[Buildroot] [git commit branch/2017.02.x] subversion: security bump to version 1.9.7

Peter Korsgaard peter at korsgaard.com
Wed Sep 6 21:48:12 UTC 2017


commit: https://git.buildroot.net/buildroot/commit/?id=6f4428337e0c0d0fe03efb781c69508225f087a8
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x

Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious
svn+ssh URLs in svn:externals and svn:sync-from-url

For more details, see
http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at free-electrons.com>
(cherry picked from commit c6b793779c32120bc9ff9334aad4d772d6ee49f1)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/subversion/subversion.hash | 7 +++----
 package/subversion/subversion.mk   | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/package/subversion/subversion.hash b/package/subversion/subversion.hash
index 1a85961..6adb57c 100644
--- a/package/subversion/subversion.hash
+++ b/package/subversion/subversion.hash
@@ -1,5 +1,4 @@
 # From http://subversion.apache.org/download.cgi#recommended-release
-sha1 8bd6a44a1aed30c4c6b6b068488dafb44eaa6adf  subversion-1.9.5.tar.bz2
-# Locally calculated after checking PGP signature
-# https://www.apache.org/dist/subversion/subversion-1.9.5.tar.bz2.asc
-sha256 8a4fc68aff1d18dcb4dd9e460648d24d9e98657fbed496c582929c6b3ce555e5  subversion-1.9.5.tar.bz2
+sha1 874b81749cdc3e88152d103243c3623ac6338388  subversion-1.9.7.tar.bz2
+# From https://www.apache.org/dist/subversion/subversion-1.9.7.tar.bz2.sha512
+sha512 a55efd3edaddbc099450d849fcc6fe5a8d20b85ece966d8ac2fd73ee9cb4255a0349bbcfceb4e9fca6daf054ce7c648eff8d273c6873f5dade6e62dcea7eeb2b  subversion-1.9.7.tar.bz2
diff --git a/package/subversion/subversion.mk b/package/subversion/subversion.mk
index 05569c1..55738a8 100644
--- a/package/subversion/subversion.mk
+++ b/package/subversion/subversion.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SUBVERSION_VERSION = 1.9.5
+SUBVERSION_VERSION = 1.9.7
 SUBVERSION_SOURCE = subversion-$(SUBVERSION_VERSION).tar.bz2
 SUBVERSION_SITE = http://mirror.catn.com/pub/apache/subversion
 SUBVERSION_LICENSE = Apache-2.0


More information about the buildroot mailing list