svn commit: r323611 - in head: devel/subversion devel/subversion/files devel/subversion17 security/vuxml

Lev A. Serebryakov lev at FreeBSD.org
Wed Jul 24 17:18:52 UTC 2013 

Author: lev
Date: Wed Jul 24 17:18:50 2013
New Revision: 323611
URL: http://svnweb.freebsd.org/changeset/ports/323611

Log:
   Update:
     devel/subversion to 1.8.1
     devel/subversion16 to 1.7.11
  
   These releases fix CVE-2013-4131
   http://subversion.apache.org/security/CVE-2013-4131-advisory.txt
  
  Approved by:	Olli Hauer <ohauer at FreeBSD.org> for devel/subversion17
  Security:	CVE-2013-4131

Deleted:
  head/devel/subversion/files/patch-fix4383
  head/devel/subversion/files/patch-subversion--libsvn_subr--gpg_agent.c
Modified:
  head/devel/subversion/Makefile
  head/devel/subversion/Makefile.common
  head/devel/subversion/distinfo
  head/devel/subversion17/Makefile.common
  head/devel/subversion17/distinfo
  head/security/vuxml/vuln.xml

Modified: head/devel/subversion/Makefile
==============================================================================
--- head/devel/subversion/Makefile	Wed Jul 24 16:38:56 2013	(r323610)
+++ head/devel/subversion/Makefile	Wed Jul 24 17:18:50 2013	(r323611)
@@ -119,6 +119,14 @@ BUILD_DEPENDS+=		${OLD_LIB_DEPENDS}
 LIB_DEPENDS=
 .endif
 
+TOOLS_STATIC_BINARIES=	client-side/svn-bench/svn-bench server-side/svnauthz \
+			server-side/fsfs-stats \
+			server-side/svn-populate-node-origins-index \
+			server-side/svnauthz-validate \
+			server-side/svn-rep-sharing-stats dev/fsfs-reorg \
+			dev/svnraisetreeconflict/svnraisetreeconflict \
+			dev/fsfs-access-map diff/diff3 diff/diff diff/diff4
+
 pre-everything::
 	@${ECHO_MSG} ""
 .if ${PORT_OPTIONS:MBDB}
@@ -256,6 +264,10 @@ post-install:	${MKREPOS_TARGET}
 .endif
 .endif
 	@${MKDIR} ${DATADIR}
+.if ${PORT_OPTIONS:MSTATIC}
+	cd ${WRKSRC}/tools ; \
+	  ${RM} ${TOOLS_STATIC_BINARIES}
+.endif
 	cd ${WRKSRC}/tools ; \
 	  ${TAR} --exclude '*.in' --exclude '.libs' --exclude '*.o' --exclude '*.lo' --exclude '*.la' --exclude='*.slo' -cf - * | ${TAR} -C ${DATADIR} -xf -
 # ugly hack to remove libtool scripts ...

Modified: head/devel/subversion/Makefile.common
==============================================================================
--- head/devel/subversion/Makefile.common	Wed Jul 24 16:38:56 2013	(r323610)
+++ head/devel/subversion/Makefile.common	Wed Jul 24 17:18:50 2013	(r323611)
@@ -2,8 +2,8 @@
 # $FreeBSD$
 
 PORTNAME=	subversion
-PORTVERSION=	1.8.0
-PORTREVISION?=	3
+PORTVERSION=	1.8.1
+PORTREVISION?=	0
 CATEGORIES+=	devel
 MASTER_SITES=	${MASTER_SITE_APACHE:S/$/:main/} \
 		${MASTER_SITE_LOCAL:S/$/:book/}

Modified: head/devel/subversion/distinfo
==============================================================================
--- head/devel/subversion/distinfo	Wed Jul 24 16:38:56 2013	(r323610)
+++ head/devel/subversion/distinfo	Wed Jul 24 17:18:50 2013	(r323611)
@@ -1,5 +1,5 @@
-SHA256 (subversion18/subversion-1.8.0.tar.bz2) = a470803293a8aced445cff0f7b24b95ad276600af55d4b24b1e196fd2de87f10
-SIZE (subversion18/subversion-1.8.0.tar.bz2) = 6711904
+SHA256 (subversion18/subversion-1.8.1.tar.bz2) = faaaaedba25777331e761884598af1dd9fe33631d6415b2e0ba5348867c4edb4
+SIZE (subversion18/subversion-1.8.1.tar.bz2) = 6770843
 SHA256 (subversion18/svn-book-html-r4515.tar.bz2) = 666cef147abc9b917a6bb6527da4f4869221d793126289c715f002bfb2baa508
 SIZE (subversion18/svn-book-html-r4515.tar.bz2) = 473182
 SHA256 (subversion18/svn-book-r4515.pdf) = 962d524ae2c861ec48a45723c484f4f5e1826ee2f9ccfe58b07b96af67b0bf5e

Modified: head/devel/subversion17/Makefile.common
==============================================================================
--- head/devel/subversion17/Makefile.common	Wed Jul 24 16:38:56 2013	(r323610)
+++ head/devel/subversion17/Makefile.common	Wed Jul 24 17:18:50 2013	(r323611)
@@ -2,8 +2,8 @@
 # $FreeBSD$
 
 PORTNAME=	subversion
-PORTVERSION=	1.7.10
-PORTREVISION?=	1
+PORTVERSION=	1.7.11
+PORTREVISION?=	0
 CATEGORIES+=	devel
 MASTER_SITES=	${MASTER_SITE_APACHE:S/$/:main/} \
 		${MASTER_SITE_LOCAL:S/$/:book/}

Modified: head/devel/subversion17/distinfo
==============================================================================
--- head/devel/subversion17/distinfo	Wed Jul 24 16:38:56 2013	(r323610)
+++ head/devel/subversion17/distinfo	Wed Jul 24 17:18:50 2013	(r323611)
@@ -1,5 +1,5 @@
-SHA256 (subversion17/subversion-1.7.10.tar.bz2) = c1df222bec83d014d17785e2ceba6bc80962f64b280967de0285836d8d77a8e7
-SIZE (subversion17/subversion-1.7.10.tar.bz2) = 5952121
+SHA256 (subversion17/subversion-1.7.11.tar.bz2) = c383b19d8d0db4c736570f1eb6af196416b26d0b3bde64ae60988a9d1f7ac3c0
+SIZE (subversion17/subversion-1.7.11.tar.bz2) = 6042338
 SHA256 (subversion17/svn-book-html-r4515.tar.bz2) = 666cef147abc9b917a6bb6527da4f4869221d793126289c715f002bfb2baa508
 SIZE (subversion17/svn-book-html-r4515.tar.bz2) = 473182
 SHA256 (subversion17/svn-book-r4515.pdf) = 962d524ae2c861ec48a45723c484f4f5e1826ee2f9ccfe58b07b96af67b0bf5e

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Jul 24 16:38:56 2013	(r323610)
+++ head/security/vuxml/vuln.xml	Wed Jul 24 17:18:50 2013	(r323611)
@@ -51,6 +51,36 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="2ae24334-f2e6-11e2-8346-001e8c75030d">
+    <topic>subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow.</topic>
+    <affects>
+      <package>
+	<name>subversion</name>
+	<range><ge>1.8.0</ge><lt>1.8.1</lt></range>
+	<range><ge>1.7.0</ge><lt>1.7.11</lt></range>
+       </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Subversion Project reports:</p>
+	<blockquote cite="http://subversion.apache.org/security/CVE-2013-4131-advisory.txt">
+	  <p>Subversion's mod_dav_svn Apache HTTPD server module will trigger an assertion
+	    on some requests made against a revision root.  This can lead to a DoS.
+	    If assertions are disabled it will trigger a read overflow which may cause a
+	    SEGFAULT (or equivalent) or undefined behavior.</p>
+	  <p>Commit access is required to exploit this.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-4131</cvename>
+    </references>
+    <dates>
+      <discovery>2013-07-19</discovery>
+      <entry>2013-07-24</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="2fbfd455-f2d0-11e2-8a46-000d601460a4">
     <topic>suPHP -- Privilege escalation</topic>
     <affects>

More information about the svn-ports-head mailing list