diff options
| author | James McCoy <jamessan@debian.org> | 2017-08-10 18:09:05 +0000 |
|---|---|---|
| committer | James McCoy <jamessan@debian.org> | 2017-08-10 18:09:05 +0000 |
| commit | d7bea26ad5397df2f1e4c34cef018b6529ee4d2c (patch) | |
| tree | 0089c15219c59f994f25b2782cc571d0236dbf4e | |
| parent | 639fb523e9a0428561ea56c8837ec1d380e210d4 (diff) | |
releasing package subversion version 1.9.7-1
| -rw-r--r-- | debian/changelog | 9 | ||||
| -rw-r--r-- | debian/patches/ssh-no-controlmaster | 12 |
2 files changed, 15 insertions, 6 deletions
diff --git a/debian/changelog b/debian/changelog index acd4300..794b8ee 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +subversion (1.9.7-1) unstable; urgency=high + + * New upstream release + + Security fix + - CVE-2017-9800: Arbitrary code execution on clients through malicious + svn+ssh URLs in svn:externals and svn:sync-from-url + + -- James McCoy <jamessan@debian.org> Thu, 10 Aug 2017 12:59:16 -0400 + subversion (1.9.6-1) unstable; urgency=medium * New upstream release diff --git a/debian/patches/ssh-no-controlmaster b/debian/patches/ssh-no-controlmaster index 20b6a01..90b43d7 100644 --- a/debian/patches/ssh-no-controlmaster +++ b/debian/patches/ssh-no-controlmaster @@ -20,19 +20,19 @@ connection sharing, but only if a ControlMaster is already present. "### passed to the tunnel agent as <user>@<hostname>.) If the" NL "### built-in ssh scheme were not predefined, it could be defined" NL "### as:" NL -- "# ssh = $SVN_SSH ssh -q" NL -+ "# ssh = $SVN_SSH ssh -q -o ControlMaster=no" NL +- "# ssh = $SVN_SSH ssh -q --" NL ++ "# ssh = $SVN_SSH ssh -q -o ControlMaster=no --" NL "### If you wanted to define a new 'rsh' scheme, to be used with" NL "### 'svn+rsh:' URLs, you could do so as follows:" NL - "# rsh = rsh" NL + "# rsh = rsh --" NL --- a/subversion/libsvn_ra_svn/client.c +++ b/subversion/libsvn_ra_svn/client.c -@@ -396,7 +396,7 @@ +@@ -397,7 +397,7 @@ * versions have it too. If the user is using some other ssh * implementation that doesn't accept it, they can override it * in the [tunnels] section of the config. */ -- val = "$SVN_SSH ssh -q"; -+ val = "$SVN_SSH ssh -q -o ControlMaster=no"; +- val = "$SVN_SSH ssh -q --"; ++ val = "$SVN_SSH ssh -q -o ControlMaster=no --"; } if (!val || !*val) |