[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[RFC] subversion upload for squeeze - what to include

I'm very sorry for the late late notice, I should have gotten on this a
week or two ago.  There are quite a lot of upstream Subversion 1.6.x
fixes that are not in squeeze, but most of them are probably not
appropriate for squeeze at this point.

Could someone give feedback on which (if any) of the following 3
patches would be appropriate for squeeze?  None of them have bugs filed
- these are fixes from upstream - but I can file corresponding bugs if
you wish.  I intend to upload to unstable, but of course I can do TPU
if there turns out to be a need.

1. 'server-memleaks': Fix a handful of server-side memory leaks, in
   which untrusted remote clients can DoS a server by making it use way
   too much memory.  There's a patch to shuffle around some memory pool
   usage - create, use, destroy.  And a smaller patch for svnserve (for
   the svn:// network protocol), to tweak the behavior of the pool
   allocator so it frees memory more aggressively.

   libsvn_repos/rev_hunt.c |   56 +++++++++++++++++++++++++++++++-----------------
   svnserve/main.c         |   15 ++++++++++++
   2 files changed, 51 insertions(+), 20 deletions(-)


2. 'dav-skip-unreadable-children': Patch to Apache mod_dav_svn ordinary
   directory listing, to filter out paths the user doesn't have
   permission to read.

   Could be construed as a security fix, to match the expectation that
   when you set a file (or subdir) as not readable, the existence of
   the file will also be hidden.  Very un-Unixy; Unix admins should
   know better than to assume that.

   I believe this is _not_ needed in squeeze, but if debian-release
   thinks it would be useful, I will include it.

   mod_dav_svn/authz.c     |   29 ++++++++++++-----------------
   mod_dav_svn/dav_svn.h   |   31 +++++++++++++++++++++++--------
   mod_dav_svn/liveprops.c |    2 +-
   mod_dav_svn/lock.c      |   18 ++++++++++++------
   mod_dav_svn/repos.c     |   24 ++++++++++++++++++++++++
   5 files changed, 72 insertions(+), 32 deletions(-)


3. 'no-wc1.7-check': Rip out some expensive code to detect, and abort,
   if you're in a Subversion 1.7 working copy.  This was intended as
   future proofing, but we've since reconsidered and decided that it
   isn't really very important, and the client slowdown is far out of
   proportion to any value it brings.

   This is clearly not RC, but it's also easy to review: it merely
   deletes a function, its caller, and a few lines in the testsuite.

   libsvn_wc/questions.c            |   59 ---------------------------------------
   tests/cmdline/svntest/actions.py |    6 ---
   tests/cmdline/svntest/main.py    |    1
   3 files changed, 66 deletions(-)


Thanks!
Peter
Reply to: