| Age | Commit message (Collapse) | Author |
|---|
|
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277
(From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847
(From OE-Core rev: 3962b76185194fa56be7f1689204a1188ea44737)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845
(From OE-Core rev: 432666b84b80f8b0d13672aa94855369f577c56d)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
root.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131
(From OE-Core rev: ce41ed3ca5b6ef06c02c5ca65f285e5ee8c04e7f)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505
(From OE-Core rev: 02314673619f44e5838ddb65bbe22f9342ee6167)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Reject operations on getcontentlength and getcontenttype properties
if the resource is an activity.
(From OE-Core rev: 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A lot of our recipes had short one-line DESCRIPTION values and no
SUMMARY value set. In this case it's much better to just set SUMMARY
since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY
is at least useful. I also took the opportunity to fix up a lot of the
new SUMMARY values, making them concisely explain the function of the
recipe / package where possible.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
If sysroot contains '-D' or '-I' characters, the SVN_NEON_INCLUDES and
the corresponding CFLAGS will not get the correct value.
This will cause build failures.
This patch fixes the above problem.
[YOCTO #5458]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The neon update is not recognized but subversion, so we need to patch the configure.ac
to know about 0.30, otherwise we don't have http/https support in subversion.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* cyrus-sasl is in meta-networking
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Bogdan Marinescu <bogdan.a.marinescu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Bogdan Marinescu <bogdan.a.marinescu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Bogdan Marinescu <bogdan.a.marinescu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
- fix WARNING: Failed to fetch URL http://www.apache.org/dist/subversion/subversion-1.7.6.tar.bz2
- subversion-1.7.6_mod_dontdothat_svnserve_only.patch doesn't seems to be useful,
cc Marcin to get confirmation
Signed-off-by: Eric Bénard <eric@eukrea.com>
Cc: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These were not getting fixed by orignal committer!
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Dropped --without-apache option as it does not exists.
Added patch from subversion-users ML to not build mod_dontdothat.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
|
|
Avoid error:
| /bin/bash: <path>/tmp/sysroots/i686-linux/usr/bin/msgfmt: No such file or
directory
| make: *** [subversion/po/de.mo] Error 127
| make: *** Waiting for unfinished jobs....
| ERROR: oe_runmake failed
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Add missing build dependency on sqlite3
Disable Ruby checking. we do not have Ruby, and subversion always
checks ruby on host which leads to build error when ruby-dev is
installed on host.
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
subversion needs an explicit dependency on sqlite3, otherwise it
does not build. Tested by building core-image-minimal.
Signed-off-by: Bogdan Marinescu <bogdan.a.marinescu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
install-neon-lib needs libsvn_delta-1.la which will be regenerated
during libsvn_delta-1.la's installation, if libsvn_delta-1.la is
in regenerating and at the same time install-neon-lib links it, the
error willl happen.
The error message is:
/bin/ld: cannot find -lsvn_delta-1
collect2: error: ld returned 1 exit status
This is a parallel issue, so it doesn't happen often.
Note:
The autoreconf doesn't generate build-outputs.mk, it would be generated
by autogen.sh (use build.conf as the input), but autogen.sh isn't
suitable for cross compiling, so both modified build-outputs.mk and
build.conf.
[YOCTO #2727]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ASSUME_PROVIDED
This enables a switch to subversion 1.7 now bitbake is able to cope with
upgrading existing working copies. The impact of this change should be
minimal since we don't have many subversion recipes now.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* subversion-1.7.* had libtool-2.4, oe-core now has 2.4.2 and it was
failing:
x86_64-linux-libtool: Version mismatch error. This is libtool 2.4.2, but the
x86_64-linux-libtool: definition of this LT_INIT comes from libtool 2.4.
x86_64-linux-libtool: You should recreate aclocal.m4 with macros from libtool 2.4.2
x86_64-linux-libtool: and run autoconf again.
Signed-off-by: Klaus Kurzmann <mok@fluxnetz.de>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* intentionaly with negative D_P, bitbake fetcher should be improved to
detect old checkout with newer subversion available or vice versa and
do svn upgrade automaticaly or show better error, but subversion as
client for target or -native for distributions which explicitly say
they want 1.7 (with PREFERRED_VERSION) can be available already from
oe-core.
* be aware that checkouts from 1.7.0 are not compatible with older
subversion clients (ie when builder populating distro PREMIRROR is
using 1.7.0 all builders need to have also 1.7.0)
* and also 1.7.0 client needs to call svn upgrade in checkout first in
order to use it (so if PREMIRROR has tarball from 1.6.x it won't work
on client using 1.7.0 unless fetcher2 is improved to detect this and
call svn upgrade)
* tested on SHR distribution
http://wiki.shr-project.org/trac/wiki/Building%20SHR#subversion1.7inshr-chroot
* only missing part is to add subversion-native dependency, so that
native subversion is built, before building ie elementary (because EFL
are using svnversion from configure.ac to detect source revision and
.svn dir needs to be from compatible version).
* read http://subversion.apache.org/docs/release-notes/1.7.html
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* upstream detection seems to be doing its job right now
* I don't see how this is supposed to work
-- neon_config="$withval/bin/neon-config"
-+ neon_config="env env PKG_CONFIG_PATH=${withval}:${PKG_CONFIG_PATH} pkg-config neon"
when neon_config should be sysroots/nokia900/usr/bin/crossscripts/neon-config
"
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Some place pnum=1 is used which is removed as well since
striplevel=1 is default
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
in multilibcase, PN has multilib prefix, so it is not
correct to use PN in SRC_URI and S. instead, we've
dedicately pruned multilib prefix in BPN, so BPN is
the right alternative for PN.
Signed-off-by: Yu Ke <ke.y@intel.com>
|
|
I've cleaned up some odd license fields, fixed some license
names and corrected some incorrect licenses. LICENSE really needs
a pass through by the maintainers as some of the licensing is
incorrect.
Also, every license with Artistic should be gone through and noted as
which version of Artistic.
Signed-off-by: Beth Flanagan <elizabeth.flanagan@intel.com>
|
|
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
Rebased this patch to the newer code
modified: subversion/disable-revision-install.patch
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
For these recipes the dependencies listed in RDEPENDS and RRECOMMENDS only apply to ${PN}
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
|
|
And update recipe checksums
rebased neon-detection.patch:
upstream code has some of the changes similar to the changes in the
patch. Removing the duplicate changes from the patch file.
subversion: update LIC_CHKSUM_FILES field
Noticed this change in the COPYING file:
$ diff -u COPYING /tmp/COPYING
--- COPYING 2006-05-28 07:41:18.000000000 -0700
+++ /tmp/COPYING 2010-12-03 11:16:15.000000000 -0800
@@ -10,7 +10,7 @@
on), you may use a newer version instead, at your option.
================================================================
-Copyright (c) 2000-2006 CollabNet. All rights reserved.
+Copyright (c) 2000-2009 CollabNet. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
The with-sasl check was looking into /usr/local, so a prepend_configure
was added to modify the /usr/local to ${STAGING_DIR} in build/ac-macros/sasl.m4
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Having one monolithic packages directory makes it hard to find things
and is generally overwhelming. This commit splits it into several
logical sections roughly based on function, recipes.txt gives more
information about the classifications used.
The opportunity is also used to switch from "packages" to "recipes"
as used in OpenEmbedded as the term "packages" can be confusing to
people and has many different meanings.
Not all recipes have been classified yet, this is just a first pass
at separating things out. Some packages are moved to meta-extras as
they're no longer actively used or maintained.
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
|
Yue Tao
Paul Eggleton
Chen Qi
Martin Jansa
Saul Wold
Bogdan Marinescu
Eric Bénard
Marcin Juszkiewicz
Andrei Gherzan
Roy.Li
Robert Yang
Richard Purdie
Klaus Kurzmann
Khem Raj
Yu Ke
Beth Flanagan
Nitin A Kamble
Koen Kooi
Richard Purdie