<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-devtools/subversion/subversion-1.7.10, branch 2.6_M3</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=2.6_M3</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=2.6_M3'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2014-07-17T11:28:50+00:00</updated>
<entry>
<title>subversion: Upgrade 1.7.7 -&gt; 1.8.9</title>
<updated>2014-07-17T11:28:50+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2014-07-16T12:31:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=76f75e91ce1ad51a2c669d2b4d2fbddf1a113428'/>
<id>urn:sha1:76f75e91ce1ad51a2c669d2b4d2fbddf1a113428</id>
<content type='text'>
Dropped neon patches as neon support was dropped.
Dropped CVE patches as applied in later version
Added patch to avoid OS-X check which doesn't cross compile
Add PACKAGECONFIG for gnome-keyring

Addition to license:

For the file subversion/libsvn_subr/utf_width.c
* Markus Kuhn -- 2007-05-26 (Unicode 5.0)
*
* Permission to use, copy, modify, and distribute this software
* for any purpose and without fee is hereby granted. The author
* disclaims all warranties with regard to this software.

(From OE-Core rev: 99c3225cfe39f8de89555df5bd3f1e93cd731269)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>subversion: fix for Security Advisory CVE-2013-4277</title>
<updated>2014-05-21T08:09:00+00:00</updated>
<author>
<name>Yue Tao</name>
<email>Yue.Tao@windriver.com</email>
</author>
<published>2014-05-08T10:16:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=09f471bfd03952c617233431d7735f91a6e7f3cf'/>
<id>urn:sha1:09f471bfd03952c617233431d7735f91a6e7f3cf</id>
<content type='text'>
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277

(From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e)

Signed-off-by: Yue Tao &lt;Yue.Tao@windriver.com&gt;
Signed-off-by: Roy Li &lt;rongqing.li@windriver.com&gt;
Signed-off-by: Saul Wold &lt;sgw@linux.intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>subversion: fix for Security Advisory CVE-2013-4131</title>
<updated>2014-05-21T08:09:00+00:00</updated>
<author>
<name>Yue Tao</name>
<email>Yue.Tao@windriver.com</email>
</author>
<published>2014-04-15T07:57:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=722ff438b355afc04f82e0aca47f9082d2d3d7df'/>
<id>urn:sha1:722ff438b355afc04f82e0aca47f9082d2d3d7df</id>
<content type='text'>
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
root.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131

(From OE-Core rev: ce41ed3ca5b6ef06c02c5ca65f285e5ee8c04e7f)

Signed-off-by: Yue Tao &lt;Yue.Tao@windriver.com&gt;
Signed-off-by: Roy Li &lt;rongqing.li@windriver.com&gt;
Signed-off-by: Saul Wold &lt;sgw@linux.intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>subversion: fix for Security Advisory CVE-2013-4505</title>
<updated>2014-05-21T08:09:00+00:00</updated>
<author>
<name>Yue Tao</name>
<email>Yue.Tao@windriver.com</email>
</author>
<published>2014-04-15T02:49:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e8d6c874a72a14e1b0850bef104caceb7fb7d0ad'/>
<id>urn:sha1:e8d6c874a72a14e1b0850bef104caceb7fb7d0ad</id>
<content type='text'>
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505

(From OE-Core rev: 02314673619f44e5838ddb65bbe22f9342ee6167)

Signed-off-by: Yue Tao &lt;Yue.Tao@windriver.com&gt;
Signed-off-by: Roy Li &lt;rongqing.li@windriver.com&gt;
Signed-off-by: Saul Wold &lt;sgw@linux.intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>subversion: fix build problem when sysroot contains '-D' or '-I'</title>
<updated>2013-12-03T17:45:53+00:00</updated>
<author>
<name>Chen Qi</name>
<email>Qi.Chen@windriver.com</email>
</author>
<published>2013-11-16T03:19:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=3c94bfe8c57a3a9a1fefd5a36c64fb6071175e48'/>
<id>urn:sha1:3c94bfe8c57a3a9a1fefd5a36c64fb6071175e48</id>
<content type='text'>
If sysroot contains '-D' or '-I' characters, the SVN_NEON_INCLUDES and
the corresponding CFLAGS will not get the correct value.

This will cause build failures.

This patch fixes the above problem.

[YOCTO #5458]

(From OE-Core rev: 7078397ef39de43244fca7e24683b2a83913cbbf)

Signed-off-by: Chen Qi &lt;Qi.Chen@windriver.com&gt;
Signed-off-by: Saul Wold &lt;sgw@linux.intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>subversion: Add patch to use neon 0.30</title>
<updated>2013-08-07T06:43:47+00:00</updated>
<author>
<name>Saul Wold</name>
<email>sgw@linux.intel.com</email>
</author>
<published>2013-08-06T20:55:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=f63e7f4323368c0d6fe7a1d44393a7e15652d4f2'/>
<id>urn:sha1:f63e7f4323368c0d6fe7a1d44393a7e15652d4f2</id>
<content type='text'>
The neon update is not recognized but subversion, so we need to patch the configure.ac
to know about 0.30, otherwise we don't have http/https support in subversion.

(From OE-Core rev: 291ab168fac15eae0e4c9234e16f394b0e1547a0)

Signed-off-by: Saul Wold &lt;sgw@linux.intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>subversion: upgraded to 1.7.10</title>
<updated>2013-06-07T15:48:24+00:00</updated>
<author>
<name>Bogdan Marinescu</name>
<email>bogdan.a.marinescu@intel.com</email>
</author>
<published>2013-06-03T11:53:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=2ee07173a6885328de68d1e0a09b5cf95c8d273e'/>
<id>urn:sha1:2ee07173a6885328de68d1e0a09b5cf95c8d273e</id>
<content type='text'>
(From OE-Core rev: 6866fd80ec59ef1e2d24263827237be8ff21584f)

Signed-off-by: Bogdan Marinescu &lt;bogdan.a.marinescu@intel.com&gt;
Signed-off-by: Saul Wold &lt;sgw@linux.intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
