1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-16 15:11:52 +00:00

Update serf-1.3.6 -> 1.3.7

Update subversion-1.8.9 -> 1.8.10

Security:	CVE-2014-3504, CVE-2014-3522, CVE-2014-3528
This commit is contained in:
Peter Wemm 2014-08-11 19:41:01 +00:00
commit f6f23be2bf
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=269833
27 changed files with 653 additions and 193 deletions

View File

@ -1,8 +1,11 @@
Serf 1.3.6 [2014-06-09, from /tags/1.3.6, rxxxx]
Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411]
Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399)
Serf 1.3.6 [2014-06-09, from /tags/1.3.6, r2372]
Revert r2319 from serf 1.3.5: this change was making serf call handle_response
multiple times in case of an error response, leading to unexpected behavior.
Serf 1.3.5 [2014-04-27, from /tags/1.3.5, rxxxx]
Serf 1.3.5 [2014-04-27, from /tags/1.3.5, r2355]
Fix issue #125: no reverse lookup during Negotiate authentication for proxies.
Fix a crash caused by incorrect reuse of the ssltunnel CONNECT request (r2316)
Cancel request if response parsing failed + authn callback set (r2319)

View File

@ -202,6 +202,8 @@ struct serf_ssl_certificate_t {
};
static void disable_compression(serf_ssl_context_t *ssl_ctx);
static char *
pstrdup_escape_nul_bytes(const char *buf, int len, apr_pool_t *pool);
#if SSL_VERBOSE
/* Log all ssl alerts that we receive from the server. */
@ -427,6 +429,85 @@ static BIO_METHOD bio_file_method = {
#endif
};
typedef enum san_copy_t {
EscapeNulAndCopy = 0,
ErrorOnNul = 1,
} san_copy_t;
static apr_status_t
get_subject_alt_names(apr_array_header_t **san_arr, X509 *ssl_cert,
san_copy_t copy_action, apr_pool_t *pool)
{
STACK_OF(GENERAL_NAME) *names;
/* assert: copy_action == ErrorOnNul || (san_arr && pool) */
if (san_arr) {
*san_arr = NULL;
}
/* Get subjectAltNames */
names = X509_get_ext_d2i(ssl_cert, NID_subject_alt_name, NULL, NULL);
if (names) {
int names_count = sk_GENERAL_NAME_num(names);
int name_idx;
if (san_arr)
*san_arr = apr_array_make(pool, names_count, sizeof(char*));
for (name_idx = 0; name_idx < names_count; name_idx++) {
char *p = NULL;
GENERAL_NAME *nm = sk_GENERAL_NAME_value(names, name_idx);
switch (nm->type) {
case GEN_DNS:
if (copy_action == ErrorOnNul &&
strlen(nm->d.ia5->data) != nm->d.ia5->length)
return SERF_ERROR_SSL_CERT_FAILED;
if (san_arr && *san_arr)
p = pstrdup_escape_nul_bytes((const char *)nm->d.ia5->data,
nm->d.ia5->length,
pool);
break;
default:
/* Don't know what to do - skip. */
break;
}
if (p) {
APR_ARRAY_PUSH(*san_arr, char*) = p;
}
}
sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
}
return APR_SUCCESS;
}
static apr_status_t validate_cert_hostname(X509 *server_cert, apr_pool_t *pool)
{
char buf[1024];
int length;
apr_status_t ret;
ret = get_subject_alt_names(NULL, server_cert, ErrorOnNul, NULL);
if (ret) {
return ret;
} else {
/* Fail if the subject's CN field contains \0 characters. */
X509_NAME *subject = X509_get_subject_name(server_cert);
if (!subject)
return SERF_ERROR_SSL_CERT_FAILED;
length = X509_NAME_get_text_by_NID(subject, NID_commonName, buf, 1024);
if (length != -1)
if (strlen(buf) != length)
return SERF_ERROR_SSL_CERT_FAILED;
}
return APR_SUCCESS;
}
static int
validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
{
@ -435,6 +516,7 @@ validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
X509 *server_cert;
int err, depth;
int failures = 0;
apr_status_t status;
ssl = X509_STORE_CTX_get_ex_data(store_ctx,
SSL_get_ex_data_X509_STORE_CTX_idx());
@ -475,6 +557,11 @@ validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
}
}
/* Validate hostname */
status = validate_cert_hostname(server_cert, ctx->pool);
if (status)
failures |= SERF_SSL_CERT_UNKNOWN_FAILURE;
/* Check certificate expiry dates. */
if (X509_cmp_current_time(X509_get_notBefore(server_cert)) >= 0) {
failures |= SERF_SSL_CERT_NOTYETVALID;
@ -485,7 +572,6 @@ validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
if (ctx->server_cert_callback &&
(depth == 0 || failures)) {
apr_status_t status;
serf_ssl_certificate_t *cert;
apr_pool_t *subpool;
@ -512,7 +598,6 @@ validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
if (ctx->server_cert_chain_callback
&& (depth == 0 || failures)) {
apr_status_t status;
STACK_OF(X509) *chain;
const serf_ssl_certificate_t **certs;
int certs_len;
@ -1461,7 +1546,50 @@ serf_ssl_context_t *serf_bucket_ssl_encrypt_context_get(
/* Functions to read a serf_ssl_certificate structure. */
/* Creates a hash_table with keys (E, CN, OU, O, L, ST and C). */
/* Takes a counted length string and escapes any NUL bytes so that
* it can be used as a C string. NUL bytes are escaped as 3 characters
* "\00" (that's a literal backslash).
* The returned string is allocated in POOL.
*/
static char *
pstrdup_escape_nul_bytes(const char *buf, int len, apr_pool_t *pool)
{
int i, nul_count = 0;
char *ret;
/* First determine if there are any nul bytes in the string. */
for (i = 0; i < len; i++) {
if (buf[i] == '\0')
nul_count++;
}
if (nul_count == 0) {
/* There aren't so easy case to just copy the string */
ret = apr_pstrdup(pool, buf);
} else {
/* There are so we have to replace nul bytes with escape codes
* Proper length is the length of the original string, plus
* 2 times the number of nulls (for two digit hex code for
* the value) + the trailing null. */
char *pos;
ret = pos = apr_palloc(pool, len + 2 * nul_count + 1);
for (i = 0; i < len; i++) {
if (buf[i] != '\0') {
*(pos++) = buf[i];
} else {
*(pos++) = '\\';
*(pos++) = '0';
*(pos++) = '0';
}
}
*pos = '\0';
}
return ret;
}
/* Creates a hash_table with keys (E, CN, OU, O, L, ST and C). Any NUL bytes in
these fields in the certificate will be escaped as \00. */
static apr_hash_t *
convert_X509_NAME_to_table(X509_NAME *org, apr_pool_t *pool)
{
@ -1474,37 +1602,44 @@ convert_X509_NAME_to_table(X509_NAME *org, apr_pool_t *pool)
NID_commonName,
buf, 1024);
if (ret != -1)
apr_hash_set(tgt, "CN", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf));
apr_hash_set(tgt, "CN", APR_HASH_KEY_STRING,
pstrdup_escape_nul_bytes(buf, ret, pool));
ret = X509_NAME_get_text_by_NID(org,
NID_pkcs9_emailAddress,
buf, 1024);
if (ret != -1)
apr_hash_set(tgt, "E", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf));
apr_hash_set(tgt, "E", APR_HASH_KEY_STRING,
pstrdup_escape_nul_bytes(buf, ret, pool));
ret = X509_NAME_get_text_by_NID(org,
NID_organizationalUnitName,
buf, 1024);
if (ret != -1)
apr_hash_set(tgt, "OU", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf));
apr_hash_set(tgt, "OU", APR_HASH_KEY_STRING,
pstrdup_escape_nul_bytes(buf, ret, pool));
ret = X509_NAME_get_text_by_NID(org,
NID_organizationName,
buf, 1024);
if (ret != -1)
apr_hash_set(tgt, "O", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf));
apr_hash_set(tgt, "O", APR_HASH_KEY_STRING,
pstrdup_escape_nul_bytes(buf, ret, pool));
ret = X509_NAME_get_text_by_NID(org,
NID_localityName,
buf, 1024);
if (ret != -1)
apr_hash_set(tgt, "L", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf));
apr_hash_set(tgt, "L", APR_HASH_KEY_STRING,
pstrdup_escape_nul_bytes(buf, ret, pool));
ret = X509_NAME_get_text_by_NID(org,
NID_stateOrProvinceName,
buf, 1024);
if (ret != -1)
apr_hash_set(tgt, "ST", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf));
apr_hash_set(tgt, "ST", APR_HASH_KEY_STRING,
pstrdup_escape_nul_bytes(buf, ret, pool));
ret = X509_NAME_get_text_by_NID(org,
NID_countryName,
buf, 1024);
if (ret != -1)
apr_hash_set(tgt, "C", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf));
apr_hash_set(tgt, "C", APR_HASH_KEY_STRING,
pstrdup_escape_nul_bytes(buf, ret, pool));
return tgt;
}
@ -1550,7 +1685,7 @@ apr_hash_t *serf_ssl_cert_certificate(
unsigned int md_size, i;
unsigned char md[EVP_MAX_MD_SIZE];
BIO *bio;
STACK_OF(GENERAL_NAME) *names;
apr_array_header_t *san_arr;
/* sha1 fingerprint */
if (X509_digest(cert->ssl_cert, EVP_sha1(), md, &md_size)) {
@ -1595,32 +1730,8 @@ apr_hash_t *serf_ssl_cert_certificate(
BIO_free(bio);
/* Get subjectAltNames */
names = X509_get_ext_d2i(cert->ssl_cert, NID_subject_alt_name, NULL, NULL);
if (names) {
int names_count = sk_GENERAL_NAME_num(names);
apr_array_header_t *san_arr = apr_array_make(pool, names_count,
sizeof(char*));
if (!get_subject_alt_names(&san_arr, cert->ssl_cert, EscapeNulAndCopy, pool))
apr_hash_set(tgt, "subjectAltName", APR_HASH_KEY_STRING, san_arr);
for (i = 0; i < names_count; i++) {
char *p = NULL;
GENERAL_NAME *nm = sk_GENERAL_NAME_value(names, i);
switch (nm->type) {
case GEN_DNS:
p = apr_pstrmemdup(pool, (const char *)nm->d.ia5->data,
nm->d.ia5->length);
break;
default:
/* Don't know what to do - skip. */
break;
}
if (p) {
APR_ARRAY_PUSH(san_arr, char*) = p;
}
}
sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
}
return tgt;
}

View File

@ -1062,7 +1062,7 @@ void serf_debug__bucket_alloc_check(
/* Version info */
#define SERF_MAJOR_VERSION 1
#define SERF_MINOR_VERSION 3
#define SERF_PATCH_VERSION 6
#define SERF_PATCH_VERSION 7
/* Version number string */
#define SERF_VERSION_STRING APR_STRINGIFY(SERF_MAJOR_VERSION) "." \

View File

@ -1,3 +1,45 @@
Version 1.8.10
(11 Aug 2014, from /branches/1.8.x)
http://svn.apache.org/repos/asf/subversion/tags/1.8.10
User-visible changes:
- Client-side bugfixes:
* guard against md5 hash collisions when finding cached credentials
(r1550691, r1550772, r1600909)
* ra_serf: properly match wildcards in SSL certs. (r1615211, 1615219)
* ra_serf: ignore the CommonName in SSL certs where there are Subject Alt
Names (r1565531, r1566503, r1568349, r1568361)
* ra_serf: fix a URI escaping bug that prevented deleting locked paths
(r1594223, r1553501, r1553556, r1559197, issue #3674)
* rm: Display the proper URL when deleting a URL in the commit log editor
(r1591123)
* log: Fix another instance of broken pipe error (r1596866, issue #3014)
* copy: Properly handle props not present or excluded on cross wc copy
(r1589184, r1589188)
* copy: Fix copying parents of locally deleted nodes between wcs
(r1589460, r1589486)
* externals: Properly delete ancestor directories of externals when
removing the external by changing svn:externals. (r1600311, 1600315,
r1600323, r1600393)
* ra_serf: fix memory lifetime of some hash values (r1606009)
- Server-side bugfixes:
* fsfs: omit config file when creating pre-1.5 format repos (r1547454,
r1561703)
Developer-visible changes:
- General:
* fix improper linking when serf is in the same prefix as existing svn
libraries. (r1609004)
* use proper intermediate directory when building with VS 2003-2008
(r1595431)
* support generating VS 2013 and later project files.
- Bindings:
* ruby: removing warning about Ruby 1.9 support being new. (r1593992)
* python: fix notify_func callbacks (r1594794, r1594814, r1594834, r1595061)
Version 1.8.9
(07 May 2014, from /branches/1.8.x)
http://svn.apache.org/repos/asf/subversion/tags/1.8.9
@ -687,6 +729,24 @@ http://svn.apache.org/repos/asf/subversion/tags/1.8.0
* fix some reference counting bugs in swig-py bindings (r1464899, r1466524)
Version 1.7.18
(11 Aug 2014, from /branches/1.7.x)
http://svn.apache.org/repos/asf/subversion/tags/1.7.18
User-visible changes:
- Client-side bugfixes:
* guard against md5 hash collisions when finding cached credentials
(r1550691, r1550772, r1600909)
* ra_serf: properly match wildcards in SSL certs. (r1615211, 1615219)
* ra_serf: ignore the CommonName in SSL certs where there are Subject Alt
Names (r1565531, r1566503, r1568349)
Developer-visible changes:
- General:
* fix ocassional failure in checkout_tests.py test 12. (r1496127)
* disable building ZLib's assembly optimizations on Windows.
Version 1.7.17
(07 May 2014, from /branches/1.7.x)
http://svn.apache.org/repos/asf/subversion/tags/1.7.17

View File

@ -2231,7 +2231,7 @@ subversion/libsvn_ra_serf/serf.lo: subversion/libsvn_ra_serf/serf.c subversion/i
subversion/libsvn_ra_serf/update.lo: subversion/libsvn_ra_serf/update.c subversion/include/private/svn_dav_protocol.h subversion/include/private/svn_debug.h subversion/include/private/svn_dep_compat.h subversion/include/private/svn_editor.h subversion/include/private/svn_fspath.h subversion/include/private/svn_ra_private.h subversion/include/private/svn_string_private.h subversion/include/private/svn_subr_private.h subversion/include/svn_auth.h subversion/include/svn_base64.h subversion/include/svn_checksum.h subversion/include/svn_config.h subversion/include/svn_dav.h subversion/include/svn_delta.h subversion/include/svn_dirent_uri.h subversion/include/svn_error.h subversion/include/svn_error_codes.h subversion/include/svn_hash.h subversion/include/svn_io.h subversion/include/svn_mergeinfo.h subversion/include/svn_path.h subversion/include/svn_pools.h subversion/include/svn_props.h subversion/include/svn_ra.h subversion/include/svn_string.h subversion/include/svn_types.h subversion/include/svn_version.h subversion/include/svn_xml.h subversion/libsvn_ra/ra_loader.h subversion/libsvn_ra_serf/blncache.h subversion/libsvn_ra_serf/ra_serf.h subversion/svn_private_config.h
subversion/libsvn_ra_serf/util.lo: subversion/libsvn_ra_serf/util.c subversion/include/private/svn_auth_private.h subversion/include/private/svn_dav_protocol.h subversion/include/private/svn_debug.h subversion/include/private/svn_dep_compat.h subversion/include/private/svn_editor.h subversion/include/private/svn_fspath.h subversion/include/private/svn_ra_private.h subversion/include/private/svn_subr_private.h subversion/include/svn_auth.h subversion/include/svn_checksum.h subversion/include/svn_config.h subversion/include/svn_dav.h subversion/include/svn_delta.h subversion/include/svn_dirent_uri.h subversion/include/svn_error.h subversion/include/svn_error_codes.h subversion/include/svn_hash.h subversion/include/svn_io.h subversion/include/svn_mergeinfo.h subversion/include/svn_path.h subversion/include/svn_pools.h subversion/include/svn_props.h subversion/include/svn_ra.h subversion/include/svn_string.h subversion/include/svn_types.h subversion/include/svn_version.h subversion/include/svn_xml.h subversion/libsvn_ra/ra_loader.h subversion/libsvn_ra_serf/blncache.h subversion/libsvn_ra_serf/ra_serf.h subversion/svn_private_config.h
subversion/libsvn_ra_serf/util.lo: subversion/libsvn_ra_serf/util.c subversion/include/private/svn_auth_private.h subversion/include/private/svn_cert.h subversion/include/private/svn_dav_protocol.h subversion/include/private/svn_debug.h subversion/include/private/svn_dep_compat.h subversion/include/private/svn_editor.h subversion/include/private/svn_fspath.h subversion/include/private/svn_ra_private.h subversion/include/private/svn_subr_private.h subversion/include/svn_auth.h subversion/include/svn_checksum.h subversion/include/svn_config.h subversion/include/svn_dav.h subversion/include/svn_delta.h subversion/include/svn_dirent_uri.h subversion/include/svn_error.h subversion/include/svn_error_codes.h subversion/include/svn_hash.h subversion/include/svn_io.h subversion/include/svn_mergeinfo.h subversion/include/svn_path.h subversion/include/svn_pools.h subversion/include/svn_props.h subversion/include/svn_ra.h subversion/include/svn_string.h subversion/include/svn_types.h subversion/include/svn_version.h subversion/include/svn_xml.h subversion/libsvn_ra/ra_loader.h subversion/libsvn_ra_serf/blncache.h subversion/libsvn_ra_serf/ra_serf.h subversion/svn_private_config.h
subversion/libsvn_ra_serf/util_error.lo: subversion/libsvn_ra_serf/util_error.c subversion/include/private/svn_dav_protocol.h subversion/include/private/svn_debug.h subversion/include/private/svn_editor.h subversion/include/private/svn_error_private.h subversion/include/private/svn_subr_private.h subversion/include/svn_auth.h subversion/include/svn_checksum.h subversion/include/svn_config.h subversion/include/svn_dav.h subversion/include/svn_delta.h subversion/include/svn_dirent_uri.h subversion/include/svn_error.h subversion/include/svn_error_codes.h subversion/include/svn_io.h subversion/include/svn_mergeinfo.h subversion/include/svn_pools.h subversion/include/svn_ra.h subversion/include/svn_string.h subversion/include/svn_types.h subversion/include/svn_utf.h subversion/include/svn_version.h subversion/libsvn_ra_serf/blncache.h subversion/libsvn_ra_serf/ra_serf.h
@ -2329,7 +2329,7 @@ subversion/libsvn_subr/debug.lo: subversion/libsvn_subr/debug.c subversion/inclu
subversion/libsvn_subr/deprecated.lo: subversion/libsvn_subr/deprecated.c subversion/include/private/svn_debug.h subversion/include/private/svn_mergeinfo_private.h subversion/include/private/svn_opt_private.h subversion/include/private/svn_subr_private.h subversion/include/svn_auth.h subversion/include/svn_checksum.h subversion/include/svn_cmdline.h subversion/include/svn_config.h subversion/include/svn_dirent_uri.h subversion/include/svn_dso.h subversion/include/svn_error.h subversion/include/svn_error_codes.h subversion/include/svn_hash.h subversion/include/svn_io.h subversion/include/svn_mergeinfo.h subversion/include/svn_opt.h subversion/include/svn_path.h subversion/include/svn_pools.h subversion/include/svn_string.h subversion/include/svn_subst.h subversion/include/svn_types.h subversion/include/svn_utf.h subversion/include/svn_version.h subversion/include/svn_xml.h subversion/libsvn_subr/opt.h subversion/svn_private_config.h
subversion/libsvn_subr/dirent_uri.lo: subversion/libsvn_subr/dirent_uri.c subversion/include/private/svn_debug.h subversion/include/private/svn_fspath.h subversion/include/svn_ctype.h subversion/include/svn_dirent_uri.h subversion/include/svn_error.h subversion/include/svn_error_codes.h subversion/include/svn_path.h subversion/include/svn_string.h subversion/include/svn_types.h subversion/libsvn_subr/dirent_uri.h subversion/svn_private_config.h
subversion/libsvn_subr/dirent_uri.lo: subversion/libsvn_subr/dirent_uri.c subversion/include/private/svn_cert.h subversion/include/private/svn_debug.h subversion/include/private/svn_fspath.h subversion/include/svn_ctype.h subversion/include/svn_dirent_uri.h subversion/include/svn_error.h subversion/include/svn_error_codes.h subversion/include/svn_path.h subversion/include/svn_string.h subversion/include/svn_types.h subversion/libsvn_subr/dirent_uri.h subversion/svn_private_config.h
subversion/libsvn_subr/dso.lo: subversion/libsvn_subr/dso.c subversion/include/private/svn_debug.h subversion/include/private/svn_mutex.h subversion/include/svn_checksum.h subversion/include/svn_dso.h subversion/include/svn_error.h subversion/include/svn_error_codes.h subversion/include/svn_hash.h subversion/include/svn_io.h subversion/include/svn_pools.h subversion/include/svn_string.h subversion/include/svn_types.h subversion/svn_private_config.h
@ -2781,7 +2781,7 @@ subversion/tests/libsvn_subr/config-test.lo: subversion/tests/libsvn_subr/config
subversion/tests/libsvn_subr/crypto-test.lo: subversion/tests/libsvn_subr/crypto-test.c subversion/include/private/svn_debug.h subversion/include/svn_checksum.h subversion/include/svn_delta.h subversion/include/svn_dirent_uri.h subversion/include/svn_error.h subversion/include/svn_error_codes.h subversion/include/svn_io.h subversion/include/svn_path.h subversion/include/svn_pools.h subversion/include/svn_string.h subversion/include/svn_types.h subversion/libsvn_subr/crypto.h subversion/tests/svn_test.h
subversion/tests/libsvn_subr/dirent_uri-test.lo: subversion/tests/libsvn_subr/dirent_uri-test.c subversion/include/private/svn_debug.h subversion/include/private/svn_fspath.h subversion/include/svn_checksum.h subversion/include/svn_delta.h subversion/include/svn_dirent_uri.h subversion/include/svn_error.h subversion/include/svn_error_codes.h subversion/include/svn_io.h subversion/include/svn_path.h subversion/include/svn_pools.h subversion/include/svn_string.h subversion/include/svn_types.h subversion/tests/svn_test.h
subversion/tests/libsvn_subr/dirent_uri-test.lo: subversion/tests/libsvn_subr/dirent_uri-test.c subversion/include/private/svn_cert.h subversion/include/private/svn_debug.h subversion/include/private/svn_fspath.h subversion/include/svn_checksum.h subversion/include/svn_delta.h subversion/include/svn_dirent_uri.h subversion/include/svn_error.h subversion/include/svn_error_codes.h subversion/include/svn_io.h subversion/include/svn_path.h subversion/include/svn_pools.h subversion/include/svn_string.h subversion/include/svn_types.h subversion/tests/svn_test.h
subversion/tests/libsvn_subr/error-code-test.lo: subversion/tests/libsvn_subr/error-code-test.c subversion/include/private/svn_debug.h subversion/include/svn_checksum.h subversion/include/svn_delta.h subversion/include/svn_dirent_uri.h subversion/include/svn_error.h subversion/include/svn_error_codes.h subversion/include/svn_io.h subversion/include/svn_path.h subversion/include/svn_string.h subversion/include/svn_types.h subversion/tests/svn_test.h

View File

@ -342,6 +342,7 @@ msvc-export =
private\svn_temp_serializer.h private\svn_io_private.h
private\svn_string_private.h private\svn_magic.h
private\svn_subr_private.h private\svn_mutex.h private\svn_named_atomic.h
private\svn_cert.h
# Working copy management lib
[libsvn_wc]

View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for subversion 1.8.9.
# Generated by GNU Autoconf 2.69 for subversion 1.8.10.
#
# Report bugs to <http://subversion.apache.org/>.
#
@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='subversion'
PACKAGE_TARNAME='subversion'
PACKAGE_VERSION='1.8.9'
PACKAGE_STRING='subversion 1.8.9'
PACKAGE_VERSION='1.8.10'
PACKAGE_STRING='subversion 1.8.10'
PACKAGE_BUGREPORT='http://subversion.apache.org/'
PACKAGE_URL=''
@ -1457,7 +1457,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures subversion 1.8.9 to adapt to many kinds of systems.
\`configure' configures subversion 1.8.10 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1523,7 +1523,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of subversion 1.8.9:";;
short | recursive ) echo "Configuration of subversion 1.8.10:";;
esac
cat <<\_ACEOF
@ -1737,7 +1737,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
subversion configure 1.8.9
subversion configure 1.8.10
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2281,7 +2281,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by subversion $as_me 1.8.9, which was
It was created by subversion $as_me 1.8.10, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2661,8 +2661,8 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
{ $as_echo "$as_me:${as_lineno-$LINENO}: Configuring Subversion 1.8.9" >&5
$as_echo "$as_me: Configuring Subversion 1.8.9" >&6;}
{ $as_echo "$as_me:${as_lineno-$LINENO}: Configuring Subversion 1.8.10" >&5
$as_echo "$as_me: Configuring Subversion 1.8.10" >&6;}
abs_srcdir="`cd $srcdir && pwd`"
@ -5285,7 +5285,26 @@ if test "x$ac_cv_header_serf_h" = xyes; then :
_ACEOF
save_ldflags="$LDFLAGS"
LDFLAGS="$LDFLAGS -L$serf_prefix/lib"
LDFLAGS="$LDFLAGS `
input_flags="-L$serf_prefix/lib"
output_flags=""
filtered_dirs="/lib /lib64 /usr/lib /usr/lib64"
for flag in $input_flags; do
filter="no"
for dir in $filtered_dirs; do
if test "$flag" = "-L$dir" || test "$flag" = "-L$dir/"; then
filter="yes"
break
fi
done
if test "$filter" = "no"; then
output_flags="$output_flags $flag"
fi
done
if test -n "$output_flags"; then
printf "%s" "${output_flags# }"
fi
`"
as_ac_Lib=`$as_echo "ac_cv_lib_$serf_major''_serf_context_create" | $as_tr_sh`
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for serf_context_create in -l$serf_major" >&5
$as_echo_n "checking for serf_context_create in -l$serf_major... " >&6; }
@ -5369,7 +5388,26 @@ done
SVN_SERF_LIBS="$serf_prefix/lib/lib$serf_major.la"
else
SVN_SERF_LIBS="-l$serf_major"
LDFLAGS="$LDFLAGS -L$serf_prefix/lib"
LDFLAGS="$LDFLAGS `
input_flags="-L$serf_prefix/lib"
output_flags=""
filtered_dirs="/lib /lib64 /usr/lib /usr/lib64"
for flag in $input_flags; do
filter="no"
for dir in $filtered_dirs; do
if test "$flag" = "-L$dir" || test "$flag" = "-L$dir/"; then
filter="yes"
break
fi
done
if test "$filter" = "no"; then
output_flags="$output_flags $flag"
fi
done
if test -n "$output_flags"; then
printf "%s" "${output_flags# }"
fi
`"
fi
fi
@ -18002,7 +18040,26 @@ if test "${with_berkeley_db+set}" = set; then :
done
SVN_DB_INCLUDES="${SVN_DB_INCLUDES## }"
for l in `echo "$withval" | $SED -e "s/.*:[^:]*:\([^:]*\):.*/\1/"`; do
LDFLAGS="$LDFLAGS -L$l"
LDFLAGS="$LDFLAGS `
input_flags="-L$l"
output_flags=""
filtered_dirs="/lib /lib64 /usr/lib /usr/lib64"
for flag in $input_flags; do
filter="no"
for dir in $filtered_dirs; do
if test "$flag" = "-L$dir" || test "$flag" = "-L$dir/"; then
filter="yes"
break
fi
done
if test "$filter" = "no"; then
output_flags="$output_flags $flag"
fi
done
if test -n "$output_flags"; then
printf "%s" "${output_flags# }"
fi
`"
done
SVN_DB_LIBS=""
for l in `echo "$withval" | $SED -e "s/.*:\([^:]*\)/\1/"`; do
@ -22728,12 +22785,6 @@ $as_echo "$svn_cv_ruby_teeny" >&6; }
$as_echo "$as_me: WARNING: The detected Ruby is between 1.9 and 1.9.3" >&2;}
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Only 1.8.x and 1.9.3 releases are supported at this time" >&5
$as_echo "$as_me: WARNING: Only 1.8.x and 1.9.3 releases are supported at this time" >&2;}
elif test \( "$RUBY_MAJOR" -eq "1" -a "$RUBY_MINOR" -eq "9" -a "$RUBY_TEENY" -eq "3" \); then
#Warn about 1.9.3 support
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: WARNING: The detected Ruby is 1.9.3" >&5
$as_echo "$as_me: WARNING: WARNING: The detected Ruby is 1.9.3" >&2;}
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: WARNING: Only 1.8.x releases are fully supported, 1.9.3 support is new" >&5
$as_echo "$as_me: WARNING: WARNING: Only 1.8.x releases are fully supported, 1.9.3 support is new" >&2;}
fi
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
@ -25746,7 +25797,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by subversion $as_me 1.8.9, which was
This file was extended by subversion $as_me 1.8.10, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -25812,7 +25863,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
subversion config.status 1.8.9
subversion config.status 1.8.10
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

View File

@ -1280,10 +1280,6 @@ if test "$RUBY" != "none"; then
RUBY="none"
AC_MSG_WARN([The detected Ruby is between 1.9 and 1.9.3])
AC_MSG_WARN([Only 1.8.x and 1.9.3 releases are supported at this time])
elif test \( "$RUBY_MAJOR" -eq "1" -a "$RUBY_MINOR" -eq "9" -a "$RUBY_TEENY" -eq "3" \); then
#Warn about 1.9.3 support
AC_MSG_WARN([WARNING: The detected Ruby is 1.9.3])
AC_MSG_WARN([WARNING: Only 1.8.x releases are fully supported, 1.9.3 support is new])
fi
else
AC_MSG_RESULT([no])

View File

@ -33,11 +33,11 @@
APR_VERSION=${APR_VERSION:-"1.4.6"}
APU_VERSION=${APU_VERSION:-"1.5.1"}
SERF_VERSION=${SERF_VERSION:-"1.2.1"}
SERF_VERSION=${SERF_VERSION:-"1.3.4"}
ZLIB_VERSION=${ZLIB_VERSION:-"1.2.8"}
SQLITE_VERSION=${SQLITE_VERSION:-"3.7.15.1"}
GTEST_VERSION=${GTEST_VERSION:-"1.6.0"}
HTTPD_VERSION=${HTTPD_VERSION:-"2.4.6"}
HTTPD_VERSION=${HTTPD_VERSION:-"2.4.10"}
APR_ICONV_VERSION=${APR_ICONV_VERSION:-"1.2.1"}
APR=apr-${APR_VERSION}
@ -57,7 +57,7 @@ TEMPDIR=$BASEDIR/temp
HTTP_FETCH=
[ -z "$HTTP_FETCH" ] && type wget >/dev/null 2>&1 && HTTP_FETCH="wget -q -nc"
[ -z "$HTTP_FETCH" ] && type curl >/dev/null 2>&1 && HTTP_FETCH="curl -sO"
[ -z "$HTTP_FETCH" ] && type curl >/dev/null 2>&1 && HTTP_FETCH="curl -sOL"
[ -z "$HTTP_FETCH" ] && type fetch >/dev/null 2>&1 && HTTP_FETCH="fetch -q"
# Need this uncommented if any of the specific versions of the ASF tarballs to
@ -89,7 +89,7 @@ get_serf() {
test -d $BASEDIR/serf && return
cd $TEMPDIR
$HTTP_FETCH http://serf.googlecode.com/files/$SERF.tar.bz2
$HTTP_FETCH http://serf.googlecode.com/svn/src_releases/$SERF.tar.bz2
cd $BASEDIR
bzip2 -dc $TEMPDIR/$SERF.tar.bz2 | tar -xf -
@ -101,7 +101,7 @@ get_zlib() {
test -d $BASEDIR/zlib && return
cd $TEMPDIR
$HTTP_FETCH http://www.zlib.net/$ZLIB.tar.gz
$HTTP_FETCH http://sourceforge.net/projects/libpng/files/zlib/$ZLIB_VERSION/$ZLIB.tar.gz
cd $BASEDIR
gzip -dc $TEMPDIR/$ZLIB.tar.gz | tar -xf -

View File

@ -0,0 +1,68 @@
/**
* @copyright
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
* @endcopyright
*
* @file svn_cert.h
* @brief Implementation of certificate validation functions
*/
#ifndef SVN_CERT_H
#define SVN_CERT_H
#include <apr.h>
#include "svn_types.h"
#include "svn_string.h"
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/* Return TRUE iff @a pattern matches @a hostname as defined
* by the matching rules of RFC 6125. In the context of RFC
* 6125 the pattern is the domain name portion of the presented
* identifier (which comes from the Common Name or a DNSName
* portion of the subjectAltName of an X.509 certificate) and
* the hostname is the source domain (i.e. the host portion
* of the URI the user entered).
*
* @note With respect to wildcards we only support matching
* wildcards in the left-most label and as the only character
* in the left-most label (i.e. we support RFC 6125 § 6.4.3
* Rule 1 and 2 but not the optional Rule 3). This may change
* in the future.
*
* @note Subversion does not at current support internationalized
* domain names. Both values are presumed to be in NR-LDH label
* or A-label form (see RFC 5890 for the definition).
*
* @since New in 1.9.
*/
svn_boolean_t
svn_cert__match_dns_identity(svn_string_t *pattern, svn_string_t *hostname);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* SVN_CERT_H */

View File

@ -72,7 +72,7 @@ extern "C" {
*
* @since New in 1.1.
*/
#define SVN_VER_PATCH 9
#define SVN_VER_PATCH 10
/** @deprecated Provided for backward compatibility with the 1.0 API. */
@ -95,7 +95,7 @@ extern "C" {
*
* Always change this at the same time as SVN_VER_NUMTAG.
*/
#define SVN_VER_TAG " (r1591380)"
#define SVN_VER_TAG " (r1615264)"
/** Number tag: a string describing the version.
@ -121,7 +121,7 @@ extern "C" {
* When rolling a tarball, we automatically replace it with what we
* guess to be the correct revision number.
*/
#define SVN_VER_REVISION 1591380
#define SVN_VER_REVISION 1615264
/* Version strings composed from the above definitions. */

View File

@ -193,7 +193,7 @@ path_driver_cb_func(void **dir_baton,
static svn_error_t *
single_repos_delete(svn_ra_session_t *ra_session,
const char *repos_root,
const char *base_uri,
const apr_array_header_t *relpaths,
const apr_hash_t *revprop_table,
svn_commit_callback2_t commit_callback,
@ -221,7 +221,7 @@ single_repos_delete(svn_ra_session_t *ra_session,
const char *relpath = APR_ARRAY_IDX(relpaths, i, const char *);
item = svn_client_commit_item3_create(pool);
item->url = svn_path_url_add_component2(repos_root, relpath, pool);
item->url = svn_path_url_add_component2(base_uri, relpath, pool);
item->state_flags = SVN_CLIENT_COMMIT_ITEM_DELETE;
APR_ARRAY_PUSH(commit_items, svn_client_commit_item3_t *) = item;
}
@ -361,7 +361,6 @@ delete_urls_multi_repos(const apr_array_header_t *uris,
iterpool = svn_pool_create(pool);
for (hi = apr_hash_first(pool, deletables); hi; hi = apr_hash_next(hi))
{
const char *repos_root = svn__apr_hash_index_key(hi);
struct repos_deletables_t *repos_deletables = svn__apr_hash_index_val(hi);
const char *base_uri;
apr_array_header_t *target_relpaths;
@ -398,7 +397,7 @@ delete_urls_multi_repos(const apr_array_header_t *uris,
}
SVN_ERR(svn_ra_reparent(repos_deletables->ra_session, base_uri, pool));
SVN_ERR(single_repos_delete(repos_deletables->ra_session, repos_root,
SVN_ERR(single_repos_delete(repos_deletables->ra_session, base_uri,
target_relpaths,
revprop_table, commit_callback,
commit_baton, ctx, iterpool));

View File

@ -1017,19 +1017,30 @@ svn_client__handle_externals(apr_hash_t *externals_new,
parent_abspath = svn_dirent_dirname(parent_abspath, iterpool);
SVN_ERR(svn_wc_read_kind2(&kind, ctx->wc_ctx, parent_abspath,
TRUE, FALSE, iterpool));
FALSE /* show_deleted*/,
FALSE /* show_hidden */,
iterpool));
if (kind == svn_node_none)
{
svn_error_t *err;
err = svn_io_dir_remove_nonrecursive(parent_abspath, iterpool);
if (err && APR_STATUS_IS_ENOTEMPTY(err->apr_err))
if (err)
{
svn_error_clear(err);
break;
if (APR_STATUS_IS_ENOTEMPTY(err->apr_err))
{
svn_error_clear(err);
break; /* No parents to delete */
}
else if (APR_STATUS_IS_ENOENT(err->apr_err)
|| APR_STATUS_IS_ENOTDIR(err->apr_err))
{
svn_error_clear(err);
/* Fall through; parent dir might be unversioned */
}
else
return svn_error_trace(err);
}
else
SVN_ERR(err);
}
} while (strcmp(parent_abspath, defining_abspath) != 0);
}

View File

@ -8877,7 +8877,12 @@ svn_fs_fs__create(svn_fs_t *fs,
SVN_ERR(write_revision_zero(fs));
SVN_ERR(write_config(fs, pool));
/* Create the fsfs.conf file if supported. Older server versions would
simply ignore the file but that might result in a different behavior
than with the later releases. Also, hotcopy would ignore, i.e. not
copy, a fsfs.conf with old formats. */
if (ffd->format >= SVN_FS_FS__MIN_CONFIG_FILE)
SVN_ERR(write_config(fs, pool));
SVN_ERR(read_config(ffd, fs->path, pool));

View File

@ -1,4 +1,4 @@
/* This file is automatically generated from rep-cache-db.sql and .dist_sandbox/subversion-1.8.9/subversion/libsvn_fs_fs/token-map.h.
/* This file is automatically generated from rep-cache-db.sql and .dist_sandbox/subversion-1.8.10/subversion/libsvn_fs_fs/token-map.h.
* Do not edit this file -- edit the source and rerun gen-make.py */
#define STMT_CREATE_SCHEMA 0

View File

@ -99,14 +99,11 @@ typedef struct proppatch_context_t {
} proppatch_context_t;
typedef struct delete_context_t {
const char *path;
const char *relpath;
svn_revnum_t revision;
const char *lock_token;
apr_hash_t *lock_token_hash;
svn_boolean_t keep_locks;
commit_context_t *commit;
} delete_context_t;
/* Represents a directory. */
@ -149,7 +146,6 @@ typedef struct dir_context_t {
/* The checked-out working resource for this directory. May be NULL; if so
call checkout_dir() first. */
const char *working_url;
} dir_context_t;
/* Represents a file to be committed. */
@ -1077,6 +1073,96 @@ setup_copy_file_headers(serf_bucket_t *headers,
return SVN_NO_ERROR;
}
static svn_error_t *
setup_if_header_recursive(svn_boolean_t *added,
serf_bucket_t *headers,
commit_context_t *commit_ctx,
const char *rq_relpath,
apr_pool_t *pool)
{
svn_stringbuf_t *sb = NULL;
apr_hash_index_t *hi;
apr_pool_t *iterpool = NULL;
if (!commit_ctx->lock_tokens)
{
*added = FALSE;
return SVN_NO_ERROR;
}
/* We try to create a directory, so within the Subversion world that
would imply that there is nothing here, but mod_dav_svn still sees
locks on the old nodes here as in DAV it is perfectly legal to lock
something that is not there...
Let's make mod_dav, mod_dav_svn and the DAV RFC happy by providing
the locks we know of with the request */
for (hi = apr_hash_first(pool, commit_ctx->lock_tokens);
hi;
hi = apr_hash_next(hi))
{
const char *relpath = svn__apr_hash_index_key(hi);
apr_uri_t uri;
if (!svn_relpath_skip_ancestor(rq_relpath, relpath))
continue;
else if (svn_hash_gets(commit_ctx->deleted_entries, relpath))
{
/* When a path is already explicit deleted then its lock
will be removed by mod_dav. But mod_dav doesn't remove
locks on descendants */
continue;
}
if (!iterpool)
iterpool = svn_pool_create(pool);
else
svn_pool_clear(iterpool);
if (sb == NULL)
sb = svn_stringbuf_create("", pool);
else
svn_stringbuf_appendbyte(sb, ' ');
uri = commit_ctx->session->session_url;
uri.path = (char *)svn_path_url_add_component2(uri.path, relpath,
iterpool);
svn_stringbuf_appendbyte(sb, '<');
svn_stringbuf_appendcstr(sb, apr_uri_unparse(iterpool, &uri, 0));
svn_stringbuf_appendcstr(sb, "> (<");
svn_stringbuf_appendcstr(sb, svn__apr_hash_index_val(hi));
svn_stringbuf_appendcstr(sb, ">)");
}
if (iterpool)
svn_pool_destroy(iterpool);
if (sb)
{
serf_bucket_headers_set(headers, "If", sb->data);
*added = TRUE;
}
else
*added = FALSE;
return SVN_NO_ERROR;
}
static svn_error_t *
setup_add_dir_common_headers(serf_bucket_t *headers,
void *baton,
apr_pool_t *pool)
{
dir_context_t *dir = baton;
svn_boolean_t added;
return svn_error_trace(
setup_if_header_recursive(&added, headers, dir->commit, dir->relpath,
pool));
}
static svn_error_t *
setup_copy_dir_headers(serf_bucket_t *headers,
void *baton,
@ -1109,7 +1195,7 @@ setup_copy_dir_headers(serf_bucket_t *headers,
/* Implicitly checkout this dir now. */
dir->working_url = apr_pstrdup(dir->pool, uri.path);
return SVN_NO_ERROR;
return svn_error_trace(setup_add_dir_common_headers(headers, baton, pool));
}
static svn_error_t *
@ -1117,51 +1203,19 @@ setup_delete_headers(serf_bucket_t *headers,
void *baton,
apr_pool_t *pool)
{
delete_context_t *ctx = baton;
delete_context_t *del = baton;
svn_boolean_t added;
serf_bucket_headers_set(headers, SVN_DAV_VERSION_NAME_HEADER,
apr_ltoa(pool, ctx->revision));
apr_ltoa(pool, del->revision));
if (ctx->lock_token_hash)
{
ctx->lock_token = svn_hash_gets(ctx->lock_token_hash, ctx->path);
SVN_ERR(setup_if_header_recursive(&added, headers, del->commit,
del->relpath, pool));
if (ctx->lock_token)
{
const char *token_header;
if (added && del->commit->keep_locks)
serf_bucket_headers_setn(headers, SVN_DAV_OPTIONS_HEADER,
SVN_DAV_OPTION_KEEP_LOCKS);
token_header = apr_pstrcat(pool, "<", ctx->path, "> (<",
ctx->lock_token, ">)", (char *)NULL);
serf_bucket_headers_set(headers, "If", token_header);
if (ctx->keep_locks)
serf_bucket_headers_setn(headers, SVN_DAV_OPTIONS_HEADER,
SVN_DAV_OPTION_KEEP_LOCKS);
}
}
return SVN_NO_ERROR;
}
/* Implements svn_ra_serf__request_body_delegate_t */
static svn_error_t *
create_delete_body(serf_bucket_t **body_bkt,
void *baton,
serf_bucket_alloc_t *alloc,
apr_pool_t *pool)
{
delete_context_t *ctx = baton;
serf_bucket_t *body;
body = serf_bucket_aggregate_create(alloc);
svn_ra_serf__add_xml_header_buckets(body, alloc);
svn_ra_serf__merge_lock_token_list(ctx->lock_token_hash, ctx->path,
body, alloc, pool);
*body_bkt = body;
return SVN_NO_ERROR;
}
@ -1541,7 +1595,6 @@ delete_entry(const char *path,
delete_context_t *delete_ctx;
svn_ra_serf__handler_t *handler;
const char *delete_target;
svn_error_t *err;
if (USING_HTTPV2_COMMIT_SUPPORT(dir->commit))
{
@ -1560,10 +1613,9 @@ delete_entry(const char *path,
/* DELETE our entry */
delete_ctx = apr_pcalloc(pool, sizeof(*delete_ctx));
delete_ctx->path = apr_pstrdup(pool, path);
delete_ctx->relpath = apr_pstrdup(pool, path);
delete_ctx->revision = revision;
delete_ctx->lock_token_hash = dir->commit->lock_tokens;
delete_ctx->keep_locks = dir->commit->keep_locks;
delete_ctx->commit = dir->commit;
handler = apr_pcalloc(pool, sizeof(*handler));
handler->handler_pool = pool;
@ -1579,30 +1631,7 @@ delete_entry(const char *path,
handler->method = "DELETE";
handler->path = delete_target;
err = svn_ra_serf__context_run_one(handler, pool);
if (err &&
(err->apr_err == SVN_ERR_FS_BAD_LOCK_TOKEN ||
err->apr_err == SVN_ERR_FS_NO_LOCK_TOKEN ||
err->apr_err == SVN_ERR_FS_LOCK_OWNER_MISMATCH ||
err->apr_err == SVN_ERR_FS_PATH_ALREADY_LOCKED))
{
svn_error_clear(err);
/* An error has been registered on the connection. Reset the thing
so that we can use it again. */
serf_connection_reset(handler->conn->conn);
handler->body_delegate = create_delete_body;
handler->body_delegate_baton = delete_ctx;
handler->body_type = "text/xml";
SVN_ERR(svn_ra_serf__context_run_one(handler, pool));
}
else if (err)
{
return err;
}
SVN_ERR(svn_ra_serf__context_run_one(handler, pool));
/* 204 No Content: item successfully deleted */
if (handler->sline.code != 204)
@ -1673,6 +1702,9 @@ add_directory(const char *path,
{
handler->method = "MKCOL";
handler->path = mkcol_target;
handler->header_delegate = setup_add_dir_common_headers;
handler->header_delegate_baton = dir;
}
else
{
@ -2341,7 +2373,8 @@ svn_ra_serf__get_commit_editor(svn_ra_session_t *ra_session,
ctx->callback = callback;
ctx->callback_baton = callback_baton;
ctx->lock_tokens = lock_tokens;
ctx->lock_tokens = (lock_tokens && apr_hash_count(lock_tokens))
? lock_tokens : NULL;
ctx->keep_locks = keep_locks;
ctx->deleted_entries = apr_hash_make(ctx->pool);

View File

@ -302,7 +302,7 @@ capabilities_headers_iterator_callback(void *baton,
/* May contain multiple values, separated by commas. */
int i;
apr_array_header_t *vals = svn_cstring_split(val, ",", TRUE,
opt_ctx->pool);
session->pool);
for (i = 0; i < vals->nelts; i++)
{

View File

@ -28,7 +28,6 @@
#define APR_WANT_STRFUNC
#include <apr.h>
#include <apr_want.h>
#include <apr_fnmatch.h>
#include <serf.h>
#include <serf_bucket_types.h>
@ -49,6 +48,7 @@
#include "private/svn_fspath.h"
#include "private/svn_subr_private.h"
#include "private/svn_auth_private.h"
#include "private/svn_cert.h"
#include "ra_serf.h"
@ -274,7 +274,6 @@ ssl_server_cert(void *baton, int failures,
apr_hash_t *subject = NULL;
apr_hash_t *serf_cert = NULL;
void *creds;
int found_matching_hostname = 0;
svn_failures = (ssl_convert_serf_failures(failures)
| conn->server_cert_failures);
@ -286,26 +285,37 @@ ssl_server_cert(void *baton, int failures,
### This should really be handled by serf, which should pass an error
for this case, but that has backwards compatibility issues. */
apr_array_header_t *san;
svn_boolean_t found_san_entry = FALSE;
svn_boolean_t found_matching_hostname = FALSE;
svn_string_t *actual_hostname =
svn_string_create(conn->session->session_url.hostname, scratch_pool);
serf_cert = serf_ssl_cert_certificate(cert, scratch_pool);
san = svn_hash_gets(serf_cert, "subjectAltName");
/* Try to find matching server name via subjectAltName first... */
if (san) {
if (san)
{
int i;
for (i = 0; i < san->nelts; i++) {
found_san_entry = san->nelts > 0;
for (i = 0; i < san->nelts; i++)
{
const char *s = APR_ARRAY_IDX(san, i, const char*);
if (apr_fnmatch(s, conn->session->session_url.hostname,
APR_FNM_PERIOD | APR_FNM_CASE_BLIND) == APR_SUCCESS)
{
found_matching_hostname = 1;
break;
}
}
}
svn_string_t *cert_hostname = svn_string_create(s, scratch_pool);
/* Match server certificate CN with the hostname of the server */
if (!found_matching_hostname)
if (svn_cert__match_dns_identity(cert_hostname, actual_hostname))
{
found_matching_hostname = TRUE;
break;
}
}
}
/* Match server certificate CN with the hostname of the server iff
* we didn't find any subjectAltName fields and try to match them.
* Per RFC 2818 they are authoritative if present and CommonName
* should be ignored. */
if (!found_matching_hostname && !found_san_entry)
{
const char *hostname = NULL;
@ -314,13 +324,20 @@ ssl_server_cert(void *baton, int failures,
if (subject)
hostname = svn_hash_gets(subject, "CN");
if (!hostname
|| apr_fnmatch(hostname, conn->session->session_url.hostname,
APR_FNM_PERIOD | APR_FNM_CASE_BLIND) != APR_SUCCESS)
{
svn_failures |= SVN_AUTH_SSL_CNMISMATCH;
}
}
if (hostname)
{
svn_string_t *cert_hostname = svn_string_create(hostname,
scratch_pool);
if (svn_cert__match_dns_identity(cert_hostname, actual_hostname))
{
found_matching_hostname = TRUE;
}
}
}
if (!found_matching_hostname)
svn_failures |= SVN_AUTH_SSL_CNMISMATCH;
}
if (!svn_failures)

View File

@ -94,6 +94,7 @@ svn_config_read_auth_data(apr_hash_t **hash,
if (kind == svn_node_file)
{
svn_stream_t *stream;
svn_string_t *stored_realm;
SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
_("Unable to open auth file for reading"));
@ -104,6 +105,11 @@ svn_config_read_auth_data(apr_hash_t **hash,
apr_psprintf(pool, _("Error parsing '%s'"),
svn_dirent_local_style(auth_path, pool)));
stored_realm = svn_hash_gets(*hash, SVN_CONFIG_REALMSTRING_KEY);
if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0)
*hash = NULL; /* Hash collision, or somebody tampering with storage */
SVN_ERR(svn_stream_close(stream));
}

View File

@ -38,6 +38,7 @@
#include "dirent_uri.h"
#include "private/svn_fspath.h"
#include "private/svn_cert.h"
/* The canonical empty path. Can this be changed? Well, change the empty
test below and the path library will work, not so sure about the fs/wc
@ -2597,3 +2598,81 @@ svn_urlpath__canonicalize(const char *uri,
}
return uri;
}
/* -------------- The cert API (see private/svn_cert.h) ------------- */
svn_boolean_t
svn_cert__match_dns_identity(svn_string_t *pattern, svn_string_t *hostname)
{
apr_size_t pattern_pos = 0, hostname_pos = 0;
/* support leading wildcards that composed of the only character in the
* left-most label. */
if (pattern->len >= 2 &&
pattern->data[pattern_pos] == '*' &&
pattern->data[pattern_pos + 1] == '.')
{
while (hostname_pos < hostname->len &&
hostname->data[hostname_pos] != '.')
{
hostname_pos++;
}
/* Assume that the wildcard must match something. Rule 2 says
* that *.example.com should not match example.com. If the wildcard
* ends up not matching anything then it matches .example.com which
* seems to be essentially the same as just example.com */
if (hostname_pos == 0)
return FALSE;
pattern_pos++;
}
while (pattern_pos < pattern->len && hostname_pos < hostname->len)
{
char pattern_c = pattern->data[pattern_pos];
char hostname_c = hostname->data[hostname_pos];
/* fold case as described in RFC 4343.
* Note: We actually convert to lowercase, since our URI
* canonicalization code converts to lowercase and generally
* most certs are issued with lowercase DNS names, meaning
* this avoids the fold operation in most cases. The RFC
* suggests the opposite transformation, but doesn't require
* any specific implementation in any case. It is critical
* that this folding be locale independent so you can't use
* tolower(). */
pattern_c = canonicalize_to_lower(pattern_c);
hostname_c = canonicalize_to_lower(hostname_c);
if (pattern_c != hostname_c)
{
/* doesn't match */
return FALSE;
}
else
{
/* characters match so skip both */
pattern_pos++;
hostname_pos++;
}
}
/* ignore a trailing period on the hostname since this has no effect on the
* security of the matching. See the following for the long explanation as
* to why:
* https://bugzilla.mozilla.org/show_bug.cgi?id=134402#c28
*/
if (pattern_pos == pattern->len &&
hostname_pos == hostname->len - 1 &&
hostname->data[hostname_pos] == '.')
hostname_pos++;
if (pattern_pos != pattern->len || hostname_pos != hostname->len)
{
/* end didn't match */
return FALSE;
}
return TRUE;
}

View File

@ -1,4 +1,4 @@
/* This file is automatically generated from internal_statements.sql and .dist_sandbox/subversion-1.8.9/subversion/libsvn_subr/token-map.h.
/* This file is automatically generated from internal_statements.sql and .dist_sandbox/subversion-1.8.10/subversion/libsvn_subr/token-map.h.
* Do not edit this file -- edit the source and rerun gen-make.py */
#define STMT_INTERNAL_SAVEPOINT_SVN 0

View File

@ -417,7 +417,9 @@ svn_opt_subcommand_help3(const char *subcommand,
_("\"%s\": unknown command.\n\n"), subcommand);
if (err) {
svn_handle_error2(err, stderr, FALSE, "svn: ");
/* Issue #3014: Don't print anything on broken pipes. */
if (err->apr_err != SVN_ERR_IO_PIPE_WRITE_ERROR)
svn_handle_error2(err, stderr, FALSE, "svn: ");
svn_error_clear(err);
}
}

View File

@ -1,4 +1,4 @@
/* This file is automatically generated from wc-checks.sql and .dist_sandbox/subversion-1.8.9/subversion/libsvn_wc/token-map.h.
/* This file is automatically generated from wc-checks.sql and .dist_sandbox/subversion-1.8.10/subversion/libsvn_wc/token-map.h.
* Do not edit this file -- edit the source and rerun gen-make.py */
#define STMT_VERIFICATION_TRIGGERS 0

View File

@ -1,4 +1,4 @@
/* This file is automatically generated from wc-metadata.sql and .dist_sandbox/subversion-1.8.9/subversion/libsvn_wc/token-map.h.
/* This file is automatically generated from wc-metadata.sql and .dist_sandbox/subversion-1.8.10/subversion/libsvn_wc/token-map.h.
* Do not edit this file -- edit the source and rerun gen-make.py */
#define STMT_CREATE_SCHEMA 0

View File

@ -1,4 +1,4 @@
/* This file is automatically generated from wc-queries.sql and .dist_sandbox/subversion-1.8.9/subversion/libsvn_wc/token-map.h.
/* This file is automatically generated from wc-queries.sql and .dist_sandbox/subversion-1.8.10/subversion/libsvn_wc/token-map.h.
* Do not edit this file -- edit the source and rerun gen-make.py */
#define STMT_SELECT_NODE_INFO 0

View File

@ -3815,8 +3815,15 @@ cross_db_copy(svn_wc__db_wcroot_t *src_wcroot,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
src_wcroot, src_relpath, scratch_pool, scratch_pool));
SVN_ERR(db_read_pristine_props(&props, src_wcroot, src_relpath, FALSE,
scratch_pool, scratch_pool));
if (dst_status != svn_wc__db_status_not_present
&& dst_status != svn_wc__db_status_excluded
&& dst_status != svn_wc__db_status_server_excluded)
{
SVN_ERR(db_read_pristine_props(&props, src_wcroot, src_relpath, FALSE,
scratch_pool, scratch_pool));
}
else
props = NULL;
blank_iwb(&iwb);
iwb.presence = dst_status;
@ -5131,6 +5138,17 @@ db_op_copy_shadowed_layer(svn_wc__db_wcroot_t *src_wcroot,
scratch_pool));
}
if (dst_presence == svn_wc__db_status_not_present)
{
/* Don't create descendants of a not present node! */
/* This code is currently still triggered by copying deleted nodes
between separate working copies. See ### comment above. */
svn_pool_destroy(iterpool);
return SVN_NO_ERROR;
}
SVN_ERR(gather_repo_children(&children, src_wcroot, src_relpath,
src_op_depth, scratch_pool, iterpool));

View File

@ -105,7 +105,7 @@
#define PACKAGE_NAME "subversion"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "subversion 1.8.9"
#define PACKAGE_STRING "subversion 1.8.10"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "subversion"
@ -114,7 +114,7 @@
#define PACKAGE_URL ""
/* Define to the version of this package. */
#define PACKAGE_VERSION "1.8.9"
#define PACKAGE_VERSION "1.8.10"
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1