Author: stsp
Date: Sun May 19 10:20:40 2013
New Revision: 1484262
URL: http://svn.apache.org/r1484262
Log:
* STATUS (for 1.6.x): Split issue #4340 fix nomination into two parts, one
for libsvn_fs_fs and one for libsvn_repos (there is no general consensus
on the libsvn_repos changes yet).
Modified:
subversion/branches/1.6.x/STATUS
Modified: subversion/branches/1.6.x/STATUS
URL:
http://svn.apache.org/viewvc/subversion/branches/1.6.x/STATUS?rev=1484262&r1=1484261&r2=1484262&view=diff
==============================================================================
--- subversion/branches/1.6.x/STATUS (original)
+++ subversion/branches/1.6.x/STATUS Sun May 19 10:20:40 2013
@@ -54,22 +54,42 @@ Candidate changes:
Votes:
+0: rhuijben (Still running some tests)
- * r1461562, r1461580, r1465995, r1465998
+ * r1461562, r1461580, r1461701, r1481627
Fix issue #4340, "filenames containing \n corrupt FSFS repositories"
Justification:
- Control characters can severely corrupt FSFS revision files and
+ Newline characters can severely corrupt FSFS revision files and
should never enter the repository for this reason. See discussion
- linked form issue #4340 for more information.
+ linked from issue #4340 for more information.
Notes:
- r1465995 and r1465998 revise the changes made in the earlier revisions,
- and are the result of a long dev@ discussion that eventually concluded
+ r1461701 revises the changes made in the earlier revisions,
+ and is the result of a long dev@ discussion that eventually concluded
in this subthread: http://svn.haxx.se/dev/archive-2013-04/0056.shtml
+ This issue can be exploited by people with commit access to corrupt
+ an FSFS repository, and has been assigned a CVE number: CVE-2013-1968
+ r1481627 addresses concerns raised by danielsh.
Branch:
^/subversion/branches/1.6.x-issue4340
Votes:
+1: stsp
+0: danielsh (reviewed 1.7.x-issue4340)
+ * r1461760
+ Additional fix related to issue #4340, "filenames containing \n corrupt
+ FSFS repositories"
+ Justification:
+ This change makes libsvn_repos block filenames containing control
+ characters. Control characters in filenames have always been rejected
+ by libsvn_client, but client-side software bypassing libsvn_client
+ could still commit such filenames. Control characters in filenames
+ can cause problems not just in FSFS but also in dump files, unidiff,
+ and possibly elsewhere. It is a good idea to make the client and
+ server consistent.
+ See discussion linked from issue #4340 for more information.
+ Branch:
+ ^/subversion/branches/1.6.x-issue4340-repos
+ Votes:
+ +1: stsp
+
Veto-blocked changes:
=====================
