initial commit for Enea Linux 5.0 arm

Signed-off-by: Tudor Florea <tudor.florea@enea.com>

15 files changed, 1583 insertions, 0 deletions

diff --git a/meta/recipes-devtools/subversion/subversion-1.8.9/disable_macos.patch b/meta/recipes-devtools/subversion/subversion-1.8.9/disable_macos.patch
new file mode 100644
index 0000000000..ec3be496f3
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion-1.8.9/disable_macos.patch
@@ -0,0 +1,68 @@
+These tests don't work in cross compiling, just disable them for now, we don't
+build subversion on OS-X at this time.
+
+RP 1014/7/16
+
+Upstream-Status: Pending [needs a rewrite to support a cache value]
+
+Index: subversion-1.8.9/build/ac-macros/macosx.m4
+===================================================================
+--- subversion-1.8.9.orig/build/ac-macros/macosx.m4     2012-11-26 03:04:27.000000000 +0000
++++ subversion-1.8.9/build/ac-macros/macosx.m4  2014-07-16 12:28:58.357300403 +0000
+@@ -24,21 +24,7 @@
+ AC_DEFUN(SVN_LIB_MACHO_ITERATE,
+ [
+   AC_MSG_CHECKING([for Mach-O dynamic module iteration functions])
+-  AC_RUN_IFELSE([AC_LANG_PROGRAM([[
+-    #include <mach-o/dyld.h>
+-    #include <mach-o/loader.h>
+-  ]],[[
+-    const struct mach_header *header = _dyld_get_image_header(0);
+-    const char *name = _dyld_get_image_name(0);
+-    if (name && header) return 0;
+-    return 1;
+-  ]])],[
+-    AC_DEFINE([SVN_HAVE_MACHO_ITERATE], [1],
+-              [Is Mach-O low-level _dyld API available?])
+-    AC_MSG_RESULT([yes])
+-  ],[
+     AC_MSG_RESULT([no])
+-  ])
+ ])
+ 
+ dnl SVN_LIB_MACOS_PLIST
+@@ -46,34 +32,7 @@
+ AC_DEFUN(SVN_LIB_MACOS_PLIST,
+ [
+   AC_MSG_CHECKING([for Mac OS property list utilities])
+-
+-  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+-    #include <AvailabilityMacros.h>
+-    #if !defined(MAC_OS_X_VERSION_MAX_ALLOWED) \
+-     || !defined(MAC_OS_X_VERSION_10_0) \
+-     || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_0)
+-    #error ProperyList API unavailable.
+-    #endif
+-  ]],[[]])],[
+-    dnl ### Hack.  We should only need to pass the -framework options when
+-    dnl linking libsvn_subr, since it is the only library that uses Keychain.
+-    dnl
+-    dnl Unfortunately, libtool 1.5.x doesn't track transitive dependencies for
+-    dnl OS X frameworks like it does for normal libraries, so we need to
+-    dnl explicitly pass the option to all the users of libsvn_subr to allow
+-    dnl static builds to link successfully.
+-    dnl
+-    dnl This does mean that all executables we link will be linked directly
+-    dnl to these frameworks - even when building shared libraries - but that
+-    dnl shouldn't cause any problems.
+-
+-    LIBS="$LIBS -framework CoreFoundation"
+-    AC_DEFINE([SVN_HAVE_MACOS_PLIST], [1],
+-              [Is Mac OS property list API available?])
+-    AC_MSG_RESULT([yes])
+-  ],[
+     AC_MSG_RESULT([no])
+-  ])
+ ])
+ 
+ dnl SVN_LIB_MACOS_KEYCHAIN
diff --git a/meta/recipes-devtools/subversion/subversion-1.8.9/libtool2.patch b/meta/recipes-devtools/subversion/subversion-1.8.9/libtool2.patch
new file mode 100644
index 0000000000..5cd572bfc8
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion-1.8.9/libtool2.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Inappropriate [embedded specific]
+
+--- a/configure.ac      2011-10-20 21:56:02.230663987 +0200
++++ b/configure.ac      2011-08-17 15:01:30.000000000 +0200
+@@ -227,8 +227,8 @@
+   LIBTOOL="$sh_libtool"
+   SVN_LIBTOOL="$sh_libtool"
+ else
+-  sh_libtool="$abs_builddir/libtool"
+-  SVN_LIBTOOL="\$(SHELL) $sh_libtool"
++  sh_libtool="$abs_builddir/$host_alias-libtool"
++  SVN_LIBTOOL="\$(SHELL) \$(abs_builddir)/$host_alias-libtool"
+ fi
+ AC_SUBST(SVN_LIBTOOL)
+ 
diff --git a/meta/recipes-devtools/subversion/subversion-1.8.9/subversion-CVE-2014-3522.patch b/meta/recipes-devtools/subversion/subversion-1.8.9/subversion-CVE-2014-3522.patch
new file mode 100644
index 0000000000..f259e5490a
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion-1.8.9/subversion-CVE-2014-3522.patch
@@ -0,0 +1,444 @@
+Upstream-Status: Backport
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+
+Index: subversion/include/private/svn_cert.h
+===================================================================
+--- subversion/include/private/svn_cert.h       (nonexistent)
++++ subversion/include/private/svn_cert.h       (working copy)
+@@ -0,0 +1,68 @@
++/**
++ * @copyright
++ * ====================================================================
++ *    Licensed to the Apache Software Foundation (ASF) under one
++ *    or more contributor license agreements.  See the NOTICE file
++ *    distributed with this work for additional information
++ *    regarding copyright ownership.  The ASF licenses this file
++ *    to you under the Apache License, Version 2.0 (the
++ *    "License"); you may not use this file except in compliance
++ *    with the License.  You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ *    Unless required by applicable law or agreed to in writing,
++ *    software distributed under the License is distributed on an
++ *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
++ *    KIND, either express or implied.  See the License for the
++ *    specific language governing permissions and limitations
++ *    under the License.
++ * ====================================================================
++ * @endcopyright
++ *
++ * @file svn_cert.h
++ * @brief Implementation of certificate validation functions
++ */
++
++#ifndef SVN_CERT_H
++#define SVN_CERT_H
++
++#include <apr.h>
++
++#include "svn_types.h"
++#include "svn_string.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++
++/* Return TRUE iff @a pattern matches @a hostname as defined
++ * by the matching rules of RFC 6125.  In the context of RFC
++ * 6125 the pattern is the domain name portion of the presented
++ * identifier (which comes from the Common Name or a DNSName
++ * portion of the subjectAltName of an X.509 certificate) and
++ * the hostname is the source domain (i.e. the host portion
++ * of the URI the user entered).
++ *
++ * @note With respect to wildcards we only support matching
++ * wildcards in the left-most label and as the only character
++ * in the left-most label (i.e. we support RFC 6125 s. 6.4.3
++ * Rule 1 and 2 but not the optional Rule 3).  This may change
++ * in the future.
++ *
++ * @note Subversion does not at current support internationalized
++ * domain names.  Both values are presumed to be in NR-LDH label
++ * or A-label form (see RFC 5890 for the definition).
++ *
++ * @since New in 1.9.
++ */
++svn_boolean_t
++svn_cert__match_dns_identity(svn_string_t *pattern, svn_string_t *hostname);
++
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* SVN_CERT_H */
+Index: subversion/libsvn_ra_serf/util.c
+===================================================================
+--- subversion/libsvn_ra_serf/util.c    (revision 1615128)
++++ subversion/libsvn_ra_serf/util.c    (working copy)
+@@ -28,7 +28,6 @@
+ #define APR_WANT_STRFUNC
+ #include <apr.h>
+ #include <apr_want.h>
+-#include <apr_fnmatch.h>
+ 
+ #include <serf.h>
+ #include <serf_bucket_types.h>
+@@ -49,6 +48,7 @@
+ #include "private/svn_fspath.h"
+ #include "private/svn_subr_private.h"
+ #include "private/svn_auth_private.h"
++#include "private/svn_cert.h"
+ 
+ #include "ra_serf.h"
+ 
+@@ -274,7 +274,6 @@ ssl_server_cert(void *baton, int failures,
+   apr_hash_t *subject = NULL;
+   apr_hash_t *serf_cert = NULL;
+   void *creds;
+-  int found_matching_hostname = 0;
+ 
+   svn_failures = (ssl_convert_serf_failures(failures)
+       | conn->server_cert_failures);
+@@ -286,26 +285,37 @@ ssl_server_cert(void *baton, int failures,
+       ### This should really be handled by serf, which should pass an error
+           for this case, but that has backwards compatibility issues. */
+       apr_array_header_t *san;
++      svn_boolean_t found_san_entry = FALSE;
++      svn_boolean_t found_matching_hostname = FALSE;
++      svn_string_t *actual_hostname =
++          svn_string_create(conn->session->session_url.hostname, scratch_pool);
+ 
+       serf_cert = serf_ssl_cert_certificate(cert, scratch_pool);
+ 
+       san = svn_hash_gets(serf_cert, "subjectAltName");
+       /* Try to find matching server name via subjectAltName first... */
+-      if (san) {
++      if (san)
++        {
+           int i;
+-          for (i = 0; i < san->nelts; i++) {
++          found_san_entry = san->nelts > 0;
++          for (i = 0; i < san->nelts; i++)
++            {
+               const char *s = APR_ARRAY_IDX(san, i, const char*);
+-              if (apr_fnmatch(s, conn->session->session_url.hostname,
+-                  APR_FNM_PERIOD | APR_FNM_CASE_BLIND) == APR_SUCCESS)
+-              {
+-                  found_matching_hostname = 1;
++              svn_string_t *cert_hostname = svn_string_create(s, scratch_pool);
++
++              if (svn_cert__match_dns_identity(cert_hostname, actual_hostname))
++                {
++                  found_matching_hostname = TRUE;
+                   break;
+-              }
+-          }
+-      }
++                }
++            }
++        }
+ 
+-      /* Match server certificate CN with the hostname of the server */
+-      if (!found_matching_hostname)
++      /* Match server certificate CN with the hostname of the server iff
++       * we didn't find any subjectAltName fields and try to match them.
++       * Per RFC 2818 they are authoritative if present and CommonName
++       * should be ignored. */
++      if (!found_matching_hostname && !found_san_entry)
+         {
+           const char *hostname = NULL;
+ 
+@@ -314,13 +324,20 @@ ssl_server_cert(void *baton, int failures,
+           if (subject)
+             hostname = svn_hash_gets(subject, "CN");
+ 
+-          if (!hostname
+-              || apr_fnmatch(hostname, conn->session->session_url.hostname,
+-                             APR_FNM_PERIOD | APR_FNM_CASE_BLIND) != APR_SUCCESS)
+-          {
+-              svn_failures |= SVN_AUTH_SSL_CNMISMATCH;
+-          }
+-      }
++          if (hostname)
++            {
++              svn_string_t *cert_hostname = svn_string_create(hostname,
++                                                              scratch_pool);
++
++              if (svn_cert__match_dns_identity(cert_hostname, actual_hostname))
++                {
++                  found_matching_hostname = TRUE;
++                }
++            }
++        }
++
++      if (!found_matching_hostname)
++        svn_failures |= SVN_AUTH_SSL_CNMISMATCH;
+     }
+ 
+   if (!svn_failures)
+Index: subversion/libsvn_subr/dirent_uri.c
+===================================================================
+--- subversion/libsvn_subr/dirent_uri.c (revision 1615128)
++++ subversion/libsvn_subr/dirent_uri.c (working copy)
+@@ -38,6 +38,7 @@
+ 
+ #include "dirent_uri.h"
+ #include "private/svn_fspath.h"
++#include "private/svn_cert.h"
+ 
+ /* The canonical empty path.  Can this be changed?  Well, change the empty
+    test below and the path library will work, not so sure about the fs/wc
+@@ -2597,3 +2598,81 @@ svn_urlpath__canonicalize(const char *uri,
+     }
+   return uri;
+ }
++
++
++/* -------------- The cert API (see private/svn_cert.h) ------------- */
++
++svn_boolean_t
++svn_cert__match_dns_identity(svn_string_t *pattern, svn_string_t *hostname)
++{
++  apr_size_t pattern_pos = 0, hostname_pos = 0;
++
++  /* support leading wildcards that composed of the only character in the
++   * left-most label. */
++  if (pattern->len >= 2 &&
++      pattern->data[pattern_pos] == '*' &&
++      pattern->data[pattern_pos + 1] == '.')
++    {
++      while (hostname_pos < hostname->len &&
++             hostname->data[hostname_pos] != '.')
++        {
++          hostname_pos++;
++        }
++      /* Assume that the wildcard must match something.  Rule 2 says
++       * that *.example.com should not match example.com.  If the wildcard
++       * ends up not matching anything then it matches .example.com which
++       * seems to be essentially the same as just example.com */
++      if (hostname_pos == 0)
++        return FALSE;
++
++      pattern_pos++;
++    }
++
++  while (pattern_pos < pattern->len && hostname_pos < hostname->len)
++    {
++      char pattern_c = pattern->data[pattern_pos];
++      char hostname_c = hostname->data[hostname_pos];
++
++      /* fold case as described in RFC 4343.
++       * Note: We actually convert to lowercase, since our URI
++       * canonicalization code converts to lowercase and generally
++       * most certs are issued with lowercase DNS names, meaning
++       * this avoids the fold operation in most cases.  The RFC
++       * suggests the opposite transformation, but doesn't require
++       * any specific implementation in any case.  It is critical
++       * that this folding be locale independent so you can't use
++       * tolower(). */
++      pattern_c = canonicalize_to_lower(pattern_c);
++      hostname_c = canonicalize_to_lower(hostname_c);
++
++      if (pattern_c != hostname_c)
++        {
++          /* doesn't match */
++          return FALSE;
++        }
++      else
++        {
++          /* characters match so skip both */
++          pattern_pos++;
++          hostname_pos++;
++        }
++    }
++
++  /* ignore a trailing period on the hostname since this has no effect on the
++   * security of the matching.  See the following for the long explanation as
++   * to why:
++   * https://bugzilla.mozilla.org/show_bug.cgi?id=134402#c28
++   */
++  if (pattern_pos == pattern->len &&
++      hostname_pos == hostname->len - 1 &&
++      hostname->data[hostname_pos] == '.')
++    hostname_pos++;
++
++  if (pattern_pos != pattern->len || hostname_pos != hostname->len)
++    {
++      /* end didn't match */
++      return FALSE;
++    }
++
++  return TRUE;
++}
+Index: subversion/tests/libsvn_subr/dirent_uri-test.c
+===================================================================
+--- subversion/tests/libsvn_subr/dirent_uri-test.c      (revision 1615128)
++++ subversion/tests/libsvn_subr/dirent_uri-test.c      (working copy)
+@@ -37,6 +37,7 @@
+ #include "svn_pools.h"
+ #include "svn_dirent_uri.h"
+ #include "private/svn_fspath.h"
++#include "private/svn_cert.h"
+ 
+ #include "../svn_test.h"
+ 
+@@ -2714,6 +2715,145 @@ test_fspath_get_longest_ancestor(apr_pool_t *pool)
+   return SVN_NO_ERROR;
+ }
+ 
++struct cert_match_dns_test {
++  const char *pattern;
++  const char *hostname;
++  svn_boolean_t expected;
++};
++
++static svn_error_t *
++run_cert_match_dns_tests(struct cert_match_dns_test *tests, apr_pool_t *pool)
++{
++  struct cert_match_dns_test *ct;
++  apr_pool_t *iterpool = svn_pool_create(pool);
++
++  for (ct = tests; ct->pattern; ct++)
++    {
++      svn_boolean_t result;
++      svn_string_t *pattern, *hostname;
++
++      svn_pool_clear(iterpool);
++
++      pattern = svn_string_create(ct->pattern, iterpool);
++      hostname = svn_string_create(ct->hostname, iterpool);
++
++      result = svn_cert__match_dns_identity(pattern, hostname);
++      if (result != ct->expected)
++        return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
++                                 "Expected %s but got %s for pattern '%s' on "
++                                 "hostname '%s'",
++                                 ct->expected ? "match" : "no match",
++                                 result ? "match" : "no match",
++                                 pattern->data, hostname->data);
++
++    }
++
++  svn_pool_destroy(iterpool);
++
++  return SVN_NO_ERROR;
++}
++
++static struct cert_match_dns_test cert_match_dns_tests[] = {
++  { "foo.example.com", "foo.example.com", TRUE }, /* exact match */
++  { "foo.example.com", "FOO.EXAMPLE.COM", TRUE }, /* case differences */
++  { "FOO.EXAMPLE.COM", "foo.example.com", TRUE },
++  { "*.example.com", "FoO.ExAmPlE.CoM", TRUE },
++  { "*.ExAmPlE.CoM", "foo.example.com", TRUE },
++  { "ABCDEFGHIJKLMNOPQRSTUVWXYZ", "abcdefghijklmnopqrstuvwxyz", TRUE },
++  { "abcdefghijklmnopqrstuvwxyz", "ABCDEFGHIJKLMNOPQRSTUVWXYZ", TRUE },
++  { "foo.example.com", "bar.example.com", FALSE }, /* difference at start */
++  { "foo.example.com", "foo.example.net", FALSE }, /* difference at end */
++  { "foo.example.com", "foo.example.commercial", FALSE }, /* hostname longer */
++  { "foo.example.commercial", "foo.example.com", FALSE }, /* pattern longer */
++  { "foo.example.comcom", "foo.example.com", FALSE }, /* repeated suffix */
++  { "foo.example.com", "foo.example.comcom", FALSE },
++  { "foo.example.com.com", "foo.example.com", FALSE },
++  { "foo.example.com", "foo.example.com.com", FALSE },
++  { "foofoo.example.com", "foo.example.com", FALSE }, /* repeated prefix */
++  { "foo.example.com", "foofoo.example.com", FALSE },
++  { "foo.foo.example.com", "foo.example.com", FALSE },
++  { "foo.example.com", "foo.foo.example.com", FALSE },
++  { "foo.*.example.com", "foo.bar.example.com", FALSE }, /* RFC 6125 s. 6.4.3
++                                                            Rule 1 */
++  { "*.example.com", "foo.example.com", TRUE }, /* RFC 6125 s. 6.4.3 Rule 2 */
++  { "*.example.com", "bar.foo.example.com", FALSE }, /* Rule 2 */
++  { "*.example.com", "example.com", FALSE }, /* Rule 2 */
++  { "*.example.com", ".example.com", FALSE }, /* RFC doesn't say what to do
++                                                 here and a leading period on
++                                                 a hostname doesn't make sense
++                                                 so we'll just reject this. */
++  { "*", "foo.example.com", FALSE }, /* wildcard must be left-most label,
++                                        implies that there must be more than
++                                        one label. */
++  { "*", "example.com", FALSE },
++  { "*", "com", FALSE },
++  { "*.example.com", "foo.example.net", FALSE }, /* difference in literal text
++                                                    with a wildcard. */
++  { "*.com", "example.com", TRUE }, /* See Errata ID 3090 for RFC 6125,
++                                       probably shouldn't allow this but
++                                       we do for now. */
++  { "*.", "example.com", FALSE }, /* test some dubious 2 character wildcard
++                                     patterns */
++  { "*.", "example.", TRUE }, /* This one feels questionable */
++  { "*.", "example", FALSE },
++  { "*.", ".", FALSE },
++  { "a", "a", TRUE }, /* check that single letter exact matches work */
++  { "a", "b", FALSE }, /* and single letter not matches shouldn't */
++  { "*.*.com", "foo.example.com", FALSE }, /* unsupported wildcards */
++  { "*.*.com", "example.com", FALSE },
++  { "**.example.com", "foo.example.com", FALSE },
++  { "**.example.com", "example.com", FALSE },
++  { "f*.example.com", "foo.example.com", FALSE },
++  { "f*.example.com", "bar.example.com", FALSE },
++  { "*o.example.com", "foo.example.com", FALSE },
++  { "*o.example.com", "bar.example.com", FALSE },
++  { "f*o.example.com", "foo.example.com", FALSE },
++  { "f*o.example.com", "bar.example.com", FALSE },
++  { "foo.e*.com", "foo.example.com", FALSE },
++  { "foo.*e.com", "foo.example.com", FALSE },
++  { "foo.e*e.com", "foo.example.com", FALSE },
++  { "foo.example.com", "foo.example.com.", TRUE }, /* trailing dot */
++  { "*.example.com", "foo.example.com.", TRUE },
++  { "foo", "foo.", TRUE },
++  { "foo.example.com.", "foo.example.com", FALSE },
++  { "*.example.com.", "foo.example.com", FALSE },
++  { "foo.", "foo", FALSE },
++  { "foo.example.com", "foo.example.com..", FALSE },
++  { "*.example.com", "foo.example.com..", FALSE },
++  { "foo", "foo..", FALSE },
++  { "foo.example.com..", "foo.example.com", FALSE },
++  { "*.example.com..", "foo.example.com", FALSE },
++  { "foo..", "foo", FALSE },
++  { NULL }
++};
++
++static svn_error_t *
++test_cert_match_dns_identity(apr_pool_t *pool)
++{
++  return run_cert_match_dns_tests(cert_match_dns_tests, pool);
++}
++
++/* This test table implements results that should happen if we supported
++ * RFC 6125 s. 6.4.3 Rule 3.  We don't so it's expected to fail for now. */
++static struct cert_match_dns_test rule3_tests[] = {
++  { "baz*.example.net", "baz1.example.net", TRUE },
++  { "*baz.example.net", "foobaz.example.net", TRUE },
++  { "b*z.example.net", "buuz.example.net", TRUE },
++  { "b*z.example.net", "bz.example.net", FALSE }, /* presume wildcard can't
++                                                     match nothing */
++  { "baz*.example.net", "baz.example.net", FALSE },
++  { "*baz.example.net", "baz.example.net", FALSE },
++  { "b*z.example.net", "buuzuuz.example.net", TRUE }, /* presume wildcard
++                                                         should be greedy */
++  { NULL }
++};
++
++static svn_error_t *
++test_rule3(apr_pool_t *pool)
++{
++  return run_cert_match_dns_tests(rule3_tests, pool);
++}
++
+ 
+ /* The test table.  */
+ 
+@@ -2812,5 +2952,9 @@ struct svn_test_descriptor_t test_funcs[] =
+                    "test svn_fspath__dirname/basename/split"),
+     SVN_TEST_PASS2(test_fspath_get_longest_ancestor,
+                    "test svn_fspath__get_longest_ancestor"),
++    SVN_TEST_PASS2(test_cert_match_dns_identity,
++                   "test svn_cert__match_dns_identity"),
++    SVN_TEST_XFAIL2(test_rule3,
++                    "test match with RFC 6125 s. 6.4.3 Rule 3"),
+     SVN_TEST_NULL
+   };
diff --git a/meta/recipes-devtools/subversion/subversion/disable-revision-install.patch b/meta/recipes-devtools/subversion/subversion/disable-revision-install.patch
new file mode 100644
index 0000000000..66450fab9f
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/disable-revision-install.patch
@@ -0,0 +1,36 @@
+Upstream-Status: Inappropriate [embedded specific]
+
+Index: subversion-1.6.15/Makefile.in
+===================================================================
+--- subversion-1.6.15.orig/Makefile.in  2010-11-17 06:47:23.000000000 -0800
++++ subversion-1.6.15/Makefile.in       2011-01-31 10:11:07.358779686 -0800
+@@ -305,7 +305,7 @@
+ clean: external-clean local-clean
+ distclean: external-distclean local-distclean
+ extraclean: external-extraclean local-extraclean
+-install: external-install local-install revision-install
++install: external-install local-install #revision-install
+ 
+ @INCLUDE_OUTPUTS@
+ 
+@@ -363,13 +363,13 @@
+ local-install: @INSTALL_RULES@
+ 
+ ### HACK!! Find a better way to do this
+-revision-install:
+-       test -d $(DESTDIR)$(includedir)/subversion-1 || \
+-         $(MKDIR) $(DESTDIR)$(includedir)/subversion-1
+-       (subversion/svnversion/svnversion $(top_srcdir) ||  \
+-        svnversion $(top_srcdir) ||                        \
+-        echo "unknown";                                    \
+-       ) > $(DESTDIR)$(includedir)/subversion-1/svn-revision.txt
++#revision-install:
++#      test -d $(DESTDIR)$(includedir)/subversion-1 || \
++#        $(MKDIR) $(DESTDIR)$(includedir)/subversion-1
++#      (subversion/svnversion/svnversion $(top_srcdir) ||  \
++#       svnversion $(top_srcdir) ||                        \
++#       echo "unknown";                                    \
++#      ) > $(DESTDIR)$(includedir)/subversion-1/svn-revision.txt
+ 
+ install-static: @INSTALL_STATIC_RULES@
+ 
diff --git a/meta/recipes-devtools/subversion/subversion/fix-install-depends.patch b/meta/recipes-devtools/subversion/subversion/fix-install-depends.patch
new file mode 100644
index 0000000000..6f49ed4bf2
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/fix-install-depends.patch
@@ -0,0 +1,45 @@
+install-neon-lib should depend on libsvn_delta's installation
+
+install-neon-lib needs libsvn_delta-1.la which will be regenerated
+during libsvn_delta-1.la's installation, if libsvn_delta-1.la is
+in regenerating and at the same time install-neon-lib links it, the
+error willl happen.
+
+Let install-neon-lib run after libsvn_delta-1.la is installed will fix
+the problem.
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ build-outputs.mk |    2 +-
+ build.conf       |    2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/build-outputs.mk b/build-outputs.mk
+--- a/build-outputs.mk
++++ b/build-outputs.mk
+@@ -979,7 +979,7 @@ install-locale: subversion/po/de.mo subversion/po/es.mo subversion/po/fr.mo subv
+        $(MKDIR) $(DESTDIR)$(localedir)/zh_TW/LC_MESSAGES
+        cd subversion/po ; $(INSTALL_LOCALE) zh_TW.mo $(DESTDIR)$(localedir)/zh_TW/LC_MESSAGES/$(PACKAGE_NAME).mo
+ 
+-install-neon-lib: subversion/libsvn_ra_neon/libsvn_ra_neon-1.la
++install-neon-lib: subversion/libsvn_ra_neon/libsvn_ra_neon-1.la $(SVN_FS_LIB_INSTALL_DEPS)
+        $(MKDIR) $(DESTDIR)$(neon_libdir)
+        cd subversion/libsvn_ra_neon ; $(INSTALL_NEON_LIB) libsvn_ra_neon-1.la $(DESTDIR)$(neon_libdir)/libsvn_ra_neon-1.la
+ 
+diff --git a/build.conf b/build.conf
+--- a/build.conf
++++ b/build.conf
+@@ -272,6 +272,8 @@ type = ra-module
+ path = subversion/libsvn_ra_neon
+ install = neon-lib
+ libs = libsvn_delta libsvn_subr aprutil apriconv apr neon
++# conditionally add more dependencies
++add-install-deps = $(SVN_FS_LIB_INSTALL_DEPS)
+ msvc-static = yes
+ 
+ # Accessing repositories via DAV through serf
+-- 
+1.7.10.4
+
diff --git a/meta/recipes-devtools/subversion/subversion/libtool2.patch b/meta/recipes-devtools/subversion/subversion/libtool2.patch
new file mode 100644
index 0000000000..32f88b7987
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/libtool2.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Inappropriate [embedded specific]
+
+Index: subversion-1.5.5/configure.ac
+===================================================================
+--- subversion-1.5.5.orig/configure.ac  2008-08-26 18:27:56.000000000 +0100
++++ subversion-1.5.5/configure.ac       2009-01-07 18:00:47.000000000 +0000
+@@ -153,8 +153,8 @@
+   LIBTOOL="$sh_libtool"
+   SVN_LIBTOOL="$sh_libtool"
+ else
+-  sh_libtool="$abs_builddir/libtool"
+-  SVN_LIBTOOL="\$(SHELL) $sh_libtool"
++  sh_libtool="$abs_builddir/$host_alias-libtool"
++  SVN_LIBTOOL="\$(SHELL) \$(abs_builddir)/$host_alias-libtool"
+   dnl libtoolize requires that the following line not be indented
+ ifdef([LT_INIT], [LT_INIT], [AC_PROG_LIBTOOL])
+ fi
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1845.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1845.patch
new file mode 100644
index 0000000000..29aeea5017
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1845.patch
@@ -0,0 +1,171 @@
+Upstream-Status: Backport
+
+Index: subversion/mod_dav_svn/dav_svn.h
+===================================================================
+--- a/subversion/mod_dav_svn/dav_svn.h  (revision 1461956)
++++ b/subversion/mod_dav_svn/dav_svn.h  (working copy)
+@@ -254,6 +254,9 @@ struct dav_resource_private {
+      interface (ie: /path/to/item?p=PEGREV]? */
+   svn_boolean_t pegged;
+ 
++  /* Cache any revprop change error */
++  svn_error_t *revprop_error;
++
+   /* Pool to allocate temporary data from */
+   apr_pool_t *pool;
+ };
+Index: subversion/mod_dav_svn/deadprops.c
+===================================================================
+--- a/subversion/mod_dav_svn/deadprops.c        (revision 1461956)
++++ b/subversion/mod_dav_svn/deadprops.c        (working copy)
+@@ -49,8 +49,7 @@ struct dav_db {
+ 
+ 
+ struct dav_deadprop_rollback {
+-  dav_prop_name name;
+-  svn_string_t value;
++  int dummy;
+ };
+ 
+ 
+@@ -134,6 +133,7 @@ save_value(dav_db *db, const dav_prop_name *name,
+ {
+   const char *propname;
+   svn_error_t *serr;
++  apr_pool_t *subpool;
+ 
+   /* get the repos-local name */
+   get_repos_propname(db, name, &propname);
+@@ -151,10 +151,14 @@ save_value(dav_db *db, const dav_prop_name *name,
+     }
+ 
+   /* Working Baseline or Working (Version) Resource */
++
++  /* A subpool to cope with mod_dav making multiple calls, e.g. during
++     PROPPATCH with multiple values. */
++  subpool = svn_pool_create(db->resource->pool);
+   if (db->resource->baselined)
+     if (db->resource->working)
+       serr = svn_repos_fs_change_txn_prop(db->resource->info->root.txn,
+-                                          propname, value, db->resource->pool);
++                                          propname, value, subpool);
+     else
+       {
+         /* ### VIOLATING deltaV: you can't proppatch a baseline, it's
+@@ -168,19 +172,29 @@ save_value(dav_db *db, const dav_prop_name *name,
+            propname, value, TRUE, TRUE,
+            db->authz_read_func,
+            db->authz_read_baton,
+-           db->resource->pool);
++           subpool);
+ 
++        /* mod_dav doesn't handle the returned error very well, it
++           generates its own generic error that will be returned to
++           the client.  Cache the detailed error here so that it can
++           be returned a second time when the rollback mechanism
++           triggers. */
++        if (serr)
++          db->resource->info->revprop_error = svn_error_dup(serr);
++
+         /* Tell the logging subsystem about the revprop change. */
+         dav_svn__operational_log(db->resource->info,
+                                  svn_log__change_rev_prop(
+                                               db->resource->info->root.rev,
+                                               propname,
+-                                              db->resource->pool));
++                                              subpool));
+       }
+   else
+     serr = svn_repos_fs_change_node_prop(db->resource->info->root.root,
+                                          get_repos_path(db->resource->info),
+-                                         propname, value, db->resource->pool);
++                                         propname, value, subpool);
++  svn_pool_destroy(subpool);
++
+   if (serr != NULL)
+     return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR,
+                                 NULL,
+@@ -395,6 +409,7 @@ db_remove(dav_db *db, const dav_prop_name *name)
+ {
+   svn_error_t *serr;
+   const char *propname;
++  apr_pool_t *subpool;
+ 
+   /* get the repos-local name */
+   get_repos_propname(db, name, &propname);
+@@ -403,6 +418,10 @@ db_remove(dav_db *db, const dav_prop_name *name)
+   if (propname == NULL)
+     return NULL;
+ 
++  /* A subpool to cope with mod_dav making multiple calls, e.g. during
++     PROPPATCH with multiple values. */
++  subpool = svn_pool_create(db->resource->pool);
++
+   /* Working Baseline or Working (Version) Resource */
+   if (db->resource->baselined)
+     if (db->resource->working)
+@@ -419,11 +438,12 @@ db_remove(dav_db *db, const dav_prop_name *name)
+                                            propname, NULL, TRUE, TRUE,
+                                            db->authz_read_func,
+                                            db->authz_read_baton,
+-                                           db->resource->pool);
++                                           subpool);
+   else
+     serr = svn_repos_fs_change_node_prop(db->resource->info->root.root,
+                                          get_repos_path(db->resource->info),
+-                                         propname, NULL, db->resource->pool);
++                                         propname, NULL, subpool);
++  svn_pool_destroy(subpool);
+   if (serr != NULL)
+     return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR,
+                                 "could not remove a property",
+@@ -598,19 +618,14 @@ db_get_rollback(dav_db *db,
+                 const dav_prop_name *name,
+                 dav_deadprop_rollback **prollback)
+ {
+-  dav_error *err;
+-  dav_deadprop_rollback *ddp;
+-  svn_string_t *propval;
++  /* This gets called by mod_dav in preparation for a revprop change.
++     mod_dav_svn doesn't need to make any changes during rollback, but
++     we want the rollback mechanism to trigger.  Making changes in
++     response to post-revprop-change hook errors would be positively
++     wrong. */
+ 
+-  if ((err = get_value(db, name, &propval)) != NULL)
+-    return err;
++  *prollback = apr_palloc(db->p, sizeof(dav_deadprop_rollback));
+ 
+-  ddp = apr_palloc(db->p, sizeof(*ddp));
+-  ddp->name = *name;
+-  ddp->value.data = propval ? propval->data : NULL;
+-  ddp->value.len = propval ? propval->len : 0;
+-
+-  *prollback = ddp;
+   return NULL;
+ }
+ 
+@@ -618,12 +633,20 @@ db_get_rollback(dav_db *db,
+ static dav_error *
+ db_apply_rollback(dav_db *db, dav_deadprop_rollback *rollback)
+ {
+-  if (rollback->value.data == NULL)
+-    {
+-      return db_remove(db, &rollback->name);
+-    }
++  dav_error *derr;
+ 
+-  return save_value(db, &rollback->name, &rollback->value);
++  if (! db->resource->info->revprop_error)
++    return NULL;
++  
++  /* Returning the original revprop change error here will cause this
++     detailed error to get returned to the client in preference to the
++     more generic error created by mod_dav. */
++  derr = dav_svn__convert_err(db->resource->info->revprop_error,
++                              HTTP_INTERNAL_SERVER_ERROR, NULL,
++                              db->resource->pool);
++  db->resource->info->revprop_error = NULL;
++
++  return derr;
+ }
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch
new file mode 100644
index 0000000000..f49b9a43a6
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch
@@ -0,0 +1,53 @@
+Upstream-Status: Backport
+
+Index: subversion/mod_dav_svn/lock.c
+===================================================================
+--- a/subversion/mod_dav_svn/lock.c     (revision 1459696)
++++ b/subversion/mod_dav_svn/lock.c     (working copy)
+@@ -634,7 +634,20 @@ append_locks(dav_lockdb *lockdb,
+   svn_lock_t *slock;
+   svn_error_t *serr;
+   dav_error *derr;
++  dav_svn_repos *repos = resource->info->repos;
++      
++  /* We don't allow anonymous locks */
++  if (! repos->username)
++    return dav_new_error(resource->pool, HTTP_UNAUTHORIZED,
++                         DAV_ERR_LOCK_SAVE_LOCK,
++                         "Anonymous lock creation is not allowed.");
+ 
++  /* Not a path in the repository so can't lock it. */
++  if (! resource->info->repos_path)
++    return dav_new_error(resource->pool, HTTP_BAD_REQUEST,
++                         DAV_ERR_LOCK_SAVE_LOCK,
++                         "Attempted to lock path not in repository.");
++
+   /* If the resource's fs path is unreadable, we don't allow a lock to
+      be created on it. */
+   if (! dav_svn__allow_read_resource(resource, SVN_INVALID_REVNUM,
+@@ -657,7 +670,6 @@ append_locks(dav_lockdb *lockdb,
+       svn_fs_txn_t *txn;
+       svn_fs_root_t *txn_root;
+       const char *conflict_msg;
+-      dav_svn_repos *repos = resource->info->repos;
+       apr_hash_t *revprop_table = apr_hash_make(resource->pool);
+       apr_hash_set(revprop_table, SVN_PROP_REVISION_AUTHOR,
+                    APR_HASH_KEY_STRING, svn_string_create(repos->username,
+@@ -734,7 +746,7 @@ append_locks(dav_lockdb *lockdb,
+ 
+   /* Convert the dav_lock into an svn_lock_t. */
+   derr = dav_lock_to_svn_lock(&slock, lock, resource->info->repos_path,
+-                              info, resource->info->repos->is_svn_client,
++                              info, repos->is_svn_client,
+                               resource->pool);
+   if (derr)
+     return derr;
+@@ -741,7 +753,7 @@ append_locks(dav_lockdb *lockdb,
+ 
+   /* Now use the svn_lock_t to actually perform the lock. */
+   serr = svn_repos_fs_lock(&slock,
+-                           resource->info->repos->repos,
++                           repos->repos,
+                            slock->path,
+                            slock->token,
+                            slock->comment,
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
new file mode 100644
index 0000000000..734f9b02e4
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch
@@ -0,0 +1,25 @@
+Upstream-Status: Backport
+
+--- a/subversion/mod_dav_svn/liveprops.c
++++ b/subversion/mod_dav_svn/liveprops.c
+@@ -410,7 +410,8 @@ insert_prop(const dav_resource *resource
+         svn_filesize_t len = 0;
+ 
+         /* our property, but not defined on collection resources */
+-        if (resource->collection || resource->baselined)
++        if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
++            || resource->collection || resource->baselined)
+           return DAV_PROP_INSERT_NOTSUPP;
+ 
+         serr = svn_fs_file_length(&len, resource->info->root.root,
+@@ -434,7 +435,9 @@ insert_prop(const dav_resource *resource
+         svn_string_t *pval;
+         const char *mime_type = NULL;
+ 
+-        if (resource->baselined && resource->type == DAV_RESOURCE_TYPE_VERSION)
++        if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY
++            || (resource->baselined
++                && resource->type == DAV_RESOURCE_TYPE_VERSION))
+           return DAV_PROP_INSERT_NOTSUPP;
+ 
+         if (resource->type == DAV_RESOURCE_TYPE_PRIVATE
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4277.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4277.patch
new file mode 100644
index 0000000000..21b8ef0c3b
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4277.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport
+
+--- a/subversion/svnserve/main.c
++++ b/subversion/svnserve/main.c
+@@ -403,8 +403,9 @@ static svn_error_t *write_pid_file(const
+   const char *contents = apr_psprintf(pool, "%" APR_PID_T_FMT "\n",
+                                              getpid());
+ 
++  SVN_ERR(svn_io_remove_file(filename, pool));
+   SVN_ERR(svn_io_file_open(&file, filename,
+-                           APR_WRITE | APR_CREATE | APR_TRUNCATE,
++                           APR_WRITE | APR_CREATE | APR_EXCL,
+                            APR_OS_DEFAULT, pool));
+   SVN_ERR(svn_io_file_write_full(file, contents, strlen(contents), NULL,
+                                  pool));
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch
new file mode 100644
index 0000000000..7d73a6b2f3
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch
@@ -0,0 +1,127 @@
+Upstream-Status: Backport
+
+--- ./contrib/server-side/mod_dontdothat/mod_dontdothat.c.old   2014-04-15 10:18:54.692655905 +0800
++++ ./contrib/server-side/mod_dontdothat/mod_dontdothat.c       2014-04-15 10:29:55.559603676 +0800
+@@ -25,12 +25,15 @@
+ #include <util_filter.h>
+ #include <ap_config.h>
+ #include <apr_strings.h>
++#include <apr_uri.h>
+ 
+ #include <expat.h>
+ 
+ #include "mod_dav_svn.h"
+ #include "svn_string.h"
+ #include "svn_config.h"
++#include "svn_path.h"
++#include "private/svn_fspath.h"
+ 
+ module AP_MODULE_DECLARE_DATA dontdothat_module;
+ 
+@@ -156,26 +159,71 @@ matches(const char *wc, const char *p)
+     }
+ }
+ 
++/* duplicate of dav_svn__log_err() from mod_dav_svn/util.c */
++static void
++log_dav_err(request_rec *r,
++            dav_error *err,
++            int level)
++{
++    dav_error *errscan;
++
++    /* Log the errors */
++    /* ### should have a directive to log the first or all */
++    for (errscan = err; errscan != NULL; errscan = errscan->prev) {
++        apr_status_t status;
++
++        if (errscan->desc == NULL)
++            continue;
++
++#if AP_MODULE_MAGIC_AT_LEAST(20091119,0)
++        status = errscan->aprerr;
++#else
++        status = errscan->save_errno;
++#endif
++
++        ap_log_rerror(APLOG_MARK, level, status, r,
++                      "%s  [%d, #%d]",
++                      errscan->desc, errscan->status, errscan->error_id);
++    }
++}
++
+ static svn_boolean_t
+ is_this_legal(dontdothat_filter_ctx *ctx, const char *uri)
+ {
+   const char *relative_path;
+   const char *cleaned_uri;
+   const char *repos_name;
++  const char *uri_path;
+   int trailing_slash;
+   dav_error *derr;
+ 
+-  /* Ok, so we need to skip past the scheme, host, etc. */
+-  uri = ap_strstr_c(uri, "://");
+-  if (uri)
+-    uri = ap_strchr_c(uri + 3, '/');
++  /* uri can be an absolute uri or just a path, we only want the path to match
++   * against */
++  if (uri && svn_path_is_url(uri))
++    {
++      apr_uri_t parsed_uri;
++      apr_status_t rv = apr_uri_parse(ctx->r->pool, uri, &parsed_uri);
++      if (APR_SUCCESS != rv)
++        {
++          /* Error parsing the URI, log and reject request. */
++          ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, ctx->r,
++                        "mod_dontdothat: blocked request after failing "
++                        "to parse uri: '%s'", uri);
++          return FALSE;
++        }
++      uri_path = parsed_uri.path;
++    }
++  else
++    {
++      uri_path = uri;
++    }
+ 
+-  if (uri)
++  if (uri_path)
+     {
+       const char *repos_path;
+ 
+       derr = dav_svn_split_uri(ctx->r,
+-                               uri,
++                               uri_path,
+                                ctx->cfg->base_path,
+                                &cleaned_uri,
+                                &trailing_slash,
+@@ -189,7 +237,7 @@ is_this_legal(dontdothat_filter_ctx *ctx
+           if (! repos_path)
+             repos_path = "";
+ 
+-          repos_path = apr_psprintf(ctx->r->pool, "/%s", repos_path);
++          repos_path = svn_fspath__canonicalize(repos_path, ctx->r->pool);
+ 
+           /* First check the special cases that are always legal... */
+           for (idx = 0; idx < ctx->allow_recursive_ops->nelts; ++idx)
+@@ -223,6 +271,19 @@ is_this_legal(dontdothat_filter_ctx *ctx
+                 }
+             }
+         }
++      else
++        {
++          log_dav_err(ctx->r, derr, APLOG_ERR);
++          return FALSE;
++        }
++
++    }
++  else
++    {
++      ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r,
++                    "mod_dontdothat: empty uri passed to is_this_legal(), "
++                    "module bug?");
++      return FALSE;
+     }
+ 
+   return TRUE;
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3522.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3522.patch
new file mode 100644
index 0000000000..03d5b9710f
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3522.patch
@@ -0,0 +1,439 @@
+Upstream-Status: Backport
+
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+
+diff --git a/subversion/libsvn_ra_serf/util.c.old b/subversion/libsvn_ra_serf/util.c
+index b6c0141..8b09770 100644
+--- a/subversion/libsvn_ra_serf/util.c.old
++++ b/subversion/libsvn_ra_serf/util.c
+@@ -21,7 +21,6 @@
+ #define APR_WANT_STRFUNC
+ #include <apr.h>
+ #include <apr_want.h>
+-#include <apr_fnmatch.h>
+ 
+ #include <serf.h>
+ #include <serf_bucket_types.h>
+@@ -30,6 +29,7 @@
+ #include "svn_private_config.h"
+ #include "svn_xml.h"
+ #include "private/svn_dep_compat.h"
++#include "private/svn_cert.h"
+ 
+ #include "ra_serf.h"
+ 
+@@ -113,7 +113,12 @@ ssl_server_cert(void *baton, int failures,
+   apr_uint32_t svn_failures;
+   svn_error_t *err;
+   apr_hash_t *issuer, *subject, *serf_cert;
++  apr_array_header_t *san;
+   void *creds;
++  svn_boolean_t found_matching_hostname = FALSE;
++  svn_boolean_t found_san_entry = FALSE;
++  svn_string_t *actual_hostname =
++      svn_string_create(conn->hostname, scratch_pool);
+ 
+   /* Implicitly approve any non-server certs. */
+   if (serf_ssl_cert_depth(cert) > 0)
+@@ -129,6 +134,7 @@ ssl_server_cert(void *baton, int failures,
+   serf_cert = serf_ssl_cert_certificate(cert, subpool);
+ 
+   cert_info.hostname = apr_hash_get(subject, "CN", APR_HASH_KEY_STRING);
++  san = apr_hash_get(serf_cert, "subjectAltName", APR_HASH_KEY_STRING);
+   cert_info.fingerprint = apr_hash_get(serf_cert, "sha1", APR_HASH_KEY_STRING);
+   if (! cert_info.fingerprint)
+     cert_info.fingerprint = apr_pstrdup(subpool, "<unknown>");
+@@ -145,16 +145,43 @@ ssl_server_cert(void *baton, int failures,
+ 
+   svn_failures = ssl_convert_serf_failures(failures);
+ 
+-  /* Match server certificate CN with the hostname of the server */
+-  if (cert_info.hostname)
++  /* Try to find matching server name via subjectAltName first... */
++  if (san)
+     {
+-      if (apr_fnmatch(cert_info.hostname, conn->hostinfo,
+-                      APR_FNM_PERIOD) == APR_FNM_NOMATCH)
++      int i;
++      found_san_entry = san->nelts > 0;
++      for (i = 0; i < san->nelts; i++)
+         {
+-          svn_failures |= SVN_AUTH_SSL_CNMISMATCH;
++          char *s = APR_ARRAY_IDX(san, i, char*);
++          svn_string_t *cert_hostname = svn_string_create(s, scratch_pool);
++
++          if (svn_cert__match_dns_identity(cert_hostname, actual_hostname))
++             {
++              found_matching_hostname = TRUE;
++              cert_info.hostname = s;
++              break;
++            }
+         }
+     }
+ 
++  /* Match server certificate CN with the hostname of the server iff
++   * we didn't find any subjectAltName fields and try to match them.
++   * Per RFC 2818 they are authoritative if present and CommonName
++   * should be ignored. */
++  if (!found_matching_hostname && !found_san_entry && cert_info.hostname)
++    {
++      svn_string_t *cert_hostname = svn_string_create(cert_info.hostname,
++                                                      scratch_pool);
++
++      if (svn_cert__match_dns_identity(cert_hostname, actual_hostname))
++        {
++          found_matching_hostname = TRUE;
++        }
++    }
++
++  if (!found_matching_hostname)
++    svn_failures |= SVN_AUTH_SSL_CNMISMATCH;
++
+   svn_auth_set_parameter(conn->session->wc_callbacks->auth_baton,
+                          SVN_AUTH_PARAM_SSL_SERVER_FAILURES,
+                          &svn_failures);
+@@ -261,6 +293,10 @@ svn_ra_serf__conn_setup(apr_socket_t *sock,
+       if (!conn->ssl_context)
+         {
+           conn->ssl_context = serf_bucket_ssl_encrypt_context_get(rb);
++
++#if SERF_VERSION_AT_LEAST(1,0,0)
++          serf_ssl_set_hostname(conn->ssl_context, conn->hostinfo);
++#endif
+   
+           serf_ssl_client_cert_provider_set(conn->ssl_context,
+                                             svn_ra_serf__handle_client_cert,
+diff --git a/subversion/libsvn_subr/dirent_uri.c.old b/subversion/libsvn_subr/dirent_uri.c
+index eef99ba..a5f9e7e 100644
+--- a/subversion/libsvn_subr/dirent_uri.c.old
++++ b/subversion/libsvn_subr/dirent_uri.c
+@@ -30,6 +30,7 @@
+ #include "svn_path.h"
+ 
+ #include "private_uri.h"
++#include "private/svn_cert.h"
+ 
+ /* The canonical empty path.  Can this be changed?  Well, change the empty
+    test below and the path library will work, not so sure about the fs/wc
+@@ -1194,3 +1195,81 @@ svn_uri_is_canonical(const char *uri, apr_pool_t *pool)
+ 
+   return TRUE;
+ }
++
++
++/* -------------- The cert API (see private/svn_cert.h) ------------- */
++
++svn_boolean_t
++svn_cert__match_dns_identity(svn_string_t *pattern, svn_string_t *hostname)
++{
++  apr_size_t pattern_pos = 0, hostname_pos = 0;
++
++  /* support leading wildcards that composed of the only character in the
++   * left-most label. */
++  if (pattern->len >= 2 &&
++      pattern->data[pattern_pos] == '*' &&
++      pattern->data[pattern_pos + 1] == '.')
++    {
++      while (hostname_pos < hostname->len &&
++             hostname->data[hostname_pos] != '.')
++        {
++          hostname_pos++;
++        }
++      /* Assume that the wildcard must match something.  Rule 2 says
++       * that *.example.com should not match example.com.  If the wildcard
++       * ends up not matching anything then it matches .example.com which
++       * seems to be essentially the same as just example.com */
++      if (hostname_pos == 0)
++        return FALSE;
++
++      pattern_pos++;
++    }
++
++  while (pattern_pos < pattern->len && hostname_pos < hostname->len)
++    {
++      char pattern_c = pattern->data[pattern_pos];
++      char hostname_c = hostname->data[hostname_pos];
++
++      /* fold case as described in RFC 4343.
++       * Note: We actually convert to lowercase, since our URI
++       * canonicalization code converts to lowercase and generally
++       * most certs are issued with lowercase DNS names, meaning
++       * this avoids the fold operation in most cases.  The RFC
++       * suggests the opposite transformation, but doesn't require
++       * any specific implementation in any case.  It is critical
++       * that this folding be locale independent so you can't use
++       * tolower(). */
++      pattern_c = canonicalize_to_lower(pattern_c);
++      hostname_c = canonicalize_to_lower(hostname_c);
++
++      if (pattern_c != hostname_c)
++        {
++          /* doesn't match */
++          return FALSE;
++        }
++      else
++        {
++          /* characters match so skip both */
++          pattern_pos++;
++          hostname_pos++;
++        }
++    }
++
++  /* ignore a trailing period on the hostname since this has no effect on the
++   * security of the matching.  See the following for the long explanation as
++   * to why:
++   * https://bugzilla.mozilla.org/show_bug.cgi?id=134402#c28
++   */
++  if (pattern_pos == pattern->len &&
++      hostname_pos == hostname->len - 1 &&
++      hostname->data[hostname_pos] == '.')
++    hostname_pos++;
++
++  if (pattern_pos != pattern->len || hostname_pos != hostname->len)
++    {
++      /* end didn't match */
++      return FALSE;
++    }
++
++  return TRUE;
++}
+diff --git a/subversion/tests/libsvn_subr/dirent_uri-test.c.old b/subversion/tests/libsvn_subr/dirent_uri-test.c
+index d71d9c1..370b64a 100644
+--- a/subversion/tests/libsvn_subr/dirent_uri-test.c.old
++++ b/subversion/tests/libsvn_subr/dirent_uri-test.c
+@@ -31,6 +31,7 @@
+ 
+ #include "svn_pools.h"
+ #include "svn_dirent_uri.h"
++#include "private/svn_cert.h"
+ 
+ #include "../svn_test.h"
+ #include "../../libsvn_subr/private_uri.h"
+@@ -1671,6 +1672,145 @@ test_uri_internal_style(const char **msg,
+   return SVN_NO_ERROR;
+ }
+ 
++struct cert_match_dns_test {
++  const char *pattern;
++  const char *hostname;
++  svn_boolean_t expected;
++};
++
++static svn_error_t *
++run_cert_match_dns_tests(struct cert_match_dns_test *tests, apr_pool_t *pool)
++{
++  struct cert_match_dns_test *ct;
++  apr_pool_t *iterpool = svn_pool_create(pool);
++
++  for (ct = tests; ct->pattern; ct++)
++    {
++      svn_boolean_t result;
++      svn_string_t *pattern, *hostname;
++
++      svn_pool_clear(iterpool);
++
++      pattern = svn_string_create(ct->pattern, iterpool);
++      hostname = svn_string_create(ct->hostname, iterpool);
++
++      result = svn_cert__match_dns_identity(pattern, hostname);
++      if (result != ct->expected)
++        return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
++                                 "Expected %s but got %s for pattern '%s' on "
++                                 "hostname '%s'",
++                                 ct->expected ? "match" : "no match",
++                                 result ? "match" : "no match",
++                                 pattern->data, hostname->data);
++
++    }
++
++  svn_pool_destroy(iterpool);
++
++  return SVN_NO_ERROR;
++}
++
++static struct cert_match_dns_test cert_match_dns_tests[] = {
++  { "foo.example.com", "foo.example.com", TRUE }, /* exact match */
++  { "foo.example.com", "FOO.EXAMPLE.COM", TRUE }, /* case differences */
++  { "FOO.EXAMPLE.COM", "foo.example.com", TRUE },
++  { "*.example.com", "FoO.ExAmPlE.CoM", TRUE },
++  { "*.ExAmPlE.CoM", "foo.example.com", TRUE },
++  { "ABCDEFGHIJKLMNOPQRSTUVWXYZ", "abcdefghijklmnopqrstuvwxyz", TRUE },
++  { "abcdefghijklmnopqrstuvwxyz", "ABCDEFGHIJKLMNOPQRSTUVWXYZ", TRUE },
++  { "foo.example.com", "bar.example.com", FALSE }, /* difference at start */
++  { "foo.example.com", "foo.example.net", FALSE }, /* difference at end */
++  { "foo.example.com", "foo.example.commercial", FALSE }, /* hostname longer */
++  { "foo.example.commercial", "foo.example.com", FALSE }, /* pattern longer */
++  { "foo.example.comcom", "foo.example.com", FALSE }, /* repeated suffix */
++  { "foo.example.com", "foo.example.comcom", FALSE },
++  { "foo.example.com.com", "foo.example.com", FALSE },
++  { "foo.example.com", "foo.example.com.com", FALSE },
++  { "foofoo.example.com", "foo.example.com", FALSE }, /* repeated prefix */
++  { "foo.example.com", "foofoo.example.com", FALSE },
++  { "foo.foo.example.com", "foo.example.com", FALSE },
++  { "foo.example.com", "foo.foo.example.com", FALSE },
++  { "foo.*.example.com", "foo.bar.example.com", FALSE }, /* RFC 6125 s. 6.4.3
++                                                            Rule 1 */
++  { "*.example.com", "foo.example.com", TRUE }, /* RFC 6125 s. 6.4.3 Rule 2 */
++  { "*.example.com", "bar.foo.example.com", FALSE }, /* Rule 2 */
++  { "*.example.com", "example.com", FALSE }, /* Rule 2 */
++  { "*.example.com", ".example.com", FALSE }, /* RFC doesn't say what to do
++                                                 here and a leading period on
++                                                 a hostname doesn't make sense
++                                                 so we'll just reject this. */
++  { "*", "foo.example.com", FALSE }, /* wildcard must be left-most label,
++                                        implies that there must be more than
++                                        one label. */
++  { "*", "example.com", FALSE },
++  { "*", "com", FALSE },
++  { "*.example.com", "foo.example.net", FALSE }, /* difference in literal text
++                                                    with a wildcard. */
++  { "*.com", "example.com", TRUE }, /* See Errata ID 3090 for RFC 6125,
++                                       probably shouldn't allow this but
++                                       we do for now. */
++  { "*.", "example.com", FALSE }, /* test some dubious 2 character wildcard
++                                     patterns */
++  { "*.", "example.", TRUE }, /* This one feels questionable */
++  { "*.", "example", FALSE },
++  { "*.", ".", FALSE },
++  { "a", "a", TRUE }, /* check that single letter exact matches work */
++  { "a", "b", FALSE }, /* and single letter not matches shouldn't */
++  { "*.*.com", "foo.example.com", FALSE }, /* unsupported wildcards */
++  { "*.*.com", "example.com", FALSE },
++  { "**.example.com", "foo.example.com", FALSE },
++  { "**.example.com", "example.com", FALSE },
++  { "f*.example.com", "foo.example.com", FALSE },
++  { "f*.example.com", "bar.example.com", FALSE },
++  { "*o.example.com", "foo.example.com", FALSE },
++  { "*o.example.com", "bar.example.com", FALSE },
++  { "f*o.example.com", "foo.example.com", FALSE },
++  { "f*o.example.com", "bar.example.com", FALSE },
++  { "foo.e*.com", "foo.example.com", FALSE },
++  { "foo.*e.com", "foo.example.com", FALSE },
++  { "foo.e*e.com", "foo.example.com", FALSE },
++  { "foo.example.com", "foo.example.com.", TRUE }, /* trailing dot */
++  { "*.example.com", "foo.example.com.", TRUE },
++  { "foo", "foo.", TRUE },
++  { "foo.example.com.", "foo.example.com", FALSE },
++  { "*.example.com.", "foo.example.com", FALSE },
++  { "foo.", "foo", FALSE },
++  { "foo.example.com", "foo.example.com..", FALSE },
++  { "*.example.com", "foo.example.com..", FALSE },
++  { "foo", "foo..", FALSE },
++  { "foo.example.com..", "foo.example.com", FALSE },
++  { "*.example.com..", "foo.example.com", FALSE },
++  { "foo..", "foo", FALSE },
++  { NULL }
++};
++
++static svn_error_t *
++test_cert_match_dns_identity(apr_pool_t *pool)
++{
++  return run_cert_match_dns_tests(cert_match_dns_tests, pool);
++}
++
++/* This test table implements results that should happen if we supported
++ * RFC 6125 s. 6.4.3 Rule 3.  We don't so it's expected to fail for now. */
++static struct cert_match_dns_test rule3_tests[] = {
++  { "baz*.example.net", "baz1.example.net", TRUE },
++  { "*baz.example.net", "foobaz.example.net", TRUE },
++  { "b*z.example.net", "buuz.example.net", TRUE },
++  { "b*z.example.net", "bz.example.net", FALSE }, /* presume wildcard can't
++                                                     match nothing */
++  { "baz*.example.net", "baz.example.net", FALSE },
++  { "*baz.example.net", "baz.example.net", FALSE },
++  { "b*z.example.net", "buuzuuz.example.net", TRUE }, /* presume wildcard
++                                                         should be greedy */
++  { NULL }
++};
++
++static svn_error_t *
++test_rule3(apr_pool_t *pool)
++{
++  return run_cert_match_dns_tests(rule3_tests, pool);
++}
++
+ 
+ /* The test table.  */
+ 
+@@ -1699,5 +1839,7 @@ struct svn_test_descriptor_t test_funcs[] =
+     SVN_TEST_PASS(test_uri_local_style),
+     SVN_TEST_PASS(test_dirent_internal_style),
+     SVN_TEST_PASS(test_uri_internal_style),
++    SVN_TEST_PASS(test_cert_match_dns_identity),
++    SVN_TEST_XFAIL(test_rule3),
+     SVN_TEST_NULL
+   };
+diff --git a/subversion/include/private/svn_cert.h b/subversion/include/private/svn_cert.h
+new file mode 100644
+index 0000000..32e32a0
+--- /dev/null
++++ b/subversion/include/private/svn_cert.h
+@@ -0,0 +1,68 @@
++/**
++ * @copyright
++ * ====================================================================
++ *    Licensed to the Apache Software Foundation (ASF) under one
++ *    or more contributor license agreements.  See the NOTICE file
++ *    distributed with this work for additional information
++ *    regarding copyright ownership.  The ASF licenses this file
++ *    to you under the Apache License, Version 2.0 (the
++ *    "License"); you may not use this file except in compliance
++ *    with the License.  You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ *    Unless required by applicable law or agreed to in writing,
++ *    software distributed under the License is distributed on an
++ *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
++ *    KIND, either express or implied.  See the License for the
++ *    specific language governing permissions and limitations
++ *    under the License.
++ * ====================================================================
++ * @endcopyright
++ *
++ * @file svn_cert.h
++ * @brief Implementation of certificate validation functions
++ */
++
++#ifndef SVN_CERT_H
++#define SVN_CERT_H
++
++#include <apr.h>
++
++#include "svn_types.h"
++#include "svn_string.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++
++/* Return TRUE iff @a pattern matches @a hostname as defined
++ * by the matching rules of RFC 6125.  In the context of RFC
++ * 6125 the pattern is the domain name portion of the presented
++ * identifier (which comes from the Common Name or a DNSName
++ * portion of the subjectAltName of an X.509 certificate) and
++ * the hostname is the source domain (i.e. the host portion
++ * of the URI the user entered).
++ *
++ * @note With respect to wildcards we only support matching
++ * wildcards in the left-most label and as the only character
++ * in the left-most label (i.e. we support RFC 6125 § 6.4.3
++ * Rule 1 and 2 but not the optional Rule 3).  This may change
++ * in the future.
++ *
++ * @note Subversion does not at current support internationalized
++ * domain names.  Both values are presumed to be in NR-LDH label
++ * or A-label form (see RFC 5890 for the definition).
++ *
++ * @since New in 1.9.
++ */
++svn_boolean_t
++svn_cert__match_dns_identity(svn_string_t *pattern, svn_string_t *hostname);
++
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* SVN_CERT_H */
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
new file mode 100644
index 0000000000..23e738e985
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
@@ -0,0 +1,29 @@
+Upstream-Status: Backport
+
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+
+diff --git a/subversion/libsvn_subr/config_auth.c.old b/subversion/libsvn_subr/config_auth.c
+index ff50270..c511d04 100644
+--- a/subversion/libsvn_subr/config_auth.c.old
++++ b/subversion/libsvn_subr/config_auth.c
+@@ -85,6 +85,7 @@ svn_config_read_auth_data(apr_hash_t **hash,
+   if (kind == svn_node_file)
+     {
+       svn_stream_t *stream;
++      svn_string_t *stored_realm;
+ 
+       SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
+                 _("Unable to open auth file for reading"));
+@@ -95,6 +96,12 @@ svn_config_read_auth_data(apr_hash_t **hash,
+                 apr_psprintf(pool, _("Error parsing '%s'"),
+                              svn_path_local_style(auth_path, pool)));
+ 
++      stored_realm = apr_hash_get(*hash, SVN_CONFIG_REALMSTRING_KEY,
++                                  APR_HASH_KEY_STRING);
++
++      if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0)
++        *hash = NULL; /* Hash collision, or somebody tampering with storage */
++
+       SVN_ERR(svn_stream_close(stream));
+     }
+ 
diff --git a/meta/recipes-devtools/subversion/subversion_1.6.15.bb b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
new file mode 100644
index 0000000000..b135bb7a3f
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion_1.6.15.bb
@@ -0,0 +1,48 @@
+SUMMARY = "Subversion (svn) version control system client"
+SECTION = "console/network"
+DEPENDS = "apr-util neon sqlite3"
+RDEPENDS_${PN} = "neon"
+LICENSE = "Apache-2"
+HOMEPAGE = "http://subversion.tigris.org"
+
+BBCLASSEXTEND = "native"
+
+PR = "r3"
+
+SRC_URI = "http://subversion.tigris.org/downloads/${BPN}-${PV}.tar.bz2 \
+           file://disable-revision-install.patch \
+           file://libtool2.patch \
+           file://fix-install-depends.patch \
+           file://subversion-CVE-2013-1849.patch \
+           file://subversion-CVE-2013-4505.patch \
+           file://subversion-CVE-2013-1845.patch \
+           file://subversion-CVE-2013-1847-CVE-2013-1846.patch \
+           file://subversion-CVE-2013-4277.patch \
+           file://subversion-CVE-2014-3522.patch \
+           file://subversion-CVE-2014-3528.patch \
+"
+
+SRC_URI[md5sum] = "113fca1d9e4aa389d7dc2b210010fa69"
+SRC_URI[sha256sum] = "b2919d603a5f3c19f42e3265c4b930e2376c43b3969b90ef9c42b2f72d5aaa45"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=2a69fef414e2cb907b4544298569300b"
+
+PACKAGECONFIG[sasl] = "--with-sasl,--without-sasl,cyrus-sasl"
+
+EXTRA_OECONF = " \
+                --without-berkeley-db --without-apxs --without-apache \
+                --without-swig --with-apr=${STAGING_BINDIR_CROSS} \
+                --with-apr-util=${STAGING_BINDIR_CROSS} \
+                ac_cv_path_RUBY=none"
+
+inherit autotools
+
+export LDFLAGS += " -L${STAGING_LIBDIR} "
+
+acpaths = "-I build/ -I build/ac-macros/"
+
+do_configure_prepend () {
+        rm -f ${S}/libtool
+        rm -f ${S}/build/libtool.m4
+        sed -i -e 's:with_sasl="/usr/local":with_sasl="${STAGING_DIR}":' ${S}/build/ac-macros/sasl.m4
+}
diff --git a/meta/recipes-devtools/subversion/subversion_1.8.9.bb b/meta/recipes-devtools/subversion/subversion_1.8.9.bb
new file mode 100644
index 0000000000..1ef59a0c00
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion_1.8.9.bb
@@ -0,0 +1,51 @@
+SUMMARY = "Subversion (svn) version control system client"
+SECTION = "console/network"
+DEPENDS = "apr-util serf sqlite3 file"
+RDEPENDS_${PN} = "serf"
+LICENSE = "Apache-2"
+HOMEPAGE = "http://subversion.tigris.org"
+
+BBCLASSEXTEND = "native"
+
+inherit gettext
+
+SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
+           file://libtool2.patch \
+           file://disable_macos.patch \
+           file://subversion-CVE-2014-3522.patch;striplevel=0 \
+           file://subversion-CVE-2014-3528.patch \
+"
+SRC_URI[md5sum] = "bd495517a760ddd764ce449a891971db"
+SRC_URI[sha256sum] = "45d708a5c3ffbef4b2a1044c4716a053e680763743d1f7ba99d0369f6da49e33"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1c2f0119e478700b5428e26386cff923"
+
+PACKAGECONFIG[sasl] = "--with-sasl,--without-sasl,cyrus-sasl"
+PACKAGECONFIG[gnome-keyring] = "--with-gnome-keyring,--without-gnome-keyring,glib-2.0 gnome-keyring"
+
+EXTRA_OECONF = " \
+                --without-berkeley-db --without-apxs \
+                --without-swig --with-apr=${STAGING_BINDIR_CROSS} \
+                --with-apr-util=${STAGING_BINDIR_CROSS} \
+                --disable-keychain \
+                ac_cv_path_RUBY=none"
+
+inherit autotools
+
+export LDFLAGS += " -L${STAGING_LIBDIR} "
+
+acpaths = "-I build/ -I build/ac-macros/"
+
+do_configure_prepend () {
+        rm -f ${S}/libtool
+        rm -f ${S}/build/libtool.m4 ${S}/build/ltmain.sh ${S}/build/ltoptions.m4 ${S}/build/ltsugar.m4 ${S}/build/ltversion.m4 ${S}/build/lt~obsolete.m4
+        rm -f ${S}/aclocal.m4
+        sed -i -e 's:with_sasl="/usr/local":with_sasl="${STAGING_DIR}":' ${S}/build/ac-macros/sasl.m4
+}
+
+#| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_ra_local/libsvn_ra_local-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_repos/libsvn_repos-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'| /usr/bin/ld: cannot find -lsvn_delta-1| collect2: ld returned 1 exit status| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_ra_svn/libsvn_ra_svn-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'| x86_64-linux-libtool: install: warning: `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/build/subversion/libsvn_ra_serf/libsvn_ra_serf-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'
+#| x86_64-linux-libtool: install: error: relink `libsvn_ra_serf-1.la' with the above command before installing it
+#| x86_64-linux-libtool: install: warning: `../../subversion/libsvn_repos/libsvn_repos-1.la' has not been installed in `/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/sysroots/x86_64-linux/usr/lib'
+#| /home/pokybuild/yocto-autobuilder/yocto-worker/nightly-qa-logrotate/build/build/tmp/work/x86_64-linux/subversion-native/1.8.9-r0/subversion-1.8.9/build-outputs.mk:1090: recipe for target 'install-serf-lib' failed
+#| make: *** [install-serf-lib] Error 1
+PARALLEL_MAKEINST = ""