21:41 lev 

  Update subversion ports to 1.7.10 and 1.6.23.
  It fixes 3 security issues:

    CVE-2013-1968: fsfs repository corruption caused by newline characters in
filenames
    CVE-2013-2088: contrib hook-scripts can allow arbitrary code execution
    CVE-2013-2112: svnserve remotely triggerable DoS.

Security:	CVE-2013-1968
Security:	CVE-2013-2088
Security:	CVE-2013-2112

 

10:00 ohauer 

- Subversion 1.7.9 security update [1]
- Subversion 1.6.21 security update [2]

This release addesses the following issues security issues:
[1][2]  CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
[1][2]  CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity
URLs
[1][2]  CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant
URLs
[1][2]  CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity
URLs
[1]     CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT
request

More information on these vulnerabilities, including the relevent advisories
and potential attack vectors and workarounds, can be found on the Subversion
security website:
    http://subversion.apache.org/security/

PR:		177646
Submitted by:	ohauer
Approved by:	portmgr (tabthorpe, erwin), lev
Security:	b6beb137-9dc0-11e2-882f-20cf30e32f6d

 

17:28 lev 

 Updated to latest 1.6.20

 

19:24 lev 

 Update to 1.6.19

Feature safe: yes

 

10:44 lev 

  Update to 1.6.18.

22:50 scheidell 

- force commit to note corrected pr number

PR:             ports/164854
Approved by:    gabor (mentor, implicit)

22:31 scheidell 

- Move PORTVERSION out of Makefile.common into new file Makefile.inc
- Needed to help INDEX build for ../svnmerge which used !=

PR:             ports/164584
Submitted by:   scheidell (me)
Reviewed by:    lev (maintainer)
Approved by:    lev (maintainer, via private email), gabor (mentor, implicit)