subversion: fix CVE-2015-3187

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Patch is from: http://subversion.apache.org/security/CVE-2015-3187-advisory.txt (From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2) (From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22) (From OE-Core rev: b45dcbadc1a51188ac6dead855e14a181a7bccd9) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Wenzong Fan <wenzong.fan@windriver.com> 2016-02-06 15:14:49 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-07 17:23:04 +0000
commit: 4d3ce521947088a71ce4b3b7291f79af881c4d56 (patch)
tree: 3af5a1d3d9d9668edcf38b3e73974344a510babf /meta/recipes-devtools/subversion/subversion_1.8.11.bb
parent: f0ecaf46bb8e2a1bc0f22ee8650d10cbcc746a73 (diff)
download: poky-4d3ce521947088a71ce4b3b7291f79af881c4d56.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion_1.8.11.bb b/meta/recipes-devtools/subversion/subversion_1.8.11.bb
index 789392950d..b2825d9bab 100644
--- a/meta/recipes-devtools/subversion/subversion_1.8.11.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.8.11.bb
@@ -13,6 +13,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
           file://libtool2.patch \
           file://disable_macos.patch \
           file://subversion-CVE-2015-3184.patch \
+           file://subversion-CVE-2015-3187.patch \
 "
 SRC_URI[md5sum] = "766a89bbbb388f8eb76166672d3b9e49"
 SRC_URI[sha256sum] = "10b056420e1f194c12840368f6bf58842e6200f9cb8cc5ebbf9be2e89e56e4d9"
author	Wenzong Fan <wenzong.fan@windriver.com>	2016-02-06 15:14:49 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:04 +0000
commit	4d3ce521947088a71ce4b3b7291f79af881c4d56 (patch)
tree	3af5a1d3d9d9668edcf38b3e73974344a510babf /meta/recipes-devtools/subversion/subversion_1.8.11.bb
parent	f0ecaf46bb8e2a1bc0f22ee8650d10cbcc746a73 (diff)
download	poky-4d3ce521947088a71ce4b3b7291f79af881c4d56.tar.gz

diff --git a/meta/recipes-devtools/subversion/subversion_1.8.11.bb b/meta/recipes-devtools/subversion/subversion_1.8.11.bb index 789392950d..b2825d9bab 100644 --- a/meta/recipes-devtools/subversion/subversion_1.8.11.bb +++ b/meta/recipes-devtools/subversion/subversion_1.8.11.bb
@@ -13,6 +13,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
13	file://libtool2.patch \	13	file://libtool2.patch \
14	file://disable_macos.patch \	14	file://disable_macos.patch \
15	file://subversion-CVE-2015-3184.patch \	15	file://subversion-CVE-2015-3184.patch \
		16	file://subversion-CVE-2015-3187.patch \
16	"	17	"
17	SRC_URI[md5sum] = "766a89bbbb388f8eb76166672d3b9e49"	18	SRC_URI[md5sum] = "766a89bbbb388f8eb76166672d3b9e49"
18	SRC_URI[sha256sum] = "10b056420e1f194c12840368f6bf58842e6200f9cb8cc5ebbf9be2e89e56e4d9"	19	SRC_URI[sha256sum] = "10b056420e1f194c12840368f6bf58842e6200f9cb8cc5ebbf9be2e89e56e4d9"