Merge the 1.9.x-r1860936 branch: * r1860936, r1860951, r1860958 Provide a way for svnserve's 'get-deleted-rev' API to return 'not deleted'. Justification: Error handling was inconsistent across RA layers. Branch: ^/subversion/branches/1.9.x-r1860936 Votes: +1: julianfoad, stsp
Merge r1804691 and r1804692 from trunk:r1804691: * CVE-2017-9800 Justification: Malicious server can execute arbitrary command on client. Notes: patch: CVE-2017-9800/CVE-2017-9800-1.9.patch Votes: +1: philip, danielsh, stsp +1: astieger (without r78105)r1804692 corrects another bit of documentation, that is not present in tarballreleases. As a documentation fix it requires no voting.
Merge the r1717874 group from trunk: * r1717874, r1717875, r1717878, r1716808 Make inherited property api consistent over all ra layers Justification: Our ra implementations should follow the documentation... and should be as consistent as possible between each other. Only because the caller uses svn_path_url_add_component2() this wasn't noticed by our code. Notes: r1716808 needed for SVN_TEST_INT_ASSERT macro. I think it makes sense to backport this change to simplify future backports. Votes: +1: steveking (without r1716808) +1: ivan, rhuijben, stefan2
Merge the r1664078 group from trunk: * r1664078,r1664080,r1664187,r1664191,r1664200,r1664344,r1664588,r1664927,r1665886 Instead of making more changes to the auth batons from ra sessions, reduce the number of changes by introducing an internal slave auth baton feature. Justification: Without this patch (or a complete redesign of the auth layer), the ra sessions cache (currently on a feature branch), will open the ra sessions from outside configuration changes caused by opening other ra sessions. This patch not only reverts the additional changes to the auth baton on init that are new in 1.9, but also removes cases where we already applied similar changes inside specific ra providers. Notes: The reason I group this under release blockers, is to avoid the behavior change introduced in r1609499 from reaching released versions. The changes itself are safe for a later backport as it only affects ra-session internal state. Votes: +1: rhuijben, brane, philip