pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2022Q1] pkgsrc/devel
Module Name: pkgsrc
Committed By: spz
Date: Sat Apr 16 08:40:45 UTC 2022
Modified Files:
pkgsrc/devel/java-subversion [pkgsrc-2022Q1]: Makefile
pkgsrc/devel/p5-subversion [pkgsrc-2022Q1]: Makefile
pkgsrc/devel/py-subversion [pkgsrc-2022Q1]: Makefile
pkgsrc/devel/ruby-subversion [pkgsrc-2022Q1]: Makefile
pkgsrc/devel/subversion [pkgsrc-2022Q1]: Makefile Makefile.version
distinfo
pkgsrc/devel/subversion-base [pkgsrc-2022Q1]: Makefile
Log Message:
Pullup ticket #6613 - requested by bsiegert
devel/java-subversion: security update
devel/p5-subversion: security update
devel/py-subversion: security update
devel/ruby-subversion: security update
devel/subversion-base: security update
devel/subversion: security update
Revisions pulled up:
- devel/java-subversion/Makefile 1.62
- devel/p5-subversion/Makefile 1.122
- devel/py-subversion/Makefile 1.95
- devel/ruby-subversion/Makefile 1.84
- devel/subversion-base/Makefile 1.130
- devel/subversion/Makefile 1.68
- devel/subversion/Makefile.version 1.88
- devel/subversion/distinfo 1.119
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Tue Apr 12 16:24:29 UTC 2022
Modified Files:
pkgsrc/devel/java-subversion: Makefile
pkgsrc/devel/p5-subversion: Makefile
pkgsrc/devel/py-subversion: Makefile
pkgsrc/devel/ruby-subversion: Makefile
pkgsrc/devel/subversion: Makefile.version distinfo
pkgsrc/devel/subversion-base: Makefile
Log Message:
subversion: update to 1.4.2 (security).
HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:
CVE-2021-28544
"SVN authz protected copyfrom paths regression"
The full security advisory for CVE-2021-28544 is available at:
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc
A brief summary of this advisory follows:
Subversion servers reveal 'copyfrom' paths that should be hidden according to
configured path-based authorization (authz) rules. When a node has been
copied from a protected location, users with access to the copy can see the
`copyfrom' path of the original. This also reveals the fact that
the node was copied.
Only the 'copyfrom' path is revealed; not its contents. Both httpd
and svnserve
servers are vulnerable.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Evgeny Kotkov
CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"
The full security advisory for CVE-2022-24070 is available at:
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc
A brief summary of this advisory follows:
While looking up path-based authorization rules, mod_dav_svn servers
may attempt to use memory which has already been freed.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Thomas Weißschuh
To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 pkgsrc/devel/java-subversion/Makefile
cvs rdiff -u -r1.121 -r1.122 pkgsrc/devel/p5-subversion/Makefile
cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/py-subversion/Makefile
cvs rdiff -u -r1.83 -r1.84 pkgsrc/devel/ruby-subversion/Makefile
cvs rdiff -u -r1.87 -r1.88 pkgsrc/devel/subversion/Makefile.version
cvs rdiff -u -r1.118 -r1.119 pkgsrc/devel/subversion/distinfo
cvs rdiff -u -r1.129 -r1.130 pkgsrc/devel/subversion-base/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 12 21:40:36 UTC 2022
Modified Files:
pkgsrc/devel/subversion: Makefile
Log Message:
subversion: reset PKGREVISION after update
To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 pkgsrc/devel/subversion/Makefile
To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.61.4.1 pkgsrc/devel/java-subversion/Makefile
cvs rdiff -u -r1.121 -r1.121.4.1 pkgsrc/devel/p5-subversion/Makefile
cvs rdiff -u -r1.94 -r1.94.4.1 pkgsrc/devel/py-subversion/Makefile
cvs rdiff -u -r1.83 -r1.83.4.1 pkgsrc/devel/ruby-subversion/Makefile
cvs rdiff -u -r1.67 -r1.67.6.1 pkgsrc/devel/subversion/Makefile
cvs rdiff -u -r1.87 -r1.87.10.1 pkgsrc/devel/subversion/Makefile.version
cvs rdiff -u -r1.118 -r1.118.4.1 pkgsrc/devel/subversion/distinfo
cvs rdiff -u -r1.129 -r1.129.4.1 pkgsrc/devel/subversion-base/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/devel/java-subversion/Makefile
diff -u pkgsrc/devel/java-subversion/Makefile:1.61 pkgsrc/devel/java-subversion/Makefile:1.61.4.1
--- pkgsrc/devel/java-subversion/Makefile:1.61 Wed Dec 8 16:03:59 2021
+++ pkgsrc/devel/java-subversion/Makefile Sat Apr 16 08:40:44 2022
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.61 2021/12/08 16:03:59 adam Exp $
+# $NetBSD: Makefile,v 1.61.4.1 2022/04/16 08:40:44 spz Exp $
PKGNAME= java-subversion-${SVNVER}
-PKGREVISION= 3
COMMENT= Java bindings for Subversion
MAKE_JOBS_SAFE= no
Index: pkgsrc/devel/p5-subversion/Makefile
diff -u pkgsrc/devel/p5-subversion/Makefile:1.121 pkgsrc/devel/p5-subversion/Makefile:1.121.4.1
--- pkgsrc/devel/p5-subversion/Makefile:1.121 Wed Dec 8 16:04:04 2021
+++ pkgsrc/devel/p5-subversion/Makefile Sat Apr 16 08:40:44 2022
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.121 2021/12/08 16:04:04 adam Exp $
+# $NetBSD: Makefile,v 1.121.4.1 2022/04/16 08:40:44 spz Exp $
PKGNAME= p5-subversion-${SVNVER}
-PKGREVISION= 3
COMMENT= Perl bindings for Subversion
.include "../../devel/subversion/Makefile.common"
Index: pkgsrc/devel/py-subversion/Makefile
diff -u pkgsrc/devel/py-subversion/Makefile:1.94 pkgsrc/devel/py-subversion/Makefile:1.94.4.1
--- pkgsrc/devel/py-subversion/Makefile:1.94 Wed Dec 8 16:04:05 2021
+++ pkgsrc/devel/py-subversion/Makefile Sat Apr 16 08:40:44 2022
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.94 2021/12/08 16:04:05 adam Exp $
+# $NetBSD: Makefile,v 1.94.4.1 2022/04/16 08:40:44 spz Exp $
PKGNAME= ${PYPKGPREFIX}-subversion-${SVNVER}
-PKGREVISION= 3
COMMENT= Python bindings and tools for Subversion
.include "../../devel/subversion/Makefile.common"
Index: pkgsrc/devel/ruby-subversion/Makefile
diff -u pkgsrc/devel/ruby-subversion/Makefile:1.83 pkgsrc/devel/ruby-subversion/Makefile:1.83.4.1
--- pkgsrc/devel/ruby-subversion/Makefile:1.83 Wed Dec 8 16:04:07 2021
+++ pkgsrc/devel/ruby-subversion/Makefile Sat Apr 16 08:40:44 2022
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.83 2021/12/08 16:04:07 adam Exp $
+# $NetBSD: Makefile,v 1.83.4.1 2022/04/16 08:40:44 spz Exp $
PKGNAME= ${RUBY_PKGPREFIX}-subversion-${SVNVER}
-PKGREVISION= 3
COMMENT= Ruby bindings for Subversion
.include "../../devel/subversion/Makefile.common"
Index: pkgsrc/devel/subversion/Makefile
diff -u pkgsrc/devel/subversion/Makefile:1.67 pkgsrc/devel/subversion/Makefile:1.67.6.1
--- pkgsrc/devel/subversion/Makefile:1.67 Wed Jul 21 14:40:29 2021
+++ pkgsrc/devel/subversion/Makefile Sat Apr 16 08:40:45 2022
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.67 2021/07/21 14:40:29 taca Exp $
+# $NetBSD: Makefile,v 1.67.6.1 2022/04/16 08:40:45 spz Exp $
PKGNAME= subversion-${SVNVER}
-PKGREVISION= 2
COMMENT= Version control system, meta-package
META_PACKAGE= yes
Index: pkgsrc/devel/subversion/Makefile.version
diff -u pkgsrc/devel/subversion/Makefile.version:1.87 pkgsrc/devel/subversion/Makefile.version:1.87.10.1
--- pkgsrc/devel/subversion/Makefile.version:1.87 Sun Feb 14 15:09:19 2021
+++ pkgsrc/devel/subversion/Makefile.version Sat Apr 16 08:40:45 2022
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.version,v 1.87 2021/02/14 15:09:19 adam Exp $
+# $NetBSD: Makefile.version,v 1.87.10.1 2022/04/16 08:40:45 spz Exp $
# When updating subversion, all packages are updated at the same time
# to have a consistent set of packages. A particularly tricky aspect
@@ -7,5 +7,5 @@
# changing the version.
.if !defined(SVNVER)
-SVNVER= 1.14.1
+SVNVER= 1.14.2
.endif
Index: pkgsrc/devel/subversion/distinfo
diff -u pkgsrc/devel/subversion/distinfo:1.118 pkgsrc/devel/subversion/distinfo:1.118.4.1
--- pkgsrc/devel/subversion/distinfo:1.118 Tue Oct 26 10:19:57 2021
+++ pkgsrc/devel/subversion/distinfo Sat Apr 16 08:40:45 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.118 2021/10/26 10:19:57 nia Exp $
+$NetBSD: distinfo,v 1.118.4.1 2022/04/16 08:40:45 spz Exp $
-BLAKE2s (subversion-1.14.1.tar.bz2) = af51085e4a85be8367c51e407958a56118c0bfedda1a6f77576597e092662f42
-SHA512 (subversion-1.14.1.tar.bz2) = 0a70c7152b77cdbcb810a029263e4b3240b6ef41d1c19714e793594088d3cca758d40dfbc05622a806b06463becb73207df249393924ce591026b749b875fcdd
-Size (subversion-1.14.1.tar.bz2) = 8504612 bytes
+BLAKE2s (subversion-1.14.2.tar.bz2) = efb49dfb51b3f6c51ac7fe41b3dc593efeef1f9c2fdfa51567ab3940627162ea
+SHA512 (subversion-1.14.2.tar.bz2) = 20ada4688ca07d9fb8da4b7d53b5084568652a3b9418c65e688886bae950a16a3ff37710fcfc9c29ef14a89e75b2ceec4e9cf35d5876a7896ebc2b512cfb9ecc
+Size (subversion-1.14.2.tar.bz2) = 8606570 bytes
SHA1 (patch-Makefile.in) = 2df6c733d563c0bc7e0d1b4b6e6e00f82ea8c176
SHA1 (patch-configure) = cca6c305c28005496df0913637a9eb778a846fc0
SHA1 (patch-subversion_bindings_swig_perl_native_Makefile.PL.in) = 3fadde312693f2a304cd7e348c66cbd373c57854
Index: pkgsrc/devel/subversion-base/Makefile
diff -u pkgsrc/devel/subversion-base/Makefile:1.129 pkgsrc/devel/subversion-base/Makefile:1.129.4.1
--- pkgsrc/devel/subversion-base/Makefile:1.129 Wed Dec 8 16:02:03 2021
+++ pkgsrc/devel/subversion-base/Makefile Sat Apr 16 08:40:44 2022
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.129 2021/12/08 16:02:03 adam Exp $
+# $NetBSD: Makefile,v 1.129.4.1 2022/04/16 08:40:44 spz Exp $
PKGNAME= subversion-base-${SVNVER}
-PKGREVISION= 3
COMMENT= Version control system, base programs and libraries
# on at least solaris, configure fails to figure out
Home |
Main Index |
Thread Index |
Old Index