diff options
author | spz <spz@pkgsrc.org> | 2022-04-16 08:40:44 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2022-04-16 08:40:44 +0000 |
commit | bf8dddbf661b5d18b812143c370a2e5064193b84 (patch) | |
tree | e93894cf8f9e0a5d112205bce85b67fed0d0240d | |
parent | 066c0df9588b618837adfb41d56039e08c2120ec (diff) | |
download | pkgsrc-bf8dddbf661b5d18b812143c370a2e5064193b84.tar.gz |
Pullup ticket #6613 - requested by bsiegert
devel/java-subversion: security update
devel/p5-subversion: security update
devel/py-subversion: security update
devel/ruby-subversion: security update
devel/subversion-base: security update
devel/subversion: security update
Revisions pulled up:
- devel/java-subversion/Makefile 1.62
- devel/p5-subversion/Makefile 1.122
- devel/py-subversion/Makefile 1.95
- devel/ruby-subversion/Makefile 1.84
- devel/subversion-base/Makefile 1.130
- devel/subversion/Makefile 1.68
- devel/subversion/Makefile.version 1.88
- devel/subversion/distinfo 1.119
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Tue Apr 12 16:24:29 UTC 2022
Modified Files:
pkgsrc/devel/java-subversion: Makefile
pkgsrc/devel/p5-subversion: Makefile
pkgsrc/devel/py-subversion: Makefile
pkgsrc/devel/ruby-subversion: Makefile
pkgsrc/devel/subversion: Makefile.version distinfo
pkgsrc/devel/subversion-base: Makefile
Log Message:
subversion: update to 1.4.2 (security).
HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:
CVE-2021-28544
"SVN authz protected copyfrom paths regression"
The full security advisory for CVE-2021-28544 is available at:
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc
A brief summary of this advisory follows:
Subversion servers reveal 'copyfrom' paths that should be hidden according to
configured path-based authorization (authz) rules. When a node has been
copied from a protected location, users with access to the copy can see the
`copyfrom' path of the original. This also reveals the fact that
the node was copied.
Only the 'copyfrom' path is revealed; not its contents. Both httpd
and svnserve
servers are vulnerable.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Evgeny Kotkov
CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"
The full security advisory for CVE-2022-24070 is available at:
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc
A brief summary of this advisory follows:
While looking up path-based authorization rules, mod_dav_svn servers
may attempt to use memory which has already been freed.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Thomas Weißschuh
To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 pkgsrc/devel/java-subversion/Makefile
cvs rdiff -u -r1.121 -r1.122 pkgsrc/devel/p5-subversion/Makefile
cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/py-subversion/Makefile
cvs rdiff -u -r1.83 -r1.84 pkgsrc/devel/ruby-subversion/Makefile
cvs rdiff -u -r1.87 -r1.88 pkgsrc/devel/subversion/Makefile.version
cvs rdiff -u -r1.118 -r1.119 pkgsrc/devel/subversion/distinfo
cvs rdiff -u -r1.129 -r1.130 pkgsrc/devel/subversion-base/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 12 21:40:36 UTC 2022
Modified Files:
pkgsrc/devel/subversion: Makefile
Log Message:
subversion: reset PKGREVISION after update
To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 pkgsrc/devel/subversion/Makefile
-rw-r--r-- | devel/java-subversion/Makefile | 3 | ||||
-rw-r--r-- | devel/p5-subversion/Makefile | 3 | ||||
-rw-r--r-- | devel/py-subversion/Makefile | 3 | ||||
-rw-r--r-- | devel/ruby-subversion/Makefile | 3 | ||||
-rw-r--r-- | devel/subversion-base/Makefile | 3 | ||||
-rw-r--r-- | devel/subversion/Makefile | 3 | ||||
-rw-r--r-- | devel/subversion/Makefile.version | 4 | ||||
-rw-r--r-- | devel/subversion/distinfo | 8 |
8 files changed, 12 insertions, 18 deletions
diff --git a/devel/java-subversion/Makefile b/devel/java-subversion/Makefile index f353569a2c1..244fa438b3d 100644 --- a/devel/java-subversion/Makefile +++ b/devel/java-subversion/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.61 2021/12/08 16:03:59 adam Exp $ +# $NetBSD: Makefile,v 1.61.4.1 2022/04/16 08:40:44 spz Exp $ PKGNAME= java-subversion-${SVNVER} -PKGREVISION= 3 COMMENT= Java bindings for Subversion MAKE_JOBS_SAFE= no diff --git a/devel/p5-subversion/Makefile b/devel/p5-subversion/Makefile index 6b5e9cc6d6f..a91ccc99713 100644 --- a/devel/p5-subversion/Makefile +++ b/devel/p5-subversion/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.121 2021/12/08 16:04:04 adam Exp $ +# $NetBSD: Makefile,v 1.121.4.1 2022/04/16 08:40:44 spz Exp $ PKGNAME= p5-subversion-${SVNVER} -PKGREVISION= 3 COMMENT= Perl bindings for Subversion .include "../../devel/subversion/Makefile.common" diff --git a/devel/py-subversion/Makefile b/devel/py-subversion/Makefile index aaed2132a49..faec63a2dc2 100644 --- a/devel/py-subversion/Makefile +++ b/devel/py-subversion/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.94 2021/12/08 16:04:05 adam Exp $ +# $NetBSD: Makefile,v 1.94.4.1 2022/04/16 08:40:44 spz Exp $ PKGNAME= ${PYPKGPREFIX}-subversion-${SVNVER} -PKGREVISION= 3 COMMENT= Python bindings and tools for Subversion .include "../../devel/subversion/Makefile.common" diff --git a/devel/ruby-subversion/Makefile b/devel/ruby-subversion/Makefile index f0d20f73940..5fcc91a2ae8 100644 --- a/devel/ruby-subversion/Makefile +++ b/devel/ruby-subversion/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.83 2021/12/08 16:04:07 adam Exp $ +# $NetBSD: Makefile,v 1.83.4.1 2022/04/16 08:40:44 spz Exp $ PKGNAME= ${RUBY_PKGPREFIX}-subversion-${SVNVER} -PKGREVISION= 3 COMMENT= Ruby bindings for Subversion .include "../../devel/subversion/Makefile.common" diff --git a/devel/subversion-base/Makefile b/devel/subversion-base/Makefile index 39d61b1a42c..c48e26bdbc2 100644 --- a/devel/subversion-base/Makefile +++ b/devel/subversion-base/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.129 2021/12/08 16:02:03 adam Exp $ +# $NetBSD: Makefile,v 1.129.4.1 2022/04/16 08:40:44 spz Exp $ PKGNAME= subversion-base-${SVNVER} -PKGREVISION= 3 COMMENT= Version control system, base programs and libraries # on at least solaris, configure fails to figure out diff --git a/devel/subversion/Makefile b/devel/subversion/Makefile index 99c8e09e76f..673f99bed90 100644 --- a/devel/subversion/Makefile +++ b/devel/subversion/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.67 2021/07/21 14:40:29 taca Exp $ +# $NetBSD: Makefile,v 1.67.6.1 2022/04/16 08:40:45 spz Exp $ PKGNAME= subversion-${SVNVER} -PKGREVISION= 2 COMMENT= Version control system, meta-package META_PACKAGE= yes diff --git a/devel/subversion/Makefile.version b/devel/subversion/Makefile.version index e7f8d9b278e..5d0651d0fdc 100644 --- a/devel/subversion/Makefile.version +++ b/devel/subversion/Makefile.version @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.version,v 1.87 2021/02/14 15:09:19 adam Exp $ +# $NetBSD: Makefile.version,v 1.87.10.1 2022/04/16 08:40:45 spz Exp $ # When updating subversion, all packages are updated at the same time # to have a consistent set of packages. A particularly tricky aspect @@ -7,5 +7,5 @@ # changing the version. .if !defined(SVNVER) -SVNVER= 1.14.1 +SVNVER= 1.14.2 .endif diff --git a/devel/subversion/distinfo b/devel/subversion/distinfo index 8561a10cf59..5946a242c83 100644 --- a/devel/subversion/distinfo +++ b/devel/subversion/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.118 2021/10/26 10:19:57 nia Exp $ +$NetBSD: distinfo,v 1.118.4.1 2022/04/16 08:40:45 spz Exp $ -BLAKE2s (subversion-1.14.1.tar.bz2) = af51085e4a85be8367c51e407958a56118c0bfedda1a6f77576597e092662f42 -SHA512 (subversion-1.14.1.tar.bz2) = 0a70c7152b77cdbcb810a029263e4b3240b6ef41d1c19714e793594088d3cca758d40dfbc05622a806b06463becb73207df249393924ce591026b749b875fcdd -Size (subversion-1.14.1.tar.bz2) = 8504612 bytes +BLAKE2s (subversion-1.14.2.tar.bz2) = efb49dfb51b3f6c51ac7fe41b3dc593efeef1f9c2fdfa51567ab3940627162ea +SHA512 (subversion-1.14.2.tar.bz2) = 20ada4688ca07d9fb8da4b7d53b5084568652a3b9418c65e688886bae950a16a3ff37710fcfc9c29ef14a89e75b2ceec4e9cf35d5876a7896ebc2b512cfb9ecc +Size (subversion-1.14.2.tar.bz2) = 8606570 bytes SHA1 (patch-Makefile.in) = 2df6c733d563c0bc7e0d1b4b6e6e00f82ea8c176 SHA1 (patch-configure) = cca6c305c28005496df0913637a9eb778a846fc0 SHA1 (patch-subversion_bindings_swig_perl_native_Makefile.PL.in) = 3fadde312693f2a304cd7e348c66cbd373c57854 |