Checkout Tools
  • last updated 7 hours ago
Constraints: committers
Constraints: files
Constraints: dates
On all branches:

.: Removed redundant SVN properties

  1. … 78 more files in changeset.
* STATUS: Propose 1.6 CVE fix. This branch is officially no longer

supported; this is to make it clear that 1.6 is vulnerable.

Fix revision number in nomination.
* STATUS: Nominate r113837 fix branch.

* STATUS: Update header to show current status, like on 1.5.x, 1.4.x
On the 1.6.x branch bump the version to 1.6.24.

* CHANGES (1.6.x): Re-do r1485501 from trunk, minus the 1.7.10 part.
* CHANGES: Merge r1485497 from trunk onto 1.6.x branch.

Merge r1485350 from trunk:

* r1485350

contrib: fix some argument passing.


More robust that way.


+1: danielsh, stsp, breser

Nominate r1485350.
On the 1.6.x branch: Fix for zlib.

* Zlib doesn't have 1.2.7 online anymore, and switched to tar.gz.

Fix this and --record-only merge the corresponding trunk fix (r1477730).

* CHANGES (for 1.6.x): Block all currently outstanding revisions from trunk,

since they only apply for 1.7.x or 1.8.x and won't merge cleanly.

* CHANGES (for 1.6.x): Merge r1485413 from trunk.

Merge the 1.6.x-issue4340 branch into 1.6.x.

* r1461562, r1461580, r1461701, r1481627

Fix issue #4340, "filenames containing \n corrupt FSFS repositories"


Newline characters can severely corrupt FSFS revision files and

should never enter the repository for this reason. See discussion

linked from issue #4340 for more information.


r1461701 revises the changes made in the earlier revisions,

and is the result of a long dev@ discussion that eventually concluded

in this subthread:

This issue can be exploited by people with commit access to corrupt

an FSFS repository, and has been assigned a CVE number: CVE-2013-1968

r1481627 addresses concerns raised by danielsh.




+1: stsp, danielsh, rhuijben


Move vote to the group that I reviewed, instead of the one containing

the same issue number but a different change.

* STATUS: Cast some votes
Merge the 1.6.x-r1482759 branch:

* r1482759, r1482779

Prevent svnserve from exiting when a client connection is aborted.


DoS against svnserve possible.




+1: breser, stsp, philip

* STATUS (for 1.6.x): Split issue #4340 fix nomination into two parts, one

for libsvn_fs_fs and one for libsvn_repos (there is no general consensus

on the libsvn_repos changes yet).

* STATUS: Vote/approve svnserve fix.
* STATUS (for 1.6.x): Vote for r1482759 group.

* STATUS: Nominate r1482759 and r1482779 for 1.6.x backport.

Vote +0 on 1.6.x-issue4340.
* STATUS (for 1.6.x): Add r1465995 and r1465998 to the issue #4340 fix and

amend this nomination's description.

Bump 1.6.x branch to 1.6.22.


subversion/include/svn_version.h: Update to 1.6.22

Merge r1352031 under obvious fix rule (zlib 1.2.5 is not available for download)

* CHANGES: Merge a typo fix from trunk (r1443763)

* CHANGES: Merge 1.6.21 entries from trunk (r1462300, r1462302, r1462321, r1462334)

Some conflicts were resolved where 1.7.9 entries were made in the same revision.

Followup to r1462326, I missed commiting the mergeinfo for the r1455352 backport.

Backport r1455352 onto 1.6.x:

* r1455352

Improve logic in mod_dav_svn's implementation of lock.


+1: breser, philip, cmpilato

Fixes CVE-2013-1846 and CVE-2013-1847, see our advisory at: