ports/68015: [patch] Subversion upgrade to 1.0.5
Henry Karpatskij
henkka at spheroid.info
Wed Jun 16 16:01:03 UTC 2004
>Number: 68015
>Category: ports
>Synopsis: [patch] Subversion upgrade to 1.0.5
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Jun 16 16:00:36 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Henry Karpatskij
>Release: FreeBSD 4.9-RELEASE-p4 i386
>Organization:
n/a
>Environment:
System: FreeBSD eloris.spheroid.info 4.9-RELEASE-p4 FreeBSD 4.9-RELEASE-p4 #0: Thu Mar 18 00:29:33 EET 2004 root at eloris.spheroid.info:/usr/obj/usr/src/sys/ELORIS i386
>Description:
Subversion 1.0.4 contains remotely exploitable vulnerability which is fixed in the current release, 1.0.5. However, the current ported version is 1.0.4. The advisory can be found at <URI: http://subversion.tigris.org/security/CAN-2004-0413-advisory.txt>
>How-To-Repeat:
Run the svnserve and wait... :-)
>Fix:
I diffed the sources between 1.0.4 and 1.0.5 release and it seems they've only changed the vulnerable part of the code. Assuming that it wont break up the building process, just changing the PORTVERSION and distinfo to match the 1.0.5 version should do it - it compiled ok for me (I'm using apache2 APR).
I pasted the (quite simple) patch below:
--- subversion.patch begins here ---
--- Makefile.orig Wed Jun 16 18:54:49 2004
+++ Makefile Wed Jun 16 18:35:06 2004
@@ -5,7 +5,7 @@
# $FreeBSD: ports/devel/subversion/Makefile,v 1.64 2004/06/07 02:07:44 vanilla Exp $
PORTNAME= subversion
-PORTVERSION= 1.0.4
+PORTVERSION= 1.0.5
CATEGORIES= devel
MASTER_SITES= http://subversion.tigris.org/tarballs/
--- distinfo.orig Sun May 23 21:41:08 2004
+++ distinfo Wed Jun 16 18:35:06 2004
@@ -1,2 +1,2 @@
-MD5 (subversion-1.0.4.tar.bz2) = 313bd03f353683de7561eadf477f7612
-SIZE (subversion-1.0.4.tar.bz2) = 6081806
+MD5 (subversion-1.0.5.tar.bz2) = 8e8288fee061f5278ec201fc5e5e141c
+SIZE (subversion-1.0.5.tar.bz2) = 6079903
--- subversion.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list