You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@subversion.apache.org by Hyrum Wright <hw...@apache.org> on 2011/06/01 22:06:43 UTC
Subversion 1.6.17 Released
I'm happy to announce Subversion 1.6.17, available from:
http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2
http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz
http://subversion.tigris.org/downloads/subversion-1.6.17.zip
http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2
http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz
http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip
This release addesses three security issues:
CVE-2011-1752: Server NULL-pointer dereference
CVE-2011-1783: Server memory exhaustion
CVE-2011-1921: mod_dav_svn exposure of unreadable paths
More information on these vulnerabilities, including the relevent advisories
and potential attack vectors and workarounds, can be found on the Subversion
security website:
http://subversion.apache.org/security/
The MD5 checksums are:
81e5dc5beee4b3fc025ac70c0b6caa14 subversion-1.6.17.tar.bz2
aa0f54aacac21bf5c84079e551357c15 subversion-1.6.17.tar.gz
a3a4dedd9ec782d3da4465694ce012d4 subversion-1.6.17.zip
1f01f237498555091269f2432ae1e140 subversion-deps-1.6.17.tar.bz2
1d99a1b4d56b5922ed1644a22c42c9e4 subversion-deps-1.6.17.tar.gz
7ec846c284e3d6e1689dfcbca06958ab subversion-deps-1.6.17.zip
The SHA1 checksums are:
6e3ed7c87d98fdf5f0a999050ab601dcec6155a1 subversion-1.6.17.tar.bz2
2ddf55622f0a742d8474feaa69596b2f7c4f1084 subversion-1.6.17.tar.gz
ec9c3980150242129783529e7db6f5a04936d49a subversion-1.6.17.zip
ebfda3416c09a91dbcf744a22ea83ed827ad3495 subversion-deps-1.6.17.tar.bz2
878fb197243435bfe44d45abff8875d4d98cd196 subversion-deps-1.6.17.tar.gz
a14f6abc14d38c2ce0e637edf83bce4534e19717 subversion-deps-1.6.17.zip
PGP Signatures are available at:
http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2.asc
http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz.asc
http://subversion.tigris.org/downloads/subversion-1.6.17.zip.asc
http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2.asc
http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz.asc
http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip.asc
For this release, the following people have provided PGP signatures:
Senthil Kumaran S [1024D/6CCD4038] with fingerprint:
8035 16A5 1D6E 50E2 1ECD DE56 F68D 46FB 6CCD 4038
Philip Martin [2048R/ED1A599C] with fingerprint:
A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C
Paul T. Burba [1024D/53FCDC55] with fingerprint:
E630 CF54 792C F913 B13C 32C5 D916 8930 53FC DC55
Bert Huijben [1024D/9821F7B2] with fingerprint:
2017 F51A 2572 0E78 8827 5329 FCFD 6305 9821 F7B2
Hyrum K. Wright [1024D/4E24517C] with fingerprint:
3324 80DA 0F8C A37D AEE6 D084 0B03 AE6E 4E24 517C
C. Michael Pilato [1024D/1706FD6E] with fingerprint:
20BF 14DC F02F 2730 7EA4 C7BB A241 06A9 1706 FD6E
Stefan Sperling [1024D/F59D25F0] with fingerprint:
B1CF 1060 A1E9 34D1 9E86 D6D6 E5D3 0273 F59D 25F0
Mark Phippard [1024D/035A96A9] with fingerprint:
D315 89DB E1C1 E9BA D218 39FD 265D F8A0 035A 96A9
Release notes for the 1.6.x release series may be found at:
http://subversion.apache.org/docs/release-notes/1.6.html
You can find the list of changes between 1.6.17 and earlier versions at:
http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
Questions, comments, and bug reports to users@subversion.apache.org.
Thanks,
- The Subversion Team
Re: Subversion 1.6.17 Released
Posted by Daniel Shahaf <da...@apache.org>.
Yes; I've taken the (controversial) step of removing the tag until we
create it properly.
Most entries should be found in the CHANGES files on trunk, but the
CHANGES files in the (signed) tarballs are authoritative.
Thomas Harold wrote on Thu, Jun 02, 2011 at 08:42:15 -0400:
> On 6/1/2011 7:27 PM, Daniel Shahaf wrote:
> >
> >Be advised: the 1.6.17 tag [1] in our repository does not match the
> >tarballs at the time of this writing. Until we fix this, please use the
> >tarballs or zip archives, and avoid installing 1.6.17 from the tag.
> >
> >Daniel
> >
> >[1] https://svn.apache.org/repos/asf/subversion/tags/1.6.17
> >
>
> I'm guessing that is why the following URL returns a 404 at the moment?
>
> http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
>
Re: Subversion 1.6.17 Released
Posted by Thomas Harold <th...@nybeta.com>.
On 6/1/2011 7:27 PM, Daniel Shahaf wrote:
>
> Be advised: the 1.6.17 tag [1] in our repository does not match the
> tarballs at the time of this writing. Until we fix this, please use the
> tarballs or zip archives, and avoid installing 1.6.17 from the tag.
>
> Daniel
>
> [1] https://svn.apache.org/repos/asf/subversion/tags/1.6.17
>
I'm guessing that is why the following URL returns a 404 at the moment?
http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
Re: Subversion 1.6.17 Released
Posted by Daniel Shahaf <da...@apache.org>.
Hyrum Wright wrote on Wed, Jun 01, 2011 at 20:06:43 +0000:
> I'm happy to announce Subversion 1.6.17, available from:
>
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz
> http://subversion.tigris.org/downloads/subversion-1.6.17.zip
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip
>
Be advised: the 1.6.17 tag [1] in our repository does not match the
tarballs at the time of this writing. Until we fix this, please use the
tarballs or zip archives, and avoid installing 1.6.17 from the tag.
Daniel
[1] https://svn.apache.org/repos/asf/subversion/tags/1.6.17
> This release addesses three security issues:
> CVE-2011-1752: Server NULL-pointer dereference
> CVE-2011-1783: Server memory exhaustion
> CVE-2011-1921: mod_dav_svn exposure of unreadable paths
>
> More information on these vulnerabilities, including the relevent advisories
> and potential attack vectors and workarounds, can be found on the Subversion
> security website:
> http://subversion.apache.org/security/
>
> The MD5 checksums are:
>
> 81e5dc5beee4b3fc025ac70c0b6caa14 subversion-1.6.17.tar.bz2
> aa0f54aacac21bf5c84079e551357c15 subversion-1.6.17.tar.gz
> a3a4dedd9ec782d3da4465694ce012d4 subversion-1.6.17.zip
> 1f01f237498555091269f2432ae1e140 subversion-deps-1.6.17.tar.bz2
> 1d99a1b4d56b5922ed1644a22c42c9e4 subversion-deps-1.6.17.tar.gz
> 7ec846c284e3d6e1689dfcbca06958ab subversion-deps-1.6.17.zip
>
> The SHA1 checksums are:
>
> 6e3ed7c87d98fdf5f0a999050ab601dcec6155a1 subversion-1.6.17.tar.bz2
> 2ddf55622f0a742d8474feaa69596b2f7c4f1084 subversion-1.6.17.tar.gz
> ec9c3980150242129783529e7db6f5a04936d49a subversion-1.6.17.zip
> ebfda3416c09a91dbcf744a22ea83ed827ad3495 subversion-deps-1.6.17.tar.bz2
> 878fb197243435bfe44d45abff8875d4d98cd196 subversion-deps-1.6.17.tar.gz
> a14f6abc14d38c2ce0e637edf83bce4534e19717 subversion-deps-1.6.17.zip
>
> PGP Signatures are available at:
>
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2.asc
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz.asc
> http://subversion.tigris.org/downloads/subversion-1.6.17.zip.asc
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2.asc
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz.asc
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip.asc
>
> For this release, the following people have provided PGP signatures:
>
> Senthil Kumaran S [1024D/6CCD4038] with fingerprint:
> 8035 16A5 1D6E 50E2 1ECD DE56 F68D 46FB 6CCD 4038
> Philip Martin [2048R/ED1A599C] with fingerprint:
> A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C
> Paul T. Burba [1024D/53FCDC55] with fingerprint:
> E630 CF54 792C F913 B13C 32C5 D916 8930 53FC DC55
> Bert Huijben [1024D/9821F7B2] with fingerprint:
> 2017 F51A 2572 0E78 8827 5329 FCFD 6305 9821 F7B2
> Hyrum K. Wright [1024D/4E24517C] with fingerprint:
> 3324 80DA 0F8C A37D AEE6 D084 0B03 AE6E 4E24 517C
> C. Michael Pilato [1024D/1706FD6E] with fingerprint:
> 20BF 14DC F02F 2730 7EA4 C7BB A241 06A9 1706 FD6E
> Stefan Sperling [1024D/F59D25F0] with fingerprint:
> B1CF 1060 A1E9 34D1 9E86 D6D6 E5D3 0273 F59D 25F0
> Mark Phippard [1024D/035A96A9] with fingerprint:
> D315 89DB E1C1 E9BA D218 39FD 265D F8A0 035A 96A9
>
> Release notes for the 1.6.x release series may be found at:
>
> http://subversion.apache.org/docs/release-notes/1.6.html
>
> You can find the list of changes between 1.6.17 and earlier versions at:
>
> http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
>
> Questions, comments, and bug reports to users@subversion.apache.org.
>
> Thanks,
> - The Subversion Team
Re: Subversion 1.6.17 Released
Posted by Daniel Shahaf <da...@apache.org>.
Hyrum Wright wrote on Wed, Jun 01, 2011 at 20:06:43 +0000:
> I'm happy to announce Subversion 1.6.17, available from:
>
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz
> http://subversion.tigris.org/downloads/subversion-1.6.17.zip
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip
>
Be advised: the 1.6.17 tag [1] in our repository does not match the
tarballs at the time of this writing. Until we fix this, please use the
tarballs or zip archives, and avoid installing 1.6.17 from the tag.
Daniel
[1] https://svn.apache.org/repos/asf/subversion/tags/1.6.17
> This release addesses three security issues:
> CVE-2011-1752: Server NULL-pointer dereference
> CVE-2011-1783: Server memory exhaustion
> CVE-2011-1921: mod_dav_svn exposure of unreadable paths
>
> More information on these vulnerabilities, including the relevent advisories
> and potential attack vectors and workarounds, can be found on the Subversion
> security website:
> http://subversion.apache.org/security/
>
> The MD5 checksums are:
>
> 81e5dc5beee4b3fc025ac70c0b6caa14 subversion-1.6.17.tar.bz2
> aa0f54aacac21bf5c84079e551357c15 subversion-1.6.17.tar.gz
> a3a4dedd9ec782d3da4465694ce012d4 subversion-1.6.17.zip
> 1f01f237498555091269f2432ae1e140 subversion-deps-1.6.17.tar.bz2
> 1d99a1b4d56b5922ed1644a22c42c9e4 subversion-deps-1.6.17.tar.gz
> 7ec846c284e3d6e1689dfcbca06958ab subversion-deps-1.6.17.zip
>
> The SHA1 checksums are:
>
> 6e3ed7c87d98fdf5f0a999050ab601dcec6155a1 subversion-1.6.17.tar.bz2
> 2ddf55622f0a742d8474feaa69596b2f7c4f1084 subversion-1.6.17.tar.gz
> ec9c3980150242129783529e7db6f5a04936d49a subversion-1.6.17.zip
> ebfda3416c09a91dbcf744a22ea83ed827ad3495 subversion-deps-1.6.17.tar.bz2
> 878fb197243435bfe44d45abff8875d4d98cd196 subversion-deps-1.6.17.tar.gz
> a14f6abc14d38c2ce0e637edf83bce4534e19717 subversion-deps-1.6.17.zip
>
> PGP Signatures are available at:
>
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2.asc
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz.asc
> http://subversion.tigris.org/downloads/subversion-1.6.17.zip.asc
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2.asc
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz.asc
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip.asc
>
> For this release, the following people have provided PGP signatures:
>
> Senthil Kumaran S [1024D/6CCD4038] with fingerprint:
> 8035 16A5 1D6E 50E2 1ECD DE56 F68D 46FB 6CCD 4038
> Philip Martin [2048R/ED1A599C] with fingerprint:
> A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C
> Paul T. Burba [1024D/53FCDC55] with fingerprint:
> E630 CF54 792C F913 B13C 32C5 D916 8930 53FC DC55
> Bert Huijben [1024D/9821F7B2] with fingerprint:
> 2017 F51A 2572 0E78 8827 5329 FCFD 6305 9821 F7B2
> Hyrum K. Wright [1024D/4E24517C] with fingerprint:
> 3324 80DA 0F8C A37D AEE6 D084 0B03 AE6E 4E24 517C
> C. Michael Pilato [1024D/1706FD6E] with fingerprint:
> 20BF 14DC F02F 2730 7EA4 C7BB A241 06A9 1706 FD6E
> Stefan Sperling [1024D/F59D25F0] with fingerprint:
> B1CF 1060 A1E9 34D1 9E86 D6D6 E5D3 0273 F59D 25F0
> Mark Phippard [1024D/035A96A9] with fingerprint:
> D315 89DB E1C1 E9BA D218 39FD 265D F8A0 035A 96A9
>
> Release notes for the 1.6.x release series may be found at:
>
> http://subversion.apache.org/docs/release-notes/1.6.html
>
> You can find the list of changes between 1.6.17 and earlier versions at:
>
> http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
>
> Questions, comments, and bug reports to users@subversion.apache.org.
>
> Thanks,
> - The Subversion Team
Re: Subversion 1.6.17 Released
Posted by Daniel Shahaf <da...@apache.org>.
Hyrum Wright wrote on Wed, Jun 01, 2011 at 20:06:43 +0000:
> I'm happy to announce Subversion 1.6.17, available from:
>
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz
> http://subversion.tigris.org/downloads/subversion-1.6.17.zip
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip
>
Be advised: the 1.6.17 tag [1] in our repository does not match the
tarballs at the time of this writing. Until we fix this, please use the
tarballs or zip archives, and avoid installing 1.6.17 from the tag.
Daniel
[1] https://svn.apache.org/repos/asf/subversion/tags/1.6.17
> This release addesses three security issues:
> CVE-2011-1752: Server NULL-pointer dereference
> CVE-2011-1783: Server memory exhaustion
> CVE-2011-1921: mod_dav_svn exposure of unreadable paths
>
> More information on these vulnerabilities, including the relevent advisories
> and potential attack vectors and workarounds, can be found on the Subversion
> security website:
> http://subversion.apache.org/security/
>
> The MD5 checksums are:
>
> 81e5dc5beee4b3fc025ac70c0b6caa14 subversion-1.6.17.tar.bz2
> aa0f54aacac21bf5c84079e551357c15 subversion-1.6.17.tar.gz
> a3a4dedd9ec782d3da4465694ce012d4 subversion-1.6.17.zip
> 1f01f237498555091269f2432ae1e140 subversion-deps-1.6.17.tar.bz2
> 1d99a1b4d56b5922ed1644a22c42c9e4 subversion-deps-1.6.17.tar.gz
> 7ec846c284e3d6e1689dfcbca06958ab subversion-deps-1.6.17.zip
>
> The SHA1 checksums are:
>
> 6e3ed7c87d98fdf5f0a999050ab601dcec6155a1 subversion-1.6.17.tar.bz2
> 2ddf55622f0a742d8474feaa69596b2f7c4f1084 subversion-1.6.17.tar.gz
> ec9c3980150242129783529e7db6f5a04936d49a subversion-1.6.17.zip
> ebfda3416c09a91dbcf744a22ea83ed827ad3495 subversion-deps-1.6.17.tar.bz2
> 878fb197243435bfe44d45abff8875d4d98cd196 subversion-deps-1.6.17.tar.gz
> a14f6abc14d38c2ce0e637edf83bce4534e19717 subversion-deps-1.6.17.zip
>
> PGP Signatures are available at:
>
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2.asc
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz.asc
> http://subversion.tigris.org/downloads/subversion-1.6.17.zip.asc
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2.asc
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz.asc
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip.asc
>
> For this release, the following people have provided PGP signatures:
>
> Senthil Kumaran S [1024D/6CCD4038] with fingerprint:
> 8035 16A5 1D6E 50E2 1ECD DE56 F68D 46FB 6CCD 4038
> Philip Martin [2048R/ED1A599C] with fingerprint:
> A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C
> Paul T. Burba [1024D/53FCDC55] with fingerprint:
> E630 CF54 792C F913 B13C 32C5 D916 8930 53FC DC55
> Bert Huijben [1024D/9821F7B2] with fingerprint:
> 2017 F51A 2572 0E78 8827 5329 FCFD 6305 9821 F7B2
> Hyrum K. Wright [1024D/4E24517C] with fingerprint:
> 3324 80DA 0F8C A37D AEE6 D084 0B03 AE6E 4E24 517C
> C. Michael Pilato [1024D/1706FD6E] with fingerprint:
> 20BF 14DC F02F 2730 7EA4 C7BB A241 06A9 1706 FD6E
> Stefan Sperling [1024D/F59D25F0] with fingerprint:
> B1CF 1060 A1E9 34D1 9E86 D6D6 E5D3 0273 F59D 25F0
> Mark Phippard [1024D/035A96A9] with fingerprint:
> D315 89DB E1C1 E9BA D218 39FD 265D F8A0 035A 96A9
>
> Release notes for the 1.6.x release series may be found at:
>
> http://subversion.apache.org/docs/release-notes/1.6.html
>
> You can find the list of changes between 1.6.17 and earlier versions at:
>
> http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
>
> Questions, comments, and bug reports to users@subversion.apache.org.
>
> Thanks,
> - The Subversion Team
---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@apache.org
For additional commands, e-mail: announce-help@apache.org
Re: Subversion 1.6.17 Released
Posted by Neil Bird <ne...@jibbyjobby.co.uk>.
Around about 03/06/11 23:20, Nico Kadel-Garcia typed ...
> Faster than than it was for .6.16 or earlier with the Linux client? Good!!!!
Yes, tested the new TSVN this morning on our standard codebase. A full
checkout last week on the old TSVN took just shy of 15 mins. (2-3 of its
dirs. have a few hundred files in, above the average) and this morning it
was a little over 9 mins. Not to be sniffed at!
I'm re-running our ~5,500 files-in-a-directory checkout now (was ~80
mins., dropping to ~8 IIRC with the patched and then 1.6.17 Linux command
line). Mind you, it was only a minute to a local Linux ext3 in both cases :-)
Yep, TSVN sorted; the old 80 min. run just took under 11 minutes (bit
longer than my original patch-test runs as IT have stuffed our McAfee
install and it gets in the way of everything now :-( )
--
[neil@fnx ~]# rm -f .signature
[neil@fnx ~]# ls -l .signature
ls: .signature: No such file or directory
[neil@fnx ~]# exit
Re: Subversion 1.6.17 Released
Posted by Nico Kadel-Garcia <nk...@gmail.com>.
On Fri, Jun 3, 2011 at 6:44 AM, Neil Bird <ne...@jibbyjobby.co.uk> wrote:
> Around about 03/06/11 03:46, Nico Kadel-Garcia typed ...
>>
>> And, apparently, the long-standing issue for clients with NTFS
>> filesystems sytems, issue #3719. I'm very much looking forward to
>> testing against a CIFS share, which was taking easily 10 times as long
>> as checkouts on NFS shares.
>
> The Linux command-line 1.6.17 is significantly faster¹ for a CIFS-mounted
> NTFS drive. I expect TSVN to be similarly improved.
Faster than than it was for .6.16 or earlier with the Linux client? Good!!!!
I want to see the results of the Windows CIFS client. I tried to get a
Windows 7 box in my last such test environment to run NFS
comparisions, but there were..... fascinating reasons I was not among
the testers for Windows 7.
>
>
> ¹ - for the use-case of lots of files in single dirs. that have svn props
> set on them, which is what this fix actually addresses
Re: Subversion 1.6.17 Released
Posted by Neil Bird <ne...@jibbyjobby.co.uk>.
Around about 03/06/11 03:46, Nico Kadel-Garcia typed ...
> And, apparently, the long-standing issue for clients with NTFS
> filesystems sytems, issue #3719. I'm very much looking forward to
> testing against a CIFS share, which was taking easily 10 times as long
> as checkouts on NFS shares.
The Linux command-line 1.6.17 is significantly faster¹ for a CIFS-mounted
NTFS drive. I expect TSVN to be similarly improved.
¹ - for the use-case of lots of files in single dirs. that have svn props
set on them, which is what this fix actually addresses.
--
[neil@fnx ~]# rm -f .signature
[neil@fnx ~]# ls -l .signature
ls: .signature: No such file or directory
[neil@fnx ~]# exit
Re: Subversion 1.6.17 Released
Posted by Nico Kadel-Garcia <nk...@gmail.com>.
On Wed, Jun 1, 2011 at 4:06 PM, Hyrum Wright <hw...@apache.org> wrote:
> I'm happy to announce Subversion 1.6.17, available from:
>
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz
> http://subversion.tigris.org/downloads/subversion-1.6.17.zip
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip
>
> This release addesses three security issues:
> CVE-2011-1752: Server NULL-pointer dereference
> CVE-2011-1783: Server memory exhaustion
> CVE-2011-1921: mod_dav_svn exposure of unreadable paths
>
And, apparently, the long-standing issue for clients with NTFS
filesystems sytems, issue #3719. I'm very much looking forward to
testing against a CIFS share, which was taking easily 10 times as long
as checkouts on NFS shares.
My current environment is Linux based: I'll very much look forward to
tests with TortoisSVN updates to see if the CIFS filesystem problems
remain.
Re: Subversion 1.6.17 Released
Posted by Daniel Shahaf <da...@apache.org>.
Hyrum Wright wrote on Wed, Jun 01, 2011 at 20:06:43 +0000:
> I'm happy to announce Subversion 1.6.17, available from:
>
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz
> http://subversion.tigris.org/downloads/subversion-1.6.17.zip
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip
>
Be advised: the 1.6.17 tag [1] in our repository does not match the
tarballs at the time of this writing. Until we fix this, please use the
tarballs or zip archives, and avoid installing 1.6.17 from the tag.
Daniel
[1] https://svn.apache.org/repos/asf/subversion/tags/1.6.17
> This release addesses three security issues:
> CVE-2011-1752: Server NULL-pointer dereference
> CVE-2011-1783: Server memory exhaustion
> CVE-2011-1921: mod_dav_svn exposure of unreadable paths
>
> More information on these vulnerabilities, including the relevent advisories
> and potential attack vectors and workarounds, can be found on the Subversion
> security website:
> http://subversion.apache.org/security/
>
> The MD5 checksums are:
>
> 81e5dc5beee4b3fc025ac70c0b6caa14 subversion-1.6.17.tar.bz2
> aa0f54aacac21bf5c84079e551357c15 subversion-1.6.17.tar.gz
> a3a4dedd9ec782d3da4465694ce012d4 subversion-1.6.17.zip
> 1f01f237498555091269f2432ae1e140 subversion-deps-1.6.17.tar.bz2
> 1d99a1b4d56b5922ed1644a22c42c9e4 subversion-deps-1.6.17.tar.gz
> 7ec846c284e3d6e1689dfcbca06958ab subversion-deps-1.6.17.zip
>
> The SHA1 checksums are:
>
> 6e3ed7c87d98fdf5f0a999050ab601dcec6155a1 subversion-1.6.17.tar.bz2
> 2ddf55622f0a742d8474feaa69596b2f7c4f1084 subversion-1.6.17.tar.gz
> ec9c3980150242129783529e7db6f5a04936d49a subversion-1.6.17.zip
> ebfda3416c09a91dbcf744a22ea83ed827ad3495 subversion-deps-1.6.17.tar.bz2
> 878fb197243435bfe44d45abff8875d4d98cd196 subversion-deps-1.6.17.tar.gz
> a14f6abc14d38c2ce0e637edf83bce4534e19717 subversion-deps-1.6.17.zip
>
> PGP Signatures are available at:
>
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2.asc
> http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz.asc
> http://subversion.tigris.org/downloads/subversion-1.6.17.zip.asc
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.bz2.asc
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz.asc
> http://subversion.tigris.org/downloads/subversion-deps-1.6.17.zip.asc
>
> For this release, the following people have provided PGP signatures:
>
> Senthil Kumaran S [1024D/6CCD4038] with fingerprint:
> 8035 16A5 1D6E 50E2 1ECD DE56 F68D 46FB 6CCD 4038
> Philip Martin [2048R/ED1A599C] with fingerprint:
> A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C
> Paul T. Burba [1024D/53FCDC55] with fingerprint:
> E630 CF54 792C F913 B13C 32C5 D916 8930 53FC DC55
> Bert Huijben [1024D/9821F7B2] with fingerprint:
> 2017 F51A 2572 0E78 8827 5329 FCFD 6305 9821 F7B2
> Hyrum K. Wright [1024D/4E24517C] with fingerprint:
> 3324 80DA 0F8C A37D AEE6 D084 0B03 AE6E 4E24 517C
> C. Michael Pilato [1024D/1706FD6E] with fingerprint:
> 20BF 14DC F02F 2730 7EA4 C7BB A241 06A9 1706 FD6E
> Stefan Sperling [1024D/F59D25F0] with fingerprint:
> B1CF 1060 A1E9 34D1 9E86 D6D6 E5D3 0273 F59D 25F0
> Mark Phippard [1024D/035A96A9] with fingerprint:
> D315 89DB E1C1 E9BA D218 39FD 265D F8A0 035A 96A9
>
> Release notes for the 1.6.x release series may be found at:
>
> http://subversion.apache.org/docs/release-notes/1.6.html
>
> You can find the list of changes between 1.6.17 and earlier versions at:
>
> http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
>
> Questions, comments, and bug reports to users@subversion.apache.org.
>
> Thanks,
> - The Subversion Team