[Bug 563179] Re: svn crashes when checking out when saving credentials in kwallet

Launchpad Bug Tracker 563179 at bugs.launchpad.net
Fri Dec 11 03:39:11 UTC 2015 

This bug was fixed in the package subversion - 1.9.2-3ubuntu1

---------------
subversion (1.9.2-3ubuntu1) xenial; urgency=medium

  * Merge with Debian unstable, remaining changes:
    - Build a python-subversion-dbg package.
    - Build-depend on python-all-dbg.
    - Only build on requested python versions (X-Python-Versions:).
    - debian/patches/verbose-tests: Make tests verbose.
  * Drop CVE patches that are included in this new upstream version.

subversion (1.9.2-3) unstable; urgency=medium

  * Re-enable libsvn-java on kfreebsd-*.
  * Ensure swig2.0 is used to avoid build failures, until upstream figures
    out how to work with swig >= 3.0.  (Closes: #804389)
  * Fix FTBFS with Ruby 2.2 (Closes: #803589)
    + Add ruby-frozen-nil patch to create a new Object instead of trying to
      make modifications to the nil object.
    + Add ruby-test-unit patch to be compatible with the ruby-test-unit gem as
      well as the older test-unit API provided by minitest.

subversion (1.9.2-2) unstable; urgency=medium

  * Fix FTBFS with older Ruby versions by using RbConfig['vendorarchdir'] to
    find the .a/.la files we're deleting.

subversion (1.9.2-1) unstable; urgency=medium

  * New upstream release
    + Fix crash when saving credentials in kwallet.  (Closes: #736879,
      LP: #563179)

subversion (1.9.1-1) unstable; urgency=medium

  * New upstream release
    + Remove direct use of svn_fs_open2 from libsvn_fs_x, thus fixing the
      missing svn_fs_open2 symbol.  (Closes: #795160)
  * Enable gpg verification of new releases.
  * Rename bash-completion file to svn and add symlinks for all other commands
    which have completion.  (Closes: #797648)
  * debian/tests/libapache2-mod-svn: Stop apache2 before ending the test, to
    avoid leaving stray processes running.

subversion (1.9.0-1) unstable; urgency=medium

  * Upload to unstable
  * New upstream release.
    + Security fixes
      - CVE-2015-3184: Mixed anonymous/authenticated path-based authz with
        httpd 2.4
      - CVE-2015-3187: svn_repos_trace_node_locations() reveals paths hidden
        by authz
  * Add >= 2.7 requirement for python-all-dev Build-Depends, needed to run
    tests.
  * Remove Build-Conflicts against ruby-test-unit.  (Closes: #791844)
  * Remove patches/apache_module_dependency in favor of expressing the
    dependencies in authz_svn.load/dav_svn.load.
  * Build-Depend on apache2-dev (>= 2.4.16) to ensure ap_some_authn_required()
    is available when building mod_authz_svn and Depend on apache2-bin (>=
    2.4.16) for runtime support.

subversion (1.9.0~rc3-1) experimental; urgency=medium

  * New upstream pre-release.
  * Point the Vcs-* URLs at the right directory

subversion (1.9.0~rc2-2) experimental; urgency=medium

  * Bump minimum JDK version to 1.6 in accordance with upstream change,
    “javahl: requires Java 1.6 (r1677003)”
    - This causes libsvn-java to no longer be available where gcj is the only
      available Java implementation

subversion (1.9.0~rc2-1) experimental; urgency=medium

  * New upstream pre-release.  Refresh patches.

subversion (1.9.0~rc1-2) experimental; urgency=medium

  * Install bash completion to /usr/share/bash-completion/completions
  * Add dav_svn_get_repos_path2 symbol to apache_module_dependency patch.
    (Closes: #786903)

subversion (1.9.0~rc1-1) experimental; urgency=medium

  * New upstream pre-release. Refresh patches.
    + Remove backported patches libtoolize, ruby2.0-build-fixes,
      test-failure-with-optimizations, CVE-2014-3580, CVE-2014-8108,
      CVE-2015-0202, CVE-2015-0248, CVE-2015-0251.
    + New svn-vendor tool, alternative to svn_load_dirs.
    + svn-bench renamed to svnbench and moved to subversion package.
    + fsfs-stats tool replaced by the "stats" subcommand of the new svnfsfs
      command.
    + Minimum supported version of serf bumped to 1.3.4.
    + pkgconfig files are available for the various libsvn_* libraries.
    + Fix “access forbidden” errors when performing a diff on a remote
      repository when the user does not have access to the parent directory.
      (Closes: #739278)
  * debian/rules: Add new generated files to clean target
  * debian/control:
    + Remove Troy Heber from Uploaders, at his request.  Thanks for all the
      fish!
    + Add dh-python to Build-Depends

 -- Adam Conrad <adconrad at ubuntu.com>  Thu, 10 Dec 2015 09:44:29 -0700

** Changed in: subversion (Ubuntu)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3580

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-8108

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-0202

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-0248

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-0251

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-3184

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-3187

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to subversion in Ubuntu.
https://bugs.launchpad.net/bugs/563179

Title:
  svn crashes when checking out when saving credentials in kwallet

Status in subversion package in Ubuntu:
  Fix Released
Status in subversion package in Debian:
  Fix Released

Bug description:
  Binary package hint: subversion

  SVN crashes when requesting access to the KDE wallet for the first
  time, adding a new password, and after clicking on "Allow Always",
  forcing a cleanup. When running svn again, it runs with no problem
  using the stored password.

  ProblemType: Crash
  DistroRelease: Ubuntu 10.04
  Package: subversion 1.6.6dfsg-2ubuntu1
  ProcVersionSignature: Ubuntu 2.6.32-20.30-generic-pae 2.6.32.11+drm33.2
  Uname: Linux 2.6.32-20-generic-pae i686
  NonfreeKernelModules: nvidia
  Architecture: i386
  Date: Wed Apr 14 12:10:53 2010
  Disassembly: => 0x3:	Cannot access memory at address 0x3
  ExecutablePath: /usr/bin/svn
  InstallationMedia: Kubuntu 10.04 "Lucid Lynx" - Beta i386 (20100406.1)
  ProcCmdline: svn co http://svn.jumpjoe.com/papers/CV CV
  ProcEnviron:
   SHELL=/bin/bash
   LANG=en_CA.UTF-8
   LANGUAGE=
   LC_TIME=en_GB.UTF-8
  SegvAnalysis:
   Segfault happened at: 0x3:	Cannot access memory at address 0x3
   PC (0x00000003) not located in a known VMA region (needed executable region)!
  SegvReason: executing NULL VMA
  Signal: 11
  SourcePackage: subversion
  StacktraceTop:
   ?? ()
   ?? () from /usr/lib/libsvn_auth_kwallet-1.so.1
   svn_auth__simple_save_creds_helper ()
   ?? () from /usr/lib/libsvn_auth_kwallet-1.so.1
   svn_auth_save_credentials ()
  Title: svn crashed with SIGSEGV in svn_auth__simple_save_creds_helper()
  UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/563179/+subscriptions

More information about the foundations-bugs mailing list