From 1e7720531aab24693775500065c80f54c8b13176 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 26 Apr 2021 02:43:55 +0200 Subject: [PATCH] subversion: 1.12.2 -> 1.14.1 --- .../subversion/CVE-2020-17525.patch | 15 --------------- .../version-management/subversion/default.nix | 13 ++++++------- 2 files changed, 6 insertions(+), 22 deletions(-) delete mode 100644 pkgs/applications/version-management/subversion/CVE-2020-17525.patch diff --git a/pkgs/applications/version-management/subversion/CVE-2020-17525.patch b/pkgs/applications/version-management/subversion/CVE-2020-17525.patch deleted file mode 100644 index c844c3773e34..000000000000 --- a/pkgs/applications/version-management/subversion/CVE-2020-17525.patch +++ /dev/null @@ -1,15 +0,0 @@ -Patch included in advisory @ https://subversion.apache.org/security/CVE-2020-17525-advisory.txt - ---- a/subversion/libsvn_repos/config_file.c -+++ b/subversion/libsvn_repos/config_file.c -@@ -237,6 +237,10 @@ get_repos_config(svn_stream_t **stream, - { - /* Search for a repository in the full path. */ - repos_root_dirent = svn_repos_find_root_path(dirent, scratch_pool); -+ if (repos_root_dirent == NULL) -+ return svn_error_trace(handle_missing_file(stream, checksum, access, -+ url, must_exist, -+ svn_node_none)); - - /* Attempt to open a repository at repos_root_dirent. */ - SVN_ERR(svn_repos_open3(&access->repos, repos_root_dirent, NULL, diff --git a/pkgs/applications/version-management/subversion/default.nix b/pkgs/applications/version-management/subversion/default.nix index 9f780de748e9..042dafbb6745 100644 --- a/pkgs/applications/version-management/subversion/default.nix +++ b/pkgs/applications/version-management/subversion/default.nix @@ -6,13 +6,13 @@ , javahlBindings ? false , saslSupport ? false , lib, stdenv, fetchurl, apr, aprutil, zlib, sqlite, openssl, lz4, utf8proc -, apacheHttpd ? null, expat, swig ? null, jdk ? null, python ? null, perl ? null +, apacheHttpd ? null, expat, swig ? null, jdk ? null, python3 ? null, py3c ? null, perl ? null , sasl ? null, serf ? null }: assert bdbSupport -> aprutil.bdbSupport; assert httpServer -> apacheHttpd != null; -assert pythonBindings -> swig != null && python != null; +assert pythonBindings -> swig != null && python3 != null && py3c != null; assert javahlBindings -> jdk != null && perl != null; let @@ -31,7 +31,7 @@ let buildInputs = [ zlib apr aprutil sqlite openssl lz4 utf8proc ] ++ lib.optional httpSupport serf - ++ lib.optional pythonBindings python + ++ lib.optionals pythonBindings [ python3 py3c ] ++ lib.optional perlBindings perl ++ lib.optional saslSupport sasl; @@ -91,7 +91,7 @@ let enableParallelBuilding = true; - checkInputs = [ python ]; + checkInputs = [ python3 ]; doCheck = false; # fails 10 out of ~2300 tests meta = with lib; { @@ -116,8 +116,7 @@ in { }; subversion = common { - version = "1.12.2"; - sha256 = "0wgpw3kzsiawzqk4y0xgh1z93kllxydgv4lsviim45y5wk4bbl1v"; - extraPatches = [ ./CVE-2020-17525.patch ]; + version = "1.14.1"; + sha256 = "1ag1hvcm9q92kgalzbbgcsq9clxnzmbj9nciz9lmabjx4lyajp9c"; }; }