On Thu, Mar 17, 2011 at 10:38 PM, Konstantin Boyandin
<lists_at_boyandin.name> wrote:
> 03/07/2011 02:24 AM, Nico Kadel-Garcia пишет:
>> On Sun, Mar 6, 2011 at 11:43 AM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
>>> Nico Kadel-Garcia wrote on Sun, Mar 06, 2011 at 09:00:15 -0500:
>>>> On Sun, Mar 6, 2011 at 7:22 AM, Andy Levy <andy.levy_at_gmail.com> wrote:
>>>>> On Sat, Mar 5, 2011 at 22:34, Konstantin Boyandin <lists_at_boyandin.name> wrote:
>>>>>> Hello,
>>>>>>
>>>>>> Setup: there's a server where Subversion repository is located (working
>>>>>> via Apache backend), OS CentOS 5.5, Subversion installed as RPM
>>>>>> subversion-1.4.2-4.el5_3.1
>>>>
>>>> Red Hat has published subversion-1.6.11 for RHEL 5.6, and you can grab
>>>> and recompile it from your nearest Red Hat SRPM mirror
>>>> (http://mirrors.kernel.org/redhat is pretty good.) CentOS 5.6 has been
>>>> taking a while to release, so it's not published for CentOS yet.
>>>>
>>>> But there is also the RPMforge release of subversion-1.6.15 at
>>>> http://rpmrepo.org/RPMforge/. Enjoy, I put up that one (based on
>>>> variious previous releases.) I'd urge you to upgrade, ASAP, for a lot
>>>> of *other* reasons.
>>>
>>> 1.6.15 contains a known remote DoS which is fixed by the just-released 1.6.16.
>>
>> I'm trying to recompile 1.6.16 for RHEL 5 based environments. There's
>> a number of fiddly little changes in the configurations which break
>> the RPM compilation.
>>
>> The remote DDOS is HTTP/HTTPS related. If you use svn+ssh, which I
>> recommend for security reasons anyway, you're apparently not at risk
>> of it.
>
> I would appreciate the RPMs compilation instructions for the 1.6.16 - or
> the link to SRPM.
>
> Thanks in advance!
>
> Sincerely,
> Konstantin
The 1.6.15 SRPM's are at http://rpmrepo.org/RPMforge/. I've not spent
a lot of time on this, I'm in the midst of interviewing for a role
involving Debian support and setting up a Debian environment. (My
current contract ended recently.)
The 1.6.16 has some minor build-structure changes that have broken the
SRPM's. I'm wondering if it's even worth pursuing, for environments
that don't rely on HTTP/HTTPS authentication, especially because I'm
such a long-standing deprecator of that approach. (This is because the
Linux and UNIX clients store the passwords for HTTP/HTTPS access in
clear text.)
Received on 2011-03-18 04:34:15 CET