You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Ben Reser <br...@apache.org> on 2014/08/11 17:52:26 UTC

Apache Subversion 1.8.10 released

I'm happy to announce the release of Apache Subversion 1.8.10.

This release addresses two security issues:
    CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
    CVE-2014-3528: credentials cached with svn may be sent to wrong server.

Please choose the mirror closest to you by visiting:

    http://subversion.apache.org/download/#recommended-release

The SHA1 checksums are:

    d6896d94bb53c1b4c6e9c5bb1a5c466477b19b2b subversion-1.8.10.tar.bz2
    8e1e1e5fd97c3f575a81d66232c62dc902257a17 subversion-1.8.10.tar.gz
    963637c9aac7f50b1b8d10a8918c57a88fb6844d subversion-1.8.10.zip

PGP Signatures are available at:

    http://www.apache.org/dist/subversion/subversion-1.8.10.tar.bz2.asc
    http://www.apache.org/dist/subversion/subversion-1.8.10.tar.gz.asc
    http://www.apache.org/dist/subversion/subversion-1.8.10.zip.asc

For this release, the following people have provided PGP signatures:

   Ben Reser [4096R/16A0DE01] with fingerprint:
    19BB CAEF 7B19 B280 A0E2  175E 62D4 8FAD 16A0 DE01
   Bert Huijben [4096R/CCC8E1DF] with fingerprint:
    3D1D C66D 6D2E 0B90 3952  8138 C4A6 C625 CCC8 E1DF
   Branko Čibej [2048R/C8628501] with fingerprint:
    8769 28CD 4954 EA74 87B6  B96C 29B8 92D0 C862 8501
   Branko Čibej [4096R/A347943F] with fingerprint:
    BA3C 15B1 337C F0FB 222B  D41A 1BCA 6586 A347 943F
   Ivan Zhakov [4096R/F6AD8147] with fingerprint:
    4829 8F0F E47F 4B8A 43FD  6525 919F 6F61 F6AD 8147
   Paul T. Burba [4096R/56F3D7BC] with fingerprint:
    1A0F E7C6 B3C5 F8D4 D0C4  A20B 64DD C071 56F3 D7BC
   Philip Martin [2048R/ED1A599C] with fingerprint:
    A844 790F B574 3606 EE95  9207 76D7 88E1 ED1A 599C
   Stefan Fuhrmann [4096R/57921ACC] with fingerprint:
    056F 8016 D9B8 7B1B DE41  7467 99EC 741B 5792 1ACC
   Stefan Sperling [2048R/9A59B973] with fingerprint:
    8BC4 DAE0 C5A4 D65F 4044  0107 4F7D BAA9 9A59 B973

Release notes for the 1.8.x release series may be found at:

    http://subversion.apache.org/docs/release-notes/1.8.html

You can find the list of changes between 1.8.10 and earlier versions at:

    http://svn.apache.org/repos/asf/subversion/tags/1.8.10/CHANGES

Questions, comments, and bug reports to users@subversion.apache.org.

Thanks,
- The Subversion Team

Re: Apache Subversion 1.8.10 released

Posted by Nico Kadel-Garcia <nk...@gmail.com>.

On Mon, Aug 11, 2014 at 11:52 AM, Ben Reser <br...@apache.org> wrote:
> I'm happy to announce the release of Apache Subversion 1.8.10.
>
> This release addresses two security issues:
>     CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
>     CVE-2014-3528: credentials cached with svn may be sent to wrong server.
>
> Please choose the mirror closest to you by visiting:
>
>     http://subversion.apache.org/download/#recommended-release

For RHEL 6 users, or CentOS or Scientific Linux users, I've updated my
hooks for building Subversion  1.8 RPM.s at
https://github.com/nkadel/subversion-1.8.x-srpm. Look for tag
v1.8.10-0.1.

Note that these include only patches and spec files, not binary
tarballs. Get those from the relevant Apache repository. Repoforge
seems to be mildly active again, I'll take another shot at getting
these updates available there.

                    Nico Kadel-Garcia <nk...@gmail.com>

Re: Apache Subversion 1.8.10 released

Posted by Nico Kadel-Garcia <nk...@gmail.com>.

On Mon, Aug 11, 2014 at 11:52 AM, Ben Reser <br...@apache.org> wrote:
> I'm happy to announce the release of Apache Subversion 1.8.10.
>
> This release addresses two security issues:
>     CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
>     CVE-2014-3528: credentials cached with svn may be sent to wrong server.
>
> Please choose the mirror closest to you by visiting:
>
>     http://subversion.apache.org/download/#recommended-release

For RHEL 6 users, or CentOS or Scientific Linux users, I've updated my
hooks for building Subversion  1.8 RPM.s at
https://github.com/nkadel/subversion-1.8.x-srpm. Look for tag
v1.8.10-0.1.

Note that these include only patches and spec files, not binary
tarballs. Get those from the relevant Apache repository. Repoforge
seems to be mildly active again, I'll take another shot at getting
these updates available there.

                    Nico Kadel-Garcia <nk...@gmail.com>