* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * THIS RELEASE STREAM IS CLOSED TO FURTHER CHANGES. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * This file tracks the status of releases in the 1.6.x line. See "Stabilizing and maintaining releases" in trunk/www/hacking.html for details on how release lines and voting work, what kinds of bugs can delay a release, etc. Status of 1.6.24: Candidate changes: ================== * r1144717 Include SVN_ERR_FS_NOT_FOUND in SVN_ERR_IS_LOCK_ERROR(). Justification: Consistent behaviour of the 1.7 client with 1.6/1.7 servers. (issue #3949) Votes: +1: danielsh, rhuijben -0: julianfoad (Too many loose ends. Should SVN_ERR_IS_UNLOCK_ERROR() get the same treatment? danielsh on IRC: "I'm not sure I was happy with the error/warning issue here. but patching the server makes the reporting be ehwat the test likes (and what 1.7 does)." Does the error/warning thing matter? philipm on IRC: "Does it fix multiple targets?" Have we analyzed whether the test properly reflects real life needs? Could the bug in unlock prevent people from removing a lock on a nonexistent path?) * r894014, 894029, 896247, 905705 Use serf_connection_create2 instead of serf_connection_create so that 1.6.x will be prepared to work with serf's upcoming ssl tunnel support (https over http proxy). Justification: Make use of new feature provided by the serf library, stop using an API that will be deprecated (although isn't yet). Note: this change doesn't require a change of the minimum serf requirements for this branch. r894014 is the main revision, the others are follow-up fixes. Votes: +1: lgo +0: gstein (haven't reviewed these specific revisions yet) -0: stsp (not a critical fix, serf is an optional dependency in 1.6.x) * r879359, r879360, r953308, r1140208, r1140588 Allow using serf-1.lib on Windows Justification: Serf moved to 1.0+. This patch makes Subversion 1.6 handle this change Branch: ^/subversion/branches/1.6.x-serf-1-win32 Votes: +1: rhuijben * r1461760 Additional fix related to issue #4340, "filenames containing \n corrupt FSFS repositories" Justification: This change makes libsvn_repos block filenames containing control characters. Control characters in filenames have always been rejected by libsvn_client, but client-side software bypassing libsvn_client could still commit such filenames. Control characters in filenames can cause problems not just in FSFS but also in dump files, unidiff, and possibly elsewhere. It is a good idea to make the client and server consistent. See discussion linked from issue #4340 for more information. Branch: ^/subversion/branches/1.6.x-issue4340-repos Votes: +1: stsp * r1138375 Fix a broken regex match in ac-macros/apache.m4. Justification: Fixes build with APR 1.5. Branch: ^/subversion/branches/1.6.x-r1138375 Votes: +1: stsp * r1804691 Fix CVE-2017-9800. Justification: Arbitrary commands on client. Branch: ^/subversion/branches/1.6.x-CVE-2017-9800 Votes: +1: philip Veto-blocked changes: ===================== * r1138975, r1138977 Add a sanity check to get-deps.sh. Justification: Prevent a false impression as to which version of a dependency will be used. Notes: r1138975 is the change. r1138977 reverts accidentally-committed local changes. Note that r1138977 replaces the bogusly-committed files rather than merges into them. Votes: +1: danielsh -1: stsp (not a security or data-corruption fix) Approved changes: =================