Navigation:
Browse pkgsrc
(this page) 2023-12-29 12:30:53 by Adam Ciarcinski | Files touched by this commit (11) |  |
Log message: subversion: updated to 1.14.3 Version 1.14.3 User-visible changes: - Client-side bugfixes: * Fix svn:mergeinfo diff parser bug when parsing forward merges * Fix redirected URL handling with file externals - Server-side bugfixes: (none) Developer-visible changes: * swig-rb: Fix uses of 'File.exist?', deprecated since Ruby 2.1 * Build: Fix uses of deprecated Python APIs * Build: Retain ability to build SWIG Python 2 bindings * Fix reading WC lock status with svn_wc_status2_t * JavaHL: Add @Deprecated to silence compiler warnings * JavaHL: Fix crash in case of null message in getMessage * Fix build breakage of release tarballs by installed swig * Add regression test for issue 4711 "invalid xml file" * swig-py: Fix building with SWIG 4.1.0 * Makefile.in: Fix cleaning of __pycache__ dirs and *.pyc * swig-py: Avoid deprecated options to SWIG >= 4.1.0 * swig-py: Use sysconfig to allow building with Python 3.12 * INSTALL: Document not to use SVN with APR 1.7.3 on Windows * Fix test suite broken by syntax error when --enable-sasl * swig-py: Improve error when no external diff * autogen.sh: Fix building when Python is not named "python" |
| 2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) |
Log message: *: recursive bump for icu 74.1 |
| 2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message: *: bump for openssl 3 |
| 2023-10-23 16:26:46 by Michael Baeuerle | Files touched by this commit (20) |
Log message: Recursive revbump for new ABI major version of converters/utf8proc |
| 2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2359) | |
Log message: revbump after textproc/icu update |
| 2022-11-23 17:21:30 by Adam Ciarcinski | Files touched by this commit (1878) | |
Log message: massive revision bump after textproc/icu update |
| 2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952) |
Log message: *: recursive bump for perl 5.36 |
| 2022-04-18 21:12:27 by Adam Ciarcinski | Files touched by this commit (1798) | |
Log message: revbump for textproc/icu update |
| 2022-04-12 18:24:29 by Benny Siegert | Files touched by this commit (7) | |
Log message:
subversion: update to 1.4.2 (security).
HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:
CVE-2021-28544
"SVN authz protected copyfrom paths regression"
The full security advisory for CVE-2021-28544 is available at:
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc
A brief summary of this advisory follows:
Subversion servers reveal 'copyfrom' paths that should be hidden according to
configured path-based authorization (authz) rules. When a node has been
copied from a protected location, users with access to the copy can see the
`copyfrom' path of the original. This also reveals the fact that
the node was copied.
Only the 'copyfrom' path is revealed; not its contents. Both httpd
and svnserve
servers are vulnerable.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Evgeny Kotkov
CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"
The full security advisory for CVE-2022-24070 is available at:
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc
A brief summary of this advisory follows:
While looking up path-based authorization rules, mod_dav_svn servers
may attempt to use memory which has already been freed.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Thomas Weißschuh
|
| 2021-12-08 17:07:18 by Adam Ciarcinski | Files touched by this commit (3063) |
Log message: revbump for icu and libffi |
New packages: