| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
1.8.10 uses an MD5 hash of the URL and authentication realm to store
cached credentials, which makes it easier for remote servers to obtain
the credentials via a crafted authentication realm.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528
(From OE-Core rev: e0dc0432b13f38d16f642bdadf8ebc78b7a74806)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18
and 1.8.x before 1.8.10 does not properly handle wildcards in the Common
Name (CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof servers via a crafted
certificate.<a href=http://cwe.mitre.org/data/definitions/297.html
target=_blank>CWE-297: Improper Validation of Certificate with Host
Mismatch</a>
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3522
(From OE-Core rev: 06a33cd00ea11abec1ebe9d5883e44778075ccc6)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
The Makefile generation for subversion is horrible, I can't figure out
where the dependencies are missing, it looks like they might be missing
everywhere. Give up and disable parallel make install.
(From OE-Core rev: f5569d30b98418b201766ad07b177aac5fae4a41)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: 1838153de3a68ac391bdec139446e496ad093763)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Dropped neon patches as neon support was dropped.
Dropped CVE patches as applied in later version
Added patch to avoid OS-X check which doesn't cross compile
Add PACKAGECONFIG for gnome-keyring
Addition to license:
For the file subversion/libsvn_subr/utf_width.c
* Markus Kuhn -- 2007-05-26 (Unicode 5.0)
*
* Permission to use, copy, modify, and distribute this software
* for any purpose and without fee is hereby granted. The author
* disclaims all warranties with regard to this software.
(From OE-Core rev: 99c3225cfe39f8de89555df5bd3f1e93cd731269)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|