Upstream has released new versions on July 6 and 7: https://svn.haxx.se/dev/archive-2017-07/0054.shtml http://svn.apache.org/repos/asf/subversion/tags/1.8.18/CHANGES https://mail-archives.apache.org/mod_mbox/subversion-announce/201707.mbox/%3C20170706103910.s2fibubji2orhfcs%40tarpaulin.shahaf.local2%3E http://svn.apache.org/repos/asf/subversion/tags/1.9.6/CHANGES The most notable fix is for "a bug where a repository would fail to store two files having identical SHA-1 checksums," also known as shattered-SHA1. We should update to the latest release for Mageia 5 and Mageia 6. Fedora has issued an advisory for this on July 25: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WCOARO6I72PRRJ5RQAFJRHJQ6TMCBEZD/
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Updated packages uploaded for Mageia 5, Mageia 6, and Cauldron. Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=14826#c2 Advisory: ---------------------------------------- The subversion packages for Mageia 5 and Mageia 6 have been updated to versions 1.8.18 and 1.9.6, respectively, fixing several bugs. The most notable bug fix regards how it handles SHA-1 collisions. See the upstream release announcement and Changelogs for details. References: https://svn.haxx.se/dev/archive-2017-07/0054.shtml http://svn.apache.org/repos/asf/subversion/tags/1.8.18/CHANGES https://mail-archives.apache.org/mod_mbox/subversion-announce/201707.mbox/%3C20170706103910.s2fibubji2orhfcs%40tarpaulin.shahaf.local2%3E http://svn.apache.org/repos/asf/subversion/tags/1.9.6/CHANGES ---------------------------------------- Updated packages in core/updates_testing: ---------------------------------------- subversion-1.8.18-1.mga5 subversion-doc-1.8.18-1.mga5 libsvn0-1.8.18-1.mga5 libsvn-gnome-keyring0-1.8.18-1.mga5 libsvn-kwallet0-1.8.18-1.mga5 subversion-server-1.8.18-1.mga5 subversion-tools-1.8.18-1.mga5 python-svn-1.8.18-1.mga5 ruby-svn-1.8.18-1.mga5 libsvnjavahl1-1.8.18-1.mga5 svn-javahl-1.8.18-1.mga5 perl-SVN-1.8.18-1.mga5 subversion-kwallet-devel-1.8.18-1.mga5 subversion-gnome-keyring-devel-1.8.18-1.mga5 perl-svn-devel-1.8.18-1.mga5 python-svn-devel-1.8.18-1.mga5 ruby-svn-devel-1.8.18-1.mga5 subversion-devel-1.8.18-1.mga5 apache-mod_dav_svn-1.8.18-1.mga5 subversion-1.9.6-1.mga6 subversion-doc-1.9.6-1.mga6 libsvn0-1.9.6-1.mga6 libsvn-gnome-keyring0-1.9.6-1.mga6 subversion-server-1.9.6-1.mga6 subversion-tools-1.9.6-1.mga6 python-svn-1.9.6-1.mga6 ruby-svn-1.9.6-1.mga6 libsvnjavahl1-1.9.6-1.mga6 svn-javahl-1.9.6-1.mga6 perl-SVN-1.9.6-1.mga6 subversion-gnome-keyring-devel-1.9.6-1.mga6 perl-svn-devel-1.9.6-1.mga6 python-svn-devel-1.9.6-1.mga6 ruby-svn-devel-1.9.6-1.mga6 subversion-devel-1.9.6-1.mga6 apache-mod_dav_svn-1.9.6-1.mga6 from SRPMS: subversion-1.8.18-1.mga5.src.rpm subversion-1.9.6-1.mga6.src.rpm
Version: Cauldron => 6Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO has_procedureAssignee: pkg-bugs => qa-bugsSummary: subversion 1.8.17 and 1.9.6 => subversion 1.8.18 and 1.9.6
Tested OK on Mageia 6 x86_64, I used the update candidate to upload the advisory :)
Whiteboard: MGA5TOO has_procedure => advisory has_procedure MGA5TOO MGA6-64-OK
Installed and tested on several repositories without issues. System: x86_64, Plasma, Intel CPU, nVidia GPU using proprietary driver. $ rpm -q subversion subversion-1.8.18-1.mga5
CC: (none) => mageia
Whiteboard: advisory has_procedure MGA5TOO MGA6-64-OK => advisory has_procedure MGA5TOO MGA6-64-OK MGA5-64-OK
Thanks, validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGAA-2017-0049.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED