mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-02 18:32:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
29,493 Commits 38 Branches 624 Tags
51a5a5df84e2e1ac5dbadb95d2b6af6541e345d2
Commit Graph

6 Commits

Author SHA1 Message Date
Yue Tao
7bcc609bf0 subversion: fix for Security Advisory CVE-2013-4277 
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277

(From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e)

(From OE-Core rev: 0517d47172c68097e30a5063cd09c1da6158c71d)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2014-05-29 13:43:29 +01:00
Yue Tao
ee4d106987 subversion: fix for Security Advisory CVE-2013-4131 
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
root.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131

(From OE-Core rev: ce41ed3ca5b6ef06c02c5ca65f285e5ee8c04e7f)

(From OE-Core rev: 0cb67304f5b124d21468fcbc2928c7cb1f37c5f6)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2014-05-29 13:43:28 +01:00
Yue Tao
896511d564 subversion: fix for Security Advisory CVE-2013-4505 
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505

(From OE-Core rev: 02314673619f44e5838ddb65bbe22f9342ee6167)

(From OE-Core rev: d245459306939aef078a89e671ec093e3d6321cd)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2014-05-29 13:43:28 +01:00
Chen Qi
3c94bfe8c5 subversion: fix build problem when sysroot contains '-D' or '-I' 
If sysroot contains '-D' or '-I' characters, the SVN_NEON_INCLUDES and
the corresponding CFLAGS will not get the correct value.

This will cause build failures.

This patch fixes the above problem.

[YOCTO #5458]

(From OE-Core rev: 7078397ef39de43244fca7e24683b2a83913cbbf)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2013-12-03 17:45:53 +00:00
Saul Wold
f63e7f4323 subversion: Add patch to use neon 0.30 
The neon update is not recognized but subversion, so we need to patch the configure.ac
to know about 0.30, otherwise we don't have http/https support in subversion.

(From OE-Core rev: 291ab168fac15eae0e4c9234e16f394b0e1547a0)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2013-08-07 07:43:47 +01:00
Bogdan Marinescu
2ee07173a6 subversion: upgraded to 1.7.10 
(From OE-Core rev: 6866fd80ec59ef1e2d24263827237be8ff21584f)

Signed-off-by: Bogdan Marinescu <bogdan.a.marinescu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2013-06-07 16:48:24 +01:00