summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbsiegert <bsiegert@pkgsrc.org>2022-04-12 16:24:28 +0000
committerbsiegert <bsiegert@pkgsrc.org>2022-04-12 16:24:28 +0000
commit88e98f220ca5e6441b61e1c72323954741a6ed13 (patch)
tree70aeb79d84fdb27e9b5344bf5b726486c7620100
parent33143c374e6678f832aa78199a61dbad4200f687 (diff)
downloadpkgsrc-88e98f220ca5e6441b61e1c72323954741a6ed13.tar.gz
subversion: update to 1.4.2 (security).
HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES: CVE-2021-28544 "SVN authz protected copyfrom paths regression" The full security advisory for CVE-2021-28544 is available at: https://subversion.apache.org/security/CVE-2021-28544-advisory.txt https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc A brief summary of this advisory follows: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the `copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. We recommend all users to upgrade to a known fixed release of the Subversion server. This issue was reported by Evgeny Kotkov CVE-2022-24070 "Subversion's mod_dav_svn is vulnerable to memory corruption" The full security advisory for CVE-2022-24070 is available at: https://subversion.apache.org/security/CVE-2022-24070-advisory.txt https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc A brief summary of this advisory follows: While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. We recommend all users to upgrade to a known fixed release of the Subversion server. This issue was reported by Thomas Weißschuh
Diffstat
-rw-r--r--devel/java-subversion/Makefile3
-rw-r--r--devel/p5-subversion/Makefile3
-rw-r--r--devel/py-subversion/Makefile3
-rw-r--r--devel/ruby-subversion/Makefile3
-rw-r--r--devel/subversion-base/Makefile3
-rw-r--r--devel/subversion/Makefile.version4
-rw-r--r--devel/subversion/distinfo8
7 files changed, 11 insertions, 16 deletions
diff --git a/devel/java-subversion/Makefile b/devel/java-subversion/Makefile
index f353569a2c1..83df852ee5d 100644
--- a/devel/java-subversion/Makefile
+++ b/devel/java-subversion/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.61 2021/12/08 16:03:59 adam Exp $
+# $NetBSD: Makefile,v 1.62 2022/04/12 16:24:28 bsiegert Exp $
PKGNAME= java-subversion-${SVNVER}
-PKGREVISION= 3
COMMENT= Java bindings for Subversion
MAKE_JOBS_SAFE= no
diff --git a/devel/p5-subversion/Makefile b/devel/p5-subversion/Makefile
index 6b5e9cc6d6f..a4be2150301 100644
--- a/devel/p5-subversion/Makefile
+++ b/devel/p5-subversion/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.121 2021/12/08 16:04:04 adam Exp $
+# $NetBSD: Makefile,v 1.122 2022/04/12 16:24:28 bsiegert Exp $
PKGNAME= p5-subversion-${SVNVER}
-PKGREVISION= 3
COMMENT= Perl bindings for Subversion
.include "../../devel/subversion/Makefile.common"
diff --git a/devel/py-subversion/Makefile b/devel/py-subversion/Makefile
index aaed2132a49..f14f3605f51 100644
--- a/devel/py-subversion/Makefile
+++ b/devel/py-subversion/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.94 2021/12/08 16:04:05 adam Exp $
+# $NetBSD: Makefile,v 1.95 2022/04/12 16:24:28 bsiegert Exp $
PKGNAME= ${PYPKGPREFIX}-subversion-${SVNVER}
-PKGREVISION= 3
COMMENT= Python bindings and tools for Subversion
.include "../../devel/subversion/Makefile.common"
diff --git a/devel/ruby-subversion/Makefile b/devel/ruby-subversion/Makefile
index f0d20f73940..ac0598ca228 100644
--- a/devel/ruby-subversion/Makefile
+++ b/devel/ruby-subversion/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.83 2021/12/08 16:04:07 adam Exp $
+# $NetBSD: Makefile,v 1.84 2022/04/12 16:24:28 bsiegert Exp $
PKGNAME= ${RUBY_PKGPREFIX}-subversion-${SVNVER}
-PKGREVISION= 3
COMMENT= Ruby bindings for Subversion
.include "../../devel/subversion/Makefile.common"
diff --git a/devel/subversion-base/Makefile b/devel/subversion-base/Makefile
index 39d61b1a42c..c52b250e1c3 100644
--- a/devel/subversion-base/Makefile
+++ b/devel/subversion-base/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.129 2021/12/08 16:02:03 adam Exp $
+# $NetBSD: Makefile,v 1.130 2022/04/12 16:24:28 bsiegert Exp $
PKGNAME= subversion-base-${SVNVER}
-PKGREVISION= 3
COMMENT= Version control system, base programs and libraries
# on at least solaris, configure fails to figure out
diff --git a/devel/subversion/Makefile.version b/devel/subversion/Makefile.version
index e7f8d9b278e..c7df3f04a10 100644
--- a/devel/subversion/Makefile.version
+++ b/devel/subversion/Makefile.version
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.version,v 1.87 2021/02/14 15:09:19 adam Exp $
+# $NetBSD: Makefile.version,v 1.88 2022/04/12 16:24:28 bsiegert Exp $
# When updating subversion, all packages are updated at the same time
# to have a consistent set of packages. A particularly tricky aspect
@@ -7,5 +7,5 @@
# changing the version.
.if !defined(SVNVER)
-SVNVER= 1.14.1
+SVNVER= 1.14.2
.endif
diff --git a/devel/subversion/distinfo b/devel/subversion/distinfo
index 8561a10cf59..c6e79425877 100644
--- a/devel/subversion/distinfo
+++ b/devel/subversion/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.118 2021/10/26 10:19:57 nia Exp $
+$NetBSD: distinfo,v 1.119 2022/04/12 16:24:28 bsiegert Exp $
-BLAKE2s (subversion-1.14.1.tar.bz2) = af51085e4a85be8367c51e407958a56118c0bfedda1a6f77576597e092662f42
-SHA512 (subversion-1.14.1.tar.bz2) = 0a70c7152b77cdbcb810a029263e4b3240b6ef41d1c19714e793594088d3cca758d40dfbc05622a806b06463becb73207df249393924ce591026b749b875fcdd
-Size (subversion-1.14.1.tar.bz2) = 8504612 bytes
+BLAKE2s (subversion-1.14.2.tar.bz2) = efb49dfb51b3f6c51ac7fe41b3dc593efeef1f9c2fdfa51567ab3940627162ea
+SHA512 (subversion-1.14.2.tar.bz2) = 20ada4688ca07d9fb8da4b7d53b5084568652a3b9418c65e688886bae950a16a3ff37710fcfc9c29ef14a89e75b2ceec4e9cf35d5876a7896ebc2b512cfb9ecc
+Size (subversion-1.14.2.tar.bz2) = 8606570 bytes
SHA1 (patch-Makefile.in) = 2df6c733d563c0bc7e0d1b4b6e6e00f82ea8c176
SHA1 (patch-configure) = cca6c305c28005496df0913637a9eb778a846fc0
SHA1 (patch-subversion_bindings_swig_perl_native_Makefile.PL.in) = 3fadde312693f2a304cd7e348c66cbd373c57854
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-19 18:44:44 +0000