Oops. Datestamp CHANGES file.

git-svn-id: http://viewvc.tigris.org/svn/viewvc/tags/1.1.19@2886 8cb11bc2-c004-0410-86c3-e597b4017df7

CHANGES

@@ -1,3 +1,55 @@
+Version 1.1.19 (released 22-Apr-2013)
+
+  * improve root lookup performance (issue #523)
+  * new 'max_filesize_kbytes' config option and handling (issue #524)
+  * tarball generation improvements:
+    - preserve Subversion symlinks in generated tarballs (issue #487)
+    - reduce memory usage of tarball generation logic
+    - fix double compression of generated tarballs (issue #525)
+  * file content handling improvements:
+    - expanded support for encoding detection and transcoding (issue #11)
+    - fix tab-to-space conversion bugs in markup, annotate, and diff views
+    - fix handling of trailing whitespace in diff view
+  * add support for timestamp display in ISO8601 format (issue #46)
+
+Version 1.1.18 (released 28-Feb-2013)
+
+  * fix exception raised by BDB-backed SVN repositories (issue #519)
+  * hide revision-less files when rcsparse is in use
+  * include branchpoints in branch views using rcsparse (issue #347)
+  * miscellaneous cvsdb improvements:
+    - add --port option to make-database (issue #521)
+    - explicitly name columns in queries (issue #522)
+    - update MySQL syntax to avoid discontinued "TYPE=" terms
+
+Version 1.1.17 (released 25-Oct-2012)
+
+  * fix exception caused by uninitialized variable usage (issue #516)
+
+Version 1.1.16 (released 24-Oct-2012)
+
+  * security fix: escape "extra" diff info to avoid XSS attack (issue #515)
+  * add 'binary_mime_types' configuration option and handling (issue #510)
+  * fix 'select for diffs' persistence across log pages (issue #512)
+  * remove lock status and filesize check on directories in remote SVN views
+  * fix bogus 'Annotation of' page title for non-annotated view (issue #514)
+
+Version 1.1.15 (released 22-Jun-2012)
+
+  * security fix: complete authz support for remote SVN views (issue #353)
+  * security fix: log msg leak in SVN revision view with unreadable copy source
+  * fix several instances of incorrect information in remote SVN views
+  * increase performance of some revision metadata lookups in remote SVN views
+  * fix RSS feed regression introduced in 1.1.14
+
+Version 1.1.14 (released 12-Jun-2012)
+
+  * fix annotation of svn files with non-URI-safe paths (issue #504)
+  * handle file:/// Subversion rootpaths as local roots (issue #446)
+  * fix bug caused by trying to case-normalize anon usernames (issue #505)
+  * speed up log handling by reusing tokenization results (issue #506)
+  * add support for custom revision log markup rules (issue #246)
+
 Version 1.1.13 (released 23-Jan-2012)
 
   * fix svndbadmin failure on deleted paths under Subversion 1.7 (issue #499)
@@ -38,7 +90,6 @@ Version 1.1.9 (released 18-Feb-2011)
   * make revision log "extra pages" count configurable
   * fix Subversion 1.4.x revision log compatibility code regression
   * display sanitized error when authzfile is malformed
-  * handle file:/// Subversion rootpaths as local roots (issue #446)
   * restore markup of URLs in file contents (issue #455)
   * optionally display last-committed metadata in roots view (issue #457)
 

LICENSE.html

@@ -15,7 +15,7 @@
 
 <blockquote>
 
-<p><strong>Copyright &copy; 1999-2012 The ViewCVS Group.  All rights
+<p><strong>Copyright &copy; 1999-2013 The ViewCVS Group.  All rights
    reserved.</strong></p>
 
 <p>By using ViewVC, you agree to the terms and conditions set forth
@@ -63,6 +63,7 @@
   <li>March 29, 2010 &mdash; copyright years updated</li>
   <li>February 18, 2011 &mdash; copyright years updated</li>
   <li>January 23, 2012 &mdash; copyright years updated</li>
+  <li>January 04, 2013 &mdash; copyright years updated</li>
 </ul>
 
 </body>

bin/asp/query.asp

@@ -3,7 +3,7 @@
 
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/asp/viewvc.asp

@@ -3,7 +3,7 @@
 
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/cgi/query.cgi

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/cgi/viewvc.cgi

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/cvsdbadmin

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/loginfo-handler

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/make-database

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC
@@ -40,7 +40,7 @@ CREATE TABLE branches (
   branch varchar(64) binary DEFAULT '' NOT NULL,
   PRIMARY KEY (id),
   UNIQUE branch (branch)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS checkins;
 CREATE TABLE checkins (
@@ -63,7 +63,7 @@ CREATE TABLE checkins (
   KEY dirid (dirid),
   KEY fileid (fileid),
   KEY branchid (branchid)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS descs;
 CREATE TABLE descs (
@@ -72,7 +72,7 @@ CREATE TABLE descs (
   hash bigint(20) DEFAULT '0' NOT NULL,
   PRIMARY KEY (id),
   KEY hash (hash)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS dirs;
 CREATE TABLE dirs (
@@ -80,7 +80,7 @@ CREATE TABLE dirs (
   dir varchar(255) binary DEFAULT '' NOT NULL,
   PRIMARY KEY (id),
   UNIQUE dir (dir)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS files;
 CREATE TABLE files (
@@ -88,7 +88,7 @@ CREATE TABLE files (
   file varchar(255) binary DEFAULT '' NOT NULL,
   PRIMARY KEY (id),
   UNIQUE file (file)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS people;
 CREATE TABLE people (
@@ -96,7 +96,7 @@ CREATE TABLE people (
   who varchar(128) binary DEFAULT '' NOT NULL,
   PRIMARY KEY (id),
   UNIQUE who (who)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS repositories;
 CREATE TABLE repositories (
@@ -104,7 +104,7 @@ CREATE TABLE repositories (
   repository varchar(64) binary DEFAULT '' NOT NULL,
   PRIMARY KEY (id),
   UNIQUE repository (repository)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS tags;
 CREATE TABLE tags (
@@ -118,7 +118,7 @@ CREATE TABLE tags (
   KEY dirid (dirid),
   KEY fileid (fileid),
   KEY branchid (branchid)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 """
 
 ## ------------------------------------------------------------------------
@@ -132,7 +132,7 @@ CREATE TABLE branches (
   branch varchar(64) binary DEFAULT '' NOT NULL,
   PRIMARY KEY (id),
   UNIQUE branch (branch)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS commits;
 CREATE TABLE commits (
@@ -156,7 +156,7 @@ CREATE TABLE commits (
   KEY fileid (fileid),
   KEY branchid (branchid),
   KEY descid (descid)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS descs;
 CREATE TABLE descs (
@@ -165,7 +165,7 @@ CREATE TABLE descs (
   hash bigint(20) DEFAULT '0' NOT NULL,
   PRIMARY KEY (id),
   KEY hash (hash)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS dirs;
 CREATE TABLE dirs (
@@ -173,7 +173,7 @@ CREATE TABLE dirs (
   dir varchar(255) binary DEFAULT '' NOT NULL,
   PRIMARY KEY (id),
   UNIQUE dir (dir)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS files;
 CREATE TABLE files (
@@ -181,7 +181,7 @@ CREATE TABLE files (
   file varchar(255) binary DEFAULT '' NOT NULL,
   PRIMARY KEY (id),
   UNIQUE file (file)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS people;
 CREATE TABLE people (
@@ -189,7 +189,7 @@ CREATE TABLE people (
   who varchar(128) binary DEFAULT '' NOT NULL,
   PRIMARY KEY (id),
   UNIQUE who (who)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS repositories;
 CREATE TABLE repositories (
@@ -197,7 +197,7 @@ CREATE TABLE repositories (
   repository varchar(64) binary DEFAULT '' NOT NULL,
   PRIMARY KEY (id),
   UNIQUE repository (repository)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS tags;
 CREATE TABLE tags (
@@ -211,7 +211,7 @@ CREATE TABLE tags (
   KEY dirid (dirid),
   KEY fileid (fileid),
   KEY branchid (branchid)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 
 DROP TABLE IF EXISTS metadata;
 CREATE TABLE metadata (
@@ -219,7 +219,7 @@ CREATE TABLE metadata (
   value text,
   PRIMARY KEY (name),
   UNIQUE name (name)
-) TYPE=MyISAM;
+) ENGINE=MyISAM;
 INSERT INTO metadata (name, value) VALUES ('version', '1');
 """
 
@@ -245,6 +245,10 @@ options.)  This script will use the 'mysql' program to create the
 database for you.  You will then need to set the appropriate
 parameters in the [cvsdb] section of your viewvc.conf file.
 
+NOTE: If a hostname or port is supplied at the command line or during
+interactive prompting, this script will pass '--protocol=TCP' to
+'mysql'.
+
 Options:
 
   --dbname=ARG        Use ARG as the ViewVC database name to create.
@@ -253,7 +257,8 @@ Options:
   --help              Show this usage message.
   
   --hostname=ARG      Use ARG as the hostname for the MySQL connection.
-                      [Default: localhost]
+
+  --port=ARG          Use ARG as the port for the MySQL connection.
 
   --password=ARG      Use ARG as the password for the MySQL connection.
 
@@ -273,10 +278,11 @@ Options:
 if __name__ == "__main__":
   try:
     # Parse the command-line options, if any.
-    dbname = version = hostname = username = password = None
+    dbname = version = hostname = port = username = password = None
     opts, args = getopt.getopt(sys.argv[1:], '', [ 'dbname=',
                                                    'help',
                                                    'hostname=',
+                                                   'port=',
                                                    'password=',
                                                    'username=',
                                                    'version=',
@@ -290,6 +296,8 @@ if __name__ == "__main__":
         dbname = value
       elif name == '--hostname':
         hostname = value
+      elif name == '--port':
+        port = value
       elif name == '--username':
         username = value
       elif name == '--password':
@@ -302,7 +310,9 @@ if __name__ == "__main__":
 
     # Prompt for information not provided via command-line options.
     if hostname is None:
-      hostname = raw_input("MySQL Hostname [default: localhost]: ") or ""
+      hostname = raw_input("MySQL Hostname (leave blank for default): ")
+    if port is None:
+      port = raw_input("MySQL Port (leave blank for default): ")
     if username is None:
       username = raw_input("MySQL User: ")
     if password is None:
@@ -310,7 +320,7 @@ if __name__ == "__main__":
     if dbname is None:
       dbname = raw_input("ViewVC Database Name [default: ViewVC]: ") or "ViewVC"
 
-    # Create the database
+    # Create the database.
     dscript = string.replace(DATABASE_SCRIPT_COMMON, "<dbname>", dbname)
     if version == "1.0":
       print BONSAI_COMPAT
@@ -318,16 +328,22 @@ if __name__ == "__main__":
     else:
       dscript = dscript + DATABASE_SCRIPT_VERSION_1
 
-    host_option = hostname and "--host=%s" % (hostname) or ""
+    # Calculate command arguments.
+    cmd_args = "--user=%s --password=%s" % (username, password)
+    if hostname or port:
+      cmd_args = cmd_args + " --protocol=TCP"
+    if hostname:
+      cmd_args = cmd_args + " --host=%s" % (hostname)
+    if port:
+      cmd_args = cmd_args + " --port=%s" % (port)
+      
     if sys.platform == "win32":
-      cmd = "mysql --user=%s --password=%s %s "\
-            % (username, password, host_option)
+      cmd = "mysql %s" % (cmd_args)
       mysql = os.popen(cmd, "w") # popen2.Popen3 is not provided on windows
       mysql.write(dscript)
       status = mysql.close()
     else:
-      cmd = "{ mysql --user=%s --password=%s %s ; } 2>&1" \
-            % (username, password, host_option)
+      cmd = "{ mysql %s ; } 2>&1" % (cmd_args)
       pipes = popen2.Popen3(cmd)
       pipes.tochild.write(dscript)
       pipes.tochild.close()

bin/mod_python/handler.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/mod_python/query.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/mod_python/viewvc.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/standalone.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/svndbadmin

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*-python-*-
 #
-# Copyright (C) 2004-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 2004-2013 The ViewCVS Group. All Rights Reserved.
 # Copyright (C) 2004-2007 James Henstridge
 #
 # By using this file, you agree to the terms and conditions set forth in

bin/wsgi/query.fcgi

@@ -1,7 +1,7 @@
 #!/usr/bin/python
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/wsgi/query.wsgi

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/wsgi/viewvc.fcgi

@@ -1,7 +1,7 @@
 #!/usr/bin/python
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

bin/wsgi/viewvc.wsgi

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

conf/viewvc.conf.dist

@@ -391,6 +391,24 @@
 ##
 #allowed_views = annotate, diff, markup, roots
 
+## Comma-delimited list of MIME content types (with support for fnmatch-
+## style glob characters) which are considered not-human-readable and for
+## which ViewVC will neither generate links to, nor support the direct
+## display of, non-checkout views which carry the file's content (the
+## 'markup', 'annotate', 'diff', and 'patch' views).
+##
+## NOTE: Handling of this option is given priority over ViewVC's
+## longstanding support for showing web-friendly file formats -- even
+## binary ones such as "image/jpeg" and "image/gif" -- in the 'markup'
+## view.  Thus, if you add "image/*" to this list, 'markup'-view
+## display of JPEG, GIF, and PNG images will be disabled.
+##
+## Example:
+## binary_mime_types = application/octet-stream, image/*, application/pdf, 
+##                     application/vnd*, application/msword, audio/*
+#
+#binary_mime_types =
+
 ## authorizer: The name of the ViewVC authorizer plugin to use when
 ## authorizing access to repository contents.  This value must be the
 ## name of a Python module addressable as vcauth.MODULENAME (most
@@ -433,6 +451,26 @@
 ##
 #mangle_email_addresses = 0
 
+## custom_log_formatting: Specifies mappings of regular expressions to
+## substitution format strings used to URL-ize strings found in
+## revision log messages.  Multiple mappings (specified as
+## REGEXP:FORMATSTRING) may be defined, separated by commas.
+##
+## NOTE: Due to a limitation of the configuration format, commas may
+## not be used in the regular expression portion of each mapping.
+## Commas "in the raw" may not be used in the format string portion,
+## either, but you can probably use the URI-encoded form of the comma
+## ("%2C") instead with no ill side-effects.  If you must specify a
+## colon character in either the regular expression or the format
+## string, escape it with a preceding backslash ("\:").
+##
+## Example:
+## custom_log_formatting =
+##     artf[0-9]+ : http://example.com/tracker?id=\0,
+##     issue ([0-9]+) : http://example.com/bug?id=\1&opts=full%2csortby=id
+##
+#custom_log_formatting =
+
 ## default_file_view: "log", "co", or "markup"
 ## Controls whether the default view for file URLs is a checkout view or
 ## a log view. "log" is the default for backwards compatibility with old
@@ -472,6 +510,15 @@
 ##
 #svn_ignore_mimetype = 0
 
+## max_filesize_kbytes: Limit ViewVC's processing of file contents in
+## "markup" and "annotate" views to only those files which are smaller
+## than this setting, expressed in kilobytes.  Set to 0 to disable
+## this safeguard.
+##
+## NOTE: The "co" and "tar" views are unaffected by this setting.
+## 
+#max_filesize_kbytes = 512
+
 ## svn_config_dir: Path of the Subversion runtime configuration
 ## directory ViewVC should consult for various things, including cached
 ## remote authentication credentials.  If unset, Subversion will use
@@ -541,7 +588,7 @@
 ## (Only works well for C source files, otherwise diff's heuristic falls short.)
 ## ('-p' option to diff)
 ##
-#hr_funout = 0
+#hr_funout = 1
 
 ## hr_ignore_white: Ignore whitespace (indendation and stuff) for human
 ## readable diffs.
@@ -639,6 +686,10 @@
 ##
 #use_localtime = 0
 
+## iso8601_dates: Display timestamps using a standard ISO-8601 format.
+##
+#iso8601_timestamps = 0
+
 ## short_log_len: The length (in characters) to which the most recent
 ## log entry should be truncated when shown in the directory view.
 ##
@@ -655,15 +706,15 @@
 ##
 #enable_syntax_coloration = 1
 
-## tabsize: The number of spaces into which tabstops are converted
-## when viewing file contents.
+## tabsize: The number of spaces into which horizontal tab characters
+## are converted when viewing file contents.  Set to 0 to preserve
+## tab characters.
 ##
 #tabsize = 8
 
 ## detect_encoding: Should we attempt to detect versioned file
 ## character encodings?  [Requires 'chardet' module, and is currently
-## used only by the syntax coloration logic -- if enabled -- for the
-## 'markup' and 'annotate' views; see 'enable_syntax_coloration'.]
+## used only for the 'markup' and 'annotate' views.]
 ##
 #detect_encoding = 0
 

lib/accept.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/blame.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 # Copyright (C) 2000 Curt Hagenlocher <curt@hagenlocher.org>
 #
 # By using this file, you agree to the terms and conditions set forth in

lib/compat.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/config.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC
@@ -112,6 +112,8 @@ class Config:
   _force_multi_value = (
     # Configuration values with multiple, comma-separated values.
     'allowed_views',
+    'binary_mime_types',
+    'custom_log_formatting',
     'cvs_roots',
     'kv_files',
     'languages',
@@ -398,11 +400,14 @@ class Config:
     self.options.allowed_views = ['annotate', 'diff', 'markup', 'roots']
     self.options.authorizer = None
     self.options.mangle_email_addresses = 0
+    self.options.custom_log_formatting = []
     self.options.default_file_view = "log"
+    self.options.binary_mime_types = []
     self.options.http_expiration_time = 600
     self.options.generate_etags = 1
     self.options.svn_ignore_mimetype = 0
     self.options.svn_config_dir = None
+    self.options.max_filesize_kbytes = 512
     self.options.use_rcsparse = 0
     self.options.sort_by = 'file'
     self.options.sort_group_dirs = 1
@@ -425,6 +430,7 @@ class Config:
     self.options.show_log_in_markup = 1
     self.options.cross_copies = 1
     self.options.use_localtime = 0
+    self.options.iso8601_timestamps = 0
     self.options.short_log_len = 80
     self.options.enable_syntax_coloration = 1
     self.options.tabsize = 8

lib/cvsdb.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC
@@ -520,7 +520,10 @@ class CheckinDatabase:
         if file_id == None:
             return None
 
-        sql = "SELECT * FROM %s WHERE "\
+        sql = "SELECT type, ci_when, whoid, repositoryid, dirid, fileid, " \
+              "revision, stickytag, branchid, addedlines, removedlines, " \
+              "descid "\
+              "  FROM %s WHERE "\
               "  repositoryid=%%s "\
               "  AND dirid=%%s"\
               "  AND fileid=%%s"\
@@ -570,7 +573,10 @@ class CheckinDatabase:
             self.sql_purge('descs', 'id', 'descid', 'commits')
             self.sql_purge('people', 'id', 'whoid', 'commits')
         else:
-            sql = "SELECT * FROM checkins WHERE repositoryid=%s"
+            sql = "SELECT type, ci_when, whoid, repositoryid, dirid, " \
+                  "fileid, revision, stickytag, branchid, addedlines, " \
+                  "removedlines, descid "\
+                  "  FROM checkins WHERE repositoryid=%s"
             sql_args = (rep_id, )
             cursor = self.db.cursor()
             cursor.execute(sql, sql_args)

lib/dbi.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/debug.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/idiff.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/popen.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/query.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/sapi.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/vcauth/__init__.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 2006-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 2006-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/vcauth/forbidden/__init__.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 2006-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 2006-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/vcauth/forbiddenre/__init__.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 2008-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 2008-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/vcauth/svnauthz/__init__.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 2006-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 2006-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC
@@ -34,9 +34,9 @@ class ViewVCAuthorizer(vcauth.GenericViewVCAuthorizer):
     # See if the admin wants us to do case normalization of usernames.
     self.force_username_case = params.get('force_username_case')
     if self.force_username_case == "upper":
-      self.username = username.upper()
+      self.username = username and string.upper(username) or username
     elif self.force_username_case == "lower":
-      self.username = username.lower()
+      self.username = username and string.lower(username) or username
     elif not self.force_username_case:
       self.username = username
     else:

lib/vclib/__init__.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC
@@ -207,7 +207,21 @@ class Repository:
 
     rev is the revision of the item to return information about
     """
+
+  def filesize(self, path_parts, rev):
+    """Return the size of a versioned file's contents if it can be
+    obtained without a brute force measurement; -1 otherwise.
+
+    NOTE: Callers that require a filesize answer when this function
+    returns -1 may obtain it by measuring the data returned via
+    openfile().
     
+    The path is specified as a list of components, relative to the root
+    of the repository. e.g. ["subdir1", "subdir2", "filename"]
+
+    rev is the revision of the item to return information about
+    """
+
     
 # ======================================================================
 class DirEntry:

lib/vclib/ccvs/__init__.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC
@@ -35,6 +35,23 @@ def expand_root_parent(parent_path):
   return roots
 
 
+def find_root_in_parent(parent_path, rootname):
+  """Search PARENT_PATH for a root named ROOTNAME, returning the
+  canonicalized ROOTPATH of the root if found; return None if no such
+  root is found."""
+
+  assert os.path.isabs(parent_path)
+  # Is PARENT_PATH itself a CVS repository?  If so, we allow ROOTNAME
+  # to be any subdir within it.  Otherwise, we expect
+  # PARENT_PATH/ROOTNAME to be a CVS repository.
+  rootpath = os.path.join(parent_path, rootname)
+  if os.path.exists(os.path.join(parent_path, "CVSROOT", "config")):
+    return canonicalize_rootpath(rootpath)
+  if os.path.exists(os.path.join(rootpath, "CVSROOT", "config")):
+    return canonicalize_rootpath(rootpath)
+  return None
+
+
 def CVSRepository(name, rootpath, authorizer, utilities, use_rcsparse):
   rootpath = canonicalize_rootpath(rootpath)
   if use_rcsparse:

lib/vclib/ccvs/bincvs.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC
@@ -149,6 +149,11 @@ class BaseCVSRepository(vclib.Repository):
                         % (string.join(path_parts, "/")))
     rcsfile = self.rcsfile(path_parts, 1)
     return os.access(rcsfile, os.X_OK)
+  
+  def filesize(self, path_parts, rev):
+    if self.itemtype(path_parts, rev) != vclib.FILE:  # does auth-check
+      raise vclib.Error("Path '%s' is not a file." % (_path_join(path_parts)))
+    return -1
 
 
 class BinCVSRepository(BaseCVSRepository):

lib/vclib/ccvs/blame.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 # Copyright (C) 2000 Curt Hagenlocher <curt@hagenlocher.org>
 #
 # By using this file, you agree to the terms and conditions set forth in

lib/vclib/ccvs/ccvs.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC
@@ -200,6 +200,7 @@ class InfoSink(MatchingSink):
     self.matching_rev = None
     self.perfect_match = 0
     self.lockinfo = { }
+    self.saw_revision = False
 
   def define_tag(self, name, revision):
     MatchingSink.define_tag(self, name, revision)
@@ -213,10 +214,17 @@ class InfoSink(MatchingSink):
         self.entry.absent = 1
       raise rcsparse.RCSStopParser
 
+  def parse_completed(self):
+    if not self.saw_revision:
+      #self.entry.errors.append("No revisions exist on %s" % (view_tag or "MAIN"))
+      self.entry.absent = 1
+    
   def set_locker(self, rev, locker):
     self.lockinfo[rev] = locker
     
   def define_revision(self, revision, date, author, state, branches, next):
+    self.saw_revision = True
+    
     if self.perfect_match:
       return
 
@@ -224,14 +232,18 @@ class InfoSink(MatchingSink):
     rev = Revision(revision, date, author, state == "dead")
     rev.lockinfo = self.lockinfo.get(revision)
     
-    # perfect match if revision number matches tag number or if revision is on
-    # trunk and tag points to trunk. imperfect match if tag refers to a branch
-    # and this revision is the highest revision so far found on that branch
+    # perfect match if revision number matches tag number or if
+    # revision is on trunk and tag points to trunk.  imperfect match
+    # if tag refers to a branch and either a) this revision is the
+    # highest revision so far found on that branch, or b) this
+    # revision is the branchpoint.
     perfect = ((rev.number == tag.number) or
                (not tag.number and len(rev.number) == 2))
-    if perfect or (tag.is_branch and tag.number == rev.number[:-1] and
-                   (not self.matching_rev or
-                    rev.number > self.matching_rev.number)):
+    if perfect or (tag.is_branch and \
+                   ((tag.number == rev.number[:-1] and
+                     (not self.matching_rev or
+                      rev.number > self.matching_rev.number)) or
+                    (rev.number == tag.number[:-1]))):
       self.matching_rev = rev
       self.perfect_match = perfect
 

lib/vclib/ccvs/rcsparse/__init__.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/vclib/ccvs/rcsparse/common.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/vclib/ccvs/rcsparse/debug.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/vclib/ccvs/rcsparse/default.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/vclib/ccvs/rcsparse/texttools.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

lib/vclib/svn/__init__.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC
@@ -19,27 +19,46 @@ import urllib
 
 _re_url = re.compile('^(http|https|file|svn|svn\+[^:]+)://')
 
-def canonicalize_rootpath(rootpath):
+def _canonicalize_path(path):
+  import svn.core
   try:
-    import svn.core
-    return svn.core.svn_path_canonicalize(rootpath)
-  except:
-    if os.name == 'posix':
-      rootpath_lower = rootpath.lower()
-      if rootpath_lower in ['file://localhost',
-                            'file://localhost/',
-                            'file://',
-                            'file:///'
-                            ]:
-        return '/'
-      if rootpath_lower.startswith('file://localhost/'):
-        return os.path.normpath(urllib.unquote(rootpath[16:]))
-      elif rootpath_lower.startswith('file:///'):
-        return os.path.normpath(urllib.unquote(rootpath[7:]))
-    if re.search(_re_url, rootpath):
-      return rootpath.rstrip('/')
+    return svn.core.svn_path_canonicalize(path)
+  except AttributeError: # svn_path_canonicalize() appeared in 1.4.0 bindings
+    # There's so much more that we *could* do here, but if we're
+    # here at all its because there's a really old Subversion in
+    # place, and those older Subversion versions cared quite a bit
+    # less about the specifics of path canonicalization.
+    if re.search(_re_url, path):
+      return path.rstrip('/')
+    else:
+      return os.path.normpath(path)
+
+
+def canonicalize_rootpath(rootpath):
+  # Try to canonicalize the rootpath using Subversion semantics.
+  rootpath = _canonicalize_path(rootpath)
+  
+  # ViewVC's support for local repositories is more complete and more
+  # performant than its support for remote ones, so if we're on a
+  # Unix-y system and we have a file:/// URL, convert it to a local
+  # path instead.
+  if os.name == 'posix':
+    rootpath_lower = rootpath.lower()
+    if rootpath_lower in ['file://localhost',
+                          'file://localhost/',
+                          'file://',
+                          'file:///'
+                          ]:
+      return '/'
+    if rootpath_lower.startswith('file://localhost/'):
+      rootpath = os.path.normpath(urllib.unquote(rootpath[16:]))
+    elif rootpath_lower.startswith('file:///'):
+      rootpath = os.path.normpath(urllib.unquote(rootpath[7:]))
+
+  # Ensure that we have an absolute path (or URL), and return.
+  if not re.search(_re_url, rootpath):
     assert os.path.isabs(rootpath)
-    return os.path.normpath(rootpath)
+  return rootpath
 
 
 def expand_root_parent(parent_path):
@@ -58,6 +77,20 @@ def expand_root_parent(parent_path):
   return roots
 
 
+def find_root_in_parent(parent_path, rootname):
+  """Search PARENT_PATH for a root named ROOTNAME, returning the
+  canonicalized ROOTPATH of the root if found; return None if no such
+  root is found."""
+  
+  if not re.search(_re_url, parent_path):
+    assert os.path.isabs(parent_path)
+    rootpath = os.path.join(parent_path, rootname)
+    format_path = os.path.join(rootpath, "format")
+    if os.path.exists(format_path):
+      return canonicalize_rootpath(rootpath)
+  return None
+
+
 def SubversionRepository(name, rootpath, authorizer, utilities, config_dir):
   rootpath = canonicalize_rootpath(rootpath)
   if re.search(_re_url, rootpath):

lib/vclib/svn/svn_ra.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC
@@ -20,7 +20,10 @@ import re
 import tempfile
 import time
 import urllib
-from svn_repos import Revision, SVNChangedPath, _datestr_to_date, _compare_paths, _path_parts, _cleanup_path, _rev2optrev, _fix_subversion_exception, _split_revprops
+from svn_repos import Revision, SVNChangedPath, _datestr_to_date, \
+                      _compare_paths, _path_parts, _cleanup_path, \
+                      _rev2optrev, _fix_subversion_exception, \
+                      _split_revprops, _canonicalize_path
 from svn import core, delta, client, wc, ra
 
 
@@ -51,12 +54,14 @@ def get_directory_props(ra_session, path, rev):
     props = ra.svn_ra_get_dir(ra_session, path, rev)
   return props
 
-def client_log(url, start_rev, end_rev, log_limit, cross_copies,
-               cb_func, ctx):
+def client_log(url, start_rev, end_rev, log_limit, include_changes,
+               cross_copies, cb_func, ctx):
+  include_changes = include_changes and 1 or 0
+  cross_copies = cross_copies and 1 or 0
   try:
     client.svn_client_log4([url], start_rev, start_rev, end_rev,
-                           log_limit, 1, not cross_copies, 0, None,
-                           cb_func, ctx)
+                           log_limit, include_changes, not cross_copies,
+                           0, None, cb_func, ctx)
   except AttributeError:
     # Wrap old svn_log_message_receiver_t interface with a
     # svn_log_entry_t one.
@@ -72,15 +77,48 @@ def client_log(url, start_rev, end_rev, log_limit, cross_copies,
                              }
       cb_func(log_entry, pool)
     client.svn_client_log2([url], start_rev, end_rev, log_limit,
-                           1, not cross_copies, cb_convert, ctx)
+                           include_changes, not cross_copies, cb_convert, ctx)
+
+
+def setup_client_ctx(config_dir):
+  # Ensure that the configuration directory exists.
+  core.svn_config_ensure(config_dir)
+
+  # Fetch the configuration (and 'config' bit thereof).
+  cfg = core.svn_config_get_config(config_dir)
+  config = cfg.get(core.SVN_CONFIG_CATEGORY_CONFIG)
+
+  # Here's the compat-sensitive part: try to use
+  # svn_cmdline_create_auth_baton(), and fall back to making our own
+  # if that fails.
+  try:
+    auth_baton = core.svn_cmdline_create_auth_baton(1, None, None, config_dir,
+                                                    1, 1, config, None)
+  except AttributeError:
+    auth_baton = core.svn_auth_open([
+      client.svn_client_get_simple_provider(),
+      client.svn_client_get_username_provider(),
+      client.svn_client_get_ssl_server_trust_file_provider(),
+      client.svn_client_get_ssl_client_cert_file_provider(),
+      client.svn_client_get_ssl_client_cert_pw_file_provider(),
+      ])
+    if config_dir is not None:
+      core.svn_auth_set_parameter(auth_baton,
+                                  core.SVN_AUTH_PARAM_CONFIG_DIR,
+                                  config_dir)
+
+  # Create, setup, and return the client context baton.
+  ctx = client.svn_client_create_context()
+  ctx.config = cfg
+  ctx.auth_baton = auth_baton
+  return ctx
 
 ### END COMPATABILITY CODE ###
 
 
 class LogCollector:
-  ### TODO: Make this thing authz-aware
   
-  def __init__(self, path, show_all_logs, lockinfo):
+  def __init__(self, path, show_all_logs, lockinfo, access_check_func):
     # This class uses leading slashes for paths internally
     if not path:
       self.path = '/'
@@ -89,8 +127,12 @@ class LogCollector:
     self.logs = []
     self.show_all_logs = show_all_logs
     self.lockinfo = lockinfo
+    self.access_check_func = access_check_func
+    self.done = False
     
   def add_log(self, log_entry, pool):
+    if self.done:
+      return
     paths = log_entry.changed_paths
     revision = log_entry.revision
     msg, author, date, revprops = _split_revprops(log_entry.revprops)
@@ -114,13 +156,17 @@ class LogCollector:
           if change.copyfrom_path:
             this_path = change.copyfrom_path + self.path[len(changed_path):]
     if self.show_all_logs or this_path:
-      entry = Revision(revision, date, author, msg, None, self.lockinfo,
-                       self.path[1:], None, None)
-      self.logs.append(entry)
+      if self.access_check_func is None \
+         or self.access_check_func(self.path[1:], revision):
+        entry = Revision(revision, date, author, msg, None, self.lockinfo,
+                         self.path[1:], None, None)
+        self.logs.append(entry)
+      else:
+        self.done = True
     if this_path:
       self.path = this_path
     
-def temp_checkout(svnrepos, path, rev):
+def cat_to_tempfile(svnrepos, path, rev):
   """Check out file revision to temporary file"""
   temp = tempfile.mktemp()
   stream = core.svn_stream_from_aprfile(temp)
@@ -181,21 +227,8 @@ class RemoteSubversionRepository(vclib.Repository):
 
   def open(self):
     # Setup the client context baton, complete with non-prompting authstuffs.
-    # TODO: svn_cmdline_setup_auth_baton() is mo' better (when available)
-    core.svn_config_ensure(self.config_dir)
-    self.ctx = client.svn_client_create_context()
-    self.ctx.auth_baton = core.svn_auth_open([
-      client.svn_client_get_simple_provider(),
-      client.svn_client_get_username_provider(),
-      client.svn_client_get_ssl_server_trust_file_provider(),
-      client.svn_client_get_ssl_client_cert_file_provider(),
-      client.svn_client_get_ssl_client_cert_pw_file_provider(),
-      ])
-    self.ctx.config = core.svn_config_get_config(self.config_dir)
-    if self.config_dir is not None:
-      core.svn_auth_set_parameter(self.ctx.auth_baton,
-                                  core.SVN_AUTH_PARAM_CONFIG_DIR,
-                                  self.config_dir)
+    self.ctx = setup_client_ctx(self.config_dir)
+    
     ra_callbacks = ra.svn_ra_callbacks_t()
     ra_callbacks.auth_baton = self.ctx.auth_baton
     self.ra_session = ra.svn_ra_open(self.rootpath, ra_callbacks, None,
@@ -247,19 +280,17 @@ class RemoteSubversionRepository(vclib.Repository):
       raise vclib.Error("Path '%s' is not a file." % path)
     rev = self._getrev(rev)
     url = self._geturl(path)
-    tmp_file = tempfile.mktemp()
-    stream = core.svn_stream_from_aprfile(tmp_file)
     ### rev here should be the last history revision of the URL
-    client.svn_client_cat(core.Stream(stream), url, _rev2optrev(rev), self.ctx)
-    core.svn_stream_close(stream)
-    return SelfCleanFP(tmp_file), self._get_last_history_rev(path_parts, rev)
+    fp = SelfCleanFP(cat_to_tempfile(self, path, rev))
+    lh_rev, c_rev = self._get_last_history_rev(path_parts, rev)
+    return fp, lh_rev
 
   def listdir(self, path_parts, rev, options):
     path = self._getpath(path_parts)
     if self.itemtype(path_parts, rev) != vclib.DIR:  # does auth-check
       raise vclib.Error("Path '%s' is not a directory." % path)
     rev = self._getrev(rev)
-    entries = [ ]
+    entries = []
     dirents, locks = self._get_dirents(path, rev)
     for name in dirents.keys():
       entry = dirents[name]
@@ -267,8 +298,9 @@ class RemoteSubversionRepository(vclib.Repository):
         kind = vclib.DIR
       elif entry.kind == core.svn_node_file:
         kind = vclib.FILE
-      if vclib.check_path_access(self, path_parts + [name], kind, rev):
-        entries.append(vclib.DirEntry(name, kind))
+      else:
+        kind = None
+      entries.append(vclib.DirEntry(name, kind))
     return entries
 
   def dirlogs(self, path_parts, rev, entries, options):
@@ -279,11 +311,13 @@ class RemoteSubversionRepository(vclib.Repository):
     dirents, locks = self._get_dirents(path, rev)
     for entry in entries:
       entry_path_parts = path_parts + [entry.name]
-      if not vclib.check_path_access(self, entry_path_parts, entry.kind, rev):
+      dirent = dirents.get(entry.name, None)
+      # dirents is authz-sanitized, so ensure the entry is found therein.
+      if dirent is None:
         continue
-      dirent = dirents[entry.name]
+      # Get authz-sanitized revision metadata.
       entry.date, entry.author, entry.log, revprops, changes = \
-                  self.revinfo(dirent.created_rev)
+                  self._revinfo(dirent.created_rev)
       entry.rev = str(dirent.created_rev)
       entry.size = dirent.size
       entry.lockinfo = None
@@ -297,28 +331,51 @@ class RemoteSubversionRepository(vclib.Repository):
     rev = self._getrev(rev)
     url = self._geturl(path)
 
-    # Use ls3 to fetch the lock status for this item.
-    lockinfo = None
-    basename = path_parts and path_parts[-1] or ""
-    dirents, locks = list_directory(url, _rev2optrev(rev),
-                                    _rev2optrev(rev), 0, self.ctx)
-    if locks.has_key(basename):
-      lockinfo = locks[basename].owner
+    # If this is a file, fetch the lock status and size (as of REV)
+    # for this item.
+    lockinfo = size_in_rev = None
+    if path_type == vclib.FILE:
+      basename = path_parts[-1]
+      list_url = self._geturl(self._getpath(path_parts[:-1]))
+      dirents, locks = list_directory(list_url, _rev2optrev(rev),
+                                      _rev2optrev(rev), 0, self.ctx)
+      if locks.has_key(basename):
+        lockinfo = locks[basename].owner
+      if dirents.has_key(basename):
+        size_in_rev = dirents[basename].size
+    
+    # Special handling for the 'svn_latest_log' scenario.
+    ### FIXME: Don't like this hack.  We should just introduce
+    ### something more direct in the vclib API.
+    if options.get('svn_latest_log', 0):
+      dir_lh_rev, dir_c_rev = self._get_last_history_rev(path_parts, rev)
+      date, author, log, revprops, changes = self._revinfo(dir_lh_rev)
+      return [vclib.Revision(dir_lh_rev, str(dir_lh_rev), date, author,
+                             None, log, size_in_rev, lockinfo)]
 
+    def _access_checker(check_path, check_rev):
+      return vclib.check_path_access(self, _path_parts(check_path),
+                                     path_type, check_rev)
+      
     # It's okay if we're told to not show all logs on a file -- all
     # the revisions should match correctly anyway.
-    lc = LogCollector(path, options.get('svn_show_all_dir_logs', 0), lockinfo)
+    lc = LogCollector(path, options.get('svn_show_all_dir_logs', 0),
+                      lockinfo, _access_checker)
 
     cross_copies = options.get('svn_cross_copies', 0)
     log_limit = 0
     if limit:
       log_limit = first + limit
-    client_log(url, _rev2optrev(rev), _rev2optrev(1), log_limit,
+    client_log(url, _rev2optrev(rev), _rev2optrev(1), log_limit, 1,
                cross_copies, lc.add_log, self.ctx)
     revs = lc.logs
     revs.sort()
     prev = None
     for rev in revs:
+      # Swap out revision info with stuff from the cache (which is
+      # authz-sanitized).
+      rev.date, rev.author, rev.log, revprops, changes \
+                = self._revinfo(rev.number)
       rev.prev = prev
       prev = rev
     revs.reverse()
@@ -345,6 +402,18 @@ class RemoteSubversionRepository(vclib.Repository):
     rev = self._getrev(rev)
     url = self._geturl(path)
 
+    # Examine logs for the file to determine the oldest revision we are
+    # permitted to see.
+    log_options = {
+      'svn_cross_copies' : 1,
+      'svn_show_all_dir_logs' : 1,
+      }
+    revs = self.itemlog(path_parts, rev, vclib.SORTBY_REV, 0, 0, log_options)
+    oldest_rev = revs[-1].number
+
+    # Now calculate the annotation data.  Note that we'll not
+    # inherently trust the provided author and date, because authz
+    # rules might necessitate that we strip that information out.
     blame_data = []
 
     def _blame_cb(line_no, revision, author, date,
@@ -352,22 +421,27 @@ class RemoteSubversionRepository(vclib.Repository):
       prev_rev = None
       if revision > 1:
         prev_rev = revision - 1
+
+      # If we have an invalid revision, clear the date and author
+      # values.  Otherwise, if we have authz filtering to do, use the
+      # revinfo cache to do so.
+      if revision < 0:
+        date = author = None
+      elif self.auth:
+        date, author, msg, revprops, changes = self._revinfo(revision)
+
+      # Strip text if the caller doesn't want it.
       if not include_text:
         line = None
       blame_data.append(vclib.Annotation(line, line_no + 1, revision, prev_rev,
-                                         author, None))
+                                         author, date))
       
-    client.svn_client_blame(url, _rev2optrev(1), _rev2optrev(rev),
-                            _blame_cb, self.ctx)
+    client.blame2(url, _rev2optrev(rev), _rev2optrev(oldest_rev),
+                  _rev2optrev(rev), _blame_cb, self.ctx)
     return blame_data, rev
 
   def revinfo(self, rev):
-    rev = self._getrev(rev)
-    cached_info = self._revinfo_cache.get(rev)
-    if not cached_info:
-      cached_info = self._revinfo_raw(rev)
-      self._revinfo_cache[rev] = cached_info
-    return tuple(cached_info)
+    return self._revinfo(rev, 1)
     
   def rawdiff(self, path_parts1, rev1, path_parts2, rev2, type, options={}):
     p1 = self._getpath(path_parts1)
@@ -382,12 +456,12 @@ class RemoteSubversionRepository(vclib.Repository):
     args = vclib._diff_args(type, options)
 
     def _date_from_rev(rev):
-      date, author, msg, revprops, changes = self.revinfo(rev)
+      date, author, msg, revprops, changes = self._revinfo(rev)
       return date
     
     try:
-      temp1 = temp_checkout(self, p1, r1)
-      temp2 = temp_checkout(self, p2, r2)
+      temp1 = cat_to_tempfile(self, p1, r1)
+      temp2 = cat_to_tempfile(self, p2, r2)
       info1 = p1, _date_from_rev(r1), r1
       info2 = p2, _date_from_rev(r2), r2
       return vclib._diff_fp(temp1, temp2, info1, info2, self.diff_cmd, args)
@@ -401,6 +475,15 @@ class RemoteSubversionRepository(vclib.Repository):
     props = self.itemprops(path_parts, rev) # does authz-check
     return props.has_key(core.SVN_PROP_EXECUTABLE)
   
+  def filesize(self, path_parts, rev):
+    path = self._getpath(path_parts)
+    if self.itemtype(path_parts, rev) != vclib.FILE:  # does auth-check
+      raise vclib.Error("Path '%s' is not a file." % path)
+    rev = self._getrev(rev)
+    dirents, locks = self._get_dirents(self._getpath(path_parts[:-1]), rev)
+    dirent = dirents.get(path_parts[-1], None)
+    return dirent.size
+    
   def _getpath(self, path_parts):
     return string.join(path_parts, '/')
 
@@ -421,49 +504,84 @@ class RemoteSubversionRepository(vclib.Repository):
   def _geturl(self, path=None):
     if not path:
       return self.rootpath
-    return self.rootpath + '/' + urllib.quote(path, "/*~")
+    path = self.rootpath + '/' + urllib.quote(path)
+    return _canonicalize_path(path)
 
   def _get_dirents(self, path, rev):
     """Return a 2-type of dirents and locks, possibly reading/writing
-    from a local cache of that information."""
+    from a local cache of that information.  This functions performs
+    authz checks, stripping out unreadable dirents."""
 
     dir_url = self._geturl(path)
+    path_parts = _path_parts(path)    
     if path:
       key = str(rev) + '/' + path
     else:
       key = str(rev)
+
+    # Ensure that the cache gets filled...
     dirents_locks = self._dirent_cache.get(key)
     if not dirents_locks:
-      dirents, locks = list_directory(dir_url, _rev2optrev(rev),
-                                      _rev2optrev(rev), 0, self.ctx)
+      tmp_dirents, locks = list_directory(dir_url, _rev2optrev(rev),
+                                          _rev2optrev(rev), 0, self.ctx)
+      dirents = {}
+      for name, dirent in tmp_dirents.items():
+        dirent_parts = path_parts + [name]
+        kind = dirent.kind 
+        if (kind == core.svn_node_dir or kind == core.svn_node_file) \
+           and vclib.check_path_access(self, dirent_parts,
+                                       kind == core.svn_node_dir \
+                                         and vclib.DIR or vclib.FILE, rev):
+          lh_rev, c_rev = self._get_last_history_rev(dirent_parts, rev)
+          dirent.created_rev = lh_rev
+          dirents[name] = dirent
       dirents_locks = [dirents, locks]
       self._dirent_cache[key] = dirents_locks
+
+    # ...then return the goodies from the cache.
     return dirents_locks[0], dirents_locks[1]
 
   def _get_last_history_rev(self, path_parts, rev):
+    """Return the a 2-tuple which contains:
+         - the last interesting revision equal to or older than REV in
+           the history of PATH_PARTS.
+         - the created_rev of of PATH_PARTS as of REV."""
+    
+    path = self._getpath(path_parts)
     url = self._geturl(self._getpath(path_parts))
     optrev = _rev2optrev(rev)
+
+    # Get the last-changed-rev.
     revisions = []
     def _info_cb(path, info, pool, retval=revisions):
       revisions.append(info.last_changed_rev)
     client.svn_client_info(url, optrev, optrev, _info_cb, 0, self.ctx)
-    return revisions[0]
-    
-  def _revinfo_raw(self, rev):
-    # return 5-tuple (date, author, msg, revprops, changes)
-    optrev = _rev2optrev(rev)
-    revs = []
+    last_changed_rev = revisions[0]
 
+    # Now, this object might not have been directly edited since the
+    # last-changed-rev, but it might have been the child of a copy.
+    # To determine this, we'll run a potentially no-op log between
+    # LAST_CHANGED_REV and REV.
+    lc = LogCollector(path, 1, None, None)
+    client_log(url, optrev, _rev2optrev(last_changed_rev), 1, 1, 0,
+               lc.add_log, self.ctx)
+    revs = lc.logs
+    if revs:
+      revs.sort()
+      return revs[0].number, last_changed_rev
+    else:
+      return last_changed_rev, last_changed_rev
+    
+  def _revinfo_fetch(self, rev, include_changed_paths=0):
+    need_changes = include_changed_paths or self.auth
+    revs = []
+    
     def _log_cb(log_entry, pool, retval=revs):
-      ### Subversion 1.5 and earlier didn't offer the 'changed_paths2'
-      ### hash, and in Subversion 1.6, it's offered but broken.
-      try: 
-        changed_paths = log_entry.changed_paths2
-        paths = (changed_paths or {}).keys()
-      except:
-        changed_paths = log_entry.changed_paths
-        paths = (changed_paths or {}).keys()
-      paths.sort(lambda a, b: _compare_paths(a, b))
+      # If Subversion happens to call us more than once, we choose not
+      # to care.
+      if retval:
+        return
+      
       revision = log_entry.revision
       msg, author, date, revprops = _split_revprops(log_entry.revprops)
       action_map = { 'D' : vclib.DELETED,
@@ -471,22 +589,42 @@ class RemoteSubversionRepository(vclib.Repository):
                      'R' : vclib.REPLACED,
                      'M' : vclib.MODIFIED,
                      }
+
+      # Easy out: if we won't use the changed-path info, just return a
+      # changes-less tuple.
+      if not need_changes:
+        return revs.append([date, author, msg, revprops, None])
+
+      # Subversion 1.5 and earlier didn't offer the 'changed_paths2'
+      # hash, and in Subversion 1.6, it's offered but broken.
+      try: 
+        changed_paths = log_entry.changed_paths2
+        paths = (changed_paths or {}).keys()
+      except:
+        changed_paths = log_entry.changed_paths
+        paths = (changed_paths or {}).keys()
+      paths.sort(lambda a, b: _compare_paths(a, b))
+
+      # If we get this far, our caller needs changed-paths, or we need
+      # them for authz-related sanitization.
       changes = []
       found_readable = found_unreadable = 0
       for path in paths:
         change = changed_paths[path]
-        ### svn_log_changed_path_t (which we might get instead of the
-        ### svn_log_changed_path2_t we'd prefer) doesn't have the
-        ### 'node_kind' member.        
+
+        # svn_log_changed_path_t (which we might get instead of the
+        # svn_log_changed_path2_t we'd prefer) doesn't have the
+        # 'node_kind' member.        
         pathtype = None
         if hasattr(change, 'node_kind'):
           if change.node_kind == core.svn_node_dir:
             pathtype = vclib.DIR
           elif change.node_kind == core.svn_node_file:
             pathtype = vclib.FILE
-        ### svn_log_changed_path2_t only has the 'text_modified' and
-        ### 'props_modified' bits in Subversion 1.7 and beyond.  And
-        ### svn_log_changed_path_t is without.
+            
+        # svn_log_changed_path2_t only has the 'text_modified' and
+        # 'props_modified' bits in Subversion 1.7 and beyond.  And
+        # svn_log_changed_path_t is without.
         text_modified = props_modified = 0
         if hasattr(change, 'text_modified'):
           if change.text_modified == core.svn_tristate_true:
@@ -494,9 +632,10 @@ class RemoteSubversionRepository(vclib.Repository):
         if hasattr(change, 'props_modified'):
           if change.props_modified == core.svn_tristate_true:
             props_modified = 1
-        ### Wrong, diddily wrong wrong wrong.  Can you say,
-        ### "Manufacturing data left and right because it hurts to
-        ### figure out the right stuff?"
+            
+        # Wrong, diddily wrong wrong wrong.  Can you say,
+        # "Manufacturing data left and right because it hurts to
+        # figure out the right stuff?"
         action = action_map.get(change.action, vclib.MODIFIED)
         if change.copyfrom_path and change.copyfrom_rev:
           is_copy = 1
@@ -510,15 +649,16 @@ class RemoteSubversionRepository(vclib.Repository):
           base_path = path
           base_rev = revision - 1
 
-        ### Check authz rules (we lie about the path type)
+        # Check authz rules (sadly, we have to lie about the path type)
         parts = _path_parts(path)
         if vclib.check_path_access(self, parts, vclib.FILE, revision):
           if is_copy and base_path and (base_path != path):
             parts = _path_parts(base_path)
-            if vclib.check_path_access(self, parts, vclib.FILE, base_rev):
+            if not vclib.check_path_access(self, parts, vclib.FILE, base_rev):
               is_copy = 0
               base_path = None
               base_rev = None
+              found_unreadable = 1
           changes.append(SVNChangedPath(path, revision, pathtype, base_path,
                                         base_rev, action, is_copy,
                                         text_modified, props_modified))
@@ -526,16 +666,45 @@ class RemoteSubversionRepository(vclib.Repository):
         else:
           found_unreadable = 1
 
+        # If our caller doesn't want changed-path stuff, and we have
+        # the info we need to make an authz determination already,
+        # quit this loop and get on with it.
+        if (not include_changed_paths) and found_unreadable and found_readable:
+          break
+
+      # Filter unreadable information.
       if found_unreadable:
         msg = None
         if not found_readable:
           author = None
           date = None
-      revs.append([date, author, msg, revprops, changes])
 
-    client_log(self.rootpath, optrev, optrev, 1, 0, _log_cb, self.ctx)
+      # Drop unrequested changes.
+      if not include_changed_paths:
+        changes = None
+
+      # Add this revision information to the "return" array.
+      retval.append([date, author, msg, revprops, changes])
+
+    optrev = _rev2optrev(rev)
+    client_log(self.rootpath, optrev, optrev, 1, need_changes, 0,
+               _log_cb, self.ctx)
     return tuple(revs[0])
 
+  def _revinfo(self, rev, include_changed_paths=0):
+    """Internal-use, cache-friendly revision information harvester."""
+
+    # Consult the revinfo cache first.  If we don't have cached info,
+    # or our caller wants changed paths and we don't have those for
+    # this revision, go do the real work.
+    rev = self._getrev(rev)
+    cached_info = self._revinfo_cache.get(rev)
+    if not cached_info \
+       or (include_changed_paths and cached_info[4] is None):
+      cached_info = self._revinfo_fetch(rev, include_changed_paths)
+      self._revinfo_cache[rev] = cached_info
+    return cached_info
+
   ##--- custom --##
 
   def get_youngest_revision(self):
@@ -553,23 +722,16 @@ class RemoteSubversionRepository(vclib.Repository):
       old_path = results[old_rev]
     except KeyError:
       raise vclib.ItemNotFound(path)
-  
-    return _cleanup_path(old_path)
+    old_path = _cleanup_path(old_path)
+    old_path_parts = _path_parts(old_path)
+    # Check access (lying about path types)
+    if not vclib.check_path_access(self, old_path_parts, vclib.FILE, old_rev):
+      raise vclib.ItemNotFound(path)
+    return old_path
   
   def created_rev(self, path, rev):
-    # NOTE: We can't use svn_client_propget here because the
-    # interfaces in that layer strip out the properties not meant for
-    # human consumption (such as svn:entry:committed-rev, which we are
-    # using here to get the created revision of PATH@REV).
-    kind = ra.svn_ra_check_path(self.ra_session, path, rev)
-    if kind == core.svn_node_none:
-      raise vclib.ItemNotFound(_path_parts(path))
-    elif kind == core.svn_node_dir:
-      props = get_directory_props(self.ra_session, path, rev)
-    elif kind == core.svn_node_file:
-      fetched_rev, props = ra.svn_ra_get_file(self.ra_session, path, rev, None)
-    return int(props.get(core.SVN_PROP_ENTRY_COMMITTED_REV,
-                         SVN_INVALID_REVNUM))
+    lh_rev, c_rev = self._get_last_history_rev(_path_parts(path), rev)
+    return lh_rev
 
   def last_rev(self, path, peg_revision, limit_revision=None):
     """Given PATH, known to exist in PEG_REVISION, find the youngest
@@ -604,3 +766,33 @@ class RemoteSubversionRepository(vclib.Repository):
         else:
           peg_revision = mid
       return peg_revision, path
+
+  def get_symlink_target(self, path_parts, rev):
+    """Return the target of the symbolic link versioned at PATH_PARTS
+    in REV, or None if that object is not a symlink."""
+
+    path = self._getpath(path_parts)
+    path_type = self.itemtype(path_parts, rev) # does auth-check
+    rev = self._getrev(rev)
+    url = self._geturl(path)
+
+    # Symlinks must be files with the svn:special property set on them
+    # and with file contents which read "link SOME_PATH".
+    if path_type != vclib.FILE:
+      return None
+    pairs = client.svn_client_proplist2(url, _rev2optrev(rev),
+                                        _rev2optrev(rev), 0, self.ctx)
+    props = pairs and pairs[0][1] or {}
+    if not props.has_key(core.SVN_PROP_SPECIAL):
+      return None
+    pathspec = ''
+    ### FIXME: We're being a touch sloppy here, first by grabbing the
+    ### whole file and then by checking only the first line
+    ### of it.
+    fp = SelfCleanFP(cat_to_tempfile(self, path, rev))
+    pathspec = fp.readline()
+    fp.close()
+    if pathspec[:5] != 'link ':
+      return None
+    return pathspec[5:]
+

lib/vclib/svn/svn_repos.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC
@@ -43,7 +43,14 @@ def _fix_subversion_exception(e):
     e.apr_err = e[1]
   if not hasattr(e, 'message'):
     e.message = e[0]
-  
+
+### Pre-1.4 Subversion doesn't have svn_path_canonicalize()
+def _canonicalize_path(path):
+  try:
+    return core.svn_path_canonicalize(path)
+  except AttributeError:
+    return path
+
 def _allow_all(root, path, pool):
   """Generic authz_read_func that permits access to all paths"""
   return 1
@@ -115,9 +122,10 @@ def _rootpath2url(rootpath, path):
   rootpath = urllib.quote(rootpath)
   path = urllib.quote(path)
   if drive:
-    return 'file:///' + drive + rootpath + '/' + path
+    url = 'file:///' + drive + rootpath + '/' + path
   else:
-    return 'file://' + rootpath + '/' + path
+    url = 'file://' + rootpath + '/' + path
+  return _canonicalize_path(url)
 
 
 # Given a dictionary REVPROPS of revision properties, pull special
@@ -579,6 +587,13 @@ class LocalSubversionRepository(vclib.Repository):
     props = self.itemprops(path_parts, rev) # does authz-check
     return props.has_key(core.SVN_PROP_EXECUTABLE)
 
+  def filesize(self, path_parts, rev):
+    path = self._getpath(path_parts)
+    if self.itemtype(path_parts, rev) != vclib.FILE:  # does auth-check
+      raise vclib.Error("Path '%s' is not a file." % path)
+    fsroot = self._getroot(self._getrev(rev))
+    return fs.file_length(fsroot, path)   
+
   ##--- helpers ---##
 
   def _revinfo(self, rev, include_changed_paths=0):
@@ -643,6 +658,7 @@ class LocalSubversionRepository(vclib.Repository):
               is_copy = 0
               change.base_path = None
               change.base_rev = None
+              found_unreadable = 1
           changedpaths[path] = SVNChangedPath(path, rev, pathtype,
                                               change.base_path,
                                               change.base_rev, action,
@@ -654,11 +670,19 @@ class LocalSubversionRepository(vclib.Repository):
       return found_readable, found_unreadable, changedpaths.values()
 
     def _get_change_copyinfo(fsroot, path, change):
+      # If we know the copyfrom info, return it...
       if hasattr(change, 'copyfrom_known') and change.copyfrom_known:
         copyfrom_path = change.copyfrom_path
         copyfrom_rev = change.copyfrom_rev
-      else:
+      # ...otherwise, if this change could be a copy (that is, it
+      # contains an add action), query the copyfrom info ...
+      elif (change.change_kind == fs.path_change_add or
+            change.change_kind == fs.path_change_replace):
         copyfrom_rev, copyfrom_path = fs.copied_from(fsroot, path)
+      # ...else, there's no copyfrom info.
+      else:
+        copyfrom_rev = core.SVN_INVALID_REVNUM
+        copyfrom_path = None
       return copyfrom_path, copyfrom_rev
       
     def _simple_auth_check(fsroot):
@@ -925,3 +949,32 @@ class LocalSubversionRepository(vclib.Repository):
         return peg_revision, path
     finally:
       pass
+
+  def get_symlink_target(self, path_parts, rev):
+    """Return the target of the symbolic link versioned at PATH_PARTS
+    in REV, or None if that object is not a symlink."""
+
+    path = self._getpath(path_parts)
+    rev = self._getrev(rev)
+    path_type = self.itemtype(path_parts, rev)  # does auth-check
+    fsroot = self._getroot(rev)
+
+    # Symlinks must be files with the svn:special property set on them
+    # and with file contents which read "link SOME_PATH".
+    if path_type != vclib.FILE:
+      return None
+    props = fs.node_proplist(fsroot, path)
+    if not props.has_key(core.SVN_PROP_SPECIAL):
+      return None
+    pathspec = ''
+    ### FIXME: We're being a touch sloppy here, only checking the first line
+    ### of the file.
+    stream = fs.file_contents(fsroot, path)
+    try:
+      pathspec, eof = core.svn_stream_readline(stream, '\n')
+    finally:
+      core.svn_stream_close(stream)
+    if pathspec[:5] != 'link ':
+      return None
+    return pathspec[5:]
+

lib/viewvc.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC
@@ -14,7 +14,7 @@
 #
 # -----------------------------------------------------------------------
 
-__version__ = '1.1.13'
+__version__ = '1.1.19'
 
 # this comes from our library; measure the startup time
 import debug
@@ -24,6 +24,7 @@ debug.t_start('imports')
 # standard modules that we know are in the path or builtin
 import sys
 import os
+import fnmatch
 import gzip
 import mimetypes
 import re
@@ -229,9 +230,12 @@ class Request:
         cfg.overlay_root_options(self.rootname)
         
         # Setup an Authorizer for this rootname and username
+        debug.t_start('setup-authorizer')
         self.auth = setup_authorizer(cfg, self.username)
+        debug.t_end('setup-authorizer')
 
         # Create the repository object
+        debug.t_start('select-repos')
         try:
           if roottype == 'cvs':
             self.rootpath = vclib.ccvs.canonicalize_rootpath(rootpath)
@@ -254,6 +258,7 @@ class Request:
             raise vclib.ReposNotFound()
         except vclib.ReposNotFound:
           pass
+        debug.t_end('select-repos')
       if self.repos is None:
         raise debug.ViewVCException(
           'The root "%s" is unknown. If you believe the value is '
@@ -261,7 +266,9 @@ class Request:
           % self.rootname, "404 Not Found")
 
     if self.repos:
+      debug.t_start('select-repos')
       self.repos.open()
+      debug.t_end('select-repos')
       type = self.repos.roottype()
       if type == vclib.SVN:
         self.roottype = 'svn'
@@ -391,7 +398,9 @@ class Request:
     if needs_redirect:
       self.server.redirect(self.get_url())
     else:
+      debug.t_start('view-func')
       self.view_func(self)
+      debug.t_end('view-func')
 
   def get_url(self, escape=0, partial=0, prefix=0, **args):
     """Constructs a link to another ViewVC page just like the get_link
@@ -893,7 +902,7 @@ def get_view_template(cfg, view_name, language="en"):
   return template
 
 def get_writeready_server_file(request, content_type=None, encoding=None,
-                               content_length=None):
+                               content_length=None, allow_compress=True):
   """Return a file handle to a response body stream, after outputting
   any queued special headers (on REQUEST.server) and (optionally) a
   'Content-Type' header whose value is CONTENT_TYPE and character set
@@ -902,10 +911,14 @@ def get_writeready_server_file(request, content_type=None, encoding=None,
   If CONTENT_LENGTH is provided and compression is not in use, also
   generate a 'Content-Length' header for this response.
 
+  Callers my use ALLOW_COMPRESS to disable compression where it would
+  otherwise be allowed.  (Such as when transmitting an
+  already-compressed response.)
+
   After this function is called, it is too late to add new headers to
   the response."""
 
-  if request.gzip_compress_level:
+  if allow_compress and request.gzip_compress_level:
     request.server.addheader('Content-Encoding', 'gzip')
   elif content_length is not None:
     request.server.addheader('Content-Length', content_length)
@@ -917,7 +930,7 @@ def get_writeready_server_file(request, content_type=None, encoding=None,
   else:
     request.server.header()
 
-  if request.gzip_compress_level:
+  if allow_compress and request.gzip_compress_level:
     fp = gzip.GzipFile('', 'wb', request.gzip_compress_level,
                        request.server.file())
   else:
@@ -1017,6 +1030,15 @@ def default_view(mime_type, cfg):
     return view_markup
   return view_checkout
 
+def is_binary_file_mime_type(mime_type, cfg):
+  """Return True iff MIME_TYPE is set and matches one of the binary
+  file mime type patterns in CFG."""
+  if mime_type:
+    for pattern in cfg.options.binary_mime_types:
+      if fnmatch.fnmatch(mime_type, pattern):
+        return True
+  return False
+  
 def get_file_view_info(request, where, rev=None, mime_type=None, pathrev=-1):
   """Return an object holding common hrefs and a viewability flag used
   for various views of FILENAME at revision REV whose MIME type is
@@ -1077,7 +1099,12 @@ def get_file_view_info(request, where, rev=None, mime_type=None, pathrev=-1):
                                     params={'revision': rev},
                                     escape=1)
 
-  prefer_markup = default_view(mime_type, request.cfg) == view_markup
+  is_binary_file = is_binary_file_mime_type(mime_type, request.cfg)
+  if is_binary_file:
+    download_text_href = annotate_href = view_href = None
+    prefer_markup = False
+  else:
+    prefer_markup = default_view(mime_type, request.cfg) == view_markup
 
   return _item(view_href=view_href,
                download_href=download_href,
@@ -1099,6 +1126,29 @@ _re_rewrite_email = re.compile('([-a-zA-Z0-9_.\+]+)@'
 # Matches revision references
 _re_rewrite_svnrevref = re.compile(r'\b(r|rev #?|revision #?)([0-9]+)\b')
 
+class ViewVCHtmlFormatterTokens:
+  def __init__(self, tokens):
+    self.tokens = tokens
+
+  def get_result(self, maxlen=0):
+    """Format the tokens per the registered set of formatters, and
+    limited to MAXLEN visible characters (or unlimited if MAXLEN is
+    0).  Return a 3-tuple containing the formatted result string, the
+    number of visible characters in the result string, and a boolean
+    flag indicating whether or not S was truncated."""
+    out = ''
+    out_len = 0
+    for token in self.tokens:
+      chunk, chunk_len = token.converter(token.match, token.userdata, maxlen)
+      out = out + chunk
+      out_len = out_len + chunk_len
+      if maxlen:
+        maxlen = maxlen - chunk_len
+        if maxlen <= 0:
+          return out, out_len, 1
+    return out, out_len, 0
+
+    
 class ViewVCHtmlFormatter:
   """Format a string as HTML-encoded output with customizable markup
   rules, for example turning strings that look like URLs into anchor links.
@@ -1184,6 +1234,30 @@ class ViewVCHtmlFormatter:
                                     sapi.escape(trunc_s)), \
            len(trunc_s)
 
+  def format_custom_url(self, mobj, userdata, maxlen=0):
+    """Return a 2-tuple containing:
+         - the text represented by MatchObject MOBJ, formatted as an
+           linkified URL created by substituting match groups 0-9 into
+           USERDATA (which is a format string that uses \N to
+           represent the substitution locations) and with no more than
+           MAXLEN characters in the non-HTML-tag portions.  If MAXLEN
+           is 0, there is no maximum.
+         - the number of characters returned.
+    """
+    format = userdata
+    text = mobj.group(0)
+    url = format
+    for i in range(9):
+      try:
+        repl = mobj.group(i)
+      except:
+        repl = ''
+      url = url.replace('\%d' % (i), repl)
+    trunc_s = maxlen and text[:maxlen] or text
+    return '<a href="%s">%s</a>' % (sapi.escape(url),
+                                    sapi.escape(trunc_s)), \
+           len(trunc_s)
+
   def format_text(self, s, unused, maxlen=0):
     """Return a 2-tuple containing:
          - the text S, HTML-escaped, containing no more than MAXLEN
@@ -1216,20 +1290,14 @@ class ViewVCHtmlFormatter:
     """
     out = ''
     out_len = 0
-    for token in self._tokenize_text(s):
-      chunk, chunk_len = token.converter(token.match, token.userdata, maxlen)
-      out = out + chunk
-      out_len = out_len + chunk_len
-      if maxlen:
-        maxlen = maxlen - chunk_len
-        if maxlen <= 0:
-          return out, out_len, 1
-    return out, out_len, 0
+    tokens = self.tokenize_text(s)
+    return tokens.get_result()
 
-  def _entity_encode(self, s):
-    return string.join(map(lambda x: '&#%d;' % (ord(x)), s), '')
-
-  def _tokenize_text(self, s):
+  def tokenize_text(self, s):
+    """Return a ViewVCHtmlFormatterTokens object containing the tokens
+    created when parsing the string S.  Callers can use that object's
+    get_result() function to retrieve HTML-formatted text.
+    """
     tokens = []
     # We could just have a "while s:" here instead of "for line: while
     # line:", but for really large log messages with heavy
@@ -1276,36 +1344,80 @@ class ViewVCHtmlFormatter:
                               converter=self.format_text,
                               userdata=None))
           line = ''
-    return tokens
+    return ViewVCHtmlFormatterTokens(tokens)
+
+  def _entity_encode(self, s):
+    return string.join(map(lambda x: '&#%d;' % (ord(x)), s), '')
 
 
-def format_log(request, log, maxlen=0, htmlize=1):
-  if not log:
-    return log
+class LogFormatter:
+  def __init__(self, request, log):
+    self.request = request
+    self.log = log or ''
+    self.tokens = None
+    self.cache = {}  # (maxlen, htmlize) => resulting_log
 
-  cfg = request.cfg
-  if htmlize:
-    lf = ViewVCHtmlFormatter()
-    lf.add_formatter(_re_rewrite_url, lf.format_url)
-    if request.roottype == 'svn':
-      def revision_to_url(rev):
-        return request.get_url(view_func=view_revision,
-                               params={'revision': rev},
-                               escape=1)
-      lf.add_formatter(_re_rewrite_svnrevref, lf.format_svnrevref,
-                       revision_to_url)
-    if cfg.options.mangle_email_addresses == 2:
-      lf.add_formatter(_re_rewrite_email, lf.format_email_truncated)
-    elif cfg.options.mangle_email_addresses == 1:
-      lf.add_formatter(_re_rewrite_email, lf.format_email_obfuscated)
+  def get(self, maxlen=0, htmlize=1):
+    cfg = self.request.cfg
+    
+    # Prefer the cache.
+    if self.cache.has_key((maxlen, htmlize)):
+      return self.cache[(maxlen, htmlize)]
+    
+    # If we are HTML-izing...
+    if htmlize:
+      # ...and we don't yet have ViewVCHtmlFormatter() object tokens...
+      if not self.tokens:
+        # ... then get them.
+        lf = ViewVCHtmlFormatter()
+
+        # Rewrite URLs.
+        lf.add_formatter(_re_rewrite_url, lf.format_url)
+
+        # Rewrite Subversion revision references.
+        if self.request.roottype == 'svn':
+          def revision_to_url(rev):
+            return self.request.get_url(view_func=view_revision,
+                                        params={'revision': rev},
+                                        escape=1)
+          lf.add_formatter(_re_rewrite_svnrevref, lf.format_svnrevref,
+                           revision_to_url)
+
+        # Rewrite email addresses.
+        if cfg.options.mangle_email_addresses == 2:
+          lf.add_formatter(_re_rewrite_email, lf.format_email_truncated)
+        elif cfg.options.mangle_email_addresses == 1:
+          lf.add_formatter(_re_rewrite_email, lf.format_email_obfuscated)
+        else:
+          lf.add_formatter(_re_rewrite_email, lf.format_email)
+
+        # Add custom rewrite handling per configuration.
+        for rule in cfg.options.custom_log_formatting:
+          rule = rule.replace('\\:', '\x01')          
+          regexp, format = map(lambda x: x.strip(), rule.split(':', 1))
+          regexp = regexp.replace('\x01', ':')
+          format = format.replace('\x01', ':')
+          lf.add_formatter(re.compile(regexp), lf.format_custom_url, format)
+
+        # Tokenize the log message.
+        self.tokens = lf.tokenize_text(self.log)
+
+      # Use our formatter to ... you know ... format.
+      log, log_len, truncated = self.tokens.get_result(maxlen)
+      result_log = log + (truncated and '&hellip;' or '')
+
+    # But if we're not HTML-izing...
     else:
-      lf.add_formatter(_re_rewrite_email, lf.format_email)
-    log, log_len, truncated = lf.get_result(log, maxlen)
-    return log + (truncated and '&hellip;' or '')
-  else:
-    if cfg.options.mangle_email_addresses == 2:
-      log = re.sub(_re_rewrite_email, r'\1@...', log)
-    return maxlen and log[:maxlen] or log
+      # ...then do much more simplistic transformations as necessary.
+      log = self.log
+      if cfg.options.mangle_email_addresses == 2:
+        log = re.sub(_re_rewrite_email, r'\1@...', log)
+      result_log = maxlen and log[:maxlen] or log
+
+    # In either case, populate the cache and return the results.
+    self.cache[(maxlen, htmlize)] = result_log
+    return result_log
+
 
 _time_desc = {
          1 : 'second',
@@ -1548,6 +1660,37 @@ def markup_escaped_urls(s):
   return re.sub(_re_rewrite_escaped_url, _url_repl, s)
 
 
+def detect_encoding(text_block):
+  # Does the TEXT_BLOCK start with a BOM?
+  for bom, encoding in [('\xef\xbb\xbf', 'utf-8'),
+                        ('\xff\xfe', 'utf-16'),
+                        ('\xfe\xff', 'utf-16be'),
+                        ('\xff\xfe\0\0', 'utf-32'),
+                        ('\0\0\xfe\xff', 'utf-32be'),
+                        ]:
+    if text_block[:len(bom)] == bom:
+      return encoding
+
+  # If no recognized BOM, see if chardet can help us.
+  try:
+    import chardet
+    return chardet.detect(text_block).get('encoding')
+  except:
+    pass
+
+  # By default ... we have no idea.
+  return None
+  
+def transcode_text(text, encoding=None):
+  """If ENCODING is provided and not 'utf-8', transcode TEXT from
+  ENCODING to UTF-8."""
+
+  if not encoding or encoding == 'utf-8':
+    return text
+  return unicode(text, encoding,
+                 errors='replace').encode('utf-8',
+                                          errors='replace')
+
 def markup_stream(request, cfg, blame_data, file_lines, filename,
                   mime_type, encoding, colorize):
   """Return the contents of a versioned file as a list of
@@ -1617,11 +1760,31 @@ def markup_stream(request, cfg, blame_data, file_lines, filename,
   # If we aren't highlighting, just return an amalgamation of the
   # BLAME_DATA (if any) and the FILE_LINES.
   if not pygments_lexer:
+
+    # If allowed by configuration, try to detect the source encoding
+    # for this file.  We'll assemble a block of data from the file
+    # contents to do so... 1024 bytes should be enough.
+    if not encoding and cfg.options.detect_encoding:
+      block_size = 0
+      text_block = ''
+      for i in range(len(file_lines)):
+        text_block = text_block + file_lines[i]
+        if len(text_block) >= 1024:
+          break
+      encoding = detect_encoding(text_block)
+
+    # Built output data comprised of marked-up and possibly-transcoded
+    # source text lines wrapped in (possibly dummy) vclib.Annotation
+    # objects.
     lines = []
+    file_lines = transcode_text(string.join(file_lines, ''), encoding)
+    file_lines = string.rstrip(file_lines, '\n')
+    file_lines = string.split(file_lines, '\n')
     for i in range(len(file_lines)):
       line = file_lines[i]
-      line = sapi.escape(string.expandtabs(line, cfg.options.tabsize))
-      line = markup_escaped_urls(line)
+      if cfg.options.tabsize > 0:
+        line = string.expandtabs(lin, cfg.options.tabsize)
+      line = markup_escaped_urls(sapi.escape(line))
       if blame_data:
         blame_item = blame_data[i]
         blame_item.text = line
@@ -1643,7 +1806,7 @@ def markup_stream(request, cfg, blame_data, file_lines, filename,
       self.line_no = 0
     def write(self, buf):
       ### FIXME:  Don't bank on write() being called once per line
-      buf = markup_escaped_urls(buf)
+      buf = markup_escaped_urls(string.rstrip(buf, '\n\r'))
       if self.has_blame_data:
         self.blame_data[self.line_no].text = buf
       else:
@@ -1669,10 +1832,23 @@ def make_time_string(date, cfg):
   if date is None:
     return None
   if cfg.options.use_localtime:
-    localtime = time.localtime(date)
-    return time.asctime(localtime) + ' ' + time.tzname[localtime[8]]
+    tm = time.localtime(date)
   else:
-    return time.asctime(time.gmtime(date)) + ' UTC'
+    tm = time.gmtime(date)
+  if cfg.options.iso8601_timestamps:
+    if cfg.options.use_localtime:
+      if tm[8] and time.daylight:
+        tz = time.altzone
+      else:
+        tz = time.timezone
+      tz = float(tz) / 3600.0
+      tz = string.replace(str.format('{0:+06.2f}', tz), '.', ':')
+    else:
+      tz = 'Z'
+    return time.strftime('%Y-%m-%dT%H:%M:%S', tm) + tz
+  else:
+    return time.asctime(tm) + ' ' + \
+           (cfg.options.use_localtime and time.tzname[tm[8]] or 'UTC')
 
 def make_rss_time_string(date, cfg):
   """Returns formatted date string in UTC, formatted for RSS.
@@ -1693,7 +1869,8 @@ def get_itemprops(request, path_parts, rev):
   propnames.sort()
   props = []
   for name in propnames:
-    value = format_log(request, itemprops[name])
+    lf = LogFormatter(request, itemprops[name])
+    value = lf.get(maxlen=0, htmlize=1)
     undisplayable = ezt.boolean(0)
     # skip non-utf8 property names
     try:
@@ -1737,6 +1914,15 @@ def calculate_mime_type(request, path_parts, rev):
       pass
   return guess_mime(path_parts[-1]), None
 
+def assert_viewable_filesize(cfg, filesize):
+  if cfg.options.max_filesize_kbytes \
+     and filesize != -1 \
+     and filesize > (1024 * cfg.options.max_filesize_kbytes):
+    raise debug.ViewVCException('Display of files larger than %d KB '
+                                'disallowed by configuration'
+                                % (cfg.options.max_filesize_kbytes),
+                                '403 Forbidden')
+  
 def markup_or_annotate(request, is_annotate):
   cfg = request.cfg
   path, rev = _orig_path(request, is_annotate and 'annotate' or 'revision')
@@ -1745,6 +1931,11 @@ def markup_or_annotate(request, is_annotate):
   revision = None
   mime_type, encoding = calculate_mime_type(request, path, rev)
 
+  # Is this display blocked by 'binary_mime_types' configuration?
+  if is_binary_file_mime_type(mime_type, cfg):
+    raise debug.ViewVCException('Display of binary file content disabled '
+                                'by configuration', '403 Forbidden')
+    
   # Is this a viewable image type?
   if is_viewable_image(mime_type) \
      and 'co' in cfg.options.allowed_views:
@@ -1759,11 +1950,16 @@ def markup_or_annotate(request, is_annotate):
 
   # Not a viewable image.
   else:
-    blame_data = None
+    filesize = request.repos.filesize(path, rev)
+
+    # If configuration disallows display of large files, try to honor
+    # that request.
+    assert_viewable_filesize(cfg, filesize)
 
     # If this was an annotation request, try to annotate this file.
     # If something goes wrong, that's okay -- we'll gracefully revert
     # to a plain markup display.
+    blame_data = None
     if is_annotate:
       try:
         blame_source, revision = request.repos.annotate(path, rev, False)
@@ -1791,7 +1987,22 @@ def markup_or_annotate(request, is_annotate):
     if check_freshness(request, None, revision, weak=1):
       fp.close()
       return
-    file_lines = fp.readlines()
+
+    # If we're limiting by filesize but couldn't pull off the cheap
+    # check above, we'll try to do so line by line here (while
+    # building our file_lines array).
+    if cfg.options.max_filesize_kbytes and filesize == -1:
+      file_lines = []
+      filesize = 0
+      while 1:
+        line = fp.readline()
+        if not line:
+          break
+        filesize = filesize + len(line)
+        assert_viewable_filesize(cfg, filesize)
+        file_lines.append(line)
+    else:
+      file_lines = fp.readlines()
     fp.close()
 
     # Do we have a differing number of file content lines and
@@ -1840,14 +2051,19 @@ def markup_or_annotate(request, is_annotate):
     }))
 
   if cfg.options.show_log_in_markup:
-    options = {'svn_latest_log': 1}  ### FIXME: No longer needed?
+    options = {
+      'svn_latest_log': 1, ### FIXME: Use of this magical value is uncool.
+      'svn_cross_copies': 1,
+      }
     revs = request.repos.itemlog(path, revision, vclib.SORTBY_REV,
                                  0, 1, options)
     entry = revs[-1]
+    lf = LogFormatter(request, entry.log)
+
     data['date'] = make_time_string(entry.date, cfg)
     data['author'] = entry.author
     data['changed'] = entry.changed
-    data['log'] = format_log(request, entry.log)
+    data['log'] = lf.get(maxlen=0, htmlize=1)
     data['size'] = entry.size
 
     if entry.date is not None:
@@ -2083,9 +2299,11 @@ def view_directory(request):
       row.date = make_time_string(file.date, cfg)
       row.ago = html_time(request, file.date)
     if cfg.options.show_logs:
-      row.log = format_log(request, file.log)
-      row.short_log = format_log(request, file.log,
-                                 maxlen=cfg.options.short_log_len)
+      debug.t_start("dirview_logformat")
+      lf = LogFormatter(request, file.log)
+      row.log = lf.get(maxlen=0, htmlize=1)
+      row.short_log = lf.get(maxlen=cfg.options.short_log_len, htmlize=1)
+      debug.t_end("dirview_logformat")
     row.lockinfo = file.lockinfo
     row.anchor = request.server.escape(file.name)
     row.name = request.server.escape(file.name)
@@ -2438,6 +2656,7 @@ def view_log(request):
       sortby = vclib.SORTBY_DEFAULT
 
   first = last = 0
+  log_pagestart = None
   if cfg.options.log_pagesize:
     log_pagestart = int(request.query_dict.get('log_pagestart', 0))
     total = cfg.options.log_pagesextra * cfg.options.log_pagesize
@@ -2462,7 +2681,6 @@ def view_log(request):
     entry.ago = None
     if rev.date is not None:
       entry.ago = html_time(request, rev.date, 1)
-    entry.log = format_log(request, rev.log or '')
     entry.size = rev.size
     entry.lockinfo = rev.lockinfo
     entry.branch_point = None
@@ -2470,6 +2688,9 @@ def view_log(request):
     entry.orig_path = None
     entry.copy_path = None
 
+    lf = LogFormatter(request, rev.log or '')
+    entry.log = lf.get(maxlen=0, htmlize=1)
+
     entry.view_href = None
     entry.download_href = None
     entry.download_text_href = None
@@ -2559,7 +2780,8 @@ def view_log(request):
     if selected_rev != entry.rev:
       entry.sel_for_diff_href = \
         request.get_url(view_func=view_log,
-                        params={'r1': entry.rev},
+                        params={'r1': entry.rev,
+                                'log_pagestart': log_pagestart},
                         escape=1)
     if entry.prev is not None:
       entry.diff_to_prev_href = \
@@ -2700,7 +2922,9 @@ def view_log(request):
 
   if cfg.options.log_pagesize:
     data['log_paging_action'], data['log_paging_hidden_values'] = \
-      request.get_form(params={'log_pagestart': None})
+      request.get_form(params={'log_pagestart': None,
+                               'r1': selected_rev,
+                               })
     data['log_pagestart'] = int(request.query_dict.get('log_pagestart',0))
     data['entries'] = paging_sws(data, 'entries', data['log_pagestart'],
                                  'rev', cfg.options.log_pagesize,
@@ -2908,7 +3132,9 @@ class DiffSource:
         return item
 
   def _format_text(self, text):
-    text = string.expandtabs(string.rstrip(text), self.cfg.options.tabsize)
+    text = string.rstrip(text, '\r\n')
+    if self.cfg.options.tabsize > 0:
+      text = string.expandtabs(text, self.cfg.options.tabsize)
     hr_breakable = self.cfg.options.hr_breakable
     
     # in the code below, "\x01" will be our stand-in for "&". We don't want
@@ -2966,7 +3192,7 @@ class DiffSource:
       return _item(type='header',
                    line_info_left=match.group(1),
                    line_info_right=match.group(2),
-                   line_info_extra=match.group(3))
+                   line_info_extra=self._format_text(match.group(3)))
     
     if line[0] == '\\':
       # \ No newline at end of file
@@ -3181,6 +3407,13 @@ def view_patch(request):
   query_dict = request.query_dict
   p1, p2, rev1, rev2, sym1, sym2 = setup_diff(request)
 
+  mime_type1, encoding1 = calculate_mime_type(request, p1, rev1)
+  mime_type2, encoding2 = calculate_mime_type(request, p2, rev2)
+  if is_binary_file_mime_type(mime_type1, cfg) or \
+     is_binary_file_mime_type(mime_type2, cfg):
+    raise debug.ViewVCException('Display of binary file content disabled '
+                                'by configuration', '403 Forbidden')
+
   # In the absence of a format dictation in the CGI params, we'll let
   # use the configured diff format, allowing 'c' to mean 'c' and
   # anything else to mean 'u'.
@@ -3221,6 +3454,13 @@ def view_diff(request):
   query_dict = request.query_dict
   p1, p2, rev1, rev2, sym1, sym2 = setup_diff(request)
   
+  mime_type1, encoding1 = calculate_mime_type(request, p1, rev1)
+  mime_type2, encoding2 = calculate_mime_type(request, p2, rev2)
+  if is_binary_file_mime_type(mime_type1, cfg) or \
+     is_binary_file_mime_type(mime_type2, cfg):
+    raise debug.ViewVCException('Display of binary file content disabled '
+                                'by configuration', '403 Forbidden')
+
   # since templates are in use and subversion allows changes to the dates,
   # we can't provide a strong etag
   if check_freshness(request, None, '%s-%s' % (rev1, rev2), weak=1):
@@ -3318,7 +3558,8 @@ def view_diff(request):
   fvi = get_file_view_info(request, path_left, rev1)
   left = _item(date=make_time_string(log_entry1.date, cfg),
                author=log_entry1.author,
-               log=format_log(request, log_entry1.log),
+               log=LogFormatter(request,
+                                log_entry1.log).get(maxlen=0, htmlize=1),
                size=log_entry1.size,
                ago=ago1,
                path=path_left,
@@ -3334,7 +3575,8 @@ def view_diff(request):
   fvi = get_file_view_info(request, path_right, rev2)
   right = _item(date=make_time_string(log_entry2.date, cfg),
                 author=log_entry2.author,
-                log=format_log(request, log_entry2.log),
+                log=LogFormatter(request,
+                                 log_entry2.log).get(maxlen=0, htmlize=1),
                 size=log_entry2.size,
                 ago=ago2,
                 path=path_right,
@@ -3367,7 +3609,7 @@ def view_diff(request):
 
 
 def generate_tarball_header(out, name, size=0, mode=None, mtime=0,
-                            uid=0, gid=0, typefrag=None, linkname='',
+                            uid=0, gid=0, typeflag=None, linkname='',
                             uname='viewvc', gname='viewvc',
                             devmajor=1, devminor=0, prefix=None,
                             magic='ustar', version='00', chksum=None):
@@ -3377,40 +3619,49 @@ def generate_tarball_header(out, name, size=0, mode=None, mtime=0,
     else:
       mode = 0644
 
-  if not typefrag:
-    if name[-1:] == '/':
-      typefrag = '5' # directory
+  if not typeflag:
+    if linkname:
+      typeflag = '2' # symbolic link
+    elif name[-1:] == '/':
+      typeflag = '5' # directory
     else:
-      typefrag = '0' # regular file
+      typeflag = '0' # regular file
 
   if not prefix:
     prefix = ''
 
-  # generate a GNU tar extension header for long names.
+  # generate a GNU tar extension header for a long name.
   if len(name) >= 100:
     generate_tarball_header(out, '././@LongLink', len(name),
-                            0644, 0, 0, 0, 'L')
+                            0, 0, 0, 0, 'L')
     out.write(name)
     out.write('\0' * (511 - ((len(name) + 511) % 512)))
 
+  # generate a GNU tar extension header for a long symlink name.
+  if len(linkname) >= 100:
+    generate_tarball_header(out, '././@LongLink', len(linkname),
+                            0, 0, 0, 0, 'K')
+    out.write(linkname)
+    out.write('\0' * (511 - ((len(linkname) + 511) % 512)))
+
   block1 = struct.pack('100s 8s 8s 8s 12s 12s',
-    name,
-    '%07o' % mode,
-    '%07o' % uid,
-    '%07o' % gid,
-    '%011o' % size,
-    '%011o' % mtime)
+                       name,
+                       '%07o' % mode,
+                       '%07o' % uid,
+                       '%07o' % gid,
+                       '%011o' % size,
+                       '%011o' % mtime)
 
   block2 = struct.pack('c 100s 6s 2s 32s 32s 8s 8s 155s',
-    typefrag,
-    linkname,
-    magic,
-    version,
-    uname,
-    gname,
-    '%07o' % devmajor,
-    '%07o' % devminor,
-    prefix)
+                       typeflag,
+                       linkname,
+                       magic,
+                       version,
+                       uname,
+                       gname,
+                       '%07o' % devmajor,
+                       '%07o' % devminor,
+                       prefix)
 
   if not chksum:
     dummy_chksum = '        '
@@ -3488,17 +3739,50 @@ def generate_tarball(out, request, reldir, stack, dir_mtime=None):
     else:
       mode = 0644
 
-    ### FIXME: Read the whole file into memory?  Bad... better to do
-    ### 2 passes.
-    fp = request.repos.openfile(rep_path + [file.name], request.pathrev, {})[0]
-    contents = fp.read()
-    fp.close()
+    # Is this thing a symlink?
+    #
+    ### FIXME: A better solution would be to have vclib returning
+    ### symlinks with a new vclib.SYMLINK path type.
+    symlink_target = None
+    if hasattr(request.repos, 'get_symlink_target'):
+      symlink_target = request.repos.get_symlink_target(rep_path + [file.name],
+                                                        request.pathrev)
 
-    generate_tarball_header(out, tar_dir + file.name,
-                            len(contents), mode,
-                            file.date is not None and file.date or 0)
-    out.write(contents)
-    out.write('\0' * (511 - ((len(contents) + 511) % 512)))
+    # If the object is a symlink, generate the appropriate header.
+    # Otherwise, we're dealing with a regular file.
+    if symlink_target:
+      generate_tarball_header(out, tar_dir + file.name, 0, mode,
+                              file.date is not None and file.date or 0,
+                              typeflag='2', linkname=symlink_target)
+    else:
+      filesize = request.repos.filesize(rep_path + [file.name], request.pathrev)
+
+      if filesize == -1:
+        # Bummer.  We have to calculate the filesize manually.
+        fp = request.repos.openfile(rep_path + [file.name], request.pathrev, {})[0]
+        filesize = 0
+        while 1:
+          chunk = retry_read(fp)
+          if not chunk:
+            break
+          filesize = filesize + len(chunk)
+        fp.close()
+
+      # Write the tarball header...
+      generate_tarball_header(out, tar_dir + file.name, filesize, mode,
+                              file.date is not None and file.date or 0)
+      
+      # ...the file's contents ...
+      fp = request.repos.openfile(rep_path + [file.name], request.pathrev, {})[0]
+      while 1:
+        chunk = retry_read(fp)
+        if not chunk:
+          break
+        out.write(chunk)
+      fp.close()
+
+      # ... and then add the block padding.
+      out.write('\0' * (511 - (filesize + 511) % 512))
 
   # Recurse into subdirectories, skipping busted and unauthorized (or
   # configured-to-be-hidden) ones.
@@ -3522,6 +3806,10 @@ def download_tarball(request):
     raise debug.ViewVCException('Tarball generation is disabled',
                                  '403 Forbidden')
 
+  # If debugging, we just need to open up the specified tar path for
+  # writing.  Otherwise, we get a writeable server output stream --
+  # disabling any default compression thereupon -- and wrap that in
+  # our own gzip stream wrapper.
   if debug.TARFILE_PATH:
     fp = open(debug.TARFILE_PATH, 'w')
   else:    
@@ -3530,11 +3818,9 @@ def download_tarball(request):
       tarfile = "%s-%s" % (tarfile, request.path_parts[-1])
     request.server.addheader('Content-Disposition',
                              'attachment; filename="%s.tar.gz"' % (tarfile))
-    server_fp = get_writeready_server_file(request, 'application/x-gzip')
+    server_fp = get_writeready_server_file(request, 'application/x-gzip',
+                                           allow_compress=False)
     request.server.flush()
-    
-    # Try to use the Python gzip module, if available; otherwise,
-    # we'll use the configured 'gzip' binary.
     fp = gzip.GzipFile('', 'wb', 9, server_fp)
 
   ### FIXME: For Subversion repositories, we can get the real mtime of the
@@ -3582,7 +3868,8 @@ def view_revision(request):
   propnames.sort()
   props = []
   for name in propnames:
-    value = format_log(request, revprops[name])
+    lf = LogFormatter(request, revprops[name])
+    value = lf.get(maxlen=0, htmlize=1)
     undisplayable = ezt.boolean(0)
     # skip non-utf8 property names
     try:
@@ -3705,13 +3992,14 @@ def view_revision(request):
                                     escape=1)
   jump_rev_action, jump_rev_hidden_values = \
     request.get_form(params={'revision': None})
-    
+
+  lf = LogFormatter(request, msg)
   data = common_template_data(request)
   data.merge(ezt.TemplateData({
     'rev' : str(rev),
     'author' : author,
     'date' : date_str,
-    'log' : format_log(request, msg),
+    'log' : lf.get(maxlen=0, htmlize=1),
     'properties' : props,
     'ago' : date is not None and html_time(request, date, 1) or None,
     'changes' : changes,
@@ -4069,9 +4357,10 @@ def build_commit(request, files, max_files, dir_strip, format):
     commit.log = None
     commit.short_log = None
   else:
-    commit.log = format_log(request, desc, 0, format != 'rss')
-    commit.short_log = format_log(request, desc, cfg.options.short_log_len,
-                                  format != 'rss')
+    lf = LogFormatter(request, desc)
+    htmlize = (format != 'rss')
+    commit.log = lf.get(maxlen=0, htmlize=htmlize)
+    commit.short_log = lf.get(maxlen=cfg.options.short_log_len, htmlize=htmlize)
   commit.author = request.server.escape(author)
   commit.rss_date = make_rss_time_string(date, request.cfg)
   if request.roottype == 'svn':
@@ -4365,8 +4654,9 @@ def list_roots(request):
           date, author, msg, revprops, changes = repos.revinfo(youngest_rev)
           date_str = make_time_string(date, cfg)
           ago = html_time(request, date)
-          log = format_log(request, msg)
-          short_log = format_log(request, msg, maxlen=cfg.options.short_log_len)
+          lf = LogFormatter(request, msg)
+          log = lf.get(maxlen=0, htmlize=1)
+          short_log = lf.get(maxlen=cfg.options.short_log_len, htmlize=1)
           lastmod = _item(ago=ago, author=author, date=date_str, log=log,
                           short_log=short_log, rev=str(youngest_rev))
         except:
@@ -4431,14 +4721,14 @@ def find_root_in_parents(cfg, rootname, roottype):
       continue
     pp = os.path.normpath(string.strip(pp[:pos]))
     
+    rootpath = None
     if roottype == 'cvs':
-      roots = vclib.ccvs.expand_root_parent(pp)
+      rootpath = vclib.ccvs.find_root_in_parent(pp, rootname)
     elif roottype == 'svn':
-      roots = vclib.svn.expand_root_parent(pp)
-    else:
-      roots = {}
-    if roots.has_key(rootname):
-      return roots[rootname]
+      rootpath = vclib.svn.find_root_in_parent(pp, rootname)
+
+    if rootpath is not None:
+      return rootpath
   return None
 
 def locate_root(cfg, rootname):

lib/win32popen.py

@@ -1,6 +1,6 @@
 # -*-python-*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

notes/releases.txt

@@ -92,13 +92,15 @@ numbers, and not literal):
     Also, drop a copy of the archive files into the root directory of
     the viewvc.org website (unversioned).
 
-15. On trunk, update the websites (both the viewvc.org/ and www/ ones)
-    to refer to the new release files, and copy the CHANGES for the
-    new release into trunk's CHANGES file.
+15. Update the Tigris.org website (^/trunk/www/index.html) to refer to
+    the new release files and commit.
 
-16. Edit the file 'lib/viewvc.py' again, incrementing the patch number
-    assigned to the __version__ variable.  Add a new empty block in
-    the branch's CHANGES file.  Commit your changes:
+       svn ci -m "Bump latest advertised release."
+
+16. Back on the release branch, edit the file 'lib/viewvc.py' again,
+    incrementing the patch number assigned to the __version__
+    variable.  Add a new empty block in the branch's CHANGES file.
+    Commit your changes:
 
        svn ci -m "Begin a new release cycle."
 
@@ -111,8 +113,13 @@ numbers, and not literal):
        http://viewvc.tigris.org/issues/editmilestones.cgi?component=viewvc&action=add
 
 18. Send to the announce@ list a message explaining all the cool new
-    features, and post similar announcements to other places interested
-    in this sort of stuff, such as Freshmeat (http://www.freshmeat.net).
+    features.
 
-19. Merge CHANGES for this release into the CHANGES file for newer
-    release lines.
+       http://viewvc.tigris.org/ds/viewForumSummary.do?dsForumId=4253
+
+19. Post a new release notification at Freecode.
+
+       https://freecode.com/projects/viewvc/releases/new
+
+20. Merge CHANGES for this release into the CHANGES file for newer
+    release lines and commit.

templates/file.ezt

@@ -9,7 +9,11 @@
 [# ------------------------------------------------------------------------- ]
 
 [# setup page definitions]
-  [define page_title]Contents of /[where][end]
+  [is annotation "annotated"]
+    [define page_title]Annotation of /[where][end]
+  [else]
+    [define page_title]Contents of /[where][end]
+  [end]
   [define help_href][docroot]/help_rootview.html[end]
 [# end]
 

tools/make-release

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

tparse/tparse.cpp

@@ -1,5 +1,5 @@
 /*
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

tparse/tparse.h

@@ -1,5 +1,5 @@
 /*
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

tparse/tparsemodule.cpp

@@ -1,5 +1,5 @@
 /*
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

tparse/tparsemodule.h

@@ -1,5 +1,5 @@
 /*
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC

viewvc-install

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*- Mode: python -*-
 #
-# Copyright (C) 1999-2012 The ViewCVS Group. All Rights Reserved.
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
 #
 # By using this file, you agree to the terms and conditions set forth in
 # the LICENSE.html file which can be found at the top level of the ViewVC