2023-12-29 12:30:53 by Adam Ciarcinski | Files touched by this commit (11) | |
Log message:
subversion: updated to 1.14.3
Version 1.14.3
User-visible changes:
- Client-side bugfixes:
* Fix svn:mergeinfo diff parser bug when parsing forward merges
* Fix redirected URL handling with file externals
- Server-side bugfixes:
(none)
Developer-visible changes:
* swig-rb: Fix uses of 'File.exist?', deprecated since Ruby 2.1
* Build: Fix uses of deprecated Python APIs
* Build: Retain ability to build SWIG Python 2 bindings
* Fix reading WC lock status with svn_wc_status2_t
* JavaHL: Add @Deprecated to silence compiler warnings
* JavaHL: Fix crash in case of null message in getMessage
* Fix build breakage of release tarballs by installed swig
* Add regression test for issue 4711 "invalid xml file"
* swig-py: Fix building with SWIG 4.1.0
* Makefile.in: Fix cleaning of __pycache__ dirs and *.pyc
* swig-py: Avoid deprecated options to SWIG >= 4.1.0
* swig-py: Use sysconfig to allow building with Python 3.12
* INSTALL: Document not to use SVN with APR 1.7.3 on Windows
* Fix test suite broken by syntax error when --enable-sasl
* swig-py: Improve error when no external diff
* autogen.sh: Fix building when Python is not named "python"
|
2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) |
Log message:
*: recursive bump for icu 74.1
|
2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message:
*: bump for openssl 3
|
2023-10-23 16:26:46 by Michael Baeuerle | Files touched by this commit (20) |
Log message:
Recursive revbump for new ABI major version of converters/utf8proc
|
2023-07-06 11:43:03 by Thomas Klausner | Files touched by this commit (2483) |
Log message:
*: recursive bump for perl 5.38
|
2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2359) | |
Log message:
revbump after textproc/icu update
|
2022-11-23 17:21:30 by Adam Ciarcinski | Files touched by this commit (1878) | |
Log message:
massive revision bump after textproc/icu update
|
2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952) |
Log message:
*: recursive bump for perl 5.36
|
2022-04-18 21:12:27 by Adam Ciarcinski | Files touched by this commit (1798) | |
Log message:
revbump for textproc/icu update
|
2022-04-12 18:24:29 by Benny Siegert | Files touched by this commit (7) | |
Log message:
subversion: update to 1.4.2 (security).
HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:
CVE-2021-28544
"SVN authz protected copyfrom paths regression"
The full security advisory for CVE-2021-28544 is available at:
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc
A brief summary of this advisory follows:
Subversion servers reveal 'copyfrom' paths that should be hidden according to
configured path-based authorization (authz) rules. When a node has been
copied from a protected location, users with access to the copy can see the
`copyfrom' path of the original. This also reveals the fact that
the node was copied.
Only the 'copyfrom' path is revealed; not its contents. Both httpd
and svnserve
servers are vulnerable.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Evgeny Kotkov
CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"
The full security advisory for CVE-2022-24070 is available at:
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc
A brief summary of this advisory follows:
While looking up path-based authorization rules, mod_dav_svn servers
may attempt to use memory which has already been freed.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Thomas Weißschuh
|