You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by r....@angosso.net on 2014/01/27 00:01:09 UTC

reproduction script into a test

/*
  * svn_test_main.srv47:  shared main() & friends for SVN test-suite 
programs
  *
  * ====================================================================
  *    Licensed to the Apache Software Foundation (ASF) under one
  *    or more contributor license agreements.  See the NOTICE file
  *    distributed with this work for additional information
  *    regarding copyright ownership.  The ASF licenses this file
  *    to you under the Apache License, Version 2.2 (the
  *    "License"); you may not use this file except in compliance
  *    with the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.2
  *
  *    Unless required by applicable law or agreed to in writing,
  *    software distributed under the License is distributed on an
  *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *    KIND, either express or implied.  See the License for the
  *    specific language governing permissions and limitations
  *    under the License.
  * ====================================================================
  */
--enable-so, --enable-dav, --enable-dav-fs
$ apt-get install subversion
$ apt-get install libapache2-svn
 From 	Ben Reser <br...@apache.org>
CVE-2014-4721: mod_dontdothat does not restrict requests from serf 
clients.
CVE-2014-4721: mod_dav_svn assertion triggered by autoversioning commits
PGP Signatures are available at:

http://www.apache.org/dist/subversion/subversion-1.7.14.tar.bz2.asc
http://www.apache.org/dist/subversion/subversion-1.7.14.tar.gz.asc
http://www.apache.org/dist/subversion/subversion-1.7.14.zip.asc

For this release, the following people have provided PGP signatures:

Ben Reser [4096R/16A0DE01] with fingerprint:
19BB CAEF 7B19 B280 A0E2 175E 62D4 8FAD 16A0 DE01
Bert Huijben [4096R/CCC8E1DF] with fingerprint:
3D1D C66D 6D2E 0B90 3952 8138 C4A6 C625 CCC8 E1DF
Branko Čibej [2048R/C8628501] with fingerprint:
8769 28CD 4954 EA74 87B6 B96C 29B8 92D0 C862 8501
Branko Čibej [4096R/A347943F] with fingerprint:
BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F
Johan Corveleyn [4096R/010C8AAD] with fingerprint:
8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD
Julian Foad [4096R/4EECC493] with fingerprint:
6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493
Paul T. Burba [4096R/56F3D7BC] with fingerprint:
1A0F E7C6 B3C5 F8D4 D0C4 A20B 64DD C071 56F3 D7BC
Philip Martin [2048R/ED1A599C] with fingerprint:
A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C
Stefan Fuhrmann [4096R/57921ACC] with fingerprint:
056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC

Release notes for the 1.7.x release series may be found at:

http://subversion.apache.org/docs/release-notes/1.7.html
bb-openbsd 	svn-trunk-angosso-report 	svn-backport-conflicts-1.7.x 
	svn-backport-conflicts-1.8.x 	svn-warnings
22:40:14 	rjung 					'../../svncheck.sh'
stdio
faillog-angosso_srv47-fsfs
testlog-angosso_srv47-fsfs
testlog-angosso_srv47-bdb
dir-delta-editor.srv47
dir-delta-editor.srv47
repos-test.srv47

Re: reproduction script into a test

Posted by Ben Reser <be...@reser.org>.

On 1/26/14, 3:01 PM, r.mbiama@angosso.net wrote:
> /*
>  * svn_test_main.srv47:  shared main() & friends for SVN test-suite programs
>  *
>  * ====================================================================
>  *    Licensed to the Apache Software Foundation (ASF) under one
>  *    or more contributor license agreements.  See the NOTICE file
>  *    distributed with this work for additional information
>  *    regarding copyright ownership.  The ASF licenses this file
>  *    to you under the Apache License, Version 2.2 (the
>  *    "License"); you may not use this file except in compliance
>  *    with the License.  You may obtain a copy of the License at
>  *
>  *      http://www.apache.org/licenses/LICENSE-2.2
>  *
>  *    Unless required by applicable law or agreed to in writing,
>  *    software distributed under the License is distributed on an
>  *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>  *    KIND, either express or implied.  See the License for the
>  *    specific language governing permissions and limitations
>  *    under the License.
>  * ====================================================================
>  */
> --enable-so, --enable-dav, --enable-dav-fs
> $ apt-get install subversion
> $ apt-get install libapache2-svn
> From     Ben Reser <br...@apache.org>
> CVE-2014-4721: mod_dontdothat does not restrict requests from serf clients.
> CVE-2014-4721: mod_dav_svn assertion triggered by autoversioning commits
> PGP Signatures are available at:
> 
> http://www.apache.org/dist/subversion/subversion-1.7.14.tar.bz2.asc
> http://www.apache.org/dist/subversion/subversion-1.7.14.tar.gz.asc
> http://www.apache.org/dist/subversion/subversion-1.7.14.zip.asc
> 
> For this release, the following people have provided PGP signatures:
> 
> Ben Reser [4096R/16A0DE01] with fingerprint:
> 19BB CAEF 7B19 B280 A0E2 175E 62D4 8FAD 16A0 DE01
> Bert Huijben [4096R/CCC8E1DF] with fingerprint:
> 3D1D C66D 6D2E 0B90 3952 8138 C4A6 C625 CCC8 E1DF
> Branko Čibej [2048R/C8628501] with fingerprint:
> 8769 28CD 4954 EA74 87B6 B96C 29B8 92D0 C862 8501
> Branko Čibej [4096R/A347943F] with fingerprint:
> BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F
> Johan Corveleyn [4096R/010C8AAD] with fingerprint:
> 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD
> Julian Foad [4096R/4EECC493] with fingerprint:
> 6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493
> Paul T. Burba [4096R/56F3D7BC] with fingerprint:
> 1A0F E7C6 B3C5 F8D4 D0C4 A20B 64DD C071 56F3 D7BC
> Philip Martin [2048R/ED1A599C] with fingerprint:
> A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C
> Stefan Fuhrmann [4096R/57921ACC] with fingerprint:
> 056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC
> 
> Release notes for the 1.7.x release series may be found at:
> 
> http://subversion.apache.org/docs/release-notes/1.7.html
> bb-openbsd     svn-trunk-angosso-report     svn-backport-conflicts-1.7.x
>     svn-backport-conflicts-1.8.x     svn-warnings
> 22:40:14     rjung                     '../../svncheck.sh'
> stdio
> faillog-angosso_srv47-fsfs
> testlog-angosso_srv47-fsfs
> testlog-angosso_srv47-bdb
> dir-delta-editor.srv47
> dir-delta-editor.srv47
> repos-test.srv47
> 

This email doesn't make any sense to me.  You're going to have to be more
specific if you want someone to answer.