linux/poky.git - Mirror of git.yoctoproject.org/poky

	Commit message (Collapse)	Author	Age	Files	Lines
*	subversion: fix CVE-2015-3187	Wenzong Fan	2015-12-08	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Patch is from: http://subversion.apache.org/security/CVE-2015-3187-advisory.txt (From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2) (From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
*	subversion: fix CVE-2015-3184	Wenzong Fan	2015-12-08	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Patch is from: http://subversion.apache.org/security/CVE-2015-3184-advisory.txt (From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63) (From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
*	subversion: add explicit dependency on file-replacement-native for native builds	Ross Burton	2015-10-27	1	-0/+1
\| \| \| \|	Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
*	subversion_1.8.13.bb: Regex modified to allow '-D' in paths	Jose Lamego	2015-07-08	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Modified the regex sed in serf.m4 to allow the use of '-D' characters in project folder names without having compilation error from subversion-native. [YOCTO #7874] (From OE-Core rev: 04554b128c358e3c10f6581fd4506764a65240b8) Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
*	subversion: Fix subversion-native on Fedora22	Richard Purdie	2015-06-27	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \|	Similarly to: http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=9b19d6548a345009a6de79a6820c07a72054d961 we also need to fix the subversion-native case with gcc5 by using the same fix to the BUILD_CPPFLAGS. (From OE-Core rev: a5e7a1e597e7bbe3bbc547f43a89d00a8a9a9924) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
*	subversion: upgrade it from 1.8.11 to 1.8.13	Roy Li	2015-04-28	1	-0/+50
	upgrade to fix two CVE defects: CVE-2015-0248 and CVE-2015-0251 (From OE-Core rev: cb00b9e0330970b5c768aae9ddd4703a7172acbe) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>