Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/810684/?format=api
{ "id": 810684, "url": "http://patchwork.ozlabs.org/api/patches/810684/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20170906154039.21569-1-peter@korsgaard.com/", "project": { "id": 27, "url": "http://patchwork.ozlabs.org/api/projects/27/?format=api", "name": "Buildroot development", "link_name": "buildroot", "list_id": "buildroot.buildroot.org", "list_email": "buildroot@buildroot.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20170906154039.21569-1-peter@korsgaard.com>", "list_archive_url": null, "date": "2017-09-06T15:40:39", "name": "subversion: security bump to version 1.9.7", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "8e543efa5ba5fc9b11a5f141a4203f0b0e3fbf51", "submitter": { "id": 42365, "url": "http://patchwork.ozlabs.org/api/people/42365/?format=api", "name": "Peter Korsgaard", "email": "peter@korsgaard.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20170906154039.21569-1-peter@korsgaard.com/mbox/", "series": [ { "id": 1842, "url": "http://patchwork.ozlabs.org/api/series/1842/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=1842", "date": "2017-09-06T15:40:39", "name": "subversion: security bump to version 1.9.7", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/1842/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/810684/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/810684/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<buildroot-bounces@busybox.net>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "buildroot@lists.busybox.net" ], "Delivered-To": [ "patchwork-incoming@bilbo.ozlabs.org", "buildroot@osuosl.org" ], "Authentication-Results": [ "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.138; helo=whitealder.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=<UNKNOWN>)", "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"vVtRA1Qq\"; dkim-atps=neutral" ], "Received": [ "from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xnSTx2svsz9t5C\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 7 Sep 2017 01:40:53 +1000 (AEST)", "from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id E35B5884E4;\n\tWed, 6 Sep 2017 15:40:50 +0000 (UTC)", "from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id MkGWEhZ3mwjc; Wed, 6 Sep 2017 15:40:50 +0000 (UTC)", "from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 41AEB8870D;\n\tWed, 6 Sep 2017 15:40:50 +0000 (UTC)", "from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\tby ash.osuosl.org (Postfix) with ESMTP id 9A8FD1BFA45\n\tfor <buildroot@lists.busybox.net>;\n\tWed, 6 Sep 2017 15:40:48 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 93DA18870D\n\tfor <buildroot@lists.busybox.net>;\n\tWed, 6 Sep 2017 15:40:48 +0000 (UTC)", "from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id qShOxyB1WzU4 for <buildroot@lists.busybox.net>;\n\tWed, 6 Sep 2017 15:40:47 +0000 (UTC)", "from mail-wr0-f194.google.com (mail-wr0-f194.google.com\n\t[209.85.128.194])\n\tby whitealder.osuosl.org (Postfix) with ESMTPS id 25B94884E4\n\tfor <buildroot@buildroot.org>; Wed, 6 Sep 2017 15:40:47 +0000 (UTC)", "by mail-wr0-f194.google.com with SMTP id b9so3257038wra.0\n\tfor <buildroot@buildroot.org>; Wed, 06 Sep 2017 08:40:47 -0700 (PDT)", "from dell.be.48ers.dk ([91.183.172.93])\n\tby smtp.gmail.com with ESMTPSA id\n\tq140sm1356443wmd.17.2017.09.06.08.40.43\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tWed, 06 Sep 2017 08:40:44 -0700 (PDT)", "from peko by dell.be.48ers.dk with local (Exim 4.88)\n\t(envelope-from <peko@dell.be.48ers.dk>)\n\tid 1dpcRW-0005cb-8C; Wed, 06 Sep 2017 17:40:42 +0200" ], "X-Virus-Scanned": [ "amavisd-new at osuosl.org", "amavisd-new at osuosl.org" ], "X-Greylist": "domain auto-whitelisted by SQLgrey-1.7.6", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=sender:from:to:cc:subject:date:message-id;\n\tbh=lGdjkYe4Tfr/UurJXosJRza+zy7FIGWDzMTUi7dzCdo=;\n\tb=vVtRA1QqEIxD5K7pDJv3aDPCeY7A5ge2Ghden9WyS/IQcOLtjXQntYw93t3zk91hLY\n\ttplYKbVj3YseTVb1DJCbICLxPuNyytxlvlShTx1wTQ9XjOUsd+nzzBUFHV42EGH9ZKhY\n\tlTvBHJ2YausORHg6eIwTPUEIhW6RR/fS5ZXOapTWMaT/VCZGN4HF/4ppujpXt0R49T5z\n\t/hBcWbb50azZ59MQmNm9nGjFSdbr3zWYQXa4SEKxA48cH4I1Q8oDlWyFkCjXzwYFw8Lz\n\tzRycgDrJ53FD+b6A4mj95GqC1vHxQrdVPcQmJfyO1CeWAbHt41rk5qekhq/7sd576Wep\n\tCFog==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:sender:from:to:cc:subject:date:message-id;\n\tbh=lGdjkYe4Tfr/UurJXosJRza+zy7FIGWDzMTUi7dzCdo=;\n\tb=VAFVysJE/OAB1rnBDgwLJBe2eBagV4Ul+mdzhobMoxgd9HfcGSOrTVOGKqpLDR0DMU\n\tm5O2dIJrYsmtt+Jw8Fba3oPp9OZl9iIHwuf4HyJrse+W1/SSHnmdTGM3bmCHFwfeJK35\n\tBYxwl8q1KqvUmWeSCVjckwg+jtrO7W2EnfIVJYSrr455ajdh5a9nKyHtbjUt4M7G27g/\n\tFfwi6w7tN7S+bsZBUxQDvmJin9FgFftMTu7TkTYTu0zWoZZ3sxjrGi8vKoPh8FW0BMer\n\ticps9ZBkavPaZ9w+3VfMXzBzydo9WHqbMkorP2hYxle2hlxCtg6eDtXJfJGxPuqBcIIj\n\thSCA==", "X-Gm-Message-State": "AHPjjUh+tMbKCMgja3o6DxZG/mUtZaAwhGhvYrBenwLKFoSpAXqxzAwd\n\tKKIsWLn0Cmmqb231dFw=", "X-Google-Smtp-Source": "ADKCNb5ksk5MwtivwxjyYLF9TDEQCrSrD1dcmsu7NXNO5tX6LvSmRk9RzKQ0O05uebfqVK65NdzR5g==", "X-Received": "by 10.223.172.239 with SMTP id\n\to102mr1865311wrc.135.1504712444869; \n\tWed, 06 Sep 2017 08:40:44 -0700 (PDT)", "From": "Peter Korsgaard <peter@korsgaard.com>", "To": "buildroot@buildroot.org", "Date": "Wed, 6 Sep 2017 17:40:39 +0200", "Message-Id": "<20170906154039.21569-1-peter@korsgaard.com>", "X-Mailer": "git-send-email 2.11.0", "Subject": "[Buildroot] [PATCH] subversion: security bump to version 1.9.7", "X-BeenThere": "buildroot@busybox.net", "X-Mailman-Version": "2.1.18-1", "Precedence": "list", "List-Id": "Discussion and development of buildroot <buildroot.busybox.net>", "List-Unsubscribe": "<http://lists.busybox.net/mailman/options/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=unsubscribe>", "List-Archive": "<http://lists.busybox.net/pipermail/buildroot/>", "List-Post": "<mailto:buildroot@busybox.net>", "List-Help": "<mailto:buildroot-request@busybox.net?subject=help>", "List-Subscribe": "<http://lists.busybox.net/mailman/listinfo/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=subscribe>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "buildroot-bounces@busybox.net", "Sender": "\"buildroot\" <buildroot-bounces@busybox.net>" }, "content": "Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious\nsvn+ssh URLs in svn:externals and svn:sync-from-url\n\nFor more details, see\nhttp://subversion.apache.org/security/CVE-2017-9800-advisory.txt\n\nSigned-off-by: Peter Korsgaard <peter@korsgaard.com>\n---\n package/subversion/subversion.hash | 7 +++----\n package/subversion/subversion.mk | 2 +-\n 2 files changed, 4 insertions(+), 5 deletions(-)", "diff": "diff --git a/package/subversion/subversion.hash b/package/subversion/subversion.hash\nindex 1a85961fe1..6adb57c1ae 100644\n--- a/package/subversion/subversion.hash\n+++ b/package/subversion/subversion.hash\n@@ -1,5 +1,4 @@\n # From http://subversion.apache.org/download.cgi#recommended-release\n-sha1 8bd6a44a1aed30c4c6b6b068488dafb44eaa6adf subversion-1.9.5.tar.bz2\n-# Locally calculated after checking PGP signature\n-# https://www.apache.org/dist/subversion/subversion-1.9.5.tar.bz2.asc\n-sha256 8a4fc68aff1d18dcb4dd9e460648d24d9e98657fbed496c582929c6b3ce555e5 subversion-1.9.5.tar.bz2\n+sha1 874b81749cdc3e88152d103243c3623ac6338388 subversion-1.9.7.tar.bz2\n+# From https://www.apache.org/dist/subversion/subversion-1.9.7.tar.bz2.sha512\n+sha512 a55efd3edaddbc099450d849fcc6fe5a8d20b85ece966d8ac2fd73ee9cb4255a0349bbcfceb4e9fca6daf054ce7c648eff8d273c6873f5dade6e62dcea7eeb2b subversion-1.9.7.tar.bz2\ndiff --git a/package/subversion/subversion.mk b/package/subversion/subversion.mk\nindex 05569c11a7..55738a826d 100644\n--- a/package/subversion/subversion.mk\n+++ b/package/subversion/subversion.mk\n@@ -4,7 +4,7 @@\n #\n ################################################################################\n \n-SUBVERSION_VERSION = 1.9.5\n+SUBVERSION_VERSION = 1.9.7\n SUBVERSION_SOURCE = subversion-$(SUBVERSION_VERSION).tar.bz2\n SUBVERSION_SITE = http://mirror.catn.com/pub/apache/subversion\n SUBVERSION_LICENSE = Apache-2.0\n", "prefixes": [] }