Author: philip
Date: Thu Aug 10 20:32:44 2017
New Revision: 1804723

URL: http://svn.apache.org/viewvc?rev=1804723&view=rev
Log:
Merge r1804691 from trunk:

 * CVE-2017-9800
   Justification:
     Malicious server can execute arbitrary command on client.
   Notes:
     patch: CVE-2017-9800/CVE-2017-9800-1.8.patch
   Votes:
     +1: philip, danielsh, stsp
     +1: astieger (without r78105)

Modified:
    subversion/branches/1.8.x/   (props changed)
    subversion/branches/1.8.x/subversion/   (props changed)
    subversion/branches/1.8.x/subversion/libsvn_ra_svn/client.c
    subversion/branches/1.8.x/subversion/libsvn_subr/config_file.c

Propchange: subversion/branches/1.8.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Aug 10 20:32:44 2017
@@ -158,5 +158,5 @@
 /subversion/branches/uris-as-urls:1060426-1064427
 /subversion/branches/verify-at-commit:1462039-1462408
 /subversion/branches/wc-collate-path:1407642
-/subversion/trunk:1467440,1467450,1467481,1467587,1467597,1467668,1467675,1467803,1467807,1467951,1468109,1468116,1468151,1468347,1468395,1468439,1468487,1468565-1468566,1468980,1469248,1469363,1469478,1469489,1469512-1469513,1469550,1469556,1469645,1469674,1469833,1469862,1469866,1469871,1469994,1470031,1470037,1470221,1470238,1470246,1470248,1470537,1470650,1470738,1470781,1470898,1470904,1470908,1470913,1470936,1470993-1470994,1471028-1471029,1471107,1471153,1471302,1471443,1471490,1471744,1475704,1475724,1475772,1475963,1476092,1476155,1476181,1476193,1476254,1476359,1476366,1476607,1477294,1477359,1477729-1477730,1477876,1477891,1478001,1478220-1478221,1478465,1478617,1478897,1478951,1478987,1478998,1479320-1479321,1479323,1479326,1479329,1479540,1479563,1479605,1479896,1480054,1480077,1480080,1480082,1480119,1480149,1480344,1480412,1480426,1480442,1480616,1480641-1480642,1480664,1480669,1480681,1480723,1480738,1480765,1481010,1481418,1481594,1481596,1481625,1481627-1481628,148
 
1631-1481632,1481772,1481782,1481800,1481813,1481847,1481944,1481981,1482282,1482327,1482338,1482350,1482354,1482436,1482479,1482524,1482528,1482536,1482554,1482558,1482592,1482724,1482759,1482779,1482829,1482969-1482970,1482973,1483015,1483077,1483101,1483116,1483125,1483391,1483397,1483555,1483557,1483575,1483580,1483781,1483927,1483939,1483947,1483964-1483965,1483968,1483972,1483975,1483977,1483984,1484006,1484016-1484017,1484023,1484755,1485018,1485127,1485350,1485413,1485427,1485447,1485449,1485497,1485501,1485650,1486072,1486457,1486572,1486809,1486915,1486931,1487083,1487094,1488183,1488267,1488294,1488425,1488639,1488693,1488878,1489114,1489116-1489117,1489203,1489339,1489935,1490045,1490326,1490679,1490684,1490721,1491432,1491499,1491707,1491739,1491755-1491756,1491762,1491770,1491816,1491868,1492005,1492020,1492145,1492148,1492152,1492164,1492264,1492295,1493102,1493424,1493475,1493703,1493720,1493951,1494089,1494171,1494223,1494287,1494298,1494318,1494342,1494657,1494913,
 
1494967,1495063,1495104,1495204,1495209,1495214,1495256,1495329,1495428,1495432,1495446,1495597,1495805,1495850,1495978,1496007,1496110-1496111,1496127,1496132,1496151,1496470,1496938,1496957,1497002,1497318-1497319,1497551,1497614,1497804,1497975,1497980,1498000,1498012,1498136,1498449,1498455-1498456,1498483-1498484,1498486,1498550,1498564,1498851,1498885,1498997,1499034,1499044,1499064,1499095-1499096,1499100,1499403,1499423,1499438,1499447,1499460,1499470,1499483,1499492,1499496,1499498,1499595,1499727,1500074,1500175,1500226,1500680,1500695,1500762,1500799,1500801-1500802,1500904,1500928,1501199,1501207,1501656,1501702,1502097,1502267,1502577,1502777,1502811,1502901,1502909,1502952,1503009-1503010,1503058,1503061,1503211,1503318,1503528,1503884,1504192,1504505,1506040-1506041,1506047,1506058,1506966,1507044,1507382,1507567,1507589,1507889,1507891,1508438,1509186,1509196,1511057,1511272,1511353,1511603,1512067,1512119,1512195,1512300-1512301,1512432,1512471-1512472,1513119,15131
 
22,1513156,1513463,1513472,1513479,1513874,1513879-1513880,1513943,1514295,1514315,1514318,1514356,1514628,1514763,1514785,1514804,1515119,1515141,1515201,1515225,1515237,1515343,1515366,1515516,1515534,1515721,1515992,1515997,1516023-1516024,1516049,1516051-1516053,1516071,1516271,1516429,1516556,1516565,1516567,1516806,1518184,1518942,1519615,1519617,1519733,1519816,1519823,1519955,1520065,1520529,1520532,1520539,1520745,1522892,1523666,1524869,1525902,1526439,1526655,1527103,1527105,1530763,1530768,1530872,1530922,1530967,1531002,1531004,1531014,1531938,1532023,1532098,1532287,1532316,1534102,1534149,1534158,1534713,1534737,1534860,1535115,1535161,1535532,1535610,1535676,1536350,1536383,1536464,1536488,1536537,1536914,1536931,1537018,1537147,1537190,1537193,1537221,1537263,1537360,1537415,1537555,1537700,1538516-1538517,1538519,1538574,1538581,1538812,1538925,1538928,1538939,1539230,1540044,1540417,1540752,1541432,1541635,1541638,1541705,1541790,1542042,1542069,1542071,1542119,15
 
42129,1542138,1542146,1542151,1542610,1542765,1542767,1542774,1543145,1543187,1543413,1543594,1543961,1544295,1544302-1544303,1544316,1544597,1544600,1544688,1544690,1544878,1544895,1545111,1545122,1545134,1545302,1545835,1545845,1547252,1547454,1547489,1547774,1547866,1547873,1548097,1548105,1548170,1548486,1548673,1549858,1549874,1550691,1550772,1550803,1551524,1551579,1552957-1552958,1553101,1553105,1553113,1553376-1553377,1553501,1553556,1554978,1555403,1555499,1557320,1557522,1559009,1559197,1560643,1560690,1560701,1561419,1561426-1561427,1561703,1563110,1564292,1564576,1564966,1564969,1565085,1565531,1566503-1566504,1567064,1567109,1567134,1567204,1567228,1567286,1567392,1567492,1567494,1567740,1567752,1567985,1568070,1568180,1568349,1568361,1568872,1568953,1568955,1569069,1570642,1571214,1571747,1571787,1571795,1572102,1572200,1572340,1573088,1573106,1573209,1573744,1574868,1575270,1575284,1575525,1575915,1577151,1577200,1577294,1577739,1577755,1577812-1577813,1578273,1578311
 
,1578326,1578670,1578820,1578853,1578875,1579274,1579429,1579588,1579684,1580626,1580650,1580832,1580867,1580872,1581296,1581305,1581315,1581430,1581810,1583580,1583977,1584342,1584576,1584592,1584745,1585686,1586052,1586255,1586352,1586467,1587511,1587946,1587968,1588772,1588778,1589184,1589188,1589360,1589460,1589486,1590212,1590751,1591123,1592014,1592034,1592987,1593992,1594156,1594223,1594794,1594814,1594834,1595061,1595431,1596866,1596882,1597884,1600311,1600315,1600323,1600331,1600348,1600368,1600393,1600563,1600781,1600909,1601851,1606009,1611380-1611381,1612225,1615211,1615219,1615255-1615256,1615260,1615263,1616131,1618472,1618841,1619071,1619105,1619118,1619153,1619380,1619393,1619774,1619802,1620332,1621978,1621981,1625522,1625533,1625537,1628431,1628536,1628540,1632635,1633126,1636874,1637826,1640730,1640832,1640862,1640873,1641564,1643033,1643074,1643409,1643437,1643457,1643461,1643482,1643793,1643810,1643972-1643973,1644158,1644530,1644595,1644599,1646230,1646250,1646
 
253,1646495,1646505,1646785-1646786,1646797,1647339,1650481,1650489,1650531,1650834,1651759,1651963,1651966,1651980,1651997,1652182,1652195,1652200,1652744,1653039,1653622-1653623,1653988,1654039,1654162,1654186,1654271,1654932-1654934,1654937,1655651,1655712,1655738,1656713,1656893,1657182,1657195,1657401,1658115,1658168,1658417,1659013,1659315,1659399,1659553-1659554,1659867,1659869,1660071,1660186,1660220,1660508,1660593,1660646,1663500,1663991,1664476,1664480-1664481,1664483,1664507,1664520-1664521,1664523,1664526-1664527,1664531-1664532,1664586,1664595,1664612,1664684,1665845,1665850,1665852,1665874,1666690,1666938,1666965,1667120,1667228,1667233-1667235,1667260-1667261,1667471,1667481,1667485,1667691,1667941,1667976,1668618,1671388,1672295,1673153,1673691,1674455-1674456,1674522,1674627,1676667,1677267,1678494,1680242,1680495,1680705,1680819,1683266,1684077,1687304,1687389,1687812,1691928,1692798-1692799,1693135,1693138,1693159,1694929,1695600,1695606,1695681,1701237,1702299-1
 
702300,1702397,1702407,1702565,1703470,1703475,1706783,1708699,1711346,1714790,1717875,1717878,1718269,1722860,1722879,1722887,1724448,1728387,1740252,1740254,1740316,1745515,1746053,1746277,1746364,1759116,1761334,1764851,1766352,1766590,1767768,1770677,1777103,1783214,1785053,1785734,1785737-1785738,1785754,1786445-1786447,1786515,1794611,1800619
+/subversion/trunk:1467440,1467450,1467481,1467587,1467597,1467668,1467675,1467803,1467807,1467951,1468109,1468116,1468151,1468347,1468395,1468439,1468487,1468565-1468566,1468980,1469248,1469363,1469478,1469489,1469512-1469513,1469550,1469556,1469645,1469674,1469833,1469862,1469866,1469871,1469994,1470031,1470037,1470221,1470238,1470246,1470248,1470537,1470650,1470738,1470781,1470898,1470904,1470908,1470913,1470936,1470993-1470994,1471028-1471029,1471107,1471153,1471302,1471443,1471490,1471744,1475704,1475724,1475772,1475963,1476092,1476155,1476181,1476193,1476254,1476359,1476366,1476607,1477294,1477359,1477729-1477730,1477876,1477891,1478001,1478220-1478221,1478465,1478617,1478897,1478951,1478987,1478998,1479320-1479321,1479323,1479326,1479329,1479540,1479563,1479605,1479896,1480054,1480077,1480080,1480082,1480119,1480149,1480344,1480412,1480426,1480442,1480616,1480641-1480642,1480664,1480669,1480681,1480723,1480738,1480765,1481010,1481418,1481594,1481596,1481625,1481627-1481628,148
 
1631-1481632,1481772,1481782,1481800,1481813,1481847,1481944,1481981,1482282,1482327,1482338,1482350,1482354,1482436,1482479,1482524,1482528,1482536,1482554,1482558,1482592,1482724,1482759,1482779,1482829,1482969-1482970,1482973,1483015,1483077,1483101,1483116,1483125,1483391,1483397,1483555,1483557,1483575,1483580,1483781,1483927,1483939,1483947,1483964-1483965,1483968,1483972,1483975,1483977,1483984,1484006,1484016-1484017,1484023,1484755,1485018,1485127,1485350,1485413,1485427,1485447,1485449,1485497,1485501,1485650,1486072,1486457,1486572,1486809,1486915,1486931,1487083,1487094,1488183,1488267,1488294,1488425,1488639,1488693,1488878,1489114,1489116-1489117,1489203,1489339,1489935,1490045,1490326,1490679,1490684,1490721,1491432,1491499,1491707,1491739,1491755-1491756,1491762,1491770,1491816,1491868,1492005,1492020,1492145,1492148,1492152,1492164,1492264,1492295,1493102,1493424,1493475,1493703,1493720,1493951,1494089,1494171,1494223,1494287,1494298,1494318,1494342,1494657,1494913,
 
1494967,1495063,1495104,1495204,1495209,1495214,1495256,1495329,1495428,1495432,1495446,1495597,1495805,1495850,1495978,1496007,1496110-1496111,1496127,1496132,1496151,1496470,1496938,1496957,1497002,1497318-1497319,1497551,1497614,1497804,1497975,1497980,1498000,1498012,1498136,1498449,1498455-1498456,1498483-1498484,1498486,1498550,1498564,1498851,1498885,1498997,1499034,1499044,1499064,1499095-1499096,1499100,1499403,1499423,1499438,1499447,1499460,1499470,1499483,1499492,1499496,1499498,1499595,1499727,1500074,1500175,1500226,1500680,1500695,1500762,1500799,1500801-1500802,1500904,1500928,1501199,1501207,1501656,1501702,1502097,1502267,1502577,1502777,1502811,1502901,1502909,1502952,1503009-1503010,1503058,1503061,1503211,1503318,1503528,1503884,1504192,1504505,1506040-1506041,1506047,1506058,1506966,1507044,1507382,1507567,1507589,1507889,1507891,1508438,1509186,1509196,1511057,1511272,1511353,1511603,1512067,1512119,1512195,1512300-1512301,1512432,1512471-1512472,1513119,15131
 
22,1513156,1513463,1513472,1513479,1513874,1513879-1513880,1513943,1514295,1514315,1514318,1514356,1514628,1514763,1514785,1514804,1515119,1515141,1515201,1515225,1515237,1515343,1515366,1515516,1515534,1515721,1515992,1515997,1516023-1516024,1516049,1516051-1516053,1516071,1516271,1516429,1516556,1516565,1516567,1516806,1518184,1518942,1519615,1519617,1519733,1519816,1519823,1519955,1520065,1520529,1520532,1520539,1520745,1522892,1523666,1524869,1525902,1526439,1526655,1527103,1527105,1530763,1530768,1530872,1530922,1530967,1531002,1531004,1531014,1531938,1532023,1532098,1532287,1532316,1534102,1534149,1534158,1534713,1534737,1534860,1535115,1535161,1535532,1535610,1535676,1536350,1536383,1536464,1536488,1536537,1536914,1536931,1537018,1537147,1537190,1537193,1537221,1537263,1537360,1537415,1537555,1537700,1538516-1538517,1538519,1538574,1538581,1538812,1538925,1538928,1538939,1539230,1540044,1540417,1540752,1541432,1541635,1541638,1541705,1541790,1542042,1542069,1542071,1542119,15
 
42129,1542138,1542146,1542151,1542610,1542765,1542767,1542774,1543145,1543187,1543413,1543594,1543961,1544295,1544302-1544303,1544316,1544597,1544600,1544688,1544690,1544878,1544895,1545111,1545122,1545134,1545302,1545835,1545845,1547252,1547454,1547489,1547774,1547866,1547873,1548097,1548105,1548170,1548486,1548673,1549858,1549874,1550691,1550772,1550803,1551524,1551579,1552957-1552958,1553101,1553105,1553113,1553376-1553377,1553501,1553556,1554978,1555403,1555499,1557320,1557522,1559009,1559197,1560643,1560690,1560701,1561419,1561426-1561427,1561703,1563110,1564292,1564576,1564966,1564969,1565085,1565531,1566503-1566504,1567064,1567109,1567134,1567204,1567228,1567286,1567392,1567492,1567494,1567740,1567752,1567985,1568070,1568180,1568349,1568361,1568872,1568953,1568955,1569069,1570642,1571214,1571747,1571787,1571795,1572102,1572200,1572340,1573088,1573106,1573209,1573744,1574868,1575270,1575284,1575525,1575915,1577151,1577200,1577294,1577739,1577755,1577812-1577813,1578273,1578311
 
,1578326,1578670,1578820,1578853,1578875,1579274,1579429,1579588,1579684,1580626,1580650,1580832,1580867,1580872,1581296,1581305,1581315,1581430,1581810,1583580,1583977,1584342,1584576,1584592,1584745,1585686,1586052,1586255,1586352,1586467,1587511,1587946,1587968,1588772,1588778,1589184,1589188,1589360,1589460,1589486,1590212,1590751,1591123,1592014,1592034,1592987,1593992,1594156,1594223,1594794,1594814,1594834,1595061,1595431,1596866,1596882,1597884,1600311,1600315,1600323,1600331,1600348,1600368,1600393,1600563,1600781,1600909,1601851,1606009,1611380-1611381,1612225,1615211,1615219,1615255-1615256,1615260,1615263,1616131,1618472,1618841,1619071,1619105,1619118,1619153,1619380,1619393,1619774,1619802,1620332,1621978,1621981,1625522,1625533,1625537,1628431,1628536,1628540,1632635,1633126,1636874,1637826,1640730,1640832,1640862,1640873,1641564,1643033,1643074,1643409,1643437,1643457,1643461,1643482,1643793,1643810,1643972-1643973,1644158,1644530,1644595,1644599,1646230,1646250,1646
 
253,1646495,1646505,1646785-1646786,1646797,1647339,1650481,1650489,1650531,1650834,1651759,1651963,1651966,1651980,1651997,1652182,1652195,1652200,1652744,1653039,1653622-1653623,1653988,1654039,1654162,1654186,1654271,1654932-1654934,1654937,1655651,1655712,1655738,1656713,1656893,1657182,1657195,1657401,1658115,1658168,1658417,1659013,1659315,1659399,1659553-1659554,1659867,1659869,1660071,1660186,1660220,1660508,1660593,1660646,1663500,1663991,1664476,1664480-1664481,1664483,1664507,1664520-1664521,1664523,1664526-1664527,1664531-1664532,1664586,1664595,1664612,1664684,1665845,1665850,1665852,1665874,1666690,1666938,1666965,1667120,1667228,1667233-1667235,1667260-1667261,1667471,1667481,1667485,1667691,1667941,1667976,1668618,1671388,1672295,1673153,1673691,1674455-1674456,1674522,1674627,1676667,1677267,1678494,1680242,1680495,1680705,1680819,1683266,1684077,1687304,1687389,1687812,1691928,1692798-1692799,1693135,1693138,1693159,1694929,1695600,1695606,1695681,1701237,1702299-1
 
702300,1702397,1702407,1702565,1703470,1703475,1706783,1708699,1711346,1714790,1717875,1717878,1718269,1722860,1722879,1722887,1724448,1728387,1740252,1740254,1740316,1745515,1746053,1746277,1746364,1759116,1761334,1764851,1766352,1766590,1767768,1770677,1777103,1783214,1785053,1785734,1785737-1785738,1785754,1786445-1786447,1786515,1794611,1800619,1804691
 /subversion/trunk/subversion/tests:1652182

Propchange: subversion/branches/1.8.x/subversion/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Aug 10 20:32:44 2017
@@ -158,4 +158,4 @@
 /subversion/branches/uris-as-urls/subversion:1060426-1064427
 /subversion/branches/verify-at-commit/subversion:1462039-1462408
 /subversion/branches/wc-collate-path/subversion:1407642
-/subversion/trunk/subversion:1467440,1467450,1467481,1467587,1467597,1467668,1467675,1467803,1467807,1467951,1468109,1468116,1468151,1468347,1468395,1468439,1468487,1468565-1468566,1468980,1469248,1469363,1469478,1469489,1469512-1469513,1469550,1469556,1469645,1469674,1469833,1469862,1469866,1469871,1469994,1470031,1470037,1470221,1470238,1470246,1470248,1470537,1470650,1470738,1470781,1470898,1470904,1470908,1470913,1470936,1470993-1470994,1471028-1471029,1471107,1471153,1471302,1471443,1471490,1471744,1475704,1475724,1475772,1475963,1476092,1476155,1476181,1476193,1476254,1476359,1476366,1476607,1477294,1477359,1477729-1477730,1477876,1477891,1478001,1478220-1478221,1478465,1478617,1478897,1478951,1478987,1478998,1479320-1479321,1479323,1479326,1479329,1479540,1479563,1479605,1479896,1480054,1480077,1480080,1480082,1480119,1480149,1480344,1480412,1480426,1480442,1480616,1480641-1480642,1480664,1480669,1480681,1480723,1480738,1480765,1481010,1481418,1481594,1481596,1481625,1481627-
 
1481628,1481631-1481632,1481772,1481782,1481800,1481813,1481847,1481944,1481981,1482282,1482327,1482338,1482350,1482354,1482436,1482479,1482524,1482528,1482536,1482554,1482558,1482592,1482724,1482759,1482779,1482829,1482969-1482970,1482973,1483015,1483077,1483101,1483116,1483125,1483391,1483397,1483555,1483557,1483575,1483580,1483781,1483927,1483939,1483947,1483964-1483965,1483968,1483972,1483975,1483977,1483984,1484006,1484016-1484017,1484023,1484755,1485018,1485127,1485350,1485413,1485427,1485447,1485449,1485497,1485501,1485650,1486072,1486457,1486572,1486809,1486915,1486931,1487083,1487094,1488183,1488267,1488294,1488425,1488639,1488693,1488878,1489114,1489116-1489117,1489203,1489339,1489935,1490045,1490326,1490679,1490684,1490721,1491432,1491499,1491707,1491739,1491755-1491756,1491762,1491770,1491816,1491868,1492005,1492020,1492145,1492148,1492152,1492164,1492264,1492295,1493102,1493424,1493475,1493703,1493720,1493951,1494089,1494171,1494223,1494287,1494298,1494318,1494342,14946
 
57,1494913,1494967,1495063,1495104,1495204,1495209,1495214,1495256,1495329,1495428,1495432,1495446,1495597,1495805,1495850,1495978,1496007,1496110-1496111,1496127,1496132,1496151,1496470,1496938,1496957,1497002,1497318-1497319,1497551,1497614,1497804,1497975,1497980,1498000,1498012,1498136,1498449,1498455-1498456,1498483-1498484,1498486,1498550,1498564,1498851,1498885,1498997,1499034,1499044,1499064,1499095-1499096,1499100,1499403,1499423,1499438,1499447,1499460,1499470,1499483,1499492,1499496,1499498,1499595,1499727,1500074,1500175,1500226,1500680,1500695,1500762,1500799,1500801-1500802,1500904,1500928,1501199,1501207,1501656,1501702,1502097,1502267,1502577,1502777,1502811,1502901,1502909,1502952,1503009-1503010,1503058,1503061,1503211,1503318,1503528,1503884,1504192,1504505,1506040-1506041,1506047,1506058,1506966,1507044,1507382,1507567,1507589,1507889,1507891,1508438,1509186,1509196,1511057,1511272,1511353,1511603,1512067,1512119,1512195,1512300-1512301,1512432,1512471-1512472,15
 
13119,1513122,1513156,1513463,1513472,1513479,1513874,1513879-1513880,1513943,1514295,1514315,1514318,1514356,1514628,1514763,1514785,1514804,1515119,1515141,1515201,1515225,1515237,1515343,1515366,1515516,1515534,1515721,1515992,1515997,1516023-1516024,1516049,1516051-1516053,1516071,1516271,1516429,1516556,1516565,1516567,1516806,1518184,1518942,1519615,1519617,1519733,1519816,1519823,1519955,1520065,1520529,1520532,1520539,1520745,1522892,1523666,1524869,1525902,1526439,1526655,1527103,1527105,1530763,1530768,1530872,1530922,1530967,1531002,1531004,1531014,1531938,1532023,1532098,1532287,1532316,1534102,1534149,1534158,1534713,1534737,1534860,1535115,1535161,1535532,1535610,1535676,1536350,1536383,1536464,1536488,1536537,1536914,1536931,1537018,1537147,1537190,1537193,1537221,1537263,1537360,1537415,1537555,1537700,1538516-1538517,1538519,1538574,1538581,1538812,1538925,1538928,1538939,1539230,1540044,1540417,1540752,1541432,1541635,1541638,1541705,1541790,1542042,1542069,1542071
 
,1542119,1542129,1542138,1542146,1542151,1542610,1542765,1542767,1542774,1543145,1543187,1543413,1543594,1543961,1544295,1544302-1544303,1544316,1544597,1544600,1544688,1544690,1544878,1544895,1545111,1545122,1545134,1545302,1545835,1545845,1547252,1547454,1547774,1547866,1547873,1548097,1548105,1548170,1548486,1548673,1549858,1549874,1550691,1550772,1550803,1551524,1551579,1552957-1552958,1553101,1553105,1553113,1553376-1553377,1553501,1553556,1554978,1555403,1555499,1557320,1557522,1559009,1559197,1560690,1560701,1561426,1561703,1563110,1564292,1564576,1564966,1564969,1565085,1565531,1566503-1566504,1567064,1567109,1567134,1567204,1567228,1567286,1567392,1567492,1567494,1567740,1567752,1567985,1568070,1568180,1568349,1568361,1568872,1568953,1568955,1569069,1570642,1571214,1571747,1571787,1571795,1572102,1572200,1572340,1573088,1573106,1573209,1574868,1575270,1575284,1575525,1575915,1577151,1577200,1577294,1577739,1577755,1577812-1577813,1578273,1578311,1578326,1578670,1578820,1578
 
853,1578875,1579274,1579429,1579588,1579684,1580626,1580650,1580832,1580867,1580872,1581296,1581305,1581315,1581430,1581810,1583580,1583977,1584342,1584576,1584592,1584745,1585686,1586052,1586255,1586352,1586467,1587511,1587946,1587968,1588772,1588778,1589184,1589188,1589360,1589460,1589486,1590212,1590751,1591123,1592014,1592034,1592987,1593992,1594156,1594223,1594794,1594814,1594834,1595061,1595431,1596866,1597884,1600311,1600315,1600323,1600331,1600348,1600368,1600393,1600563,1600781,1600909,1601851,1606009,1611379-1611381,1612225,1612405,1615211,1615219,1615255-1615256,1615260,1615263,1615354,1616131,1617687,1618472,1618841,1619071,1619105,1619118,1619153,1619774,1619802,1620332,1621978,1621981,1625522,1625533,1625537,1628431,1628536,1628540,1632635,1633126,1636874,1637826,1640730,1640832,1640862,1640873,1641564,1643033,1643074,1643409,1643437,1643457,1643461,1643482,1643793,1643810,1643972-1643973,1644158,1644530,1644595,1644599,1646230,1646250,1646253,1646495,1646505,1646785-1
 
646786,1646797,1647339,1650481,1650489,1650531,1650834,1651759,1651963,1651966,1651980,1651997,1652182,1652195,1652200,1652744,1653039,1653622-1653623,1653988,1654039,1654162,1654186,1654271,1654933-1654934,1655651,1655712,1655738,1656713,1656893,1657182,1657195,1657401,1658115,1658168,1658417,1659013,1659315,1659399,1659553-1659554,1659867,1659869,1660071,1660220,1660508,1660593,1660646,1663500,1663991,1664476,1664480-1664481,1664483,1664507,1664520-1664521,1664523,1664526-1664527,1664531-1664532,1664684,1665845,1665850,1665852,1665874,1666690,1666965,1667120,1667228,1667233-1667235,1667471,1667691,1667941,1667976,1668618,1671388,1672295,1673153,1673691,1674455-1674456,1674522,1674627,1678494,1680242,1680495,1680705,1680819,1683266,1684077,1687812,1691928,1694929,1695600,1695606,1695681,1701237,1702299-1702300,1702397,1702407,1702565,1706783,1708699,1711346,1714790,1717875,1717878,1718269,1722860,1722879,1722887,1724448,1728387,1740252,1740254,1740316,1759116,1764851,1767768,177067
 
7,1777103,1783214,1785053,1785734,1785737-1785738,1785754,1786445-1786447,1786515,1794611
+/subversion/trunk/subversion:1467440,1467450,1467481,1467587,1467597,1467668,1467675,1467803,1467807,1467951,1468109,1468116,1468151,1468347,1468395,1468439,1468487,1468565-1468566,1468980,1469248,1469363,1469478,1469489,1469512-1469513,1469550,1469556,1469645,1469674,1469833,1469862,1469866,1469871,1469994,1470031,1470037,1470221,1470238,1470246,1470248,1470537,1470650,1470738,1470781,1470898,1470904,1470908,1470913,1470936,1470993-1470994,1471028-1471029,1471107,1471153,1471302,1471443,1471490,1471744,1475704,1475724,1475772,1475963,1476092,1476155,1476181,1476193,1476254,1476359,1476366,1476607,1477294,1477359,1477729-1477730,1477876,1477891,1478001,1478220-1478221,1478465,1478617,1478897,1478951,1478987,1478998,1479320-1479321,1479323,1479326,1479329,1479540,1479563,1479605,1479896,1480054,1480077,1480080,1480082,1480119,1480149,1480344,1480412,1480426,1480442,1480616,1480641-1480642,1480664,1480669,1480681,1480723,1480738,1480765,1481010,1481418,1481594,1481596,1481625,1481627-
 
1481628,1481631-1481632,1481772,1481782,1481800,1481813,1481847,1481944,1481981,1482282,1482327,1482338,1482350,1482354,1482436,1482479,1482524,1482528,1482536,1482554,1482558,1482592,1482724,1482759,1482779,1482829,1482969-1482970,1482973,1483015,1483077,1483101,1483116,1483125,1483391,1483397,1483555,1483557,1483575,1483580,1483781,1483927,1483939,1483947,1483964-1483965,1483968,1483972,1483975,1483977,1483984,1484006,1484016-1484017,1484023,1484755,1485018,1485127,1485350,1485413,1485427,1485447,1485449,1485497,1485501,1485650,1486072,1486457,1486572,1486809,1486915,1486931,1487083,1487094,1488183,1488267,1488294,1488425,1488639,1488693,1488878,1489114,1489116-1489117,1489203,1489339,1489935,1490045,1490326,1490679,1490684,1490721,1491432,1491499,1491707,1491739,1491755-1491756,1491762,1491770,1491816,1491868,1492005,1492020,1492145,1492148,1492152,1492164,1492264,1492295,1493102,1493424,1493475,1493703,1493720,1493951,1494089,1494171,1494223,1494287,1494298,1494318,1494342,14946
 
57,1494913,1494967,1495063,1495104,1495204,1495209,1495214,1495256,1495329,1495428,1495432,1495446,1495597,1495805,1495850,1495978,1496007,1496110-1496111,1496127,1496132,1496151,1496470,1496938,1496957,1497002,1497318-1497319,1497551,1497614,1497804,1497975,1497980,1498000,1498012,1498136,1498449,1498455-1498456,1498483-1498484,1498486,1498550,1498564,1498851,1498885,1498997,1499034,1499044,1499064,1499095-1499096,1499100,1499403,1499423,1499438,1499447,1499460,1499470,1499483,1499492,1499496,1499498,1499595,1499727,1500074,1500175,1500226,1500680,1500695,1500762,1500799,1500801-1500802,1500904,1500928,1501199,1501207,1501656,1501702,1502097,1502267,1502577,1502777,1502811,1502901,1502909,1502952,1503009-1503010,1503058,1503061,1503211,1503318,1503528,1503884,1504192,1504505,1506040-1506041,1506047,1506058,1506966,1507044,1507382,1507567,1507589,1507889,1507891,1508438,1509186,1509196,1511057,1511272,1511353,1511603,1512067,1512119,1512195,1512300-1512301,1512432,1512471-1512472,15
 
13119,1513122,1513156,1513463,1513472,1513479,1513874,1513879-1513880,1513943,1514295,1514315,1514318,1514356,1514628,1514763,1514785,1514804,1515119,1515141,1515201,1515225,1515237,1515343,1515366,1515516,1515534,1515721,1515992,1515997,1516023-1516024,1516049,1516051-1516053,1516071,1516271,1516429,1516556,1516565,1516567,1516806,1518184,1518942,1519615,1519617,1519733,1519816,1519823,1519955,1520065,1520529,1520532,1520539,1520745,1522892,1523666,1524869,1525902,1526439,1526655,1527103,1527105,1530763,1530768,1530872,1530922,1530967,1531002,1531004,1531014,1531938,1532023,1532098,1532287,1532316,1534102,1534149,1534158,1534713,1534737,1534860,1535115,1535161,1535532,1535610,1535676,1536350,1536383,1536464,1536488,1536537,1536914,1536931,1537018,1537147,1537190,1537193,1537221,1537263,1537360,1537415,1537555,1537700,1538516-1538517,1538519,1538574,1538581,1538812,1538925,1538928,1538939,1539230,1540044,1540417,1540752,1541432,1541635,1541638,1541705,1541790,1542042,1542069,1542071
 
,1542119,1542129,1542138,1542146,1542151,1542610,1542765,1542767,1542774,1543145,1543187,1543413,1543594,1543961,1544295,1544302-1544303,1544316,1544597,1544600,1544688,1544690,1544878,1544895,1545111,1545122,1545134,1545302,1545835,1545845,1547252,1547454,1547774,1547866,1547873,1548097,1548105,1548170,1548486,1548673,1549858,1549874,1550691,1550772,1550803,1551524,1551579,1552957-1552958,1553101,1553105,1553113,1553376-1553377,1553501,1553556,1554978,1555403,1555499,1557320,1557522,1559009,1559197,1560690,1560701,1561426,1561703,1563110,1564292,1564576,1564966,1564969,1565085,1565531,1566503-1566504,1567064,1567109,1567134,1567204,1567228,1567286,1567392,1567492,1567494,1567740,1567752,1567985,1568070,1568180,1568349,1568361,1568872,1568953,1568955,1569069,1570642,1571214,1571747,1571787,1571795,1572102,1572200,1572340,1573088,1573106,1573209,1574868,1575270,1575284,1575525,1575915,1577151,1577200,1577294,1577739,1577755,1577812-1577813,1578273,1578311,1578326,1578670,1578820,1578
 
853,1578875,1579274,1579429,1579588,1579684,1580626,1580650,1580832,1580867,1580872,1581296,1581305,1581315,1581430,1581810,1583580,1583977,1584342,1584576,1584592,1584745,1585686,1586052,1586255,1586352,1586467,1587511,1587946,1587968,1588772,1588778,1589184,1589188,1589360,1589460,1589486,1590212,1590751,1591123,1592014,1592034,1592987,1593992,1594156,1594223,1594794,1594814,1594834,1595061,1595431,1596866,1597884,1600311,1600315,1600323,1600331,1600348,1600368,1600393,1600563,1600781,1600909,1601851,1606009,1611379-1611381,1612225,1612405,1615211,1615219,1615255-1615256,1615260,1615263,1615354,1616131,1617687,1618472,1618841,1619071,1619105,1619118,1619153,1619774,1619802,1620332,1621978,1621981,1625522,1625533,1625537,1628431,1628536,1628540,1632635,1633126,1636874,1637826,1640730,1640832,1640862,1640873,1641564,1643033,1643074,1643409,1643437,1643457,1643461,1643482,1643793,1643810,1643972-1643973,1644158,1644530,1644595,1644599,1646230,1646250,1646253,1646495,1646505,1646785-1
 
646786,1646797,1647339,1650481,1650489,1650531,1650834,1651759,1651963,1651966,1651980,1651997,1652182,1652195,1652200,1652744,1653039,1653622-1653623,1653988,1654039,1654162,1654186,1654271,1654933-1654934,1655651,1655712,1655738,1656713,1656893,1657182,1657195,1657401,1658115,1658168,1658417,1659013,1659315,1659399,1659553-1659554,1659867,1659869,1660071,1660220,1660508,1660593,1660646,1663500,1663991,1664476,1664480-1664481,1664483,1664507,1664520-1664521,1664523,1664526-1664527,1664531-1664532,1664684,1665845,1665850,1665852,1665874,1666690,1666965,1667120,1667228,1667233-1667235,1667471,1667691,1667941,1667976,1668618,1671388,1672295,1673153,1673691,1674455-1674456,1674522,1674627,1678494,1680242,1680495,1680705,1680819,1683266,1684077,1687812,1691928,1694929,1695600,1695606,1695681,1701237,1702299-1702300,1702397,1702407,1702565,1706783,1708699,1711346,1714790,1717875,1717878,1718269,1722860,1722879,1722887,1724448,1728387,1740252,1740254,1740316,1759116,1764851,1767768,177067
 
7,1777103,1783214,1785053,1785734,1785737-1785738,1785754,1786445-1786447,1786515,1794611,1804691

Modified: subversion/branches/1.8.x/subversion/libsvn_ra_svn/client.c
URL: 
http://svn.apache.org/viewvc/subversion/branches/1.8.x/subversion/libsvn_ra_svn/client.c?rev=1804723&r1=1804722&r2=1804723&view=diff
==============================================================================
--- subversion/branches/1.8.x/subversion/libsvn_ra_svn/client.c (original)
+++ subversion/branches/1.8.x/subversion/libsvn_ra_svn/client.c Thu Aug 10 
20:32:44 2017
@@ -46,6 +46,7 @@
 #include "svn_props.h"
 #include "svn_mergeinfo.h"
 #include "svn_version.h"
+#include "svn_ctype.h"
 
 #include "svn_private_config.h"
 
@@ -395,7 +396,7 @@ static svn_error_t *find_tunnel_agent(co
        * versions have it too. If the user is using some other ssh
        * implementation that doesn't accept it, they can override it
        * in the [tunnels] section of the config. */
-      val = "$SVN_SSH ssh -q";
+      val = "$SVN_SSH ssh -q --";
     }
 
   if (!val || !*val)
@@ -435,7 +436,7 @@ static svn_error_t *find_tunnel_agent(co
     ;
   *argv = apr_palloc(pool, (n + 4) * sizeof(char *));
   memcpy((void *) *argv, cmd_argv, n * sizeof(char *));
-  (*argv)[n++] = svn_path_uri_decode(hostinfo, pool);
+  (*argv)[n++] = hostinfo;
   (*argv)[n++] = "svnserve";
   (*argv)[n++] = "-t";
   (*argv)[n] = NULL;
@@ -716,6 +717,32 @@ ra_svn_get_schemes(apr_pool_t *pool)
 }
 
 
+/* A simple whitelist to ensure the following are valid:
+ *   user@server
+ *   [::1]:22
+ *   server-name
+ *   server_name
+ *   127.0.0.1
+ * with an extra restriction that a leading '-' is invalid.
+ */
+static svn_boolean_t
+is_valid_hostinfo(const char *hostinfo)
+{
+  const char *p = hostinfo;
+
+  if (p[0] == '-')
+    return FALSE;
+
+  while (*p)
+    {
+      if (!svn_ctype_isalnum(*p) && !strchr(":.-_[]@", *p))
+        return FALSE;
+
+      ++p;
+    }
+
+  return TRUE;
+}
 
 static svn_error_t *ra_svn_open(svn_ra_session_t *session,
                                 const char **corrected_url,
@@ -740,8 +767,17 @@ static svn_error_t *ra_svn_open(svn_ra_s
   parse_tunnel(url, &tunnel, pool);
 
   if (tunnel)
-    SVN_ERR(find_tunnel_agent(tunnel, uri.hostinfo, &tunnel_argv, config,
-                              pool));
+    {
+      const char *decoded_hostinfo;
+
+      decoded_hostinfo = svn_path_uri_decode(uri.hostinfo, pool);
+      if (!is_valid_hostinfo(decoded_hostinfo))
+        return svn_error_createf(SVN_ERR_BAD_URL, NULL, _("Invalid host '%s'"),
+                                 uri.hostinfo);
+
+      SVN_ERR(find_tunnel_agent(tunnel, decoded_hostinfo, &tunnel_argv,
+                                config, pool));
+    }
   else
     tunnel_argv = NULL;
 

Modified: subversion/branches/1.8.x/subversion/libsvn_subr/config_file.c
URL: 
http://svn.apache.org/viewvc/subversion/branches/1.8.x/subversion/libsvn_subr/config_file.c?rev=1804723&r1=1804722&r2=1804723&view=diff
==============================================================================
--- subversion/branches/1.8.x/subversion/libsvn_subr/config_file.c (original)
+++ subversion/branches/1.8.x/subversion/libsvn_subr/config_file.c Thu Aug 10 
20:32:44 2017
@@ -1134,12 +1134,12 @@ svn_config_ensure(const char *config_dir
         "### passed to the tunnel agent as <user>@<hostname>.)  If the"      NL
         "### built-in ssh scheme were not predefined, it could be defined"   NL
         "### as:"                                                            NL
-        "# ssh = $SVN_SSH ssh -q"                                            NL
+        "# ssh = $SVN_SSH ssh -q --"                                         NL
         "### If you wanted to define a new 'rsh' scheme, to be used with"    NL
         "### 'svn+rsh:' URLs, you could do so as follows:"                   NL
-        "# rsh = rsh"                                                        NL
+        "# rsh = rsh --"                                                     NL
         "### Or, if you wanted to specify a full path and arguments:"        NL
-        "# rsh = /path/to/rsh -l myusername"                                 NL
+        "# rsh = /path/to/rsh -l myusername --"                              NL
         "### On Windows, if you are specifying a full path to a command,"    NL
         "### use a forward slash (/) or a paired backslash (\\\\) as the"    NL
         "### path separator.  A single backslash will be treated as an"      NL


Reply via email to