From cf454846b5947abd61dfb2c5fbe816d2694d6df8 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Sat, 14 Dec 2024 14:39:59 +0100 Subject: [PATCH] package/subversion: security bump to version 1.14.5 Fixes the following security vulnerabilities: CVE-2024-46901: mod_dav_svn denial-of-service via control characters in paths It has been discovered that the patch for CVE-2013-1968 was incomplete and unintentionally left mod_dav_svn vulnerable to control characters in filenames. https://subversion.apache.org/security/CVE-2024-46901-advisory.txt Subversion 1.14.4 also fixed a Windows-only vulnerability: https://subversion.apache.org/security/CVE-2024-45720-advisory.txt For change log, see: https://svn.apache.org/repos/asf/subversion/tags/1.14.5/CHANGES Signed-off-by: Peter Korsgaard [Julien: add link to change log] Signed-off-by: Julien Olivain (cherry picked from commit 9975d28aa3ffbda2b727979b2e322fc8986d6d1b) Signed-off-by: Peter Korsgaard --- package/subversion/subversion.hash | 4 ++-- package/subversion/subversion.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/subversion/subversion.hash b/package/subversion/subversion.hash index 2710e9e3f3..5950e9dccf 100644 --- a/package/subversion/subversion.hash +++ b/package/subversion/subversion.hash @@ -1,5 +1,5 @@ -# From https://www.apache.org/dist/subversion/subversion-1.14.3.tar.bz2.sha512 -sha512 40b172492005fd3b0cd9e457b4444af8ea5d8ff8fc161a9a0c6dc3a7314c6ad4ff75a4676f68a1919ae6273ae03e34d04eba8c1c37b8c0b4ec70d6731b527b41 subversion-1.14.3.tar.bz2 +# From https://www.apache.org/dist/subversion/subversion-1.14.5.tar.bz2.sha512 +sha512 e4800564d0cc68be98f19aa58d89181de83f237f0ccff10824d9237f8c65eb0071f7176ac54e9e8f8ecbf685849bd3e94be48f678f4c23ed6a5fd7fb6edd0321 subversion-1.14.5.tar.bz2 # Locally calculated sha256 484aff0cfbb81155a10f903ed756e27e9fc65578c245a295bae295c4bb51eaad LICENSE diff --git a/package/subversion/subversion.mk b/package/subversion/subversion.mk index bc0b9b45ab..b3daf013f0 100644 --- a/package/subversion/subversion.mk +++ b/package/subversion/subversion.mk @@ -4,7 +4,7 @@ # ################################################################################ -SUBVERSION_VERSION = 1.14.3 +SUBVERSION_VERSION = 1.14.5 SUBVERSION_SOURCE = subversion-$(SUBVERSION_VERSION).tar.bz2 SUBVERSION_SITE = https://downloads.apache.org/subversion SUBVERSION_LICENSE = Apache-2.0