Checkout Tools
  • last updated 2 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
* subversion/include/svn_config.h: Fix pointer in comment.
* subversion/include/svn_config.h

(SVN_CONFIG_OPTION_NEON_DEBUG_MASK,

SVN_CONFIG_OPTION_HTTP_AUTH_TYPES,

SVN_CONFIG_OPTION_SSL_PKCS11_PROVIDER,

SVN_CONFIG_OPTION_HTTP_LIBRARY,

SVN_CONFIG_OPTION_STORE_PASSWORDS,

SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP,

SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT,

SVN_CONFIG_OPTION_MERGE_TOOL_CMD,

SVN_CONFIG_SECTION_SASL,

SVN_CONFIG_OPTION_USE_SASL,

SVN_CONFIG_OPTION_MIN_SSF): Add some version information.

* subversion/include/svn_config.h

(SVN_CONFIG_OPTION_NO_UNLOCK,

SVN_CONFIG_OPTION_MIMETYPES_FILE,

SVN_CONFIG_OPTION_PRESERVED_CF_EXTS): Add @since information.

* subversion/include/svn_config.h

(Client configuration files strings): Document the need to re-run gen-make.py

until issue #4581 is fixed.

Fix docstring issues in svn_config.h found during 1.9 API review.

No functional change.

* subversion/include/svn_config.h

(svn_config_auth_walk_func_t): Document the walk_baton parameter.

Merge the svn-auth-x509 branch to trunk.

This adds an X.509 parser which we use to display certificates via the auth

command rather than storing the details provided by serf from a connection.

* LICENSE,

NOTICE: Note that the X.509 parser is based on the parser from TropicSSL.

* build.conf

(libsvn_subr): Add svn_x509.h header to msvc-export.

(x509-test, __ALL_TESTS__): Add C tests for X.509 parser.

* subversion/include/private/svn_utf_private.h

(svn_utf__encode_ucs4_string, svn_utf__utf16_to_utf8,

svn_utf__utf32_to_utf8): New functions for converting various Unicode

character encodings needed by the X.509 parser.

* subversion/include/svn_x509.h: New header.

* subversion/include/svn_error_codes.h

(SVN_ERR_X509_CATEGORY_START): New category for errors from X.509 parser.

(SVN_ERR_ASN1_OUT_OF_DATA, SVN_ERR_ASN1_UNEXPECTED_TAG,

SVN_ERR_ASN1_INVALID_LENGTH, SVN_ERR_ASN1_LENGTH_MISMATCH,

SVN_ERR_ASN1_INVALID_DATA, SVN_ERR_X509_FEATURE_UNAVAILABLE,

SVN_ERR_X509_CERT_INVALID_PEM, SVN_ERR_X509_CERT_INVALID_FORMAT,

SVN_ERR_X509_CERT_INVALID_VERSION, SVN_ERR_X509_CERT_INVALID_SERIAL,

SVN_ERR_X509_CERT_INVALID_ALG, SVN_ERR_X509_CERT_INVALID_NAME,

SVN_ERR_X509_CERT_INVALID_DATE, SVN_ERR_X509_CERT_INVALID_PUBKEY,

SVN_ERR_X509_CERT_INVALID_SIGNATURE, SVN_ERR_X509_CERT_INVALID_EXTENSIONS,

SVN_ERR_X509_CERT_UNKNOWN_VERSION, SVN_ERR_X509_CERT_UNKNOWN_PK_ALG,

SVN_ERR_X509_CERT_SIG_MISMATCH, SVN_ERR_X509_CERT_VERIFY_FAILED):

New error codes.

* subversion/include/svn_config.h

(SVN_CONFIG_AUTHN_HOSTNAME_KEY, SVN_CONFIG_AUTHN_FINGERPRINT_KEY,

SVN_CONFIG_AUTHN_VALID_FROM_KEY, SVN_CONFIG_AUTHN_VALID_UNTIL_KEY,

SVN_CONFIG_AUTHN_ISSUER_DN_KEY): Remove constants used as keys for

storing parsed certificate info in authn files.

* subversion/libsvn_subr/x509parse.c,

subversion/libsvn_subr/x509info.c,

subversion/include/x509.h: New files for implementing the X.509 parser.

* subversion/libsvn_subr/ssl_server_trust_providers.c

(ssl_server_trust_file_first_credentials,

ssl_server_trust_file_save_credentials): Don't store/retrive parsed

details of X.509 certificates.

* subversion/libsvn_subr/utf.c

(membuf_insert_ucs4, svn_utf__utf16_to_utf8, svn_utf__utf32_to_utf8):

New functions to implement Unicode conversions.

* subversion/libsvn_subr/utf8proc.c

(encode_ucs4_string): Convert to the private function ...

(svn_utf__encode_ucs4_string): New function.

(svn_utf__glob): Update caller.

* subversion/svn/auth-cmd.c

(match_credential): Remove code to match the hostname/fingerprint since

the data isn't stored.

(show_cert): New function to drive the X.509 parser and then display

the certificate to the user.

(list_credential): Use show_cert().

* subversion/tests/libsvn_subr/utf-test.c

(test_utf_conversions, test_funcs): Add tests for new unicode character

set conversions.

* subversion/tests/libsvn_subr/x509-test.c: Add tests for X.509 parser.

[in subverison/bindings/javahl]

* native/jniwrapper/jni_base.cpp,

native/jniwrapper/jni_exception.hpp:

Add IllegalArgumentException exeption.

* native/AuthnCallback.cpp,

native/AuthnCallback.hpp,

src/org/apache/subversion/javahl/callback/AuthnCallback.java:

(AuthnCallback::SSLServerCertInfo): Update the getters and constructor to

reflect the info available from the X.509 parser.

* native/org_apache_subversion_javahl_util_ConfigLib.cpp

(build_credential): Update to feed AuthnCallback::SSLServerCertInfo the info

that is available.

(Java_org_apache_subversion_javahl_util_ConfigLib_nativeSearchCredentials):

Update the searching of the certificates to parse the certificate rather

than depending on the stored data.

* src/org/apache/subversion/javahl/SVNUtil.java

(SVNUtil.searchCredentials): Update hostnamePattern documentation.

* native/Promper.cpp

(Prompter::dispatch_ssl_server_trust_prompt): Update to reflect changes

to SSLServerCertInfo.

* src/org/apache/subversion/javahl/util/ConfigLib.java: Remove some commented

out code.

* tests/org/apache/subversion/javahl/UtilTests.java

(util_cred_ssl_server, testCredentials): Update tests as needed.

  1. … 29 more files in changeset.
Revert the changes in [1] that added the new "http-pipelining" option.

The issue that triggered addition of this option - serf issue 135: ssl

renegotiation breaks when there are pipelined requests - has been solved

in serf directly.

More specifically: serf 1.4 will automatically disable http pipelining for

connections to a server that initiates a SSL renegotiation.

[1] r1619072, r1619074, r1619079.

  1. … 5 more files in changeset.
Make 'svn status' ignore the thumbs.db files by default, which are

created by the Windows explorer.

* subversion/include/svn_config.h

(SVN_CONFIG__DEFAULT_GLOBAL_IGNORES_LINE_2): Add [Th]umbs.db.

Add an option "http-pipelining" to the servers configuration, so that a user

can disable HTTP pipelining in case that causes problems, e.g. during SSL

renegotiation triggered by the server to request a client certificate.

* subversion/include/svn_config.h

(SVN_CONFIG_OPTION_HTTP_PIPELINING): New boolean config option.

* subversion/libsvn_ra_serf/ra_serf.h

(struct svn_ra_serf__session_t): New member variable http_pipelining.

* subversion/libsvn_ra_serf/serf.c

(load_config): Load the value of the new option from the servers file. If not

set, use 'HTTP pipelining is enabled' by default.

(svn_ra_serf__open,

ra_serf_dup_session): Set the max. nr. of outstanding requests to 1

if HTTP pipelining is disabled.

* subversion/libsvn_ra_serf/update.c

(open_connection_if_needed): Set the max. nr. of outstanding requests to 1

if HTTP pipelining is disabled.

* subversion/libsvn_subr/config_file.c

(svn_config_ensure): Add the 'http-pipelining' option in the comment section

of the initial servers file.

  1. … 4 more files in changeset.
Allow clients to configure the working copy SQLite busy

timeout, this can be useful when exclusive locking is

enabled.

* subversion/include/private/svn_sqlite.h

(svn_sqlite__open): Add timeout parameter.

* subversion/include/svn_config.h

(SVN_CONFIG_OPTION_SQLITE_TIMEOUT): New.

* subversion/libsvn_subr/config_file.c

(svn_config_ensure): Describe new config option.

* subversion/libsvn_subr/sqlite.c

(internal_open, svn_sqlite__open): Add timeout parameter.

(svn_sqlite__hotcopy): Pass default timeout.

* subversion/libsvn_wc/wc_db_private.h

(struct svn_wc__db_t): Add timeout member.

(svn_wc__db_util_open_db): Add timeout parameter.

* subversion/libsvn_wc/wc_db_util.c

(svn_wc__db_util_open_db): Add timeout parameter.

* subversion/libsvn_wc/wc_db_wcroot.c

(svn_wc__db_open): Get timeout from config.

(svn_wc__db_wcroot_parse_local_abspath): Pass timeout.

* subversion/libsvn_wc/wc_db.c

(create_db): Add timeout parameter.

(svn_wc__db_init, svn_wc__db_upgrade_begin,

svn_wc__db_bump_format): Pass default timeout.

* subversion/libsvn_fs_fs/rep-cache.c

* subversion/libsvn_fs_x/rep-cache.c

(open_rep_cache): Pass default timeout.

* subversion/tests/libsvn_subr/sqlite-test.c

(open_db): Pass default timeout.

* subversion/tests/libsvn_wc/op-depth-test.c

(open_wc_db): Pass default timeout.

* subversion/tests/libsvn_wc/utils.c

(svn_test__create_fake_wc): Pass default timeout.

  1. … 12 more files in changeset.
The standard _dup() function pattern takes a const-qualified pointer to an

object and returns a mutable copy. Add 'const' to a few that didn't follow

that pattern.

(Note: This is one of the few changes that can be made to a released API

without breaking its API and ABI compatibility guarantees.)

* subversion/include/svn_config.h,

subversion/libsvn_subr/config.c

(svn_config_dup): Add 'const' as above.

* subversion/include/svn_error.h,

subversion/libsvn_subr/error.c

(svn_error_dup): Add 'const' as above.

* subversion/libsvn_fs_base/dag.h,

subversion/libsvn_fs_base/dag.c

(svn_fs_base__dag_dup): Add 'const' as above.

* subversion/libsvn_fs_x/index.h,

subversion/libsvn_fs_x/index.c

(svn_fs_x__p2l_entry_dup): Add 'const' as above.

  1. … 7 more files in changeset.
Fix Doxygen mark-up.

* subversion/include/svn_client.h

(svn_client_ctx_t): s/@Since/@since/.

(svn_client_cleanup): Mark the doc string as a Doxygen comment.

* subversion/include/svn_compat.h

(svn_compat_log_revprops_out): Correct a cross-reference.

* subversion/include/svn_config.h

(cached_authentication_data_attributes): Give this Doxygen group a title.

* subversion/include/svn_fs.h

(svn_fs_lock_target_t,

svn_fs_lock_result_t): Mark the doc strings as Doxygen comments.

(svn_fs_lock2): Correct a <tt> closing tag to </tt>.

(svn_fs_lock): Mark the doc string as a Doxygen comment.

(svn_fs_unlock2): Correct cross-references. s/pool/scratch_pool/.

* subversion/include/svn_mergeinfo.h

(SVN_MERGEINFO_NONINHERITABLE_STR): Mark the doc string as a Doxygen

comment.

(svn_rangelist_t, svn_mergeinfo_t, svn_mergeinfo_catalog_t): Give each of

these types its own Doxygen doc string.

* subversion/include/svn_path.h

(svn_path_illegal_path_escape): Mark the doc string as a Doxygen comment.

* subversion/include/svn_ra.h

(svn_ra_get_file_revs2): s/@handler/@a handler/g.

* subversion/include/svn_repos.h

(svn_repos_get_logs4): Correct a cross-reference.

(svn_repos_get_file_revs2): s/@handler/@a handler/g.

* subversion/include/svn_types.h

(svn_move_behavior_t): Mark each member's doc string as a Doxygen comment.

* subversion/include/svn_wc.h

(svn_wc_conflict_description3_t): Mark a member's doc string as a Doxygen

comment.

(svn_wc_conflict_description_create_text2,

svn_wc_conflict_description_create_prop2,

svn_wc_conflict_description_create_tree2): Mark the doc string as a

Doxygen comment, and use () notation for a function cross-reference.

(svn_wc_conflict_resolver_func2_t): Mark the doc string as a Doxygen

comment.

  1. … 9 more files in changeset.
Store human-readable information about SSL certificates in the auth store.

This info will later be displayed by 'svn auth', which currently parses

cached SSL certificates to obtain the same information. This new information

can also be accessed by third party clients more easily.

Suggested by: rhuijben

* subversion/include/svn_config.h

(SVN_CONFIG_AUTHN_HOSTNAME_KEY,

SVN_CONFIG_AUTHN_FINGERPRINT_KEY,

SVN_CONFIG_AUTHN_VALID_FROM_KEY,

SVN_CONFIG_AUTHN_VALID_UNTIL_KEY,

SVN_CONFIG_AUTHN_ISSUER_DN_KEY): New hash key contants. Adjust the docstring

for this group of constants which implied that all contants defined here

were already present before 1.9.

* subversion/libsvn_subr/ssl_server_trust_providers.c

(ssl_server_trust_file_first_credentials): When reading a cert hash which

lacks the new human-readable info, add the info and save the cert.

The idea is to update existing data if possible. However, in practice

this function will only be called if verification of a cached cert

suddenly fails. So in most cases only newly saved certs will have

human-readable information.

(ssl_server_trust_file_save_credentials): Save new human-readable cert info.

  1. … 1 more file in changeset.
* subversion/include/svn_config.h: Add a speparate @since marker to every

SVN_CONFIG_AUTHN_* constant, in preparation for adding more constants.

Provide config:miscellany:enable-magic-file to control the use of

libmagic. There are environment variables that do this already but

they are not specific to Subversion and affect other applications.

* subversion/include/svn_config.h

(SVN_CONFIG_OPTION_ENABLE_MAGIC_FILE): New.

* subversion/include/private/svn_magic.h

(svn_magic__init): Add config parameter.

* subversion/libsvn_subr/config_file.c

(svn_config_ensure): Document new setting.

* subversion/libsvn_subr/magic.c

(svn_magic__init): Check for enable-magic-file=no.

* subversion/libsvn_client/add.c

(add): Pass config to svn_magic__init.

* subversion/libsvn_client/import.c

(import): Pass config to svn_magic__init.

  1. … 5 more files in changeset.
Follow-up to r1572640: update documentation.

* subversion/include/svn_config.h

(SVN_CONFIG_REALMSTRING_KEY,

SVN_CONFIG_AUTHN_USERNAME_KEY,

SVN_CONFIG_AUTHN_PASSWORD_KEY,

SVN_CONFIG_AUTHN_PASSPHRASE_KEY,

SVN_CONFIG_AUTHN_PASSTYPE_KEY,

SVN_CONFIG_AUTHN_ASCII_CERT_KEY,

SVN_CONFIG_AUTHN_FAILURES_KEY): Split docstrings for doxygen. Minor

docstring updates. Move into a new 'cached_authentication_data_attributes'

doxygen subgroup.

Make the auth cache hash keys part of the public API.

This allows API consumers to make better use of the data returned by

functions like svn_config_walk_auth_data(), eliminates duplicate

definitions of some of these keys, and makes it easier to add new

key definitions in the future.

There is no reason for these definitions to be private since we are

unlikely to remove existing hash keys used by the on-disk format.

* subversion/include/svn_config.h

(SVN_CONFIG_AUTHN_USERNAME_KEY,

SVN_CONFIG_AUTHN_PASSWORD_KEY,

SVN_CONFIG_AUTHN_PASSPHRASE_KEY,

SVN_CONFIG_AUTHN_PASSTYPE_KEY,

SVN_CONFIG_AUTHN_ASCII_CERT_KEY,

SVN_CONFIG_AUTHN_FAILURES_KEY): Declare and document. Equivalent to

local AUTHN_* macro definitions in the various files below.

* subversion/libsvn_subr/simple_providers.c,

subversion/libsvn_subr/ssl_client_cert_pw_providers.c,

subversion/libsvn_subr/ssl_server_trust_providers.c,

subversion/libsvn_subr/username_providers.c,

subversion/svn/auth-cmd.c: Remove local definitions of hash keys and

use the global definitions instead.

  1. … 5 more files in changeset.
* subversion/include/svn_config.h

(svn_config_walk_auth_data): Fix a small oversight from r1466183, which

renamed the cleanup_func paramter to walk_func but didn't update the

docstring accordingly.

* subversion/include/svn_config.h

(SVN_CONFIG_OPTION_PASSWORD_STORES,

SVN_CONFIG_OPTION_KWALLET_WALLET,

SVN_CONFIG_OPTION_KWALLET_SVN_APPLICATION_NAME_WITH_PID,

SVN_CONFIG_OPTION_INTERACTIVE_CONFLICTS,

SVN_CONFIG_OPTION_MEMORY_CACHE_SIZE):

Document when these macros were added.

Add some initial support for the logging framework that should be available in

Serf 1.4.0 and later.

This should allow getting some logging output on stderr with:

$ svn --config-option servers:global:serf-log-components=255 \

ls https://svn.apache.org/repos/asf/subversion

And all output with

$ svn --config-option servers:global:serf-log-components=255 \

--config-option servers:global:serf-log-level=8 \

ls https://svn.apache.org/repos/asf/subversion

Currently you need to compile against serf trunk to enable this.

* notes/knobs

Add SVN_SERF_NO_LOGGING.

* subversion/include/svn_config.h

(SVN_CONFIG_OPTION_SERF_LOG_COMPONENTS,

SVN_CONFIG_OPTION_SERF_LOG_LEVEL): New define.

* subversion/libsvn_ra_serf/serf.c

(load_config): When serf >= 1.4 load serf log configuration.

  1. … 2 more files in changeset.
Hide some private macros from Doxygen.

* subversion/include/svn_config.h:

(SVN_CONFIG__DEFAULT_GLOBAL_IGNORES_LINE_1,

SVN_CONFIG__DEFAULT_GLOBAL_IGNORES_LINE_2): Hide from doxygen.

Follow-up to r1509186:

* subversion/include/svn_config.h

(svn_config_walk_auth_data): Note the birth date of the new behaviour.

Followup to r1507382: Document that the config_dir paramete can be passed as

NULL and that this means using the default config dir location.

* subversion/include/svn_config.h

(svn_config_walk_auth_data): Document that config_dir can be NULL

Revert r1507367. I committed the wrong file with unintended changes.

* subversion/include/svn_config.h:

(svn_hash_sets): Change temp variable name to avoid shadow warnings.

Suggested by: philip

[Reverted in r1507390, the entirely wrong file was committed and the above

description is not accurate]

Merge tristate-chunked-requests branch onto trunk.

subversion/include/svn_config.h

(SVN_CONFIG_OPTION_HTTP_DETECT_CHUNKING): Renamed to ...

(SVN_CONFIG_OPTION_HTTP_CHUNKED_REQUESTS): New.

* subversion/libsvn_ra_serf/serf.c

(load_config): Switch to using the tristate option.

* subversion/libsvn_ra_serf/util.c

(svn_ra_serf__error_on_status): Suggest the tristate option be set to auto

or no when we get a 411.

* subversion/libsvn_subr/config_file.c

(svn_config_ensure): Update to reflect change in config option.

  1. … 4 more files in changeset.
Resolve concerns about the chunked detection config "knob".

Proposed by: danielsh, breser

* subversion/include/svn_config.h:

(SVN_CONFIG_OPTION_BUSTED_PROXY): rename to ...

(SVN_CONFIG_OPTION_HTTP_DETECT_CHUNKING): ... this

* subversion/libsvn_ra_serf/ra_serf.h:

(svn_ra_serf__session_t): rename BUSTED_PROXY to DETECT_CHUNKING and

relocate in the structure to a more appropriate location.

* subversion/libsvn_ra_serf/serf.c:

(load_config, svn_ra_ser__open): switch structure member and config symbol

* subversion/libsvn_subr/config_file.c:

(svn_config_ensure): adjust help text, mostly cribbed from breser,

with edits to reduce word/line count.

  1. … 3 more files in changeset.
* subversion/include/svn_config.h

(svn_config_auth_walk_func_t): Rename cleanup_baton to walk_baton, since it

corresponds to the walk_baton parameter of svn_config_walk_auth_data().

Switch the config name and semantics to busted-proxy.

For now, it retains the static configuration-based behavior. Future

work will perform runtime detection.

* subversion/include/svn_config.h:

(SVN_CONFIG_OPTION_HTTP_CHUNKED_REQUESTS): renamed to ...

(SVN_CONFIG_OPTION_BUSTED_PROXY): ... this

* subversion/libsvn_ra_serf/ra_serf.h:

(svn_ra_serf__session_t): change USING_PROXY to boolean. add

BUSTED_PROXY flag (loaded from config)

* subversion/libsvn_ra_serf/serf.c:

(load_config): load the BUSTED_PROXY configuration data. if a proxy

is being used and the proxy may be busted, then disable chunked

requests

(svn_ra_serf__open): initialize USING_CHUNKED_REQUESTS

* subversion/libsvn_subr/config_file.c:

(svn_config_ensure): rename flag and adjust description

  1. … 3 more files in changeset.
Add new 'http-chunked-requests' configuration option to control using

of chunked transfer encoding for HTTP/1.1 servers.

* subversion/include/svn_config.h

(SVN_CONFIG_OPTION_HTTP_CHUNKED_REQUESTS): New.

* subversion/libsvn_ra_serf/ra_serf.h

(svn_ra_serf__session_t): Add USING_CHUNKED_REQUESTS flag.

* subversion/libsvn_ra_serf/serf.c

(load_config): Parse 'http-chunked-requests' configuration option.

* subversion/libsvn_ra_serf/util.c

(setup_serf_req): Set Content-Length if USING_CHUNKED_REQUESTS is zero.

* subversion/libsvn_subr/config_file.c

(svn_config_ensure): Mention 'http-chunked-requests' in 'servers' file

template.

  1. … 4 more files in changeset.