openembedded-core.git/meta/recipes-devtools/subversion, branch daisy Mirror of openembedded-core subversion: fix for Security Advisory CVE-2013-4277 2014-05-29T12:42:11+00:00 Yue Tao Yue.Tao@windriver.com 2014-05-08T10:16:24+00:00 0517d47172c68097e30a5063cd09c1da6158c71d Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277 (From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277

(From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846 2014-05-29T12:42:11+00:00 Yue Tao Yue.Tao@windriver.com 2014-04-15T07:22:17+00:00 8d52c071e66ff02a9f5ea9d4a60f3e06905b01db The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847 (From OE-Core rev: 3962b76185194fa56be7f1689204a1188ea44737) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847

(From OE-Core rev: 3962b76185194fa56be7f1689204a1188ea44737)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: fix for Security Advisory CVE-2013-1845 2014-05-29T12:42:11+00:00 Yue Tao Yue.Tao@windriver.com 2014-04-15T05:21:25+00:00 890cbced4c2bc45db3b5ec493d5f390f2de70bc2 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845 (From OE-Core rev: 432666b84b80f8b0d13672aa94855369f577c56d) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845

(From OE-Core rev: 432666b84b80f8b0d13672aa94855369f577c56d)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: fix for Security Advisory CVE-2013-4131 2014-05-29T12:42:11+00:00 Yue Tao Yue.Tao@windriver.com 2014-04-15T07:57:31+00:00 0cb67304f5b124d21468fcbc2928c7cb1f37c5f6 The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131 (From OE-Core rev: ce41ed3ca5b6ef06c02c5ca65f285e5ee8c04e7f) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
root.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131

(From OE-Core rev: ce41ed3ca5b6ef06c02c5ca65f285e5ee8c04e7f)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: fix for Security Advisory CVE-2013-4505 2014-05-29T12:42:11+00:00 Yue Tao Yue.Tao@windriver.com 2014-04-15T02:49:03+00:00 d245459306939aef078a89e671ec093e3d6321cd The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505 (From OE-Core rev: 02314673619f44e5838ddb65bbe22f9342ee6167) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505

(From OE-Core rev: 02314673619f44e5838ddb65bbe22f9342ee6167)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: fix for Security Advisory CVE-2013-1849 2014-05-29T12:42:11+00:00 Yue Tao Yue.Tao@windriver.com 2014-04-04T05:35:31+00:00 4a67bb2a27c1c32b2a912b603e1c543db9e1810e Reject operations on getcontentlength and getcontenttype properties if the resource is an activity. (From OE-Core rev: 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Reject operations on getcontentlength and getcontenttype properties
if the resource is an activity.

(From OE-Core rev: 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Replace one-line DESCRIPTION with SUMMARY 2014-01-02T12:47:33+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2013-12-19T15:13:01+00:00 b8feee3cf21f70ba4ec3b822d2f596d4fc02a292 A lot of our recipes had short one-line DESCRIPTION values and no SUMMARY value set. In this case it's much better to just set SUMMARY since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY is at least useful. I also took the opportunity to fix up a lot of the new SUMMARY values, making them concisely explain the function of the recipe / package where possible. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
A lot of our recipes had short one-line DESCRIPTION values and no
SUMMARY value set. In this case it's much better to just set SUMMARY
since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY
is at least useful. I also took the opportunity to fix up a lot of the
new SUMMARY values, making them concisely explain the function of the
recipe / package where possible.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
subversion: fix build problem when sysroot contains '-D' or '-I' 2013-12-03T17:10:25+00:00 Chen Qi Qi.Chen@windriver.com 2013-11-16T03:19:55+00:00 7078397ef39de43244fca7e24683b2a83913cbbf If sysroot contains '-D' or '-I' characters, the SVN_NEON_INCLUDES and the corresponding CFLAGS will not get the correct value. This will cause build failures. This patch fixes the above problem. [YOCTO #5458] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
If sysroot contains '-D' or '-I' characters, the SVN_NEON_INCLUDES and
the corresponding CFLAGS will not get the correct value.

This will cause build failures.

This patch fixes the above problem.

[YOCTO #5458]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: Add dependency on file for libmagic 2013-10-06T08:49:51+00:00 Martin Jansa martin.jansa@gmail.com 2013-10-05T12:23:10+00:00 7ad12a3c2cb7ac2e134144be841b6ff1dff69ded Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: Add patch to use neon 0.30 2013-08-07T06:43:31+00:00 Saul Wold sgw@linux.intel.com 2013-08-06T20:55:28+00:00 291ab168fac15eae0e4c9234e16f394b0e1547a0 The neon update is not recognized but subversion, so we need to patch the configure.ac to know about 0.30, otherwise we don't have http/https support in subversion. Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The neon update is not recognized but subversion, so we need to patch the configure.ac
to know about 0.30, otherwise we don't have http/https support in subversion.

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>