Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Jun 2004 18:59:09 +0300 (EEST)
From:      Henry Karpatskij <henkka@spheroid.info>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        lev@FreeBSD.org
Subject:   ports/68015: [patch] Subversion upgrade to 1.0.5
Message-ID:  <20040616155909.8DAAC2C4@eloris.spheroid.info>
Resent-Message-ID: <200406161600.i5GG0bD2050830@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         68015
>Category:       ports
>Synopsis:       [patch] Subversion upgrade to 1.0.5
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 16 16:00:36 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Henry Karpatskij
>Release:        FreeBSD 4.9-RELEASE-p4 i386
>Organization:
n/a
>Environment:
System: FreeBSD eloris.spheroid.info 4.9-RELEASE-p4 FreeBSD 4.9-RELEASE-p4 #0: Thu Mar 18 00:29:33 EET 2004 root@eloris.spheroid.info:/usr/obj/usr/src/sys/ELORIS i386

>Description:
	Subversion 1.0.4 contains remotely exploitable vulnerability which is fixed in the current release, 1.0.5.  However, the current ported version is 1.0.4.  The advisory can be found at <URI: http://subversion.tigris.org/security/CAN-2004-0413-advisory.txt>;
>How-To-Repeat:
	Run the svnserve and wait... :-)
>Fix:
	I diffed the sources between 1.0.4 and 1.0.5 release and it seems they've only changed the vulnerable part of the code.  Assuming that it wont break up the building process, just changing the PORTVERSION and distinfo to match the 1.0.5 version should do it - it compiled ok for me (I'm using apache2 APR).
	I pasted the (quite simple) patch below:

--- subversion.patch begins here ---
--- Makefile.orig       Wed Jun 16 18:54:49 2004
+++ Makefile    Wed Jun 16 18:35:06 2004
@@ -5,7 +5,7 @@
 # $FreeBSD: ports/devel/subversion/Makefile,v 1.64 2004/06/07 02:07:44 vanilla Exp $

 PORTNAME=      subversion
-PORTVERSION=   1.0.4
+PORTVERSION=   1.0.5
 CATEGORIES=    devel
 MASTER_SITES=  http://subversion.tigris.org/tarballs/

--- distinfo.orig       Sun May 23 21:41:08 2004
+++ distinfo    Wed Jun 16 18:35:06 2004
@@ -1,2 +1,2 @@
-MD5 (subversion-1.0.4.tar.bz2) = 313bd03f353683de7561eadf477f7612
-SIZE (subversion-1.0.4.tar.bz2) = 6081806
+MD5 (subversion-1.0.5.tar.bz2) = 8e8288fee061f5278ec201fc5e5e141c
+SIZE (subversion-1.0.5.tar.bz2) = 6079903
--- subversion.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040616155909.8DAAC2C4>