openembedded-core.git/meta/recipes-devtools/subversion, branch master-next-1.9 Mirror of openembedded-core subversion: 1.8.10 -> 1.8.11 2015-02-14T22:26:07+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2015-02-13T14:44:31+00:00 6218b590e02afc346b473e62ee4e4624b677cacf Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion 1.6.15: fix unknown-configure-option 2015-02-07T18:52:47+00:00 Robert Yang liezhi.yang@windriver.com 2015-01-28T01:10:37+00:00 49ad2ba8c2ffe57300b37e6bd0d9d25eb30a5449 WARNING: QA Issue: subversion: configure was passed unrecognised options: --without-apache [unknown-configure-option] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
WARNING: QA Issue: subversion: configure was passed unrecognised options: --without-apache [unknown-configure-option]

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
subversion: 1.8.9 -> 1.8.10 2014-11-06T16:41:34+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2014-11-04T07:17:24+00:00 aa3aa6fff5b5e5b36b76665846e8b7f0408f7e81 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: Security Advisory - subversion - CVE-2014-3528 2014-11-04T10:19:53+00:00 Yue Tao Yue.Tao@windriver.com 2014-10-22T07:37:29+00:00 e0dc0432b13f38d16f642bdadf8ebc78b7a74806 Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
1.8.10 uses an MD5 hash of the URL and authentication realm to store
cached credentials, which makes it easier for remote servers to obtain
the credentials via a crafted authentication realm.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
subversion: Security Advisory - subversion - CVE-2014-3522 2014-11-04T10:19:53+00:00 Yue Tao Yue.Tao@windriver.com 2014-10-22T07:37:28+00:00 06a33cd00ea11abec1ebe9d5883e44778075ccc6 The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.<a href=http://cwe.mitre.org/data/definitions/297.html target=_blank>CWE-297: Improper Validation of Certificate with Host Mismatch</a> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3522 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18
and 1.8.x before 1.8.10 does not properly handle wildcards in the Common
Name (CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof servers via a crafted
certificate.<a href=http://cwe.mitre.org/data/definitions/297.html
target=_blank>CWE-297: Improper Validation of Certificate with Host
Mismatch</a>

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3522

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
subversion: Disable make install parallelism 2014-07-18T23:08:46+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2014-07-18T12:40:31+00:00 f5569d30b98418b201766ad07b177aac5fae4a41 The Makefile generation for subversion is horrible, I can't figure out where the dependencies are missing, it looks like they might be missing everywhere. Give up and disable parallel make install. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The Makefile generation for subversion is horrible, I can't figure out
where the dependencies are missing, it looks like they might be missing
everywhere. Give up and disable parallel make install.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: neon support was dropped, switch to serf 2014-07-17T22:13:56+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2014-07-17T20:37:38+00:00 1838153de3a68ac391bdec139446e496ad093763 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: Upgrade 1.7.7 -> 1.8.9 2014-07-17T11:27:05+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2014-07-16T12:31:59+00:00 99c3225cfe39f8de89555df5bd3f1e93cd731269 Dropped neon patches as neon support was dropped. Dropped CVE patches as applied in later version Added patch to avoid OS-X check which doesn't cross compile Add PACKAGECONFIG for gnome-keyring Addition to license: For the file subversion/libsvn_subr/utf_width.c * Markus Kuhn -- 2007-05-26 (Unicode 5.0) * * Permission to use, copy, modify, and distribute this software * for any purpose and without fee is hereby granted. The author * disclaims all warranties with regard to this software. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Dropped neon patches as neon support was dropped.
Dropped CVE patches as applied in later version
Added patch to avoid OS-X check which doesn't cross compile
Add PACKAGECONFIG for gnome-keyring

Addition to license:

For the file subversion/libsvn_subr/utf_width.c
* Markus Kuhn -- 2007-05-26 (Unicode 5.0)
*
* Permission to use, copy, modify, and distribute this software
* for any purpose and without fee is hereby granted. The author
* disclaims all warranties with regard to this software.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: fix for Security Advisory CVE-2013-4277 2014-05-21T08:08:10+00:00 Yue Tao Yue.Tao@windriver.com 2014-05-08T10:16:24+00:00 e0e483c5b2f481240e590ebb7d6189a211450a7e Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> 
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846 2014-05-21T08:08:10+00:00 Yue Tao Yue.Tao@windriver.com 2014-04-15T07:22:17+00:00 3962b76185194fa56be7f1689204a1188ea44737 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> 
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>