kumquat-buildroot

NetCube-Systems-Austria/kumquat-buildroot

Fork 0

Commit Graph

Author	SHA1	Message	Date
Bernd Kuhls	544949e498	package/subversion: security version bump to 1.9.3 Release announcement: http://mail-archives.apache.org/mod_mbox/subversion-dev/201512.mbox/%3CCAP_GPNj_GCA869VQeJUrp5ngXsgN7pQQHSS=sqoXm8_6hHTTxg@mail.gmail.com%3E CVE-2015-5259: Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser. http://subversion.apache.org/security/CVE-2015-5259-advisory.txt CVE-2015-5343: Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. http://subversion.apache.org/security/CVE-2015-5343-advisory.txt Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2016-01-31 20:33:39 +01:00
Vicente Olivert Riera	4965192f60	subversion: bump to version 1.9.2 - Bump to version 1.9.2. - Update the hash file. - Use a tar.bz2 tarball to save space and bandwidth. - Fix a typo in the berkeley-db configure option. - Remove non-existent configure options: neon, gssapi and ssl. - Remove neon dependency: is not needed to build subversion. - Tweak the 0001-dont-mangle-cflags.patch for the 1.9.2 version and to patch configure.ac instead of configure. - Add a new 0002-disable-macos-specific-features.patch to remove a configure check for Mach-O (and two more) which breaks the build when cross-compiling. - Enable autoreconf since we are patching the configure.ac. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2015-09-28 22:15:45 +02:00
Gustavo Zacarias	d80f5c99fd	subversion: security bump to version 1.7.19 Fixes: CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names. Also add hash file. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2014-12-21 13:22:18 +01:00

Author

SHA1

Message

Date

Bernd Kuhls

544949e498

package/subversion: security version bump to 1.9.3

Release announcement:
http://mail-archives.apache.org/mod_mbox/subversion-dev/201512.mbox/%3CCAP_GPNj_GCA869VQeJUrp5ngXsgN7pQQHSS=sqoXm8_6hHTTxg@mail.gmail.com%3E

CVE-2015-5259:
Remotely triggerable heap overflow and out-of-bounds read caused by
integer overflow in the svn:// protocol parser.
http://subversion.apache.org/security/CVE-2015-5259-advisory.txt

CVE-2015-5343:
Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn
caused by integer overflow when parsing skel-encoded request bodies.
http://subversion.apache.org/security/CVE-2015-5343-advisory.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

2016-01-31 20:33:39 +01:00

Vicente Olivert Riera

4965192f60

subversion: bump to version 1.9.2

- Bump to version 1.9.2.
- Update the hash file.
- Use a tar.bz2 tarball to save space and bandwidth.
- Fix a typo in the berkeley-db configure option.
- Remove non-existent configure options: neon, gssapi and ssl.
- Remove neon dependency: is not needed to build subversion.
- Tweak the 0001-dont-mangle-cflags.patch for the 1.9.2 version and to
  patch configure.ac instead of configure.
- Add a new 0002-disable-macos-specific-features.patch to remove a
  configure check for Mach-O (and two more) which breaks the build when
  cross-compiling.
- Enable autoreconf since we are patching the configure.ac.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

2015-09-28 22:15:45 +02:00

Gustavo Zacarias

d80f5c99fd

subversion: security bump to version 1.7.19

Fixes:
CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests.
CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names.

Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

2014-12-21 13:22:18 +01:00

3 Commits