Report forwarded
to debian-bugs-dist@lists.debian.org, Peter Samuelson <peter@p12n.org>: Bug#738841; Package subversion.
(Thu, 13 Feb 2014 11:33:06 GMT) (full text, mbox, link).
Acknowledgement sent
to vitalif@yourcmc.ru:
New Bug report received and forwarded. Copy sent to Peter Samuelson <peter@p12n.org>.
(Thu, 13 Feb 2014 11:33:06 GMT) (full text, mbox, link).
Package: subversion
Version: 1.8.5-1
Severity: minor
Tags: upstream
There is also another bug Subversion 1.8 libsvn_subr - cache->hit_count
and entry->hit_count are incremented without proper mutual exclusion
(only with read lock), so some increments get lost in multithreaded
svnserve; as it's unlikely two threads access the same entry at once,
usually cache->hit_count (not entry->hit_count) increments are lost,
which leads to cache->hit_count being less than sum(entry->hit_count).
So it may overflow during subtraction of entry->hit_count and lead to
removing of values that should not be removed from the cache in
ensure_data_insertable(). Instead of killing the performance by mutual
exclusion we may just check for possible overflow.
This doesn't affect general svnserve usability, so severity=minor.
A patch is attached; this is also an upstream issue, so I'll also try to
send it to authors.
Added tag(s) pending.
Request was from jamessan@users.alioth.debian.org
to control@bugs.debian.org.
(Fri, 21 Feb 2014 01:00:08 GMT) (full text, mbox, link).
Reply sent
to James McCoy <jamessan@debian.org>:
You have taken responsibility.
(Sat, 22 Feb 2014 16:04:47 GMT) (full text, mbox, link).
Notification sent
to vitalif@yourcmc.ru:
Bug acknowledged by developer.
(Sat, 22 Feb 2014 16:04:47 GMT) (full text, mbox, link).
Source: subversion
Source-Version: 1.8.8-1
We believe that the bug you reported is fixed in the latest version of
subversion, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 738841@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James McCoy <jamessan@debian.org> (supplier of updated subversion package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 20 Feb 2014 20:38:10 -0500
Source: subversion
Binary: subversion subversion-dbg libsvn1 libsvn-dev libsvn-doc libapache2-mod-svn libapache2-svn python-subversion subversion-tools libsvn-java libsvn-perl ruby-svn libsvn-ruby1.8
Architecture: source all amd64
Version: 1.8.8-1
Distribution: unstable
Urgency: medium
Maintainer: Peter Samuelson <peter@p12n.org>
Changed-By: James McCoy <jamessan@debian.org>
Description:
libapache2-mod-svn - Apache Subversion server modules for Apache httpd
libapache2-svn - Apache Subversion server modules for Apache httpd (dummy package)
libsvn-dev - Development files for Apache Subversion libraries
libsvn-doc - Developer documentation for libsvn
libsvn-java - Java bindings for Apache Subversion
libsvn-perl - Perl bindings for Apache Subversion
libsvn-ruby1.8 - Ruby bindings for Apache Subversion (dummy package)
libsvn1 - Shared libraries used by Apache Subversion
python-subversion - Python bindings for Apache Subversion
ruby-svn - Ruby bindings for Apache Subversion
subversion - Advanced version control system
subversion-dbg - Debug symbols for Apache Subversion
subversion-tools - Assorted tools related to Apache Subversion
Closes: 508147735446737815738650738840738841
Changes:
subversion (1.8.8-1) unstable; urgency=medium
.
* New upstream release. Refresh patches.
- Remove backported patches sqlite_3.8.x_workaround & swig-pl_build_fix
- Fix integer overflows with 32-bit svnserv, which could cause an infinite
loop (Closes: #738840) or inaccurate statistics (Closes: #738841)
- Work around SQLite not honoring umask when creating rep-cache.db.
(Closes: #735446)
- Includes security fix:
+ CVE-2014-0032: mod_dav_svn crash when handling certain requests with
SVNListParentPath on (Closes: #737815)
* Add a subversion-dbg package. (Closes: #508147)
* Bump libdb5.1-dev → libdb5.3-dev (Closes: #738650)
Checksums-Sha1:
72b8efb5e79086c94c64d0f34fa68577f4f6cda8 2835 subversion_1.8.8-1.dsc
0317474e42ba9fdd122030e40b862617ae97a5d0 9233509 subversion_1.8.8.orig.tar.gz
353cd925b8c47e58b9055ee53fa80d5541a1f6e7 267072 subversion_1.8.8-1.diff.gz
74c7fd9381183020da875465e07609aebe473420 1400520 libsvn-doc_1.8.8-1_all.deb
bcc6ef9c74458ab6f5d0102bc3c695b81c554fdd 121728 libapache2-svn_1.8.8-1_all.deb
743b7767551d339873138b42439ec040c7eccce3 271746 subversion-tools_1.8.8-1_all.deb
1d6c11f91e8091b58734ab2bd00271dca8de5f2e 1026 libsvn-ruby1.8_1.8.8-1_all.deb
a2ae0f25579614a0c0ea386be31b41337135bad1 930694 subversion_1.8.8-1_amd64.deb
577f4935c96567232ba5c1023c934b3b77a88dc2 8064252 subversion-dbg_1.8.8-1_amd64.deb
400a318f2ef0bf2b6e735227139b75978865c33a 1040148 libsvn1_1.8.8-1_amd64.deb
10cc5538bf8e01259065679aac4f051616f7fc01 1176594 libsvn-dev_1.8.8-1_amd64.deb
234fa66d438c9e121a96f577944b160afe74d783 194968 libapache2-mod-svn_1.8.8-1_amd64.deb
ca3190adf10e20fcd57f9ac6b3cb7e65b6242106 631626 python-subversion_1.8.8-1_amd64.deb
2fe70f6989c3392a7bc013c855fe01cae540369e 356818 libsvn-java_1.8.8-1_amd64.deb
cb0899a76b68e6bd6e3d367fee2ed434b9ea9c3c 905292 libsvn-perl_1.8.8-1_amd64.deb
18d1246da2cc37c6e05e5be36d88a25617efbd51 540370 ruby-svn_1.8.8-1_amd64.deb
Checksums-Sha256:
b27661f55dce1a55c33a5a21899f0b97e613c7b7521a677caa0fe25996c512c4 2835 subversion_1.8.8-1.dsc
a8c398d518cdeb1daa97d74447cc8a3150f43bbee4de0c71d4fe0c86df841bc2 9233509 subversion_1.8.8.orig.tar.gz
d1cb309bbb14fd7b936ce97eb73fb3bf3c12f618590a00defc203f41c1d9178d 267072 subversion_1.8.8-1.diff.gz
8292366cd48dde2a0a44007f6c799dccc27c53d66e21f88d40d4bddbf13d1321 1400520 libsvn-doc_1.8.8-1_all.deb
4df8367d1d6b9b199749b91fb153fb07bb14ecf302116cfd091d21a72bd36d63 121728 libapache2-svn_1.8.8-1_all.deb
a3141d1d2772e12c8ad0de3f02c0037eea0982d3a386edfe999b8ab606bd0bf9 271746 subversion-tools_1.8.8-1_all.deb
4f1bf61ce26fd91840f7f5ac0b082d4636f983ada66a937f031dd3679c7550e7 1026 libsvn-ruby1.8_1.8.8-1_all.deb
48062c69ecd915ef0a08381c5c6bc2189c4878dbc00900c5c69c9d8a4ea62b42 930694 subversion_1.8.8-1_amd64.deb
1bc63829b92a466988c572ac8849d83ecabb6078d6a7f6ab3ed4ecc38995e0bb 8064252 subversion-dbg_1.8.8-1_amd64.deb
099f60dae27576854d5db44418a0fa2bc7217c54f27cc43175667b368b48c94d 1040148 libsvn1_1.8.8-1_amd64.deb
a3b0b3535fa701f7593077d8ee0b773a231c9b16b6470fe79b007791e8b264d4 1176594 libsvn-dev_1.8.8-1_amd64.deb
047581c3be3cbfded93dba1cb7505d800900e2b4f4116dda88dc7e58f1132d3d 194968 libapache2-mod-svn_1.8.8-1_amd64.deb
9d431c4c614199ce608668b55ba14aca4c8407961e88405e31efc590c11b096c 631626 python-subversion_1.8.8-1_amd64.deb
9be2702086792fb7c112d0c949e3b7778e581988d3274627bb2de8f1bdd56e81 356818 libsvn-java_1.8.8-1_amd64.deb
ca8bf193e608b4bca879afdc8014aa538681c3251563ef5b3ef1cf9076388a55 905292 libsvn-perl_1.8.8-1_amd64.deb
90dbc602a6d3d19692a29d30eb409deb0c1d883d469ec508fa24c9837d90fc00 540370 ruby-svn_1.8.8-1_amd64.deb
Files:
722719705c87f189f28d8a26a322295b 2835 vcs optional subversion_1.8.8-1.dsc
2c028bc13a1d68ec3c65b306af082ce9 9233509 vcs optional subversion_1.8.8.orig.tar.gz
e2df019a7d710095432871d1b7cba43e 267072 vcs optional subversion_1.8.8-1.diff.gz
d6aa067eeb3acacd47e4062ff9020674 1400520 doc extra libsvn-doc_1.8.8-1_all.deb
4f6be6ea62be382aeb35574f99edc241 121728 oldlibs extra libapache2-svn_1.8.8-1_all.deb
162cf35e97d62f1e517de250c065f474 271746 vcs extra subversion-tools_1.8.8-1_all.deb
8298cbc489a5b906133c11584c77987c 1026 oldlibs extra libsvn-ruby1.8_1.8.8-1_all.deb
9cb0cde8b5bac7f72990b3eea7bf18a3 930694 vcs optional subversion_1.8.8-1_amd64.deb
83f16b11d8e60d57ea09505196b99b07 8064252 debug extra subversion-dbg_1.8.8-1_amd64.deb
f8fc9c541e6005a70499d350477de58a 1040148 libs optional libsvn1_1.8.8-1_amd64.deb
77e3db7413485d58cc5aeaa0b511eb29 1176594 libdevel extra libsvn-dev_1.8.8-1_amd64.deb
c494337088a98f36af74289159ec0391 194968 httpd optional libapache2-mod-svn_1.8.8-1_amd64.deb
18900e48c9cdb603fb1cd9252641993f 631626 python optional python-subversion_1.8.8-1_amd64.deb
9e6ba9b8f55322ad31181be2a4028763 356818 java optional libsvn-java_1.8.8-1_amd64.deb
804b96922908ac19da71bcdc4097c770 905292 perl optional libsvn-perl_1.8.8-1_amd64.deb
55ab9964a0d834c7cab9bd6ea4ea8805 540370 ruby optional ruby-svn_1.8.8-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJTBr0sAAoJEN/mka4zG6Pb+gEP/0+ukomf2Otw75KyjEkFfb4k
pKFPtAFLXIQQZPmMnecT1l4bnm9XdAgt9yXXtz/Qk1tHhXBVQfM7mArs2o/neXSU
xNDQyuOPuGKv3ZyWk9VRKwnYOIK5kRcVoepAQ6iVwGGt9ydl1aErvVR8qf3ts6pe
kEDQCXSk19yaTFxOG12KDZrgCyMfLUQrOb/FTliwJb+nUuGOPzqJjpy6g9kl97t1
CB8Ja5/tkfVFxr8q8NGHem8OqiE24IMdkP4AgxPyVyjLgZ3VfqaW5XHHYzf3nJDP
KcwaPP8R/9aqHAWBlkGokksEq/ne/L+LEMbgE0+v9V9Af4ZVFh36eptQ2tUP6WZN
Rq8+iOXHxUopMHH+lDSQbivs0qTsQ9b35KxHebxOA3XuOwI0WrfXr0Mh4EpXjYlW
EfEwoQSLZ2GjUFt0Rd4JaYyM/kj3fA2Ojyjoul+K71ijqerK8rm2Rg6LzBr9XmWu
btPqVuObsVFA0Hbt3hBIwpakSqgl+JwjnRFRrlg2eFrv3N5OEZ6VkPfJw4RO4Tum
oBpXy9njfa+LGWVgHFoMMu6w4JypVb/tWoAWhkxpgzamlylw+pdxVCMKmgkhiObR
fz04737dCC4yHuBDEXQjSspnsfuUiyPJFsyYphl9eX4SCTre4Qg6RQVnIB1MlpBv
hC1+E3D0SkR9lgh22toZ
=E1NK
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 28 Mar 2014 07:33:26 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.