NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/subversion: security bump to version 1.14.2

Browse Source 
Fixes the following security issues:

- CVE-2021-28544: SVN authz protected copyfrom paths regression

  Subversion servers reveal 'copyfrom' paths that should be hidden according
  to configured path-based authorization (authz) rules.  When a node has
  been copied from a protected location, users with access to the copy can
  see the `copyfrom' path of the original.  This also reveals the fact that
  the node was copied.  Only the 'copyfrom' path is revealed; not its
  contents.  Both httpd and svnserve servers are vulnerable.

  https://subversion.apache.org/security/CVE-2021-28544-advisory.txt

- CVE-2022-24070: Subversion's mod_dav_svn is vulnerable to memory corruption

  While looking up path-based authorization rules, mod_dav_svn servers may
  attempt to use memory which has already been freed.

  https://subversion.apache.org/security/CVE-2022-24070-advisory.txt

Drop no longer needed patch and autoreconf, as this is now fixed upstream:

https://svn.apache.org/viewvc?view=revision&revision=1881534

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2022-04-13 14:18:22 +02:00
parent 832107c6dc
commit 89e51bc625
3 changed files with 3 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
package/subversion/0001-workaround-ac-run-ifelse.patch
View File

@ -1,23 +0,0 @@
build/ac-macros/macosx.m4: workaround AC_RUN_IFELSE
The SVN_LIB_MACHO_ITERATE macro contains an AC_RUN_IFELSE test that
doesn't work when cross-compiling. However, this macro is related to
testing Mac OS X APIs, so in the context of Buildroot, we don't care,
and the test program is not even going to build. So we simply
workaround this by turning the test into an AC_COMPILE_IFELSE.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Index: b/build/ac-macros/macosx.m4
===================================================================
--- a/build/ac-macros/macosx.m4
+++ b/build/ac-macros/macosx.m4
@@ -24,7 +24,7 @@
AC_DEFUN(SVN_LIB_MACHO_ITERATE,
[
AC_MSG_CHECKING([for Mach-O dynamic module iteration functions])
- AC_RUN_IFELSE([AC_LANG_PROGRAM([[
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <mach-o/dyld.h>
#include <mach-o/loader.h>
]],[[

4
package/subversion/subversion.hash
View File

@ -1,5 +1,5 @@
# From https://www.apache.org/dist/subversion/subversion-1.14.1.tar.bz2.sha512
sha512 0a70c7152b77cdbcb810a029263e4b3240b6ef41d1c19714e793594088d3cca758d40dfbc05622a806b06463becb73207df249393924ce591026b749b875fcdd subversion-1.14.1.tar.bz2
# From https://www.apache.org/dist/subversion/subversion-1.14.2.tar.bz2.sha512
sha512 20ada4688ca07d9fb8da4b7d53b5084568652a3b9418c65e688886bae950a16a3ff37710fcfc9c29ef14a89e75b2ceec4e9cf35d5876a7896ebc2b512cfb9ecc subversion-1.14.2.tar.bz2
# Locally calculated
sha256 484aff0cfbb81155a10f903ed756e27e9fc65578c245a295bae295c4bb51eaad LICENSE

3
package/subversion/subversion.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
SUBVERSION_VERSION = 1.14.1
SUBVERSION_VERSION = 1.14.2
SUBVERSION_SOURCE = subversion-$(SUBVERSION_VERSION).tar.bz2
SUBVERSION_SITE = https://downloads.apache.org/subversion
SUBVERSION_LICENSE = Apache-2.0
@ -20,7 +20,6 @@ SUBVERSION_DEPENDENCIES = \
zlib \
sqlite \
$(TARGET_NLS_DEPENDENCIES)
SUBVERSION_AUTORECONF = YES
SUBVERSION_CONF_OPTS = \
--with-expat=$(STAGING_DIR)/usr/include:$(STAGING_DIR)/usr/lib: \
--with-apr=$(STAGING_DIR)/usr \