Checkout Tools
  • last updated 1 hour ago
Constraints: committers
Constraints: files
Constraints: dates
Use more of the new _safe variants of canonicalization functions.

* subversion/svnserve/serve.c

(find_repos): Use svn_dirent_canonicalize_safe() instead of


Use more of the new _safe variants of canonicalization functions.

This commit converts relpath function calls in svnserve.

* subversion/svnserve/serve.c

(set_path, delete_path, link_path, add_lock_tokens, unlock_paths, get_file,

get_dir, update, switch_cmd, status, diff, get_mergeinfo, log_cmd,

check_path, stat_cmd, get_locations, get_location_segments, get_file_revs,

lock, lock_many, unlock, unlock_many, get_lock, get_locks, get_deleted_rev,

get_inherited_props, list, find_repos): Use svn_relpath_canonicalize_safe()

instead of svn_relpath_canonicalize().

Introduce more use of the new _safe variants of canonicalization functions.

This commit converts uri function calls in svnserve; more to follow.

* subversion/svnserve/serve.c

(canonicalize_access_file, link_path, reparent, switch_cmd, diff,

construct_server_baton): Call svn_uri_canonicalize_safe() instead

of svn_uri_canonicalize().

* subversion/svnserve/serve.c

(construct_server_baton): Report some errors that we previously ignored.

In svnserve, consistently handle errors in opening a repository.

These errors are still logged and reported to the client, as they were

before, but now it is done in the same way as everywhere else. (The error

logging now happens higher up the call stack.)

* subversion/svnserve/serve.c

After reporting an error to the client, don't log it explicity here and

then clear it; instead return it so the caller can do so.

Provide a way for svnserve's 'get-deleted-rev' API to return 'not deleted'.

Previously the answer 'not deleted' was indistinguishable from an error when

using the svnserve protocol.

The standard 'svn' client software does not appear to invoke this case, but

it is meant to be a valid answer and is supported by the other repository

access protocols.

To work around the problem without changing the protocol, we re-purpose the

obsolete error code 'SVN_ERR_ENTRY_MISSING_REVISION' to communicate this

'not deleted' reply to the client.

(Re-purposing an old error code was not essential. An alternative would be

to create a new error code which would become part of the public API in the

next minor release, but would be deemed non-public when backported to older

release lines.)

Behaviour changes:

- With a new client against a new server, such queries are now handled


- With an old client against a new server, the client will report a more

informative error message.

- With a new client against an old server, there is no improvement.

* subversion/svnserve/serve.c

(get_deleted_rev): If the answer is SVN_INVALID_REVNUM, return a


* subversion/libsvn_ra_svn/client.c

(ra_svn_get_deleted_rev): Convert the error SVN_ERR_ENTRY_MISSING_REVISION

back to a response of SVN_INVALID_REVNUM.

* subversion/tests/libsvn_ra/ra-test.c

(commit_two_changes): New.


test_get_deleted_rev_errors): New tests.

(test_funcs): Run them.

  1. … 2 more files in changeset.
Introduce a warning callback to the authz file parser API.

We need this to warn about the use of empty groups in authz files;

this is not an error and doesn't affect the authz file semantics,

but it's nice to be able to tell the user about it.

See issues #4794, #4802 and #4803.

* subversion/include/svn_repos.h

(svn_repos_authz_warning_func_t): New callback function type.

(svn_repos_authz_read4): New; API revision.

(svn_repos_authz_read3): Deprecated.

(svn_repos_authz_parse2): New; API revision.

(svn_repos_authz_parse): Deprecated.

* subversion/libsvn_repos/authz.h

(svn_authz__parse): Add warning function and baton parameters.

* subversion/libsvn_repos/authz.c

(authz_read): Add warning function and baton parameters.

Update calls to svn_authz__parse.

(svn_repos_authz_read4): Revised from svn_repos_authz_read3.

(svn_repos_authz_parse2): Revised from svn_repos_authz_parse.

* subversion/libsvn_repos/authz_parse.c

(struct ctor_baton_t): Add members warning_func and warning_baton.

(create_ctor_baton): Initialise these new members of the constructor baton.

(emit_parser_warning): New.

(SVN_AUTHZ_PARSE_WARN): New; wrapper macro for the above.

(array_insert_ace): Ignore and warn about the use of empty groups.

(svn_authz__parse): Update implementation to match prototype.

* subversion/libsvn_repos/deprecated.c

(svn_repos_authz_read3, svn_repos_authz_parse): Implement deprecated functions.

* subversion/mod_authz_svn/mod_authz_svn.c

(log_svn_message): New; replaces log_svn_error so that it's useful for

logging warnings as well.

(log_svn_error): Reimplement, calling log_svn_message.

(struct authz_warning_baton_t): New.

(log_authz_warning): New.

(get_access_conf): Set up an authz warning handler and baton, and call

svn_repos_authz_read4 instead of svn_repos_authz_read3.

* subversion/svnserve/logger.h

(logger__log_error): Make the 'err' parameter a pointer-to-const.

Update the docstring to say that the error is not cleared.

(logger__log_warning): New.

* subversion/svnserve/logger.c

(log_message): New; common base for logger__log_error and logger__log_message.

Also *do not* allocate 8k on the stack, use the logger pool, which gets

cleared at the end of the function.

(logger__log_error): Reimplement.

(logger__log_warning): Implement.

* subversion/svnserve/serve.c

(log_error): Make the error parameter const. Fix the docstring.

(log_warning): New.

(load_authz_config): Add warning function and baton parameters and fix pool

handling. Now calls svn_repos_authz_read4 instead of svn_repos_authz_read3.

(find_repos): Add warning function and baton parameters for load_authz_config.

(handle_authz_warning): New.

(construct_server_baton): Pass an authz warning handler and baton to find_repos.

* subversion/tests/cmdline/

(group_member_empty_string): Fix docstring.

(empty_group): New test case.

(test_list): Run it.

* subversion/tests/cmdline/

(svnauthz_empty_group_test): Extend the @Issues decorator.

Add a check for the expected warning on stderr.

  1. … 12 more files in changeset.
Update issue tracker links in comments, from Tigris (issuezilla) to Apache (Jira).

URL fragment identifiers like '#desc5' are left in place, not yet updated.

This is a merge of r1828508 from the 'shelve-checkpoint' branch where I

committed it by mistake.

  1. … 43 more files in changeset.
In ra_svn, use SVNDIFF2 if supported by both sides of the connection and

compression has not been disabled.

We use this opportunity to factor out the code that decides what svndiff

version to use.

* subversion/include/private/svn_ra_svn_private.h

(svn_ra_svn__svndiff_version): Declare new utility function.

* subversion/libsvn_ra_svn/marshal.c

(svn_ra_svn__svndiff_version): Implement, taking most of the logic from

the following two callers.

* subversion/libsvn_ra_svn/editorp.c

(ra_svn_apply_textdelta): Use the new utility to pick an appropriate

svndelta level.

* subversion/svnserve/serve.c

(file_rev_handler): Same.

  1. … 3 more files in changeset.
ra_svn: Advertise acceptance of svndiff2 deltas.

Add an "accepts-svndiff2" wire capability, and have both the client and

the server advertise it. While currently neither the client nor the

server sends svndiff2 over the wire, this capability will allow

1.11 endpoints to send svndiff2 to 1.10 endpoints.

No change was needed beyond the capability addition; the incumbent code

would already accept svndiff2 if a (non-compliant) remote endpoint used it.

* subversion/libsvn_ra_svn/protocol

(accepts-svndiff2): New wire capability.

* subversion/include/svn_ra_svn.h


* subversion/svnserve/serve.c

(file_rev_handler): Note that this is where we could act on the

new capability.

(construct_server_baton): Advertise the new capability.

* subversion/libsvn_ra_svn/editorp.c

(ra_svn_apply_textdelta): Note that this is where we could act on the

new capability.

* subversion/libsvn_ra_svn/client.c

(open_session): Advertise the new capability.

  1. … 4 more files in changeset.
svnserve: Make use-sasl=true a fatal error in SASL-less builds.

As a side effect, this revision also stops explicitly initializing 'min_ssf'

and 'max_ssf' in non-SASL mode.

This patch was tracked as SVN-4629.

* subversion/svnserve/serve.c

(find_repos): Check 'use-sasl' in SASL-less builds, too.

* subversion/libsvn_repos/repos.c

(create_conf): Update documentation.

* notes/api-errata/1.10/: New.

* notes/api-errata/1.10/svnserve001.txt: New.

  1. … 3 more files in changeset.
Consistently use uint32 for dirent_fields. Some places used uint64.

* subversion/include/private/svn_log.h


svn_log__list): Make the DIRENT_FIELDS parameter 32 bits.

* subversion/include/private/svn_ra_svn_private.h

(svn_ra_svn__write_dirent): Same.

* subversion/libsvn_ra_svn/marshal.c

(svn_ra_svn__write_dirent): Same.

* subversion/libsvn_subr/log.c


svn_log__list): Same.

* subversion/svnserve/serve.c



list_receiver_baton_t): Update all parameter, local variable and

struct member types.

  1. … 4 more files in changeset.
Make the svn_ra_get_mergeinfo streamy for ra_svn.

All the groundwork has been done in the repos and FS layers and we

only need to use the new callback-based API.

* subversion/svnserve/serve.c



mergeinfo_receiver): The new callback code.

(get_mergeinfo): Bump to using the new API.

Merging branches/authzperf to /trunk and remove BRANCH-README.
  1. … 35 more files in changeset.
Change the svn_*_list APIs to use NULL as the "don't filter by pattern"

parameter instead of an empty pattern list.

Suggested by: Patrick Steinhardt (patrick.steinhardt at

* subversion/include/svn_repos.h

(svn_repos_list): Document the new PATTERN options behavior.

* subversion/libsvn_repos/list.c

(matches_any): Implement the new behavior.

(svn_repos_list): Empty lists will almost always be created by dumb

scripts. It's probably a good idea to explicitly

not waste any resources in the degenerate case.

* subversion/include/svn_ra.h

(svn_ra_list): Document the new PATTERN options behavior.

* subversion/libsvn_ra_svn/protocol

(3.1.1. Main Command Set): The patterns list in the list command is

now optional.

* subversion/libsvn_subr/log.c

(svn_log__list): Make the logging cope with NULL pattern lists.

* subversion/svnserve/serve.c

(list): Receive NULL for PATTERNS, if no list was received.

* subversion/libsvn_ra_svn/client.c

(ra_svn_list): Omit the pattern list entirely, if patterns is NULL.

* subversion/include/svn_client.h

(svn_client_list4): Document the new PATTERN options behavior.

(svn_client_list3): Update docstring.

* subversion/libsvn_client/deprecated.c

(svn_client_list3): Update implementation.

* subversion/libsvn_client/list.c

(match_patterns): Implement the new behavior.

(list_internal): Update docstring.

* subversion/svn/list-cmd.c

(svn_cl__list): If no patterns were specified, pass NULL to the API.

* subversion/svnbench/null-list-cmd.c

(svn_cl__null_list): Same.

  1. … 11 more files in changeset.
* subversion/svnserve/serve.c

(find_repos): Call svn_repos_hooks_setenv() like mod_dav_svn and ra_local do.

Otherwise the hook env feature remains disabled.

Reported by: Steven Simpson via users@

Change the ra_svn protocol for the list command response.

Make all dirent fields optional and have the dirent-fields flags control

which ones to transmit.

* subversion/libsvn_ra_svn/protocol

(3.1.1. Main Command Set): Replace the sub-struct with a list of

optional fields for the 'list' command.

Also document the optional nature of the

'kind' field and that the dirent-field is


* subversion/include/private/svn_ra_svn_private.h

(svn_ra_svn__write_dirent): Declare new serialization utility.

* subversion/libsvn_ra_svn/marshal.c

(svn_ra_svn__write_dirent): Implement.

* subversion/svnserve/serve.c

(list_receiver_baton_t): Pass on the dirent-fields instead of a simple

flag such that we can send exactly what the

client asked for.

(list_receiver): Call the new serialization utility.

(list): Update caller to baton change.

* subversion/libsvn_ra_svn/client.c

(ra_svn_list): Update the format string to reflect the protocol change.

Suggested by: danielsh

  1. … 4 more files in changeset.
Implement svn_ra_list in ra_svn. The wire protocol for this command

has been insprired by the get-log and get-dir commands alike.

* subversion/libsvn_ra_svn/protocol

(2.1 Capabilities): Add the 'list' capability.

(3.1.1. Main Command Set): Add the protocol of the 'list' command.

* subversion/include/svn_ra_svn.h

(SVN_RA_CAPABILITY_LIST): Declare this new capability in code.

* subversion/svnserve/serve.c



list): Implement the new command.

(main_commands): Register the new command handler.

(construct_server_baton): Advertise the new capability.

* subversion/libsvn_ra_svn/client.c

(ra_svn_has_capability): Check for the new capability as well.

(ra_svn_list): Client-side implementation of the protocol.

(ra_svn_vtable): Register the new list function.

* subversion/include/private/svn_log.h

(svn_log__list): Add a new internal API to allow for logging the

new list command.

* subversion/libsvn_subr/log.c

(svn_log__list): Implement.

  1. … 5 more files in changeset.

Split a couple of functions to reduce the size of upcomming commits.

* subversion/libsvn_ra_svn/client.c

(send_dirent_fields): Extract this function from ...

(ra_svn_get_dir): ... this one.

* subversion/svnserve/serve.c

(parse_dirent_fields): Extract this function from ...

(get_dir): ... this one.

  1. … 1 more file in changeset.
More ra-svn finetuning.

* subversion/include/private/svn_ra_svn_private.h

(svn_ra_svn__write_data_log_changed_path): We now know the path length

in advance.

* subversion/libsvn_ra_svn/marshal.c

(svn_ra_svn__write_data_log_changed_path): Update implementation.

* subversion/svnserve/serve.c

(path_change_receiver): Update caller.

  1. … 2 more files in changeset.
Minor tuning of svnserve's log processing.

* subversion/svnserve/serve.c

(revision_receiver): Skip revprop filtering when we don't need it -

which is like 99% of the time.

Switch svnserve to using the streamy log API.

* subversion/svnserve/serve.c

(log_baton_t): Add a bookkeeping flag.

(path_change_receiver): Additional callback required by the new API.

(log_receiver): Renamed to ...

(revision_receiver): ... this and update the callback signature.

Remove path changes handling here. Add logic to

check when we have to add "open struct" markers.

(log_cmd): Call new API.

Fix bug when svn_ra_get_dir2() will fail if invoked with SVN_DIRENT_SIZE, but

without SVN_DIRENT_KIND. There is no user visible bug, since Subversion

command line client always ask for SVN_DIRENT_KIND.

* subversion/libsvn_ra_local/ra_plugin.c

(svn_ra_local__get_dir): Do not access possibly uninitialized local variable.

* subversion/svnserve/serve.c

(get_dir): Do not access possibly uninitialized local variable.

* subversion/tests/libsvn_ra/ra-test.c

(get_dir_test): Extend test to test svn_ra_get_dir2(SVN_DIRENT_SIZE).

  1. … 2 more files in changeset.
Following up on r1714330, implement a similar limit to svnserve responses.

If --max-response-size is specified and a response exceeds that limit,

it gets truncated and the connetion will be reset. This allows us to limit

the server load caused by "don't do that" type of requests like exporting

the root of the repository instead of some project branch.

By default, this limit is 0, i.e. inactive.

* subversion/include/svn_error_codes.h


* subversion/include/svn_ra_svn.h

(svn_ra_svn_create_conn5): Add another limit parameter.

* subversion/libsvn_ra_svn/ra_svn.h

(svn_ra_svn_conn_st): Add fields for the new data counter and its limit.

* subversion/libsvn_ra_svn/deprecated.c

(svn_ra_svn_create_conn4): Update.

* subversion/libsvn_ra_svn/marshal.c

(svn_ra_svn_create_conn5): Initialize the new struct elements.

(svn_ra_svn__reset_command_io_counters): One more counter to reset.

(check_io_limits): One more limit to check.

(writebuf_output): Count outgoing data and enforce limits.

* subversion/svnserve/server.h

(serve_params_t): Add field for the new --max-response-size option.

* subversion/svnserve/serve.c

(serve_interruptable): Pass the new option to the bumped API.

* subversion/svnserve/svnserve.c

(SVNSERVE_OPT_MAX_RESPONSE): Declare the new option.

(svnserve__options): Define and document the new option.

(sub_main): Handle the new option and pass it to the bumped API.

  1. … 7 more files in changeset.
Add the equivalent of LimitXMLRequestBody to svnserve.

The idea is simple, whenever we fill our receive buffer, we update the sum

total and compare it to some limit. Reset the counter sum at each new

command / request coming in.

If a client request exceeds the --max-request-size parameter given to

svnserve (16MB by default, twice the httpd default), the processing gets

terminated and the connection will be closed. The latter is necessary

because the protocol is stateful and we just skipped / ignored a potential

state transition.

As a result, the memory usage of a threaded server is now bound to approx.

(max-request-size + 4M) x max-threads even in high-load scenarios. On the

flip side, propsets are limited to around 15M per property by default.

* subversion/include/svn_error_codes.h

(SVN_ERR_RA_SVN_REQUEST_SIZE): New error code.

* subversion/include/svn_ra_svn.h

(svn_ra_svn_create_conn5): Bumped API, adding the new limit parameter.

(svn_ra_svn_create_conn4): Deprecate.

* subversion/libsvn_ra_svn/ra_svn.h

(svn_ra_svn_conn_st): Add fields for the data counter and its limit.

(svn_ra_svn__reset_command_io_counters): Declare a function to reset the

counter - to be called before

each new command.

* subversion/libsvn_ra_svn/deprecated.c

(svn_ra_svn_create_conn4): Implement in terms of the new API.

* subversion/libsvn_ra_svn/marshal.c

(svn_ra_svn_create_conn5): Implement like the predecessor but init the

new struct elements as well.

(svn_ra_svn__reset_command_io_counters): Implement new private API.

(check_io_limits): New function performing the actual error detection.

(readbuf_input): Count incoming data and enforce limits.

(svn_ra_svn__has_command): Be sure to count I/O per command.

(svn_ra_svn__handle_command): Same. Also handle the case that we truncated

I/O and are now in a potentially inconsistent


* subversion/libsvn_ra_svn/editorp.c

(svn_ra_svn_drive_editor2): Limit the request size separately for each

editor command - not the whole editor drive.

* subversion/svnserve/server.h

(serve_params_t): Add field for the new --max-request-size option.

* subversion/svnserve/serve.c

(serve_interruptable): Pass the new option to the bumped API.

* subversion/svnserve/svnserve.c

(MAX_REQUEST_SIZE): Define the default value for the new option.

(SVNSERVE_OPT_MAX_REQUEST): Declare the new option.

(svnserve__options): Define and document the new option.

(sub_main): Handle the new option and pass it to the bumped API.

  1. … 8 more files in changeset.
Improve pool usage in svnserve and ra_svn.

All callers to the protocol parser now (indirectly) use a short-lived

scratch pool to hold the request data.

* subversion/libsvn_ra_svn/client.c

(ra_svn_get_locations): Use an ITERPOOL as scratch within the loop.

* subversion/svnserve/serve.c

(internal_auth_request): Same.

  1. … 1 more file in changeset.
Some code cleanup in svnserve.

* subversion/svnserve/serve.c

(auth): Put the return parameter in front of all others.

Expliciyly mark the pool as a SCRATCH_POOL.

(internal_auth_request): Update caller.

Make "word" protocol items in ra-svn more efficient to process by storing

them as proper svn_string_t instead of plain C strings.

* subversion/include/private/svn_ra_svn_private.h

(svn_ra_svn__item_t): WORD is now a svn_string_t.

* subversion/libsvn_ra_svn/marshal.c


str_false): New string constants for efficient boolean decoding.


svn_ra_svn__to_private_item): Convert "word" string types.

(svn_ra_svn__set_capabilities): Leverage the full string information.

(read_item): Store the full string info for words now.

(vparse_tuple): Adapt C string access for words and word-to-bool conversion.

(svn_ra_svn__read_word): Adapt C string access.

(svn_ra_svn__read_boolean): Update word-to-bool conversion.

* subversion/libsvn_ra_svn/client.c

(is_done_response): Update string comparison.

* subversion/svnserve/serve.c


construct_server_baton): Ditto.

* subversion/libsvn_ra_svn/cyrus_auth.c

(svn_ra_svn__do_cyrus_auth): Adapt access to the word's C string.

* subversion/libsvn_ra_svn/internal_auth.c

(svn_ra_svn__find_mech): Same.

  1. … 5 more files in changeset.
Remove the unused POOL parameter from svn_ra_svn__parse_tuple and update

all callers.

* subversion/include/private/svn_ra_svn_private.h

(svn_ra_svn__parse_tuple): Remove POOL parameter from decalaration.

* subversion/libsvn_ra_svn/marshal.c

(vparse_tuple): Remove POOL pass-through parameter.

svn_ra_svn__parse_tuple): Remove POOL parameter from implementation.




svn_ra_svn__read_cmd_response): Update callers.

* subversion/libsvn_ra_svn/client.c

* subversion/libsvn_ra_svn/deprecated.c

* subversion/libsvn_ra_svn/editorp.c

* subversion/svnserve/serve.c

(*): Update callers.

  1. … 5 more files in changeset.
Fine-tune ra_svn's item type definition: Remove a level of indirection

from the STRING union element.

This saves an extra allocation and the space for one pointer per string.

In total, this compensates the prior increase in RAM usage caused by

directly instantiating the list element.

* subversion/include/private/svn_ra_svn_private.h

(svn_ra_svn__item_t): Instantiate the string directly instead of using

a pointer.

* subversion/libsvn_ra_svn/client.c

(ra_svn_get_file): Update all references to the string union element.

* subversion/libsvn_ra_svn/cram.c

(svn_ra_svn_cram_server): Same.

* subversion/svnserve/cyrus_auth.c

(try_auth): Same.

* subversion/svnserve/serve.c




log_cmd): Same.

* subversion/libsvn_ra_svn/marshal.c


svn_ra_svn__to_private_item): Same.

(read_string): Don't allocate the string struct itself but only the

string data.



svn_ra_svn__read_cstring): Update all references to the string element.

  1. … 5 more files in changeset.