openembedded-core.git/meta/recipes-devtools/subversion, branch master-next2 Mirror of openembedded-core Revert "subversion: fix "svnadmin create" fail on x86" 2016-12-22T08:46:34+00:00 Dengke Du dengke.du@windriver.com 2016-12-19T05:40:14+00:00 fbdfb39c011676fe61a4d58b62226126e0e9ec62 This reverts commit cfe6f3e251240c9d9a70354be0501600357f0b87. This is because the apr configure wrong, when the apr configure meets the cross compiling, it pass 8 bytes to "off_t", in apr source code configure.in, it was hardcoded: APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8) The macro "APR_CHECK_SIZEOF_EXTENDED" was defined in build/apr_common.m4, it use the "AC_TRY_RUN" macro, this macro let the off_t to 8, when cross compiling enable. But in glibc on the x86 or multilib target the "off_t" was 4 bytes, so this cases dismatch for softwares which use the apr.h, such as subversion, run this: svnadmin create test It failed because the "APR_OFF_T_FMT" was "lld" in apr.h when apr configure, but the "apr_off_t" was 4 bytes, in the apr source code: apr_snprintf.c i_quad = va_arg(ap, apr_int64_t); When the function apr_vformatter meets "lld", it would use the above to parse, but the above read 8 bytes, so the follow-up data go to wrong. So we should configure the apr correct when cross compiling. I do this on the following patchs. Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
This reverts commit cfe6f3e251240c9d9a70354be0501600357f0b87.

This is because the apr configure wrong, when the apr configure meets the
cross compiling, it pass 8 bytes to "off_t", in apr source code configure.in,
it was hardcoded:

	APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8)

The macro "APR_CHECK_SIZEOF_EXTENDED" was defined in build/apr_common.m4,
it use the "AC_TRY_RUN" macro, this macro let the off_t to 8, when cross
compiling enable.

But in glibc on the x86 or multilib target the "off_t" was 4 bytes, so this
cases dismatch for softwares which use the apr.h, such as subversion, run this:

	svnadmin create test

It failed because the "APR_OFF_T_FMT" was "lld" in apr.h when apr configure,
but the "apr_off_t" was 4 bytes, in the apr source code: apr_snprintf.c

	i_quad = va_arg(ap, apr_int64_t);

When the function apr_vformatter meets "lld", it would use the above to parse,
but the above read 8 bytes, so the follow-up data go to wrong.

So we should configure the apr correct when cross compiling. I do this on the
following patchs.

Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
subversion: Upgrade 1.9.4 -> 1.9.5 2016-12-17T09:50:25+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2016-12-13T10:11:02+00:00 3f11325f7b7f3d0d1c0829f5f46e65814cf00de3 (From OE-Core rev: 4cfb7e9342978e77b0167441360330e66b9931cb) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
(From OE-Core rev: 4cfb7e9342978e77b0167441360330e66b9931cb)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: Fix issues in LDFLAGS sed manipulation 2016-12-07T13:58:41+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2016-12-07T13:54:18+00:00 9a8382422ddbb0972dc25b752204f4908bb9857c The existing sed expression can match expressions like --sysroot=/some/path/xxx-linux/ which clearly isn't intended and injects incorrect paths into LDFLAGS. Fix this in the same way we address the problem in CFLAGS. This fixes corrupt build paths and incorrect paths in .la files amongst other issues. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The existing sed expression can match expressions like
--sysroot=/some/path/xxx-linux/ which clearly isn't intended and
injects incorrect paths into LDFLAGS.

Fix this in the same way we address the problem in CFLAGS. This fixes corrupt
build paths and incorrect paths in .la files amongst other issues.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: fix "svnadmin create" fail on x86 2016-11-06T23:35:22+00:00 Dengke Du dengke.du@windriver.com 2016-11-02T07:12:10+00:00 7ea7e3db7801b58495b89a95ec2751d618d3a29f When run the following command on x86: svnadmin create /var/test_repo It cause segmentation fault error like the following: [16499.751837] svnadmin[21117]: segfault at 83 ip 00000000f74bf7f6 sp 00000000ffdd9b34 error 4 in libc-2.24.so[f7441000+1af000] Segmentation fault (core dumped) This is because in source code ./subversion/libsvn_fs_fs/low_level.c, function svn_fs_fs__unparse_footer, when: target arch: x86 apr_off_t: 4 bytes if the "APR_OFF_T_FMT" is "lld", it still use type "apr_off_t" to pass data to apr, but in apr source code file apr_snprintf.c the function apr_vformatter meet "lld", it would use the: i_quad = va_arg(ap, apr_int64_t); It uses the apr_int64_t to deal data, it read 8 bytes, so the follow-up data may be error. Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
When run the following command on x86:

        svnadmin create /var/test_repo

It cause segmentation fault error like the following:

        [16499.751837] svnadmin[21117]: segfault at 83 ip 00000000f74bf7f6 sp 00000000ffdd9b34 error 4 in libc-2.24.so[f7441000+1af000]
        Segmentation fault (core dumped)

This is because in source code ./subversion/libsvn_fs_fs/low_level.c,
function svn_fs_fs__unparse_footer, when:

        target arch:    x86
        apr_off_t:      4 bytes

if the "APR_OFF_T_FMT" is "lld", it still use type "apr_off_t" to pass
data to apr, but in apr source code file apr_snprintf.c the function
apr_vformatter meet "lld", it would use the:

        i_quad = va_arg(ap, apr_int64_t);

It uses the apr_int64_t to deal data, it read 8 bytes, so the follow-up
data may be error.

Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
subversion: 1.9.3 -> 1.9.4 2016-08-25T21:59:28+00:00 Robert Yang liezhi.yang@windriver.com 2016-08-23T00:39:21+00:00 8620d13f8cf18be13429b0015d11e4efefe75b20 Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
subversion: remove unnecessary python dependency 2016-06-01T07:04:11+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2016-05-06T15:47:00+00:00 54cbeb2975e2ea386386fce077146935afa0f719 It would be useful if swig was enabled, but it isn't. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> 
It would be useful if swig was enabled, but it isn't.

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
subversion: Upgrade 1.9.2 -> 1.9.3 2016-01-13T00:03:52+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2016-01-11T15:01:01+00:00 7423386923a37bca21aef99eea8dddf572d51a13 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
subversion: update to 1.9.2 2015-12-12T23:31:43+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2015-12-07T17:46:49+00:00 b57f57ea092f93bd7e1268b04c7d3c4af2149a77 Drop backported CVE fix patches libtool2.patch has been rebased and renamed to 0001-Fix-libtool-name-in-configure.ac.patch LICENSE checksum has been updated because more 3rd party attributions have been added to it, it's otherwise still Apache 2. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Drop backported CVE fix patches
libtool2.patch has been rebased and renamed to 0001-Fix-libtool-name-in-configure.ac.patch
LICENSE checksum has been updated because more 3rd party attributions have been added to it,
it's otherwise still Apache 2.

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
subversion: fix CVE-2015-3187 2015-12-01T21:30:56+00:00 Wenzong Fan wenzong.fan@windriver.com 2015-11-17T05:38:42+00:00 6da25614edcad30fdb4bea8ff47b81ff81cdaed2 The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Patch is from: http://subversion.apache.org/security/CVE-2015-3187-advisory.txt Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The svn_repos_trace_node_locations function in Apache Subversion before
1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used,
allows remote authenticated users to obtain sensitive path information
by reading the history of a node that has been moved from a hidden path.

Patch is from:
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
subversion: fix CVE-2015-3184 2015-12-01T21:30:56+00:00 Wenzong Fan wenzong.fan@windriver.com 2015-11-17T05:38:41+00:00 29eb921ed074d86fa8d5b205a313eb3177473a63 mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Patch is from: http://subversion.apache.org/security/CVE-2015-3184-advisory.txt Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.

Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>