./devel/subversion, Version control system, meta-package

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.14.2nb2, Package name: subversion-1.14.2nb2, Maintainer: pkgsrc-users

The goal of the Subversion project is to build a version control
system that is a compelling replacement for CVS in the open source
community. The software is released under an Apache/BSD-style open
source license.

This is a meta-package. It installs no files, but it depends on all
the Subversion components, including the base package with the
subversion client and server, the apache module, and four language
bindings. (If you just want the basic svn and svnadmin programs see
devel/subversion-base.)


Required to run:
[www/serf] [www/ap2-subversion] [devel/py-subversion] [devel/p5-subversion] [devel/subversion-base] [devel/ruby-subversion] [archivers/lz4] [converters/utf8proc] [lang/python37]

Required to build:
[www/apache24] [pkgtools/cwrappers]

Package options: serf

Master sites: (Expand)

Filesize: 8404.854 KB

Version history: (Expand)


CVS history: (Expand)


   2022-08-17 21:59:39 by Roland Illig | Files touched by this commit (1)
Log message:
subversion: remove unknown configure option '--with-neon'
   2022-06-30 13:19:02 by Nia Alarie | Files touched by this commit (524)
Log message:
*: Revbump packages that use Python at runtime without a PKGNAME prefix
   2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952)
Log message:
*: recursive bump for perl 5.36
   2022-04-12 23:40:36 by Thomas Klausner | Files touched by this commit (1) | Package updated
Log message:
subversion: reset PKGREVISION after update
   2022-04-12 18:24:29 by Benny Siegert | Files touched by this commit (7) | Package updated
Log message:
subversion: update to 1.4.2 (security).

HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:

CVE-2021-28544
"SVN authz protected copyfrom paths regression"

The full security advisory for CVE-2021-28544 is available at:
    https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
    https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc

A brief summary of this advisory follows:

   Subversion servers reveal 'copyfrom' paths that should be hidden according to
   configured path-based authorization (authz) rules.  When a node has been
   copied from a protected location, users with access to the copy can see the
   `copyfrom' path of the original.  This also reveals the fact that
   the node was copied.
   Only the 'copyfrom' path is revealed; not its contents. Both httpd
   and svnserve
   servers are vulnerable.

   We recommend all users to upgrade to a known fixed release of the
   Subversion server.

   This issue was reported by Evgeny Kotkov

CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"

The full security advisory for CVE-2022-24070 is available at:
    https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
    https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc

A brief summary of this advisory follows:

   While looking up path-based authorization rules, mod_dav_svn servers
   may attempt to use memory which has already been freed.

   We recommend all users to upgrade to a known fixed release of the
   Subversion server.

   This issue was reported by Thomas WeiƟschuh
   2021-10-26 12:20:11 by Nia Alarie | Files touched by this commit (3016)
Log message:
archivers: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Could not be committed due to merge conflict:
devel/py-traitlets/distinfo

The following distfiles were unfetchable (note: some may be only fetched
conditionally):

./devel/pvs/distinfo pvs-3.2-solaris.tgz
./devel/eclipse/distinfo eclipse-sourceBuild-srcIncluded-3.0.1.zip
   2021-10-07 15:44:44 by Nia Alarie | Files touched by this commit (3017)
Log message:
devel: Remove SHA1 hashes for distfiles
   2021-07-21 16:40:32 by Takahiro Kambe | Files touched by this commit (29)
Log message:
Bump PKGREVISION for affected packages by changing default Ruby's version.