---
- branch: MAIN
  date: Sun Feb 14 15:09:20 UTC 2021
  files:
  - new: '1.58'
    old: '1.57'
    path: pkgsrc/devel/java-subversion/Makefile
    pathrev: pkgsrc/devel/java-subversion/Makefile@1.58
    type: modified
  - new: '1.118'
    old: '1.117'
    path: pkgsrc/devel/p5-subversion/Makefile
    pathrev: pkgsrc/devel/p5-subversion/Makefile@1.118
    type: modified
  - new: '1.91'
    old: '1.90'
    path: pkgsrc/devel/py-subversion/Makefile
    pathrev: pkgsrc/devel/py-subversion/Makefile@1.91
    type: modified
  - new: '1.80'
    old: '1.79'
    path: pkgsrc/devel/ruby-subversion/Makefile
    pathrev: pkgsrc/devel/ruby-subversion/Makefile@1.80
    type: modified
  - new: '1.87'
    old: '1.86'
    path: pkgsrc/devel/subversion/Makefile.version
    pathrev: pkgsrc/devel/subversion/Makefile.version@1.87
    type: modified
  - new: '1.116'
    old: '1.115'
    path: pkgsrc/devel/subversion/distinfo
    pathrev: pkgsrc/devel/subversion/distinfo@1.116
    type: modified
  - new: '1.126'
    old: '1.125'
    path: pkgsrc/devel/subversion-base/Makefile
    pathrev: pkgsrc/devel/subversion-base/Makefile@1.126
    type: modified
  - new: '1.39'
    old: '1.38'
    path: pkgsrc/devel/subversion/files/build-outputs.mk
    pathrev: pkgsrc/devel/subversion/files/build-outputs.mk@1.39
    type: modified
  - new: '1.95'
    old: '1.94'
    path: pkgsrc/www/ap2-subversion/Makefile
    pathrev: pkgsrc/www/ap2-subversion/Makefile@1.95
    type: modified
  id: 20210214T150920Z.c4fb4367326bd1902b14342178b48f983be08789
  log: |
    subversion: updated to 1.14.1

    Subversion 1.14.1.

    This is a stable bugfix and security release of the Apache Subversion
    open source version control system.

    THIS RELEASE CONTAINS AN IMPORTANT SECURITY FIX:

      CVE-2020-17525
      "Remote unauthenticated denial-of-service in Subversion mod_authz_svn"

    The full security advisory for CVE-2020-17525 is available at:
      https://subversion.apache.org/security/CVE-2020-17525-advisory.txt

    A brief summary of this advisory follows:

      Subversion's mod_authz_svn module will crash if the server is using
      in-repository authz rules with the AuthzSVNReposRelativeAccessFile
      option and a client sends a request for a non-existing repository URL.

      This can lead to disruption for users of the service.

      We recommend all users to upgrade to the 1.10.7 or 1.14.1 release
      of the Subversion mod_dav_svn server.

      As a workaround, the use of in-repository authz rules files with
      the AuthzSVNReposRelativeAccessFile can be avoided by switching
      to an alternative configuration which fetches an authz rules file
      from the server's filesystem, rather than from an SVN repository.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc'
  unixtime: '1613315360'
  user: adam