From 18ee8c6d5d310a7fd621e83ca26d751e37fa2a9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20N=C3=A9ri?= Date: Fri, 18 Apr 2025 01:20:05 +0200 Subject: [PATCH] main/subversion: security upgrade to 1.14.5 mod_dav_svn denial-of-service via control characters in paths: - https://subversion.apache.org/security/CVE-2024-46901-advisory.txt --- main/subversion/APKBUILD | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/main/subversion/APKBUILD b/main/subversion/APKBUILD index 914c4e33825..c147e4939d3 100644 --- a/main/subversion/APKBUILD +++ b/main/subversion/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Ɓukasz Jendrysik # Maintainer: Natanael Copa pkgname=subversion -pkgver=1.14.2 -pkgrel=12 +pkgver=1.14.5 +pkgrel=0 _py3c_ver=1.4 pkgdesc="Replacement for CVS, another versioning system (svn)" url="https://subversion.apache.org/" @@ -46,6 +46,9 @@ source="https://archive.apache.org/dist/subversion/subversion-$pkgver.tar.bz2 " # secfixes: +# 1.14.5-r0: +# - CVE-2024-46901 +# - CVE-2024-45720 # 1.14.2-r0: # - CVE-2021-28544 # - CVE-2022-24070 @@ -163,7 +166,7 @@ tools() { } sha512sums=" -20ada4688ca07d9fb8da4b7d53b5084568652a3b9418c65e688886bae950a16a3ff37710fcfc9c29ef14a89e75b2ceec4e9cf35d5876a7896ebc2b512cfb9ecc subversion-1.14.2.tar.bz2 +e4800564d0cc68be98f19aa58d89181de83f237f0ccff10824d9237f8c65eb0071f7176ac54e9e8f8ecbf685849bd3e94be48f678f4c23ed6a5fd7fb6edd0321 subversion-1.14.5.tar.bz2 db71db2c19a16ba5a430b676beb357faee5b67b161478932af13dd06be23b5505da85dbaf5b2447f95590fea55b833ee33fa19d3350ba3117f3364a9ab012ee6 py3c-1.4.tar.gz fb219c45b80602d919176cc191394df09f90d0f5c7d24e6a36b166bd92777ecae67eeac1e49c0ffbb0e724396b3d2094dbb0bef17d01dc87d418b1cd554bd7c4 subversion-1.7.0-deplibs.patch fd6e5f45cff4d3cf0d885a34c822b32141b13b199d99ad8e1b04d641c9c1ee27e73f5c556a4ad54a900b6d39cc14afad17b6738d8af44c76758f1a27b4d49f9a subversion-perl-deplibs.patch