svn commit: r326073 - in head/devel/subversion16: . files
Olli Hauer
ohauer at FreeBSD.org
Mon Sep 2 20:10:19 UTC 2013
Author: ohauer
Date: Mon Sep 2 20:10:18 2013
New Revision: 326073
URL: http://svnweb.freebsd.org/changeset/ports/326073
Log:
- CVE-2013-4277 fix
Approved by: lev@ (explicit)
Security: f8a913cc-1322-11e3-8ffa-20cf30e32f6d
CVE-2013-4277
Added:
head/devel/subversion16/files/patch-subversion__svnserve__main.c (contents, props changed)
Modified:
head/devel/subversion16/Makefile.common
Modified: head/devel/subversion16/Makefile.common
==============================================================================
--- head/devel/subversion16/Makefile.common Mon Sep 2 20:03:58 2013 (r326072)
+++ head/devel/subversion16/Makefile.common Mon Sep 2 20:10:18 2013 (r326073)
@@ -3,7 +3,7 @@
PORTNAME= subversion
PORTVERSION= #please edit Makefile.inc for PORTVERSION, so ../svnmerge can stay in sync.
-PORTREVISION?= 1
+PORTREVISION?= 2
CATEGORIES+= devel
MASTER_SITES= http://subversion.tigris.org/downloads/:main \
http://svnbook.red-bean.com/en/1.5/:book
Added: head/devel/subversion16/files/patch-subversion__svnserve__main.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/devel/subversion16/files/patch-subversion__svnserve__main.c Mon Sep 2 20:10:18 2013 (r326073)
@@ -0,0 +1,14 @@
+--- ./subversion/svnserve/main.c.orig 2013-09-02 21:08:27.000000000 +0200
++++ ./subversion/svnserve/main.c 2013-09-02 21:11:37.000000000 +0200
+@@ -317,8 +317,10 @@
+ const char *contents = apr_psprintf(pool, "%" APR_PID_T_FMT "\n",
+ getpid());
+
++/* CVE-2013-4277 fix */
++ SVN_ERR(svn_io_remove_file(filename, pool));
+ SVN_ERR(svn_io_file_open(&file, filename,
+- APR_WRITE | APR_CREATE | APR_TRUNCATE,
++ APR_WRITE | APR_CREATE | APR_EXCL,
+ APR_OS_DEFAULT, pool));
+ SVN_ERR(svn_io_file_write_full(file, contents, strlen(contents), NULL,
+ pool));
More information about the svn-ports-all
mailing list