn8pYcc996G6njBGFkrHafhtA8x8INNaMrojR3acE4h3ywa5EWBRha +eVdW3AtHZAOxDeEnhZ5YSyWAzag78Lw/Ffte/kCOD4ti6zY3miv4a0CrLDPPaax pTqRoZcJJ+KI9LE7iJxlXHmdP/C11upxxVxTPLl1UEN9G/8E8DQI/wXtJfsdQava SCZT5LOfPOYL5ctngrpq+Ea/2YiEhKH6MCYZazhIyYZWEDSXnUU5f5rbQdDXZe0C Wmia0aTx/zP08kGNbNOnLB8AuDojRYA38d6a2CJpDATgGN8iWcdI/51IZpi3RAfI zqxTUKMOxLttzUB9l5wegfFh9ubT0WPfImfFfq2zjdCElA8ecAMIHK9WisuaZjEB udQ+/VZvbkMLyWNZQzS/YMDaVjnfPVTl6ysC2EqXKohMQmp3TaqpNq2SzJJr/mye tTMT5QNGJfD8B77vGpCx =krWX -----END PGP SIGNATURE----- Changes: subversion (1.9.0-1) unstable; urgency=medium * Upload to unstable * New upstream release. + Security fixes - CVE-2015-3184: Mixed anonymous/authenticated path-based authz with httpd 2.4 - CVE-2015-3187: svn_repos_trace_node_locations() reveals paths hidden by authz * Add >= 2.7 requirement for python-all-dev Build-Depends, needed to run tests. * Remove Build-Conflicts against ruby-test-unit. (Closes: #791844) * Remove patches/apache_module_dependency in favor of expressing the dependencies in authz_svn.load/dav_svn.load. * Build-Depend on apache2-dev (>= 2.4.16) to ensure ap_some_authn_required() is available when building mod_authz_svn and Depend on apache2-bin (>= 2.4.16) for runtime support. -- James McCoy <[email protected]> Fri, 07 Aug 2015 21:32:47 -0400
