mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-05-05 07:39:49 +02:00

Author	SHA1	Message	Date
Wenzong Fan	0cb2fa5f73	subversion: fix CVE-2015-3187 The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Patch is from: http://subversion.apache.org/security/CVE-2015-3187-advisory.txt (From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2) (From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2015-12-08 10:27:15 +00:00
Wenzong Fan	5b52e9b086	subversion: fix CVE-2015-3184 mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Patch is from: http://subversion.apache.org/security/CVE-2015-3184-advisory.txt (From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63) (From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2015-12-08 10:27:15 +00:00
Ross Burton	9336e1fd80	subversion: add explicit dependency on file-replacement-native for native builds Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2015-10-27 07:24:30 +00:00
Jose Lamego	d93171c060	subversion_1.8.13.bb: Regex modified to allow '-D' in paths Modified the regex sed in serf.m4 to allow the use of '-D' characters in project folder names without having compilation error from subversion-native. [YOCTO #7874] (From OE-Core rev: 04554b128c358e3c10f6581fd4506764a65240b8) Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2015-07-08 00:01:23 +01:00
Richard Purdie	b3fc3748a0	subversion: Fix subversion-native on Fedora22 Similarly to: http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=9b19d6548a345009a6de79a6820c07a72054d961 we also need to fix the subversion-native case with gcc5 by using the same fix to the BUILD_CPPFLAGS. (From OE-Core rev: a5e7a1e597e7bbe3bbc547f43a89d00a8a9a9924) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2015-06-27 22:42:56 +01:00
Roy Li	a03039caec	subversion: upgrade it from 1.8.11 to 1.8.13 upgrade to fix two CVE defects: CVE-2015-0248 and CVE-2015-0251 (From OE-Core rev: cb00b9e0330970b5c768aae9ddd4703a7172acbe) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2015-04-28 07:56:55 +01:00

6 Commits