Checkout Tools
  • last updated 2 hours ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 1851873 is being indexed.

Add CVE-2018-11803 notices to the website.

* index.html, news.html

- Add security announcement.

- Include CVE link in 1.11.1 and 1.10.4 release announcements.

- Ensure anchor ids are unique.

* security/CVE-2018-11803-advisory.txt New file.

* security/CVE-2018-11803-advisory.txt.asc New file.

* security/index.html

Add links to CVE-2018-11803 advisory and signature.

    • ?
    • ?
* CHANGES: Fix typo that crept in in r1851827.

* CHANGES: Record authz file parsing improvements.

Introduce a warning callback to the authz file parser API.

We need this to warn about the use of empty groups in authz files;

this is not an error and doesn't affect the authz file semantics,

but it's nice to be able to tell the user about it.

See issues #4794, #4802 and #4803.

* subversion/include/svn_repos.h

(svn_repos_authz_warning_func_t): New callback function type.

(svn_repos_authz_read4): New; API revision.

(svn_repos_authz_read3): Deprecated.

(svn_repos_authz_parse2): New; API revision.

(svn_repos_authz_parse): Deprecated.

* subversion/libsvn_repos/authz.h

(svn_authz__parse): Add warning function and baton parameters.

* subversion/libsvn_repos/authz.c

(authz_read): Add warning function and baton parameters.

Update calls to svn_authz__parse.

(svn_repos_authz_read4): Revised from svn_repos_authz_read3.

(svn_repos_authz_parse2): Revised from svn_repos_authz_parse.

* subversion/libsvn_repos/authz_parse.c

(struct ctor_baton_t): Add members warning_func and warning_baton.

(create_ctor_baton): Initialise these new members of the constructor baton.

(emit_parser_warning): New.

(SVN_AUTHZ_PARSE_WARN): New; wrapper macro for the above.

(array_insert_ace): Ignore and warn about the use of empty groups.

(svn_authz__parse): Update implementation to match prototype.

* subversion/libsvn_repos/deprecated.c

(svn_repos_authz_read3, svn_repos_authz_parse): Implement deprecated functions.

* subversion/mod_authz_svn/mod_authz_svn.c

(log_svn_message): New; replaces log_svn_error so that it's useful for

logging warnings as well.

(log_svn_error): Reimplement, calling log_svn_message.

(struct authz_warning_baton_t): New.

(log_authz_warning): New.

(get_access_conf): Set up an authz warning handler and baton, and call

svn_repos_authz_read4 instead of svn_repos_authz_read3.

* subversion/svnserve/logger.h

(logger__log_error): Make the 'err' parameter a pointer-to-const.

Update the docstring to say that the error is not cleared.

(logger__log_warning): New.

* subversion/svnserve/logger.c

(log_message): New; common base for logger__log_error and logger__log_message.

Also *do not* allocate 8k on the stack, use the logger pool, which gets

cleared at the end of the function.

(logger__log_error): Reimplement.

(logger__log_warning): Implement.

* subversion/svnserve/serve.c

(log_error): Make the error parameter const. Fix the docstring.

(log_warning): New.

(load_authz_config): Add warning function and baton parameters and fix pool

handling. Now calls svn_repos_authz_read4 instead of svn_repos_authz_read3.

(find_repos): Add warning function and baton parameters for load_authz_config.

(handle_authz_warning): New.

(construct_server_baton): Pass an authz warning handler and baton to find_repos.

* subversion/tests/cmdline/

(group_member_empty_string): Fix docstring.

(empty_group): New test case.

(test_list): Run it.

* subversion/tests/cmdline/

(svnauthz_empty_group_test): Extend the @Issues decorator.

Add a check for the expected warning on stderr.

Follow-up to r1851815: update svn:ignore lists.

* subversion/tests: Do not ignore

* subversion/tests/cmdline: Do ignore svnserve-*.

Add logging to the svnserveautocheck configuration.

* (check-clean): Clean up the svnserveautocheck and davautocheck

configuration/log directories.

* subversion/tests/cmdline/

(query): New function, copied unchanged from

(SVNSERVE_ROOT): Temporary directory for and svnserve.log.

- Run sevnserve with logging enabled;

- Offer to browse the log file before ending the script.

* 1.10.x/STATUS, 1.11.x/STATUS: Add r1851791 to the r1851676 group.
* subversion/tests/cmdline/

(svnauthz_empty_group_test): Reference issue #4802.

A follow-up to r1851739: teach 'unshelve' to do adds through the WC editor.

* subversion/libsvn_client/shelf.c

(apply_prop_mods): Update doc string.

(apply_file_mods): Ensure null arguments are acceptable.

(path_driver_cb_func): Implement 'add' through the WC editor.

A follow-up to r1851739: close the streams we opened.

(Found because the rename attempt failed on Windows.)

* subversion/include/svn_delta.h

(svn_txdelta_apply): Document that it closes its target stream but not its

source stream.

* subversion/libsvn_client/wc_editor.c



file_close): Close the source stream before we try to overwrite the file

it was reading from.

Teach 'unshelve' to drive the new WC local mods editor.

Re: SVN-4786 "Create a WC working-mods editor", SVN-3625 "Commit shelving".

Instead of applying changes directly to the WC, the changes now go through

the standard svn_delta_editor_t API. When completed, this will allow a much

more exact transfer of the possible changes, and a more resuable


The ability to merge file text changes is lost, for the time being. This

will need to be re-implemented in the WC local mods editor. (Note that the

implementation of merging here was incomplete anyway.)

* subversion/libsvn_client/shelf.c




wc_node_add): Remove.







shelf_replay): New.


test_apply_file_visitor): Renamed remnants of a combined function.

(svn_client__shelf_test_apply_file): Update the caller.

(wc_mods_editor): New.

(svn_client__shelf_apply): Use wc_mods_editor() and shelf_replay()


* subversion/tests/cmdline/





unshelve_text_prop_conflict): Mark as XFail, as merge and conflict

behaviour has changed.

Teach the delta editor path driver to work incrementally.

Instead of passing in the complete list of paths to be driven all at once,

this adds the option of passing in one path at a time.

* subversion/include/svn_delta.h,


(svn_delta_path_driver2): Rewrite to use the incremental API.




svn_delta_path_driver_finish): New.

* 1.10.x/STATUS, 1.11.x/STATUS: Nominate r1851676, r1851687.

Fix a bug in the authz parser where using a group with no members in

an access entry was treated as an error instead of being ignored.

* subversion/libsvn_repos/authz_parse.c

(add_to_group): Allow NULL user, to create empty groups. Update docstring.

(expand_group_callback): Handle the case where a group has no users.

(array_insert_ace): Ignore ACEs for empty groups.

* subversion/tests/cmdline/

(svnauthz_empty_group_test): Remove XFail decorator.

Extend the testcase to test recursive empty group expansion.

Fixes issue #4802

Found by: Doug Robinson

Add a new XFail test for the authz parser for the validity of empty groups.

Issue #4802.

* subversion/tests/cmdline/

(svnauthz_empty_group_test): New test case.

(test_list): Run it.

Found by: Doug Robinson

Expose the output arguments of svn_client_blame6 in JavaHL.

[in subversion/bindings/javahl/src/org/apache/subversion]

* callback/ New callback for ISVNClient.blame.

* callback/ Remove unused import.


(ISVNClient.blame): Add range callback parameter. Update docstring.


(SVNClient.blame): Update wrapper and native method declaration.

[in subversion/bindings/javahl/native]

* BlameCallback.h

(BlameCallback::BlameCallback): Change constructor signature.

(BlameCallback::get_start_revnum_p, BlameCallback::get_end_revnum_p): New.

(BlameCallback::setRange): New.

(BlameCallback::m_start_revnum, BlameCallback::m_start_revnum,

BlameCallback::m_range_callback_invoked, BlameCallback::m_range_callback): New.

(BlameCallback::m_line_callback): Renamed from m_callback.

* BlameCallback.cpp: Include svn_private_config.h.

(BlameCallback::BlameCallback): Update constructor implementation.

(BlameCallback::callback): Update static callback implementation.

(BlameCallback::setRange): Implement.

(BlameCallback::singleLine): Notice changed member variable name.

* SVNClient.cpp

(SVNClient::blame): Set blame output arguments from the callback.

* org_apache_subversion_javahl_SVNClient.cpp

(Java_org_apache_subversion_javahl_SVNClient_blame): Update native method.

[in subversion/bindings/javahl/tests/org/apache/subversion/javahl]


(BlameRangeCallbackImpl): New helper class.

(testBinaryBlame): Also test the returned revision range.


(testBlameCallback): Check that a null range callback doesn't cause exceptions.

Follow up to r1851268: our coding guidelines say that output parameters

should come first in the function argument list.

* subversion/include/svn_client.h

(svn_client_blame6): Move start_revnum_p and end_revnum_p to the

beginning of the argument list and update the docstring to say that

either of these may be NULL.

* subversion/libsvn_client/blame.c

(svn_client_blame6): Update signature.

* subversion/svn/blame-cmd.c (svn_cl__blame),

subversion/libsvn_client/deprecated.c (svn_client_blame5),

subversion/bindings/javahl/native/SVNClient.cpp (SVNClient::blame):

Update all callers.

* subversion/include/svn_client.h



svn_client_blame6): Update doc strings, following r1851268.

* build.conf

(libsvn_subr): Following up on r1850611, add new private header to exports.

* subversion/include/private/svn_client_private.h

(svn_client__get_diff_summarize_callbacks): Update doc string, following r1835234.

* subversion/tests/libsvn_fs/locks-test.c (obtain_write_lock_failure):

Add a comment that explains why this test fails when run as root.

No functional change.

* CHANGES: Record r1851333 and reword r1845408.

Fix issue #4801: Make JavaHL blame return byte[] file contents in the

blame callback instead of assuming they can be converted to String.

[in subversion/bindings/javahl/src/org/apache/subversion/javahl]


(ISVNClient.blame): Add a new overload that uses the new BlameLineCallback.

Deprecate the other two overloads that use BlameCallback.


(SVNClient.blame): Implement new native overload and deprecate the old ones.

(SVNClient.BlameCallbackAdapter): New helper class.

* callback/

(BlameCallback): Deprecated.

* callback/

(BlameLineCallback): New, replaces BlameCallback.

[in subversion/bindings/javahl/tests/org/apache/subversion/javahl]


(testBasicBlame, testBlameWithDiffOptions): Suppress deprecation warnings

as these tests use the old API, and should continue to do so in order to

test the callback adapter.

(testBinaryBlame): New test case.

(collectBlameLines, BlameCallbackImpl): Suppress deprecation warnings.

(BlameLineCallbackImpl): New helper class.


(testBlameCallback): Use the new API in this test case.

[in subversion/bindings/javahl/native]

* org_apache_subversion_javahl_SVNClient.cpp

(Java_org_apache_subversion_javahl_SVNClient_blame): Update parameter order.

* BlameCallback.cpp

(BlameCallback::singleLine): Use BlameLineCallback instead of BlameCallback.

Fix blame field alignment, following r1851265,r1851268.

* subversion/svn/blame-cmd.c


blame_receiver): Move the field width calculation back to here,

(svn_cl__blame): after having over-enthusiastically moved it to here where

it wasn't calculated until after all the output was printed.

In shelving code: lock the whole WC when unshelving.

The immediate benefit is code simplification rather than functional.

* subversion/libsvn_client/shelf.c




wc_node_add): Don't lock the WC here...

(svn_client__shelf_apply): ... but here.

Move misplaced parameters out of the blame callback.

Part 2 of a commit started in r1851265.

* subversion/include/svn_client.h,


(svn_client_blame6): Move the start/end parameters from

svn_client_blame_receiver4_t to svn_client_blame6().

* subversion/libsvn_client/deprecated.c



svn_client_blame5): Adjust the compatibility wrapper.

Move misplaced parameters out of the blame callback.

The svn_client_blame_receiver4_t parameters "start_revnum" and "end_revnum"

do not really belong here because they are not per-line data. They are the

"resolved" versions of the input revnums to svn_client_blame6(). This patch

moves them to svn_client_blame6() output parameters.

* subversion/bindings/javahl/native/BlameCallback.h,



singleLine): Drop the start/end parameters.

* subversion/bindings/javahl/native/SVNClient.cpp

(blame): Adjust the call to svn_client_blame6(). Don't provide access to

the start/end parameters here, as we weren't providing access to them

through the callback. We could add them later.

* subversion/svn/blame-cmd.c


blame_receiver): Don't expect and process start/end revnums here.

(svn_cl__blame): Handle them here instead.

Update callers to use the newly revved svn_client_blame6() API.

* subversion/bindings/javahl/native/BlameCallback.h,



singleLine): Expect 'svn_string_t *' instead of 'char *'.

* subversion/bindings/javahl/native/SVNClient.cpp

(blame): Update the call to use svn_client_blame6.

* subversion/svn/blame-cmd.c


blame_receiver): Expect 'line' to be an svn_string_t.

(svn_cl__blame): Update to use svn_client_blame6 and


* subversion/include/svn_client.h

(svn_client_blame_receiver4_t): Improve doc string.

* subversion/include/svn_client.h

(svn_client_blame_receiver4_t): improve the doc string