diff mbox series

subversion: security bump to version 1.9.7

Message ID 20170906154039.21569-1-peter@korsgaard.com
State Accepted
Headers show
Series subversion: security bump to version 1.9.7 | expand

Commit Message

Peter Korsgaard Sept. 6, 2017, 3:40 p.m. UTC 
Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
svn+ssh URLs in svn:externals and svn:sync-from-url

For more details, see
http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/subversion/subversion.hash | 7 +++----
 package/subversion/subversion.mk   | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

Comments

Thomas Petazzoni Sept. 6, 2017, 7:49 p.m. UTC | #1 
Hello,

On Wed,  6 Sep 2017 17:40:39 +0200, Peter Korsgaard wrote:
> Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
> svn+ssh URLs in svn:externals and svn:sync-from-url
> 
> For more details, see
> http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
> 
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
>  package/subversion/subversion.hash | 7 +++----
>  package/subversion/subversion.mk   | 2 +-
>  2 files changed, 4 insertions(+), 5 deletions(-)

Applied to master, thanks.

Thomas
Peter Korsgaard Sept. 6, 2017, 9:50 p.m. UTC | #2 
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
 > svn+ssh URLs in svn:externals and svn:sync-from-url

 > For more details, see
 > http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2017.02.x, thanks.
Peter Korsgaard Oct. 16, 2017, 9:48 p.m. UTC | #3 
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
 > svn+ssh URLs in svn:externals and svn:sync-from-url

 > For more details, see
 > http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2017.08.x, thanks.
diff mbox series

Patch

diff --git a/package/subversion/subversion.hash b/package/subversion/subversion.hash
index 1a85961fe1..6adb57c1ae 100644
--- a/package/subversion/subversion.hash
+++ b/package/subversion/subversion.hash
@@ -1,5 +1,4 @@ 
 # From http://subversion.apache.org/download.cgi#recommended-release
-sha1 8bd6a44a1aed30c4c6b6b068488dafb44eaa6adf  subversion-1.9.5.tar.bz2
-# Locally calculated after checking PGP signature
-# https://www.apache.org/dist/subversion/subversion-1.9.5.tar.bz2.asc
-sha256 8a4fc68aff1d18dcb4dd9e460648d24d9e98657fbed496c582929c6b3ce555e5  subversion-1.9.5.tar.bz2
+sha1 874b81749cdc3e88152d103243c3623ac6338388  subversion-1.9.7.tar.bz2
+# From https://www.apache.org/dist/subversion/subversion-1.9.7.tar.bz2.sha512
+sha512 a55efd3edaddbc099450d849fcc6fe5a8d20b85ece966d8ac2fd73ee9cb4255a0349bbcfceb4e9fca6daf054ce7c648eff8d273c6873f5dade6e62dcea7eeb2b  subversion-1.9.7.tar.bz2
diff --git a/package/subversion/subversion.mk b/package/subversion/subversion.mk
index 05569c11a7..55738a826d 100644
--- a/package/subversion/subversion.mk
+++ b/package/subversion/subversion.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-SUBVERSION_VERSION = 1.9.5
+SUBVERSION_VERSION = 1.9.7
 SUBVERSION_SOURCE = subversion-$(SUBVERSION_VERSION).tar.bz2
 SUBVERSION_SITE = http://mirror.catn.com/pub/apache/subversion
 SUBVERSION_LICENSE = Apache-2.0