diff options
author | Wenzong Fan <wenzong.fan@windriver.com> | 2016-02-06 15:14:49 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-07 17:23:04 +0000 |
commit | 4d3ce521947088a71ce4b3b7291f79af881c4d56 (patch) | |
tree | 3af5a1d3d9d9668edcf38b3e73974344a510babf /meta/recipes-devtools/subversion/subversion_1.8.11.bb | |
parent | f0ecaf46bb8e2a1bc0f22ee8650d10cbcc746a73 (diff) | |
download | poky-4d3ce521947088a71ce4b3b7291f79af881c4d56.tar.gz |
subversion: fix CVE-2015-3187
The svn_repos_trace_node_locations function in Apache Subversion before
1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used,
allows remote authenticated users to obtain sensitive path information
by reading the history of a node that has been moved from a hidden path.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
(From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2)
(From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22)
(From OE-Core rev: b45dcbadc1a51188ac6dead855e14a181a7bccd9)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/subversion/subversion_1.8.11.bb')
-rw-r--r-- | meta/recipes-devtools/subversion/subversion_1.8.11.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion_1.8.11.bb b/meta/recipes-devtools/subversion/subversion_1.8.11.bb index 789392950d..b2825d9bab 100644 --- a/meta/recipes-devtools/subversion/subversion_1.8.11.bb +++ b/meta/recipes-devtools/subversion/subversion_1.8.11.bb | |||
@@ -13,6 +13,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ | |||
13 | file://libtool2.patch \ | 13 | file://libtool2.patch \ |
14 | file://disable_macos.patch \ | 14 | file://disable_macos.patch \ |
15 | file://subversion-CVE-2015-3184.patch \ | 15 | file://subversion-CVE-2015-3184.patch \ |
16 | file://subversion-CVE-2015-3187.patch \ | ||
16 | " | 17 | " |
17 | SRC_URI[md5sum] = "766a89bbbb388f8eb76166672d3b9e49" | 18 | SRC_URI[md5sum] = "766a89bbbb388f8eb76166672d3b9e49" |
18 | SRC_URI[sha256sum] = "10b056420e1f194c12840368f6bf58842e6200f9cb8cc5ebbf9be2e89e56e4d9" | 19 | SRC_URI[sha256sum] = "10b056420e1f194c12840368f6bf58842e6200f9cb8cc5ebbf9be2e89e56e4d9" |