Checkout Tools
  • last updated 5 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Use more of the new _safe variants of canonicalization functions.

* subversion/svnserve/serve.c

(find_repos): Use svn_dirent_canonicalize_safe() instead of


Use more of the new _safe variants of canonicalization functions.

This commit converts relpath function calls in svnserve.

* subversion/svnserve/serve.c

(set_path, delete_path, link_path, add_lock_tokens, unlock_paths, get_file,

get_dir, update, switch_cmd, status, diff, get_mergeinfo, log_cmd,

check_path, stat_cmd, get_locations, get_location_segments, get_file_revs,

lock, lock_many, unlock, unlock_many, get_lock, get_locks, get_deleted_rev,

get_inherited_props, list, find_repos): Use svn_relpath_canonicalize_safe()

instead of svn_relpath_canonicalize().

Introduce more use of the new _safe variants of canonicalization functions.

This commit converts uri function calls in svnserve; more to follow.

* subversion/svnserve/serve.c

(canonicalize_access_file, link_path, reparent, switch_cmd, diff,

construct_server_baton): Call svn_uri_canonicalize_safe() instead

of svn_uri_canonicalize().

* subversion/svnserve/serve.c

(construct_server_baton): Report some errors that we previously ignored.

In svnserve, consistently handle errors in opening a repository.

These errors are still logged and reported to the client, as they were

before, but now it is done in the same way as everywhere else. (The error

logging now happens higher up the call stack.)

* subversion/svnserve/serve.c

After reporting an error to the client, don't log it explicity here and

then clear it; instead return it so the caller can do so.

Provide a way for svnserve's 'get-deleted-rev' API to return 'not deleted'.

Previously the answer 'not deleted' was indistinguishable from an error when

using the svnserve protocol.

The standard 'svn' client software does not appear to invoke this case, but

it is meant to be a valid answer and is supported by the other repository

access protocols.

To work around the problem without changing the protocol, we re-purpose the

obsolete error code 'SVN_ERR_ENTRY_MISSING_REVISION' to communicate this

'not deleted' reply to the client.

(Re-purposing an old error code was not essential. An alternative would be

to create a new error code which would become part of the public API in the

next minor release, but would be deemed non-public when backported to older

release lines.)

Behaviour changes:

- With a new client against a new server, such queries are now handled


- With an old client against a new server, the client will report a more

informative error message.

- With a new client against an old server, there is no improvement.

* subversion/svnserve/serve.c

(get_deleted_rev): If the answer is SVN_INVALID_REVNUM, return a


* subversion/libsvn_ra_svn/client.c

(ra_svn_get_deleted_rev): Convert the error SVN_ERR_ENTRY_MISSING_REVISION

back to a response of SVN_INVALID_REVNUM.

* subversion/tests/libsvn_ra/ra-test.c

(commit_two_changes): New.


test_get_deleted_rev_errors): New tests.

(test_funcs): Run them.

  1. … 2 more files in changeset.
Introduce a warning callback to the authz file parser API.

We need this to warn about the use of empty groups in authz files;

this is not an error and doesn't affect the authz file semantics,

but it's nice to be able to tell the user about it.

See issues #4794, #4802 and #4803.

* subversion/include/svn_repos.h

(svn_repos_authz_warning_func_t): New callback function type.

(svn_repos_authz_read4): New; API revision.

(svn_repos_authz_read3): Deprecated.

(svn_repos_authz_parse2): New; API revision.

(svn_repos_authz_parse): Deprecated.

* subversion/libsvn_repos/authz.h

(svn_authz__parse): Add warning function and baton parameters.

* subversion/libsvn_repos/authz.c

(authz_read): Add warning function and baton parameters.

Update calls to svn_authz__parse.

(svn_repos_authz_read4): Revised from svn_repos_authz_read3.

(svn_repos_authz_parse2): Revised from svn_repos_authz_parse.

* subversion/libsvn_repos/authz_parse.c

(struct ctor_baton_t): Add members warning_func and warning_baton.

(create_ctor_baton): Initialise these new members of the constructor baton.

(emit_parser_warning): New.

(SVN_AUTHZ_PARSE_WARN): New; wrapper macro for the above.

(array_insert_ace): Ignore and warn about the use of empty groups.

(svn_authz__parse): Update implementation to match prototype.

* subversion/libsvn_repos/deprecated.c

(svn_repos_authz_read3, svn_repos_authz_parse): Implement deprecated functions.

* subversion/mod_authz_svn/mod_authz_svn.c

(log_svn_message): New; replaces log_svn_error so that it's useful for

logging warnings as well.

(log_svn_error): Reimplement, calling log_svn_message.

(struct authz_warning_baton_t): New.

(log_authz_warning): New.

(get_access_conf): Set up an authz warning handler and baton, and call

svn_repos_authz_read4 instead of svn_repos_authz_read3.

* subversion/svnserve/logger.h

(logger__log_error): Make the 'err' parameter a pointer-to-const.

Update the docstring to say that the error is not cleared.

(logger__log_warning): New.

* subversion/svnserve/logger.c

(log_message): New; common base for logger__log_error and logger__log_message.

Also *do not* allocate 8k on the stack, use the logger pool, which gets

cleared at the end of the function.

(logger__log_error): Reimplement.

(logger__log_warning): Implement.

* subversion/svnserve/serve.c

(log_error): Make the error parameter const. Fix the docstring.

(log_warning): New.

(load_authz_config): Add warning function and baton parameters and fix pool

handling. Now calls svn_repos_authz_read4 instead of svn_repos_authz_read3.

(find_repos): Add warning function and baton parameters for load_authz_config.

(handle_authz_warning): New.

(construct_server_baton): Pass an authz warning handler and baton to find_repos.

* subversion/tests/cmdline/

(group_member_empty_string): Fix docstring.

(empty_group): New test case.

(test_list): Run it.

* subversion/tests/cmdline/

(svnauthz_empty_group_test): Extend the @Issues decorator.

Add a check for the expected warning on stderr.

  1. … 10 more files in changeset.
Update issue tracker links in comments, from Tigris (issuezilla) to Apache (Jira).

URL fragment identifiers like '#desc5' are left in place, not yet updated.

This is a merge of r1828508 from the 'shelve-checkpoint' branch where I

committed it by mistake.

  1. … 43 more files in changeset.
Deprecate the previous version of the command-line help text API, following


* subversion/include/svn_opt.h


* subversion/libsvn_subr/opt.c

Move deprecated functions and their helpers (and copy one of them)...

* subversion/libsvn_subr/deprecated.c

... to here.

* subversion/svnmucc/svnmucc.c,







Bump remaining calls to svn_opt_print_help4() to svn_opt_print_help5().

  1. … 9 more files in changeset.
In ra_svn, use SVNDIFF2 if supported by both sides of the connection and

compression has not been disabled.

We use this opportunity to factor out the code that decides what svndiff

version to use.

* subversion/include/private/svn_ra_svn_private.h

(svn_ra_svn__svndiff_version): Declare new utility function.

* subversion/libsvn_ra_svn/marshal.c

(svn_ra_svn__svndiff_version): Implement, taking most of the logic from

the following two callers.

* subversion/libsvn_ra_svn/editorp.c

(ra_svn_apply_textdelta): Use the new utility to pick an appropriate

svndelta level.

* subversion/svnserve/serve.c

(file_rev_handler): Same.

  1. … 3 more files in changeset.
ra_svn: Advertise acceptance of svndiff2 deltas.

Add an "accepts-svndiff2" wire capability, and have both the client and

the server advertise it. While currently neither the client nor the

server sends svndiff2 over the wire, this capability will allow

1.11 endpoints to send svndiff2 to 1.10 endpoints.

No change was needed beyond the capability addition; the incumbent code

would already accept svndiff2 if a (non-compliant) remote endpoint used it.

* subversion/libsvn_ra_svn/protocol

(accepts-svndiff2): New wire capability.

* subversion/include/svn_ra_svn.h


* subversion/svnserve/serve.c

(file_rev_handler): Note that this is where we could act on the

new capability.

(construct_server_baton): Advertise the new capability.

* subversion/libsvn_ra_svn/editorp.c

(ra_svn_apply_textdelta): Note that this is where we could act on the

new capability.

* subversion/libsvn_ra_svn/client.c

(open_session): Advertise the new capability.

  1. … 4 more files in changeset.
svnserve: Make use-sasl=true a fatal error in SASL-less builds.

As a side effect, this revision also stops explicitly initializing 'min_ssf'

and 'max_ssf' in non-SASL mode.

This patch was tracked as SVN-4629.

* subversion/svnserve/serve.c

(find_repos): Check 'use-sasl' in SASL-less builds, too.

* subversion/libsvn_repos/repos.c

(create_conf): Update documentation.

* notes/api-errata/1.10/: New.

* notes/api-errata/1.10/svnserve001.txt: New.

  1. … 3 more files in changeset.
Consistently use uint32 for dirent_fields. Some places used uint64.

* subversion/include/private/svn_log.h


svn_log__list): Make the DIRENT_FIELDS parameter 32 bits.

* subversion/include/private/svn_ra_svn_private.h

(svn_ra_svn__write_dirent): Same.

* subversion/libsvn_ra_svn/marshal.c

(svn_ra_svn__write_dirent): Same.

* subversion/libsvn_subr/log.c


svn_log__list): Same.

* subversion/svnserve/serve.c



list_receiver_baton_t): Update all parameter, local variable and

struct member types.

  1. … 4 more files in changeset.
Following up on r1787023, also validate the --memory-cache-size/-M

argument on a few other tools.

Note that svnsync uses the same argument, but implements this in a

different way than all these other tools.

* subversion/svnfsfs/svnfsfs.c

(sub_main): Validate argument.

* subversion/svnlook/svnlook.c

(sub_main): Validate argument.

* subversion/svnserve/svnserve.c

(sub_main): Validate argument.

  1. … 2 more files in changeset.
Make the svn_ra_get_mergeinfo streamy for ra_svn.

All the groundwork has been done in the repos and FS layers and we

only need to use the new callback-based API.

* subversion/svnserve/serve.c



mergeinfo_receiver): The new callback code.

(get_mergeinfo): Bump to using the new API.

Merging branches/authzperf to /trunk and remove BRANCH-README.
  1. … 33 more files in changeset.
Change the svn_*_list APIs to use NULL as the "don't filter by pattern"

parameter instead of an empty pattern list.

Suggested by: Patrick Steinhardt (patrick.steinhardt at

* subversion/include/svn_repos.h

(svn_repos_list): Document the new PATTERN options behavior.

* subversion/libsvn_repos/list.c

(matches_any): Implement the new behavior.

(svn_repos_list): Empty lists will almost always be created by dumb

scripts. It's probably a good idea to explicitly

not waste any resources in the degenerate case.

* subversion/include/svn_ra.h

(svn_ra_list): Document the new PATTERN options behavior.

* subversion/libsvn_ra_svn/protocol

(3.1.1. Main Command Set): The patterns list in the list command is

now optional.

* subversion/libsvn_subr/log.c

(svn_log__list): Make the logging cope with NULL pattern lists.

* subversion/svnserve/serve.c

(list): Receive NULL for PATTERNS, if no list was received.

* subversion/libsvn_ra_svn/client.c

(ra_svn_list): Omit the pattern list entirely, if patterns is NULL.

* subversion/include/svn_client.h

(svn_client_list4): Document the new PATTERN options behavior.

(svn_client_list3): Update docstring.

* subversion/libsvn_client/deprecated.c

(svn_client_list3): Update implementation.

* subversion/libsvn_client/list.c

(match_patterns): Implement the new behavior.

(list_internal): Update docstring.

* subversion/svn/list-cmd.c

(svn_cl__list): If no patterns were specified, pass NULL to the API.

* subversion/svnbench/null-list-cmd.c

(svn_cl__null_list): Same.

  1. … 11 more files in changeset.
* subversion/svnserve/serve.c

(find_repos): Call svn_repos_hooks_setenv() like mod_dav_svn and ra_local do.

Otherwise the hook env feature remains disabled.

Reported by: Steven Simpson via users@

Change the ra_svn protocol for the list command response.

Make all dirent fields optional and have the dirent-fields flags control

which ones to transmit.

* subversion/libsvn_ra_svn/protocol

(3.1.1. Main Command Set): Replace the sub-struct with a list of

optional fields for the 'list' command.

Also document the optional nature of the

'kind' field and that the dirent-field is


* subversion/include/private/svn_ra_svn_private.h

(svn_ra_svn__write_dirent): Declare new serialization utility.

* subversion/libsvn_ra_svn/marshal.c

(svn_ra_svn__write_dirent): Implement.

* subversion/svnserve/serve.c

(list_receiver_baton_t): Pass on the dirent-fields instead of a simple

flag such that we can send exactly what the

client asked for.

(list_receiver): Call the new serialization utility.

(list): Update caller to baton change.

* subversion/libsvn_ra_svn/client.c

(ra_svn_list): Update the format string to reflect the protocol change.

Suggested by: danielsh

  1. … 4 more files in changeset.
Implement svn_ra_list in ra_svn. The wire protocol for this command

has been insprired by the get-log and get-dir commands alike.

* subversion/libsvn_ra_svn/protocol

(2.1 Capabilities): Add the 'list' capability.

(3.1.1. Main Command Set): Add the protocol of the 'list' command.

* subversion/include/svn_ra_svn.h

(SVN_RA_CAPABILITY_LIST): Declare this new capability in code.

* subversion/svnserve/serve.c



list): Implement the new command.

(main_commands): Register the new command handler.

(construct_server_baton): Advertise the new capability.

* subversion/libsvn_ra_svn/client.c

(ra_svn_has_capability): Check for the new capability as well.

(ra_svn_list): Client-side implementation of the protocol.

(ra_svn_vtable): Register the new list function.

* subversion/include/private/svn_log.h

(svn_log__list): Add a new internal API to allow for logging the

new list command.

* subversion/libsvn_subr/log.c

(svn_log__list): Implement.

  1. … 5 more files in changeset.

Split a couple of functions to reduce the size of upcomming commits.

* subversion/libsvn_ra_svn/client.c

(send_dirent_fields): Extract this function from ...

(ra_svn_get_dir): ... this one.

* subversion/svnserve/serve.c

(parse_dirent_fields): Extract this function from ...

(get_dir): ... this one.

  1. … 1 more file in changeset.
svnserve: Reject invalid usernames when SASL is being used.

* subversion/svnserve/cyrus_auth.c

(canonicalize_username): Extend the sanity checks.

Wrap all of the SASL API that we use into a set of private functions

in order to silence the horde of warnings that are emitted on OSX

thanks to Apple having deprecated all of SASL.

* subversion/include/private/svn_wrapped_sasl.h,

subversion/libsvn_subr/wrapped_sasl.c: New. SASL API wrappers.

* subversion/include/private/ra_svn_sasl.h:

Include private/svn_wrapped_sasl.h instead of the SASL headers.

* subversion/libsvn_ra_svn/cyrus_auth.c

subversion/svnserve/cyrus_auth.c: Replace all direct calls to SASL

with calls to our wrapper functions.

  1. … 4 more files in changeset.
Add a compile-time sanity check.

* subversion/svnserve/server.h

(repository_t::min_ssf, repository_t::max_ssf):

Hide SASL-specific struct members from SASL-less builds.

More ra-svn finetuning.

* subversion/include/private/svn_ra_svn_private.h

(svn_ra_svn__write_data_log_changed_path): We now know the path length

in advance.

* subversion/libsvn_ra_svn/marshal.c

(svn_ra_svn__write_data_log_changed_path): Update implementation.

* subversion/svnserve/serve.c

(path_change_receiver): Update caller.

  1. … 2 more files in changeset.
Minor tuning of svnserve's log processing.

* subversion/svnserve/serve.c

(revision_receiver): Skip revprop filtering when we don't need it -

which is like 99% of the time.

Switch svnserve to using the streamy log API.

* subversion/svnserve/serve.c

(log_baton_t): Add a bookkeeping flag.

(path_change_receiver): Additional callback required by the new API.

(log_receiver): Renamed to ...

(revision_receiver): ... this and update the callback signature.

Remove path changes handling here. Add logic to

check when we have to add "open struct" markers.

(log_cmd): Call new API.

Fix bug when svn_ra_get_dir2() will fail if invoked with SVN_DIRENT_SIZE, but

without SVN_DIRENT_KIND. There is no user visible bug, since Subversion

command line client always ask for SVN_DIRENT_KIND.

* subversion/libsvn_ra_local/ra_plugin.c

(svn_ra_local__get_dir): Do not access possibly uninitialized local variable.

* subversion/svnserve/serve.c

(get_dir): Do not access possibly uninitialized local variable.

* subversion/tests/libsvn_ra/ra-test.c

(get_dir_test): Extend test to test svn_ra_get_dir2(SVN_DIRENT_SIZE).

  1. … 2 more files in changeset.
Add runtime configuration option to enable FSFS node properties caching

without enabling full-texts caching.

* subversion/include/svn_fs.h


* subversion/libsvn_fs_fs/caching.c

(read_config): Parse SVN_FS_CONFIG_FSFS_CACHE_NODEPROPS FS config flag.

(svn_fs_fs__initialize_caches): Enable node properties caching if needed.

* subversion/mod_dav_svn/dav_svn.h

(dav_svn__get_nodeprop_cache_flag): New.

* subversion/mod_dav_svn/mod_dav_svn.c

(dir_conf_t): Add NODEPROP_CACHE member.

(merge_dir_config): Merge NODEPROP_CACHE setting.

(SVNCacheNodeProps_cmd): New.

(dav_svn__get_nodeprop_cache_flag): New.

(cmds): Add SVNCacheNodeProps directive.

* subversion/mod_dav_svn/repos.c

(get_resource): Pass node properties caching setting to svn_repos_open3().

* subversion/svnadmin/svnadmin.c

(open_repos): Enable node properties caching to match Subversion 1.9.0


* subversion/svnserve/svnserve.c


(svnserve__options): Add '--cache-nodeprops' command line parameter.

(sub_main): Handle '--cache-nodeprops' command line parameter.

* subversion/tests/libsvn_fs_fs/fs-fs-fuzzy-test.c

(fuzzing_1_byte_1_rev): Enable node properties caching to match

Subversion 1.9.0 behavior.

  1. … 7 more files in changeset.
Following up on r1714330, implement a similar limit to svnserve responses.

If --max-response-size is specified and a response exceeds that limit,

it gets truncated and the connetion will be reset. This allows us to limit

the server load caused by "don't do that" type of requests like exporting

the root of the repository instead of some project branch.

By default, this limit is 0, i.e. inactive.

* subversion/include/svn_error_codes.h


* subversion/include/svn_ra_svn.h

(svn_ra_svn_create_conn5): Add another limit parameter.

* subversion/libsvn_ra_svn/ra_svn.h

(svn_ra_svn_conn_st): Add fields for the new data counter and its limit.

* subversion/libsvn_ra_svn/deprecated.c

(svn_ra_svn_create_conn4): Update.

* subversion/libsvn_ra_svn/marshal.c

(svn_ra_svn_create_conn5): Initialize the new struct elements.

(svn_ra_svn__reset_command_io_counters): One more counter to reset.

(check_io_limits): One more limit to check.

(writebuf_output): Count outgoing data and enforce limits.

* subversion/svnserve/server.h

(serve_params_t): Add field for the new --max-response-size option.

* subversion/svnserve/serve.c

(serve_interruptable): Pass the new option to the bumped API.

* subversion/svnserve/svnserve.c

(SVNSERVE_OPT_MAX_RESPONSE): Declare the new option.

(svnserve__options): Define and document the new option.

(sub_main): Handle the new option and pass it to the bumped API.

  1. … 5 more files in changeset.