From 4db6585ac2bfb665a6b8e279a83b43d994f33568b3ea4d89dcd6cecb6267e3e5 Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Thu, 10 Aug 2017 18:55:42 +0000 Subject: [PATCH] - Apache Subversion 1.9.7: * CVE-2017-9800: A remote attacker could have caused svn clients to execute arbitrary code via specially crafted URLs in svn:externals and svn:sync-from-url properties. (bsc#1051362) OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm:svn/subversion?expand=0&rev=248 --- subversion-1.9.6.tar.bz2 | 3 - subversion-1.9.6.tar.bz2.asc | 121 ----------------------------------- subversion-1.9.7.tar.bz2 | 3 + subversion-1.9.7.tar.bz2.asc | 54 ++++++++++++++++ subversion.changes | 8 +++ subversion.spec | 2 +- 6 files changed, 66 insertions(+), 125 deletions(-) delete mode 100644 subversion-1.9.6.tar.bz2 delete mode 100644 subversion-1.9.6.tar.bz2.asc create mode 100644 subversion-1.9.7.tar.bz2 create mode 100644 subversion-1.9.7.tar.bz2.asc diff --git a/subversion-1.9.6.tar.bz2 b/subversion-1.9.6.tar.bz2 deleted file mode 100644 index 2220b48..0000000 --- a/subversion-1.9.6.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dbcbc51fb634082f009121f2cb64350ce32146612787ffb0f7ced351aacaae19 -size 7882084 diff --git a/subversion-1.9.6.tar.bz2.asc b/subversion-1.9.6.tar.bz2.asc deleted file mode 100644 index f66b72b..0000000 --- a/subversion-1.9.6.tar.bz2.asc +++ /dev/null @@ -1,121 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJABAABCAAyFiEEbrYLY3zlrL8kSaLa2yfpl0Ka8gwFAllWSpMUHGRhbmllbHNo -QGFwYWNoZS5vcmcACgkQ2yfpl0Ka8gwJ0A+/R9B05tyY2ve9UsjEYxy+ZLxUJKWe -09CUxvWcVE/P2xuNLbrUS3uDSTt3NmUab4UT/7HtAANLABURRj/4xMvWHZMjUbDP -Mm5IvgQ37u4angac/O5q7rY6ufaOpJOXetLI4GptSufzW0SCesKBegWG857Ewcry -YqaeXLdYZ8GfsKYq1xdbFyNA8MwzkXdbABTLOJCDt2ghmm68jPk7FccxdaXJvW1c -hF71M++RAVA3qwIBznZiXggtF93HwxocHAsiAepqq0GKZVejzjWz0TKE81FJS2Bi -nWZ1bgSWMhvzdg27SfqLVRTWN4tE2u9Tro3dmx+jhxcg9RhJDC8Yw0Oz9Q9S5Bch -jJdPx7EBSaYHOtmVZGZvOcxvYk61oP5NTFSyJS/dt+GiaoiBDBYXA1C91eN8HvAg -Hhx7P/HCzOWpqu+uZ+XrOnXWrYzFPU0hjoK19vl2HIIOOe9WyzjoBwCL444r5VWX -SZECfOj0pR1wYoPJ0e2Vtn03z4zW3mh93kgLzF88qcMl5LVQ/4GlV03vKymsXopA -CuFq1lvb+noNFjtntzsahIr7WoMhF22hABX1rQAT93eXlWsf65HiTBU9Qapof6mM -BvLfXXB2oPaurn9+vw+DToo8QkeH/Fuqt8ynrDuXpDJW0bDRicScE2RMgFRkalaC -Vq3l -=Zicm ------END PGP SIGNATURE----- ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJZV3VVAAoJEJnsdBtXkhrM+s0P/iT59HSZXvORrell1mDoe68f -aC1qJg99uZ+qMwALjnFV0m+JAZohPdRcOxilkI5QofEN4DYamQ52+1lom9q8b3A4 -7ZQOqu7wf5mPl3MeObF3oFIVFm79sMu2IxlQF7yqWN8wJF25Son+DEh7WzhOStv2 -C5wjHp9hvcfkY+FRY/HdQi05OiayHzNaFiq5sBKMnKOls2A1jVI+91WZ88l5unNo -M7gYAn9aojPQUXfwEB/i64sw927aBBUB5IKaOTv6eEYOKB/vBhguRVW2WZKcc9YG -zPLnc6OiHDRbtuYNjIwtBkeTZlX8FbkXX1B4gxxBqPWQhbjMSEyyDauEg3WQ3G2Y -PSxIWWfzm5bNwAyqME+D+uWYr+j9EIT9ZuRQ+FFIGLUkwQaqNUQy+rhDGNS7YBuy -wRJywmTfChGDnJn6WxRUsF8Fs4vOJHAjl3XlFJe3IAt15KGoogwCy9A6TzmoqXUF -BAORep/RjMr/erxhturSLZJhYLaidkwSKK+QRL1ihojL6gqVGTT6nLb7IWMVq2Aj -rMUszv1Uu1IDyijuuKqtSMHNzJ07BvN7miEJQPbqIDBJ0WBt7wHSIm+IHYf7zU17 -2thb9+bMMZL6v0BQg/A4HoBS8gYqW+mpf5rJuWNBRkn4H5b6fvZQiWoVAbAACMsg -xL39GJTNe3TMlpE+MT0M -=De06 ------END PGP SIGNATURE----- ------BEGIN PGP SIGNATURE----- - -iQEcBAABAgAGBQJZV5thAAoJEE99uqmaWblzZTgIAIGGh+L9Ig1LG86Ke2Dq14CP -cuye9x815CJhQ5W5apXScL4fSmh2dhJ1J3xg23oAexjI8MthkTuKWwjUsruW+zyl -7wbdQRGFex6VYattVLagoaXocOLi4S87U2GXgn2/eJB/zwB/uJIec/wdzP2YNFeZ -hnGcfg6/VmwoKy/HlzYCFe0QHrwbzSG/mbWSnk87Gp5WM26xnxiMUoDmwbcxRFvq -q6KaXRQGJz4gYgNdSOZ2fHSFDN66hUm7YOBMYx6hTklt3+uDdJYNpH/FCN8BEKf8 -UypPqu5vorkdw/I4kT+4v5xbzWK06UQm9hNeLdxYFYSdfAYljfUyseVdmyGfBdY= -=qvqr ------END PGP SIGNATURE----- ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABCAAGBQJZW1XUAAoJEB+wZLhO7MSTDdgQAK0wcWljHeVbwuue7kuLvo1S -m2QDuP0EBSZkdQ1rpE+QIL8+O16rjQhWCqYjrgWbXsHSG23ddKGmMfpS3m+TPQfM -f/QMl80HVcL2a3xhTAQCA+Zmo08v2eP314jRJvpA/84GwR63S8L8qHXB9DRIUvuT -GYhT1lr+jt8SZ1tarD4wqlKPi+3VOq6P8KjpvYwZ90YIgp5Q7KrH6iXmk1yXDNVQ -vQgdjdFxGFLwWNu5S7Eaa8iJ2KmXqVzpVWpFyTF8HiBwra0KwKHGLoI1RmZMVQsw -equ4QjB+KOA6T7WrsxEGSroMsX/UftcqXTNg9MiMwwl0KvYj2i8YQBmylnWVoBK5 -83vWBkXHUgeNZB6cgMzq2a3beeWReH4R4xmvllVbJPRP7z0XnEvGi5Jp9iZ2asQB -TQUOj22I8fnWZAEZJnmDN63mEJ9PGWiuRv+wFD7Eoa4nrKqx5kUnZ22E53qLHzpq -t1OfqfrVT36QOZLAMRomOym73fD1lZWVVuQW6Z0lPzmZeJzOyrH5Rh+0VU8bNJrV -4T97jxH1KKuc1gbD+qJYYr8gyX6gg8inecPEonTFlXu5O9kleGX36+oaxI7Jvuf0 -zdmw7HmcH/uGumfS2WQ/GomjSTfpkkBt/o0hARYF4FH1r2gJ3ILsYjB4pAaLL6St -MwXS5uFJ6FqXfyVxt+ad -=ZWtQ ------END PGP SIGNATURE----- ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQIcBAABCgAGBQJZW4q/AAoJEDdqPP0RCxyVLOgP/A21yeDOBLO5PATVOQDsmWOe -ot/F8/NWe8TbFqxnp5aoFYlCm1mISYSzXNB1fo+xOarOhNa8/DuQ+sF66tLY7Xu6 -yV2DemUxYPAVlP94230ZPWhNX872HH9iQ2RCJQQNEV/U/iVfiuzdxnC3vGvVsEJB -nR3CIqE3Gket19z6FwUXMcyP/G6m1x97sTYsToZel7IkXkeOhHoTaDix6e6gbtEL -LJu88Ifp+p6FFDb/KvXm0HvX2v/UE7kubmNwhfpJ37XB40j96QU3SusPcYK9+UAU -Wkd5PE7rQp82tSC8UweQJXzIr/GGtxZmG+ZVqSh1swEmyRhUcuyyyAXS7otOLQa6 -pQ7kon2nz8yjeaPu5cPvU14ZuB7yww0W9HAaKCuc3EQU06J93V+Xbn6+AoXFQ+l1 -7w/EopVnUhCzeogL1/47Zrvduas67M8VgAHu/6u0RaHVtnyE1DCGQyfccQTnyMj5 -a8jDbAO6DGaDzpQ3L6xOI8VDLB2YuRZgfh9587VrUe2r+ZnjV0TNUx7Qf9qysTeK -HrRQRrMlHnAZkjU70dEMqxzsy4K4+zKSDyXYPd66S7iK82javvMtwzybtNlJWvpT -r1gnuDrqANlNj4i1Uixay7cNmBKvDHhbC/QAT11B0H4hqZDZEIziGzWgJ/AxLtdD -2e11Ujntl5jmh8Rt8RcI -=O0Q5 ------END PGP SIGNATURE----- ------BEGIN PGP SIGNATURE----- - -iQIcBAABAgAGBQJZW6jAAAoJEMSmxiXMyOHfuacP/0AZDyxLSjzBgQUB/T4GKXJt -zJg1u1Z4S373rF0dFmE8+r5TWpEH9WZ/BtmpeHELlyVrlmI8Y0kA8HJ/CdhSV9cC -mb95rUZtnkW+EGsUEbPnnNkPcbiaKJn/zgkq8Ezl6RHR1breDRvv+UYDUs4zG3D2 -tfICR62fr0N7woW/fjYW2cMgE9Lzopn3LaogIlC6vJfB3w+Nrl/d3veTBYbweZtL -rY2KVKj+ooZqz6Zv2ov3QEV4av0NGtwART823P4ZS9dP6p0poNe08XRoSIrjYwTI -Iq1mEXe1oa47N3D9fEcKzJUcIUenlnkXAgQB1ROMvygyht8U+AT+R8DTeYCXkxds -YSn1poLjmZf4bl1Egj/uKb/RutBNoScHAUiIcxAb1GXcBYN58TkBw0rt5M9vefNE -FL/q213Gha+0ISn+oVJDgfQ0lxhiHsk2QFqOmL1sl3e9vZF7N/AZsWcNiM0lHePM -9kg1J/Y+orFdyR8kbjWQDsVF7t9l08SgzUMFviBYY3E11ykCDeY0ums5vfsWN1Ys -1dqfbazQpyzqYsLOFmLJXNLW9k3X4P5rOFWZWz1goZ9nS2Z0Pt2CdTQRmW90ssCH -d/3joxBOvu1j5qvrplSg5wxrUG88/pqoBaKF/p6hticN1lY2UXf8hIwbymIMBcMP -w7ehzt45QpAckoQA9oYr -=2QvH ------END PGP SIGNATURE----- ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEqER5D7V0NgbulZIHdteI4e0aWZwFAllbursACgkQdteI4e0a -WZwVzQf7BU5dm/Jb1KKAEEmsooslzIBlF9bqE6cZIPI4SBkZVPye78DTUptyBCfm -r2LyuwIXOawq19otiT1K923MqvoOH/4pUMkBxHMO420X1RIqr1pEZsY8fwMy+Wte -BtYYW5iNmY/5+jmAFlLaA13HjB6vUSRaHK7VVs8sJTWBUDWZyiJGpHANqZuhf3Kd -8Vie0LOnoSqA/9eqrQY49MOA9YDCRZdXg+US+fD2hAHP8fZ/YxLIsBovskXBPTmd -CAiyhy0TLPu1FUlYER+9LWnQvCxnUWCqoSxH2fdwa1hhvJMd1+sqcF8mSezUqN2E -16eOzA8GCKA7n4DigEzczHwsJMlK8g== -=Fp5O ------END PGP SIGNATURE----- ------BEGIN PGP SIGNATURE----- - -iQIcBAABCgAGBQJZXI4uAAoJEBvKZYajR5Q/SecP/ib3R2ZR7tj4m7fZG1xQn7lS -hCpMIKu0bY7QNK30xoyuhhlNyVoz9Y+XZ8IVxRjQgIEo5Z9Vh+2vbqpkrqU6HNbe -n2Y037HP0VB+wi6pxlu2Txjg1WB3Yjm9uj1JLsSEI/bb7neyegDMfy4rLon+2PGL -DblVvjHh4YbXg03UdVZ0qq82YJBulYXdbh89AZnntAf/DdyPapHAzWHmoMUEhop3 -dThpiKetEG53CGSAnuE9UlPxImrxCFGtaXvVsI42ALiN63oKFgZJuiU8MJoHhkT8 -IhaG/qBBfAj2j774PYR08/vV1k4+19DGst4vybbxWC+idJ6t4ftzjU12DOe1HMEo -FrM6/HwVqi25usPV92SKjuuUT2hEFtI5Fuul/bKZMOPLx3H9ni6ITEza9qCBJDLL -/EEwBT1vwVJtPLtZpXFQY2foU88ZioQJLjqij2ACGmOAIRfFbJIEhu8fQ06i+7F2 -m6vwVxKg349b7jrWQJJwClw9wGhZoKyzTU6N9jFk6iQ4pwr/g1jiQSG2mjy/7rI2 -N/VciKUZCLOBtRYlQ3seYXvlrEPksHtiP/dwjqvMJ7k8axDNenw275auQPtMcNJ6 -EL7fpyGKvumil4p+KO4gIfEFUt1kC509LUsfHmqEyjCoiUyZuxP1dOW/aRxuENmR -X8h/nkbxMJYqP8RjQvZe -=RC82 ------END PGP SIGNATURE----- diff --git a/subversion-1.9.7.tar.bz2 b/subversion-1.9.7.tar.bz2 new file mode 100644 index 0000000..4b81b82 --- /dev/null +++ b/subversion-1.9.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c3b118333ce12e501d509e66bb0a47bcc34d053990acab45559431ac3e491623 +size 7881909 diff --git a/subversion-1.9.7.tar.bz2.asc b/subversion-1.9.7.tar.bz2.asc new file mode 100644 index 0000000..7285013 --- /dev/null +++ b/subversion-1.9.7.tar.bz2.asc @@ -0,0 +1,54 @@ +-----BEGIN PGP SIGNATURE----- + +iQIrBAABCAAdFiEEbrYLY3zlrL8kSaLa2yfpl0Ka8gwFAlmF8r4ACgkQ2yfpl0Ka +8gyd0A+/dd2ZvDzZIJitLIAXU0TunXaN7NXSDP/VMACIbrbcC04juokneVDV5/TA +lTNEvxyiKHmuL5xTMZk3e2XgYIhA9SGHQapHq+nGhIhkN3EoP/biAoQIh9IaWbSi +OmHmEyJKLUrv9YHnJBDusF6z8JF271AK/f+z+CkvmaW0gJ7a7oH41gg6/JI00/DR +pbQeqvUuIP28+AbslTSBw7Her1ZhujDydHOw71US6WwXwtwDXTwSWTzGMOBnPHH3 +4FbH6MkI/cDDM4sOaqQrbEG8x4fYZI9AZ7h+v/8Ba+osxVkRAs6S6l2Srd9FSJnr +BdVBWnvlOTaEj4BvnsqnDOA0geF9EmZhigkcBY8qFb5kp4ao7AwILavpl1Fn6r2F +8tJzDx7IBoYxp9EGuUNZvB15yMgQkUUiX/8mnlp6baXUogoUPJhSgCn/znL0SGp5 +xzhA5AbTkPZZlxwr5Iwe5fvw66Ip9pNsx6eCTPDrAjVywxCSbstsDbn/hPQYNuhl +H1pPfChHkSeF/typy3oWgXHS7R+rRHry/Qx/8c0IPdN+9FB1w5q/v+baOWt7hU6o +iGaTLBth7rEgJlJorCXUo6OxykRpF1D9iloAp3TJOoEnqOuMll07j9Ua15IjibVo +nCj9/qHCfeZ1Xg72IV+TF2KKoghryKcG5GMSVhrK +=vy8Y +-----END PGP SIGNATURE----- +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEqER5D7V0NgbulZIHdteI4e0aWZwFAlmIUakACgkQdteI4e0a +WZzNIwf/Zro4sQeshagnhHhJL4Ob0G+nFEApZ0B0JMj49yQv/DeylaVPvjjU+4pk +76vMUyDFvHzauISSM0tjIbEgeqm2fKRgrCQSDjBpkijvmU1+HRAkskcDapiz9n4C +nkxdL+/TMjv7d55AcLyNrl+BpgRX66yzPhnl5JnbUu/4mYMr8MnYF/o/b05uk4n1 +8yoU+joJKnaoObvJhXomjmo4JYYFegTO4JksgS1pZJ7oe8q9FIB9k9uLv3n0O2Za +YoR7B4CTxqELh+Lz2HxmlMJByx9NrR5W30kMoszcTVdktqDG3DQH0S0/H8GMEAbU +bJF3RNbxFixIzSKGK091JRMERtCOrg== +=ofDa +-----END PGP SIGNATURE----- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAABCgAGBQJZiD7sAAoJEDdqPP0RCxyV5B4P+wTVFyAbJQLj/m7AfvRq+A0R +DzfEstGS5MfDY8w+kA1Ge4EkT+uBiH4z1ZH1SJam0ci7Dr8ThB31IZtXQs3Na20C +h5GJdIMsmEi+H5Sa7X636dlhs7yC8cVI8yFpH6tWtRNcFcrozRpG2YAzRDT2z2gt +p6s1acgCTDpefUi2+3e+P598WX8Sf33ORzLGgYiiHyp4426ygpICzR3LFrkOBxC8 +TwBX17W4ZcOgHSENcvfOi+3TFy4LNA0OK+fL+eUJ4ZzLWWzfk1qpR8q8RQuHjRRB +GNd2unLiq723DYjCbB/0jnN1lULSRFdnJPNuGBEQAxfrzsDtyvQ++/nYxPOcsRCL +XtN5mxFCL2kA9WAQL167agkqEfKjHlUquyGcmDLyIHYwPm7Xc1VFRBDUZNpGJ2a6 +/8USss78dIjnbXrABCLd+Dc0qCSpETvE4LSxNQaF1cQzZGk7Wnt/xxSvJs0XRGUO +DIgIdtBbecSiQj1JmS3O6DvzLkTxwfAZ3KZT2JDjeu2L8mdmO+O2kcyvdJcJE0J9 +fUxzzzwk1S/GHX74DtPMnOPsetD1TuNeK5/fAVcEvLW9Ey+5wbOuISUOgvZuE875 +A8sE9zMQfXqxT8IBZ+h6pxjK8rJqgh/rOGXzSNrHASyw0pChcp4KnVtx6OYClwrE +hwqSlsJ3AzNKpuiDKi26 +=qVpp +-----END PGP SIGNATURE----- +-----BEGIN PGP SIGNATURE----- + +iQEcBAABAgAGBQJZiVoZAAoJEE99uqmaWblzjp0H/iKFBfjKmKlJslnjDVT2KOFr +pECP0xKYJmvXySfohqBYi9hKrOjYoJTHvqWTsEmWSVUhLuopNgK7MUkJkaicGX/X +pJ3L+LLDLrGJknoED5rBntQXpNQiF5B66v4GxRudRlY+IREBEl9EQD3Kun5755eV +/9Rq3LAAk6m4vTmN/jHcd0vV+ecJaIxSSKbr7ItQnor+5ef4mMvp1BlKIiMJitse +019de7R1emxijjxUGsu2g8pTwmVf8RegoxCY9K6o/WEuly+bk7njYXbrnxQXfT45 +IXF1LKO0+5BFJcM4/GfUCthVjBrL2mChRT3z2SjxSnd3Qn4jh3lyx+cp58BHRL8= +=IR/q +-----END PGP SIGNATURE----- diff --git a/subversion.changes b/subversion.changes index 8240268..38625fe 100644 --- a/subversion.changes +++ b/subversion.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Aug 10 15:04:45 UTC 2017 - astieger@suse.com + +- Apache Subversion 1.9.7: + * CVE-2017-9800: A remote attacker could have caused svn clients + to execute arbitrary code via specially crafted URLs in + svn:externals and svn:sync-from-url properties. (bsc#1051362) + ------------------------------------------------------------------- Fri Jul 28 14:18:49 UTC 2017 - astieger@suse.com diff --git a/subversion.spec b/subversion.spec index cd15682..560defc 100644 --- a/subversion.spec +++ b/subversion.spec @@ -32,7 +32,7 @@ %bcond_without python_ctypes %bcond_with all_regression_tests Name: subversion -Version: 1.9.6 +Version: 1.9.7 Release: 0 Summary: Subversion version control system License: Apache-2.0