| Age | Commit message (Collapse) | Author |
|---|
|
libtool is now longer renamed to ${host}-libtool, so remove the changes
to support this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For SDK environments where people still use subversion, let it easily being
added to buildtools-tarball to invite more developers relying on Yocto
based SDKs without much requirement to setup anything on the development
workplace.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add python3native, as configure probes into python configuration.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
All of the .pc files contain the path to ${libdir} which fails
in a multilib rpm image.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove backported patch.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
subversion checks whether build with boost during do_configure. If boost
exists on build machine, it causes configure-unsafe QA issue:
| ERROR: subversion-1.12.0-r0 do_configure: QA Issue: This autoconf log
| indicates errors, it looked at host include and/or library paths
| while determining system capabilities.
| Rerun configure task after fixing this. [configure-unsafe]
Add a PACKAGECONFIG 'boost' to fix the issue.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There's a Jenkins plugin for Subversion.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Backport a patch to fix build failure while APR 1.7.0
...
checking for apr_int64_t Python/C API format string...
configure: error: failed to recognize APR_INT64_T_FMT on this platform
...
- Rebase disable_macos.patch and serfmacro.patch
License-update: no change, declare two new added file
* in build/ac-macros/ax_boost_base.m4
* in build/ac-macros/ax_boost_unit_test_framework.m4
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Commit 5bb47984af79 "subversion: 1.9.7 -> 1.10.0" dropped
serf.m4-Regex-modified-to-allow-D-in-paths.patch
from recipe, but left the patch itself in source tree.
Remove this patch since nobody uses it.
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License changed since licenses for the bundled linenoise and lz4 codebases
were added. We don't build either of them. Add MIT since utf8proc is MIT
licensed.
Configure to use the internal utf8proc codebase since we have no copy of that in
OE-Core, nor any need to add one.
Add a dependency on lz4 which is now required rather than using the internal
codebase within subversion.
Drop a patch merged upstream.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Add default value for PACKAGECONFIG
- Combine "inherit autotools" with "inherit pkgconfig gettext"
- Drop historical addition of -L${STAGING_LIBDIR} to LDFLAGS
- Re-order variables according to OE styleguide
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A maliciously constructed svn+ssh:// URL would cause Subversion clients
before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3
to run an arbitrary shell command. Such a URL could be generated by a
malicious server, by a malicious user committing to a honest server(to
attack another user of that server's repositories), or by a proxy
server.
The vulnerability affects all clients, including those that use
file://, http://, and plain (untunneled) svn://.
Backport patch from:
http://svn.apache.org/viewvc?view=revision&sortby=rev&revision=1804691
Reference:
http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit cfe6f3e251240c9d9a70354be0501600357f0b87.
This is because the apr configure wrong, when the apr configure meets the
cross compiling, it pass 8 bytes to "off_t", in apr source code configure.in,
it was hardcoded:
APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8)
The macro "APR_CHECK_SIZEOF_EXTENDED" was defined in build/apr_common.m4,
it use the "AC_TRY_RUN" macro, this macro let the off_t to 8, when cross
compiling enable.
But in glibc on the x86 or multilib target the "off_t" was 4 bytes, so this
cases dismatch for softwares which use the apr.h, such as subversion, run this:
svnadmin create test
It failed because the "APR_OFF_T_FMT" was "lld" in apr.h when apr configure,
but the "apr_off_t" was 4 bytes, in the apr source code: apr_snprintf.c
i_quad = va_arg(ap, apr_int64_t);
When the function apr_vformatter meets "lld", it would use the above to parse,
but the above read 8 bytes, so the follow-up data go to wrong.
So we should configure the apr correct when cross compiling. I do this on the
following patchs.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
(From OE-Core rev: 4cfb7e9342978e77b0167441360330e66b9931cb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The existing sed expression can match expressions like
--sysroot=/some/path/xxx-linux/ which clearly isn't intended and
injects incorrect paths into LDFLAGS.
Fix this in the same way we address the problem in CFLAGS. This fixes corrupt
build paths and incorrect paths in .la files amongst other issues.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When run the following command on x86:
svnadmin create /var/test_repo
It cause segmentation fault error like the following:
[16499.751837] svnadmin[21117]: segfault at 83 ip 00000000f74bf7f6 sp 00000000ffdd9b34 error 4 in libc-2.24.so[f7441000+1af000]
Segmentation fault (core dumped)
This is because in source code ./subversion/libsvn_fs_fs/low_level.c,
function svn_fs_fs__unparse_footer, when:
target arch: x86
apr_off_t: 4 bytes
if the "APR_OFF_T_FMT" is "lld", it still use type "apr_off_t" to pass
data to apr, but in apr source code file apr_snprintf.c the function
apr_vformatter meet "lld", it would use the:
i_quad = va_arg(ap, apr_int64_t);
It uses the apr_int64_t to deal data, it read 8 bytes, so the follow-up
data may be error.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
It would be useful if swig was enabled, but it isn't.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop backported CVE fix patches
libtool2.patch has been rebased and renamed to 0001-Fix-libtool-name-in-configure.ac.patch
LICENSE checksum has been updated because more 3rd party attributions have been added to it,
it's otherwise still Apache 2.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The svn_repos_trace_node_locations function in Apache Subversion before
1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used,
allows remote authenticated users to obtain sensitive path information
by reading the history of a node that has been moved from a hidden path.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
|
|
Upstream-Status changed to Accepted due to [1]
[1] http://svn.apache.org/viewvc/subversion/trunk/build/ac-macros/serf.m4?r1=1594156&r2=1689824
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Modified the regex sed in serf.m4 to allow the use of '-D' characters
in project folder names without having compilation error from
subversion-native.
[YOCTO #7874]
Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Similarly to:
http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=9b19d6548a345009a6de79a6820c07a72054d961
we also need to fix the subversion-native case with gcc5 by using
the same fix to the BUILD_CPPFLAGS.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removing the 1.6.X recipes, since there is a new version 1.8.X recipes,
and hope that all projects already upgraded their premirror caches to
use new format
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
upgrade to fix two CVE defects: CVE-2015-0248 and CVE-2015-0251
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
see https://gcc.gnu.org/gcc-5/porting_to.html
we need to stop the preprocessor from generating the #line directives
or we run into issues like
| checking for apr_int64_t Python/C API format string...
| configure: error: failed to recognize APR_INT64_T_FMT on this platform
| Configure failed. The contents of all config.log files follows to aid
debugging
| ERROR: oe_runconf failed
Rightly subversion should be fixed but lets leave that to subversion
folks
Change-Id: I02a89798ff949f79967ab0a73adcddaa4218662d
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
WARNING: QA Issue: subversion: configure was passed unrecognised options: --without-apache [unknown-configure-option]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
1.8.10 uses an MD5 hash of the URL and authentication realm to store
cached credentials, which makes it easier for remote servers to obtain
the credentials via a crafted authentication realm.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18
and 1.8.x before 1.8.10 does not properly handle wildcards in the Common
Name (CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof servers via a crafted
certificate.<a href=http://cwe.mitre.org/data/definitions/297.html
target=_blank>CWE-297: Improper Validation of Certificate with Host
Mismatch</a>
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3522
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The Makefile generation for subversion is horrible, I can't figure out
where the dependencies are missing, it looks like they might be missing
everywhere. Give up and disable parallel make install.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Dropped neon patches as neon support was dropped.
Dropped CVE patches as applied in later version
Added patch to avoid OS-X check which doesn't cross compile
Add PACKAGECONFIG for gnome-keyring
Addition to license:
For the file subversion/libsvn_subr/utf_width.c
* Markus Kuhn -- 2007-05-26 (Unicode 5.0)
*
* Permission to use, copy, modify, and distribute this software
* for any purpose and without fee is hereby granted. The author
* disclaims all warranties with regard to this software.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
Ross Burton
Richard Purdie
Dorinda
Jens Rehsack
Alexander Kanavin
Jeremy A. Puhlman
Adrian Bunk
Kai Kang
Ross Burton
Hongxu Jia
Ruslan Bilovol
Andre McCurdy
Wenzong Fan
Alexander Kanavin
Dengke Du
Robert Yang
Jose Lamego
Roy Li
Khem Raj
Yue Tao