| Log Message: |
Provide a way for svnserve's 'get-deleted-rev' API to return 'not deleted'.
Previously the answer 'not deleted' was indistinguishable from an error when
using the svnserve protocol.
The standard 'svn' client software does not appear to invoke this case, but
it is meant to be a valid answer and is supported by the other repository
access protocols.
To work around the problem without changing the protocol, we re-purpose the
obsolete error code 'SVN_ERR_ENTRY_MISSING_REVISION' to communicate this
'not deleted' reply to the client.
(Re-purposing an old error code was not essential. An alternative would be
to create a new error code which would become part of the public API in the
next minor release, but would be deemed non-public when backported to older
release lines.)
Behaviour changes:
- With a new client against a new server, such queries are now handled
correctly.
- With an old client against a new server, the client will report a more
informative error message.
- With a new client against an old server, there is no improvement.
For CVE-2018-11782.
* subversion/svnserve/serve.c
(get_deleted_rev): If the answer is SVN_INVALID_REVNUM, return a
SVN_ERR_ENTRY_MISSING_REVISION error to the client.
* subversion/libsvn_ra_svn/client.c
(ra_svn_get_deleted_rev): Convert the error SVN_ERR_ENTRY_MISSING_REVISION
back to a response of SVN_INVALID_REVNUM.
* subversion/tests/libsvn_ra/ra-test.c
(commit_two_changes): New.
(test_get_deleted_rev_no_delete,
test_get_deleted_rev_errors): New tests.
(test_funcs): Run them.
|
subversion/trunk/subversion/libsvn_ra_svn/client.c