* [Buildroot] [PATCH] subversion: security bump to version 1.9.7
@ 2017-09-06 15:40 Peter Korsgaard
2017-09-06 19:49 ` Thomas Petazzoni
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Peter Korsgaard @ 2017-09-06 15:40 UTC (permalink / raw)
To: buildroot
Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
svn+ssh URLs in svn:externals and svn:sync-from-url
For more details, see
http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/subversion/subversion.hash | 7 +++----
package/subversion/subversion.mk | 2 +-
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/package/subversion/subversion.hash b/package/subversion/subversion.hash
index 1a85961fe1..6adb57c1ae 100644
--- a/package/subversion/subversion.hash
+++ b/package/subversion/subversion.hash
@@ -1,5 +1,4 @@
# From http://subversion.apache.org/download.cgi#recommended-release
-sha1 8bd6a44a1aed30c4c6b6b068488dafb44eaa6adf subversion-1.9.5.tar.bz2
-# Locally calculated after checking PGP signature
-# https://www.apache.org/dist/subversion/subversion-1.9.5.tar.bz2.asc
-sha256 8a4fc68aff1d18dcb4dd9e460648d24d9e98657fbed496c582929c6b3ce555e5 subversion-1.9.5.tar.bz2
+sha1 874b81749cdc3e88152d103243c3623ac6338388 subversion-1.9.7.tar.bz2
+# From https://www.apache.org/dist/subversion/subversion-1.9.7.tar.bz2.sha512
+sha512 a55efd3edaddbc099450d849fcc6fe5a8d20b85ece966d8ac2fd73ee9cb4255a0349bbcfceb4e9fca6daf054ce7c648eff8d273c6873f5dade6e62dcea7eeb2b subversion-1.9.7.tar.bz2
diff --git a/package/subversion/subversion.mk b/package/subversion/subversion.mk
index 05569c11a7..55738a826d 100644
--- a/package/subversion/subversion.mk
+++ b/package/subversion/subversion.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SUBVERSION_VERSION = 1.9.5
+SUBVERSION_VERSION = 1.9.7
SUBVERSION_SOURCE = subversion-$(SUBVERSION_VERSION).tar.bz2
SUBVERSION_SITE = http://mirror.catn.com/pub/apache/subversion
SUBVERSION_LICENSE = Apache-2.0
--
2.11.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] subversion: security bump to version 1.9.7
2017-09-06 15:40 [Buildroot] [PATCH] subversion: security bump to version 1.9.7 Peter Korsgaard
@ 2017-09-06 19:49 ` Thomas Petazzoni
2017-09-06 21:50 ` Peter Korsgaard
2017-10-16 21:48 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni @ 2017-09-06 19:49 UTC (permalink / raw)
To: buildroot
Hello,
On Wed, 6 Sep 2017 17:40:39 +0200, Peter Korsgaard wrote:
> Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
> svn+ssh URLs in svn:externals and svn:sync-from-url
>
> For more details, see
> http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> package/subversion/subversion.hash | 7 +++----
> package/subversion/subversion.mk | 2 +-
> 2 files changed, 4 insertions(+), 5 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] subversion: security bump to version 1.9.7
2017-09-06 15:40 [Buildroot] [PATCH] subversion: security bump to version 1.9.7 Peter Korsgaard
2017-09-06 19:49 ` Thomas Petazzoni
@ 2017-09-06 21:50 ` Peter Korsgaard
2017-10-16 21:48 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2017-09-06 21:50 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
> svn+ssh URLs in svn:externals and svn:sync-from-url
> For more details, see
> http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] subversion: security bump to version 1.9.7
2017-09-06 15:40 [Buildroot] [PATCH] subversion: security bump to version 1.9.7 Peter Korsgaard
2017-09-06 19:49 ` Thomas Petazzoni
2017-09-06 21:50 ` Peter Korsgaard
@ 2017-10-16 21:48 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2017-10-16 21:48 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
> svn+ssh URLs in svn:externals and svn:sync-from-url
> For more details, see
> http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2017.08.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-10-16 21:48 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-09-06 15:40 [Buildroot] [PATCH] subversion: security bump to version 1.9.7 Peter Korsgaard
2017-09-06 19:49 ` Thomas Petazzoni
2017-09-06 21:50 ` Peter Korsgaard
2017-10-16 21:48 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox