Checkout Tools
  • last updated 41 mins ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 1852014 is being indexed.

* CHANGES: Mention CVE-2018-11803 fixed in 1.10.4, 1.11.1.
Fix issue #4804: avoid test failures just because some SQLite compile-time

feature was enabled that changes its query plan descriptions.

* subversion/tests/libsvn_wc/wc-queries-test.c

(test_query_expectations): Mostly ignore the sqlite_master table.

Found by: Thomas Deutschmann

* STATUS: Vote for issue #4802.
* STATUS: Vote for issue #4802.
* CHANGES: Not storing passwords on disk by default is a user-visible

change, so move this item to a more appropriate section.

* CHANGES: Mention that 'move vs. move' merge conflicts can now be resolved.

* STATUS: Nominate r1851920.

* STATUS: Nominate r1851903 and r1851920.

Remove a useless common ancestor search from the conflict resolver.

* subversion/libsvn_client/conflicts.c

(resolve_incoming_move_dir_merge): Stop searching a YCA and then using it

as the left-side of the merge source when merging into the move target.

Doing so is wrong because it could lead to dubious conflicts since we will

end up ignoring mergeinfo. Use the 'incoming old' path and revision as the

left-merge side instead, which is properly bound by merge-tracking done

during the merge which recorded the conflict.

Problem found by code inspection while working on r1851913.

Follow-up to r1851913:

* subversion/libsvn_client/conflicts.c

(resolve_both_moved_dir_merge): Fix docstring of this function.

Add two resolver options for 'dir move vs dir move upon merge' conflicts.

These new options work similar to their existing counterparts for files.

* subversion/include/svn_client.h


svn_client_conflict_option_both_moved_dir_move_merge): Declare.

* subversion/libsvn_client/conflicts.c


resolve_both_moved_dir_move_merge): New resolution option handlers.


configure_option_both_moved_dir_merge): Enable new options on applicable

tree conflicts.




svn_client_conflict_option_set_moved_to_abspath2): Handle new options.

* subversion/svn/conflict-callbacks.c

(builtin_resolver_options): Assign resolver menu keys to the new options.

* subversion/tests/libsvn_client/conflicts-test.c


test_merge_dir_move_vs_dir_move_accept_move, test_funcs): Add new tests.

(create_dir_move_vs_dir_move_merge_conflict): New helper for above tests.

* subversion/libsvn_client/conflicts.c

(resolve_incoming_move_dir_merge): Don't forget to unlock the working copy

again if the revert operation fails.

On branch swig-py3: Fix Python exception handling in callback function

* subversion/bindings/swig/python/libsvn_swig_py/swigutil_py.c

(svn_swig_py_status_func2): Clear python exception if it caused in Python

call back function. (To avoid crash in py3)

* subversion/bindings/swig/python/tests/

(SubversionWorkingCopyTestCase.test_status_editor): Remove an assertion

from call back because it takes no effect, and check result after

svn_wc_get_status_editor2() API call instead.


New test case for Python exception within svn_wc_status_func2 call back.

Patch by: Jun Omae <jun66j5 at>

(Tweaked by me.)

Add CVE-2018-11803 notices to the website.

* index.html, news.html

- Add security announcement.

- Include CVE link in 1.11.1 and 1.10.4 release announcements.

- Ensure anchor ids are unique.

* security/CVE-2018-11803-advisory.txt New file.

* security/CVE-2018-11803-advisory.txt.asc New file.

* security/index.html

Add links to CVE-2018-11803 advisory and signature.

    • ?
    • ?
* CHANGES: Fix typo that crept in in r1851827.

* CHANGES: Record authz file parsing improvements.

Introduce a warning callback to the authz file parser API.

We need this to warn about the use of empty groups in authz files;

this is not an error and doesn't affect the authz file semantics,

but it's nice to be able to tell the user about it.

See issues #4794, #4802 and #4803.

* subversion/include/svn_repos.h

(svn_repos_authz_warning_func_t): New callback function type.

(svn_repos_authz_read4): New; API revision.

(svn_repos_authz_read3): Deprecated.

(svn_repos_authz_parse2): New; API revision.

(svn_repos_authz_parse): Deprecated.

* subversion/libsvn_repos/authz.h

(svn_authz__parse): Add warning function and baton parameters.

* subversion/libsvn_repos/authz.c

(authz_read): Add warning function and baton parameters.

Update calls to svn_authz__parse.

(svn_repos_authz_read4): Revised from svn_repos_authz_read3.

(svn_repos_authz_parse2): Revised from svn_repos_authz_parse.

* subversion/libsvn_repos/authz_parse.c

(struct ctor_baton_t): Add members warning_func and warning_baton.

(create_ctor_baton): Initialise these new members of the constructor baton.

(emit_parser_warning): New.

(SVN_AUTHZ_PARSE_WARN): New; wrapper macro for the above.

(array_insert_ace): Ignore and warn about the use of empty groups.

(svn_authz__parse): Update implementation to match prototype.

* subversion/libsvn_repos/deprecated.c

(svn_repos_authz_read3, svn_repos_authz_parse): Implement deprecated functions.

* subversion/mod_authz_svn/mod_authz_svn.c

(log_svn_message): New; replaces log_svn_error so that it's useful for

logging warnings as well.

(log_svn_error): Reimplement, calling log_svn_message.

(struct authz_warning_baton_t): New.

(log_authz_warning): New.

(get_access_conf): Set up an authz warning handler and baton, and call

svn_repos_authz_read4 instead of svn_repos_authz_read3.

* subversion/svnserve/logger.h

(logger__log_error): Make the 'err' parameter a pointer-to-const.

Update the docstring to say that the error is not cleared.

(logger__log_warning): New.

* subversion/svnserve/logger.c

(log_message): New; common base for logger__log_error and logger__log_message.

Also *do not* allocate 8k on the stack, use the logger pool, which gets

cleared at the end of the function.

(logger__log_error): Reimplement.

(logger__log_warning): Implement.

* subversion/svnserve/serve.c

(log_error): Make the error parameter const. Fix the docstring.

(log_warning): New.

(load_authz_config): Add warning function and baton parameters and fix pool

handling. Now calls svn_repos_authz_read4 instead of svn_repos_authz_read3.

(find_repos): Add warning function and baton parameters for load_authz_config.

(handle_authz_warning): New.

(construct_server_baton): Pass an authz warning handler and baton to find_repos.

* subversion/tests/cmdline/

(group_member_empty_string): Fix docstring.

(empty_group): New test case.

(test_list): Run it.

* subversion/tests/cmdline/

(svnauthz_empty_group_test): Extend the @Issues decorator.

Add a check for the expected warning on stderr.

Follow-up to r1851815: update svn:ignore lists.

* subversion/tests: Do not ignore

* subversion/tests/cmdline: Do ignore svnserve-*.

Add logging to the svnserveautocheck configuration.

* (check-clean): Clean up the svnserveautocheck and davautocheck

configuration/log directories.

* subversion/tests/cmdline/

(query): New function, copied unchanged from

(SVNSERVE_ROOT): Temporary directory for and svnserve.log.

- Run sevnserve with logging enabled;

- Offer to browse the log file before ending the script.

* 1.10.x/STATUS, 1.11.x/STATUS: Add r1851791 to the r1851676 group.
* subversion/tests/cmdline/

(svnauthz_empty_group_test): Reference issue #4802.

A follow-up to r1851739: teach 'unshelve' to do adds through the WC editor.

* subversion/libsvn_client/shelf.c

(apply_prop_mods): Update doc string.

(apply_file_mods): Ensure null arguments are acceptable.

(path_driver_cb_func): Implement 'add' through the WC editor.

A follow-up to r1851739: close the streams we opened.

(Found because the rename attempt failed on Windows.)

* subversion/include/svn_delta.h

(svn_txdelta_apply): Document that it closes its target stream but not its

source stream.

* subversion/libsvn_client/wc_editor.c



file_close): Close the source stream before we try to overwrite the file

it was reading from.

Teach 'unshelve' to drive the new WC local mods editor.

Re: SVN-4786 "Create a WC working-mods editor", SVN-3625 "Commit shelving".

Instead of applying changes directly to the WC, the changes now go through

the standard svn_delta_editor_t API. When completed, this will allow a much

more exact transfer of the possible changes, and a more resuable


The ability to merge file text changes is lost, for the time being. This

will need to be re-implemented in the WC local mods editor. (Note that the

implementation of merging here was incomplete anyway.)

* subversion/libsvn_client/shelf.c




wc_node_add): Remove.







shelf_replay): New.


test_apply_file_visitor): Renamed remnants of a combined function.

(svn_client__shelf_test_apply_file): Update the caller.

(wc_mods_editor): New.

(svn_client__shelf_apply): Use wc_mods_editor() and shelf_replay()


* subversion/tests/cmdline/





unshelve_text_prop_conflict): Mark as XFail, as merge and conflict

behaviour has changed.

Teach the delta editor path driver to work incrementally.

Instead of passing in the complete list of paths to be driven all at once,

this adds the option of passing in one path at a time.

* subversion/include/svn_delta.h,


(svn_delta_path_driver2): Rewrite to use the incremental API.




svn_delta_path_driver_finish): New.

* 1.10.x/STATUS, 1.11.x/STATUS: Nominate r1851676, r1851687.

Fix a bug in the authz parser where using a group with no members in

an access entry was treated as an error instead of being ignored.

* subversion/libsvn_repos/authz_parse.c

(add_to_group): Allow NULL user, to create empty groups. Update docstring.

(expand_group_callback): Handle the case where a group has no users.

(array_insert_ace): Ignore ACEs for empty groups.

* subversion/tests/cmdline/

(svnauthz_empty_group_test): Remove XFail decorator.

Extend the testcase to test recursive empty group expansion.

Fixes issue #4802

Found by: Doug Robinson

Add a new XFail test for the authz parser for the validity of empty groups.

Issue #4802.

* subversion/tests/cmdline/

(svnauthz_empty_group_test): New test case.

(test_list): Run it.

Found by: Doug Robinson

Expose the output arguments of svn_client_blame6 in JavaHL.

[in subversion/bindings/javahl/src/org/apache/subversion]

* callback/ New callback for ISVNClient.blame.

* callback/ Remove unused import.


(ISVNClient.blame): Add range callback parameter. Update docstring.


(SVNClient.blame): Update wrapper and native method declaration.

[in subversion/bindings/javahl/native]

* BlameCallback.h

(BlameCallback::BlameCallback): Change constructor signature.

(BlameCallback::get_start_revnum_p, BlameCallback::get_end_revnum_p): New.

(BlameCallback::setRange): New.

(BlameCallback::m_start_revnum, BlameCallback::m_start_revnum,

BlameCallback::m_range_callback_invoked, BlameCallback::m_range_callback): New.

(BlameCallback::m_line_callback): Renamed from m_callback.

* BlameCallback.cpp: Include svn_private_config.h.

(BlameCallback::BlameCallback): Update constructor implementation.

(BlameCallback::callback): Update static callback implementation.

(BlameCallback::setRange): Implement.

(BlameCallback::singleLine): Notice changed member variable name.

* SVNClient.cpp

(SVNClient::blame): Set blame output arguments from the callback.

* org_apache_subversion_javahl_SVNClient.cpp

(Java_org_apache_subversion_javahl_SVNClient_blame): Update native method.

[in subversion/bindings/javahl/tests/org/apache/subversion/javahl]


(BlameRangeCallbackImpl): New helper class.

(testBinaryBlame): Also test the returned revision range.


(testBlameCallback): Check that a null range callback doesn't cause exceptions.

Follow up to r1851268: our coding guidelines say that output parameters

should come first in the function argument list.

* subversion/include/svn_client.h

(svn_client_blame6): Move start_revnum_p and end_revnum_p to the

beginning of the argument list and update the docstring to say that

either of these may be NULL.

* subversion/libsvn_client/blame.c

(svn_client_blame6): Update signature.

* subversion/svn/blame-cmd.c (svn_cl__blame),

subversion/libsvn_client/deprecated.c (svn_client_blame5),

subversion/bindings/javahl/native/SVNClient.cpp (SVNClient::blame):

Update all callers.