mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-04-26 18:32:13 +02:00

Author	SHA1	Message	Date
Wenzong Fan	4d3ce52194	subversion: fix CVE-2015-3187 The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Patch is from: http://subversion.apache.org/security/CVE-2015-3187-advisory.txt (From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2) (From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22) (From OE-Core rev: b45dcbadc1a51188ac6dead855e14a181a7bccd9) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:04 +00:00
Wenzong Fan	f0ecaf46bb	subversion: fix CVE-2015-3184 mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Patch is from: http://subversion.apache.org/security/CVE-2015-3184-advisory.txt (From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63) (From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f) (From OE-Core rev: e4a1caecc5ae6b8488ec8ed7d303296af99146c0) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:04 +00:00
Richard Purdie	f6430d42b4	subversion: Fix subversion-native on Fedora22 Similarly to: http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=9b19d6548a345009a6de79a6820c07a72054d961 we also need to fix the subversion-native case with gcc5 by using the same fix to the BUILD_CPPFLAGS. (From OE-Core rev: a5e7a1e597e7bbe3bbc547f43a89d00a8a9a9924) (From OE-Core rev: 7d445547df528aa9e5bfb85568a7270e27f633ef) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2015-06-28 09:45:42 +01:00
Khem Raj	b24aeb7b42	subversion: Add -P to CPPFLAGS see https://gcc.gnu.org/gcc-5/porting_to.html we need to stop the preprocessor from generating the #line directives or we run into issues like \| checking for apr_int64_t Python/C API format string... \| configure: error: failed to recognize APR_INT64_T_FMT on this platform \| Configure failed. The contents of all config.log files follows to aid debugging \| ERROR: oe_runconf failed Rightly subversion should be fixed but lets leave that to subversion folks Change-Id: I02a89798ff949f79967ab0a73adcddaa4218662d (From OE-Core rev: 7793b1c425077ed6ed11a9bc2a8b1b96612b1c96) (From OE-Core rev: a240d28492f05c22198dd4b20c11c0d510f0c897) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2015-06-28 09:45:42 +01:00
Richard Purdie	8b54cb7e96	subversion: 1.8.10 -> 1.8.11 (From OE-Core rev: 6218b590e02afc346b473e62ee4e4624b677cacf) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2015-02-15 21:58:24 +00:00

5 Commits