./devel/subversion, Version control system, meta-package

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.14.2nb5, Package name: subversion-1.14.2nb5, Maintainer: pkgsrc-users

The goal of the Subversion project is to build a version control
system that is a compelling replacement for CVS in the open source
community. The software is released under an Apache/BSD-style open
source license.

This is a meta-package. It installs no files, but it depends on all
the Subversion components, including the base package with the
subversion client and server, the apache module, and four language
bindings. (If you just want the basic svn and svnadmin programs see
devel/subversion-base.)


Required to run:
[www/serf] [www/ap2-subversion] [devel/py-subversion] [devel/p5-subversion] [devel/subversion-base] [devel/ruby-subversion] [archivers/lz4] [converters/utf8proc] [lang/python37]

Required to build:
[www/apache24] [pkgtools/cwrappers]

Package options: serf

Master sites: (Expand)

Filesize: 8404.854 KB

Version history: (Expand)


CVS history: (Expand)


   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2023-10-23 16:26:46 by Michael Baeuerle | Files touched by this commit (20)
Log message:
Recursive revbump for new ABI major version of converters/utf8proc
   2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247)
Log message:
*: recursive bump for Python 3.11 as new default
   2022-08-17 21:59:39 by Roland Illig | Files touched by this commit (1)
Log message:
subversion: remove unknown configure option '--with-neon'
   2022-06-30 13:19:02 by Nia Alarie | Files touched by this commit (524)
Log message:
*: Revbump packages that use Python at runtime without a PKGNAME prefix
   2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952)
Log message:
*: recursive bump for perl 5.36
   2022-04-12 23:40:36 by Thomas Klausner | Files touched by this commit (1) | Package updated
Log message:
subversion: reset PKGREVISION after update
   2022-04-12 18:24:29 by Benny Siegert | Files touched by this commit (7) | Package updated
Log message:
subversion: update to 1.4.2 (security).

HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:

CVE-2021-28544
"SVN authz protected copyfrom paths regression"

The full security advisory for CVE-2021-28544 is available at:
    https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
    https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc

A brief summary of this advisory follows:

   Subversion servers reveal 'copyfrom' paths that should be hidden according to
   configured path-based authorization (authz) rules.  When a node has been
   copied from a protected location, users with access to the copy can see the
   `copyfrom' path of the original.  This also reveals the fact that
   the node was copied.
   Only the 'copyfrom' path is revealed; not its contents. Both httpd
   and svnserve
   servers are vulnerable.

   We recommend all users to upgrade to a known fixed release of the
   Subversion server.

   This issue was reported by Evgeny Kotkov

CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"

The full security advisory for CVE-2022-24070 is available at:
    https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
    https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc

A brief summary of this advisory follows:

   While looking up path-based authorization rules, mod_dav_svn servers
   may attempt to use memory which has already been freed.

   We recommend all users to upgrade to a known fixed release of the
   Subversion server.

   This issue was reported by Thomas WeiƟschuh