You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2013/06/18 16:32:20 UTC
[01/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Updated Branches:
refs/heads/1832-fix-empty-attachment-name [created] ad774b6e0
Improve script url validation
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/a3156750
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/a3156750
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/a3156750
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: a3156750cc14c279224a3a1b2ecd49589b5c3016
Parents: 53490d9
Author: Robert Newson <rn...@apache.org>
Authored: Tue Dec 18 15:11:41 2012 +0000
Committer: Robert Newson <rn...@apache.org>
Committed: Wed Dec 19 01:29:52 2012 +0000
----------------------------------------------------------------------
share/www/script/couch_test_runner.js | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/a3156750/share/www/script/couch_test_runner.js
----------------------------------------------------------------------
diff --git a/share/www/script/couch_test_runner.js b/share/www/script/couch_test_runner.js
index c1e7a72..60ba11c 100644
--- a/share/www/script/couch_test_runner.js
+++ b/share/www/script/couch_test_runner.js
@@ -15,11 +15,9 @@
function loadScript(url) {
// disallow loading remote URLs
- if((url.substr(0, 7) == "http://")
- || (url.substr(0, 2) == "//")
- || (url.substr(0, 5) == "data:")
- || (url.substr(0, 11) == "javascript:")) {
- throw "Not loading remote test scripts";
+ var re = /^[a-z0-9_]+(\/[a-z0-9_]+)*\.js#?$/;
+ if (!re.test(url)) {
+ throw "Not loading remote test scripts";
}
if (typeof document != "undefined") document.write('<script src="'+url+'"></script>');
};
[37/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Added comment for COUCHDB-1449, and added sections for 1.2.2 to CHANGES
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/b5d18fe2
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/b5d18fe2
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/b5d18fe2
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: b5d18fe2ae456d1fea9fd3e3990ccabf815326c2
Parents: 4bd0adc
Author: Wendall Cada <we...@apache.org>
Authored: Thu Mar 21 16:30:59 2013 -0700
Committer: Wendall Cada <we...@apache.org>
Committed: Thu Mar 21 16:30:59 2013 -0700
----------------------------------------------------------------------
CHANGES | 7 +++++++
1 file changed, 7 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/b5d18fe2/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 0325b6f..1d584c5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,9 +4,16 @@ Apache CouchDB CHANGES
Version 1.2.2
-------------
+HTTP Interface:
+
* Reset rewrite counter on new request, avoiding unnecessary request failures
due to bogus rewrite limit reports.
+Build System:
+
+ * Fixed issue in couchdb script where stopped status returns before process
+ exits.
+
Version 1.2.1
-------------
[18/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/13fb8bc4
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/13fb8bc4
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/13fb8bc4
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 13fb8bc494173312278ecb7b1661147e6e4c1adf
Parents: 6302d1b
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:49:27 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:49:27 2013 +0000
----------------------------------------------------------------------
NEWS | 78 +++++++++++++++++++++++++++++++--------------------------------
1 file changed, 39 insertions(+), 39 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/13fb8bc4/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index f90d7f9..ebd7d74 100644
--- a/NEWS
+++ b/NEWS
@@ -77,51 +77,51 @@ This release contains backwards incompatible changes.
Version 1.1.2
-------------
-* Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
backslashes in URLs on Windows
-* Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe
- Flash
-* Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with
+ Adobe Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
UI
-* ETag of attachment changes only when the attachment changes, not
- the document.
-* Fix pull replication of documents with many revisions.
-* Fix replication with an HTTP source and target
-* Avoid invalidating view indexes when running out of file descriptors.
-* Improvements to log messages for file-related errors.
-* Fix retrieval of headers larger than 4k.
-* Allow OPTIONS HTTP method for list requests.
-* Don't attempt to encode invalid json.
-* Improve SpiderMonkey version detection.
+ * ETag of attachment changes only when the attachment changes, not
+ the document.
+ * Fix pull replication of documents with many revisions.
+ * Fix replication with an HTTP source and target
+ * Avoid invalidating view indexes when running out of file descriptors.
+ * Improvements to log messages for file-related errors.
+ * Fix retrieval of headers larger than 4k.
+ * Allow OPTIONS HTTP method for list requests.
+ * Don't attempt to encode invalid json.
+ * Improve SpiderMonkey version detection.
Version 1.1.1
-------------
-* Support SpiderMonkey 1.8.5
-* Add configurable maximum to the number of bytes returned by _log.
-* Allow CommonJS modules to be an empty string.
-* Bump minimum Erlang version to R13B02.
-* Do not run deleted validate_doc_update functions.
-* ETags for views include current sequence if include_docs=true.
-* Fix bug where duplicates can appear in _changes feed.
-* Fix bug where update handlers break after conflict resolution.
-* Fix bug with _replicator where include "filter" could crash couch.
-* Fix crashes when compacting large views.
-* Fix file descriptor leak in _log
-* Fix missing revisions in _changes?style=all_docs.
-* Improve handling of compaction at max_dbs_open limit.
-* JSONP responses now send "text/javascript" for Content-Type.
-* Link to ICU 4.2 on Windows.
-* Permit forward slashes in path to update functions.
-* Reap couchjs processes that hit reduce_overflow error.
-* Status code can be specified in update handlers.
-* Support provides() in show functions.
-* _view_cleanup when ddoc has no views now removes all index files.
-* max_replication_retry_count now supports "infinity".
-* Fix replication crash when source database has a document with empty ID.
-* Fix deadlock when assigning couchjs processes to serve requests.
-* Fixes to the document multipart PUT API.
-* Fixes regarding file descriptor leaks for databases with views.
+ * Support SpiderMonkey 1.8.5
+ * Add configurable maximum to the number of bytes returned by _log.
+ * Allow CommonJS modules to be an empty string.
+ * Bump minimum Erlang version to R13B02.
+ * Do not run deleted validate_doc_update functions.
+ * ETags for views include current sequence if include_docs=true.
+ * Fix bug where duplicates can appear in _changes feed.
+ * Fix bug where update handlers break after conflict resolution.
+ * Fix bug with _replicator where include "filter" could crash couch.
+ * Fix crashes when compacting large views.
+ * Fix file descriptor leak in _log
+ * Fix missing revisions in _changes?style=all_docs.
+ * Improve handling of compaction at max_dbs_open limit.
+ * JSONP responses now send "text/javascript" for Content-Type.
+ * Link to ICU 4.2 on Windows.
+ * Permit forward slashes in path to update functions.
+ * Reap couchjs processes that hit reduce_overflow error.
+ * Status code can be specified in update handlers.
+ * Support provides() in show functions.
+ * _view_cleanup when ddoc has no views now removes all index files.
+ * max_replication_retry_count now supports "infinity".
+ * Fix replication crash when source database has a document with empty ID.
+ * Fix deadlock when assigning couchjs processes to serve requests.
+ * Fixes to the document multipart PUT API.
+ * Fixes regarding file descriptor leaks for databases with views.
Version 1.1.0
-------------
[14/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/bd52bc20
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/bd52bc20
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/bd52bc20
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: bd52bc20e76236d427199b38f1eae780fcea241e
Parents: 66fd2e6
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:30:30 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:30:30 2013 +0000
----------------------------------------------------------------------
NEWS | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/bd52bc20/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 3a445a8..493bc59 100644
--- a/NEWS
+++ b/NEWS
@@ -177,7 +177,7 @@ Version 1.0.3
* Fixed OAuth signature computation in OTP R14B02.
* Handle passwords with : in them.
* Made compatible with jQuery 1.5.x.
- * Added support for inclusive_end wiht reduce views.
+ * Added support for inclusive_end with reduce views.
* Etap tests no longer require use of port 5984.
* Windows builds now require ICU >= 4.4.0 and Erlang >= R14B03.
@@ -206,14 +206,14 @@ Version 1.0.2
Version 1.0.1
-------------
- * Fix data corruption bug COUCHDB-844. Please see
- http://couchdb.apache.org/notice/1.0.1.html for details.
- * Added support for replication via an HTTP/HTTPS proxy.
- * Fixed various replicator bugs for interop with older CouchDB versions.
- * Show fields saved along with _deleted=true. Allows for auditing of deletes.
- * Enable basic-auth popup when required to access the server, to prevent
- people from getting locked out.
- * User interface element for querying stale (cached) views.
+ * Fix data corruption bug COUCHDB-844. Please see
+ http://couchdb.apache.org/notice/1.0.1.html for details.
+ * Added support for replication via an HTTP/HTTPS proxy.
+ * Fixed various replicator bugs for interop with older CouchDB versions.
+ * Show fields saved along with _deleted=true. Allows for auditing of deletes.
+ * Enable basic-auth popup when required to access the server, to prevent
+ people from getting locked out.
+ * User interface element for querying stale (cached) views.
Version 1.0.0
-------------
@@ -229,12 +229,12 @@ Version 1.0.0
Version 0.11.2
--------------
- * Replicator buxfixes for replicating design documents from secured databases.
- * Better error messages on invalid URL requests.
- * User documents can now be deleted by admins or the user.
- * Avoid potential DOS attack by guarding all creation of atoms.
- * Some Futon and JavaScript library bugfixes.
- * Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
+ * Replicator buxfixes for replicating design documents from secured databases.
+ * Better error messages on invalid URL requests.
+ * User documents can now be deleted by admins or the user.
+ * Avoid potential DOS attack by guarding all creation of atoms.
+ * Some Futon and JavaScript library bugfixes.
+ * Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
Version 0.11.1
--------------
[27/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/cd0e051a
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/cd0e051a
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/cd0e051a
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: cd0e051a36a962d6074a40d838def5b2124ffa2f
Parents: 9f9d63a
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 21:33:31 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 21:33:31 2013 +0000
----------------------------------------------------------------------
NEWS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/cd0e051a/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 1460439..48e723d 100644
--- a/NEWS
+++ b/NEWS
@@ -70,9 +70,9 @@ This release contains backwards incompatible changes.
* Fixed incorrect reduce query results when using pagination parameters.
* Made icu_driver work with Erlang R15B and later.
* Improvements to the build system and etap test suite.
+ * Improvements to log messages for file-related errors.
* Avoid invalidating view indexes when running out of file descriptors.
* Log correct stacktrace in all cases.
- * Improvements to log messages for file-related errors.
Version 1.1.2
-------------
[26/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/9f9d63ae
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/9f9d63ae
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/9f9d63ae
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 9f9d63aeda187122ac7fddb4928f81676331ee15
Parents: f640598
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 21:23:02 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 21:23:02 2013 +0000
----------------------------------------------------------------------
CHANGES | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/9f9d63ae/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index bdd5e48..4fc66fc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -130,7 +130,8 @@ View Server:
configuration is matched.
* Fixed incorrect reduce query results when using pagination parameters.
* Made icu_driver work with Erlang R15B and later.
- * Avoid invalidating view indexes when running out of file descriptors.
+ * Avoid invalidating view indexes when running out of file descriptors
+ (COUCHDB-1445).
OAuth:
[36/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Fix for COUCHDB-1449 stopped status returned before couchdb process exits.
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/4bd0adce
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/4bd0adce
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/4bd0adce
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 4bd0adce93ce0d5c45463d87cb186541d11f11f3
Parents: 5cd29f4
Author: Wendall Cada <we...@83864.com>
Authored: Mon Mar 11 12:05:34 2013 -0700
Committer: Wendall Cada <we...@apache.org>
Committed: Thu Mar 21 15:19:35 2013 -0700
----------------------------------------------------------------------
bin/couchdb.tpl.in | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/4bd0adce/bin/couchdb.tpl.in
----------------------------------------------------------------------
diff --git a/bin/couchdb.tpl.in b/bin/couchdb.tpl.in
index eab27b5..31bc7d9 100644
--- a/bin/couchdb.tpl.in
+++ b/bin/couchdb.tpl.in
@@ -267,12 +267,20 @@ EOF
stop_couchdb () {
PID=`_get_pid`
+ STOP_TIMEOUT=60
if test -n "$PID"; then
- if test "$1" = "false"; then
- echo > $PID_FILE
- fi
if kill -0 $PID 2> /dev/null; then
- if kill -1 $PID 2> /dev/null; then
+ if kill -TERM $PID 2> /dev/null; then
+ count=0
+ while kill -0 $PID 2> /dev/null; do
+ if [ $count -ge $STOP_TIMEOUT ]; then
+ echo "Apache CouchDB failed to shutdown."
+ return $SCRIPT_ERROR
+ else
+ count=$[count+1]
+ sleep 1
+ fi
+ done
if test "$1" = "false"; then
echo "Apache CouchDB has been shutdown."
else
[25/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/f640598f
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/f640598f
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/f640598f
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: f640598fedb76d524b1b3d6b6438c97131ee3c59
Parents: 4d18781
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 21:12:08 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 21:12:36 2013 +0000
----------------------------------------------------------------------
NEWS | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/f640598f/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index d720947..1460439 100644
--- a/NEWS
+++ b/NEWS
@@ -153,8 +153,8 @@ Version 1.0.4
* Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
backslashes in URLs on Windows
- * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe
- Flash
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with
+ Adobe Flash
* Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
UI
* Fix file descriptor leak in _log.
[24/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/4d18781b
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/4d18781b
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/4d18781b
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 4d18781b0568682bb00f9f00a958ead7ece9e151
Parents: 61c34cb
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 21:01:47 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 21:01:47 2013 +0000
----------------------------------------------------------------------
CHANGES | 14 +++++++-------
NEWS | 8 ++++----
2 files changed, 11 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/4d18781b/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 0b49895..bdd5e48 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,13 +1,13 @@
Apache CouchDB CHANGES
======================
-Version 1.2.2
--------------
-
-Note that this version has not been released yet.
-
-* Reset rewrite counter on new request, avoiding unnecessary request
- failures due to bogus rewrite limit reports
+# Version 1.2.2
+# -------------
+#
+# Note that this version has not been released yet.
+#
+# * Reset rewrite counter on new request, avoiding unnecessary request
+# failures due to bogus rewrite limit reports
Version 1.2.1
-------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/4d18781b/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index ebd7d74..d720947 100644
--- a/NEWS
+++ b/NEWS
@@ -7,10 +7,10 @@ For details about backwards incompatible changes, see:
Each release section notes when backwards incompatible changes have been made.
-Version 1.2.2
--------------
-
-Note that this version has not been released yet.
+# Version 1.2.2
+# -------------
+#
+# Note that this version has not been released yet.
Version 1.2.1
-------------
[09/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
fix COUCHDB-1653
AM_... is obsolote. use AC_CONFIG_HEADERS instead.
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/1f22df7d
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/1f22df7d
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/1f22df7d
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 1f22df7deb1157d3673ed72c47fb1ae943380448
Parents: 34125be
Author: Benoit Chesneau <bc...@gmail.com>
Authored: Sat Jan 26 21:51:10 2013 +0100
Committer: Robert Newson <rn...@apache.org>
Committed: Mon Jan 28 18:22:57 2013 +0000
----------------------------------------------------------------------
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/1f22df7d/configure.ac
----------------------------------------------------------------------
diff --git a/configure.ac b/configure.ac
index de212ec..99543b0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,7 +19,7 @@ AC_CONFIG_SRCDIR([CHANGES])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
-AM_CONFIG_HEADER([config.h])
+AC_CONFIG_HEADER([config.h])
AC_CONFIG_HEADERS([src/snappy/google-snappy/config.h])
AM_INIT_AUTOMAKE([1.6.3 foreign])
[28/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/2181247e
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/2181247e
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/2181247e
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 2181247ee3f664f63aa06c1459a2374d1358460f
Parents: cd0e051
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 21:57:57 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 21:57:57 2013 +0000
----------------------------------------------------------------------
NEWS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/2181247e/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 48e723d..517a87f 100644
--- a/NEWS
+++ b/NEWS
@@ -10,7 +10,7 @@ Each release section notes when backwards incompatible changes have been made.
# Version 1.2.2
# -------------
#
-# Note that this version has not been released yet.
+# This version has not been released yet.
Version 1.2.1
-------------
[31/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Added CVE-2010-2234 to NEWS and CHANGES
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/fd9b66db
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/fd9b66db
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/fd9b66db
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: fd9b66dbc29764a1f255ff88cd3ce574bf532e3e
Parents: 242ea0b
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 22:06:26 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 22:06:42 2013 +0000
----------------------------------------------------------------------
CHANGES | 4 ++++
NEWS | 1 +
2 files changed, 5 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/fd9b66db/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 12aa177..154481b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -413,6 +413,10 @@ View Server:
Version 1.0.1
-------------
+Security:
+
+ * Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
+
Storage System:
* Fix data corruption bug COUCHDB-844. Please see
http://git-wip-us.apache.org/repos/asf/couchdb/blob/fd9b66db/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 2a3558c..912dd75 100644
--- a/NEWS
+++ b/NEWS
@@ -207,6 +207,7 @@ Version 1.0.2
Version 1.0.1
-------------
+ * Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
* Fix data corruption bug COUCHDB-844. Please see
http://couchdb.apache.org/notice/1.0.1.html for details.
* Added support for replication via an HTTP/HTTPS proxy.
[04/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
improve parsing of mochiweb relative paths
Patch adapted from http://www.couchbase.com/issues/browse/MB-7390
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/4cd38466
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/4cd38466
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/4cd38466
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 4cd3846680e39f51b655979ffb3109d71b0fa7ea
Parents: cf10ab1
Author: Sriram Melkote <si...@couchbase.com>
Authored: Sat Dec 15 04:03:45 2012 +0530
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Wed Dec 19 18:01:02 2012 +0100
----------------------------------------------------------------------
src/mochiweb/mochiweb_util.erl | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/4cd38466/src/mochiweb/mochiweb_util.erl
----------------------------------------------------------------------
diff --git a/src/mochiweb/mochiweb_util.erl b/src/mochiweb/mochiweb_util.erl
index 3b50fe7..6b88818 100644
--- a/src/mochiweb/mochiweb_util.erl
+++ b/src/mochiweb/mochiweb_util.erl
@@ -68,11 +68,17 @@ partition2(_S, _Sep) ->
%% @spec safe_relative_path(string()) -> string() | undefined
%% @doc Return the reduced version of a relative path or undefined if it
%% is not safe. safe relative paths can be joined with an absolute path
-%% and will result in a subdirectory of the absolute path.
+%% and will result in a subdirectory of the absolute path. Safe paths
+%% never contain a backslash character.
safe_relative_path("/" ++ _) ->
undefined;
safe_relative_path(P) ->
- safe_relative_path(P, []).
+ case string:chr(P, $\\) of
+ 0 ->
+ safe_relative_path(P, []);
+ _ ->
+ undefined
+ end.
safe_relative_path("", Acc) ->
case Acc of
@@ -809,6 +815,7 @@ safe_relative_path_test() ->
undefined = safe_relative_path("../foo"),
undefined = safe_relative_path("foo/../.."),
undefined = safe_relative_path("foo//"),
+ undefined = safe_relative_path("foo\\bar"),
ok.
parse_qvalues_test() ->
[15/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/ef39d080
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/ef39d080
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/ef39d080
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: ef39d080cf36c8696d1480bc68336cec9ce5a6fd
Parents: bd52bc2
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:31:26 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:31:26 2013 +0000
----------------------------------------------------------------------
NEWS | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/ef39d080/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 493bc59..76cbf12 100644
--- a/NEWS
+++ b/NEWS
@@ -229,12 +229,12 @@ Version 1.0.0
Version 0.11.2
--------------
+ * Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
+ * Avoid potential DOS attack by guarding all creation of atoms.
* Replicator buxfixes for replicating design documents from secured databases.
* Better error messages on invalid URL requests.
* User documents can now be deleted by admins or the user.
- * Avoid potential DOS attack by guarding all creation of atoms.
* Some Futon and JavaScript library bugfixes.
- * Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
Version 0.11.1
--------------
[12/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/22ea84e2
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/22ea84e2
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/22ea84e2
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 22ea84e2c17af7b70b9f6ba861f94b726aff8278
Parents: 891f162
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:21:05 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:21:05 2013 +0000
----------------------------------------------------------------------
NEWS | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/22ea84e2/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index bb7e4a7..625862e 100644
--- a/NEWS
+++ b/NEWS
@@ -74,6 +74,26 @@ This release contains backwards incompatible changes.
* Log correct stacktrace in all cases.
* Improvements to log messages for file-related errors.
+Version 1.1.2
+-------------
+
+* Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+ backslashes in URLs on Windows
+* Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe
+ Flash
+* Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+ UI
+* ETag of attachment changes only when the attachment changes, not
+ the document.
+* Fix pull replication of documents with many revisions.
+* Fix replication with an HTTP source and target
+* Avoid invalidating view indexes when running out of file descriptors.
+* Improvements to log messages for file-related errors.
+* Fix retrieval of headers larger than 4k.
+* Allow OPTIONS HTTP method for list requests.
+* Don't attempt to encode invalid json.
+* Improve SpiderMonkey version detection.
+
Version 1.1.1
-------------
[39/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Add 1.2.3 section to NEWS and CHANGES
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/30b48e6a
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/30b48e6a
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/30b48e6a
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 30b48e6a2f7c156102204666fcfcbbb09fb56370
Parents: 4ca5e45
Author: Noah Slater <ns...@apache.org>
Authored: Fri Apr 12 13:36:12 2013 +0100
Committer: Noah Slater <ns...@apache.org>
Committed: Fri Apr 12 13:36:12 2013 +0100
----------------------------------------------------------------------
CHANGES | 5 +++++
NEWS | 5 +++++
2 files changed, 10 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/30b48e6a/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 1d584c5..5bfbbc6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,11 @@
Apache CouchDB CHANGES
======================
+# Version 1.2.3
+# -------------
+#
+# This version has not been released yet.
+
Version 1.2.2
-------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/30b48e6a/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 00a773c..b24dac1 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,11 @@ For details about backwards incompatible changes, see:
Each release section notes when backwards incompatible changes have been made.
+# Version 1.2.3
+# -------------
+#
+# This version has not been released yet.
+
Version 1.2.2
-------------
[07/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Update for release process
- CHANGES and NEWS
- support GPG_ARGS in Makefile.am using fix from 6dba2e9
- update acinclude.m4.in with release version
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/5ebfa8e4
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/5ebfa8e4
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/5ebfa8e4
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 5ebfa8e4bce7322ae0d7b7d95f269425cdb9a46c
Parents: 42eca20
Author: Dave Cottlehuber <dc...@apache.org>
Authored: Thu Dec 20 22:21:48 2012 +0100
Committer: Dave Cottlehuber <dc...@apache.org>
Committed: Thu Dec 20 22:24:07 2012 +0100
----------------------------------------------------------------------
CHANGES | 2 --
Makefile.am | 2 +-
NEWS | 2 --
acinclude.m4.in | 2 +-
4 files changed, 2 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/5ebfa8e4/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index aec8a88..8a43648 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,8 +4,6 @@ Apache CouchDB CHANGES
Version 1.2.1
-------------
-This version has not been released yet.
-
HTTP Interface:
* No longer rewrites the X-CouchDB-Requested-Path during recursive
http://git-wip-us.apache.org/repos/asf/couchdb/blob/5ebfa8e4/Makefile.am
----------------------------------------------------------------------
diff --git a/Makefile.am b/Makefile.am
index 8e16baf..87a8d9e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -140,7 +140,7 @@ distcheck-hook:
distsign: distcheck check
@# @@ unpack archive and run diff -r to double check missing files
@# @@ does automake have anything that does this?
- gpg --armor --detach-sig --default-key 8FBFCFBF \
+ gpg --armor --detach-sig $(GPG_ARGS) \
< $(top_srcdir)/$(distdir).tar.gz \
> $(top_srcdir)/$(distdir).tar.gz.asc
md5sum $(top_srcdir)/$(distdir).tar.gz \
http://git-wip-us.apache.org/repos/asf/couchdb/blob/5ebfa8e4/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 6a8f100..4139a65 100644
--- a/NEWS
+++ b/NEWS
@@ -10,8 +10,6 @@ Each release section notes when backwards incompatible changes have been made.
Version 1.2.1
-------------
-This version has not been released yet.
-
* Fix various bugs in the URL rewriter when recursion is involved.
* Fix couchdb start script.
* Futon: Disable buttons that aren't available for the logged-in user.
http://git-wip-us.apache.org/repos/asf/couchdb/blob/5ebfa8e4/acinclude.m4.in
----------------------------------------------------------------------
diff --git a/acinclude.m4.in b/acinclude.m4.in
index 19d51ac..d9fab8f 100644
--- a/acinclude.m4.in
+++ b/acinclude.m4.in
@@ -18,7 +18,7 @@ m4_define([LOCAL_PACKAGE_NAME], [Apache CouchDB])
m4_define([LOCAL_BUG_URI], [https://issues.apache.org/jira/browse/COUCHDB])
m4_define([LOCAL_VERSION_MAJOR], [1])
m4_define([LOCAL_VERSION_MINOR], [2])
-m4_define([LOCAL_VERSION_REVISION], [0])
+m4_define([LOCAL_VERSION_REVISION], [1])
m4_define([LOCAL_VERSION_STAGE], [])
m4_define([LOCAL_VERSION_RELEASE], [])
m4_define([LOCAL_VERSION_PRIMARY],
[16/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/0960a06a
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/0960a06a
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/0960a06a
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 0960a06a835993703d33a1e8d2fac457cb641cf4
Parents: ef39d08
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:32:39 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:32:39 2013 +0000
----------------------------------------------------------------------
NEWS | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/0960a06a/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 76cbf12..f90d7f9 100644
--- a/NEWS
+++ b/NEWS
@@ -311,6 +311,7 @@ This version is a feature-freeze release candidate for Apache CouchDB 1.0.
* Avoid leaking file descriptors on automatic replication restarts.
* Various improvements to the Futon UI.
* Provide Content-MD5 header support for attachments.
+ * Adds configurable compression of attachments.
* Added default cookie-authentication and users db.
* Added per-db reader access control lists.
* Added per-db security object for configuration data in validation functions.
@@ -340,7 +341,7 @@ Version 0.10.1
Version 0.10.0
--------------
-This release contains backwards incompatible changes
+This release contains backwards incompatible changes.
* General performance improvements.
* View index generation speedups.
[29/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/a03848a5
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/a03848a5
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/a03848a5
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: a03848a501b6216c47db3823a13bbaf4447fe190
Parents: 2181247
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 21:59:54 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 21:59:54 2013 +0000
----------------------------------------------------------------------
CHANGES | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/a03848a5/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 4fc66fc..d41ab3f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,7 @@ Apache CouchDB CHANGES
# Version 1.2.2
# -------------
#
-# Note that this version has not been released yet.
+# This version has not been released yet.
#
# * Reset rewrite counter on new request, avoiding unnecessary request
# failures due to bogus rewrite limit reports
[40/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Make cardinality of result explicit, remove join hacks
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/7cdedb02
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/7cdedb02
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/7cdedb02
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 7cdedb0282bcf274b80d4e552705756b925b8841
Parents: 30b48e6
Author: Robert Newson <rn...@apache.org>
Authored: Mon Nov 19 10:55:57 2012 +0000
Committer: Robert Newson <rn...@apache.org>
Committed: Tue Apr 23 14:31:49 2013 +0100
----------------------------------------------------------------------
share/www/script/test/users_db.js | 18 ++++++++++++++++++
src/couchdb/couch_httpd_auth.erl | 14 +++++++-------
2 files changed, 25 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/7cdedb02/share/www/script/test/users_db.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/users_db.js b/share/www/script/test/users_db.js
index 7648523..f52f022 100644
--- a/share/www/script/test/users_db.js
+++ b/share/www/script/test/users_db.js
@@ -122,6 +122,24 @@ couchTests.users_db = function(debug) {
} catch(e) {
TEquals("Character `:` is not allowed in usernames.", e.reason);
}
+
+ // test that you can login as a user with a password starting with :
+ var doc = CouchDB.prepareUserDoc({
+ name: "foo@example.org"
+ }, ":bar");
+ T(usersDb.save(doc).ok);
+
+ T(CouchDB.session().userCtx.name == null);
+
+ // test that you can use basic auth aginst the users db
+ var s = CouchDB.session({
+ headers : {
+ // base64_encode("foo@example.org::bar")
+ "Authorization" : "Basic Zm9vQGV4YW1wbGUub3JnOjpiYXI="
+ }
+ });
+ T(s.userCtx.name == "foo@example.org");
+
};
usersDb.deleteDb();
http://git-wip-us.apache.org/repos/asf/couchdb/blob/7cdedb02/src/couchdb/couch_httpd_auth.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index a3ee4f4..508ec7f 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -26,7 +26,7 @@ special_test_authentication_handler(Req) ->
case header_value(Req, "WWW-Authenticate") of
"X-Couch-Test-Auth " ++ NamePass ->
% NamePass is a colon separated string: "joe schmoe:a password".
- [Name, Pass] = re:split(NamePass, ":", [{return, list}]),
+ [Name, Pass] = re:split(NamePass, ":", [{return, list}, {parts, 2}]),
case {Name, Pass} of
{"Jan Lehnardt", "apple"} -> ok;
{"Christopher Lenz", "dog food"} -> ok;
@@ -47,14 +47,13 @@ basic_name_pw(Req) ->
AuthorizationHeader = header_value(Req, "Authorization"),
case AuthorizationHeader of
"Basic " ++ Base64Value ->
- case string:tokens(?b2l(base64:decode(Base64Value)),":") of
+ case re:split(base64:decode(Base64Value), ":",
+ [{return, list}, {parts, 2}]) of
["_", "_"] ->
% special name and pass to be logged out
nil;
[User, Pass] ->
{User, Pass};
- [User | Pass] ->
- {User, string:join(Pass, ":")};
_ ->
nil
end;
@@ -161,9 +160,10 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
undefined -> Req;
[] -> Req;
Cookie ->
- [User, TimeStr | HashParts] = try
+ [User, TimeStr, HashStr] = try
AuthSession = couch_util:decodeBase64Url(Cookie),
- [_A, _B | _Cs] = string:tokens(?b2l(AuthSession), ":")
+ [_A, _B, _Cs] = re:split(?b2l(AuthSession), ":",
+ [{return, list}, {parts, 3}])
catch
_:_Error ->
Reason = <<"Malformed AuthSession cookie. Please clear your cookies.">>,
@@ -183,7 +183,7 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
UserSalt = couch_util:get_value(<<"salt">>, UserProps, <<"">>),
FullSecret = <<Secret/binary, UserSalt/binary>>,
ExpectedHash = crypto:sha_mac(FullSecret, User ++ ":" ++ TimeStr),
- Hash = ?l2b(string:join(HashParts, ":")),
+ Hash = ?l2b(HashStr),
Timeout = list_to_integer(
couch_config:get("couch_httpd_auth", "timeout", "600")),
?LOG_DEBUG("timeout ~p", [Timeout]),
[13/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/66fd2e68
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/66fd2e68
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/66fd2e68
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 66fd2e6811d3556f680ad3ea61d4ad52816b6013
Parents: 22ea84e
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:27:32 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:27:32 2013 +0000
----------------------------------------------------------------------
NEWS | 15 +++++++++++++++
1 file changed, 15 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/66fd2e68/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 625862e..3a445a8 100644
--- a/NEWS
+++ b/NEWS
@@ -148,6 +148,21 @@ This release contains backwards incompatible changes.
to lack of permissions.
* Added a "change password"-feature to Futon.
+Version 1.0.4
+-------------
+
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+ backslashes in URLs on Windows
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe
+ Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+ UI
+ * Fix file descriptor leak in _log.
+ * Fix missing revisions in _changes?style=all_docs.
+ * Fix validation of attachment names.
+ * Avoid invalidating view indexes when running out of file descriptors.
+ * Fix a race condition where replications can go stale
+
Version 1.0.3
-------------
[35/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Removed not released notice
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/5cd29f48
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/5cd29f48
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/5cd29f48
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 5cd29f48e4a6a8e72d9a4ea1b6f7f1fcb3dbeddf
Parents: 9dd0c51
Author: Noah Slater <ns...@apache.org>
Authored: Thu Mar 21 15:41:34 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Thu Mar 21 15:41:34 2013 +0000
----------------------------------------------------------------------
CHANGES | 2 --
1 file changed, 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/5cd29f48/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 80cdf60..0325b6f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,8 +4,6 @@ Apache CouchDB CHANGES
Version 1.2.2
-------------
-This version has not been released yet.
-
* Reset rewrite counter on new request, avoiding unnecessary request failures
due to bogus rewrite limit reports.
[21/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/fab8154d
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/fab8154d
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/fab8154d
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: fab8154dc1df5493adfe683af5e9c2bd4b404052
Parents: 3884d9e
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:53:07 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:53:07 2013 +0000
----------------------------------------------------------------------
CHANGES | 40 ++++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/fab8154d/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 2fb5597..8de7a9c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -410,33 +410,33 @@ Version 1.0.1
Storage System:
- * Fix data corruption bug COUCHDB-844. Please see
- http://couchdb.apache.org/notice/1.0.1.html for details.
+ * Fix data corruption bug COUCHDB-844. Please see
+ http://couchdb.apache.org/notice/1.0.1.html for details.
Replicator:
- * Added support for replication via an HTTP/HTTPS proxy.
- * Fix pull replication of attachments from 0.11 to 1.0.x.
- * Make the _changes feed work with non-integer seqnums.
+ * Added support for replication via an HTTP/HTTPS proxy.
+ * Fix pull replication of attachments from 0.11 to 1.0.x.
+ * Make the _changes feed work with non-integer seqnums.
HTTP Interface:
- * Expose `committed_update_seq` for monitoring purposes.
- * Show fields saved along with _deleted=true. Allows for auditing of deletes.
- * More robust Accept-header detection.
+ * Expose `committed_update_seq` for monitoring purposes.
+ * Show fields saved along with _deleted=true. Allows for auditing of deletes.
+ * More robust Accept-header detection.
Authentication:
- * Enable basic-auth popup when required to access the server, to prevent
- people from getting locked out.
+ * Enable basic-auth popup when required to access the server, to prevent
+ people from getting locked out.
Futon:
- * User interface element for querying stale (cached) views.
+ * User interface element for querying stale (cached) views.
Build and System Integration:
- * Included additional source files for distribution.
+ * Included additional source files for distribution.
Version 1.0.0
-------------
@@ -464,26 +464,26 @@ Version 0.11.2
Replicator:
- * Fix bug when pushing design docs by non-admins, which was hanging the
- replicator for no good reason.
- * Fix bug when pulling design documents from a source that requires
- basic-auth.
+ * Fix bug when pushing design docs by non-admins, which was hanging the
+ replicator for no good reason.
+ * Fix bug when pulling design documents from a source that requires
+ basic-auth.
HTTP Interface:
- * Better error messages on invalid URL requests.
+ * Better error messages on invalid URL requests.
Authentication:
- * User documents can now be deleted by admins or the user.
+ * User documents can now be deleted by admins or the user.
Security:
- * Avoid potential DOS attack by guarding all creation of atoms.
+ * Avoid potential DOS attack by guarding all creation of atoms.
Futon:
- * Add some Futon files that were missing from the Makefile.
+ * Add some Futon files that were missing from the Makefile.
Version 0.11.1
--------------
[22/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/cba68896
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/cba68896
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/cba68896
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: cba68896560c10cc4efda5dfa3537644f9eda23c
Parents: fab8154
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:54:23 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:54:23 2013 +0000
----------------------------------------------------------------------
CHANGES | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/cba68896/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 8de7a9c..a1b18d5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -462,6 +462,11 @@ View Server:
Version 0.11.2
--------------
+Security:
+
+ * Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
+ * Avoid potential DOS attack by guarding all creation of atoms.
+
Replicator:
* Fix bug when pushing design docs by non-admins, which was hanging the
@@ -477,10 +482,6 @@ Authentication:
* User documents can now be deleted by admins or the user.
-Security:
-
- * Avoid potential DOS attack by guarding all creation of atoms.
-
Futon:
* Add some Futon files that were missing from the Makefile.
@@ -659,6 +660,21 @@ Build and System Integration:
* Gavin McDonald setup a build-bot instance. More info can be found at
http://ci.apache.org/buildbot.html
+Version 0.10.2
+--------------
+
+Security:
+
+ * Fixed CVE-2010-0009: Apache CouchDB Timing Attack Vulnerability
+
+Replicator:
+
+ * Avoid leaking file descriptors on automatic replication restarts.
+
+Build and System Integration:
+
+ * Fixed distribution preparation for building on Mac OS X.
+
Version 0.10.1
--------------
[32/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
fix up 1.1.1 section
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/e2eb3e92
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/e2eb3e92
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/e2eb3e92
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: e2eb3e92ddd6f35d37c513de74e76c95fff37102
Parents: fd9b66d
Author: Jan Lehnardt <ja...@apache.org>
Authored: Thu Mar 7 22:29:43 2013 +0100
Committer: Noah Slater <ns...@apache.org>
Committed: Thu Mar 7 22:38:50 2013 +0000
----------------------------------------------------------------------
CHANGES | 44 +++++++++++++++++++++++++++++---------------
1 file changed, 29 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/e2eb3e92/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 154481b..dd07197 100644
--- a/CHANGES
+++ b/CHANGES
@@ -191,31 +191,45 @@ Build System:
Version 1.1.1
-------------
- * Support SpiderMonkey 1.8.5
+HTTP Interface:
+
* Add configurable maximum to the number of bytes returned by _log.
- * Allow CommonJS modules to be an empty string.
- * Bump minimum Erlang version to R13B02.
- * Do not run deleted validate_doc_update functions.
* ETags for views include current sequence if include_docs=true.
* Fix bug where duplicates can appear in _changes feed.
- * Fix bug where update handlers break after conflict resolution.
- * Fix bug with _replicator where include "filter" could crash couch.
- * Fix crashes when compacting large views.
- * Fix file descriptor leak in _log
* Fix missing revisions in _changes?style=all_docs.
- * Improve handling of compaction at max_dbs_open limit.
* JSONP responses now send "text/javascript" for Content-Type.
- * Link to ICU 4.2 on Windows.
* Permit forward slashes in path to update functions.
- * Reap couchjs processes that hit reduce_overflow error.
* Status code can be specified in update handlers.
- * Support provides() in show functions.
* _view_cleanup when ddoc has no views now removes all index files.
- * max_replication_retry_count now supports "infinity".
- * Fix replication crash when source database has a document with empty ID.
- * Fix deadlock when assigning couchjs processes to serve requests.
* Fixes to the document multipart PUT API.
+
+Core Database:
+
* Fixes regarding file descriptor leaks for databases with views.
+ * Fix bug where update handlers break after conflict resolution.
+ * Fix file descriptor leak in _log
+ * Improve handling of compaction at max_dbs_open limit.
+ * Fix crashes when compacting large views.
+
+Query Server:
+
+ * Support SpiderMonkey 1.8.5
+ * Support provides() in show functions.
+ * Fix deadlock when assigning couchjs processes to serve requests.
+ * Allow CommonJS modules to be an empty string.
+ * Reap couchjs processes that hit reduce_overflow error.
+
+Replicator:
+
+ * max_replication_retry_count now supports "infinity".
+ * Fix replication crash when source database has a document with empty ID.
+ * Fix bug with _replicator where include "filter" could crash couch.
+
+Misc:
+
+ * Bump minimum Erlang version to R13B02.
+ * Link to ICU 4.2 on Windows.
+ * Do not run deleted validate_doc_update functions.
Version 1.1.0
-------------
[17/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/6302d1bb
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/6302d1bb
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/6302d1bb
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 6302d1bb75a319613d9e060182e03d99fb4ddce4
Parents: 0960a06
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:46:49 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:46:49 2013 +0000
----------------------------------------------------------------------
CHANGES | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/6302d1bb/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 496f7b1..bc97b75 100644
--- a/CHANGES
+++ b/CHANGES
@@ -148,6 +148,45 @@ Log System:
* Log correct stacktrace in all cases.
* Improvements to log messages for file-related errors.
+Version 1.1.2
+-------------
+
+Security:
+
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+ backslashes in URLs on Windows
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with
+ Adobe Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+ UI
+
+HTTP Interface:
+
+ * ETag of attachment changes only when the attachment changes, not
+ the document.
+ * Fix retrieval of headers larger than 4k.
+ * Allow OPTIONS HTTP method for list requests.
+ * Don't attempt to encode invalid json.
+
+Replicator:
+
+ * Fix pull replication of documents with many revisions.
+ * Fix replication from an HTTP source to an HTTP target.
+
+View Server:
+
+ * Avoid invalidating view indexes when running out of file descriptors.
+
+Log System:
+
+ * Improvements to log messages for file-related errors.
+
+Build System:
+
+ * Don't `ln` the `couchjs` install target on Windows
+ * Remove ICU version dependency on Windows.
+ * Improve SpiderMonkey version detection.
+
Version 1.1.1
-------------
[11/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Added CVE-2012-5641, CVE-2012-5649, and CVE-2012-5650 to NEWS and CHANGES in 1.2.x branch
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/891f1624
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/891f1624
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/891f1624
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 891f162440fe6d2074f6f34fd5ec4f759ae6de3b
Parents: 09063e9
Author: Noah Slater <ns...@apache.org>
Authored: Mon Feb 25 19:53:36 2013 +0000
Committer: Robert Newson <rn...@apache.org>
Committed: Mon Feb 25 20:11:37 2013 +0000
----------------------------------------------------------------------
CHANGES | 9 +++++++++
NEWS | 6 ++++++
2 files changed, 15 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/891f1624/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 44a310b..496f7b1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,15 @@ Note that this version has not been released yet.
Version 1.2.1
-------------
+Security:
+
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+ backslashes in URLs on Windows
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe
+ Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+ UI
+
HTTP Interface:
* No longer rewrites the X-CouchDB-Requested-Path during recursive
http://git-wip-us.apache.org/repos/asf/couchdb/blob/891f1624/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 418a319..bb7e4a7 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,12 @@ Note that this version has not been released yet.
Version 1.2.1
-------------
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+ backslashes in URLs on Windows
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe
+ Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+ UI
* Fix various bugs in the URL rewriter when recursion is involved.
* Fix couchdb start script.
* Futon: Disable buttons that aren't available for the logged-in user.
[30/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Added CVE-2010-3854 to NEWS and CHANGES
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/242ea0b8
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/242ea0b8
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/242ea0b8
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 242ea0b8a28111e725e3f0e3075482d3ab4de90d
Parents: a03848a
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 22:04:01 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 22:04:16 2013 +0000
----------------------------------------------------------------------
CHANGES | 4 ++++
NEWS | 1 +
2 files changed, 5 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/242ea0b8/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index d41ab3f..12aa177 100644
--- a/CHANGES
+++ b/CHANGES
@@ -350,6 +350,10 @@ Windows:
Version 1.0.2
-------------
+Security:
+
+ * Fixed CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue
+
Futon:
* Make test suite work with Safari and Chrome.
http://git-wip-us.apache.org/repos/asf/couchdb/blob/242ea0b8/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 517a87f..2a3558c 100644
--- a/NEWS
+++ b/NEWS
@@ -184,6 +184,7 @@ Version 1.0.3
Version 1.0.2
-------------
+ * Fixed CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue
* Make test suite work with Safari and Chrome.
* Fix leaking file handles after compacting databases and views.
* Fix databases forgetting their validation function after compaction.
[08/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
housekeeping after 1.2.1, prepare for 1.2.1
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/34125be2
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/34125be2
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/34125be2
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 34125be210bef91f4715b2e387a4a1bf8d6fab6b
Parents: 5ebfa8e
Author: Jan Lehnardt <ja...@apache.org>
Authored: Thu Jan 10 23:59:51 2013 +0100
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Thu Jan 10 23:59:51 2013 +0100
----------------------------------------------------------------------
CHANGES | 5 +++++
NEWS | 5 +++++
acinclude.m4.in | 2 +-
3 files changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/34125be2/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 8a43648..15b23b8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,11 @@
Apache CouchDB CHANGES
======================
+Version 1.2.2
+-------------
+
+Note that this version has not been released yet.
+
Version 1.2.1
-------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/34125be2/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 4139a65..418a319 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,11 @@ For details about backwards incompatible changes, see:
Each release section notes when backwards incompatible changes have been made.
+Version 1.2.2
+-------------
+
+Note that this version has not been released yet.
+
Version 1.2.1
-------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/34125be2/acinclude.m4.in
----------------------------------------------------------------------
diff --git a/acinclude.m4.in b/acinclude.m4.in
index d9fab8f..eba97f0 100644
--- a/acinclude.m4.in
+++ b/acinclude.m4.in
@@ -18,7 +18,7 @@ m4_define([LOCAL_PACKAGE_NAME], [Apache CouchDB])
m4_define([LOCAL_BUG_URI], [https://issues.apache.org/jira/browse/COUCHDB])
m4_define([LOCAL_VERSION_MAJOR], [1])
m4_define([LOCAL_VERSION_MINOR], [2])
-m4_define([LOCAL_VERSION_REVISION], [1])
+m4_define([LOCAL_VERSION_REVISION], [2])
m4_define([LOCAL_VERSION_STAGE], [])
m4_define([LOCAL_VERSION_RELEASE], [])
m4_define([LOCAL_VERSION_PRIMARY],
[23/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/61c34cb7
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/61c34cb7
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/61c34cb7
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 61c34cb77b87d2c97d1a857363fb380ae4ed613a
Parents: cba6889
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:54:51 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:54:51 2013 +0000
----------------------------------------------------------------------
CHANGES | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/61c34cb7/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index a1b18d5..0b49895 100644
--- a/CHANGES
+++ b/CHANGES
@@ -780,7 +780,7 @@ Replication:
Version 0.9.0
-------------
-Futon Utility Client:
+Futon:
* Added pagination to the database listing page.
* Implemented attachment uploading from the document page.
[02/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Include a comment before jsonp output
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/6637c7fc
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/6637c7fc
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/6637c7fc
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 6637c7fcaff6b586bd603207d88f3eb9bb6912c5
Parents: a315675
Author: Robert Newson <rn...@apache.org>
Authored: Wed Dec 19 00:46:23 2012 +0000
Committer: Robert Newson <rn...@apache.org>
Committed: Wed Dec 19 01:29:57 2012 +0000
----------------------------------------------------------------------
src/couchdb/couch_httpd.erl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/6637c7fc/src/couchdb/couch_httpd.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index 0be7126..58f5ec6 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -746,7 +746,7 @@ start_jsonp() ->
case get(jsonp) of
no_jsonp -> [];
[] -> [];
- CallBack -> CallBack ++ "("
+ CallBack -> ["/* CouchDB */", CallBack, "("]
end.
end_jsonp() ->
[06/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
use more docs in view_compaction test to ensure a difference
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/42eca20f
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/42eca20f
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/42eca20f
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 42eca20f1fe2f602d7b801b03c744d777fa3165d
Parents: 169c5e4
Author: Jan Lehnardt <ja...@apache.org>
Authored: Wed Dec 5 16:26:37 2012 +0100
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Thu Dec 20 18:51:19 2012 +0100
----------------------------------------------------------------------
share/www/script/test/view_compaction.js | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/42eca20f/share/www/script/test/view_compaction.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/view_compaction.js b/share/www/script/test/view_compaction.js
index 4c75184..30c33e0 100644
--- a/share/www/script/test/view_compaction.js
+++ b/share/www/script/test/view_compaction.js
@@ -34,17 +34,17 @@ couchTests.view_compaction = function(debug) {
};
T(db.save(ddoc).ok);
- var docs = makeDocs(0, 1000);
+ var docs = makeDocs(0, 10000);
db.bulkSave(docs);
var resp = db.view('foo/view1', {});
- T(resp.rows.length === 1000);
+ T(resp.rows.length === 10000);
resp = db.view('foo/view2', {});
T(resp.rows.length === 1);
resp = db.designInfo("_design/foo");
- T(resp.view_index.update_seq === 1001);
+ T(resp.view_index.update_seq === 10001);
// update docs
@@ -55,13 +55,13 @@ couchTests.view_compaction = function(debug) {
resp = db.view('foo/view1', {});
- T(resp.rows.length === 1000);
+ T(resp.rows.length === 10000);
resp = db.view('foo/view2', {});
T(resp.rows.length === 1);
resp = db.designInfo("_design/foo");
- T(resp.view_index.update_seq === 2001);
+ T(resp.view_index.update_seq === 20001);
// update docs again...
@@ -72,13 +72,13 @@ couchTests.view_compaction = function(debug) {
resp = db.view('foo/view1', {});
- T(resp.rows.length === 1000);
+ T(resp.rows.length === 10000);
resp = db.view('foo/view2', {});
T(resp.rows.length === 1);
resp = db.designInfo("_design/foo");
- T(resp.view_index.update_seq === 3001);
+ T(resp.view_index.update_seq === 30001);
var disk_size_before_compact = resp.view_index.disk_size;
var data_size_before_compact = resp.view_index.data_size;
@@ -97,13 +97,13 @@ couchTests.view_compaction = function(debug) {
resp = db.view('foo/view1', {});
- T(resp.rows.length === 1000);
+ T(resp.rows.length === 10000);
resp = db.view('foo/view2', {});
T(resp.rows.length === 1);
resp = db.designInfo("_design/foo");
- T(resp.view_index.update_seq === 3001);
+ T(resp.view_index.update_seq === 30001);
T(resp.view_index.disk_size < disk_size_before_compact);
TEquals("number", typeof resp.view_index.data_size, "data size is a number");
T(resp.view_index.data_size < resp.view_index.disk_size, "data size < file size");
[20/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/3884d9e1
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/3884d9e1
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/3884d9e1
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 3884d9e114294b8777b9905823133d7c12a2840a
Parents: 63476dd
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:52:17 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:52:17 2013 +0000
----------------------------------------------------------------------
CHANGES | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/3884d9e1/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index b4c1e84..2fb5597 100644
--- a/CHANGES
+++ b/CHANGES
@@ -271,6 +271,35 @@ URL Rewriter & Vhosts:
* Fix for variable substituion
+Version 1.0.4
+-------------
+
+Security:
+
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+ backslashes in URLs on Windows
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with
+ Adobe Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+ UI
+
+Log System:
+
+ * Fix file descriptor leak in _log.
+
+HTTP Interface:
+
+ * Fix missing revisions in _changes?style=all_docs.
+ * Fix validation of attachment names.
+
+View System:
+
+ * Avoid invalidating view indexes when running out of file descriptors.
+
+Replicator:
+
+ * Fix a race condition where replications can go stale
+
Version 1.0.3
-------------
[34/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Yanked .gitignore from master
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/9dd0c512
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/9dd0c512
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/9dd0c512
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 9dd0c5124d58f9ae70203bd9c88f4117d4c263bb
Parents: e7418c8
Author: Noah Slater <ns...@apache.org>
Authored: Thu Mar 14 11:28:00 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Thu Mar 14 11:28:00 2013 +0000
----------------------------------------------------------------------
.gitignore | 146 +++++++++++++++++++++++++++-----------------------------
1 file changed, 70 insertions(+), 76 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/9dd0c512/.gitignore
----------------------------------------------------------------------
diff --git a/.gitignore b/.gitignore
index cbf2b42..d3217db 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,61 +1,71 @@
+!.gitignore
+!.mailmap
*.beam
+*.diff
*.gz
-*.tpl
-*.o
-*.lo
*.la
-*.m4
-*.in
-*~
+*.lo
+*.o
*.orig
*.rej
-erl_crash.dump
-configure
-autom4te.cache
-build-aux
-*.diff
-
-# ./configure
-
+*.stamp
+*.sw*
+*.tpl
+*~
+.*
+INSTALL
Makefile
-bin/Makefile
+Makefile.in
+THANKS
+acinclude.m4
+aclocal.m4
+apache-couchdb-*
+autom4te.cache
+bin/.deps/
+bin/couch-config
+bin/couch-config_dev
+bin/couchdb
+bin/couchdb.1
+bin/couchjs_dev
+bin/couchpw
+build-aux/config.*
+build-aux/depcomp
+build-aux/install-sh
+build-aux/ltmain.sh
+build-aux/missing
+build-aux/texinfo.tex
config.h
+config.h.in
config.log
config.status
-etc/Makefile
-etc/couchdb/Makefile
-etc/default/Makefile
-etc/init/Makefile
-etc/init/couchdb
-etc/launchd/Makefile
-etc/logrotate.d/Makefile
-libtool
-share/Makefile
-src/couchdb/.deps/*
-src/couchdb/Makefile
-src/couchdb/priv/Makefile
-src/mochiweb/Makefile
-stamp-h1
-test/.deps/
-test/Makefile
-test/javascript/run_js_tests.sh
-var/Makefile
-
-# for make
-
-bin/couchdb
-bin/couchdb.1
-bin/couch-config
-bin/couch-config_dev
+configure
+couchdb.stderr
+couchdb.stdout
+cover/*
+erl_crash.dump
etc/couchdb/default.ini
+etc/couchdb/default_dev.ini
+etc/couchdb/local_dev.ini
+etc/init/couchdb
etc/launchd/org.apache.couchdb.plist
etc/logrotate.d/couchdb
+libtool
+m4
+share/doc/build/CouchDB.log
+share/doc/build/doctrees
+share/doc/build/html
+share/doc/build/latex
+share/doc/build/texinfo
+share/server/main-coffee.js
+share/server/main.js
+src/couch_mrview/ebin/
+src/couch_replicator/ebin/
+src/couchdb/.deps/*
src/couchdb/.libs/*
src/couchdb/couch.app
src/couchdb/couchjs
src/couchdb/edoc-info
src/couchdb/erlang.png
-src/couchdb/stylesheet.css
src/couchdb/priv/.deps/
src/couchdb/priv/.libs/
src/couchdb/priv/couch_icu_driver.la
@@ -63,52 +73,36 @@ src/couchdb/priv/couchjs
src/couchdb/priv/couchjs.1
src/couchdb/priv/couchspawnkillable
src/couchdb/priv/stat_descriptions.cfg
-src/erlang-oauth/oauth.app
-src/ibrowse/ibrowse.app
-src/ejson/ejson.app
+src/couchdb/priv/stat_descriptions.cfg
+src/couchdb/stylesheet.css
src/ejson/.deps/
src/ejson/.libs/
+src/ejson/ejson.app
src/ejson/priv
+src/erlang-oauth/oauth.app
+src/erlang-oauth/oauth.app
+src/ibrowse/ibrowse.app
+src/ibrowse/ibrowse.app
+src/mochiweb/mochiweb.app
src/mochiweb/mochiweb.app
src/snappy/.deps/
src/snappy/.libs/
-src/snappy/priv
-src/snappy/snappy.app
+src/snappy/google-snappy/.deps/
src/snappy/google-snappy/snappy-stubs-public.h
src/snappy/google-snappy/stamp-h2
-src/snappy/google-snappy/.deps/
-test/local.ini
+src/snappy/priv
+src/snappy/snappy.app
+stamp-h1
+test/.deps/
+test/bench/run
test/etap/.deps/
test/etap/run
+test/etap/run
+test/etap/temp.*
test/etap/test_cfg_register
test/etap/test_util.erl
test/javascript/run
-share/server/main.js
-share/server/main-coffee.js
-
-# for make dev
-
-bin/.deps/
-bin/couchjs_dev
-bin/couchpw
-etc/couchdb/default_dev.ini
-etc/couchdb/local_dev.ini
-utils/run
+test/javascript/run_js_tests.sh
+test/local.ini
tmp
-src/couchdb/priv/stat_descriptions.cfg
-src/erlang-oauth/oauth.app
-src/ibrowse/ibrowse.app
-src/mochiweb/mochiweb.app
-test/etap/run
-
-# for make check
-
-test/etap/temp.*
-test/bench/run
-couchdb.stderr
-couchdb.stdout
-
-# for make cover
-
-cover/*
-INSTALL
+utils/run
[05/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
update NEWS & CHANGES
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/169c5e4b
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/169c5e4b
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/169c5e4b
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 169c5e4bc9ace102091471d265a029304c7f4d1f
Parents: 4cd3846
Author: Jan Lehnardt <ja...@apache.org>
Authored: Wed Dec 19 19:08:13 2012 +0100
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Wed Dec 19 19:08:13 2012 +0100
----------------------------------------------------------------------
CHANGES | 17 +++++++++++++++++
NEWS | 4 ++++
2 files changed, 21 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/169c5e4b/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index ac55bd4..aec8a88 100644
--- a/CHANGES
+++ b/CHANGES
@@ -13,6 +13,23 @@ HTTP Interface:
* Limit recursion depth in the URL rewriter. Defaults to a maximum
of 100 invocations but is configurable.
+Build System:
+
+ * Fix couchdb start script.
+ * Win: fix linker invocations.
+
+Futon:
+
+ * Disable buttons that aren't available for the logged-in user.
+
+Replication:
+
+ * Fix potential timeouts.
+
+View System:
+
+ * Change use of signals to avoid broken view groups.
+
Version 1.2.0
-------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/169c5e4b/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 93346f6..6a8f100 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,10 @@ Version 1.2.1
This version has not been released yet.
* Fix various bugs in the URL rewriter when recursion is involved.
+ * Fix couchdb start script.
+ * Futon: Disable buttons that aren't available for the logged-in user.
+ * Fix potential replication timeouts.
+ * Change use of signals to avoid broken view groups.
Version 1.2.0
-------------
[03/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Add test cases for empty keys query parameter
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/cf10ab14
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/cf10ab14
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/cf10ab14
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: cf10ab14aa1fc1742666ca54915ea4ae3235ee97
Parents: 6637c7f
Author: Adam Lofts <Ad...@gmail.com>
Authored: Sun May 20 14:12:03 2012 +0100
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Wed Dec 19 17:01:38 2012 +0100
----------------------------------------------------------------------
share/www/script/test/view_multi_key_all_docs.js | 4 ++++
share/www/script/test/view_multi_key_design.js | 4 ++++
share/www/script/test/view_multi_key_temp.js | 3 +++
3 files changed, 11 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/cf10ab14/share/www/script/test/view_multi_key_all_docs.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/view_multi_key_all_docs.js b/share/www/script/test/view_multi_key_all_docs.js
index 1113be4..7c7f6f8 100644
--- a/share/www/script/test/view_multi_key_all_docs.js
+++ b/share/www/script/test/view_multi_key_all_docs.js
@@ -88,4 +88,8 @@ couchTests.view_multi_key_all_docs = function(debug) {
T(rows[1].error == "not_found");
T(!rows[1].id);
T(rows[2].id == rows[2].key && rows[2].key == "0");
+
+ // empty keys
+ rows = db.allDocs({keys: []}, null).rows;
+ T(rows.length == 0);
};
http://git-wip-us.apache.org/repos/asf/couchdb/blob/cf10ab14/share/www/script/test/view_multi_key_design.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/view_multi_key_design.js b/share/www/script/test/view_multi_key_design.js
index 3839695..a84d07a 100644
--- a/share/www/script/test/view_multi_key_design.js
+++ b/share/www/script/test/view_multi_key_design.js
@@ -61,6 +61,10 @@ couchTests.view_multi_key_design = function(debug) {
T(rows[i].key == rows[i].value);
}
+ // with empty keys
+ rows = db.view("test/all_docs",{keys:[]},null).rows;
+ T(rows.length == 0);
+
var reduce = db.view("test/summate",{group:true},keys).rows;
T(reduce.length == keys.length);
for(var i=0; i<reduce.length; i++) {
http://git-wip-us.apache.org/repos/asf/couchdb/blob/cf10ab14/share/www/script/test/view_multi_key_temp.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/view_multi_key_temp.js b/share/www/script/test/view_multi_key_temp.js
index 55eefda..3c05409 100644
--- a/share/www/script/test/view_multi_key_temp.js
+++ b/share/www/script/test/view_multi_key_temp.js
@@ -34,4 +34,7 @@ couchTests.view_multi_key_temp = function(debug) {
T(keys.indexOf(reduce[i].key) != -1);
T(reduce[i].key == reduce[i].value);
}
+
+ rows = db.query(queryFun, null, {}, []).rows;
+ T(rows.length == 0);
};
[41/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Prevent creation of empty attachment names via inline API.
It is possible to create an attachment using the inline
attachment API that has the empty string "" as the name:
{
"_id":"11612aba0238dc0dd8c2d37e7909b4e6",
"_attachments": {
"": {...}
}
}
Attachments created this way can’t be retrieved via the
standalone attachment API.
This patch adds testing for the empty string in the
`validate_attachment_name` function.
Closes COUCHDB-1832
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/ad774b6e
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/ad774b6e
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/ad774b6e
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: ad774b6e096d5011a16837e600db70204e9ae28c
Parents: 7cdedb0
Author: Jan Lehnardt <ja...@apache.org>
Authored: Tue Jun 18 16:28:30 2013 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Tue Jun 18 16:31:49 2013 +0200
----------------------------------------------------------------------
share/www/script/test/attachment_names.js | 19 +++++++++++++++++++
src/couchdb/couch_httpd_db.erl | 2 ++
2 files changed, 21 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/ad774b6e/share/www/script/test/attachment_names.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/attachment_names.js b/share/www/script/test/attachment_names.js
index 334350c..7adc13c 100644
--- a/share/www/script/test/attachment_names.js
+++ b/share/www/script/test/attachment_names.js
@@ -48,6 +48,25 @@ couchTests.attachment_names = function(debug) {
resp = db.save(binAttDoc);
TEquals(true, resp.ok, "attachment_name: inline attachment");
+ // COUCHDB-1832 Inline Attachment API allows empty names
+ var binAttDoc4 = {
+ _id: "bin_doc4",
+ _attachments:{
+ "": {
+ content_type:"text/plain",
+ data: "VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVkIHRleHQ="
+ }
+ }
+ };
+
+ try {
+ resp = db.save(binAttDoc4);
+ TEquals(1,2, "should throw on empty attachment names");
+ } catch (e) {
+ TEquals(e.error, "bad_request", "should return bad_request");
+ TEquals(e.reason, "Attachment name can't be empty",
+ "should state that attachment name can't be empty");
+ }
// standalone docs
var bin_data = "JHAPDO*AU£PN ){(3u[d 93DQ9¡€])} ææøo'∂ƒæ≤çæππ•¥∫¶®#†π¶®¥π€ª®˙π8np";
http://git-wip-us.apache.org/repos/asf/couchdb/blob/ad774b6e/src/couchdb/couch_httpd_db.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl
index 9f68002..c0969cf 100644
--- a/src/couchdb/couch_httpd_db.erl
+++ b/src/couchdb/couch_httpd_db.erl
@@ -1374,6 +1374,8 @@ validate_attachment_name(Name) when is_list(Name) ->
validate_attachment_name(list_to_binary(Name));
validate_attachment_name(<<"_",_/binary>>) ->
throw({bad_request, <<"Attachment name can't start with '_'">>});
+validate_attachment_name(<<"">>) ->
+ throw({bad_request, <<"Attachment name can't be empty">>});
validate_attachment_name(Name) ->
case couch_util:validate_utf8(Name) of
true -> Name;
[19/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/63476ddd
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/63476ddd
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/63476ddd
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 63476dddb2c22f718ee70906930f1aa6418b6de2
Parents: 13fb8bc
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:51:13 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:51:13 2013 +0000
----------------------------------------------------------------------
CHANGES | 50 +++++++++++++++++++++++++-------------------------
1 file changed, 25 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/63476ddd/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index bc97b75..b4c1e84 100644
--- a/CHANGES
+++ b/CHANGES
@@ -190,31 +190,31 @@ Build System:
Version 1.1.1
-------------
-* Support SpiderMonkey 1.8.5
-* Add configurable maximum to the number of bytes returned by _log.
-* Allow CommonJS modules to be an empty string.
-* Bump minimum Erlang version to R13B02.
-* Do not run deleted validate_doc_update functions.
-* ETags for views include current sequence if include_docs=true.
-* Fix bug where duplicates can appear in _changes feed.
-* Fix bug where update handlers break after conflict resolution.
-* Fix bug with _replicator where include "filter" could crash couch.
-* Fix crashes when compacting large views.
-* Fix file descriptor leak in _log
-* Fix missing revisions in _changes?style=all_docs.
-* Improve handling of compaction at max_dbs_open limit.
-* JSONP responses now send "text/javascript" for Content-Type.
-* Link to ICU 4.2 on Windows.
-* Permit forward slashes in path to update functions.
-* Reap couchjs processes that hit reduce_overflow error.
-* Status code can be specified in update handlers.
-* Support provides() in show functions.
-* _view_cleanup when ddoc has no views now removes all index files.
-* max_replication_retry_count now supports "infinity".
-* Fix replication crash when source database has a document with empty ID.
-* Fix deadlock when assigning couchjs processes to serve requests.
-* Fixes to the document multipart PUT API.
-* Fixes regarding file descriptor leaks for databases with views.
+ * Support SpiderMonkey 1.8.5
+ * Add configurable maximum to the number of bytes returned by _log.
+ * Allow CommonJS modules to be an empty string.
+ * Bump minimum Erlang version to R13B02.
+ * Do not run deleted validate_doc_update functions.
+ * ETags for views include current sequence if include_docs=true.
+ * Fix bug where duplicates can appear in _changes feed.
+ * Fix bug where update handlers break after conflict resolution.
+ * Fix bug with _replicator where include "filter" could crash couch.
+ * Fix crashes when compacting large views.
+ * Fix file descriptor leak in _log
+ * Fix missing revisions in _changes?style=all_docs.
+ * Improve handling of compaction at max_dbs_open limit.
+ * JSONP responses now send "text/javascript" for Content-Type.
+ * Link to ICU 4.2 on Windows.
+ * Permit forward slashes in path to update functions.
+ * Reap couchjs processes that hit reduce_overflow error.
+ * Status code can be specified in update handlers.
+ * Support provides() in show functions.
+ * _view_cleanup when ddoc has no views now removes all index files.
+ * max_replication_retry_count now supports "infinity".
+ * Fix replication crash when source database has a document with empty ID.
+ * Fix deadlock when assigning couchjs processes to serve requests.
+ * Fixes to the document multipart PUT API.
+ * Fixes regarding file descriptor leaks for databases with views.
Version 1.1.0
-------------
[33/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Updated NEWS and CHANGES for 1.2.x
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/e7418c85
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/e7418c85
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/e7418c85
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: e7418c8505b4456c6296b30dac371dd6e919eff1
Parents: e2eb3e9
Author: Noah Slater <ns...@apache.org>
Authored: Thu Mar 14 11:27:03 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Thu Mar 14 11:27:03 2013 +0000
----------------------------------------------------------------------
CHANGES | 14 +++++++-------
NEWS | 8 ++++----
2 files changed, 11 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/e7418c85/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index dd07197..80cdf60 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,13 +1,13 @@
Apache CouchDB CHANGES
======================
-# Version 1.2.2
-# -------------
-#
-# This version has not been released yet.
-#
-# * Reset rewrite counter on new request, avoiding unnecessary request
-# failures due to bogus rewrite limit reports
+Version 1.2.2
+-------------
+
+This version has not been released yet.
+
+ * Reset rewrite counter on new request, avoiding unnecessary request failures
+ due to bogus rewrite limit reports.
Version 1.2.1
-------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/e7418c85/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 912dd75..00a773c 100644
--- a/NEWS
+++ b/NEWS
@@ -7,10 +7,10 @@ For details about backwards incompatible changes, see:
Each release section notes when backwards incompatible changes have been made.
-# Version 1.2.2
-# -------------
-#
-# This version has not been released yet.
+Version 1.2.2
+-------------
+
+ * Fixed rewrite counter bug.
Version 1.2.1
-------------
[10/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Reset rewrite counter on new request
We were spuriously throwing rewrite limit exceeded for non-looping
rewrites. This patch resets the count to zero at the start of a new
request and adds a test.
COUCHDB-1651
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/09063e93
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/09063e93
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/09063e93
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 09063e937d1c7884ceedd7738bb309749df3b169
Parents: 1f22df7
Author: Robert Newson <rn...@apache.org>
Authored: Sun Feb 24 20:15:51 2013 +0000
Committer: Robert Newson <rn...@apache.org>
Committed: Sun Feb 24 20:35:49 2013 +0000
----------------------------------------------------------------------
CHANGES | 3 +++
share/www/script/test/rewrite.js | 19 ++++++++++++++++++-
src/couchdb/couch_db.hrl | 2 ++
src/couchdb/couch_httpd.erl | 2 ++
src/couchdb/couch_httpd_rewrite.erl | 17 +++++++----------
5 files changed, 32 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/09063e93/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 15b23b8..44a310b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,9 @@ Version 1.2.2
Note that this version has not been released yet.
+* Reset rewrite counter on new request, avoiding unnecessary request
+ failures due to bogus rewrite limit reports
+
Version 1.2.1
-------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/09063e93/share/www/script/test/rewrite.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/rewrite.js b/share/www/script/test/rewrite.js
index 352e6b9..6a7fa10 100644
--- a/share/www/script/test/rewrite.js
+++ b/share/www/script/test/rewrite.js
@@ -464,6 +464,7 @@ couchTests.rewrite = function(debug) {
};
db.save(ddoc_loop);
+ // Assert loop detection
run_on_modified_server(
[{section: "httpd",
key: "rewrite_limit",
@@ -471,6 +472,22 @@ couchTests.rewrite = function(debug) {
function(){
var url = "/test_suite_db/_design/loop/_rewrite/loop";
var xhr = CouchDB.request("GET", url);
- T(xhr.status = 400);
+ TEquals(400, xhr.status);
+ });
+
+ // Assert serial execution is not spuriously counted as loop
+ run_on_modified_server(
+ [{section: "httpd",
+ key: "rewrite_limit",
+ value: "2"},
+ {section: "httpd",
+ key: "secure_rewrites",
+ value: "false"}],
+ function(){
+ var url = "/test_suite_db/_design/test/_rewrite/foo";
+ for (var i=0; i < 5; i++) {
+ var xhr = CouchDB.request("GET", url);
+ TEquals(200, xhr.status);
+ }
});
}
http://git-wip-us.apache.org/repos/asf/couchdb/blob/09063e93/src/couchdb/couch_db.hrl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_db.hrl b/src/couchdb/couch_db.hrl
index 59a5815..74dd454 100644
--- a/src/couchdb/couch_db.hrl
+++ b/src/couchdb/couch_db.hrl
@@ -21,6 +21,8 @@
% the lowest possible database sequence number
-define(LOWEST_SEQ, 0).
+-define(REWRITE_COUNT, couch_rewrite_count).
+
-define(JSON_ENCODE(V), ejson:encode(V)).
-define(JSON_DECODE(V), ejson:decode(V)).
http://git-wip-us.apache.org/repos/asf/couchdb/blob/09063e93/src/couchdb/couch_httpd.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index 58f5ec6..79ef6fb 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -219,6 +219,8 @@ make_fun_spec_strs(SpecStr) ->
handle_request(MochiReq, DefaultFun, UrlHandlers, DbUrlHandlers,
DesignUrlHandlers) ->
+ %% reset rewrite count for new request
+ erlang:put(?REWRITE_COUNT, 0),
MochiReq1 = couch_httpd_vhost:dispatch_host(MochiReq),
http://git-wip-us.apache.org/repos/asf/couchdb/blob/09063e93/src/couchdb/couch_httpd_rewrite.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_rewrite.erl b/src/couchdb/couch_httpd_rewrite.erl
index 207891a..d8c7be9 100644
--- a/src/couchdb/couch_httpd_rewrite.erl
+++ b/src/couchdb/couch_httpd_rewrite.erl
@@ -119,17 +119,14 @@ handle_rewrite_req(#httpd{
Prefix = <<"/", DbName/binary, "/", DesignId/binary>>,
QueryList = lists:map(fun decode_query_value/1, couch_httpd:qs(Req)),
- MaxRewritesList = couch_config:get("httpd", "rewrite_limit", "100"),
- MaxRewrites = list_to_integer(MaxRewritesList),
- NRewrites = case get(couch_rewrite_count) of
- undefined ->
- put(couch_rewrite_count, 1);
- NumRewrites when NumRewrites < MaxRewrites ->
- put(couch_rewrite_count, NumRewrites + 1);
- _ ->
- throw({bad_request, <<"Exceeded rewrite recursion limit">>})
+ RewritesSoFar = erlang:get(?REWRITE_COUNT),
+ MaxRewrites = list_to_integer(couch_config:get("httpd", "rewrite_limit", "100")),
+ case RewritesSoFar >= MaxRewrites of
+ true ->
+ throw({bad_request, <<"Exceeded rewrite recursion limit">>});
+ false ->
+ erlang:put(?REWRITE_COUNT, RewritesSoFar + 1)
end,
-
#doc{body={Props}} = DDoc,
% get rules from ddoc
[38/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Posted by ja...@apache.org.
Update year
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/4ca5e45f
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/4ca5e45f
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/4ca5e45f
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 4ca5e45f7b99ccac58f7adb811f181a421c0f266
Parents: b5d18fe
Author: Noah Slater <ns...@apache.org>
Authored: Sat Mar 23 20:23:10 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Sat Mar 23 20:23:10 2013 +0000
----------------------------------------------------------------------
NOTICE | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/4ca5e45f/NOTICE
----------------------------------------------------------------------
diff --git a/NOTICE b/NOTICE
index ef3ff9e..e858a8a 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
Apache CouchDB
-Copyright 2009-2012 The Apache Software Foundation
+Copyright 2009-2013 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).