mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-14 12:43:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

subversion: fix CVE-2015-3184

Browse Source 
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.

Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

(From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63)

(From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f)

(From OE-Core rev: e4a1caecc5ae6b8488ec8ed7d303296af99146c0)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Wenzong Fan
2016-02-06 15:14:48 -08:00
committed by Richard Purdie
parent 165fa6ce62
commit f0ecaf46bb
2 changed files with 2083 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2082
meta/recipes-devtools/subversion/subversion-1.8.11/subversion-CVE-2015-3184.patch Normal file
View File

File diff suppressed because it is too large Load Diff

1
meta/recipes-devtools/subversion/subversion_1.8.11.bb
View File

@@ -12,6 +12,7 @@ inherit gettext pythonnative
SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://libtool2.patch \
file://disable_macos.patch \
file://subversion-CVE-2015-3184.patch \
"
SRC_URI[md5sum] = "766a89bbbb388f8eb76166672d3b9e49"
SRC_URI[sha256sum] = "10b056420e1f194c12840368f6bf58842e6200f9cb8cc5ebbf9be2e89e56e4d9"