subversion: update to 1.4.2 (security). HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES: CVE-2021-28544 "SVN authz protected copyfrom paths regression" The full security advisory for CVE-2021-28544 is available at: https://subversion.apache.org/security/CVE-2021-28544-advisory.txt https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc A brief summary of this advisory follows: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the `copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. We recommend all users to upgrade to a known fixed release of the Subversion server. This issue was reported by Evgeny Kotkov CVE-2022-24070 "Subversion's mod_dav_svn is vulnerable to memory corruption" The full security advisory for CVE-2022-24070 is available at: https://subversion.apache.org/security/CVE-2022-24070-advisory.txt https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc A brief summary of this advisory follows: While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. We recommend all users to upgrade to a known fixed release of the Subversion server. This issue was reported by Thomas Wei��schuhdiff -r1.61 -r1.62 pkgsrc/devel/java-subversion/Makefile
(bsiegert)
@@ -1,17 +1,16 @@ | @@ -1,17 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.61 2021/12/08 16:03:59 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.62 2022/04/12 16:24:28 bsiegert Exp $ | |
2 | 2 | |||
3 | PKGNAME= java-subversion-${SVNVER} | 3 | PKGNAME= java-subversion-${SVNVER} | |
4 | PKGREVISION= 3 | |||
5 | COMMENT= Java bindings for Subversion | 4 | COMMENT= Java bindings for Subversion | |
6 | 5 | |||
7 | MAKE_JOBS_SAFE= no | 6 | MAKE_JOBS_SAFE= no | |
8 | 7 | |||
9 | .include "../../devel/subversion/Makefile.common" | 8 | .include "../../devel/subversion/Makefile.common" | |
10 | 9 | |||
11 | SHLIBTOOL_OVERRIDE= # empty | 10 | SHLIBTOOL_OVERRIDE= # empty | |
12 | 11 | |||
13 | USE_TOOLS+= gmake perl | 12 | USE_TOOLS+= gmake perl | |
14 | USE_LANGUAGES+= c c++ | 13 | USE_LANGUAGES+= c c++ | |
15 | USE_JAVA2= yes | 14 | USE_JAVA2= yes | |
16 | # We might need PKG_JVM_DEFAULT/PKG_JVMS_ACCEPTED; I'm not much for Java... | 15 | # We might need PKG_JVM_DEFAULT/PKG_JVMS_ACCEPTED; I'm not much for Java... | |
17 | 16 |
@@ -1,17 +1,16 @@ | @@ -1,17 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.121 2021/12/08 16:04:04 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.122 2022/04/12 16:24:28 bsiegert Exp $ | |
2 | 2 | |||
3 | PKGNAME= p5-subversion-${SVNVER} | 3 | PKGNAME= p5-subversion-${SVNVER} | |
4 | PKGREVISION= 3 | |||
5 | COMMENT= Perl bindings for Subversion | 4 | COMMENT= Perl bindings for Subversion | |
6 | 5 | |||
7 | .include "../../devel/subversion/Makefile.common" | 6 | .include "../../devel/subversion/Makefile.common" | |
8 | 7 | |||
9 | SHLIBTOOL_OVERRIDE= # empty | 8 | SHLIBTOOL_OVERRIDE= # empty | |
10 | 9 | |||
11 | USE_TOOLS+= perl | 10 | USE_TOOLS+= perl | |
12 | PERL5_CONFIGURE= no | 11 | PERL5_CONFIGURE= no | |
13 | PERL5_OPTIONS+= threads | 12 | PERL5_OPTIONS+= threads | |
14 | PERL5_PACKLIST= auto/SVN/_Core/.packlist | 13 | PERL5_PACKLIST= auto/SVN/_Core/.packlist | |
15 | 14 | |||
16 | BUILD_TARGET= swig-pl | 15 | BUILD_TARGET= swig-pl | |
17 | INSTALL_TARGET= install-swig-pl | 16 | INSTALL_TARGET= install-swig-pl |
@@ -1,17 +1,16 @@ | @@ -1,17 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.94 2021/12/08 16:04:05 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.95 2022/04/12 16:24:28 bsiegert Exp $ | |
2 | 2 | |||
3 | PKGNAME= ${PYPKGPREFIX}-subversion-${SVNVER} | 3 | PKGNAME= ${PYPKGPREFIX}-subversion-${SVNVER} | |
4 | PKGREVISION= 3 | |||
5 | COMMENT= Python bindings and tools for Subversion | 4 | COMMENT= Python bindings and tools for Subversion | |
6 | 5 | |||
7 | .include "../../devel/subversion/Makefile.common" | 6 | .include "../../devel/subversion/Makefile.common" | |
8 | 7 | |||
9 | SHLIBTOOL_OVERRIDE= # empty | 8 | SHLIBTOOL_OVERRIDE= # empty | |
10 | TOOLS_BROKEN+= perl | 9 | TOOLS_BROKEN+= perl | |
11 | 10 | |||
12 | CPPFLAGS+= -P # for APR_INT64_T_FMT | 11 | CPPFLAGS+= -P # for APR_INT64_T_FMT | |
13 | CONFIGURE_ARGS+= --with-py3c=${BUILDLINK_PREFIX.py-py3c}/${PYINC}/py3c | 12 | CONFIGURE_ARGS+= --with-py3c=${BUILDLINK_PREFIX.py-py3c}/${PYINC}/py3c | |
14 | CONFIGURE_ARGS+= --with-swig=${PREFIX}/bin/swig3.0 | 13 | CONFIGURE_ARGS+= --with-swig=${PREFIX}/bin/swig3.0 | |
15 | CONFIGURE_ENV+= PYTHON=${PYTHONBIN:Q} | 14 | CONFIGURE_ENV+= PYTHON=${PYTHONBIN:Q} | |
16 | 15 | |||
17 | PY_PATCHPLIST= YES | 16 | PY_PATCHPLIST= YES |
@@ -1,17 +1,16 @@ | @@ -1,17 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.83 2021/12/08 16:04:07 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.84 2022/04/12 16:24:28 bsiegert Exp $ | |
2 | 2 | |||
3 | PKGNAME= ${RUBY_PKGPREFIX}-subversion-${SVNVER} | 3 | PKGNAME= ${RUBY_PKGPREFIX}-subversion-${SVNVER} | |
4 | PKGREVISION= 3 | |||
5 | COMMENT= Ruby bindings for Subversion | 4 | COMMENT= Ruby bindings for Subversion | |
6 | 5 | |||
7 | .include "../../devel/subversion/Makefile.common" | 6 | .include "../../devel/subversion/Makefile.common" | |
8 | 7 | |||
9 | TOOLS_BROKEN+= perl | 8 | TOOLS_BROKEN+= perl | |
10 | SHLIBTOOL_OVERRIDE= # empty | 9 | SHLIBTOOL_OVERRIDE= # empty | |
11 | 10 | |||
12 | REPLACE_RUBY_DIRS= tools | 11 | REPLACE_RUBY_DIRS= tools | |
13 | 12 | |||
14 | CONFIGURE_ENV+= RUBY=${RUBY:Q} | 13 | CONFIGURE_ENV+= RUBY=${RUBY:Q} | |
15 | CONFIGURE_ARGS+= --with-ruby-sitedir=${PREFIX}/${RUBY_VENDORLIB_BASE} | 14 | CONFIGURE_ARGS+= --with-ruby-sitedir=${PREFIX}/${RUBY_VENDORLIB_BASE} | |
16 | 15 | |||
17 | BUILD_TARGET= swig-rb | 16 | BUILD_TARGET= swig-rb |
@@ -1,11 +1,11 @@ | @@ -1,11 +1,11 @@ | |||
1 | # $NetBSD: Makefile.version,v 1.87 2021/02/14 15:09:19 adam Exp $ | 1 | # $NetBSD: Makefile.version,v 1.88 2022/04/12 16:24:28 bsiegert Exp $ | |
2 | 2 | |||
3 | # When updating subversion, all packages are updated at the same time | 3 | # When updating subversion, all packages are updated at the same time | |
4 | # to have a consistent set of packages. A particularly tricky aspect | 4 | # to have a consistent set of packages. A particularly tricky aspect | |
5 | # is our interaction with the svn build system. See the make target | 5 | # is our interaction with the svn build system. See the make target | |
6 | # "svn-build-outputs-hack" in devel/subversion-base/Makefile when | 6 | # "svn-build-outputs-hack" in devel/subversion-base/Makefile when | |
7 | # changing the version. | 7 | # changing the version. | |
8 | 8 | |||
9 | .if !defined(SVNVER) | 9 | .if !defined(SVNVER) | |
10 | SVNVER= 1.14.1 | 10 | SVNVER= 1.14.2 | |
11 | .endif | 11 | .endif |
@@ -1,9 +1,9 @@ | @@ -1,9 +1,9 @@ | |||
1 | $NetBSD: distinfo,v 1.118 2021/10/26 10:19:57 nia Exp $ | 1 | $NetBSD: distinfo,v 1.119 2022/04/12 16:24:28 bsiegert Exp $ | |
2 | 2 | |||
3 | BLAKE2s (subversion-1.14.1.tar.bz2) = af51085e4a85be8367c51e407958a56118c0bfedda1a6f77576597e092662f42 | 3 | BLAKE2s (subversion-1.14.2.tar.bz2) = efb49dfb51b3f6c51ac7fe41b3dc593efeef1f9c2fdfa51567ab3940627162ea | |
4 | SHA512 (subversion-1.14.1.tar.bz2) = 0a70c7152b77cdbcb810a029263e4b3240b6ef41d1c19714e793594088d3cca758d40dfbc05622a806b06463becb73207df249393924ce591026b749b875fcdd | 4 | SHA512 (subversion-1.14.2.tar.bz2) = 20ada4688ca07d9fb8da4b7d53b5084568652a3b9418c65e688886bae950a16a3ff37710fcfc9c29ef14a89e75b2ceec4e9cf35d5876a7896ebc2b512cfb9ecc | |
5 | Size (subversion-1.14.1.tar.bz2) = 8504612 bytes | 5 | Size (subversion-1.14.2.tar.bz2) = 8606570 bytes | |
6 | SHA1 (patch-Makefile.in) = 2df6c733d563c0bc7e0d1b4b6e6e00f82ea8c176 | 6 | SHA1 (patch-Makefile.in) = 2df6c733d563c0bc7e0d1b4b6e6e00f82ea8c176 | |
7 | SHA1 (patch-configure) = cca6c305c28005496df0913637a9eb778a846fc0 | 7 | SHA1 (patch-configure) = cca6c305c28005496df0913637a9eb778a846fc0 | |
8 | SHA1 (patch-subversion_bindings_swig_perl_native_Makefile.PL.in) = 3fadde312693f2a304cd7e348c66cbd373c57854 | 8 | SHA1 (patch-subversion_bindings_swig_perl_native_Makefile.PL.in) = 3fadde312693f2a304cd7e348c66cbd373c57854 | |
9 | SHA1 (patch-tools_dev_benchmarks_large__dirs_create__bigdir.sh) = ff19087ff4d348fdcf904eb52406f6b717fe444a | 9 | SHA1 (patch-tools_dev_benchmarks_large__dirs_create__bigdir.sh) = ff19087ff4d348fdcf904eb52406f6b717fe444a |
@@ -1,17 +1,16 @@ | @@ -1,17 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.129 2021/12/08 16:02:03 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.130 2022/04/12 16:24:28 bsiegert Exp $ | |
2 | 2 | |||
3 | PKGNAME= subversion-base-${SVNVER} | 3 | PKGNAME= subversion-base-${SVNVER} | |
4 | PKGREVISION= 3 | |||
5 | COMMENT= Version control system, base programs and libraries | 4 | COMMENT= Version control system, base programs and libraries | |
6 | 5 | |||
7 | # on at least solaris, configure fails to figure out | 6 | # on at least solaris, configure fails to figure out | |
8 | # that you need -lintl | 7 | # that you need -lintl | |
9 | BROKEN_GETTEXT_DETECTION= yes | 8 | BROKEN_GETTEXT_DETECTION= yes | |
10 | 9 | |||
11 | .include "../../devel/subversion/Makefile.common" | 10 | .include "../../devel/subversion/Makefile.common" | |
12 | 11 | |||
13 | USE_TOOLS+= msgfmt pkg-config | 12 | USE_TOOLS+= msgfmt pkg-config | |
14 | TOOLS_BROKEN+= perl | 13 | TOOLS_BROKEN+= perl | |
15 | 14 | |||
16 | CONFIGURE_ARGS+= --without-apxs | 15 | CONFIGURE_ARGS+= --without-apxs | |
17 | 16 |