From owner-svn-ports-all@FreeBSD.ORG Wed Jul 24 17:18:52 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id AA7E7AFB; Wed, 24 Jul 2013 17:18:52 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 96EDA20C5; Wed, 24 Jul 2013 17:18:52 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r6OHIqs3051348; Wed, 24 Jul 2013 17:18:52 GMT (envelope-from lev@svn.freebsd.org) Received: (from lev@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r6OHIoja051336; Wed, 24 Jul 2013 17:18:50 GMT (envelope-from lev@svn.freebsd.org) Message-Id: <201307241718.r6OHIoja051336@svn.freebsd.org> From: "Lev A. Serebryakov" Date: Wed, 24 Jul 2013 17:18:50 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r323611 - in head: devel/subversion devel/subversion/files devel/subversion17 security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2013 17:18:52 -0000 Author: lev Date: Wed Jul 24 17:18:50 2013 New Revision: 323611 URL: http://svnweb.freebsd.org/changeset/ports/323611 Log: Update: devel/subversion to 1.8.1 devel/subversion16 to 1.7.11 These releases fix CVE-2013-4131 http://subversion.apache.org/security/CVE-2013-4131-advisory.txt Approved by: Olli Hauer for devel/subversion17 Security: CVE-2013-4131 Deleted: head/devel/subversion/files/patch-fix4383 head/devel/subversion/files/patch-subversion--libsvn_subr--gpg_agent.c Modified: head/devel/subversion/Makefile head/devel/subversion/Makefile.common head/devel/subversion/distinfo head/devel/subversion17/Makefile.common head/devel/subversion17/distinfo head/security/vuxml/vuln.xml Modified: head/devel/subversion/Makefile ============================================================================== --- head/devel/subversion/Makefile Wed Jul 24 16:38:56 2013 (r323610) +++ head/devel/subversion/Makefile Wed Jul 24 17:18:50 2013 (r323611) @@ -119,6 +119,14 @@ BUILD_DEPENDS+= ${OLD_LIB_DEPENDS} LIB_DEPENDS= .endif +TOOLS_STATIC_BINARIES= client-side/svn-bench/svn-bench server-side/svnauthz \ + server-side/fsfs-stats \ + server-side/svn-populate-node-origins-index \ + server-side/svnauthz-validate \ + server-side/svn-rep-sharing-stats dev/fsfs-reorg \ + dev/svnraisetreeconflict/svnraisetreeconflict \ + dev/fsfs-access-map diff/diff3 diff/diff diff/diff4 + pre-everything:: @${ECHO_MSG} "" .if ${PORT_OPTIONS:MBDB} @@ -256,6 +264,10 @@ post-install: ${MKREPOS_TARGET} .endif .endif @${MKDIR} ${DATADIR} +.if ${PORT_OPTIONS:MSTATIC} + cd ${WRKSRC}/tools ; \ + ${RM} ${TOOLS_STATIC_BINARIES} +.endif cd ${WRKSRC}/tools ; \ ${TAR} --exclude '*.in' --exclude '.libs' --exclude '*.o' --exclude '*.lo' --exclude '*.la' --exclude='*.slo' -cf - * | ${TAR} -C ${DATADIR} -xf - # ugly hack to remove libtool scripts ... Modified: head/devel/subversion/Makefile.common ============================================================================== --- head/devel/subversion/Makefile.common Wed Jul 24 16:38:56 2013 (r323610) +++ head/devel/subversion/Makefile.common Wed Jul 24 17:18:50 2013 (r323611) @@ -2,8 +2,8 @@ # $FreeBSD$ PORTNAME= subversion -PORTVERSION= 1.8.0 -PORTREVISION?= 3 +PORTVERSION= 1.8.1 +PORTREVISION?= 0 CATEGORIES+= devel MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:main/} \ ${MASTER_SITE_LOCAL:S/$/:book/} Modified: head/devel/subversion/distinfo ============================================================================== --- head/devel/subversion/distinfo Wed Jul 24 16:38:56 2013 (r323610) +++ head/devel/subversion/distinfo Wed Jul 24 17:18:50 2013 (r323611) @@ -1,5 +1,5 @@ -SHA256 (subversion18/subversion-1.8.0.tar.bz2) = a470803293a8aced445cff0f7b24b95ad276600af55d4b24b1e196fd2de87f10 -SIZE (subversion18/subversion-1.8.0.tar.bz2) = 6711904 +SHA256 (subversion18/subversion-1.8.1.tar.bz2) = faaaaedba25777331e761884598af1dd9fe33631d6415b2e0ba5348867c4edb4 +SIZE (subversion18/subversion-1.8.1.tar.bz2) = 6770843 SHA256 (subversion18/svn-book-html-r4515.tar.bz2) = 666cef147abc9b917a6bb6527da4f4869221d793126289c715f002bfb2baa508 SIZE (subversion18/svn-book-html-r4515.tar.bz2) = 473182 SHA256 (subversion18/svn-book-r4515.pdf) = 962d524ae2c861ec48a45723c484f4f5e1826ee2f9ccfe58b07b96af67b0bf5e Modified: head/devel/subversion17/Makefile.common ============================================================================== --- head/devel/subversion17/Makefile.common Wed Jul 24 16:38:56 2013 (r323610) +++ head/devel/subversion17/Makefile.common Wed Jul 24 17:18:50 2013 (r323611) @@ -2,8 +2,8 @@ # $FreeBSD$ PORTNAME= subversion -PORTVERSION= 1.7.10 -PORTREVISION?= 1 +PORTVERSION= 1.7.11 +PORTREVISION?= 0 CATEGORIES+= devel MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:main/} \ ${MASTER_SITE_LOCAL:S/$/:book/} Modified: head/devel/subversion17/distinfo ============================================================================== --- head/devel/subversion17/distinfo Wed Jul 24 16:38:56 2013 (r323610) +++ head/devel/subversion17/distinfo Wed Jul 24 17:18:50 2013 (r323611) @@ -1,5 +1,5 @@ -SHA256 (subversion17/subversion-1.7.10.tar.bz2) = c1df222bec83d014d17785e2ceba6bc80962f64b280967de0285836d8d77a8e7 -SIZE (subversion17/subversion-1.7.10.tar.bz2) = 5952121 +SHA256 (subversion17/subversion-1.7.11.tar.bz2) = c383b19d8d0db4c736570f1eb6af196416b26d0b3bde64ae60988a9d1f7ac3c0 +SIZE (subversion17/subversion-1.7.11.tar.bz2) = 6042338 SHA256 (subversion17/svn-book-html-r4515.tar.bz2) = 666cef147abc9b917a6bb6527da4f4869221d793126289c715f002bfb2baa508 SIZE (subversion17/svn-book-html-r4515.tar.bz2) = 473182 SHA256 (subversion17/svn-book-r4515.pdf) = 962d524ae2c861ec48a45723c484f4f5e1826ee2f9ccfe58b07b96af67b0bf5e Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 24 16:38:56 2013 (r323610) +++ head/security/vuxml/vuln.xml Wed Jul 24 17:18:50 2013 (r323611) @@ -51,6 +51,36 @@ Note: Please add new entries to the beg --> + + subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow. + + + subversion + 1.8.01.8.1 + 1.7.01.7.11 + + + + +

Subversion Project reports:

+
+

Subversion's mod_dav_svn Apache HTTPD server module will trigger an assertion + on some requests made against a revision root. This can lead to a DoS. + If assertions are disabled it will trigger a read overflow which may cause a + SEGFAULT (or equivalent) or undefined behavior.

+

Commit access is required to exploit this.

+
+ + + + CVE-2013-4131 + + + 2013-07-19 + 2013-07-24 + + + suPHP -- Privilege escalation