summaryrefslogtreecommitdiffstats
path: root/package/subversion
Commit message (Collapse)AuthorAgeFilesLines
* package/subversion: security bump to version 1.9.10Peter Korsgaard2019-01-232-5/+6
| | | | | | | | | | | | Additional fixes for CVE-2017-9800: Malicious server can execute arbitrary command on client and a number of crash fixes. https://svn.apache.org/repos/asf/subversion/tags/1.9.10/CHANGES Drop upstream SHA1 hash as that is no longer listed. Also add a hash for the license file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* subversion: security bump to version 1.9.7Peter Korsgaard2017-09-062-5/+4
| | | | | | | | | | | Fixes CVE-2017-9800: Arbitrary code execution on clients through malicious svn+ssh URLs in svn:externals and svn:sync-from-url For more details, see http://subversion.apache.org/security/CVE-2017-9800-advisory.txt Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/s*/Config.in: fix ordering of statementsAdam Duskett2017-05-021-2/+2
| | | | | | | | | | | | | The check-package script when ran gives warnings on ordering issues on all of these Config files. This patch cleans up all warnings related to the ordering in the Config files for packages starting with the letter s in the package directory. The appropriate ordering is: type, default, depends on, select, help See http://nightly.buildroot.org/#_config_files for more information. Signed-off-by: Adam Duskett <Adamduskett@outlook.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* subversion: bump version to 1.9.5Vicente Olivert Riera2016-12-022-2/+5
| | | | | | | Also add a sha256 hash since upstream only provides one weak hash. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* subversion: security bump to version 1.9.4Gustavo Zacarias2016-04-282-2/+2
| | | | | | | | | | | Fixes: CVE-2016-2167 - svnserve/sasl may authenticate users using the wrong realm. CVE-2016-2168 - Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/subversion: security version bump to 1.9.3Bernd Kuhls2016-01-312-2/+2
| | | | | | | | | | | | | | | | | | Release announcement: http://mail-archives.apache.org/mod_mbox/subversion-dev/201512.mbox/%3CCAP_GPNj_GCA869VQeJUrp5ngXsgN7pQQHSS=sqoXm8_6hHTTxg@mail.gmail.com%3E CVE-2015-5259: Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser. http://subversion.apache.org/security/CVE-2015-5259-advisory.txt CVE-2015-5343: Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. http://subversion.apache.org/security/CVE-2015-5343-advisory.txt Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* subversion: add missing comment when building staticGustavo Zacarias2015-12-291-0/+4
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* subversion: bump to version 1.9.2Vicente Olivert Riera2015-09-285-30/+46
| | | | | | | | | | | | | | | | | | - Bump to version 1.9.2. - Update the hash file. - Use a tar.bz2 tarball to save space and bandwidth. - Fix a typo in the berkeley-db configure option. - Remove non-existent configure options: neon, gssapi and ssl. - Remove neon dependency: is not needed to build subversion. - Tweak the 0001-dont-mangle-cflags.patch for the 1.9.2 version and to patch configure.ac instead of configure. - Add a new 0002-disable-macos-specific-features.patch to remove a configure check for Mach-O (and two more) which breaks the build when cross-compiling. - Enable autoreconf since we are patching the configure.ac. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* subversion: security bump to version 1.7.19Gustavo Zacarias2014-12-212-2/+3
| | | | | | | | | | | Fixes: CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names. Also add hash file. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Rename BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBSThomas Petazzoni2014-12-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed from "prefer static libraries when possible" to "use only static libraries". The former semantic didn't make much sense, since the user had absolutely no control/idea of which package would use static libraries, and which packages would not. Therefore, for quite some time, we have been starting to enforce that BR2_PREFER_STATIC_LIB should really build everything with static libraries. As a consequence, this patch renames BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS, and adjust the Config.in option accordingly. This also helps preparing the addition of other options to select shared, shared+static or just static. Note that we have verified that this commit can be reproduced by simply doing a global rename of BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
* subversion: ensure --disable-debug doesn't mangle CFLAGSPeter Korsgaard2014-11-061-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/fc6/fc69a19c66462585449f7c4dad174d45a84e4947/ http://autobuild.buildroot.net/results/e04/e0471f2a9087d547840a7b18863289963e357b57/ http://autobuild.buildroot.net/results/bd8/bd8cdf976937c7b9029658871929f4be464b7a47/ http://autobuild.buildroot.net/results/652/652c3afe844e912061fbc5991e6fecad98ff6e6f/ And many more. When --disable-debug is passed to configure, as is automatically done by the autotools infrastructure since 822a757456e (infra: Move --enable/--disable-debug to package/Makefile.in), the configure script will try to strip debugging (-g) options from the C/CXXFLAGS. The logic to do so is unfortunately buggy, so it ends up mangling options like -mfloat-gprs=double that we use on certain PowerPC variants, breaking the build. Fix it by adjusting the sed regexp to be more selective in what it strips. The package unfortunately doesn't cleanly autoreconf, so configure is patched instead of configure.ac. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* subversion: needs sqlite and pkg-configPeter Korsgaard2014-10-272-1/+5
| | | | | | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/de2/de243c429c1e443efdbba82a860dbb7a03d5b746/ http://autobuild.buildroot.net/results/40c/40ce377893789883503deaa57912b87d2e0192e8/ http://autobuild.buildroot.net/results/134/13449cd77fbbd1c2b21d04b1fc866a086d915353/ http://autobuild.buildroot.net/results/e3f/e3fc33177eef955830a7be68e7b23503fd1d9ebe/ and others. Also add the missing 'select' statements for apr, expat and zlib to match the .mk file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* packages: rename FOO_CONF_OPT into FOO_CONF_OPTSThomas De Schampheleire2014-10-041-1/+1
| | | | | | | | | | | | To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* subversion: security bump to version 1.7.18Gustavo Zacarias2014-08-151-1/+1
| | | | | | | | | | | | | | | | Fixes: CVE-2014-0032 - mod_dav_svn is vunerable to a remotely triggerable segfault DoS vulnerability when SVNListParentPath is on. CVE-2014-3522 - Serf RA layer does not correctly validate certificates with wildcards in them for HTTPS. CVE-2014-3528 - Credentials cached with Subversion may be sent to the wrong server. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: standardise Apache licensesSimon Dawson2014-01-021-1/+1
| | | | | | | | Apache licenses are referred to in a variety of ways; standardise these, choosing a form which does not contain whitespace. Signed-off-by: Simon Dawson <spdawson@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* subversion: bump to version 1.7.14Axel Lin2013-12-221-1/+1
| | | | | | | Upgrade to latest security-related bugfixes release. Signed-off-by: Axel Lin <axel.lin@ingics.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* apr: needs mmuGustavo Zacarias2013-11-281-0/+1
| | | | | | | | | | Uses fork() in apr_proc_fork() which is used by almost all the packages that use apr (log4cxx, subversion). apr-util doesn't use fork or apr_proc_fork but it's of no use alone. [Peter: also hide log4cxx comment if !BR2_USE_MMU] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* subversion: new packageRico Bachmann2013-08-282-0/+39
[Thomas: added license informations, fixed dependencies, and several cleanups.] Signed-off-by: Rico Bachmann <bachmann@tofwerk.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
OpenPOWER on IntegriCloud