pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc
Module Name: pkgsrc
Committed By: bsiegert
Date: Wed Oct 9 21:15:43 UTC 2024
Modified Files:
pkgsrc/devel/java-subversion: Makefile
pkgsrc/devel/p5-subversion: Makefile
pkgsrc/devel/py-subversion: Makefile
pkgsrc/devel/ruby-subversion: Makefile
pkgsrc/devel/subversion: Makefile Makefile.version distinfo
pkgsrc/devel/subversion-base: Makefile
pkgsrc/www/ap2-subversion: Makefile
Log Message:
subversion: update to 1.14.4
This is a security release but the issue is Windows-only AFAICT.
This is a stable bugfix and security release of the Apache Subversion
open source version control system.
Among regular bug fixes, this release fixes CVE-2024-45720:
Subversion command line argument injection on Windows platforms
On Windows platforms, a "best fit" character encoding conversion of
command line arguments to Subversion's executables (e.g., svn.exe,
etc.) may lead to unexpected command line argument interpretation,
including argument injection and execution of other programs, if a
specially crafted command line argument string is processed.
UNIX-like platforms are not affected.
Reported by:
Orange Tsai and splitline from DEVCORE Research Team
Full advisory:
https://subversion.apache.org/security/CVE-2024-45720-advisory.txt
https://subversion.apache.org/security/CVE-2024-45720-advisory.txt.asc
To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 pkgsrc/devel/java-subversion/Makefile
cvs rdiff -u -r1.132 -r1.133 pkgsrc/devel/p5-subversion/Makefile
cvs rdiff -u -r1.105 -r1.106 pkgsrc/devel/py-subversion/Makefile
cvs rdiff -u -r1.93 -r1.94 pkgsrc/devel/ruby-subversion/Makefile
cvs rdiff -u -r1.75 -r1.76 pkgsrc/devel/subversion/Makefile
cvs rdiff -u -r1.89 -r1.90 pkgsrc/devel/subversion/Makefile.version
cvs rdiff -u -r1.120 -r1.121 pkgsrc/devel/subversion/distinfo
cvs rdiff -u -r1.141 -r1.142 pkgsrc/devel/subversion-base/Makefile
cvs rdiff -u -r1.105 -r1.106 pkgsrc/www/ap2-subversion/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/devel/java-subversion/Makefile
diff -u pkgsrc/devel/java-subversion/Makefile:1.71 pkgsrc/devel/java-subversion/Makefile:1.72
--- pkgsrc/devel/java-subversion/Makefile:1.71 Wed May 29 16:32:03 2024
+++ pkgsrc/devel/java-subversion/Makefile Wed Oct 9 21:15:42 2024
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.71 2024/05/29 16:32:03 adam Exp $
+# $NetBSD: Makefile,v 1.72 2024/10/09 21:15:42 bsiegert Exp $
PKGNAME= java-subversion-${SVNVER}
-PKGREVISION= 1
COMMENT= Java bindings for Subversion
MAKE_JOBS_SAFE= no
Index: pkgsrc/devel/p5-subversion/Makefile
diff -u pkgsrc/devel/p5-subversion/Makefile:1.132 pkgsrc/devel/p5-subversion/Makefile:1.133
--- pkgsrc/devel/p5-subversion/Makefile:1.132 Wed May 29 16:32:17 2024
+++ pkgsrc/devel/p5-subversion/Makefile Wed Oct 9 21:15:42 2024
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.132 2024/05/29 16:32:17 adam Exp $
+# $NetBSD: Makefile,v 1.133 2024/10/09 21:15:42 bsiegert Exp $
PKGNAME= p5-subversion-${SVNVER}
-PKGREVISION= 1
COMMENT= Perl bindings for Subversion
.include "../../devel/subversion/Makefile.common"
Index: pkgsrc/devel/py-subversion/Makefile
diff -u pkgsrc/devel/py-subversion/Makefile:1.105 pkgsrc/devel/py-subversion/Makefile:1.106
--- pkgsrc/devel/py-subversion/Makefile:1.105 Wed May 29 16:32:18 2024
+++ pkgsrc/devel/py-subversion/Makefile Wed Oct 9 21:15:42 2024
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.105 2024/05/29 16:32:18 adam Exp $
+# $NetBSD: Makefile,v 1.106 2024/10/09 21:15:42 bsiegert Exp $
PKGNAME= ${PYPKGPREFIX}-subversion-${SVNVER}
-PKGREVISION= 1
COMMENT= Python bindings and tools for Subversion
.include "../../devel/subversion/Makefile.common"
Index: pkgsrc/devel/ruby-subversion/Makefile
diff -u pkgsrc/devel/ruby-subversion/Makefile:1.93 pkgsrc/devel/ruby-subversion/Makefile:1.94
--- pkgsrc/devel/ruby-subversion/Makefile:1.93 Wed May 29 16:32:19 2024
+++ pkgsrc/devel/ruby-subversion/Makefile Wed Oct 9 21:15:42 2024
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.93 2024/05/29 16:32:19 adam Exp $
+# $NetBSD: Makefile,v 1.94 2024/10/09 21:15:42 bsiegert Exp $
PKGNAME= ${RUBY_PKGPREFIX}-subversion-${SVNVER}
-PKGREVISION= 1
COMMENT= Ruby bindings for Subversion
.include "../../devel/subversion/Makefile.common"
Index: pkgsrc/devel/subversion/Makefile
diff -u pkgsrc/devel/subversion/Makefile:1.75 pkgsrc/devel/subversion/Makefile:1.76
--- pkgsrc/devel/subversion/Makefile:1.75 Sat Feb 10 14:42:38 2024
+++ pkgsrc/devel/subversion/Makefile Wed Oct 9 21:15:42 2024
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.75 2024/02/10 14:42:38 taca Exp $
+# $NetBSD: Makefile,v 1.76 2024/10/09 21:15:42 bsiegert Exp $
PKGNAME= subversion-${SVNVER}
-PKGREVISION= 1
COMMENT= Version control system, meta-package
META_PACKAGE= yes
Index: pkgsrc/devel/subversion/Makefile.version
diff -u pkgsrc/devel/subversion/Makefile.version:1.89 pkgsrc/devel/subversion/Makefile.version:1.90
--- pkgsrc/devel/subversion/Makefile.version:1.89 Fri Dec 29 11:30:53 2023
+++ pkgsrc/devel/subversion/Makefile.version Wed Oct 9 21:15:42 2024
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.version,v 1.89 2023/12/29 11:30:53 adam Exp $
+# $NetBSD: Makefile.version,v 1.90 2024/10/09 21:15:42 bsiegert Exp $
# When updating subversion, all packages are updated at the same time
# to have a consistent set of packages. A particularly tricky aspect
@@ -7,5 +7,5 @@
# changing the version.
.if !defined(SVNVER)
-SVNVER= 1.14.3
+SVNVER= 1.14.4
.endif
Index: pkgsrc/devel/subversion/distinfo
diff -u pkgsrc/devel/subversion/distinfo:1.120 pkgsrc/devel/subversion/distinfo:1.121
--- pkgsrc/devel/subversion/distinfo:1.120 Fri Dec 29 11:30:53 2023
+++ pkgsrc/devel/subversion/distinfo Wed Oct 9 21:15:42 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.120 2023/12/29 11:30:53 adam Exp $
+$NetBSD: distinfo,v 1.121 2024/10/09 21:15:42 bsiegert Exp $
-BLAKE2s (subversion-1.14.3.tar.bz2) = 3340ce250ef1ac0ae2c42d8ca8a4f031ab46250aa62048bbfc3f48d51c4c5998
-SHA512 (subversion-1.14.3.tar.bz2) = 40b172492005fd3b0cd9e457b4444af8ea5d8ff8fc161a9a0c6dc3a7314c6ad4ff75a4676f68a1919ae6273ae03e34d04eba8c1c37b8c0b4ec70d6731b527b41
-Size (subversion-1.14.3.tar.bz2) = 8569985 bytes
+BLAKE2s (subversion-1.14.4.tar.bz2) = 731560d0576fde94b7bacbe2a1c055cecbecab9a936488f8d7b5eb335b916ebb
+SHA512 (subversion-1.14.4.tar.bz2) = f5e104ef20c96f2605965fafeb9245b03c722734031c2c8d2b6f996979624566ac0a5dadc2d37274a360f2b1dbecb9f7149d0a43c23c2616b9176d0b9367c924
+Size (subversion-1.14.4.tar.bz2) = 8509652 bytes
SHA1 (patch-Makefile.in) = 378336a0908c28bf70b33833d23955ce0d562b12
SHA1 (patch-configure) = c1c73ace0b28acb921189bd97b74459823a2b104
SHA1 (patch-subversion_bindings_swig_perl_native_Makefile.PL.in) = 3fadde312693f2a304cd7e348c66cbd373c57854
Index: pkgsrc/devel/subversion-base/Makefile
diff -u pkgsrc/devel/subversion-base/Makefile:1.141 pkgsrc/devel/subversion-base/Makefile:1.142
--- pkgsrc/devel/subversion-base/Makefile:1.141 Wed May 29 16:32:20 2024
+++ pkgsrc/devel/subversion-base/Makefile Wed Oct 9 21:15:42 2024
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.141 2024/05/29 16:32:20 adam Exp $
+# $NetBSD: Makefile,v 1.142 2024/10/09 21:15:42 bsiegert Exp $
PKGNAME= subversion-base-${SVNVER}
-PKGREVISION= 1
COMMENT= Version control system, base programs and libraries
# on at least solaris, configure fails to figure out
Index: pkgsrc/www/ap2-subversion/Makefile
diff -u pkgsrc/www/ap2-subversion/Makefile:1.105 pkgsrc/www/ap2-subversion/Makefile:1.106
--- pkgsrc/www/ap2-subversion/Makefile:1.105 Wed May 29 16:34:47 2024
+++ pkgsrc/www/ap2-subversion/Makefile Wed Oct 9 21:15:43 2024
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.105 2024/05/29 16:34:47 adam Exp $
+# $NetBSD: Makefile,v 1.106 2024/10/09 21:15:43 bsiegert Exp $
PKGNAME= ${APACHE_PKG_PREFIX}-subversion-${SVNVER}
-PKGREVISION= 1
COMMENT= WebDAV server (Apache module) for Subversion
.include "../../devel/subversion/Makefile.common"
Home |
Main Index |
Thread Index |
Old Index