./devel/ruby-subversion, Ruby bindings for Subversion

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2022Q1, Version: 1.14.2, Package name: ruby27-subversion-1.14.2, Maintainer: pkgsrc-users

The goal of the Subversion project is to build a version control system that
is a compelling replacement for CVS in the open source community. The software
is released under an Apache/BSD-style open source license.

This package contains the Ruby bindings to the Subversion libraries.



Package options: serf

Master sites: (Expand)

Filesize: 8404.854 KB

Version history: (Expand)


CVS history: (Expand)


   2022-04-16 10:40:45 by S.P.Zeidler | Files touched by this commit (8) | Package updated
Log message:
Pullup ticket #6613 - requested by bsiegert
devel/java-subversion: security update
devel/p5-subversion: security update
devel/py-subversion: security update
devel/ruby-subversion: security update
devel/subversion-base: security update
devel/subversion: security update

Revisions pulled up:
- devel/java-subversion/Makefile                                1.62
- devel/p5-subversion/Makefile                                  1.122
- devel/py-subversion/Makefile                                  1.95
- devel/ruby-subversion/Makefile                                1.84
- devel/subversion-base/Makefile                                1.130
- devel/subversion/Makefile                                     1.68
- devel/subversion/Makefile.version                             1.88
- devel/subversion/distinfo                                     1.119

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Tue Apr 12 16:24:29 UTC 2022

   Modified Files:
           pkgsrc/devel/java-subversion: Makefile
           pkgsrc/devel/p5-subversion: Makefile
           pkgsrc/devel/py-subversion: Makefile
           pkgsrc/devel/ruby-subversion: Makefile
           pkgsrc/devel/subversion: Makefile.version distinfo
           pkgsrc/devel/subversion-base: Makefile

   Log message:
   subversion: update to 1.4.2 (security).

   HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:

   CVE-2021-28544
   "SVN authz protected copyfrom paths regression"

   The full security advisory for CVE-2021-28544 is available at:
       https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
       https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc

   A brief summary of this advisory follows:

      Subversion servers reveal 'copyfrom' paths that should be hidden according to
      configured path-based authorization (authz) rules.  When a node has been
      copied from a protected location, users with access to the copy can see the
      `copyfrom' path of the original.  This also reveals the fact that
      the node was copied.
      Only the 'copyfrom' path is revealed; not its contents. Both httpd
      and svnserve
      servers are vulnerable.

      We recommend all users to upgrade to a known fixed release of the
      Subversion server.

      This issue was reported by Evgeny Kotkov

   CVE-2022-24070
   "Subversion's mod_dav_svn is vulnerable to memory corruption"

   The full security advisory for CVE-2022-24070 is available at:
       https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
       https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc

   A brief summary of this advisory follows:

      While looking up path-based authorization rules, mod_dav_svn servers
      may attempt to use memory which has already been freed.

      We recommend all users to upgrade to a known fixed release of the
      Subversion server.

      This issue was reported by Thomas Weißschuh

   To generate a diff of this commit:
   cvs rdiff -u -r1.61 -r1.62 pkgsrc/devel/java-subversion/Makefile
   cvs rdiff -u -r1.121 -r1.122 pkgsrc/devel/p5-subversion/Makefile
   cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/py-subversion/Makefile
   cvs rdiff -u -r1.83 -r1.84 pkgsrc/devel/ruby-subversion/Makefile
   cvs rdiff -u -r1.87 -r1.88 pkgsrc/devel/subversion/Makefile.version
   cvs rdiff -u -r1.118 -r1.119 pkgsrc/devel/subversion/distinfo
   cvs rdiff -u -r1.129 -r1.130 pkgsrc/devel/subversion-base/Makefile

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Tue Apr 12 21:40:36 UTC 2022

   Modified Files:
           pkgsrc/devel/subversion: Makefile

   Log message:
   subversion: reset PKGREVISION after update

   To generate a diff of this commit:
   cvs rdiff -u -r1.67 -r1.68 pkgsrc/devel/subversion/Makefile