<div dir="ltr">Done in r5391 (trunk), r5392 (1.7), and r5395 (1.6).  Thanks for the reminder, Daniel!</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 10, 2017 at 2:29 PM, Daniel Shahaf <span dir="ltr"><<a href="mailto:d.s@daniel.shahaf.name" target="_blank">d.s@daniel.shahaf.name</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi, please check the book's recommendations regarding $SVN_SSH and<br>
tunnels and ensure it adds '--' there so readers on pre-1.9.7 versions<br>
aren't given advice that's vulnerable to CVE-2017-9800.<br>
<br>
Daniel<br>
<br>
<a href="mailto:danielsh@apache.org">danielsh@apache.org</a> wrote on Thu, 10 Aug 2017 18:15 +0000:<br>
> Author: danielsh<br>
> Date: Thu Aug 10 18:15:12 2017<br>
> New Revision: 1804692<br>
><br>
> URL: <a href="http://svn.apache.org/viewvc?rev=1804692&view=rev" rel="noreferrer" target="_blank">http://svn.apache.org/viewvc?<wbr>rev=1804692&view=rev</a><br>
> Log:<br>
> Follow-up to r1804691:<br>
><br>
> * notes/ssh-tricks: Update this documentation, too.<br>
><br>
> This patch is separate because notes/ is not in tarballs.<br>
><br>
> Modified:<br>
>     subversion/trunk/notes/ssh-<wbr>tricks<br>
><br>
> Modified: subversion/trunk/notes/ssh-<wbr>tricks<br>
> URL: <a href="http://svn.apache.org/viewvc/subversion/trunk/notes/ssh-tricks?rev=1804692&r1=1804691&r2=1804692&view=diff" rel="noreferrer" target="_blank">http://svn.apache.org/viewvc/<wbr>subversion/trunk/notes/ssh-<wbr>tricks?rev=1804692&r1=1804691&<wbr>r2=1804692&view=diff</a><br>
> ==============================<wbr>==============================<wbr>==================<br>
> --- subversion/trunk/notes/ssh-<wbr>tricks (original)<br>
> +++ subversion/trunk/notes/ssh-<wbr>tricks Thu Aug 10 18:15:12 2017<br>
> @@ -15,7 +15,7 @@ not work with password authentication.<br>
>  the client's key-pair is used only for access to svnserve; if you want<br>
>  to retain general shell access to the host, create a second, dedicated<br>
>  key-pair for Subversion access and (assuming a Unix client) set the<br>
> -environment variable SVN_SSH to "ssh -i /path/to/private/key/file".<br>
> +environment variable SVN_SSH to "ssh -i /path/to/private/key/file --".<br>
><br>
>  The basic idea<br>
>  --------------<br>
><br>
><br>
<br>
______________________________<wbr>_________________<br>
svnbook-dev mailing list<br>
<a href="mailto:svnbook-dev@red-bean.com">svnbook-dev@red-bean.com</a><br>
<a href="http://www.red-bean.com/mailman/listinfo/svnbook-dev" rel="noreferrer" target="_blank">http://www.red-bean.com/<wbr>mailman/listinfo/svnbook-dev</a></blockquote></div><br></div>