summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/subversion/subversion-1.8.13
Commit message (Collapse)AuthorAgeFilesLines
* subversion: fix CVE-2015-3187Wenzong Fan2015-12-081-0/+346
| | | | | | | | | | | | | | | | | | | | The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Patch is from: http://subversion.apache.org/security/CVE-2015-3187-advisory.txt (From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2) (From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix CVE-2015-3184Wenzong Fan2015-12-081-0/+2094
| | | | | | | | | | | | | | | | | | | | mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Patch is from: http://subversion.apache.org/security/CVE-2015-3184-advisory.txt (From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63) (From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion_1.8.13.bb: Upstream-Status updated to AcceptedJose Lamego2015-07-201-1/+5
| | | | | | | | | | | Upstream-Status changed to Accepted due to [1] [1] http://svn.apache.org/viewvc/subversion/trunk/build/ac-macros/serf.m4?r1=1594156&r2=1689824 (From OE-Core rev: 7785c496df839bd811cb33aef4b54158e81aa2c5) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion_1.8.13.bb: Regex modified to allow '-D' in pathsJose Lamego2015-07-081-0/+28
| | | | | | | | | | | | | | Modified the regex sed in serf.m4 to allow the use of '-D' characters in project folder names without having compilation error from subversion-native. [YOCTO #7874] (From OE-Core rev: 04554b128c358e3c10f6581fd4506764a65240b8) Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: upgrade it from 1.8.11 to 1.8.13Roy Li2015-04-282-0/+83
upgrade to fix two CVE defects: CVE-2015-0248 and CVE-2015-0251 (From OE-Core rev: cb00b9e0330970b5c768aae9ddd4703a7172acbe) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-25 12:34:15 +0000