Navigation:
Browse pkgsrc
(this page)| 2024-02-10 15:42:40 by Takahiro Kambe | Files touched by this commit (21) |
Log message: Bump revision by changing default version of Ruby. |
2023-12-29 12:30:53 by Adam Ciarcinski | Files touched by this commit (11) |  |
Log message: subversion: updated to 1.14.3 Version 1.14.3 User-visible changes: - Client-side bugfixes: * Fix svn:mergeinfo diff parser bug when parsing forward merges * Fix redirected URL handling with file externals - Server-side bugfixes: (none) Developer-visible changes: * swig-rb: Fix uses of 'File.exist?', deprecated since Ruby 2.1 * Build: Fix uses of deprecated Python APIs * Build: Retain ability to build SWIG Python 2 bindings * Fix reading WC lock status with svn_wc_status2_t * JavaHL: Add @Deprecated to silence compiler warnings * JavaHL: Fix crash in case of null message in getMessage * Fix build breakage of release tarballs by installed swig * Add regression test for issue 4711 "invalid xml file" * swig-py: Fix building with SWIG 4.1.0 * Makefile.in: Fix cleaning of __pycache__ dirs and *.pyc * swig-py: Avoid deprecated options to SWIG >= 4.1.0 * swig-py: Use sysconfig to allow building with Python 3.12 * INSTALL: Document not to use SVN with APR 1.7.3 on Windows * Fix test suite broken by syntax error when --enable-sasl * swig-py: Improve error when no external diff * autogen.sh: Fix building when Python is not named "python" |
| 2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message: *: bump for openssl 3 |
| 2023-10-23 16:26:46 by Michael Baeuerle | Files touched by this commit (20) |
Log message: Recursive revbump for new ABI major version of converters/utf8proc |
| 2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247) |
Log message: *: recursive bump for Python 3.11 as new default |
| 2022-08-17 21:59:39 by Roland Illig | Files touched by this commit (1) |
Log message: subversion: remove unknown configure option '--with-neon' |
| 2022-06-30 13:19:02 by Nia Alarie | Files touched by this commit (524) |
Log message: *: Revbump packages that use Python at runtime without a PKGNAME prefix |
| 2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952) |
Log message: *: recursive bump for perl 5.36 |
| 2022-04-12 23:40:36 by Thomas Klausner | Files touched by this commit (1) | |
Log message: subversion: reset PKGREVISION after update |
| 2022-04-12 18:24:29 by Benny Siegert | Files touched by this commit (7) | |
Log message:
subversion: update to 1.4.2 (security).
HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:
CVE-2021-28544
"SVN authz protected copyfrom paths regression"
The full security advisory for CVE-2021-28544 is available at:
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc
A brief summary of this advisory follows:
Subversion servers reveal 'copyfrom' paths that should be hidden according to
configured path-based authorization (authz) rules. When a node has been
copied from a protected location, users with access to the copy can see the
`copyfrom' path of the original. This also reveals the fact that
the node was copied.
Only the 'copyfrom' path is revealed; not its contents. Both httpd
and svnserve
servers are vulnerable.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Evgeny Kotkov
CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"
The full security advisory for CVE-2022-24070 is available at:
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc
A brief summary of this advisory follows:
While looking up path-based authorization rules, mod_dav_svn servers
may attempt to use memory which has already been freed.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Thomas Weißschuh
|
New packages: