Navigation:
Browse pkgsrc
(this page)| 2023-08-24 20:27:33 by Amitai Schleier | Files touched by this commit (1) |
Log message: subversion-base: USE_TOOLS+=msgmerge xgettext. |
| 2023-07-07 14:57:35 by Thomas Klausner | Files touched by this commit (1) |
Log message: subversion-base: remove curses bl3.mk include in bl3.mk too |
| 2023-05-12 00:23:19 by Thomas Klausner | Files touched by this commit (1) |
Log message: subversion-base: remove curses dependency The source code doesn't link mention libcurses at all. Bump PKGREVISION. |
2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2359) |  |
Log message: revbump after textproc/icu update |
| 2022-11-23 17:21:30 by Adam Ciarcinski | Files touched by this commit (1878) | |
Log message: massive revision bump after textproc/icu update |
| 2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952) |
Log message: *: recursive bump for perl 5.36 |
| 2022-04-18 21:12:27 by Adam Ciarcinski | Files touched by this commit (1798) | |
Log message: revbump for textproc/icu update |
| 2022-04-12 18:24:29 by Benny Siegert | Files touched by this commit (7) | |
Log message:
subversion: update to 1.4.2 (security).
HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:
CVE-2021-28544
"SVN authz protected copyfrom paths regression"
The full security advisory for CVE-2021-28544 is available at:
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc
A brief summary of this advisory follows:
Subversion servers reveal 'copyfrom' paths that should be hidden according to
configured path-based authorization (authz) rules. When a node has been
copied from a protected location, users with access to the copy can see the
`copyfrom' path of the original. This also reveals the fact that
the node was copied.
Only the 'copyfrom' path is revealed; not its contents. Both httpd
and svnserve
servers are vulnerable.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Evgeny Kotkov
CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"
The full security advisory for CVE-2022-24070 is available at:
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc
A brief summary of this advisory follows:
While looking up path-based authorization rules, mod_dav_svn servers
may attempt to use memory which has already been freed.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Thomas Weißschuh
|
| 2021-12-08 17:07:18 by Adam Ciarcinski | Files touched by this commit (3063) |
Log message: revbump for icu and libffi |
| 2021-05-24 21:56:06 by Thomas Klausner | Files touched by this commit (3575) |
Log message: *: recursive bump for perl 5.34 |
New packages: