Re: svn commit: r1886494 - /subversion/site/staging/docs/community-guide/releasing.part.html
Den tis 16 feb. 2021 kl 12:44 skrev Daniel Sahlberg : >> P.S. While reviewing this I noticed that >> https://subversion-staging.apache.org/favicon.ico is different to >> https://svn.apache.org/repos/asf/subversion/site/staging/favicon.ico: an >> Apache >> feather v. a Subversion logo. > > > Hmm. That is very strange. I've pinged infra on Slack. Infra says: > looks like it's an overall override for "generic sites" that they all have > the ASF favicon due to the dash in subversion-staging it gets overridden Ie, it is not a fault in our repository but an httpd.conf thing for the site. I asked to have this removed and was requested to add it to Jira: https://issues.apache.org/jira/browse/INFRA-21429 Kind regards, Daniel Sahlberg
svn commit: r1886583 - /subversion/branches/1.14.x/STATUS
Author: stsp Date: Tue Feb 16 11:11:31 2021 New Revision: 1886583 URL: http://svn.apache.org/viewvc?rev=1886583=rev Log: * STATUS: Nominate test cases related to CVE-2020-17525. Suggested by: danielsh Modified: subversion/branches/1.14.x/STATUS Modified: subversion/branches/1.14.x/STATUS URL: http://svn.apache.org/viewvc/subversion/branches/1.14.x/STATUS?rev=1886583=1886582=1886583=diff == --- subversion/branches/1.14.x/STATUS (original) +++ subversion/branches/1.14.x/STATUS Tue Feb 16 11:11:31 2021 @@ -50,6 +50,11 @@ Candidate changes: Votes: +1: hartmannathan, stsp + * r1883838, r1883989, r1886460, r1886582 +Add test coverage for CVE-2020-17525 (mod_authz_svn NULL deref) +Votes: + +1: stsp + Veto-blocked changes: =
svn commit: r1886586 - /subversion/site/staging/docs/community-guide/releasing.part.html
Author: dsahlberg Date: Tue Feb 16 11:41:28 2021 New Revision: 1886586 URL: http://svn.apache.org/viewvc?rev=1886586=rev Log: Fix from review of r1886494 (see thread at commits@). * staging/docs/community-guide/releasing.part.html Reminder to review merges from staging to publish. Grammar fix. Note that the release announcement link is commented out. Modified: subversion/site/staging/docs/community-guide/releasing.part.html Modified: subversion/site/staging/docs/community-guide/releasing.part.html URL: http://svn.apache.org/viewvc/subversion/site/staging/docs/community-guide/releasing.part.html?rev=1886586=1886585=1886586=diff == --- subversion/site/staging/docs/community-guide/releasing.part.html (original) +++ subversion/site/staging/docs/community-guide/releasing.part.html Tue Feb 16 11:41:28 2021 @@ -1270,7 +1270,8 @@ In that case: check the results on https://subversion-staging.apache.org; >https://subversion-staging.apache.org. When ready to publish, merge the changes back to -^/subversion/site/publish. +^/subversion/site/publish (review the merge in case there are +other changes on staging not ready to be merged). For any release, including pre-releases (alpha/beta/rc): @@ -1288,7 +1289,8 @@ In that case: ^/subversion/site/publish/index.html, also removing the oldest News item from that page. Use release.py write-news to generate a template news item, which should then be customized. -For now, comment out the link to the release announcement e-mail. +In the news item there is a section that should contain a link to the +announcement mail. For now it is commented out, the link is added later. Check that the date is correct if you generated the template in advance of the release date. @@ -1389,7 +1391,7 @@ For best results, follow the instruction page and send your message through the official mail relay.) Ensure that your mailer doesn't wrap the URLs over multiple lines. -NOTE: We update the website before announce the release to make sure any +NOTE: We update the website before announcing the release to make sure any links in the release announcement are valid. After announcing the release, links to the release announcement e-mail are added to the website. @@ -1423,8 +1425,8 @@ the oldest supported LTS branch's ST Update ^/subversion/site/publish/news.html and -^/subversion/site/publish/index.html re-adding the link to the -release announcement e-mail. +^/subversion/site/publish/index.html, uncommenting and adding the +link to the release announcement e-mail.
Re: svn commit: r1886494 - /subversion/site/staging/docs/community-guide/releasing.part.html
Thanks for your review! Den mån 15 feb. 2021 kl 21:07 skrev Daniel Shahaf : > dsahlb...@apache.org wrote on Sat, Feb 13, 2021 at 21:41:10 -: > > +++ subversion/site/staging/docs/community-guide/releasing.part.html Sat > Feb 13 21:41:10 2021 > > @@ -1255,80 +1255,24 @@ href="https://reporter.apache.org/addrel > > > > > > > > - > > Here, you moved some 70 lines and also made a change between the pre-move > and > post-move form. First, here's the delta for ease of review: > Sorry, should have done it in two commits. > [[[ > -NOTE: We announce the release before updating the website since the > website > -update links to the release announcement sent to the announce@ mailing > list. > +NOTE: We update the website before announce the release to make sure > any > +links in the release announcement are valid. After announcing the release, > +links to the release announcement e-mail are added to the website. > ]]] > > On the first added line, "before announce the release" is ungrammatical. > Fixed (I hope..), r1886586. (Also, with some archives it's possible to generate the links in advance; > for > example, this message's permalink is > < > https://mail-archives.apache.org/mod_mbox/subversion-dev/202102.mbox/%3C9761a2ec-aab5-409d-ba23-4f519c76a03c@tarpaulin.shahaf.local2%3E > >.) > > > > > Update the website > > -->#releasing-update-website" > > title="Link to this section"> > > > > > > +Even though the steps below indicate to update the published website > > +directly, you may prepare the changes on > ^/subversion/site/staging. > > +In that case: > > + > > + Do a catch-up merge from > ^/subversion/site/publish. > > + Commit any changes to ^/subversion/site/staging and > > +check the results on https://subversion-staging.apache.org > " > > +>https://subversion-staging.apache.org. > > + When ready to publish, merge the changes back to > > +^/subversion/site/publish. > > Suggest to remind here to review the merge results in case there are other > changes on staging at the time «svn merge» is run. > Added, r1886586. > > > + > > > @@ -1344,9 +1288,9 @@ the oldest supported LTS branch's ST > > ^/subversion/site/publish/index.html, also removing the > > oldest News item from that page. Use release.py > write-news to > > generate a template news item, which should then be customized. > > -At least fill in the URL to the archived announcement email, and > check > > -that the date is correct if you generated the template in advance > of the > > -release date. > > +For now, comment out the link to the release announcement e-mail. > > +Check that the date is correct if you generated the template in > advance of > > +the release date. > > Sounds like we should make write-news generate the HTML comment marker in > advance, and only ask the RM to remove them. (The RM has a fair amount of > work > as it is; every little bit helps.) > Very reasonable, patch below. I'm adding the comment unless there is an announcement url in command line arguments. I'm not happy about the [if-any][else] construct but I couldn't find a way to check "if not any", from a quick glance at the documentation in gsteins gihub repo. I took the liberty of updating releasing.part.html as if the change below (or similar) will go through. [[[ Index: tools/dist/templates/rc-news.ezt === --- tools/dist/templates/rc-news.ezt(revision 1886582) +++ tools/dist/templates/rc-news.ezt(working copy) @@ -8,8 +8,18 @@ release is not intended for production use, but is provided as a milestone to encourage wider testing and feedback from intrepid users and maintainers. Please see the +[if-any announcement_url] +[else] + +[end] release notes and https://svn.apache.org/repos/asf/subversion/tags/[version]/CHANGES;> change log for information about what will eventually be Index: tools/dist/templates/stable-news.ezt === --- tools/dist/templates/stable-news.ezt(revision 1886582) +++ tools/dist/templates/stable-news.ezt(working copy) @@ -10,8 +10,18 @@ [else] This is the most complete release of the [major-minor].x line to date, and we encourage all users to upgrade as soon as reasonable. [end] Please see the +[if-any announcement_url] +[else] + +[end] release notes for more information about this release. ]]] > Cheers, > > Daniel > > P.S. While reviewing this I noticed that > https://subversion-staging.apache.org/favicon.ico is different to > https://svn.apache.org/repos/asf/subversion/site/staging/favicon.ico: an > Apache > feather v. a Subversion logo. > Hmm. That is very strange. I've pinged infra on Slack. Kind regards, Daniel Sahlberg
Re: svn commit: r1886396 - in /subversion/site/publish: ./ doap.rdf docs/release-notes/release-history.html download.html
Den tis 16 feb. 2021 kl 13:15 skrev Stefan Sperling : > > On Tue, Feb 16, 2021 at 01:05:32PM +0100, Daniel Sahlberg wrote: > > Den tis 16 feb. 2021 kl 11:34 skrev Stefan Sperling : > > > On Mon, Feb 15, 2021 at 07:46:08PM +, Daniel Shahaf wrote: > > > > The entity referred to by the tag wasn't created in 2021. > > > > So, > > > > I think the hunk is incorrect… but so was the original value, which > > > > referred to > > > > the _file_'s creation date (r1053461), rather than to the date > > > > Subversion was > > > > founded (2000), the date it was accepted into the Incubator, or the > > > > date it was > > > > promoted to TLP. > > > > Should this be reverted, maybe even back to the proper creation date > > (2000-02-29)? > > Yes please. I'm sorry for my mistake. > Could you handle that as well while committing the change below? r1886588 I've done this as a separate commit because I think we should merge this to publish quite quickly. I'll leave it until tomorrow in case someone has objections. The other changes can wait for a little bit more discussion. > > > What do you think about this? > > [[[ > > List the new release on ^/subversion/site/publish/doap.rdf > > There should be a section for each supported minor release > > with the and being updated to the current release > > date and patch release number. > > Do not change anything else in the file (in particular the > > under is the date when the Subversion project was created). > > ]]] > > That is crystal clear and should avoid mistakes going forward. Thank you! r1886589 /Daniel
svn commit: r1886589 - /subversion/site/staging/docs/community-guide/releasing.part.html
Author: dsahlberg Date: Tue Feb 16 13:03:01 2021 New Revision: 1886589 URL: http://svn.apache.org/viewvc?rev=1886589=rev Log: Release process documentation improvements * staging/docs/community-guide/releasing.part.html Add informative text about the doap file update. http://mail-archives.apache.org/mod_mbox/subversion-dev/202102.mbox/%3cycu3rg6wh2ule...@byrne.stsp.name%3e Modified: subversion/site/staging/docs/community-guide/releasing.part.html Modified: subversion/site/staging/docs/community-guide/releasing.part.html URL: http://svn.apache.org/viewvc/subversion/site/staging/docs/community-guide/releasing.part.html?rev=1886589=1886588=1886589=diff == --- subversion/site/staging/docs/community-guide/releasing.part.html (original) +++ subversion/site/staging/docs/community-guide/releasing.part.html Tue Feb 16 13:03:01 2021 @@ -1300,6 +1300,12 @@ In that case: List the new release on ^/subversion/site/publish/doap.rdf + +There should be a release section for each supported minor + release with the created and revision being updated + to the current release date and patch release number. Do not change + anything else in the file (in particular the created under + Project is the date when the Subversion project was created). List the new release on ^/subversion/site/publish/docs/release-notes/release-history.html
Re: svn commit: r1886396 - in /subversion/site/publish: ./ doap.rdf docs/release-notes/release-history.html download.html
On Mon, Feb 15, 2021 at 07:46:08PM +, Daniel Shahaf wrote: > s...@apache.org wrote on Wed, Feb 10, 2021 at 20:39:23 -: > > Author: stsp > > Date: Wed Feb 10 20:39:22 2021 > > New Revision: 1886396 > > > > URL: http://svn.apache.org/viewvc?rev=1886396=rev > > Log: > > site/publish: Merge from staging area. > > For future reference, this commit should have used the "less than 24 hours > ago" syntax: > > % cd site/publish > % grep -R -h -9 | vipe > > % > > More below. > > > +++ subversion/site/publish/doap.rdf Wed Feb 10 20:39:22 2021 > > @@ -22,7 +22,7 @@ > > limitations under the License. > > --> > >http://subversion.apache.org/;> > > -2010-12-28 > > +2021-02-10 > > Huh? > > Quoting http://usefulinc.com/ns/doap: > > > > http://usefulinc.com/ns/doap#created;> > > > http://usefulinc.com/ns/doap#; /> > > > created > > > Date when something was created, in > > > -MM-DD form. e.g. 2004-04-05 > > > ⋮ > > > > > The entity referred to by the tag wasn't created in 2021. So, > I think the hunk is incorrect… but so was the original value, which referred > to > the _file_'s creation date (r1053461), rather than to the date Subversion was > founded (2000), the date it was accepted into the Incubator, or the date it > was > promoted to TLP. > > Thanks for RMing, > > Daniel > Thanks for checking. I think in both of these cases it would have helped to have more specific instructions for how to update these files in our release manager's manual of the community guide. Thanks, Stefan
svn commit: r1886582 - /subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py
Author: stsp Date: Tue Feb 16 11:06:55 2021 New Revision: 1886582 URL: http://svn.apache.org/viewvc?rev=1886582=rev Log: * subversion/tests/cmdline/mod_authz_svn_tests.py (nonexistent_repos_relative_access_file): Fix typo in comment: CVS -> CVE Spotted by: danielsh Modified: subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py Modified: subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py?rev=1886582=1886581=1886582=diff == --- subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py (original) +++ subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py Tue Feb 16 11:06:55 2021 @@ -1072,7 +1072,7 @@ def repos_relative_access_file(sbox): verify_gets(test_area_url, in_repos_authz_tests) -# test for the bug also known as CVS-2020-17525 +# test for the bug also known as CVE-2020-17525 @SkipUnless(svntest.main.is_ra_type_dav) def nonexistent_repos_relative_access_file(sbox): "repos-relative access file with bad repository URL"
Re: svn commit: r1886396 - in /subversion/site/publish: ./ doap.rdf docs/release-notes/release-history.html download.html
Den tis 16 feb. 2021 kl 11:34 skrev Stefan Sperling : > > On Mon, Feb 15, 2021 at 07:46:08PM +, Daniel Shahaf wrote: > > s...@apache.org wrote on Wed, Feb 10, 2021 at 20:39:23 -: > > > Author: stsp > > > Date: Wed Feb 10 20:39:22 2021 > > > New Revision: 1886396 > > > > > > URL: http://svn.apache.org/viewvc?rev=1886396=rev > > > Log: > > > site/publish: Merge from staging area. > > > > For future reference, this commit should have used the "less than 24 hours > > ago" syntax: > > > > % cd site/publish > > % grep -R -h -9 | vipe > > > > % > > > > More below. > > > > > +++ subversion/site/publish/doap.rdf Wed Feb 10 20:39:22 2021 > > > @@ -22,7 +22,7 @@ > > > limitations under the License. > > > --> > > >http://subversion.apache.org/;> > > > -2010-12-28 > > > +2021-02-10 > > > > Huh? > > > > Quoting http://usefulinc.com/ns/doap: > > > > > > http://usefulinc.com/ns/doap#created;> > > > > http://usefulinc.com/ns/doap#; /> > > > > created > > > > Date when something was created, in > > > > -MM-DD form. e.g. 2004-04-05 > > > > ⋮ > > > > > > > > The entity referred to by the tag wasn't created in 2021. So, > > I think the hunk is incorrect… but so was the original value, which > > referred to > > the _file_'s creation date (r1053461), rather than to the date Subversion > > was > > founded (2000), the date it was accepted into the Incubator, or the date it > > was > > promoted to TLP. Should this be reverted, maybe even back to the proper creation date (2000-02-29)? > > > > Thanks for RMing, > > > > Daniel > > > > Thanks for checking. > > I think in both of these cases it would have helped to have more specific > instructions for how to update these files in our release manager's manual > of the community guide. What do you think about this? [[[ List the new release on ^/subversion/site/publish/doap.rdf There should be a section for each supported minor release with the and being updated to the current release date and patch release number. Do not change anything else in the file (in particular the under is the date when the Subversion project was created). ]]] Kind regards, Daniel Sahlberg
Re: svn commit: r1886396 - in /subversion/site/publish: ./ doap.rdf docs/release-notes/release-history.html download.html
On Tue, Feb 16, 2021 at 01:05:32PM +0100, Daniel Sahlberg wrote: > Den tis 16 feb. 2021 kl 11:34 skrev Stefan Sperling : > > On Mon, Feb 15, 2021 at 07:46:08PM +, Daniel Shahaf wrote: > > > The entity referred to by the tag wasn't created in 2021. So, > > > I think the hunk is incorrect… but so was the original value, which > > > referred to > > > the _file_'s creation date (r1053461), rather than to the date Subversion > > > was > > > founded (2000), the date it was accepted into the Incubator, or the date > > > it was > > > promoted to TLP. > > Should this be reverted, maybe even back to the proper creation date > (2000-02-29)? Yes please. I'm sorry for my mistake. Could you handle that as well while committing the change below? > What do you think about this? > [[[ > List the new release on ^/subversion/site/publish/doap.rdf > There should be a section for each supported minor release > with the and being updated to the current release > date and patch release number. > Do not change anything else in the file (in particular the > under is the date when the Subversion project was created). > ]]] That is crystal clear and should avoid mistakes going forward. Thank you!
svn commit: r1886588 - /subversion/site/staging/doap.rdf
Author: dsahlberg Date: Tue Feb 16 12:56:26 2021 New Revision: 1886588 URL: http://svn.apache.org/viewvc?rev=1886588=rev Log: The date should be when the project was initially created * staging/doap.rdf Revert change from r1886395 which changed a value from r1053461, which in turn was not correct. Suggested by: danielsh (http://mail-archives.apache.org/mod_mbox/subversion-dev/202102.mbox/%3c20210215194608.GA4279@tarpaulin.shahaf.local2%3e) Modified: subversion/site/staging/doap.rdf Modified: subversion/site/staging/doap.rdf URL: http://svn.apache.org/viewvc/subversion/site/staging/doap.rdf?rev=1886588=1886587=1886588=diff == --- subversion/site/staging/doap.rdf (original) +++ subversion/site/staging/doap.rdf Tue Feb 16 12:56:26 2021 @@ -22,7 +22,7 @@ limitations under the License. --> http://subversion.apache.org/;> -2021-02-10 +2000-02-29 http://usefulinc.com/doap/licenses/asl20; /> Apache Subversion http://subversion.apache.org/; />
Re: svn commit: r1886396 - in /subversion/site/publish: ./ doap.rdf docs/release-notes/release-history.html download.html
Daniel Sahlberg wrote on Tue, 16 Feb 2021 13:05 +00:00: > Den tis 16 feb. 2021 kl 13:15 skrev Stefan Sperling : > > On Tue, Feb 16, 2021 at 01:05:32PM +0100, Daniel Sahlberg wrote: > > > What do you think about this? > > > [[[ > > > List the new release on ^/subversion/site/publish/doap.rdf > > > There should be a section for each supported minor release > > > with the and being updated to the current release > > > date and patch release number. > > > Do not change anything else in the file (in particular the > > > under is the date when the Subversion project was created). > > > ]]] > > > > That is crystal clear and should avoid mistakes going forward. Thank you! > > r1886589 Is it worthwhile to automate this step? doap.rdf changes rarely enough that we needn't bother with "edit part of a file" logic; we can just regenerate the entire file and «svnmucc put» it into place, with a comment indicating it's a generated file.
