update: devel/subversion 1.8.8

Thu, 10 Apr 2014 08:41:03 -0700 

Update Subversion to 1.8.8.

ok?

Index: Makefile
===================================================================
RCS file: /cvs/ports/devel/subversion/Makefile,v
retrieving revision 1.131
diff -u -p -r1.131 Makefile
--- Makefile    20 Feb 2014 21:15:31 -0000      1.131
+++ Makefile    10 Apr 2014 12:34:24 -0000
@@ -7,10 +7,8 @@ COMMENT-ruby=          ruby interface to subvers
 COMMENT-ap2=           apache2 subversion modules
 COMMENT-gnome-keyring= GNOME keyring support for subversion
 
-VERSION=               1.8.5
+VERSION=               1.8.8
 DISTNAME=              subversion-${VERSION}
-REVISION-main =        0
-REVISION-ap2 =         0
 PKGNAME-main=          ${DISTNAME}
 FULLPKGNAME-perl=      p5-SVN-${VERSION}
 FULLPKGPATH-perl=      devel/subversion,-perl
Index: distinfo
===================================================================
RCS file: /cvs/ports/devel/subversion/distinfo,v
retrieving revision 1.44
diff -u -p -r1.44 distinfo
--- distinfo    25 Nov 2013 17:08:06 -0000      1.44
+++ distinfo    10 Apr 2014 12:33:51 -0000
@@ -1,2 +1,2 @@
-SHA256 (subversion-1.8.5.tar.bz2) = 
/VIr8ezaHAlCbtbENvB0SrlcMXArCQSt0ImGTHPudWQ=
-SIZE (subversion-1.8.5.tar.bz2) = 6881572
+SHA256 (subversion-1.8.8.tar.bz2) = 
FWmTHNha4nBSiVVUvBQSXgeV16F9Pkp8Ks63KJvnHbM=
+SIZE (subversion-1.8.8.tar.bz2) = 6821200
Index: patches/patch-subversion_mod_dav_svn_repos_c
===================================================================
RCS file: patches/patch-subversion_mod_dav_svn_repos_c
diff -N patches/patch-subversion_mod_dav_svn_repos_c
--- patches/patch-subversion_mod_dav_svn_repos_c        20 Feb 2014 21:15:31 
-0000      1.2
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,30 +0,0 @@
-$OpenBSD: patch-subversion_mod_dav_svn_repos_c,v 1.2 2014/02/20 21:15:31 stsp 
Exp $
-CVE-2014-0032: mod_dav_svn DoS vulnerability with SVNListParentPath
---- subversion/mod_dav_svn/repos.c.orig        Thu Nov 14 22:02:26 2013
-+++ subversion/mod_dav_svn/repos.c     Thu Feb 20 19:55:28 2014
-@@ -1971,6 +1971,25 @@ get_resource(request_rec *r,
-      of private resource, iff the SVNListParentPath directive is 'on'. */
-   if (dav_svn__is_parentpath_list(r))
-     {
-+      /* Only allow GET and HEAD on the parentpath resource
-+       * httpd uses the same method_number for HEAD as GET */
-+      if (r->method_number != M_GET)
-+        {
-+          int status;
-+
-+          /* Marshall the error back to the client by generating by
-+           * way of the dav_svn__error_response_tag trick. */
-+          err = dav_svn__new_error(r->pool, HTTP_METHOD_NOT_ALLOWED,
-+                                   SVN_ERR_APMOD_MALFORMED_URI,
-+                                   "The URI does not contain the name "
-+                                   "of a repository.");
-+          /* can't use r->allowed since the default handler isn't called */
-+          apr_table_setn(r->headers_out, "Allow", "GET,HEAD");
-+          status = dav_svn__error_response_tag(r, err);
-+
-+          return dav_push_error(r->pool, status, err->error_id, NULL, err);
-+        }
-+
-       err = get_parentpath_resource(r, resource);
-       if (err)
-         return err;

Reply via email to