Date: Wed, 24 Jul 2013 17:18:50 +0000 (UTC) From: "Lev A. Serebryakov" <lev@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r323611 - in head: devel/subversion devel/subversion/files devel/subversion17 security/vuxml Message-ID: <201307241718.r6OHIoja051336@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lev Date: Wed Jul 24 17:18:50 2013 New Revision: 323611 URL: http://svnweb.freebsd.org/changeset/ports/323611 Log: Update: devel/subversion to 1.8.1 devel/subversion16 to 1.7.11 These releases fix CVE-2013-4131 http://subversion.apache.org/security/CVE-2013-4131-advisory.txt Approved by: Olli Hauer <ohauer@FreeBSD.org> for devel/subversion17 Security: CVE-2013-4131 Deleted: head/devel/subversion/files/patch-fix4383 head/devel/subversion/files/patch-subversion--libsvn_subr--gpg_agent.c Modified: head/devel/subversion/Makefile head/devel/subversion/Makefile.common head/devel/subversion/distinfo head/devel/subversion17/Makefile.common head/devel/subversion17/distinfo head/security/vuxml/vuln.xml Modified: head/devel/subversion/Makefile ============================================================================== --- head/devel/subversion/Makefile Wed Jul 24 16:38:56 2013 (r323610) +++ head/devel/subversion/Makefile Wed Jul 24 17:18:50 2013 (r323611) @@ -119,6 +119,14 @@ BUILD_DEPENDS+= ${OLD_LIB_DEPENDS} LIB_DEPENDS= .endif +TOOLS_STATIC_BINARIES= client-side/svn-bench/svn-bench server-side/svnauthz \ + server-side/fsfs-stats \ + server-side/svn-populate-node-origins-index \ + server-side/svnauthz-validate \ + server-side/svn-rep-sharing-stats dev/fsfs-reorg \ + dev/svnraisetreeconflict/svnraisetreeconflict \ + dev/fsfs-access-map diff/diff3 diff/diff diff/diff4 + pre-everything:: @${ECHO_MSG} "" .if ${PORT_OPTIONS:MBDB} @@ -256,6 +264,10 @@ post-install: ${MKREPOS_TARGET} .endif .endif @${MKDIR} ${DATADIR} +.if ${PORT_OPTIONS:MSTATIC} + cd ${WRKSRC}/tools ; \ + ${RM} ${TOOLS_STATIC_BINARIES} +.endif cd ${WRKSRC}/tools ; \ ${TAR} --exclude '*.in' --exclude '.libs' --exclude '*.o' --exclude '*.lo' --exclude '*.la' --exclude='*.slo' -cf - * | ${TAR} -C ${DATADIR} -xf - # ugly hack to remove libtool scripts ... Modified: head/devel/subversion/Makefile.common ============================================================================== --- head/devel/subversion/Makefile.common Wed Jul 24 16:38:56 2013 (r323610) +++ head/devel/subversion/Makefile.common Wed Jul 24 17:18:50 2013 (r323611) @@ -2,8 +2,8 @@ # $FreeBSD$ PORTNAME= subversion -PORTVERSION= 1.8.0 -PORTREVISION?= 3 +PORTVERSION= 1.8.1 +PORTREVISION?= 0 CATEGORIES+= devel MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:main/} \ ${MASTER_SITE_LOCAL:S/$/:book/} Modified: head/devel/subversion/distinfo ============================================================================== --- head/devel/subversion/distinfo Wed Jul 24 16:38:56 2013 (r323610) +++ head/devel/subversion/distinfo Wed Jul 24 17:18:50 2013 (r323611) @@ -1,5 +1,5 @@ -SHA256 (subversion18/subversion-1.8.0.tar.bz2) = a470803293a8aced445cff0f7b24b95ad276600af55d4b24b1e196fd2de87f10 -SIZE (subversion18/subversion-1.8.0.tar.bz2) = 6711904 +SHA256 (subversion18/subversion-1.8.1.tar.bz2) = faaaaedba25777331e761884598af1dd9fe33631d6415b2e0ba5348867c4edb4 +SIZE (subversion18/subversion-1.8.1.tar.bz2) = 6770843 SHA256 (subversion18/svn-book-html-r4515.tar.bz2) = 666cef147abc9b917a6bb6527da4f4869221d793126289c715f002bfb2baa508 SIZE (subversion18/svn-book-html-r4515.tar.bz2) = 473182 SHA256 (subversion18/svn-book-r4515.pdf) = 962d524ae2c861ec48a45723c484f4f5e1826ee2f9ccfe58b07b96af67b0bf5e Modified: head/devel/subversion17/Makefile.common ============================================================================== --- head/devel/subversion17/Makefile.common Wed Jul 24 16:38:56 2013 (r323610) +++ head/devel/subversion17/Makefile.common Wed Jul 24 17:18:50 2013 (r323611) @@ -2,8 +2,8 @@ # $FreeBSD$ PORTNAME= subversion -PORTVERSION= 1.7.10 -PORTREVISION?= 1 +PORTVERSION= 1.7.11 +PORTREVISION?= 0 CATEGORIES+= devel MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:main/} \ ${MASTER_SITE_LOCAL:S/$/:book/} Modified: head/devel/subversion17/distinfo ============================================================================== --- head/devel/subversion17/distinfo Wed Jul 24 16:38:56 2013 (r323610) +++ head/devel/subversion17/distinfo Wed Jul 24 17:18:50 2013 (r323611) @@ -1,5 +1,5 @@ -SHA256 (subversion17/subversion-1.7.10.tar.bz2) = c1df222bec83d014d17785e2ceba6bc80962f64b280967de0285836d8d77a8e7 -SIZE (subversion17/subversion-1.7.10.tar.bz2) = 5952121 +SHA256 (subversion17/subversion-1.7.11.tar.bz2) = c383b19d8d0db4c736570f1eb6af196416b26d0b3bde64ae60988a9d1f7ac3c0 +SIZE (subversion17/subversion-1.7.11.tar.bz2) = 6042338 SHA256 (subversion17/svn-book-html-r4515.tar.bz2) = 666cef147abc9b917a6bb6527da4f4869221d793126289c715f002bfb2baa508 SIZE (subversion17/svn-book-html-r4515.tar.bz2) = 473182 SHA256 (subversion17/svn-book-r4515.pdf) = 962d524ae2c861ec48a45723c484f4f5e1826ee2f9ccfe58b07b96af67b0bf5e Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 24 16:38:56 2013 (r323610) +++ head/security/vuxml/vuln.xml Wed Jul 24 17:18:50 2013 (r323611) @@ -51,6 +51,36 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2ae24334-f2e6-11e2-8346-001e8c75030d"> + <topic>subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow.</topic> + <affects> + <package> + <name>subversion</name> + <range><ge>1.8.0</ge><lt>1.8.1</lt></range> + <range><ge>1.7.0</ge><lt>1.7.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Subversion Project reports:</p> + <blockquote cite="http://subversion.apache.org/security/CVE-2013-4131-advisory.txt"> + <p>Subversion's mod_dav_svn Apache HTTPD server module will trigger an assertion + on some requests made against a revision root. This can lead to a DoS. + If assertions are disabled it will trigger a read overflow which may cause a + SEGFAULT (or equivalent) or undefined behavior.</p> + <p>Commit access is required to exploit this.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-4131</cvename> + </references> + <dates> + <discovery>2013-07-19</discovery> + <entry>2013-07-24</entry> + </dates> + </vuln> + <vuln vid="2fbfd455-f2d0-11e2-8a46-000d601460a4"> <topic>suPHP -- Privilege escalation</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307241718.r6OHIoja051336>