From 71d691cf79804215aac7e112c29b5c6106acb1f6 Mon Sep 17 00:00:00 2001 From: adam Date: Sun, 14 Feb 2021 15:09:19 +0000 Subject: subversion: updated to 1.14.1 Subversion 1.14.1. This is a stable bugfix and security release of the Apache Subversion open source version control system. THIS RELEASE CONTAINS AN IMPORTANT SECURITY FIX: CVE-2020-17525 "Remote unauthenticated denial-of-service in Subversion mod_authz_svn" The full security advisory for CVE-2020-17525 is available at: https://subversion.apache.org/security/CVE-2020-17525-advisory.txt A brief summary of this advisory follows: Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. We recommend all users to upgrade to the 1.10.7 or 1.14.1 release of the Subversion mod_dav_svn server. As a workaround, the use of in-repository authz rules files with the AuthzSVNReposRelativeAccessFile can be avoided by switching to an alternative configuration which fetches an authz rules file from the server's filesystem, rather than from an SVN repository. --- www/ap2-subversion/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'www') diff --git a/www/ap2-subversion/Makefile b/www/ap2-subversion/Makefile index 1107954a20b..9dde175d632 100644 --- a/www/ap2-subversion/Makefile +++ b/www/ap2-subversion/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.94 2020/11/05 09:09:19 ryoon Exp $ +# $NetBSD: Makefile,v 1.95 2021/02/14 15:09:19 adam Exp $ PKGNAME= ${APACHE_PKG_PREFIX}-subversion-${SVNVER} -PKGREVISION= 1 COMMENT= WebDAV server (Apache module) for Subversion .include "../../devel/subversion/Makefile.common" -- cgit v1.2.3