subversion

Checkout Tools
  • last updated 7 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
On all branches:

.: Removed redundant SVN properties

  1. … 78 more files in changeset.
* STATUS: Propose 1.6 CVE fix. This branch is officially no longer

supported; this is to make it clear that 1.6 is vulnerable.

Fix revision number in nomination.
* STATUS: Nominate r113837 fix branch.

* STATUS: Update header to show current status, like on 1.5.x, 1.4.x
On the 1.6.x branch bump the version to 1.6.24.

* CHANGES (1.6.x): Re-do r1485501 from trunk, minus the 1.7.10 part.
* CHANGES: Merge r1485497 from trunk onto 1.6.x branch.

Merge r1485350 from trunk:

* r1485350

contrib: fix some argument passing.

Justification:

More robust that way.

Votes:

+1: danielsh, stsp, breser

Nominate r1485350.
On the 1.6.x branch: Fix get-deps.sh for zlib.

* get-deps.sh: Zlib doesn't have 1.2.7 online anymore, and switched to tar.gz.

Fix this and --record-only merge the corresponding trunk fix (r1477730).

* CHANGES (for 1.6.x): Block all currently outstanding revisions from trunk,

since they only apply for 1.7.x or 1.8.x and won't merge cleanly.

* CHANGES (for 1.6.x): Merge r1485413 from trunk.

Merge the 1.6.x-issue4340 branch into 1.6.x.

* r1461562, r1461580, r1461701, r1481627

Fix issue #4340, "filenames containing \n corrupt FSFS repositories"

Justification:

Newline characters can severely corrupt FSFS revision files and

should never enter the repository for this reason. See discussion

linked from issue #4340 for more information.

Notes:

r1461701 revises the changes made in the earlier revisions,

and is the result of a long dev@ discussion that eventually concluded

in this subthread: http://svn.haxx.se/dev/archive-2013-04/0056.shtml

This issue can be exploited by people with commit access to corrupt

an FSFS repository, and has been assigned a CVE number: CVE-2013-1968

r1481627 addresses concerns raised by danielsh.

Branch:

^/subversion/branches/1.6.x-issue4340

Votes:

+1: stsp, danielsh, rhuijben

* STATUS

Move vote to the group that I reviewed, instead of the one containing

the same issue number but a different change.

* STATUS: Cast some votes
Merge the 1.6.x-r1482759 branch:

* r1482759, r1482779

Prevent svnserve from exiting when a client connection is aborted.

Justification:

DoS against svnserve possible.

Branch:

^/subversion/branches/1.6.x-r1482759

Votes:

+1: breser, stsp, philip

Vote.
* STATUS (for 1.6.x): Split issue #4340 fix nomination into two parts, one

for libsvn_fs_fs and one for libsvn_repos (there is no general consensus

on the libsvn_repos changes yet).

* STATUS: Vote/approve svnserve fix.
* STATUS (for 1.6.x): Vote for r1482759 group.

* STATUS: Nominate r1482759 and r1482779 for 1.6.x backport.

Vote +0 on 1.6.x-issue4340.
* STATUS (for 1.6.x): Add r1465995 and r1465998 to the issue #4340 fix and

amend this nomination's description.

Bump 1.6.x branch to 1.6.22.

* STATUS,

subversion/include/svn_version.h: Update to 1.6.22

Merge r1352031 under obvious fix rule (zlib 1.2.5 is not available for download)

* CHANGES: Merge a typo fix from trunk (r1443763)

* CHANGES: Merge 1.6.21 entries from trunk (r1462300, r1462302, r1462321, r1462334)

Some conflicts were resolved where 1.7.9 entries were made in the same revision.

Followup to r1462326, I missed commiting the mergeinfo for the r1455352 backport.

Backport r1455352 onto 1.6.x:

* r1455352

Improve logic in mod_dav_svn's implementation of lock.

Votes:

+1: breser, philip, cmpilato

Fixes CVE-2013-1846 and CVE-2013-1847, see our advisory at:

http://subversion.apache.org/security/CVE-2013-1846-advisory.txt

http://subversion.apache.org/security/CVE-2013-1847-advisory.txt