mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-04-25 15:32:13 +02:00

Commit Graph

Author	SHA1	Message	Date
Wenzong Fan	3f5906e086	subversion: fix CVE-2017-9800 A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server(to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. Backport patch from: http://svn.apache.org/viewvc?view=revision&sortby=rev&revision=1804691 Reference: http://subversion.apache.org/security/CVE-2017-9800-advisory.txt (From OE-Core rev: 6e1f8001a0f3c26cce9c692d25987a3c47ff2f74) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2017-09-11 17:30:30 +01:00
Alexander Kanavin	bac4e58992	subversion: inherit pkgconfig, so that serf can be found (From OE-Core rev: 079b765c6ce7032fa2ad429d80090d7531f174a9) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2017-08-30 11:14:26 +01:00
Richard Purdie	5a8f9aa347	subversion: Upgrade 1.9.5-> 1.9.6 (From OE-Core rev: 5212d88104b7a53d4bd8bf2320aca9455099ac80) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2017-07-21 08:44:25 +01:00

Author

SHA1

Message

Date

Wenzong Fan

3f5906e086

subversion: fix CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients
before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3
to run an arbitrary shell command. Such a URL could be generated by a
malicious server, by a malicious user committing to a honest server(to
attack another user of that server's repositories), or by a proxy
server.

The vulnerability affects all clients, including those that use
file://, http://, and plain (untunneled) svn://.

Backport patch from:
http://svn.apache.org/viewvc?view=revision&amp;sortby=rev&amp;revision=1804691

Reference:
http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

(From OE-Core rev: 6e1f8001a0f3c26cce9c692d25987a3c47ff2f74)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2017-09-11 17:30:30 +01:00

Alexander Kanavin

bac4e58992

subversion: inherit pkgconfig, so that serf can be found

(From OE-Core rev: 079b765c6ce7032fa2ad429d80090d7531f174a9)

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2017-08-30 11:14:26 +01:00

Richard Purdie

5a8f9aa347

subversion: Upgrade 1.9.5-> 1.9.6

(From OE-Core rev: 5212d88104b7a53d4bd8bf2320aca9455099ac80)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2017-07-21 08:44:25 +01:00

3 Commits