mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-29 14:02:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
36,633 Commits 38 Branches 622 Tags
d001d46d171dfd89ef758ea3bdb02e01ff4b2abb
Commit Graph

5 Commits

Author SHA1 Message Date
Wenzong Fan
0cb2fa5f73 subversion: fix CVE-2015-3187 
The svn_repos_trace_node_locations function in Apache Subversion before
1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used,
allows remote authenticated users to obtain sensitive path information
by reading the history of a node that has been moved from a hidden path.

Patch is from:
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt

(From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2)

(From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2015-12-08 10:27:15 +00:00
Wenzong Fan
5b52e9b086 subversion: fix CVE-2015-3184 
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.

Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

(From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63)

(From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2015-12-08 10:27:15 +00:00
Jose Lamego
873b8edd41 subversion_1.8.13.bb: Upstream-Status updated to Accepted 
Upstream-Status changed to Accepted due to [1]

[1] http://svn.apache.org/viewvc/subversion/trunk/build/ac-macros/serf.m4?r1=1594156&r2=1689824

(From OE-Core rev: 7785c496df839bd811cb33aef4b54158e81aa2c5)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2015-07-20 10:40:40 +01:00
Jose Lamego
d93171c060 subversion_1.8.13.bb: Regex modified to allow '-D' in paths 
Modified the regex sed in serf.m4 to allow the use of '-D' characters
in project folder names without having compilation error from
subversion-native.

[YOCTO #7874]

(From OE-Core rev: 04554b128c358e3c10f6581fd4506764a65240b8)

Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2015-07-08 00:01:23 +01:00
Roy Li
a03039caec subversion: upgrade it from 1.8.11 to 1.8.13 
upgrade to fix two CVE defects: CVE-2015-0248 and CVE-2015-0251

(From OE-Core rev: cb00b9e0330970b5c768aae9ddd4703a7172acbe)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2015-04-28 07:56:55 +01:00