Checkout Tools
  • last updated 1 hour ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 1804698 is being indexed.

Merge r1804691 and r1804692 from trunk:


* CVE-2017-9800


Malicious server can execute arbitrary command on client.


patch: CVE-2017-9800/CVE-2017-9800-1.9.patch


+1: philip, danielsh, stsp

+1: astieger (without r78105)

r1804692 corrects another bit of documentation, that is not present in tarball

releases. As a documentation fix it requires no voting.

  1. … 4 more files in changeset.
Merge the r1717874 group from trunk:

* r1717874, r1717875, r1717878, r1716808

Make inherited property api consistent over all ra layers


Our ra implementations should follow the documentation... and should

be as consistent as possible between each other. Only because the

caller uses svn_path_url_add_component2() this wasn't noticed by

our code.


r1716808 needed for SVN_TEST_INT_ASSERT macro. I think it makes

sense to backport this change to simplify future backports.


+1: steveking (without r1716808)

+1: ivan, rhuijben, stefan2

  1. … 5 more files in changeset.
Merge the r1664078 group from trunk:

* r1664078,r1664080,r1664187,r1664191,r1664200,r1664344,r1664588,r1664927,r1665886

Instead of making more changes to the auth batons from ra sessions, reduce

the number of changes by introducing an internal slave auth baton feature.


Without this patch (or a complete redesign of the auth layer), the

ra sessions cache (currently on a feature branch), will open the ra

sessions from outside configuration changes caused by opening other

ra sessions. This patch not only reverts the additional changes to the

auth baton on init that are new in 1.9, but also removes cases where we

already applied similar changes inside specific ra providers.


The reason I group this under release blockers, is to avoid the behavior

change introduced in r1609499 from reaching released versions. The changes

itself are safe for a later backport as it only affects ra-session

internal state.


+1: rhuijben, brane, philip

  1. … 15 more files in changeset.