summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/subversion
Commit message (Collapse)AuthorAgeFilesLines
* subversion: extend for nativesdkJens Rehsack2020-07-221-1/+1
| | | | | | | | | | | | | | | For SDK environments where people still use subversion, let it easily being added to buildtools-tarball to invite more developers relying on Yocto based SDKs without much requirement to setup anything on the development workplace. (From OE-Core rev: 795781db8a82c9268fcabc93dd54cb6b07cbe9c8) Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 586a15b76f879f49c5224116cbf506b7ccf96cd2) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: move pkgconfig files in to libdirJeremy A. Puhlman2020-02-151-0/+2
| | | | | | | | | | All of the .pc files contain the path to ${libdir} which fails in a multilib rpm image. (From OE-Core rev: c96c56476fe9025884c7ea96f15f41694a6908fe) Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: upgrade 1.12.2 -> 1.13.0Richard Purdie2019-12-301-2/+2
| | | | | | (From OE-Core rev: 0a8b7ade93eba51adbfc5fbc8ed33118c66cf35c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Upgrade 1.12.0 -> 1.12.2Adrian Bunk2019-08-282-110/+2
| | | | | | | | | Remove backported patch. (From OE-Core rev: 947828b8e9c4f332533d1d6bd0750ff018d51295) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: add packageconfig boostKai Kang2019-07-271-0/+1
| | | | | | | | | | | | | | | | | subversion checks whether build with boost during do_configure. If boost exists on build machine, it causes configure-unsafe QA issue: | ERROR: subversion-1.12.0-r0 do_configure: QA Issue: This autoconf log | indicates errors, it looked at host include and/or library paths | while determining system capabilities. | Rerun configure task after fixing this. [configure-unsafe] Add a PACKAGECONFIG 'boost' to fix the issue. (From OE-Core rev: 237478724be75a4efeebafe07b46a353894ee4ca) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: set CVE vendor to ApacheRoss Burton2019-07-181-0/+2
| | | | | | | | | There's a Jenkins plugin for Subversion. (From OE-Core rev: ac115c3b5f1dcb95fb7d39537693fe0dcd330451) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: upgrade 1.11.1 -> 1.12.0Hongxu Jia2019-05-124-33/+153
| | | | | | | | | | | | | | | | | | | - Backport a patch to fix build failure while APR 1.7.0 ... checking for apr_int64_t Python/C API format string... configure: error: failed to recognize APR_INT64_T_FMT on this platform ... - Rebase disable_macos.patch and serfmacro.patch License-update: no change, declare two new added file * in build/ac-macros/ax_boost_base.m4 * in build/ac-macros/ax_boost_unit_test_framework.m4 (From OE-Core rev: 68ae5e624642218e7e01805c096da09098a8706f) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: drop lost patchRuslan Bilovol2019-01-271-32/+0
| | | | | | | | | | | | | Commit 5bb47984af79 "subversion: 1.9.7 -> 1.10.0" dropped serf.m4-Regex-modified-to-allow-D-in-paths.patch from recipe, but left the patch itself in source tree. Remove this patch since nobody uses it. Cc: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core rev: 803d834780cb9380e19209f2bb93953ac3cb6165) Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Upgrade 1.11.0 -> 1.11.1Richard Purdie2019-01-181-2/+2
| | | | | | (From OE-Core rev: 5d7c41d82a7f0ae26fe0fed5e05507d22c1ec3ab) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: upgrade 1.10.0 -> 1.11.0Richard Purdie2018-11-191-2/+2
| | | | | | (From OE-Core rev: e06afc5cc6d848e63e1dd66425612c6a486a5a6c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Update HOMEPAGERichard Purdie2018-06-211-1/+1
| | | | | | (From OE-Core rev: 5da1b9c29afc249d5ff7e9514bf996227dc28c7a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: 1.9.7 -> 1.10.0Richard Purdie2018-06-211-6/+6
| | | | | | | | | | | | | | | | | | License changed since licenses for the bundled linenoise and lz4 codebases were added. We don't build either of them. Add MIT since utf8proc is MIT licensed. Configure to use the internal utf8proc codebase since we have no copy of that in OE-Core, nor any need to add one. Add a dependency on lz4 which is now required rather than using the internal codebase within subversion. Drop a patch merged upstream. (From OE-Core rev: 5bb47984af79fe2e8c3ba5bc6895741131f03bcd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: misc recipe cleanupAndre McCurdy2018-05-111-17/+20
| | | | | | | | | | | | | - Add default value for PACKAGECONFIG - Combine "inherit autotools" with "inherit pkgconfig gettext" - Drop historical addition of -L${STAGING_LIBDIR} to LDFLAGS - Re-order variables according to OE styleguide (From OE-Core rev: 10cb7bccc2452375b363ba82bf1be2ee0cb0e8e2) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: upgrade 1.9.6 -> 1.9.7Richard Purdie2018-01-182-139/+2
| | | | | | (From OE-Core rev: d3973d787c8af417b6f4d433c3a8a60b5333778e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix CVE-2017-9800Wenzong Fan2017-09-112-0/+137
| | | | | | | | | | | | | | | | | | | | | | | | A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server(to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. Backport patch from: http://svn.apache.org/viewvc?view=revision&amp;sortby=rev&amp;revision=1804691 Reference: http://subversion.apache.org/security/CVE-2017-9800-advisory.txt (From OE-Core rev: 6e1f8001a0f3c26cce9c692d25987a3c47ff2f74) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: inherit pkgconfig, so that serf can be foundAlexander Kanavin2017-08-301-1/+1
| | | | | | | (From OE-Core rev: 079b765c6ce7032fa2ad429d80090d7531f174a9) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Upgrade 1.9.5-> 1.9.6Richard Purdie2017-07-211-2/+2
| | | | | | (From OE-Core rev: 5212d88104b7a53d4bd8bf2320aca9455099ac80) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "subversion: fix "svnadmin create" fail on x86"Dengke Du2016-12-222-57/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit cfe6f3e251240c9d9a70354be0501600357f0b87. This is because the apr configure wrong, when the apr configure meets the cross compiling, it pass 8 bytes to "off_t", in apr source code configure.in, it was hardcoded: APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8) The macro "APR_CHECK_SIZEOF_EXTENDED" was defined in build/apr_common.m4, it use the "AC_TRY_RUN" macro, this macro let the off_t to 8, when cross compiling enable. But in glibc on the x86 or multilib target the "off_t" was 4 bytes, so this cases dismatch for softwares which use the apr.h, such as subversion, run this: svnadmin create test It failed because the "APR_OFF_T_FMT" was "lld" in apr.h when apr configure, but the "apr_off_t" was 4 bytes, in the apr source code: apr_snprintf.c i_quad = va_arg(ap, apr_int64_t); When the function apr_vformatter meets "lld", it would use the above to parse, but the above read 8 bytes, so the follow-up data go to wrong. So we should configure the apr correct when cross compiling. I do this on the following patchs. (From OE-Core rev: fbdfb39c011676fe61a4d58b62226126e0e9ec62) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Upgrade 1.9.4 -> 1.9.5Richard Purdie2016-12-171-2/+2
| | | | | | | | (From OE-Core rev: 4cfb7e9342978e77b0167441360330e66b9931cb) (From OE-Core rev: 3f11325f7b7f3d0d1c0829f5f46e65814cf00de3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Fix issues in LDFLAGS sed manipulationRichard Purdie2016-12-082-0/+23
| | | | | | | | | | | | | The existing sed expression can match expressions like --sysroot=/some/path/xxx-linux/ which clearly isn't intended and injects incorrect paths into LDFLAGS. Fix this in the same way we address the problem in CFLAGS. This fixes corrupt build paths and incorrect paths in .la files amongst other issues. (From OE-Core rev: 9a8382422ddbb0972dc25b752204f4908bb9857c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix "svnadmin create" fail on x86Dengke Du2016-11-062-0/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When run the following command on x86: svnadmin create /var/test_repo It cause segmentation fault error like the following: [16499.751837] svnadmin[21117]: segfault at 83 ip 00000000f74bf7f6 sp 00000000ffdd9b34 error 4 in libc-2.24.so[f7441000+1af000] Segmentation fault (core dumped) This is because in source code ./subversion/libsvn_fs_fs/low_level.c, function svn_fs_fs__unparse_footer, when: target arch: x86 apr_off_t: 4 bytes if the "APR_OFF_T_FMT" is "lld", it still use type "apr_off_t" to pass data to apr, but in apr source code file apr_snprintf.c the function apr_vformatter meet "lld", it would use the: i_quad = va_arg(ap, apr_int64_t); It uses the apr_int64_t to deal data, it read 8 bytes, so the follow-up data may be error. (From OE-Core rev: 7ea7e3db7801b58495b89a95ec2751d618d3a29f) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: 1.9.3 -> 1.9.4Robert Yang2016-08-251-2/+3
| | | | | | | | (From OE-Core rev: 8620d13f8cf18be13429b0015d11e4efefe75b20) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: remove unnecessary python dependencyAlexander Kanavin2016-06-011-1/+1
| | | | | | | | | It would be useful if swig was enabled, but it isn't. (From OE-Core rev: 54cbeb2975e2ea386386fce077146935afa0f719) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Upgrade 1.9.2 -> 1.9.3Richard Purdie2016-01-151-2/+2
| | | | | | (From OE-Core rev: 7423386923a37bca21aef99eea8dddf572d51a13) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: update to 1.9.2Alexander Kanavin2015-12-127-2469/+41
| | | | | | | | | | | | | Drop backported CVE fix patches libtool2.patch has been rebased and renamed to 0001-Fix-libtool-name-in-configure.ac.patch LICENSE checksum has been updated because more 3rd party attributions have been added to it, it's otherwise still Apache 2. (From OE-Core rev: b57f57ea092f93bd7e1268b04c7d3c4af2149a77) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix CVE-2015-3187Wenzong Fan2015-12-012-0/+347
| | | | | | | | | | | | | | | | The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Patch is from: http://subversion.apache.org/security/CVE-2015-3187-advisory.txt (From OE-Core rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix CVE-2015-3184Wenzong Fan2015-12-012-0/+2095
| | | | | | | | | | | | | | | | mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Patch is from: http://subversion.apache.org/security/CVE-2015-3184-advisory.txt (From OE-Core rev: 29eb921ed074d86fa8d5b205a313eb3177473a63) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: add explicit dependency on file-replacement-native for native buildsRoss Burton2015-10-271-0/+1
| | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion_1.8.13.bb: Upstream-Status updated to AcceptedJose Lamego2015-07-201-1/+5
| | | | | | | | | | | Upstream-Status changed to Accepted due to [1] [1] http://svn.apache.org/viewvc/subversion/trunk/build/ac-macros/serf.m4?r1=1594156&r2=1689824 (From OE-Core rev: 7785c496df839bd811cb33aef4b54158e81aa2c5) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion_1.8.13.bb: Regex modified to allow '-D' in pathsJose Lamego2015-07-082-0/+29
| | | | | | | | | | | | | | Modified the regex sed in serf.m4 to allow the use of '-D' characters in project folder names without having compilation error from subversion-native. [YOCTO #7874] (From OE-Core rev: 04554b128c358e3c10f6581fd4506764a65240b8) Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Fix subversion-native on Fedora22Richard Purdie2015-06-271-0/+1
| | | | | | | | | | | | Similarly to: http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=9b19d6548a345009a6de79a6820c07a72054d961 we also need to fix the subversion-native case with gcc5 by using the same fix to the BUILD_CPPFLAGS. (From OE-Core rev: a5e7a1e597e7bbe3bbc547f43a89d00a8a9a9924) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: remove 1.6.X recipesRoy Li2015-04-3011-1005/+0
| | | | | | | | | | | Removing the 1.6.X recipes, since there is a new version 1.8.X recipes, and hope that all projects already upgraded their premirror caches to use new format (From OE-Core rev: 65c4dcbefbe118eb1b04335d7d6171236a1315c2) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: upgrade it from 1.8.11 to 1.8.13Roy Li2015-04-283-2/+2
| | | | | | | | | upgrade to fix two CVE defects: CVE-2015-0248 and CVE-2015-0251 (From OE-Core rev: cb00b9e0330970b5c768aae9ddd4703a7172acbe) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Add -P to CPPFLAGSKhem Raj2015-04-271-1/+2
| | | | | | | | | | | | | | | | | | | | | | see https://gcc.gnu.org/gcc-5/porting_to.html we need to stop the preprocessor from generating the #line directives or we run into issues like | checking for apr_int64_t Python/C API format string... | configure: error: failed to recognize APR_INT64_T_FMT on this platform | Configure failed. The contents of all config.log files follows to aid debugging | ERROR: oe_runconf failed Rightly subversion should be fixed but lets leave that to subversion folks Change-Id: I02a89798ff949f79967ab0a73adcddaa4218662d (From OE-Core rev: 7793b1c425077ed6ed11a9bc2a8b1b96612b1c96) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: 1.8.10 -> 1.8.11Richard Purdie2015-02-153-2/+2
| | | | | | (From OE-Core rev: 6218b590e02afc346b473e62ee4e4624b677cacf) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion 1.6.15: fix unknown-configure-optionRobert Yang2015-02-081-1/+1
| | | | | | | | | WARNING: QA Issue: subversion: configure was passed unrecognised options: --without-apache [unknown-configure-option] (From OE-Core rev: 49ad2ba8c2ffe57300b37e6bd0d9d25eb30a5449) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: 1.8.9 -> 1.8.10Richard Purdie2014-11-064-448/+2
| | | | | | (From OE-Core rev: aa3aa6fff5b5e5b36b76665846e8b7f0408f7e81) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Security Advisory - subversion - CVE-2014-3528Yue Tao2014-11-043-0/+31
| | | | | | | | | | | | | | | | Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528 (From OE-Core rev: e0dc0432b13f38d16f642bdadf8ebc78b7a74806) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Security Advisory - subversion - CVE-2014-3522Yue Tao2014-11-044-1/+887
| | | | | | | | | | | | | | | | | | | The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.<a href=http://cwe.mitre.org/data/definitions/297.html target=_blank>CWE-297: Improper Validation of Certificate with Host Mismatch</a> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3522 (From OE-Core rev: 06a33cd00ea11abec1ebe9d5883e44778075ccc6) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Disable make install parallelismRichard Purdie2014-07-191-0/+7
| | | | | | | | | | The Makefile generation for subversion is horrible, I can't figure out where the dependencies are missing, it looks like they might be missing everywhere. Give up and disable parallel make install. (From OE-Core rev: f5569d30b98418b201766ad07b177aac5fae4a41) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: neon support was dropped, switch to serfRichard Purdie2014-07-171-2/+2
| | | | | | (From OE-Core rev: 1838153de3a68ac391bdec139446e496ad093763) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: Upgrade 1.7.7 -> 1.8.9Richard Purdie2014-07-179-296/+74
| | | | | | | | | | | | | | | | | | | | Dropped neon patches as neon support was dropped. Dropped CVE patches as applied in later version Added patch to avoid OS-X check which doesn't cross compile Add PACKAGECONFIG for gnome-keyring Addition to license: For the file subversion/libsvn_subr/utf_width.c * Markus Kuhn -- 2007-05-26 (Unicode 5.0) * * Permission to use, copy, modify, and distribute this software * for any purpose and without fee is hereby granted. The author * disclaims all warranties with regard to this software. (From OE-Core rev: 99c3225cfe39f8de89555df5bd3f1e93cd731269) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-4277Yue Tao2014-05-214-1/+33
| | | | | | | | | | | | | | | | Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277 (From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846Yue Tao2014-05-212-1/+55
| | | | | | | | | | | | | | | | | | | | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847 (From OE-Core rev: 3962b76185194fa56be7f1689204a1188ea44737) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-1845Yue Tao2014-05-212-1/+173
| | | | | | | | | | | | | | | | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845 (From OE-Core rev: 432666b84b80f8b0d13672aa94855369f577c56d) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-4131Yue Tao2014-05-212-0/+43
| | | | | | | | | | | | | | | | | The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131 (From OE-Core rev: ce41ed3ca5b6ef06c02c5ca65f285e5ee8c04e7f) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-4505Yue Tao2014-05-214-1/+259
| | | | | | | | | | | | | | | | The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505 (From OE-Core rev: 02314673619f44e5838ddb65bbe22f9342ee6167) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-1849Yue Tao2014-05-212-0/+26
| | | | | | | | | | | | Reject operations on getcontentlength and getcontenttype properties if the resource is an activity. (From OE-Core rev: 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Replace one-line DESCRIPTION with SUMMARYPaul Eggleton2014-01-022-2/+2
| | | | | | | | | | | | | | A lot of our recipes had short one-line DESCRIPTION values and no SUMMARY value set. In this case it's much better to just set SUMMARY since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY is at least useful. I also took the opportunity to fix up a lot of the new SUMMARY values, making them concisely explain the function of the recipe / package where possible. (From OE-Core rev: b8feee3cf21f70ba4ec3b822d2f596d4fc02a292) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix build problem when sysroot contains '-D' or '-I'Chen Qi2013-12-032-0/+33
| | | | | | | | | | | | | | | | | If sysroot contains '-D' or '-I' characters, the SVN_NEON_INCLUDES and the corresponding CFLAGS will not get the correct value. This will cause build failures. This patch fixes the above problem. [YOCTO #5458] (From OE-Core rev: 7078397ef39de43244fca7e24683b2a83913cbbf) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>