ports/68015: [patch] Subversion upgrade to 1.0.5

Henry Karpatskij henkka at spheroid.info
Wed Jun 16 16:01:03 UTC 2004


>Number:         68015
>Category:       ports
>Synopsis:       [patch] Subversion upgrade to 1.0.5
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 16 16:00:36 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Henry Karpatskij
>Release:        FreeBSD 4.9-RELEASE-p4 i386
>Organization:
n/a
>Environment:
System: FreeBSD eloris.spheroid.info 4.9-RELEASE-p4 FreeBSD 4.9-RELEASE-p4 #0: Thu Mar 18 00:29:33 EET 2004 root at eloris.spheroid.info:/usr/obj/usr/src/sys/ELORIS i386

>Description:
	Subversion 1.0.4 contains remotely exploitable vulnerability which is fixed in the current release, 1.0.5.  However, the current ported version is 1.0.4.  The advisory can be found at <URI: http://subversion.tigris.org/security/CAN-2004-0413-advisory.txt>
>How-To-Repeat:
	Run the svnserve and wait... :-)
>Fix:
	I diffed the sources between 1.0.4 and 1.0.5 release and it seems they've only changed the vulnerable part of the code.  Assuming that it wont break up the building process, just changing the PORTVERSION and distinfo to match the 1.0.5 version should do it - it compiled ok for me (I'm using apache2 APR).
	I pasted the (quite simple) patch below:

--- subversion.patch begins here ---
--- Makefile.orig       Wed Jun 16 18:54:49 2004
+++ Makefile    Wed Jun 16 18:35:06 2004
@@ -5,7 +5,7 @@
 # $FreeBSD: ports/devel/subversion/Makefile,v 1.64 2004/06/07 02:07:44 vanilla Exp $

 PORTNAME=      subversion
-PORTVERSION=   1.0.4
+PORTVERSION=   1.0.5
 CATEGORIES=    devel
 MASTER_SITES=  http://subversion.tigris.org/tarballs/

--- distinfo.orig       Sun May 23 21:41:08 2004
+++ distinfo    Wed Jun 16 18:35:06 2004
@@ -1,2 +1,2 @@
-MD5 (subversion-1.0.4.tar.bz2) = 313bd03f353683de7561eadf477f7612
-SIZE (subversion-1.0.4.tar.bz2) = 6081806
+MD5 (subversion-1.0.5.tar.bz2) = 8e8288fee061f5278ec201fc5e5e141c
+SIZE (subversion-1.0.5.tar.bz2) = 6079903
--- subversion.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the freebsd-ports-bugs mailing list