Re: svn commit: r10325 - in branches/1.0.x: . subversion/include subversion/libsvn_subr subversion/mod_authz_svn

On Thu, Jul 15, 2004 at 10:07:41PM -0400, Garrett Rooney wrote:
> breser@tigris.org wrote:
>
> >Author: breser
> >Date: Thu Jul 15 20:46:07 2004
> >New Revision: 10325
> >
> >Modified:
> > branches/1.0.x/STATUS
> > branches/1.0.x/subversion/include/svn_config.h
> > branches/1.0.x/subversion/libsvn_subr/config.c
> > branches/1.0.x/subversion/mod_authz_svn/mod_authz_svn.c
> >Log:
> >Merge r10183, r10184, r10216 onto 1.0.x
> >
> >mod_authz_svn security hole: check access on *whole tree* when authorizing
> > COPY or DELETE requests.
> >
> >Approvedy by: +1: striker, breser, sussman
>
> Sorry, this didn't occur to me before now, but can we merge this to
> 1.0.x? It adds a new function, svn_config_enumerate_sections. Isn't
> that against our backwards compatability policy because it means you can
> no longer roll back from 1.0.6 to 1.0.5 because something linking
> against 1.0.6 might rely on that function?

You're right we can't. Sander would you write a version of this against
1.0.x without r10325 that doesn't add a new function? I'd do it myself
but I figure you have a better setup for testing this.

-- 
Ben Reser <ben@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org